[SCM] Samba Shared Repository - branch master updated
Jeremy Allison
jra at samba.org
Thu Feb 23 06:12:02 UTC 2017
The branch, master has been updated
via f0196b2 coverity: Add modeling file for Coverity scan
via 8ac43e0 s3:librpc: Fix OM_uint32 comparsion in if-clause
via 2f83cfd s3:librpc: Make sure kt_curser and kt_entry are initialized
via 1df1d87 pam_winbind: Return if we do not have a domain
via 9297ac44 s3:lib: Do not segfault if username is NULL
via 1369056 s3:torture: Fix uint64_t comparsion in if-clause
via 8a1b998 s4:torture: Make sure handles are initialized
via 79a49dc ndrdump: Fix a possible NULL pointer dereference
via e6105f9 s3-vfs: Do not deref a NULL pointer in shadow_copy2_snapshot_to_gmt()
via 67b978b s4-kcc: Do not dereference a NULL pointer
via 1daea6b s4-torture: Use the correct variable type in torture_smb2_maxfid()
from 0f2ffb5 winbind: Use EnumDomainUsers in rpc_query_user_list
https://git.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit f0196b2e035ac4aa08ac8024f8b6aaff42ad53e0
Author: Andreas Schneider <asn at samba.org>
Date: Thu Feb 16 17:31:20 2017 +0100
coverity: Add modeling file for Coverity scan
The modeling file has currently all macros for cmocka that Coverity
doesn't detect false positives. We could add torture assert macros if
needed too.
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Thu Feb 23 07:11:18 CET 2017 on sn-devel-144
commit 8ac43e0e6ef9236a5c6d2c27ebe24171582c1d49
Author: Andreas Schneider <asn at samba.org>
Date: Fri Feb 17 09:49:39 2017 +0100
s3:librpc: Fix OM_uint32 comparsion in if-clause
Found by covscan.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12592
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 2f83cfdb90d687673cfc4be14cd66425fb7f3e76
Author: Andreas Schneider <asn at samba.org>
Date: Thu Feb 16 17:42:53 2017 +0100
s3:librpc: Make sure kt_curser and kt_entry are initialized
Found by covscan.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12592
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 1df1d873c849f68a91d067c7049dda12c22e98c5
Author: Andreas Schneider <asn at samba.org>
Date: Fri Feb 17 11:53:52 2017 +0100
pam_winbind: Return if we do not have a domain
Found by covscan.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12592
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 9297ac44f7e0455bb74ee77ad8b68f2e8c4a070d
Author: Andreas Schneider <asn at samba.org>
Date: Fri Feb 17 10:08:17 2017 +0100
s3:lib: Do not segfault if username is NULL
Found by covscan.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12592
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 13690569ee5893e3dbd96f2b28a41a35e3da42ff
Author: Andreas Schneider <asn at samba.org>
Date: Fri Feb 17 09:45:33 2017 +0100
s3:torture: Fix uint64_t comparsion in if-clause
Found by covscan.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12592
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 8a1b998acb3592ad67bb72db79965bae436748ec
Author: Andreas Schneider <asn at samba.org>
Date: Thu Feb 16 17:52:41 2017 +0100
s4:torture: Make sure handles are initialized
The CHECK_STATUS macro might goto done which checks the values of the
handle so they should be initialized in this case.
Found by covscan.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12592
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 79a49dc19a83bd22684a71aecf4588b753669039
Author: Andreas Schneider <asn at samba.org>
Date: Thu Feb 16 17:34:07 2017 +0100
ndrdump: Fix a possible NULL pointer dereference
Found by covscan.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12592
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit e6105f92cd24de49acecd67a9f0c2c53323fe2e9
Author: Andreas Schneider <asn at samba.org>
Date: Thu Feb 16 17:15:38 2017 +0100
s3-vfs: Do not deref a NULL pointer in shadow_copy2_snapshot_to_gmt()
Found by covscan.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12592
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 67b978bb26b3d0009b511bb2ae96d249041827a5
Author: Andreas Schneider <asn at samba.org>
Date: Thu Feb 16 17:08:50 2017 +0100
s4-kcc: Do not dereference a NULL pointer
Found by covscan.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12592
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 1daea6b0f848b2434c65dc90d7fe514242c78786
Author: Andreas Schneider <asn at samba.org>
Date: Thu Feb 16 17:07:54 2017 +0100
s4-torture: Use the correct variable type in torture_smb2_maxfid()
Found by covscan.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12592
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
-----------------------------------------------------------------------
Summary of changes:
coverity/README | 6 ++
coverity/coverity_assert_model.c | 86 +++++++++++++++++++++++++++
librpc/tools/ndrdump.c | 4 ++
nsswitch/pam_winbind.c | 10 +++-
source3/lib/util_cmdline.c | 5 +-
source3/librpc/crypto/gse.c | 2 +-
source3/librpc/crypto/gse_krb5.c | 7 +--
source3/modules/vfs_shadow_copy2.c | 3 +
source3/torture/torture.c | 4 +-
source4/dsdb/kcc/garbage_collect_tombstones.c | 4 +-
source4/torture/smb2/maxfid.c | 8 +--
source4/torture/smb2/rename.c | 24 ++++++++
12 files changed, 146 insertions(+), 17 deletions(-)
create mode 100644 coverity/README
create mode 100644 coverity/coverity_assert_model.c
Changeset truncated at 500 lines:
diff --git a/coverity/README b/coverity/README
new file mode 100644
index 0000000..84795d9
--- /dev/null
+++ b/coverity/README
@@ -0,0 +1,6 @@
+coverity_assert_model.c:
+
+This file is a Coverity Modeling file for which currently adds the needed models
+for using the cmocka unit test framework. The assert functions could create
+false positives, to avoid that you can load this modeling file in the Coverity
+web interface. If needed add models for torture_ and talloc_ macros.
diff --git a/coverity/coverity_assert_model.c b/coverity/coverity_assert_model.c
new file mode 100644
index 0000000..ba5c17d
--- /dev/null
+++ b/coverity/coverity_assert_model.c
@@ -0,0 +1,86 @@
+#define LargestIntegralType unsigned long long
+
+void _assert_true(const LargestIntegralType result,
+ const char* const expression,
+ const char * const file, const int line)
+{
+ __coverity_panic__();
+}
+
+void _assert_int_equal(
+ const LargestIntegralType a, const LargestIntegralType b,
+ const char * const file, const int line)
+{
+ __coverity_panic__();
+}
+
+void _assert_int_not_equal(
+ const LargestIntegralType a, const LargestIntegralType b,
+ const char * const file, const int line)
+{
+ __coverity_panic__();
+}
+
+void _assert_return_code(const LargestIntegralType result,
+ size_t rlen,
+ const LargestIntegralType error,
+ const char * const expression,
+ const char * const file,
+ const int line)
+{
+ __coverity_panic__();
+}
+
+void _assert_string_equal(const char * const a, const char * const b,
+ const char * const file, const int line)
+{
+ __coverity_panic__();
+}
+
+void _assert_string_not_equal(const char * const a, const char * const b,
+ const char *file, const int line)
+{
+ __coverity_panic__();
+}
+
+void _assert_memory_equal(const void * const a, const void * const b,
+ const size_t size, const char* const file,
+ const int line)
+{
+ __coverity_panic__();
+}
+
+void _assert_memory_not_equal(const void * const a, const void * const b,
+ const size_t size, const char* const file,
+ const int line)
+{
+ __coverity_panic__();
+}
+
+void _assert_in_range(
+ const LargestIntegralType value, const LargestIntegralType minimum,
+ const LargestIntegralType maximum, const char* const file, const int line)
+{
+ __coverity_panic__();
+}
+
+void _assert_not_in_range(
+ const LargestIntegralType value, const LargestIntegralType minimum,
+ const LargestIntegralType maximum, const char* const file, const int line)
+{
+ __coverity_panic__();
+}
+
+void _assert_in_set(
+ const LargestIntegralType value, const LargestIntegralType values[],
+ const size_t number_of_values, const char* const file, const int line)
+{
+ __coverity_panic__();
+}
+
+void _assert_not_in_set(
+ const LargestIntegralType value, const LargestIntegralType values[],
+ const size_t number_of_values, const char* const file, const int line)
+{
+ __coverity_panic__();
+}
diff --git a/librpc/tools/ndrdump.c b/librpc/tools/ndrdump.c
index b1e96b8..e26d371 100644
--- a/librpc/tools/ndrdump.c
+++ b/librpc/tools/ndrdump.c
@@ -502,6 +502,10 @@ static void ndr_print_dummy(struct ndr_print *ndr, const char *format, ...)
bool differ;
ndr_v_push = ndr_push_init_ctx(mem_ctx);
+ if (ndr_v_push == NULL) {
+ printf("No memory\n");
+ exit(1);
+ }
if (assume_ndr64) {
ndr_v_push->flags |= LIBNDR_FLAG_NDR64;
diff --git a/nsswitch/pam_winbind.c b/nsswitch/pam_winbind.c
index 859101f..746b157 100644
--- a/nsswitch/pam_winbind.c
+++ b/nsswitch/pam_winbind.c
@@ -2479,10 +2479,14 @@ static char* winbind_upn_to_username(struct pwb_context *ctx,
if (!name) {
return NULL;
}
- if ((p = strchr(name, '@')) != NULL) {
- *p = 0;
- domain = p + 1;
+
+ p = strchr(name, '@');
+ if (p == NULL) {
+ TALLOC_FREE(name);
+ return NULL;
}
+ *p = '\0';
+ domain = p + 1;
/* Convert the UPN to a SID */
diff --git a/source3/lib/util_cmdline.c b/source3/lib/util_cmdline.c
index 6c98b44..ad51a4f 100644
--- a/source3/lib/util_cmdline.c
+++ b/source3/lib/util_cmdline.c
@@ -112,11 +112,14 @@ void set_cmdline_auth_info_username(struct user_auth_info *auth_info,
{
const char *new_val = NULL;
+ if (username == NULL) {
+ return;
+ }
cli_credentials_parse_string(auth_info->creds,
username,
CRED_SPECIFIED);
new_val = cli_credentials_get_username(auth_info->creds);
- if (username != NULL && new_val == NULL) {
+ if (new_val == NULL) {
exit(ENOMEM);
}
diff --git a/source3/librpc/crypto/gse.c b/source3/librpc/crypto/gse.c
index 792700e..99971d3 100644
--- a/source3/librpc/crypto/gse.c
+++ b/source3/librpc/crypto/gse.c
@@ -347,7 +347,7 @@ static NTSTATUS gse_get_client_auth_token(TALLOC_CTX *mem_ctx,
break;
default:
if ((gss_maj == GSS_S_FAILURE) &&
- (gss_min == KRB5KRB_AP_ERR_TKT_EXPIRED)) {
+ (gss_min == (OM_uint32)KRB5KRB_AP_ERR_TKT_EXPIRED)) {
DBG_NOTICE("Ticket expired\n");
} else {
DBG_ERR("gss_init_sec_context failed with [%s]\n",
diff --git a/source3/librpc/crypto/gse_krb5.c b/source3/librpc/crypto/gse_krb5.c
index 83afd16..703d1b4 100644
--- a/source3/librpc/crypto/gse_krb5.c
+++ b/source3/librpc/crypto/gse_krb5.c
@@ -359,8 +359,8 @@ static krb5_error_code fill_mem_keytab_from_system_keytab(krb5_context krbctx,
{
krb5_error_code ret = 0;
krb5_keytab keytab = NULL;
- krb5_kt_cursor kt_cursor;
- krb5_keytab_entry kt_entry;
+ krb5_kt_cursor kt_cursor = { 0, };
+ krb5_keytab_entry kt_entry = { 0, };
char *valid_princ_formats[7] = { NULL, NULL, NULL,
NULL, NULL, NULL, NULL };
char *entry_princ_s = NULL;
@@ -420,9 +420,6 @@ static krb5_error_code fill_mem_keytab_from_system_keytab(krb5_context krbctx,
goto out;
}
- ZERO_STRUCT(kt_entry);
- ZERO_STRUCT(kt_cursor);
-
ret = smb_krb5_kt_open_relative(krbctx, NULL, false, &keytab);
if (ret) {
DEBUG(1, ("smb_krb5_kt_open failed (%s)\n",
diff --git a/source3/modules/vfs_shadow_copy2.c b/source3/modules/vfs_shadow_copy2.c
index 402eb70..2afc595 100644
--- a/source3/modules/vfs_shadow_copy2.c
+++ b/source3/modules/vfs_shadow_copy2.c
@@ -1873,6 +1873,9 @@ static bool shadow_copy2_snapshot_to_gmt(vfs_handle_struct *handle,
}
/* Extract the prefix */
tmp = strstr(tmpstr, priv->config->delimiter);
+ if (tmp == NULL) {
+ goto done;
+ }
*tmp = '\0';
/* Parse regex */
diff --git a/source3/torture/torture.c b/source3/torture/torture.c
index 846b675..3062122 100644
--- a/source3/torture/torture.c
+++ b/source3/torture/torture.c
@@ -5066,7 +5066,7 @@ static bool run_rename_access(int dummy)
}
if (cli) {
- if (fnum != -1) {
+ if (fnum != (uint64_t)-1) {
cli_close(cli, fnum);
}
cli_unlink(cli, src,
@@ -5457,7 +5457,7 @@ static bool run_owner_rights(int dummy)
fail:
if (cli) {
- if (fnum != -1) {
+ if (fnum != (uint16_t)-1) {
cli_close(cli, fnum);
}
cli_unlink(cli, fname,
diff --git a/source4/dsdb/kcc/garbage_collect_tombstones.c b/source4/dsdb/kcc/garbage_collect_tombstones.c
index 1909cfe..d8d0a59 100644
--- a/source4/dsdb/kcc/garbage_collect_tombstones.c
+++ b/source4/dsdb/kcc/garbage_collect_tombstones.c
@@ -137,7 +137,9 @@ static NTSTATUS garbage_collect_tombstones_part(TALLOC_CTX *mem_ctx,
element->name);
/* This avoids parsing isDeleted as a link */
- if (attrib->linkID == 0 || ((attrib->linkID & 1) == 1)) {
+ if (attrib == NULL ||
+ attrib->linkID == 0 ||
+ ((attrib->linkID & 1) == 1)) {
continue;
}
diff --git a/source4/torture/smb2/maxfid.c b/source4/torture/smb2/maxfid.c
index cfdf7c1..dbe3fac 100644
--- a/source4/torture/smb2/maxfid.c
+++ b/source4/torture/smb2/maxfid.c
@@ -32,7 +32,7 @@ bool torture_smb2_maxfid(struct torture_context *tctx)
NTSTATUS status;
struct smb2_tree *tree = NULL;
const char *dname = "smb2_maxfid";
- int i, maxfid;
+ size_t i, maxfid;
struct smb2_handle *handles, dir_handle = { };
size_t max_handles;
@@ -62,7 +62,7 @@ bool torture_smb2_maxfid(struct torture_context *tctx)
struct smb2_create create = { };
struct smb2_close close = { };
- name = talloc_asprintf(tctx, "%s\\%d", dname, i / 1000);
+ name = talloc_asprintf(tctx, "%s\\%zu", dname, i / 1000);
torture_assert_goto(tctx, (name != NULL), ret, done,
"no memory for directory name\n");
@@ -93,7 +93,7 @@ bool torture_smb2_maxfid(struct torture_context *tctx)
char *name;
struct smb2_create create = { };
- name = talloc_asprintf(tctx, "%s\\%d\\%d", dname, i / 1000, i);
+ name = talloc_asprintf(tctx, "%s\\%zu\\%zu", dname, i / 1000, i);
torture_assert_goto(tctx, (name != NULL), ret, done,
"no memory for file name\n");
@@ -120,7 +120,7 @@ bool torture_smb2_maxfid(struct torture_context *tctx)
maxfid = i;
if (maxfid == max_handles) {
- torture_comment(tctx, "Reached test limit of %d open files. "
+ torture_comment(tctx, "Reached test limit of %zu open files. "
"Adjust to higher test with "
"--option=torture:maxopenfiles=NNN\n", maxfid);
}
diff --git a/source4/torture/smb2/rename.c b/source4/torture/smb2/rename.c
index 1a490f3..9652643 100644
--- a/source4/torture/smb2/rename.c
+++ b/source4/torture/smb2/rename.c
@@ -57,6 +57,8 @@ static bool torture_smb2_rename_simple(struct torture_context *torture,
union smb_fileinfo fi;
struct smb2_handle h1;
+ ZERO_STRUCT(h1);
+
smb2_deltree(tree1, BASEDIR);
smb2_util_rmdir(tree1, BASEDIR);
@@ -145,6 +147,8 @@ static bool torture_smb2_rename_simple2(struct torture_context *torture,
union smb_setfileinfo sinfo;
struct smb2_handle h1;
+ ZERO_STRUCT(h1);
+
smb2_deltree(tree1, BASEDIR);
smb2_util_rmdir(tree1, BASEDIR);
@@ -226,6 +230,8 @@ static bool torture_smb2_rename_no_sharemode(struct torture_context *torture,
union smb_fileinfo fi;
struct smb2_handle h1;
+ ZERO_STRUCT(h1);
+
smb2_deltree(tree1, BASEDIR);
smb2_util_rmdir(tree1, BASEDIR);
@@ -314,6 +320,9 @@ static bool torture_smb2_rename_with_delete_access(struct torture_context *tortu
union smb_setfileinfo sinfo;
struct smb2_handle fh, dh;
+ ZERO_STRUCT(fh);
+ ZERO_STRUCT(dh);
+
smb2_deltree(tree1, BASEDIR);
smb2_util_rmdir(tree1, BASEDIR);
@@ -439,6 +448,9 @@ static bool torture_smb2_rename_with_delete_access2(struct torture_context *tort
union smb_setfileinfo sinfo;
struct smb2_handle fh, dh;
+ ZERO_STRUCT(fh);
+ ZERO_STRUCT(dh);
+
smb2_deltree(tree1, BASEDIR);
smb2_util_rmdir(tree1, BASEDIR);
@@ -563,6 +575,9 @@ static bool torture_smb2_rename_no_delete_access(struct torture_context *torture
union smb_fileinfo fi;
struct smb2_handle fh, dh;
+ ZERO_STRUCT(fh);
+ ZERO_STRUCT(dh);
+
smb2_deltree(tree1, BASEDIR);
smb2_util_rmdir(tree1, BASEDIR);
@@ -697,6 +712,9 @@ static bool torture_smb2_rename_no_delete_access2(struct torture_context *tortur
union smb_setfileinfo sinfo;
struct smb2_handle fh, dh;
+ ZERO_STRUCT(fh);
+ ZERO_STRUCT(dh);
+
smb2_deltree(tree1, BASEDIR);
smb2_util_rmdir(tree1, BASEDIR);
@@ -820,6 +838,9 @@ static bool torture_smb2_rename_msword(struct torture_context *torture,
union smb_fileinfo fi;
struct smb2_handle fh, dh;
+ ZERO_STRUCT(fh);
+ ZERO_STRUCT(dh);
+
smb2_deltree(tree1, BASEDIR);
smb2_util_rmdir(tree1, BASEDIR);
@@ -938,6 +959,9 @@ static bool torture_smb2_rename_dir_openfile(struct torture_context *torture,
union smb_setfileinfo sinfo;
struct smb2_handle d1, h1;
+ ZERO_STRUCT(d1);
+ ZERO_STRUCT(h1);
+
smb2_deltree(tree1, BASEDIR);
smb2_util_rmdir(tree1, BASEDIR);
--
Samba Shared Repository
More information about the samba-cvs
mailing list