[SCM] Samba Shared Repository - branch master updated

Jeremy Allison jra at samba.org
Wed Jun 22 21:22:02 UTC 2016 

The branch, master has been updated
       via  a737efe s4-ntlm: Fix a NULL pointer dereference in error path
       via  f01f424 s4-dsdb: Fix a possible NULL pointer dereference
       via  5499cff s3-torture: Do some code hygiene in the ldb test
       via  7bac35e librpc: Check for negative return value of socket_get_fd()
       via  8e88ab7 util: Fix a possible null pointer dereference
      from  c0704d9 s3: libsmb: Correctly trim a trailing \ character in cli_smb2_create_fnum_send() when passing a pathname to SMB2 create.

https://git.samba.org/?p=samba.git;a=shortlog;h=master


- Log -----------------------------------------------------------------
commit a737efe2bd45fffe82d1815789c63172e01ed1d7
Author: Andreas Schneider <asn at samba.org>
Date:   Wed Jun 22 15:53:59 2016 +0200

    s4-ntlm: Fix a NULL pointer dereference in error path
    
    Found by clang compiler.
    
    Signed-off-by: Andreas Schneider <asn at samba.org>
    Reviewed-by: Jeremy Allison <jra at samba.org>
    
    Autobuild-User(master): Jeremy Allison <jra at samba.org>
    Autobuild-Date(master): Wed Jun 22 23:21:33 CEST 2016 on sn-devel-144

commit f01f4248536c6f4b2cfe6f28f775deb7cb2fe01a
Author: Andreas Schneider <asn at samba.org>
Date:   Wed Jun 22 15:48:10 2016 +0200

    s4-dsdb: Fix a possible NULL pointer dereference
    
    Detected by clang compiler.
    
    Signed-off-by: Andreas Schneider <asn at samba.org>
    Reviewed-by: Jeremy Allison <jra at samba.org>

commit 5499cff2014e64ab9b40f038631a9b8eb847ca03
Author: Andreas Schneider <asn at samba.org>
Date:   Wed Jun 22 15:15:05 2016 +0200

    s3-torture: Do some code hygiene in the ldb test
    
    Coverity is confused if in a expresion we use = and not ==.
    
    Signed-off-by: Andreas Schneider <asn at samba.org>
    Reviewed-by: Jeremy Allison <jra at samba.org>

commit 7bac35e7fd6d2e580648e0028e114626edf3dc2e
Author: Andreas Schneider <asn at samba.org>
Date:   Wed Jun 22 09:25:16 2016 +0200

    librpc: Check for negative return value of socket_get_fd()
    
    Found by Coverity.
    
    Signed-off-by: Andreas Schneider <asn at samba.org>
    Reviewed-by: Jeremy Allison <jra at samba.org>

commit 8e88ab727a68eb3979ad1bde65001130c7166d1f
Author: Andreas Schneider <asn at samba.org>
Date:   Wed Jun 22 09:17:07 2016 +0200

    util: Fix a possible null pointer dereference
    
    Found by cppcheck.
    
    Signed-off-by: Andreas Schneider <asn at samba.org>
    Reviewed-by: Jeremy Allison <jra at samba.org>

-----------------------------------------------------------------------

Summary of changes:
 lib/util/talloc_report.c          |  3 +++
 source4/auth/ntlm/auth_winbind.c  |  6 ++++--
 source4/dsdb/common/util_trusts.c |  4 +++-
 source4/librpc/rpc/dcerpc_sock.c  |  5 +++++
 source4/torture/ldb/ldb.c         | 12 ++++++++----
 5 files changed, 23 insertions(+), 7 deletions(-)


Changeset truncated at 500 lines:

diff --git a/lib/util/talloc_report.c b/lib/util/talloc_report.c
index 9b98347..018d9ab 100644
--- a/lib/util/talloc_report.c
+++ b/lib/util/talloc_report.c
@@ -40,6 +40,9 @@ static char *talloc_vasprintf_append_largebuf(char *buf, ssize_t *pstr_len,
 	if (buf == NULL) {
 		return NULL;
 	}
+	if (fmt == NULL) {
+		return NULL;
+	}
 	buflen = talloc_get_size(buf);
 
 	if (buflen > str_len) {
diff --git a/source4/auth/ntlm/auth_winbind.c b/source4/auth/ntlm/auth_winbind.c
index aed893d..447c0de 100644
--- a/source4/auth/ntlm/auth_winbind.c
+++ b/source4/auth/ntlm/auth_winbind.c
@@ -216,9 +216,11 @@ static NTSTATUS winbind_check_password_wbclient(struct auth_method_context *ctx,
 		if (err) {
 			DEBUG(1, ("error was %s (0x%08x)\nerror message was '%s'\n",
 			      err->nt_string, err->nt_status, err->display_string));
+			nt_status = NT_STATUS(err->nt_status);
+			wbcFreeMemory(err);
+		} else {
+			nt_status = NT_STATUS_LOGON_FAILURE;
 		}
-		nt_status = NT_STATUS(err->nt_status);
-		wbcFreeMemory(err);
 		NT_STATUS_NOT_OK_RETURN(nt_status);
 	} else if (!WBC_ERROR_IS_OK(wbc_status)) {
 		DEBUG(1, ("wbcAuthenticateUserEx: failed with %u - %s\n",
diff --git a/source4/dsdb/common/util_trusts.c b/source4/dsdb/common/util_trusts.c
index 0e69ba2..a083d86 100644
--- a/source4/dsdb/common/util_trusts.c
+++ b/source4/dsdb/common/util_trusts.c
@@ -2671,7 +2671,9 @@ NTSTATUS dsdb_trust_get_incoming_passwords(struct ldb_message *msg,
 	if (_previous != NULL) {
 		*_previous = talloc(mem_ctx, struct samr_Password);
 		if (*_previous == NULL) {
-			TALLOC_FREE(*_current);
+			if (_current != NULL) {
+				TALLOC_FREE(*_current);
+			}
 			TALLOC_FREE(frame);
 			return NT_STATUS_NO_MEMORY;
 		}
diff --git a/source4/librpc/rpc/dcerpc_sock.c b/source4/librpc/rpc/dcerpc_sock.c
index f5a1c07..7175eb2 100644
--- a/source4/librpc/rpc/dcerpc_sock.c
+++ b/source4/librpc/rpc/dcerpc_sock.c
@@ -72,6 +72,11 @@ static void continue_socket_connect(struct composite_context *ctx)
 		return;
 	}
 	sock_fd = socket_get_fd(s->socket_ctx);
+	if (sock_fd == -1) {
+		TALLOC_FREE(s->socket_ctx);
+		composite_error(c, NT_STATUS_INVALID_HANDLE);
+		return;
+	}
 	socket_set_flags(s->socket_ctx, SOCKET_FLAG_NOCLOSE);
 	TALLOC_FREE(s->socket_ctx);
 
diff --git a/source4/torture/ldb/ldb.c b/source4/torture/ldb/ldb.c
index 6210419..7ea9726 100644
--- a/source4/torture/ldb/ldb.c
+++ b/source4/torture/ldb/ldb.c
@@ -1084,8 +1084,9 @@ static bool torture_ldb_unpack(struct torture_context *torture)
 	const char *ldif_text = dda1d01d_ldif;
 	struct ldb_ldif ldif;
 
+	ldb = samba_ldb_init(mem_ctx, torture->ev, NULL, NULL, NULL);
 	torture_assert(torture,
-		       ldb = samba_ldb_init(mem_ctx, torture->ev, NULL, NULL, NULL),
+		       ldb != NULL,
 		       "Failed to init ldb");
 
 	torture_assert_int_equal(torture, ldb_unpack_data(ldb, &data, msg), 0,
@@ -1111,12 +1112,14 @@ static bool torture_ldb_parse_ldif(struct torture_context *torture)
 	struct ldb_val data = data_blob_const(dda1d01d_bin, sizeof(dda1d01d_bin));
 	struct ldb_message *msg = ldb_msg_new(mem_ctx);
 
+	ldb = samba_ldb_init(mem_ctx, torture->ev, NULL,NULL,NULL);
 	torture_assert(torture,
-		       ldb=samba_ldb_init(mem_ctx, torture->ev, NULL,NULL,NULL),
+		       ldb != NULL,
 		       "Failed to init ldb");
 
+	ldif = ldb_ldif_read_string(ldb, &ldif_text);
 	torture_assert(torture,
-		       ldif = ldb_ldif_read_string(ldb, &ldif_text),
+		       ldif != NULL,
 		       "ldb_ldif_read_string failed");
 	torture_assert_int_equal(torture, ldif->changetype, LDB_CHANGETYPE_NONE,
 				 "changetype is incorrect");
@@ -1147,8 +1150,9 @@ static bool torture_ldb_unpack_only_attr_list(struct torture_context *torture)
 	const char *ldif_text;
 	struct ldb_ldif ldif;
 
+	ldb = samba_ldb_init(mem_ctx, torture->ev, NULL, NULL, NULL);
 	torture_assert(torture,
-		       ldb=samba_ldb_init(mem_ctx, torture->ev, NULL, NULL, NULL),
+		       ldb != NULL,
 		       "Failed to init samba");
 
 	torture_assert_int_equal(torture,


-- 
Samba Shared Repository

More information about the samba-cvs mailing list