[SCM] Samba Shared Repository - branch master updated

Andreas Schneider asn at samba.org
Fri Aug 25 18:06:02 UTC 2017


The branch, master has been updated
       via  11ae26e s3:vfs: Do not overrun array ad->ad_eid
       via  ec8ec35 s4:torture: Do not overrun arrays in test_displayshares()
       via  1e002db s4:torture: Fix talloc_array in test_EnumValue()
       via  d11532c s3:modules: Avoid setting the sign bit to 1.
      from  1f7f112 ctdb-client: Fix ctdb_attach() to use database flags

https://git.samba.org/?p=samba.git;a=shortlog;h=master


- Log -----------------------------------------------------------------
commit 11ae26e6a688d5f86c2d03f171694fc28f0c6c89
Author: Andreas Schneider <asn at samba.org>
Date:   Fri Aug 25 14:45:29 2017 +0200

    s3:vfs: Do not overrun array ad->ad_eid
    
    The array is defined as:
        struct ad_entry ad_eid[ADEID_MAX]
    
    Found by Coverity.
    
    Signed-off-by: Andreas Schneider <asn at samba.org>
    Reviewed-by: Ralph Boehme <slow at samba.org>
    
    Autobuild-User(master): Andreas Schneider <asn at cryptomilk.org>
    Autobuild-Date(master): Fri Aug 25 20:05:32 CEST 2017 on sn-devel-144

commit ec8ec35bd798db88d89256435a4e4d84717d3632
Author: Andreas Schneider <asn at samba.org>
Date:   Fri Aug 25 14:24:59 2017 +0200

    s4:torture: Do not overrun arrays in test_displayshares()
    
    If we do not 'break', we overrun the array access size.
    
    Found by Coverity.
    
    Signed-off-by: Andreas Schneider <asn at samba.org>
    Reviewed-by: Ralph Boehme <slow at samba.org>

commit 1e002db765f3d3fdd49cccfdddef2218e7bc329d
Author: Andreas Schneider <asn at samba.org>
Date:   Fri Aug 25 14:17:54 2017 +0200

    s4:torture: Fix talloc_array in test_EnumValue()
    
    Found by Coverity.
    
    Signed-off-by: Andreas Schneider <asn at samba.org>
    Reviewed-by: Ralph Boehme <slow at samba.org>

commit d11532c446fa176eb24e35f01617c6cd7559c9bc
Author: Andreas Schneider <asn at samba.org>
Date:   Fri Aug 25 14:11:02 2017 +0200

    s3:modules: Avoid setting the sign bit to 1.
    
    Found by Coverity.
    
    Signed-off-by: Andreas Schneider <asn at samba.org>
    Reviewed-by: Ralph Boehme <slow at samba.org>

-----------------------------------------------------------------------

Summary of changes:
 source3/modules/vfs_fileid.c          |  2 +-
 source3/modules/vfs_fruit.c           |  2 +-
 source4/torture/libnet/libnet_share.c | 80 ++++++++++++++++++++++++++---------
 source4/torture/rpc/winreg.c          |  2 +-
 4 files changed, 64 insertions(+), 22 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source3/modules/vfs_fileid.c b/source3/modules/vfs_fileid.c
index f751486..bb0a79c 100644
--- a/source3/modules/vfs_fileid.c
+++ b/source3/modules/vfs_fileid.c
@@ -129,7 +129,7 @@ static uint64_t fileid_uint64_hash(const uint8_t *s, size_t len)
 
 	/* Set the initial value from the key size. */
 	for (value = 0x238F13AFLL * len, i=0; i < len; i++)
-		value = (value + (s[i] << (i*5 % 24)));
+		value = (value + (((uint64_t)s[i]) << (i*5 % 24)));
 
 	return (1103515243LL * value + 12345LL);
 }
diff --git a/source3/modules/vfs_fruit.c b/source3/modules/vfs_fruit.c
index 09e0fcd..3ba5996 100644
--- a/source3/modules/vfs_fruit.c
+++ b/source3/modules/vfs_fruit.c
@@ -653,7 +653,7 @@ static bool ad_unpack(struct adouble *ad, const size_t nentries,
 		off = RIVAL(ad->ad_data, AD_HEADER_LEN + (i * AD_ENTRY_LEN) + 4);
 		len = RIVAL(ad->ad_data, AD_HEADER_LEN + (i * AD_ENTRY_LEN) + 8);
 
-		if (!eid || eid > ADEID_MAX) {
+		if (!eid || eid >= ADEID_MAX) {
 			DEBUG(1, ("bogus eid %d\n", eid));
 			return false;
 		}
diff --git a/source4/torture/libnet/libnet_share.c b/source4/torture/libnet/libnet_share.c
index c09790f..5b5741b 100644
--- a/source4/torture/libnet/libnet_share.c
+++ b/source4/torture/libnet/libnet_share.c
@@ -65,10 +65,16 @@ static void test_displayshares(struct torture_context *tctx,
 		for (i = 0; i < s.out.ctr.ctr1->count; i++) {
 			struct srvsvc_NetShareInfo1 *info = &s.out.ctr.ctr1->array[i];
 			for (j = 0; j < ARRAY_SIZE(share_types); j++) {
-				if (share_types[j].type == info->type) break;
+				if (share_types[j].type == info->type) {
+					torture_comment(tctx,
+							"\t[%d] %s (%s)\t%s\n",
+							i,
+							info->name,
+							info->comment,
+							share_types[j].desc);
+					break;
+				}
 			}
-			torture_comment(tctx, "\t[%d] %s (%s)\t%s\n", i, info->name,
-			       info->comment, share_types[j].desc);
 		}
 		break;
 
@@ -76,13 +82,27 @@ static void test_displayshares(struct torture_context *tctx,
 		for (i = 0; i < s.out.ctr.ctr2->count; i++) {
 			struct srvsvc_NetShareInfo2 *info = &s.out.ctr.ctr2->array[i];
 			for (j = 0; j < ARRAY_SIZE(share_types); j++) {
-				if (share_types[j].type == info->type) break;
+				if (share_types[j].type == info->type) {
+					torture_comment(tctx,
+							"\t[%d] %s\t%s\n"
+							"\t    %s\n"
+							"\t    [perms=0x%08x, "
+							"max_usr=%d, "
+							"cur_usr=%d, "
+							"path=%s, "
+							"pass=%s]\n",
+							i,
+							info->name,
+							share_types[j].desc,
+							info->comment,
+							info->permissions,
+							info->max_users,
+							info->current_users,
+							info->path,
+							info->password);
+					break;
+				}
 			}
-			torture_comment(tctx, "\t[%d] %s\t%s\n\t    %s\n\t    [perms=0x%08x, max_usr=%d, cur_usr=%d, path=%s, pass=%s]\n",
-				 i, info->name, share_types[j].desc, info->comment,
-				 info->permissions, info->max_users,
-				 info->current_users, info->path,
-				 info->password);
 		}
 		break;
 
@@ -90,11 +110,20 @@ static void test_displayshares(struct torture_context *tctx,
 		for (i = 0; i < s.out.ctr.ctr501->count; i++) {
 			struct srvsvc_NetShareInfo501 *info = &s.out.ctr.ctr501->array[i];
 			for (j = 0; j < ARRAY_SIZE(share_types); j++) {
-				if (share_types[j].type == info->type) break;
+				if (share_types[j].type == info->type) {
+					torture_comment(tctx,
+							"\t[%d] %s"
+							"\t%s "
+							"[csc_policy=0x%08x]\n"
+							"\t    %s\n",
+							i,
+							info->name,
+							share_types[j].desc,
+							info->csc_policy,
+							info->comment);
+					break;
+				}
 			}
-			torture_comment(tctx, "\t[%d] %s\t%s [csc_policy=0x%08x]\n\t    %s\n", i, info->name,
-				 share_types[j].desc, info->csc_policy,
-				 info->comment);
 		}
 		break;
 
@@ -102,13 +131,26 @@ static void test_displayshares(struct torture_context *tctx,
 		for (i = 0; i < s.out.ctr.ctr502->count; i++) {
 			struct srvsvc_NetShareInfo502 *info = &s.out.ctr.ctr502->array[i];
 			for (j = 0; j < ARRAY_SIZE(share_types); j++) {
-				if (share_types[j].type == info->type) break;
+				if (share_types[j].type == info->type) {
+					torture_comment(tctx,
+							"\t[%d] %s\t%s\n"
+							"\t    %s\n"
+							"\t    [perms=0x%08x, "
+							"max_usr=%d, "
+							"cur_usr=%d, "
+							"path=%s, pass=%s]\n",
+							i,
+							info->name,
+							share_types[j].desc,
+							info->comment,
+							info->permissions,
+							info->max_users,
+							info->current_users,
+							info->path,
+							info->password);
+					break;
+				}
 			}
-			torture_comment(tctx, "\t[%d] %s\t%s\n\t    %s\n\t    [perms=0x%08x, max_usr=%d, cur_usr=%d, path=%s, pass=%s]\n",
-				 i, info->name, share_types[j].desc, info->comment,
-				 info->permissions, info->max_users,
-				 info->current_users, info->path,
-				 info->password);
 		}
 		break;
 	}
diff --git a/source4/torture/rpc/winreg.c b/source4/torture/rpc/winreg.c
index 1a7b60f..9fc92cd 100644
--- a/source4/torture/rpc/winreg.c
+++ b/source4/torture/rpc/winreg.c
@@ -1997,7 +1997,7 @@ static bool test_EnumValue(struct dcerpc_binding_handle *b,
 
 		data = NULL;
 		if (size) {
-			data = (uint8_t *) talloc_array(tctx, uint8_t *, size);
+			data = talloc_array(tctx, uint8_t, size);
 		}
 		r.in.value = data;
 


-- 
Samba Shared Repository



More information about the samba-cvs mailing list