[SCM] Samba Shared Repository - branch master updated
Gary Lockyer
gary at samba.org
Mon Dec 3 23:24:03 UTC 2018
The branch, master has been updated
via 2b2edccb5a9 s3:lib: Fix undefined behavior in tdb_unpack()
via 86592673fbd s3:lib: Fix undefined behavior in tdb_pack()
via 4e9b3ed4126 s3:lib: Fix uninitialized variable
from dd7574afd1b ctdb-daemon: Exit with error if a database directory does not exist
https://git.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 2b2edccb5a90f23db0bd733551ac645d6ac4e44f
Author: Andreas Schneider <asn at samba.org>
Date: Tue Nov 27 08:23:25 2018 +0100
s3:lib: Fix undefined behavior in tdb_unpack()
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Gary Lockyer <gary at catalyst.net.nz>
Autobuild-User(master): Gary Lockyer <gary at samba.org>
Autobuild-Date(master): Tue Dec 4 00:23:03 CET 2018 on sn-devel-144
commit 86592673fbd3399b35832ca138681b06cb007b2c
Author: Andreas Schneider <asn at samba.org>
Date: Thu Nov 22 13:33:11 2018 +0100
s3:lib: Fix undefined behavior in tdb_pack()
util_tdb.c:98:5: runtime error: null pointer passed as argument 2, which
is declared to never be null
This means the second argument of memcpy() can't be NULL.
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Gary Lockyer <gary at catalyst.net.nz>
commit 4e9b3ed4126fad653f219334cbca2dbf53ddfc20
Author: Andreas Schneider <asn at samba.org>
Date: Fri Nov 23 12:00:36 2018 +0100
s3:lib: Fix uninitialized variable
util_tdb.c:116:7: error: ‘len’ may be used uninitialized in this function [-Werror=maybe-uninitialized]
buf += len;
^~
../../source3/lib/util_tdb.c:44:6: note: ‘len’ was declared here
int len;
^~~
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Gary Lockyer <gary at catalyst.net.nz>
-----------------------------------------------------------------------
Summary of changes:
source3/lib/util_tdb.c | 37 +++++++++++++++++++++----------------
1 file changed, 21 insertions(+), 16 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source3/lib/util_tdb.c b/source3/lib/util_tdb.c
index cbcca4df09f..0d1532193d4 100644
--- a/source3/lib/util_tdb.c
+++ b/source3/lib/util_tdb.c
@@ -41,7 +41,7 @@ static size_t tdb_pack_va(uint8_t *buf, int bufsize, const char *fmt, va_list ap
uint32_t d;
int i;
void *p;
- int len;
+ int len = 0;
char *s;
char c;
uint8_t *buf0 = buf;
@@ -76,14 +76,11 @@ static size_t tdb_pack_va(uint8_t *buf, int bufsize, const char *fmt, va_list ap
SIVAL(buf, 0, d);
break;
case 'P': /* null-terminated string */
- s = va_arg(ap,char *);
- w = strlen(s);
- len = w + 1;
- if (bufsize && bufsize >= len)
- memcpy(buf, s, len);
- break;
case 'f': /* null-terminated string */
s = va_arg(ap,char *);
+ if (s == NULL) {
+ smb_panic("Invalid argument");
+ }
w = strlen(s);
len = w + 1;
if (bufsize && bufsize >= len)
@@ -95,7 +92,9 @@ static size_t tdb_pack_va(uint8_t *buf, int bufsize, const char *fmt, va_list ap
len = 4+i;
if (bufsize && bufsize >= len) {
SIVAL(buf, 0, i);
- memcpy(buf+4, s, i);
+ if (s != NULL) {
+ memcpy(buf+4, s, i);
+ }
}
break;
default:
@@ -192,9 +191,11 @@ int tdb_unpack(const uint8_t *buf, int in_bufsize, const char *fmt, ...)
len = strnlen((const char *)buf, bufsize) + 1;
if (bufsize < len)
goto no_space;
- *ps = SMB_STRDUP((const char *)buf);
- if (*ps == NULL) {
- goto no_space;
+ if (ps != NULL) {
+ *ps = SMB_STRDUP((const char *)buf);
+ if (*ps == NULL) {
+ goto no_space;
+ }
}
break;
case 'f': /* null-terminated string */
@@ -202,7 +203,9 @@ int tdb_unpack(const uint8_t *buf, int in_bufsize, const char *fmt, ...)
len = strnlen((const char *)buf, bufsize) + 1;
if (bufsize < len || len > sizeof(fstring))
goto no_space;
- memcpy(s, buf, len);
+ if (s != NULL) {
+ memcpy(s, buf, len);
+ }
break;
case 'B': /* fixed-length string */
i = va_arg(ap, uint32_t *);
@@ -221,10 +224,12 @@ int tdb_unpack(const uint8_t *buf, int in_bufsize, const char *fmt, ...)
}
if (bufsize < len)
goto no_space;
- *b = (char *)SMB_MALLOC(*i);
- if (! *b)
- goto no_space;
- memcpy(*b, buf+4, *i);
+ if (b != NULL) {
+ *b = (char *)SMB_MALLOC(*i);
+ if (! *b)
+ goto no_space;
+ memcpy(*b, buf+4, *i);
+ }
break;
default:
DEBUG(0,("Unknown tdb_unpack format %c in %s\n",
--
Samba Shared Repository
More information about the samba-cvs
mailing list