[SCM] Samba Shared Repository - branch master updated

Volker Lendecke vlendec at samba.org
Tue May 16 14:46:02 UTC 2017 

The branch, master has been updated
       via  d1dc2b0 ldb-samba: Fix a possible NULL pointer dereference
       via  9bbb6c0 s3:winbind: Use a talloc stackframe for rpc_query_user_list
       via  ef109f8 librpc:ndr: Set the length to 1 if we assign and empty string
      from  9b50789 ctdb-tests: Use tighter pattern for matching expected output

https://git.samba.org/?p=samba.git;a=shortlog;h=master


- Log -----------------------------------------------------------------
commit d1dc2b0e4b8387a6619b110d1344211833e0ae7c
Author: Andreas Schneider <asn at samba.org>
Date:   Mon May 8 11:44:34 2017 +0200

    ldb-samba: Fix a possible NULL pointer dereference
    
    CID: #1402566
    CID: #1402567
    
    Signed-off-by: Andreas Schneider <asn at samba.org>
    Reviewed-by: Volker Lendecke <vl at samba.org>
    
    Autobuild-User(master): Volker Lendecke <vl at samba.org>
    Autobuild-Date(master): Tue May 16 16:45:43 CEST 2017 on sn-devel-144

commit 9bbb6c020e0049a93cbbfeb9ddfcbbe68251d2e2
Author: Andreas Schneider <asn at samba.org>
Date:   Mon May 8 11:34:54 2017 +0200

    s3:winbind: Use a talloc stackframe for rpc_query_user_list
    
    CID #1401581
    
    Signed-off-by: Andreas Schneider <asn at samba.org>
    Reviewed-by: Volker Lendecke <vl at samba.org>

commit ef109f86c790f12eb967ebae27c9f2f435f96156
Author: Andreas Schneider <asn at samba.org>
Date:   Mon May 8 11:22:51 2017 +0200

    librpc:ndr: Set the length to 1 if we assign and empty string
    
    CID #1399648
    
    Signed-off-by: Andreas Schneider <asn at samba.org>
    Reviewed-by: Volker Lendecke <vl at samba.org>

-----------------------------------------------------------------------

Summary of changes:
 lib/ldb-samba/ldb_ildap.c       |  4 +++-
 librpc/ndr/ndr_string.c         |  1 +
 source3/winbindd/winbindd_rpc.c | 40 ++++++++++++++++++++++++----------------
 3 files changed, 28 insertions(+), 17 deletions(-)


Changeset truncated at 500 lines:

diff --git a/lib/ldb-samba/ldb_ildap.c b/lib/ldb-samba/ldb_ildap.c
index 541971f..a4e96e4 100644
--- a/lib/ldb-samba/ldb_ildap.c
+++ b/lib/ldb-samba/ldb_ildap.c
@@ -863,7 +863,9 @@ static int ildb_connect(struct ldb_context *ldb, const char *url,
 	return LDB_SUCCESS;
 
 failed:
-	ldb_set_errstring(ldb, ldap_errstr(ildb->ldap, module, status));
+	if (ildb != NULL && ildb->ldap != NULL) {
+		ldb_set_errstring(ldb, ldap_errstr(ildb->ldap, module, status));
+	}
 	talloc_free(module);
 	if (NT_STATUS_IS_LDAP(status)) {
 		return NT_STATUS_LDAP_CODE(status);
diff --git a/librpc/ndr/ndr_string.c b/librpc/ndr/ndr_string.c
index f9366b4..067f917 100644
--- a/librpc/ndr/ndr_string.c
+++ b/librpc/ndr/ndr_string.c
@@ -677,6 +677,7 @@ _PUBLIC_ enum ndr_err_code ndr_push_charset_to_null(struct ndr_push *ndr, int nd
 
 	if (str == NULL) {
 		str = "";
+		length = 1;
 	}
 
 	return ndr_push_charset(ndr, ndr_flags, str, length, byte_mul, chset);
diff --git a/source3/winbindd/winbindd_rpc.c b/source3/winbindd/winbindd_rpc.c
index 0023e2a..2c76e1a 100644
--- a/source3/winbindd/winbindd_rpc.c
+++ b/source3/winbindd/winbindd_rpc.c
@@ -46,54 +46,62 @@ NTSTATUS rpc_query_user_list(TALLOC_CTX *mem_ctx,
 	uint32_t num_rids = 0;
 	uint32_t i = 0;
 	uint32_t resume_handle = 0;
-	NTSTATUS result;
+	NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
+	NTSTATUS status = NT_STATUS_UNSUCCESSFUL;
+	TALLOC_CTX *tmp_ctx;
 
 	*prids = NULL;
 
+	tmp_ctx = talloc_stackframe();
+	if (tmp_ctx == NULL) {
+		return NT_STATUS_NO_MEMORY;
+	}
+
 	do {
 		struct samr_SamArray *sam_array = NULL;
 		uint32_t count = 0;
-		NTSTATUS status;
 		uint32_t *tmp;
 
 		status = dcerpc_samr_EnumDomainUsers(
-			b, mem_ctx, samr_policy, &resume_handle,
+			b, tmp_ctx, samr_policy, &resume_handle,
 			ACB_NORMAL, &sam_array, 0xffff, &count, &result);
 		if (!NT_STATUS_IS_OK(status)) {
-			return status;
+			goto done;
 		}
 		if (!NT_STATUS_IS_OK(result)) {
 			if (!NT_STATUS_EQUAL(result, STATUS_MORE_ENTRIES)) {
 				DBG_WARNING("EnumDomainUsers failed: %s\n",
 					    nt_errstr(result));
-				TALLOC_FREE(rids);
-				TALLOC_FREE(sam_array);
-				return result;
+				status = result;
+				goto done;
 			}
 		}
 
 		if (num_rids + count < num_rids) {
-			TALLOC_FREE(sam_array);
-			TALLOC_FREE(rids);
-			return NT_STATUS_INTEGER_OVERFLOW;
+			status = NT_STATUS_INTEGER_OVERFLOW;
+			goto done;
 		}
 
-		tmp = talloc_realloc(mem_ctx, rids, uint32_t, num_rids+count);
+		tmp = talloc_realloc(tmp_ctx, rids, uint32_t, num_rids+count);
 		if (tmp == NULL) {
-			TALLOC_FREE(sam_array);
-			TALLOC_FREE(rids);
-			return NT_STATUS_NO_MEMORY;
+			status = NT_STATUS_NO_MEMORY;
+			goto done;
 		}
 		rids = tmp;
 
 		for (i=0; i<count; i++) {
 			rids[num_rids++] = sam_array->entries[i].idx;
 		}
+
+		TALLOC_FREE(sam_array);
 	} while (NT_STATUS_EQUAL(result, STATUS_MORE_ENTRIES));
 
-	*prids = rids;
+	*prids = talloc_steal(mem_ctx, rids);
+	status = NT_STATUS_OK;
 
-	return NT_STATUS_OK;
+done:
+	TALLOC_FREE(tmp_ctx);
+	return status;
 }
 
 /* List all domain groups */


-- 
Samba Shared Repository

More information about the samba-cvs mailing list