[SCM] Samba Shared Repository - branch master updated

Jeremy Allison jra at samba.org
Wed Apr 4 01:51:02 UTC 2018


The branch, master has been updated
       via  f2df0e5 krb5_wrap: Fix CID 1414755 Resource leak
       via  015e046 krb5_wrap: Fix CID 1034833 Resource leak
       via  c3341ed net: Avoid tallocs
       via  54db80e net: Fix CID 1414752 Resource leak
       via  bc16f7d pdb_ldap: Fix CID 1363266 Resource leak
       via  5b52c30 pygpo: Fix CID 1422263 Resource leak
       via  54fc900 utils: Fix CID 1035541 Uninitialized scalar variable
       via  925d1f2 dsdb: Fix CID 1034966 Uninitialized scalar variable
       via  2d7a3e0 libads: Fix CID 1272809 Free of address-of expression
       via  76babda groupdb: Fix CID 1167984 Ignoring number of bytes read
       via  64b144d dsdb: Fix CID 1034744 Dereference after null check
       via  7bffd65 cldap: Avoid a ZERO_STRUCTP
       via  c31e537 smbd: Fix CID 240676 Dereference after null check
       via  dd370f8 lsasrv: Fix CID 241332 Self assignment
       via  ab6228c lsasrv: Fix CID 241331 Self assignment
       via  7164e00 libcli: Fix CID 710748 Resource leak
       via  37dcbe1 libhttp: Fix CID 1273001 Dereference after null check
      from  5ebb1dd wafsamba: Add missing cflags_end argument to SAMBA_BINARY

https://git.samba.org/?p=samba.git;a=shortlog;h=master


- Log -----------------------------------------------------------------
commit f2df0e507b39e1258c4002916560e11fa25a776d
Author: Volker Lendecke <vl at samba.org>
Date:   Fri Mar 30 11:08:05 2018 -0500

    krb5_wrap: Fix CID 1414755 Resource leak
    
    Signed-off-by: Volker Lendecke <vl at samba.org>
    Reviewed-by: Jeremy Allison <jra at samba.org>
    Reviewed-by: Stefan Metzmacher <metze at samba.org>
    
    Autobuild-User(master): Jeremy Allison <jra at samba.org>
    Autobuild-Date(master): Wed Apr  4 03:51:00 CEST 2018 on sn-devel-144

commit 015e04660ccd340b65feedb2954062f614b400f7
Author: Volker Lendecke <vl at samba.org>
Date:   Fri Mar 30 09:23:07 2018 -0500

    krb5_wrap: Fix CID 1034833 Resource leak
    
    Signed-off-by: Volker Lendecke <vl at samba.org>
    Reviewed-by: Jeremy Allison <jra at samba.org>
    Reviewed-by: Stefan Metzmacher <metze at samba.org>

commit c3341ed29a2182a3a5f6c05110acd25513767b1a
Author: Volker Lendecke <vl at samba.org>
Date:   Fri Mar 30 09:16:47 2018 -0500

    net: Avoid tallocs
    
    Not really performance critical, but I think it's worth establishing sample
    code to use more stack variables than going out to talloc.
    
    Signed-off-by: Volker Lendecke <vl at samba.org>
    Reviewed-by: Jeremy Allison <jra at samba.org>
    Reviewed-by: Stefan Metzmacher <metze at samba.org>

commit 54db80e6e73169848aec89029ac2640a14c9af11
Author: Volker Lendecke <vl at samba.org>
Date:   Fri Mar 30 09:15:30 2018 -0500

    net: Fix CID 1414752 Resource leak
    
    Signed-off-by: Volker Lendecke <vl at samba.org>
    Reviewed-by: Jeremy Allison <jra at samba.org>
    Reviewed-by: Stefan Metzmacher <metze at samba.org>

commit bc16f7dafbcb73142ee300db7d4c23b0a322779e
Author: Volker Lendecke <vl at samba.org>
Date:   Fri Mar 30 08:27:33 2018 -0500

    pdb_ldap: Fix CID 1363266 Resource leak
    
    Signed-off-by: Volker Lendecke <vl at samba.org>
    Reviewed-by: Jeremy Allison <jra at samba.org>
    Reviewed-by: Stefan Metzmacher <metze at samba.org>

commit 5b52c308af6a21d290b964ddc64128b61faaaf6a
Author: Volker Lendecke <vl at samba.org>
Date:   Wed Mar 28 15:49:30 2018 -0500

    pygpo: Fix CID 1422263 Resource leak
    
    Signed-off-by: Volker Lendecke <vl at samba.org>
    Reviewed-by: Jeremy Allison <jra at samba.org>
    Reviewed-by: Stefan Metzmacher <metze at samba.org>

commit 54fc90025b0100dfa87e196d75b38ac87c40e7ee
Author: Volker Lendecke <vl at samba.org>
Date:   Wed Mar 28 15:46:34 2018 -0500

    utils: Fix CID 1035541 Uninitialized scalar variable
    
    Signed-off-by: Volker Lendecke <vl at samba.org>
    Reviewed-by: Jeremy Allison <jra at samba.org>
    Reviewed-by: Stefan Metzmacher <metze at samba.org>

commit 925d1f23291c4bdbc832977b2b4577964b8301c8
Author: Volker Lendecke <vl at samba.org>
Date:   Wed Mar 28 15:43:53 2018 -0500

    dsdb: Fix CID 1034966 Uninitialized scalar variable
    
    "continue" in a do-while loop jumps to the "while"-check, so "id_exists" needs
    to be initialized by that point.
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=13367
    
    Signed-off-by: Volker Lendecke <vl at samba.org>
    Reviewed-by: Jeremy Allison <jra at samba.org>
    Reviewed-by: Stefan Metzmacher <metze at samba.org>

commit 2d7a3e0648f4f3175f453cf15050846fafdea745
Author: Volker Lendecke <vl at samba.org>
Date:   Wed Mar 28 15:23:16 2018 -0500

    libads: Fix CID 1272809 Free of address-of expression
    
    Look at the other SAFE_FREE's in this function...
    
    Signed-off-by: Volker Lendecke <vl at samba.org>
    Reviewed-by: Jeremy Allison <jra at samba.org>
    Reviewed-by: Stefan Metzmacher <metze at samba.org>

commit 76babda4ef13111e402fcfac10d6f9c3d7bb75e9
Author: Volker Lendecke <vl at samba.org>
Date:   Fri Mar 30 12:19:24 2018 -0500

    groupdb: Fix CID 1167984 Ignoring number of bytes read
    
    Signed-off-by: Volker Lendecke <vl at samba.org>
    Reviewed-by: Jeremy Allison <jra at samba.org>
    Reviewed-by: Stefan Metzmacher <metze at samba.org>

commit 64b144dce315642dcf606be4eacefab7036bb6c7
Author: Volker Lendecke <vl at samba.org>
Date:   Fri Mar 30 12:13:03 2018 -0500

    dsdb: Fix CID 1034744 Dereference after null check
    
    This HIGHLY looks like a cut&paste error...
    
    Signed-off-by: Volker Lendecke <vl at samba.org>
    Reviewed-by: Jeremy Allison <jra at samba.org>
    Reviewed-by: Stefan Metzmacher <metze at samba.org>

commit 7bffd65bb570eb3b8a4502d52a18c98b7b640645
Author: Volker Lendecke <vl at samba.org>
Date:   Fri Mar 30 12:08:42 2018 -0500

    cldap: Avoid a ZERO_STRUCTP
    
    This is done implicitly by tevent_req_create
    
    Signed-off-by: Volker Lendecke <vl at samba.org>
    Reviewed-by: Jeremy Allison <jra at samba.org>
    Reviewed-by: Stefan Metzmacher <metze at samba.org>

commit c31e5371bf3334964c078c963de7b5db7236ff35
Author: Volker Lendecke <vl at samba.org>
Date:   Fri Mar 30 11:37:49 2018 -0500

    smbd: Fix CID 240676 Dereference after null check
    
    Signed-off-by: Volker Lendecke <vl at samba.org>
    Reviewed-by: Jeremy Allison <jra at samba.org>
    Reviewed-by: Stefan Metzmacher <metze at samba.org>

commit dd370f8a511bf13c48c5cd34c41fbb630172349f
Author: Volker Lendecke <vl at samba.org>
Date:   Fri Mar 30 13:23:43 2018 -0500

    lsasrv: Fix CID 241332 Self assignment
    
    Signed-off-by: Volker Lendecke <vl at samba.org>
    Reviewed-by: Jeremy Allison <jra at samba.org>
    Reviewed-by: Stefan Metzmacher <metze at samba.org>

commit ab6228c342e79758c50f2d7c035c318224a6defb
Author: Volker Lendecke <vl at samba.org>
Date:   Fri Mar 30 13:23:01 2018 -0500

    lsasrv: Fix CID 241331 Self assignment
    
    Signed-off-by: Volker Lendecke <vl at samba.org>
    Reviewed-by: Jeremy Allison <jra at samba.org>
    Reviewed-by: Stefan Metzmacher <metze at samba.org>

commit 7164e00f40f15e56dc0f3d727bd4955e4927d45a
Author: Volker Lendecke <vl at samba.org>
Date:   Fri Mar 30 13:10:14 2018 -0500

    libcli: Fix CID 710748 Resource leak
    
    Signed-off-by: Volker Lendecke <vl at samba.org>
    Reviewed-by: Jeremy Allison <jra at samba.org>
    Reviewed-by: Stefan Metzmacher <metze at samba.org>

commit 37dcbe173068514aeda6361c7168c465bdf65415
Author: Volker Lendecke <vl at samba.org>
Date:   Fri Mar 30 12:32:26 2018 -0500

    libhttp: Fix CID 1273001 Dereference after null check
    
    Signed-off-by: Volker Lendecke <vl at samba.org>
    Reviewed-by: Jeremy Allison <jra at samba.org>
    Reviewed-by: Stefan Metzmacher <metze at samba.org>

-----------------------------------------------------------------------

Summary of changes:
 lib/krb5_wrap/keytab_util.c             | 4 ++++
 lib/krb5_wrap/krb5_samba.c              | 2 +-
 libcli/cldap/cldap.c                    | 1 -
 libcli/smb/smbXcli_base.c               | 4 ++--
 libgpo/pygpo.c                          | 3 +--
 source3/groupdb/mapping.c               | 6 +++++-
 source3/passdb/pdb_ldap.c               | 5 +++--
 source3/smbd/open.c                     | 7 +++++++
 source3/utils/log2pcaphex.c             | 2 +-
 source3/utils/net_cache.c               | 8 ++++++--
 source4/dsdb/samdb/ldb_modules/samldb.c | 1 +
 source4/dsdb/schema/schema_syntax.c     | 2 +-
 source4/lib/http/http.c                 | 1 +
 source4/rpc_server/lsa/dcesrv_lsa.c     | 2 --
 14 files changed, 33 insertions(+), 15 deletions(-)


Changeset truncated at 500 lines:

diff --git a/lib/krb5_wrap/keytab_util.c b/lib/krb5_wrap/keytab_util.c
index f9a8679..5fe9216 100644
--- a/lib/krb5_wrap/keytab_util.c
+++ b/lib/krb5_wrap/keytab_util.c
@@ -66,6 +66,7 @@ static krb5_error_code copy_one_entry(krb5_context context,
 					KRB5_KEY_TYPE(KRB5_KT_KEY(&entry)),
 					&etype_str);
     if(ret) {
+        krb5_free_unparsed_name(context, name_str);
 	krb5_set_error_message(context, ret, "krb5_enctype_to_string");
 	etype_str = NULL; /* XXX */
 	return ret;
@@ -179,12 +180,14 @@ krb5_error_code kt_copy_one_principal(krb5_context context,
 
     ret = krb5_kt_resolve (context, from, &src_keytab);
     if (ret) {
+	krb5_free_principal(context, princ);
 	krb5_set_error_message(context, ret, "resolving src keytab `%s'", from);
 	return ret;
     }
 
     ret = krb5_kt_resolve (context, to, &dst_keytab);
     if (ret) {
+	krb5_free_principal(context, princ);
 	krb5_kt_close (context, src_keytab);
 	krb5_set_error_message(context, ret, "resolving dst keytab `%s'", to);
 	return ret;
@@ -223,6 +226,7 @@ krb5_error_code kt_copy_one_principal(krb5_context context,
 	}
     }
 
+    krb5_free_principal(context, princ);
     krb5_kt_close (context, src_keytab);
     krb5_kt_close (context, dst_keytab);
     return ret;
diff --git a/lib/krb5_wrap/krb5_samba.c b/lib/krb5_wrap/krb5_samba.c
index 7c461e5..1493d81 100644
--- a/lib/krb5_wrap/krb5_samba.c
+++ b/lib/krb5_wrap/krb5_samba.c
@@ -1087,7 +1087,7 @@ krb5_error_code smb_krb5_gen_netbios_krb5_address(smb_krb5_addresses **kerb_addr
 		addrs->val = (krb5_address *)SMB_MALLOC(sizeof(krb5_address));
 		if (addrs->val == NULL) {
 			SAFE_FREE(addrs);
-			SAFE_FREE(kerb_addr);
+			SAFE_FREE(*kerb_addr);
 			return ENOMEM;
 		}
 
diff --git a/libcli/cldap/cldap.c b/libcli/cldap/cldap.c
index 87f82b9..242a117 100644
--- a/libcli/cldap/cldap.c
+++ b/libcli/cldap/cldap.c
@@ -577,7 +577,6 @@ struct tevent_req *cldap_search_send(TALLOC_CTX *mem_ctx,
 	if (!req) {
 		return NULL;
 	}
-	ZERO_STRUCTP(state);
 	state->caller.ev = ev;
 	state->req = req;
 	state->caller.cldap = cldap;
diff --git a/libcli/smb/smbXcli_base.c b/libcli/smb/smbXcli_base.c
index fbf2441..ad1b67b 100644
--- a/libcli/smb/smbXcli_base.c
+++ b/libcli/smb/smbXcli_base.c
@@ -2105,10 +2105,10 @@ static NTSTATUS smb1cli_inbuf_parse_chain(uint8_t *buf, TALLOC_CTX *mem_ctx,
 		wct_ofs = SVAL(cur[0].iov_base, 2);
 
 		if (wct_ofs < taken) {
-			return NT_STATUS_INVALID_NETWORK_RESPONSE;
+			goto inval;
 		}
 		if (wct_ofs > buflen) {
-			return NT_STATUS_INVALID_NETWORK_RESPONSE;
+			goto inval;
 		}
 
 		/*
diff --git a/libgpo/pygpo.c b/libgpo/pygpo.c
index ac6e323..db33602 100644
--- a/libgpo/pygpo.c
+++ b/libgpo/pygpo.c
@@ -264,12 +264,12 @@ static PyObject* py_ads_connect(ADS *self)
 			Py_RETURN_FALSE;
 		}
 		self->ads_ptr->auth.password = smb_xstrdup(passwd);
+		SAFE_FREE(passwd);
 		self->ads_ptr->auth.realm =
 			smb_xstrdup(self->ads_ptr->server.realm);
 		if (!strupper_m(self->ads_ptr->auth.realm)) {
 			PyErr_SetString(PyExc_SystemError, "Failed to strdup");
 			TALLOC_FREE(frame);
-			SAFE_FREE(passwd);
 			Py_RETURN_FALSE;
 		}
 
@@ -278,7 +278,6 @@ static PyObject* py_ads_connect(ADS *self)
 			PyErr_SetString(PyExc_SystemError,
 					"ads_connect() failed");
 			TALLOC_FREE(frame);
-			SAFE_FREE(passwd);
 			Py_RETURN_FALSE;
 		}
 	}
diff --git a/source3/groupdb/mapping.c b/source3/groupdb/mapping.c
index ac70fe6..1a8670e 100644
--- a/source3/groupdb/mapping.c
+++ b/source3/groupdb/mapping.c
@@ -237,9 +237,13 @@ int smb_create_group(const char *unix_group, gid_t *new_gid)
 
 		if (fd != 0) {
 			fstring output;
+			ssize_t nread;
 
 			*new_gid = 0;
-			if (read(fd, output, sizeof(output)) > 0) {
+
+			nread = read(fd, output, sizeof(output)-1);
+			if (nread > 0) {
+				output[nread] = '\0';
 				*new_gid = (gid_t)strtoul(output, NULL, 10);
 			}
 
diff --git a/source3/passdb/pdb_ldap.c b/source3/passdb/pdb_ldap.c
index bf9377c..39c7a06 100644
--- a/source3/passdb/pdb_ldap.c
+++ b/source3/passdb/pdb_ldap.c
@@ -6054,7 +6054,7 @@ static NTSTATUS ldapsam_set_primary_group(struct pdb_methods *my_methods,
 	char *filter;
 	char *escape_username;
 	char *gidstr;
-	const char *dn = NULL;
+	char *dn = NULL;
 	gid_t gid;
 	int rc;
 
@@ -6125,11 +6125,12 @@ static NTSTATUS ldapsam_set_primary_group(struct pdb_methods *my_methods,
 	smbldap_make_mod(priv2ld(ldap_state), entry, &mods, "gidNumber", gidstr);
 
 	if (mods == NULL) {
+		TALLOC_FREE(dn);
 		return NT_STATUS_OK;
 	}
 
 	rc = smbldap_modify(ldap_state->smbldap_state, dn, mods);
-
+	TALLOC_FREE(dn);
 	if (rc != LDAP_SUCCESS) {
 		DEBUG(0,("ldapsam_set_primary_group: failed to modify [%s] primary group to [%s]\n",
 			 pdb_get_username(sampass), gidstr));
diff --git a/source3/smbd/open.c b/source3/smbd/open.c
index 643e074..3c24d76 100644
--- a/source3/smbd/open.c
+++ b/source3/smbd/open.c
@@ -5079,6 +5079,13 @@ static NTSTATUS create_file_unixpath(connection_struct *conn,
 	if (lease != NULL) {
 		uint16_t epoch = lease->lease_epoch;
 		uint16_t version = lease->lease_version;
+
+		if (req == NULL) {
+			DBG_WARNING("Got lease on internal open\n");
+			status = NT_STATUS_INTERNAL_ERROR;
+			goto fail;
+		}
+
 		status = lease_match(conn,
 				req,
 				&lease->lease_key,
diff --git a/source3/utils/log2pcaphex.c b/source3/utils/log2pcaphex.c
index 5310982..b5c234f 100644
--- a/source3/utils/log2pcaphex.c
+++ b/source3/utils/log2pcaphex.c
@@ -303,7 +303,7 @@ int main(int argc, const char **argv)
 	poptContext pc;
 	char buffer[4096];
 	long data_offset = 0;
-	long data_length;
+	long data_length = 0;
 	long data_bytes_read = 0;
 	size_t in_packet = 0;
 	struct poptOption long_options[] = {
diff --git a/source3/utils/net_cache.c b/source3/utils/net_cache.c
index 8f9f69f..f9d12ef 100644
--- a/source3/utils/net_cache.c
+++ b/source3/utils/net_cache.c
@@ -456,15 +456,19 @@ static int net_cache_samlogon_show(struct net_context *c,
 				      &num_user_sids,
 				      true);
 	if (!NT_STATUS_IS_OK(status)) {
+		TALLOC_FREE(user_sids);
 		d_printf("sid_array_from_info3 failed for %s\n", sid_str);
 		return -1;
 	}
 
 	for (i = 0; i < num_user_sids; i++) {
-		d_printf("SID %2" PRIu32 ": %s\n",
-			 i, sid_string_dbg(&user_sids[i]));
+		char buf[DOM_SID_STR_BUFLEN];
+		dom_sid_string_buf(&user_sids[i], buf, sizeof(buf));
+		d_printf("SID %2" PRIu32 ": %s\n", i, buf);
 	}
 
+	TALLOC_FREE(user_sids);
+
 	return 0;
 }
 
diff --git a/source4/dsdb/samdb/ldb_modules/samldb.c b/source4/dsdb/samdb/ldb_modules/samldb.c
index 108235a..a46fd37 100644
--- a/source4/dsdb/samdb/ldb_modules/samldb.c
+++ b/source4/dsdb/samdb/ldb_modules/samldb.c
@@ -875,6 +875,7 @@ static int samldb_add_handle_msDS_IntId(struct samldb_ctx *ac)
 		 * order to be sure.
 		 */
 		if (dsdb_attribute_by_attributeID_id(schema, msds_intid)) {
+			id_exists = true;
 			msds_intid = generate_random() % 0X3FFFFFFF;
 			msds_intid += 0x80000000;
 			continue;
diff --git a/source4/dsdb/schema/schema_syntax.c b/source4/dsdb/schema/schema_syntax.c
index 6205373..b434b6b 100644
--- a/source4/dsdb/schema/schema_syntax.c
+++ b/source4/dsdb/schema/schema_syntax.c
@@ -662,7 +662,7 @@ static WERROR dsdb_syntax_NTTIME_UTC_validate_ldb(const struct dsdb_syntax_ctx *
 		}
 
 		if (attr->rangeUpper) {
-			if ((int32_t)t > (int32_t)*attr->rangeLower) {
+			if ((int32_t)t > (int32_t)*attr->rangeUpper) {
 				return WERR_DS_INVALID_ATTRIBUTE_SYNTAX;
 			}
 		}
diff --git a/source4/lib/http/http.c b/source4/lib/http/http.c
index 10b49cd..9218c19 100644
--- a/source4/lib/http/http.c
+++ b/source4/lib/http/http.c
@@ -471,6 +471,7 @@ static int http_read_response_next_vector(struct tstream_context *stream,
 	/* Sanity checks */
 	if (!stream || !private_data || !_vector || !_count) {
 		DEBUG(0, ("%s: Invalid Parameter\n", __func__));
+		return -1;
 	}
 
 	state =	talloc_get_type_abort(private_data, struct http_read_response_state);
diff --git a/source4/rpc_server/lsa/dcesrv_lsa.c b/source4/rpc_server/lsa/dcesrv_lsa.c
index 17c07d6..9371bee 100644
--- a/source4/rpc_server/lsa/dcesrv_lsa.c
+++ b/source4/rpc_server/lsa/dcesrv_lsa.c
@@ -2563,7 +2563,6 @@ static NTSTATUS dcesrv_lsa_EnumTrustDom(struct dcesrv_call_state *dce_call, TALL
 				 1+(r->in.max_size/LSA_ENUM_TRUST_DOMAIN_MULTIPLIER));
 
 	r->out.domains->domains = entries + *r->in.resume_handle;
-	r->out.domains->count = r->out.domains->count;
 
 	if (r->out.domains->count < count - *r->in.resume_handle) {
 		*r->out.resume_handle = *r->in.resume_handle + r->out.domains->count;
@@ -2658,7 +2657,6 @@ static NTSTATUS dcesrv_lsa_EnumTrustedDomainsEx(struct dcesrv_call_state *dce_ca
 				 1+(r->in.max_size/LSA_ENUM_TRUST_DOMAIN_EX_MULTIPLIER));
 
 	r->out.domains->domains = entries + *r->in.resume_handle;
-	r->out.domains->count = r->out.domains->count;
 
 	if (r->out.domains->count < count - *r->in.resume_handle) {
 		*r->out.resume_handle = *r->in.resume_handle + r->out.domains->count;


-- 
Samba Shared Repository



More information about the samba-cvs mailing list