[SCM] Samba Shared Repository - branch master updated

Noel Power npower at samba.org
Mon Jul 1 14:51:01 UTC 2019


The branch, master has been updated
       via  a77fda0cd4b lib tdb: memcmp ubsan warning
       via  2b7236ffe1a lib/krb5_wrap: clang: Fix warning: Null pointer passed as an argument
       via  8b92539997a lib/krb5_wrap: clang: Fix warning: Call to function 'mktemp' is insecure
       via  7bddd6aefe3 lib/util: clang: Fix warning: Value stored to 'ret' is never read warning
       via  3b43daaccbb lib/ldb/common: clang: Fix Value stored to 'ret' is never read warning
       via  9e78f7b53d9 lib/tdb/common: Fix Array access results in a null pointer dereference
       via  848290d37fd lib/tdb/common: Fix warning: Null pointer passed as argument to param
       via  dcaaf9ff7a2 lib/util: Fix Value stored to 'ret' is never read warning
      from  043334f2eb6 util: Fix signed/unsigned comparisons by casting

https://git.samba.org/?p=samba.git;a=shortlog;h=master


- Log -----------------------------------------------------------------
commit a77fda0cd4b9ec89024c7ac8a3f77797e00f4263
Author: Gary Lockyer <gary at catalyst.net.nz>
Date:   Thu Jun 6 14:57:45 2019 +1200

    lib tdb: memcmp ubsan warning
    
    Fix the ubsan warning
    
    lib/tdb/common/tdb.c:184:9: runtime error: null pointer passed as
    argument 2, which is declared to never be null"
    
    memcmp call now guarded by a length check.
    
    memcmp returns zero when called with a zero length parameter.
    
    Signed-off-by: Gary Lockyer <gary at catalyst.net.nz>
    Reviewed-by: Noel Power <npower at samba.org>
    
    Autobuild-User(master): Noel Power <npower at samba.org>
    Autobuild-Date(master): Mon Jul  1 14:50:54 UTC 2019 on sn-devel-184

commit 2b7236ffe1a0454756b76f8dc302649e92cefbaa
Author: Noel Power <noel.power at suse.com>
Date:   Tue Jun 18 10:47:29 2019 +0000

    lib/krb5_wrap: clang: Fix warning: Null pointer passed as an argument
    
    Fixes:
    
    lib/krb5_wrap/krb5_samba.c:3241:3: warning: Null pointer passed as an argument to a 'nonnull' parameter <--[clang]
                    memcpy(gss_cksum + 28, in_data->data, orig_length);
                    ^
    
    Signed-off-by: Noel Power <noel.power at suse.com>
    Reviewed-by: Gary Lockyer <gary at catalyst.net.nz>

commit 8b92539997a9df8e0d217790fd82fc8f59ea50cc
Author: Noel Power <noel.power at suse.com>
Date:   Tue Jun 18 10:42:06 2019 +0000

    lib/krb5_wrap: clang: Fix warning: Call to function 'mktemp' is insecure
    
    Fixes:
    
    lib/krb5_wrap/krb5_samba.c:2012:2: warning: Call to function 'mktemp' is insecure as it always creates or uses insecure temporary file.  Use 'mkstemp' instead <--[clang]
            mktemp(tmp_name);
            ^~~~~~
    
    Signed-off-by: Noel Power <noel.power at suse.com>
    Reviewed-by: Gary Lockyer <gary at catalyst.net.nz>

commit 7bddd6aefe3bd764560e5284f9a192797051bb2d
Author: Noel Power <noel.power at suse.com>
Date:   Tue Jun 18 10:19:09 2019 +0000

    lib/util: clang: Fix warning: Value stored to 'ret' is never read warning
    
    Fixes:
    
    lib/util/server_id_db.c:181:3: warning: Value stored to 'ret' is never read <--[clang]
                    ret = tdb_store(tdb, key, talloc_tdb_data(ids), TDB_MODIFY);
                    ^     ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    
    Signed-off-by: Noel Power <noel.power at suse.com>
    Reviewed-by: Gary Lockyer <gary at catalyst.net.nz>

commit 3b43daaccbb80824d8da10c84306ebf99268ec01
Author: Noel Power <noel.power at suse.com>
Date:   Tue Jun 18 10:12:49 2019 +0000

    lib/ldb/common: clang: Fix Value stored to 'ret' is never read warning
    
    Fixes:
    
    lib/ldb/common/ldb.c:1091:3: warning: Value stored to 'ret' is never read <--[clang]
                    ret = 0;
                    ^     ~
    1 warning generated.
    
    Signed-off-by: Noel Power <noel.power at suse.com>
    Reviewed-by: Gary Lockyer <gary at catalyst.net.nz>

commit 9e78f7b53d94816446e33f3d53a4d240807552ec
Author: Noel Power <noel.power at suse.com>
Date:   Tue Jun 18 10:04:54 2019 +0000

    lib/tdb/common: Fix Array access results in a null pointer dereference
    
    Fixes;
    
    lib/tdb/common/transaction.c:613:7: warning: Array access (via field 'blocks') results in a null pointer dereference <--[clang]
                    if (tdb->transaction->blocks[i] != NULL) {
                        ^
    1 warning generated.
    
    Signed-off-by: Noel Power <noel.power at suse.com>
    Reviewed-by: Gary Lockyer <gary at catalyst.net.nz>

commit 848290d37fdb381b43db12675e771b462eefe7ef
Author: Noel Power <noel.power at suse.com>
Date:   Mon Jun 17 16:54:32 2019 +0100

    lib/tdb/common: Fix warning: Null pointer passed as argument to param
    
    Fixes:
    
    lib/tdb/common/rescue.c:299:2: warning: Null pointer passed as an argument to a 'nonnull' parameter <--[clang]
            qsort(found.arr, found.num, sizeof(found.arr[0]), cmp_key);
            ^     ~~~~~~~~~
    
    Signed-off-by: Noel Power <noel.power at suse.com>
    Reviewed-by: Gary Lockyer <gary at catalyst.net.nz>

commit dcaaf9ff7a281910ba12e7e9f701641f6eb97262
Author: Noel Power <noel.power at suse.com>
Date:   Mon Jun 17 15:23:42 2019 +0000

    lib/util: Fix Value stored to 'ret' is never read warning
    
    Fixes:
    
    lib/util/tfork.c:260:3: warning: Value stored to 'ret' is never read <--[clang]
    
    Signed-off-by: Noel Power <noel.power at suse.com>
    Reviewed-by: Gary Lockyer <gary at catalyst.net.nz>

-----------------------------------------------------------------------

Summary of changes:
 lib/krb5_wrap/krb5_samba.c   |  4 ++--
 lib/ldb/common/ldb.c         |  1 -
 lib/tdb/common/rescue.c      |  6 ++++--
 lib/tdb/common/tdb.c         | 12 +++++++-----
 lib/tdb/common/transaction.c |  3 ++-
 lib/util/server_id_db.c      |  2 +-
 lib/util/tfork.c             |  2 +-
 7 files changed, 17 insertions(+), 13 deletions(-)


Changeset truncated at 500 lines:

diff --git a/lib/krb5_wrap/krb5_samba.c b/lib/krb5_wrap/krb5_samba.c
index 344a26cdb6c..37257ddfe03 100644
--- a/lib/krb5_wrap/krb5_samba.c
+++ b/lib/krb5_wrap/krb5_samba.c
@@ -2009,7 +2009,7 @@ krb5_error_code smb_krb5_kinit_keyblock_ccache(krb5_context ctx,
 
 	memcpy(tmp_name, SMB_CREDS_KEYTAB, sizeof(SMB_CREDS_KEYTAB));
 	mask = umask(S_IRWXO | S_IRWXG);
-	mktemp(tmp_name);
+	mkstemp(tmp_name);
 	umask(mask);
 	if (tmp_name[0] == 0) {
 		return KRB5_KT_BADNAME;
@@ -3234,7 +3234,7 @@ static krb5_error_code ads_create_gss_checksum(krb5_data *in_data, /* [inout] */
 
 	SIVAL(gss_cksum, 20, gss_flags);
 
-	if (orig_length) {
+	if (orig_length && in_data->data != NULL) {
 		SSVAL(gss_cksum, 24, 1); /* The Delegation Option identifier */
 		SSVAL(gss_cksum, 26, orig_length);
 		/* Copy the kerberos KRB_CRED data */
diff --git a/lib/ldb/common/ldb.c b/lib/ldb/common/ldb.c
index 44a487ba987..b9f5164c4e9 100644
--- a/lib/ldb/common/ldb.c
+++ b/lib/ldb/common/ldb.c
@@ -1088,7 +1088,6 @@ static int lock_search(struct ldb_module *lock_module, struct ldb_request *req)
 	if (ret == LDB_ERR_UNSUPPORTED_CRITICAL_EXTENSION) {
 		/* We might be talking LDAP */
 		ldb_reset_err_string(ldb);
-		ret = 0;
 		TALLOC_FREE(lock_context);
 
 		return ldb_next_request(lock_module, req);
diff --git a/lib/tdb/common/rescue.c b/lib/tdb/common/rescue.c
index 17e7ed85453..7e6580957bb 100644
--- a/lib/tdb/common/rescue.c
+++ b/lib/tdb/common/rescue.c
@@ -296,9 +296,11 @@ _PUBLIC_ int tdb_rescue(struct tdb_context *tdb,
 	}
 
 	/* Now sort by key! */
-	qsort(found.arr, found.num, sizeof(found.arr[0]), cmp_key);
+	if (found.arr != NULL) {
+		qsort(found.arr, found.num, sizeof(found.arr[0]), cmp_key);
+	}
 
-	for (i = 0; i < found.num; ) {
+	for (i = 0; found.arr && i < found.num; ) {
 		unsigned int num, num_in_hash = 0;
 
 		/* How many are identical? */
diff --git a/lib/tdb/common/tdb.c b/lib/tdb/common/tdb.c
index 9c80a36e00a..c56b37be5ca 100644
--- a/lib/tdb/common/tdb.c
+++ b/lib/tdb/common/tdb.c
@@ -180,12 +180,14 @@ static int tdb_update_hash_cmp(TDB_DATA key, TDB_DATA data, void *private_data)
 
 	for (i=0; i<state->num_dbufs; i++) {
 		TDB_DATA dbuf = state->dbufs[i];
-		int ret;
-		ret = memcmp(dptr, dbuf.dptr, dbuf.dsize);
-		if (ret != 0) {
-			return -1;
+		if( dbuf.dsize > 0) {
+			int ret;
+			ret = memcmp(dptr, dbuf.dptr, dbuf.dsize);
+			if (ret != 0) {
+				return -1;
+			}
+			dptr += dbuf.dsize;
 		}
-		dptr += dbuf.dsize;
 	}
 
 	return 0;
diff --git a/lib/tdb/common/transaction.c b/lib/tdb/common/transaction.c
index 290451b3285..06710896b6b 100644
--- a/lib/tdb/common/transaction.c
+++ b/lib/tdb/common/transaction.c
@@ -610,7 +610,8 @@ static int _tdb_transaction_cancel(struct tdb_context *tdb)
 
 	/* free all the transaction blocks */
 	for (i=0;i<tdb->transaction->num_blocks;i++) {
-		if (tdb->transaction->blocks[i] != NULL) {
+		if (tdb->transaction->blocks &&
+		    tdb->transaction->blocks[i] != NULL) {
 			free(tdb->transaction->blocks[i]);
 		}
 	}
diff --git a/lib/util/server_id_db.c b/lib/util/server_id_db.c
index e190f457526..bb61f316d29 100644
--- a/lib/util/server_id_db.c
+++ b/lib/util/server_id_db.c
@@ -184,7 +184,7 @@ int server_id_db_prune_name(struct server_id_db *db, const char *name,
 
 	tdb_chainunlock(tdb, key);
 
-	return 0;
+	return ret;
 }
 
 int server_id_db_remove(struct server_id_db *db, const char *name)
diff --git a/lib/util/tfork.c b/lib/util/tfork.c
index 4a5c08f7d79..16ea002b87c 100644
--- a/lib/util/tfork.c
+++ b/lib/util/tfork.c
@@ -260,8 +260,8 @@ static void tfork_atfork_child(void)
 		ret = pthread_sigmask(SIG_SETMASK, &signal_state.oldset, NULL);
 #else
 		ret = sigprocmask(SIG_SETMASK, &signal_state.oldset, NULL);
-		assert(ret == 0);
 #endif
+		assert(ret == 0);
 
 		signal_state.pid = NULL;
 	}


-- 
Samba Shared Repository



More information about the samba-cvs mailing list