[SCM] Samba Shared Repository - branch master updated
Jeremy Allison
jra at samba.org
Wed Apr 4 01:51:02 UTC 2018
The branch, master has been updated
via f2df0e5 krb5_wrap: Fix CID 1414755 Resource leak
via 015e046 krb5_wrap: Fix CID 1034833 Resource leak
via c3341ed net: Avoid tallocs
via 54db80e net: Fix CID 1414752 Resource leak
via bc16f7d pdb_ldap: Fix CID 1363266 Resource leak
via 5b52c30 pygpo: Fix CID 1422263 Resource leak
via 54fc900 utils: Fix CID 1035541 Uninitialized scalar variable
via 925d1f2 dsdb: Fix CID 1034966 Uninitialized scalar variable
via 2d7a3e0 libads: Fix CID 1272809 Free of address-of expression
via 76babda groupdb: Fix CID 1167984 Ignoring number of bytes read
via 64b144d dsdb: Fix CID 1034744 Dereference after null check
via 7bffd65 cldap: Avoid a ZERO_STRUCTP
via c31e537 smbd: Fix CID 240676 Dereference after null check
via dd370f8 lsasrv: Fix CID 241332 Self assignment
via ab6228c lsasrv: Fix CID 241331 Self assignment
via 7164e00 libcli: Fix CID 710748 Resource leak
via 37dcbe1 libhttp: Fix CID 1273001 Dereference after null check
from 5ebb1dd wafsamba: Add missing cflags_end argument to SAMBA_BINARY
https://git.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit f2df0e507b39e1258c4002916560e11fa25a776d
Author: Volker Lendecke <vl at samba.org>
Date: Fri Mar 30 11:08:05 2018 -0500
krb5_wrap: Fix CID 1414755 Resource leak
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Wed Apr 4 03:51:00 CEST 2018 on sn-devel-144
commit 015e04660ccd340b65feedb2954062f614b400f7
Author: Volker Lendecke <vl at samba.org>
Date: Fri Mar 30 09:23:07 2018 -0500
krb5_wrap: Fix CID 1034833 Resource leak
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
commit c3341ed29a2182a3a5f6c05110acd25513767b1a
Author: Volker Lendecke <vl at samba.org>
Date: Fri Mar 30 09:16:47 2018 -0500
net: Avoid tallocs
Not really performance critical, but I think it's worth establishing sample
code to use more stack variables than going out to talloc.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
commit 54db80e6e73169848aec89029ac2640a14c9af11
Author: Volker Lendecke <vl at samba.org>
Date: Fri Mar 30 09:15:30 2018 -0500
net: Fix CID 1414752 Resource leak
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
commit bc16f7dafbcb73142ee300db7d4c23b0a322779e
Author: Volker Lendecke <vl at samba.org>
Date: Fri Mar 30 08:27:33 2018 -0500
pdb_ldap: Fix CID 1363266 Resource leak
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
commit 5b52c308af6a21d290b964ddc64128b61faaaf6a
Author: Volker Lendecke <vl at samba.org>
Date: Wed Mar 28 15:49:30 2018 -0500
pygpo: Fix CID 1422263 Resource leak
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
commit 54fc90025b0100dfa87e196d75b38ac87c40e7ee
Author: Volker Lendecke <vl at samba.org>
Date: Wed Mar 28 15:46:34 2018 -0500
utils: Fix CID 1035541 Uninitialized scalar variable
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
commit 925d1f23291c4bdbc832977b2b4577964b8301c8
Author: Volker Lendecke <vl at samba.org>
Date: Wed Mar 28 15:43:53 2018 -0500
dsdb: Fix CID 1034966 Uninitialized scalar variable
"continue" in a do-while loop jumps to the "while"-check, so "id_exists" needs
to be initialized by that point.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13367
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
commit 2d7a3e0648f4f3175f453cf15050846fafdea745
Author: Volker Lendecke <vl at samba.org>
Date: Wed Mar 28 15:23:16 2018 -0500
libads: Fix CID 1272809 Free of address-of expression
Look at the other SAFE_FREE's in this function...
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
commit 76babda4ef13111e402fcfac10d6f9c3d7bb75e9
Author: Volker Lendecke <vl at samba.org>
Date: Fri Mar 30 12:19:24 2018 -0500
groupdb: Fix CID 1167984 Ignoring number of bytes read
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
commit 64b144dce315642dcf606be4eacefab7036bb6c7
Author: Volker Lendecke <vl at samba.org>
Date: Fri Mar 30 12:13:03 2018 -0500
dsdb: Fix CID 1034744 Dereference after null check
This HIGHLY looks like a cut&paste error...
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
commit 7bffd65bb570eb3b8a4502d52a18c98b7b640645
Author: Volker Lendecke <vl at samba.org>
Date: Fri Mar 30 12:08:42 2018 -0500
cldap: Avoid a ZERO_STRUCTP
This is done implicitly by tevent_req_create
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
commit c31e5371bf3334964c078c963de7b5db7236ff35
Author: Volker Lendecke <vl at samba.org>
Date: Fri Mar 30 11:37:49 2018 -0500
smbd: Fix CID 240676 Dereference after null check
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
commit dd370f8a511bf13c48c5cd34c41fbb630172349f
Author: Volker Lendecke <vl at samba.org>
Date: Fri Mar 30 13:23:43 2018 -0500
lsasrv: Fix CID 241332 Self assignment
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
commit ab6228c342e79758c50f2d7c035c318224a6defb
Author: Volker Lendecke <vl at samba.org>
Date: Fri Mar 30 13:23:01 2018 -0500
lsasrv: Fix CID 241331 Self assignment
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
commit 7164e00f40f15e56dc0f3d727bd4955e4927d45a
Author: Volker Lendecke <vl at samba.org>
Date: Fri Mar 30 13:10:14 2018 -0500
libcli: Fix CID 710748 Resource leak
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
commit 37dcbe173068514aeda6361c7168c465bdf65415
Author: Volker Lendecke <vl at samba.org>
Date: Fri Mar 30 12:32:26 2018 -0500
libhttp: Fix CID 1273001 Dereference after null check
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
-----------------------------------------------------------------------
Summary of changes:
lib/krb5_wrap/keytab_util.c | 4 ++++
lib/krb5_wrap/krb5_samba.c | 2 +-
libcli/cldap/cldap.c | 1 -
libcli/smb/smbXcli_base.c | 4 ++--
libgpo/pygpo.c | 3 +--
source3/groupdb/mapping.c | 6 +++++-
source3/passdb/pdb_ldap.c | 5 +++--
source3/smbd/open.c | 7 +++++++
source3/utils/log2pcaphex.c | 2 +-
source3/utils/net_cache.c | 8 ++++++--
source4/dsdb/samdb/ldb_modules/samldb.c | 1 +
source4/dsdb/schema/schema_syntax.c | 2 +-
source4/lib/http/http.c | 1 +
source4/rpc_server/lsa/dcesrv_lsa.c | 2 --
14 files changed, 33 insertions(+), 15 deletions(-)
Changeset truncated at 500 lines:
diff --git a/lib/krb5_wrap/keytab_util.c b/lib/krb5_wrap/keytab_util.c
index f9a8679..5fe9216 100644
--- a/lib/krb5_wrap/keytab_util.c
+++ b/lib/krb5_wrap/keytab_util.c
@@ -66,6 +66,7 @@ static krb5_error_code copy_one_entry(krb5_context context,
KRB5_KEY_TYPE(KRB5_KT_KEY(&entry)),
&etype_str);
if(ret) {
+ krb5_free_unparsed_name(context, name_str);
krb5_set_error_message(context, ret, "krb5_enctype_to_string");
etype_str = NULL; /* XXX */
return ret;
@@ -179,12 +180,14 @@ krb5_error_code kt_copy_one_principal(krb5_context context,
ret = krb5_kt_resolve (context, from, &src_keytab);
if (ret) {
+ krb5_free_principal(context, princ);
krb5_set_error_message(context, ret, "resolving src keytab `%s'", from);
return ret;
}
ret = krb5_kt_resolve (context, to, &dst_keytab);
if (ret) {
+ krb5_free_principal(context, princ);
krb5_kt_close (context, src_keytab);
krb5_set_error_message(context, ret, "resolving dst keytab `%s'", to);
return ret;
@@ -223,6 +226,7 @@ krb5_error_code kt_copy_one_principal(krb5_context context,
}
}
+ krb5_free_principal(context, princ);
krb5_kt_close (context, src_keytab);
krb5_kt_close (context, dst_keytab);
return ret;
diff --git a/lib/krb5_wrap/krb5_samba.c b/lib/krb5_wrap/krb5_samba.c
index 7c461e5..1493d81 100644
--- a/lib/krb5_wrap/krb5_samba.c
+++ b/lib/krb5_wrap/krb5_samba.c
@@ -1087,7 +1087,7 @@ krb5_error_code smb_krb5_gen_netbios_krb5_address(smb_krb5_addresses **kerb_addr
addrs->val = (krb5_address *)SMB_MALLOC(sizeof(krb5_address));
if (addrs->val == NULL) {
SAFE_FREE(addrs);
- SAFE_FREE(kerb_addr);
+ SAFE_FREE(*kerb_addr);
return ENOMEM;
}
diff --git a/libcli/cldap/cldap.c b/libcli/cldap/cldap.c
index 87f82b9..242a117 100644
--- a/libcli/cldap/cldap.c
+++ b/libcli/cldap/cldap.c
@@ -577,7 +577,6 @@ struct tevent_req *cldap_search_send(TALLOC_CTX *mem_ctx,
if (!req) {
return NULL;
}
- ZERO_STRUCTP(state);
state->caller.ev = ev;
state->req = req;
state->caller.cldap = cldap;
diff --git a/libcli/smb/smbXcli_base.c b/libcli/smb/smbXcli_base.c
index fbf2441..ad1b67b 100644
--- a/libcli/smb/smbXcli_base.c
+++ b/libcli/smb/smbXcli_base.c
@@ -2105,10 +2105,10 @@ static NTSTATUS smb1cli_inbuf_parse_chain(uint8_t *buf, TALLOC_CTX *mem_ctx,
wct_ofs = SVAL(cur[0].iov_base, 2);
if (wct_ofs < taken) {
- return NT_STATUS_INVALID_NETWORK_RESPONSE;
+ goto inval;
}
if (wct_ofs > buflen) {
- return NT_STATUS_INVALID_NETWORK_RESPONSE;
+ goto inval;
}
/*
diff --git a/libgpo/pygpo.c b/libgpo/pygpo.c
index ac6e323..db33602 100644
--- a/libgpo/pygpo.c
+++ b/libgpo/pygpo.c
@@ -264,12 +264,12 @@ static PyObject* py_ads_connect(ADS *self)
Py_RETURN_FALSE;
}
self->ads_ptr->auth.password = smb_xstrdup(passwd);
+ SAFE_FREE(passwd);
self->ads_ptr->auth.realm =
smb_xstrdup(self->ads_ptr->server.realm);
if (!strupper_m(self->ads_ptr->auth.realm)) {
PyErr_SetString(PyExc_SystemError, "Failed to strdup");
TALLOC_FREE(frame);
- SAFE_FREE(passwd);
Py_RETURN_FALSE;
}
@@ -278,7 +278,6 @@ static PyObject* py_ads_connect(ADS *self)
PyErr_SetString(PyExc_SystemError,
"ads_connect() failed");
TALLOC_FREE(frame);
- SAFE_FREE(passwd);
Py_RETURN_FALSE;
}
}
diff --git a/source3/groupdb/mapping.c b/source3/groupdb/mapping.c
index ac70fe6..1a8670e 100644
--- a/source3/groupdb/mapping.c
+++ b/source3/groupdb/mapping.c
@@ -237,9 +237,13 @@ int smb_create_group(const char *unix_group, gid_t *new_gid)
if (fd != 0) {
fstring output;
+ ssize_t nread;
*new_gid = 0;
- if (read(fd, output, sizeof(output)) > 0) {
+
+ nread = read(fd, output, sizeof(output)-1);
+ if (nread > 0) {
+ output[nread] = '\0';
*new_gid = (gid_t)strtoul(output, NULL, 10);
}
diff --git a/source3/passdb/pdb_ldap.c b/source3/passdb/pdb_ldap.c
index bf9377c..39c7a06 100644
--- a/source3/passdb/pdb_ldap.c
+++ b/source3/passdb/pdb_ldap.c
@@ -6054,7 +6054,7 @@ static NTSTATUS ldapsam_set_primary_group(struct pdb_methods *my_methods,
char *filter;
char *escape_username;
char *gidstr;
- const char *dn = NULL;
+ char *dn = NULL;
gid_t gid;
int rc;
@@ -6125,11 +6125,12 @@ static NTSTATUS ldapsam_set_primary_group(struct pdb_methods *my_methods,
smbldap_make_mod(priv2ld(ldap_state), entry, &mods, "gidNumber", gidstr);
if (mods == NULL) {
+ TALLOC_FREE(dn);
return NT_STATUS_OK;
}
rc = smbldap_modify(ldap_state->smbldap_state, dn, mods);
-
+ TALLOC_FREE(dn);
if (rc != LDAP_SUCCESS) {
DEBUG(0,("ldapsam_set_primary_group: failed to modify [%s] primary group to [%s]\n",
pdb_get_username(sampass), gidstr));
diff --git a/source3/smbd/open.c b/source3/smbd/open.c
index 643e074..3c24d76 100644
--- a/source3/smbd/open.c
+++ b/source3/smbd/open.c
@@ -5079,6 +5079,13 @@ static NTSTATUS create_file_unixpath(connection_struct *conn,
if (lease != NULL) {
uint16_t epoch = lease->lease_epoch;
uint16_t version = lease->lease_version;
+
+ if (req == NULL) {
+ DBG_WARNING("Got lease on internal open\n");
+ status = NT_STATUS_INTERNAL_ERROR;
+ goto fail;
+ }
+
status = lease_match(conn,
req,
&lease->lease_key,
diff --git a/source3/utils/log2pcaphex.c b/source3/utils/log2pcaphex.c
index 5310982..b5c234f 100644
--- a/source3/utils/log2pcaphex.c
+++ b/source3/utils/log2pcaphex.c
@@ -303,7 +303,7 @@ int main(int argc, const char **argv)
poptContext pc;
char buffer[4096];
long data_offset = 0;
- long data_length;
+ long data_length = 0;
long data_bytes_read = 0;
size_t in_packet = 0;
struct poptOption long_options[] = {
diff --git a/source3/utils/net_cache.c b/source3/utils/net_cache.c
index 8f9f69f..f9d12ef 100644
--- a/source3/utils/net_cache.c
+++ b/source3/utils/net_cache.c
@@ -456,15 +456,19 @@ static int net_cache_samlogon_show(struct net_context *c,
&num_user_sids,
true);
if (!NT_STATUS_IS_OK(status)) {
+ TALLOC_FREE(user_sids);
d_printf("sid_array_from_info3 failed for %s\n", sid_str);
return -1;
}
for (i = 0; i < num_user_sids; i++) {
- d_printf("SID %2" PRIu32 ": %s\n",
- i, sid_string_dbg(&user_sids[i]));
+ char buf[DOM_SID_STR_BUFLEN];
+ dom_sid_string_buf(&user_sids[i], buf, sizeof(buf));
+ d_printf("SID %2" PRIu32 ": %s\n", i, buf);
}
+ TALLOC_FREE(user_sids);
+
return 0;
}
diff --git a/source4/dsdb/samdb/ldb_modules/samldb.c b/source4/dsdb/samdb/ldb_modules/samldb.c
index 108235a..a46fd37 100644
--- a/source4/dsdb/samdb/ldb_modules/samldb.c
+++ b/source4/dsdb/samdb/ldb_modules/samldb.c
@@ -875,6 +875,7 @@ static int samldb_add_handle_msDS_IntId(struct samldb_ctx *ac)
* order to be sure.
*/
if (dsdb_attribute_by_attributeID_id(schema, msds_intid)) {
+ id_exists = true;
msds_intid = generate_random() % 0X3FFFFFFF;
msds_intid += 0x80000000;
continue;
diff --git a/source4/dsdb/schema/schema_syntax.c b/source4/dsdb/schema/schema_syntax.c
index 6205373..b434b6b 100644
--- a/source4/dsdb/schema/schema_syntax.c
+++ b/source4/dsdb/schema/schema_syntax.c
@@ -662,7 +662,7 @@ static WERROR dsdb_syntax_NTTIME_UTC_validate_ldb(const struct dsdb_syntax_ctx *
}
if (attr->rangeUpper) {
- if ((int32_t)t > (int32_t)*attr->rangeLower) {
+ if ((int32_t)t > (int32_t)*attr->rangeUpper) {
return WERR_DS_INVALID_ATTRIBUTE_SYNTAX;
}
}
diff --git a/source4/lib/http/http.c b/source4/lib/http/http.c
index 10b49cd..9218c19 100644
--- a/source4/lib/http/http.c
+++ b/source4/lib/http/http.c
@@ -471,6 +471,7 @@ static int http_read_response_next_vector(struct tstream_context *stream,
/* Sanity checks */
if (!stream || !private_data || !_vector || !_count) {
DEBUG(0, ("%s: Invalid Parameter\n", __func__));
+ return -1;
}
state = talloc_get_type_abort(private_data, struct http_read_response_state);
diff --git a/source4/rpc_server/lsa/dcesrv_lsa.c b/source4/rpc_server/lsa/dcesrv_lsa.c
index 17c07d6..9371bee 100644
--- a/source4/rpc_server/lsa/dcesrv_lsa.c
+++ b/source4/rpc_server/lsa/dcesrv_lsa.c
@@ -2563,7 +2563,6 @@ static NTSTATUS dcesrv_lsa_EnumTrustDom(struct dcesrv_call_state *dce_call, TALL
1+(r->in.max_size/LSA_ENUM_TRUST_DOMAIN_MULTIPLIER));
r->out.domains->domains = entries + *r->in.resume_handle;
- r->out.domains->count = r->out.domains->count;
if (r->out.domains->count < count - *r->in.resume_handle) {
*r->out.resume_handle = *r->in.resume_handle + r->out.domains->count;
@@ -2658,7 +2657,6 @@ static NTSTATUS dcesrv_lsa_EnumTrustedDomainsEx(struct dcesrv_call_state *dce_ca
1+(r->in.max_size/LSA_ENUM_TRUST_DOMAIN_EX_MULTIPLIER));
r->out.domains->domains = entries + *r->in.resume_handle;
- r->out.domains->count = r->out.domains->count;
if (r->out.domains->count < count - *r->in.resume_handle) {
*r->out.resume_handle = *r->in.resume_handle + r->out.domains->count;
--
Samba Shared Repository
More information about the samba-cvs
mailing list