[SCM] Samba Shared Repository - branch master updated
Douglas Bagnall
dbagnall at samba.org
Thu May 9 23:55:02 UTC 2019
The branch, master has been updated
via 79111dd0d06 dsdb/mod/count_attrs: set ldb var before using it (CID 1444979)
via 215eef5b6f5 s4/dsdb/util_samr: check some return codes (CID 1444977)
via cb9fe0360be s4/dnsserver: delay return when trying to log (CID 1444976)
via e79c839a38c s4/dnsserver: handle broken zone values in sort (CID 1414763, 1414769)
via c737b61cb46 librpc/ndr: make push_charset_to_null UTF-16 safe (CID 1399648)
via 47f2264c5e4 ldb modules: paged_search checks control is not NULL (CID 241355)
via bfcfae72a57 ldb_mdb: check fcntl return values (CID 1435851)
via 3de7f430db6 ldb_map: check a return value (CID 241354)
via 5dc86038835 ldb_ldif: avoid NULL dereference with unexpected arguments (CID 1107195)
via aa18f62a8a9 ldb: avoid NULL deref in ldb_dn_from_ldb_val (CID 1034730)
via eb873af9b5c pyrpc: remove crutch for python <= 2.5
via 06068603084 pyrpc: ndr PY_CHECK_TYPE checks for NULL as well as type
via 4954a96e453 auth/creds/torture: add a test showing segfault
via 2bd79a0cd02 auth/creds/guess: avoid segfault with NULL lp (CID 241187)
via b18f0dce38a dsdb/modules/linked_attrs: remove pointless check (CID 240768)
via 23f72c4d712 dsdb/modules/dirsync: ensure attrs exist (CID 1107212)
via 9a6c0a66d57 dsdb/modules/dirsync: remove useless function call
via 2852dce541e dsdb/modules/dirsync: avoid possible NULL dereference (CID 1034800)
via 8ad8f9baf00 dsdb/modules/acl: avoid deref of missing data (CID 1107200)
via 05863957014 s4/auth/sam: silence CID 1435849
via 6c01ff465bc lib/texpect: avoid theoretical NULL dereference (CID 1273099)
via 9fd3939a718 tdbtool: avoid theoretical NULL dereference (CID 1361462)
via b289cc19b5b s4/rpc/dcerpc_roh_channel_out: check ndr_init (CID 1273062)
via 353d50a81e6 s4/rpc/dcerpc_roh_channel_out: check ndr_init (CID 1273065)
via 95d7e939c58 s4/rpc/drsuapi/writespn: check the actual error code (CID 1034691)
via 01e2bdaf30a s4/rpc/dns: check for IP address errors at startup
via 51e4a1e4540 rpc/dns: reduce the CID count on temporary variables
via 5389df9b4df rpc/dns: leak less on memory failure (CID 1363191)
via 74cd11df838 rpc/dnsdata: avoid crash on missing attr (CID: 1414757)
via a9e6300a5d4 rpc/dnsdata: do not crash if message attr missing (CID: 1414773)
via ff2b0e24261 talloc torture: avoid NULL dereference
from 219bc189472 s3:smbd: don't use recvfile on streams
https://git.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 79111dd0d061894c767a01fd60a5b5c43d98ab42
Author: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Date: Wed May 8 15:05:21 2019 +1200
dsdb/mod/count_attrs: set ldb var before using it (CID 1444979)
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Gary Lockyer <gary at catalyst.net.nz>
Autobuild-User(master): Douglas Bagnall <dbagnall at samba.org>
Autobuild-Date(master): Thu May 9 23:54:35 UTC 2019 on sn-devel-184
commit 215eef5b6f5949b84b17fb131383b9b97ba94958
Author: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Date: Wed May 8 14:52:31 2019 +1200
s4/dsdb/util_samr: check some return codes (CID 1444977)
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Gary Lockyer <gary at catalyst.net.nz>
commit cb9fe0360beee81c47931b2b3acb1836d2542614
Author: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Date: Wed May 8 14:37:06 2019 +1200
s4/dnsserver: delay return when trying to log (CID 1444976)
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Gary Lockyer <gary at catalyst.net.nz>
commit e79c839a38caa67aeba1693570e6bf2a0c8c5814
Author: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Date: Wed May 8 14:27:05 2019 +1200
s4/dnsserver: handle broken zone values in sort (CID 1414763, 1414769)
We sort NULL values to the end of the list. What happens to the after
that is another question.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Gary Lockyer <gary at catalyst.net.nz>
commit c737b61cb46cace806e634ec3b852546609acd93
Author: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Date: Wed May 8 14:09:56 2019 +1200
librpc/ndr: make push_charset_to_null UTF-16 safe (CID 1399648)
The length is in test units, not bytes, and includes terminating
nulls. For 16-bit character sets, the terminating null must be two
bytes.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Gary Lockyer <gary at catalyst.net.nz>
commit 47f2264c5e40ca283708310b1b28f03fad6a21a7
Author: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Date: Wed May 8 13:11:43 2019 +1200
ldb modules: paged_search checks control is not NULL (CID 241355)
It is unlikely to be NULL, since we're in the callback.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Gary Lockyer <gary at catalyst.net.nz>
commit bfcfae72a57103d5bfae4b54b7ea10602bab838e
Author: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Date: Wed May 8 12:56:25 2019 +1200
ldb_mdb: check fcntl return values (CID 1435851)
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Gary Lockyer <gary at catalyst.net.nz>
commit 3de7f430db6237487ac68922c80f6114dcb5434b
Author: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Date: Wed May 8 12:50:30 2019 +1200
ldb_map: check a return value (CID 241354)
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Gary Lockyer <gary at catalyst.net.nz>
commit 5dc86038835e607ba132a206b91320f12e7728af
Author: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Date: Wed May 8 12:49:53 2019 +1200
ldb_ldif: avoid NULL dereference with unexpected arguments (CID 1107195)
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Gary Lockyer <gary at catalyst.net.nz>
commit aa18f62a8a9c0375adb4bf2c1103a510e9fd6310
Author: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Date: Wed May 8 12:31:36 2019 +1200
ldb: avoid NULL deref in ldb_dn_from_ldb_val (CID 1034730)
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Gary Lockyer <gary at catalyst.net.nz>
commit eb873af9b5cd39e49efbe8d70b8dc2c72ecaa082
Author: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Date: Tue May 7 13:31:12 2019 +1200
pyrpc: remove crutch for python <= 2.5
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Gary Lockyer <gary at catalyst.net.nz>
commit 06068603084562be40f3180561fe7af5700ff4e8
Author: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Date: Tue May 7 13:25:01 2019 +1200
pyrpc: ndr PY_CHECK_TYPE checks for NULL as well as type
Addresses CID 1361477 and others.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Gary Lockyer <gary at catalyst.net.nz>
commit 4954a96e45333147c12466ddcea21aa9c364acb5
Author: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Date: Tue May 7 13:22:10 2019 +1200
auth/creds/torture: add a test showing segfault
This file isn't actually run...
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Gary Lockyer <gary at catalyst.net.nz>
commit 2bd79a0cd026d3fedeb126c023b01f9ee76a81df
Author: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Date: Tue May 7 12:51:09 2019 +1200
auth/creds/guess: avoid segfault with NULL lp (CID 241187)
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Gary Lockyer <gary at catalyst.net.nz>
commit b18f0dce38a19e47f86d868bc5f052f72e294792
Author: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Date: Fri May 3 17:51:16 2019 +1200
dsdb/modules/linked_attrs: remove pointless check (CID 240768)
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Gary Lockyer <gary at catalyst.net.nz>
commit 23f72c4d712f8d1fec3d67a66d477709d5b0abe2
Author: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Date: Fri May 3 17:27:51 2019 +1200
dsdb/modules/dirsync: ensure attrs exist (CID 1107212)
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Gary Lockyer <gary at catalyst.net.nz>
commit 9a6c0a66d57c6a6b68ad7c80cc2ccea2e518f3e4
Author: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Date: Fri May 3 17:24:37 2019 +1200
dsdb/modules/dirsync: remove useless function call
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Gary Lockyer <gary at catalyst.net.nz>
commit 2852dce541e7d923b1a2807f9ba29b62b043d219
Author: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Date: Fri May 3 17:21:49 2019 +1200
dsdb/modules/dirsync: avoid possible NULL dereference (CID 1034800)
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Gary Lockyer <gary at catalyst.net.nz>
commit 8ad8f9baf00fd7230ba6a47765a287ad2521d51c
Author: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Date: Fri May 3 16:56:14 2019 +1200
dsdb/modules/acl: avoid deref of missing data (CID 1107200)
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Gary Lockyer <gary at catalyst.net.nz>
commit 05863957014139d99eefe170116cfbb8c28a2e0b
Author: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Date: Fri May 3 16:30:10 2019 +1200
s4/auth/sam: silence CID 1435849
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Gary Lockyer <gary at catalyst.net.nz>
commit 6c01ff465bcdf34cbd4a090c810764e5227a2abe
Author: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Date: Fri May 3 16:15:30 2019 +1200
lib/texpect: avoid theoretical NULL dereference (CID 1273099)
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Gary Lockyer <gary at catalyst.net.nz>
commit 9fd3939a718ce051bf006b474bb7cbe1d6f8db3a
Author: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Date: Fri May 3 16:12:29 2019 +1200
tdbtool: avoid theoretical NULL dereference (CID 1361462)
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Gary Lockyer <gary at catalyst.net.nz>
commit b289cc19b5b47993052b3006071338bfbb251048
Author: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Date: Fri May 3 16:06:40 2019 +1200
s4/rpc/dcerpc_roh_channel_out: check ndr_init (CID 1273062)
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Gary Lockyer <gary at catalyst.net.nz>
commit 353d50a81e6c6eb8885e583653e29fcc3892c317
Author: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Date: Fri May 3 16:06:18 2019 +1200
s4/rpc/dcerpc_roh_channel_out: check ndr_init (CID 1273065)
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Gary Lockyer <gary at catalyst.net.nz>
commit 95d7e939c58620bb8af9926cf607d06a78ee6d39
Author: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Date: Fri May 3 11:29:37 2019 +1200
s4/rpc/drsuapi/writespn: check the actual error code (CID 1034691)
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Gary Lockyer <gary at catalyst.net.nz>
commit 01e2bdaf30abac1c715d4d0436549f0bfc1deefb
Author: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Date: Fri May 3 10:47:28 2019 +1200
s4/rpc/dns: check for IP address errors at startup
The silent failure might leave an indeterminate or zero address.
CID: 1272838
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Gary Lockyer <gary at catalyst.net.nz>
commit 51e4a1e45407ead0cb7753237670620bee6eee2d
Author: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Date: Fri May 3 10:23:56 2019 +1200
rpc/dns: reduce the CID count on temporary variables
CID 1363189 and others.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Gary Lockyer <gary at catalyst.net.nz>
commit 5389df9b4df4c7140b8ed712d5b6eba7e899a02f
Author: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Date: Fri May 3 10:19:29 2019 +1200
rpc/dns: leak less on memory failure (CID 1363191)
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Gary Lockyer <gary at catalyst.net.nz>
commit 74cd11df838815dbef2a505e58c2cb863a82be97
Author: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Date: Fri May 3 10:10:01 2019 +1200
rpc/dnsdata: avoid crash on missing attr (CID: 1414757)
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Gary Lockyer <gary at catalyst.net.nz>
commit a9e6300a5d49182f3c05fd3f11cf056015854820
Author: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Date: Fri May 3 09:46:04 2019 +1200
rpc/dnsdata: do not crash if message attr missing (CID: 1414773)
This should be hard to trigger, but goto fail is always nicer than sig 11.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Gary Lockyer <gary at catalyst.net.nz>
commit ff2b0e242618d048178a00412c48482d728c97bd
Author: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Date: Thu May 2 11:29:34 2019 +1200
talloc torture: avoid NULL dereference
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Gary Lockyer <gary at catalyst.net.nz>
-----------------------------------------------------------------------
Summary of changes:
auth/credentials/credentials.c | 3 +-
auth/credentials/tests/simple.c | 46 +++++++++++++++++++++-
lib/ldb/common/ldb_dn.c | 7 ++--
lib/ldb/common/ldb_ldif.c | 2 +-
lib/ldb/ldb_map/ldb_map_outbound.c | 3 ++
lib/ldb/ldb_mdb/ldb_mdb.c | 11 +++++-
lib/ldb/modules/paged_searches.c | 5 +++
lib/talloc/testsuite.c | 4 +-
lib/tdb/tools/tdbtool.c | 20 +++++-----
lib/texpect/texpect.c | 7 +++-
librpc/ndr/ndr_string.c | 2 +-
source4/auth/sam.c | 6 ++-
source4/dns_server/dnsserver_common.c | 13 ++++--
source4/dsdb/common/util_samr.c | 24 ++++++++---
source4/dsdb/samdb/ldb_modules/acl.c | 6 ++-
source4/dsdb/samdb/ldb_modules/count_attrs.c | 4 +-
source4/dsdb/samdb/ldb_modules/dirsync.c | 8 +++-
source4/dsdb/samdb/ldb_modules/linked_attributes.c | 2 +-
source4/librpc/rpc/dcerpc_roh_channel_in.c | 3 ++
source4/librpc/rpc/dcerpc_roh_channel_out.c | 3 ++
source4/librpc/rpc/pyrpc.h | 21 ++++++----
source4/rpc_server/dnsserver/dnsdata.c | 14 +++++++
source4/rpc_server/dnsserver/dnsutils.c | 14 +++++--
source4/rpc_server/drsuapi/writespn.c | 4 +-
24 files changed, 184 insertions(+), 48 deletions(-)
Changeset truncated at 500 lines:
diff --git a/auth/credentials/credentials.c b/auth/credentials/credentials.c
index 7ef58d0752c..befce2c2119 100644
--- a/auth/credentials/credentials.c
+++ b/auth/credentials/credentials.c
@@ -965,7 +965,8 @@ _PUBLIC_ void cli_credentials_guess(struct cli_credentials *cred,
cli_credentials_parse_password_file(cred, p, CRED_GUESS_FILE);
}
- if (cli_credentials_get_kerberos_state(cred) != CRED_DONT_USE_KERBEROS) {
+ if (lp_ctx != NULL &&
+ cli_credentials_get_kerberos_state(cred) != CRED_DONT_USE_KERBEROS) {
cli_credentials_set_ccache(cred, lp_ctx, NULL, CRED_GUESS_FILE,
&error_string);
}
diff --git a/auth/credentials/tests/simple.c b/auth/credentials/tests/simple.c
index 90633ecbea5..7f122bed3bc 100644
--- a/auth/credentials/tests/simple.c
+++ b/auth/credentials/tests/simple.c
@@ -62,6 +62,48 @@ static bool test_init_anonymous(struct torture_context *tctx)
return true;
}
+static bool test_guess(struct torture_context *tctx)
+{
+ struct cli_credentials *creds = cli_credentials_init_anon(tctx);
+ enum credentials_use_kerberos old_kerb_state = \
+ cli_credentials_get_kerberos_state(creds);
+ const char *logname = getenv("LOGNAME");
+ const char *user = getenv("USER");
+ const char *passwd = getenv("PASSWD");
+ const char *passwd_fd = getenv("PASSWD_FD");
+ const char *passwd_file = getenv("PASSWD_FILE");
+
+ cli_credentials_set_kerberos_state(creds, CRED_MUST_USE_KERBEROS);
+
+ unsetenv("USER");
+ unsetenv("PASSWD_FD");
+ unsetenv("PASSWD_FILE");
+
+ setenv("LOGNAME", "xx", 1);
+ setenv("PASSWD", "xx", 1);
+
+ cli_credentials_guess(creds, NULL);
+ if (logname != NULL) {
+ setenv("LOGNAME", logname, 1);
+ }
+ if (user != NULL) {
+ setenv("USER", user, 1);
+ }
+ if (passwd != NULL) {
+ setenv("PASSWD", passwd, 1);
+ }
+ if (passwd_fd != NULL) {
+ setenv("PASSWD_FD", passwd_fd, 1);
+ }
+ if (passwd_file != NULL) {
+ setenv("PASSWD_FILE", passwd_file, 1);
+ }
+ cli_credentials_set_kerberos_state(creds, old_kerb_state);
+
+ return true;
+}
+
+
static bool test_parse_string(struct torture_context *tctx)
{
struct cli_credentials *creds = cli_credentials_init_anon(tctx);
@@ -112,7 +154,9 @@ struct torture_suite *torture_local_credentials(TALLOC_CTX *mem_ctx)
torture_suite_add_simple_test(suite, "init", test_init);
torture_suite_add_simple_test(suite, "init anonymous",
test_init_anonymous);
- torture_suite_add_simple_test(suite, "parse_string",
+ torture_suite_add_simple_test(suite, "guess",
+ test_guess);
+ torture_suite_add_simple_test(suite, "parse_string",
test_parse_string);
return suite;
diff --git a/lib/ldb/common/ldb_dn.c b/lib/ldb/common/ldb_dn.c
index a2122a8a80a..2e98f391467 100644
--- a/lib/ldb/common/ldb_dn.c
+++ b/lib/ldb/common/ldb_dn.c
@@ -92,9 +92,10 @@ struct ldb_dn *ldb_dn_from_ldb_val(TALLOC_CTX *mem_ctx,
{
struct ldb_dn *dn;
- if (! ldb) return NULL;
-
- if (strdn && strdn->data
+ if (ldb == NULL || strdn == NULL) {
+ return NULL;
+ }
+ if (strdn->data
&& (strnlen((const char*)strdn->data, strdn->length) != strdn->length)) {
/* The RDN must not contain a character with value 0x0 */
return NULL;
diff --git a/lib/ldb/common/ldb_ldif.c b/lib/ldb/common/ldb_ldif.c
index e69467891c9..2bd02663f09 100644
--- a/lib/ldb/common/ldb_ldif.c
+++ b/lib/ldb/common/ldb_ldif.c
@@ -728,7 +728,7 @@ int ldb_ldif_parse_modrdn(struct ldb_context *ldb,
if (_deleteoldrdn) {
*_deleteoldrdn = deleteoldrdn;
}
- if (_newsuperior) {
+ if (_newsuperior != NULL && _newrdn != NULL) {
if (newsuperior_val) {
*_newrdn = talloc_move(mem_ctx, &newrdn);
} else {
diff --git a/lib/ldb/ldb_map/ldb_map_outbound.c b/lib/ldb/ldb_map/ldb_map_outbound.c
index 1f1a7e80142..c823ba4a5c6 100644
--- a/lib/ldb/ldb_map/ldb_map_outbound.c
+++ b/lib/ldb/ldb_map/ldb_map_outbound.c
@@ -921,6 +921,9 @@ static int map_subtree_collect_remote(struct ldb_module *module, void *mem_ctx,
}
map = map_attr_find_local(data, tree->u.equality.attr);
+ if (map == NULL) {
+ return LDB_ERR_OPERATIONS_ERROR;
+ }
if (map->convert_operator) {
return map->convert_operator(module, mem_ctx, new, tree);
}
diff --git a/lib/ldb/ldb_mdb/ldb_mdb.c b/lib/ldb/ldb_mdb/ldb_mdb.c
index 68ee97acb64..9fa10e9e470 100644
--- a/lib/ldb/ldb_mdb/ldb_mdb.c
+++ b/lib/ldb/ldb_mdb/ldb_mdb.c
@@ -942,7 +942,16 @@ static int lmdb_open_env(TALLOC_CTX *mem_ctx,
/* Just as for TDB: on exec, don't inherit the fd */
v = fcntl(fd, F_GETFD, 0);
- fcntl(fd, F_SETFD, v | FD_CLOEXEC);
+ if (v == -1) {
+ TALLOC_FREE(w);
+ return LDB_ERR_OPERATIONS_ERROR;
+ }
+
+ ret = fcntl(fd, F_SETFD, v | FD_CLOEXEC);
+ if (ret == -1) {
+ TALLOC_FREE(w);
+ return LDB_ERR_OPERATIONS_ERROR;
+ }
if (fstat(fd, &st) != 0) {
ldb_asprintf_errstring(
diff --git a/lib/ldb/modules/paged_searches.c b/lib/ldb/modules/paged_searches.c
index 68eeb4c76e3..f8f3895e19d 100644
--- a/lib/ldb/modules/paged_searches.c
+++ b/lib/ldb/modules/paged_searches.c
@@ -72,6 +72,11 @@ static int check_ps_continuation(struct ps_context *ac, struct ldb_request *req,
}
req_control = ldb_request_get_control(req, LDB_CONTROL_PAGED_RESULTS_OID);
+ if (req_control == NULL) {
+ ldb_set_errstring(ldb, "paged_searches: control is missing");
+ return LDB_ERR_OPERATIONS_ERROR;
+ }
+
paged_req_control = talloc_get_type(req_control->data, struct ldb_paged_control);
if (!rep_control || !paged_rep_control) {
diff --git a/lib/talloc/testsuite.c b/lib/talloc/testsuite.c
index 35309e2af25..a76a64716c8 100644
--- a/lib/talloc/testsuite.c
+++ b/lib/talloc/testsuite.c
@@ -63,7 +63,9 @@ static double private_timeval_elapsed(struct timeval *tv)
}
#define torture_assert_str_equal(test, arg1, arg2, desc) \
- if (arg1 == NULL && arg2 == NULL) { \
+ if (arg1 == NULL && arg2 == NULL) { /* OK, both NULL == equal */ \
+ } else if (arg1 == NULL || arg2 == NULL) { \
+ return false; \
} else if (strcmp(arg1, arg2)) { \
printf("failure: %s [\n%s: Expected %s, got %s: %s\n]\n", \
test, __location__, arg1, arg2, desc); \
diff --git a/lib/tdb/tools/tdbtool.c b/lib/tdb/tools/tdbtool.c
index 41ae52395b1..36e480cd29c 100644
--- a/lib/tdb/tools/tdbtool.c
+++ b/lib/tdb/tools/tdbtool.c
@@ -695,16 +695,18 @@ static int do_command(void)
enum commands mycmd = CMD_HELP;
int cmd_len;
- if (cmdname && strlen(cmdname) == 0) {
- mycmd = CMD_NEXT;
- } else {
- while (ctp->name) {
- cmd_len = strlen(ctp->name);
- if (strncmp(ctp->name,cmdname,cmd_len) == 0) {
- mycmd = ctp->cmd;
- break;
+ if (cmdname != NULL) {
+ if (strlen(cmdname) == 0) {
+ mycmd = CMD_NEXT;
+ } else {
+ while (ctp->name) {
+ cmd_len = strlen(ctp->name);
+ if (strncmp(ctp->name,cmdname,cmd_len) == 0) {
+ mycmd = ctp->cmd;
+ break;
+ }
+ ctp++;
}
- ctp++;
}
}
diff --git a/lib/texpect/texpect.c b/lib/texpect/texpect.c
index 3f6278bbb10..8ced5638c67 100644
--- a/lib/texpect/texpect.c
+++ b/lib/texpect/texpect.c
@@ -424,6 +424,11 @@ int main(int argc, const char **argv)
instruction_file = poptGetArg(pc);
args = poptGetArgs(pc);
+ if (args == NULL) {
+ poptPrintHelp(pc, stderr, 0);
+ return 1;
+ }
+
program_args = (char * const *)discard_const_p(char *, args);
program = program_args[0];
@@ -432,7 +437,7 @@ int main(int argc, const char **argv)
printf("Using instruction_file: %s\n", instruction_file);
printf("Executing '%s' ", program);
- for (i = 0; program_args && program_args[i] != NULL; i++) {
+ for (i = 0; program_args[i] != NULL; i++) {
printf("'%s' ", program_args[i]);
}
printf("\n");
diff --git a/librpc/ndr/ndr_string.c b/librpc/ndr/ndr_string.c
index cc3508616bb..0fefc887c30 100644
--- a/librpc/ndr/ndr_string.c
+++ b/librpc/ndr/ndr_string.c
@@ -682,7 +682,7 @@ _PUBLIC_ enum ndr_err_code ndr_push_charset_to_null(struct ndr_push *ndr, int nd
const char *str = var;
if (str == NULL) {
- str = "";
+ str = "\0"; /* i.e. two zero bytes, for UTF16 null word. */
length = 1;
}
diff --git a/source4/auth/sam.c b/source4/auth/sam.c
index 6c7fb221699..39e48c26b52 100644
--- a/source4/auth/sam.c
+++ b/source4/auth/sam.c
@@ -886,8 +886,10 @@ NTSTATUS authsam_update_bad_pwd_count(struct ldb_context *sam_ctx,
done:
if (ret != LDB_SUCCESS) {
- DEBUG(0, ("Failed to update badPwdCount, badPasswordTime or set lockoutTime on %s: %s\n",
- ldb_dn_get_linearized(msg_mod->dn), ldb_errstring(sam_ctx)));
+ DBG_ERR("Failed to update badPwdCount, badPasswordTime or "
+ "set lockoutTime on %s: %s\n",
+ ldb_dn_get_linearized(msg->dn),
+ ldb_errstring(sam_ctx));
TALLOC_FREE(mem_ctx);
return NT_STATUS_INTERNAL_ERROR;
}
diff --git a/source4/dns_server/dnsserver_common.c b/source4/dns_server/dnsserver_common.c
index ab8079a7296..5e687f6848e 100644
--- a/source4/dns_server/dnsserver_common.c
+++ b/source4/dns_server/dnsserver_common.c
@@ -559,7 +559,7 @@ WERROR dns_common_wildcard_lookup(struct ldb_context *samdb,
name = ldb_dn_get_rdn_val(dn);
if (name == NULL) {
- return DNS_ERR(NAME_ERROR);
+ werr = DNS_ERR(NAME_ERROR);
goto exit;
}
@@ -615,7 +615,6 @@ WERROR dns_common_wildcard_lookup(struct ldb_context *samdb,
werr = dns_common_extract(samdb, el, mem_ctx, records, num_records);
TALLOC_FREE(msg);
if (!W_ERROR_IS_OK(werr)) {
- return werr;
goto exit;
}
@@ -1267,7 +1266,15 @@ static int dns_common_sort_zones(struct ldb_message **m1, struct ldb_message **m
n1 = ldb_msg_find_attr_as_string(*m1, "name", NULL);
n2 = ldb_msg_find_attr_as_string(*m2, "name", NULL);
-
+ if (n1 == NULL || n2 == NULL) {
+ if (n1 != NULL) {
+ return -1;
+ } else if (n2 != NULL) {
+ return 1;
+ } else {
+ return 0;
+ }
+ }
l1 = strlen(n1);
l2 = strlen(n2);
diff --git a/source4/dsdb/common/util_samr.c b/source4/dsdb/common/util_samr.c
index bb906fa0488..5370fc94eba 100644
--- a/source4/dsdb/common/util_samr.c
+++ b/source4/dsdb/common/util_samr.c
@@ -154,11 +154,20 @@ NTSTATUS dsdb_add_user(struct ldb_context *ldb,
return NT_STATUS_FOOBAR;
}
- ldb_msg_add_string(msg, "sAMAccountName", account_name);
- ldb_msg_add_string(msg, "objectClass", obj_class);
- samdb_msg_add_uint(ldb, tmp_ctx, msg,
- "userAccountControl",
- user_account_control);
+ ret = ldb_msg_add_string(msg, "sAMAccountName", account_name);
+ if (ret != LDB_SUCCESS) {
+ goto failed;
+ }
+ ret = ldb_msg_add_string(msg, "objectClass", obj_class);
+ if (ret != LDB_SUCCESS) {
+ goto failed;
+ }
+ ret = samdb_msg_add_uint(ldb, tmp_ctx, msg,
+ "userAccountControl",
+ user_account_control);
+ if (ret != LDB_SUCCESS) {
+ goto failed;
+ }
/* This is only here for migrations using pdb_samba4, the
* caller and the samldb are responsible for ensuring it makes
@@ -237,6 +246,11 @@ NTSTATUS dsdb_add_user(struct ldb_context *ldb,
}
talloc_free(tmp_ctx);
return NT_STATUS_OK;
+
+ failed:
+ ldb_transaction_cancel(ldb);
+ talloc_free(tmp_ctx);
+ return NT_STATUS_INTERNAL_ERROR;
}
/*
diff --git a/source4/dsdb/samdb/ldb_modules/acl.c b/source4/dsdb/samdb/ldb_modules/acl.c
index 5d36f85b173..b1bbf936006 100644
--- a/source4/dsdb/samdb/ldb_modules/acl.c
+++ b/source4/dsdb/samdb/ldb_modules/acl.c
@@ -2170,9 +2170,11 @@ static int acl_search(struct ldb_module *module, struct ldb_request *req)
}
data = talloc_get_type(ldb_module_get_private(ac->module), struct acl_private);
- if (data != NULL) {
- ac->userPassword = data->userPassword_support;
+ if (data == NULL) {
+ return ldb_error(ldb, LDB_ERR_OPERATIONS_ERROR,
+ "acl_private data is missing");
}
+ ac->userPassword = data->userPassword_support;
ret = acl_search_update_confidential_attrs(ac, data);
if (ret != LDB_SUCCESS) {
diff --git a/source4/dsdb/samdb/ldb_modules/count_attrs.c b/source4/dsdb/samdb/ldb_modules/count_attrs.c
index 2518492e813..b0d1b224944 100644
--- a/source4/dsdb/samdb/ldb_modules/count_attrs.c
+++ b/source4/dsdb/samdb/ldb_modules/count_attrs.c
@@ -567,12 +567,14 @@ static int count_attrs_init(struct ldb_module *module)
struct count_attrs_private *data = NULL;
struct loadparm_context *lp_ctx = NULL;
int ret;
+
+ ldb = ldb_module_get_ctx(module);
+
data = talloc_zero(module, struct count_attrs_private);
if (data == NULL) {
return ldb_oom(ldb);
}
- ldb = ldb_module_get_ctx(module);
lp_ctx = talloc_get_type(ldb_get_opaque(ldb, "loadparm"),
struct loadparm_context);
diff --git a/source4/dsdb/samdb/ldb_modules/dirsync.c b/source4/dsdb/samdb/ldb_modules/dirsync.c
index 291876e162b..0d46e2a6254 100644
--- a/source4/dsdb/samdb/ldb_modules/dirsync.c
+++ b/source4/dsdb/samdb/ldb_modules/dirsync.c
@@ -155,7 +155,6 @@ static int dirsync_filter_entry(struct ldb_request *req,
return ldb_oom(ldb);
}
for (i = msg->num_elements - 1; i >= 0; i--) {
- attr = dsdb_attribute_by_lDAPDisplayName(dsc->schema, msg->elements[i].name);
if (ldb_attr_cmp(msg->elements[i].name, "uSNChanged") == 0) {
int error = 0;
/* Read the USN it will used at the end of the filtering
@@ -356,6 +355,10 @@ skip:
attr = dsdb_attribute_by_lDAPDisplayName(dsc->schema,
el->name);
+ if (attr == NULL) {
+ continue;
+ }
+
keep = false;
if (attr->linkID & 1) {
@@ -852,6 +855,9 @@ static int dirsync_search_callback(struct ldb_request *req, struct ldb_reply *ar
}
tmp = strchr(tmp, '/');
+ if (tmp == NULL) {
+ return ldb_operr(ldb);
+ }
tmp++;
dn = ldb_dn_new(dsc, ldb, tmp);
diff --git a/source4/dsdb/samdb/ldb_modules/linked_attributes.c b/source4/dsdb/samdb/ldb_modules/linked_attributes.c
index 81bb31b714c..9fb5ced8ff9 100644
--- a/source4/dsdb/samdb/ldb_modules/linked_attributes.c
+++ b/source4/dsdb/samdb/ldb_modules/linked_attributes.c
@@ -658,7 +658,7 @@ static int linked_attributes_modify(struct ldb_module *module, struct ldb_reques
if (!attrs) {
return ldb_oom(ldb);
}
- for (i = 0; ac->rc && i < ac->rc->num_elements; i++) {
+ for (i = 0; i < ac->rc->num_elements; i++) {
attrs[i] = ac->rc->el[i].name;
}
attrs[i] = NULL;
diff --git a/source4/librpc/rpc/dcerpc_roh_channel_in.c b/source4/librpc/rpc/dcerpc_roh_channel_in.c
index d6707bf8680..9c0482e1fb3 100644
--- a/source4/librpc/rpc/dcerpc_roh_channel_in.c
+++ b/source4/librpc/rpc/dcerpc_roh_channel_in.c
@@ -411,6 +411,9 @@ struct tevent_req *roh_send_CONN_B1_send(TALLOC_CTX *mem_ctx,
pkt.u.rts = rts;
ndr = ndr_push_init_ctx(state);
+ if (ndr == NULL) {
+ return NULL;
+ }
ndr->offset = 0;
ndr_push_ncacn_packet(ndr, NDR_SCALARS, &pkt);
diff --git a/source4/librpc/rpc/dcerpc_roh_channel_out.c b/source4/librpc/rpc/dcerpc_roh_channel_out.c
index 23cbce3022d..d965037b16d 100644
--- a/source4/librpc/rpc/dcerpc_roh_channel_out.c
+++ b/source4/librpc/rpc/dcerpc_roh_channel_out.c
@@ -401,6 +401,9 @@ struct tevent_req *roh_send_CONN_A1_send(TALLOC_CTX *mem_ctx,
pkt.u.rts = rts;
ndr = ndr_push_init_ctx(state);
+ if (ndr == NULL) {
+ return NULL;
+ }
ndr->offset = 0;
ndr_push_ncacn_packet(ndr, NDR_SCALARS, &pkt);
diff --git a/source4/librpc/rpc/pyrpc.h b/source4/librpc/rpc/pyrpc.h
index 968bf863c4c..7101e7345de 100644
--- a/source4/librpc/rpc/pyrpc.h
+++ b/source4/librpc/rpc/pyrpc.h
@@ -22,14 +22,19 @@
#include "libcli/util/pyerrors.h"
-#ifndef Py_TYPE /* Py_TYPE is only available on Python > 2.6 */
-#define Py_TYPE(ob) (((PyObject*)(ob))->ob_type)
-#endif
-
-#define PY_CHECK_TYPE(type, var, fail) \
- if (!PyObject_TypeCheck(var, type)) {\
- PyErr_Format(PyExc_TypeError, __location__ ": Expected type '%s' for '%s' of type '%s'", (type)->tp_name, #var, Py_TYPE(var)->tp_name); \
- fail; \
+#define PY_CHECK_TYPE(type, var, fail) \
+ if (var == NULL) { \
+ PyErr_Format(PyExc_TypeError, \
+ __location__ \
+ ": Expected type '%s' for '%s', got NULL", \
+ (type)->tp_name, #var); \
+ fail; \
+ } else if (!PyObject_TypeCheck(var, type)) { \
+ PyErr_Format(PyExc_TypeError, \
+ __location__ \
+ ": Expected type '%s' for '%s' of type '%s'", \
+ (type)->tp_name, #var, Py_TYPE(var)->tp_name); \
+ fail; \
}
#define dom_sid0_Type dom_sid_Type
diff --git a/source4/rpc_server/dnsserver/dnsdata.c b/source4/rpc_server/dnsserver/dnsdata.c
index 59e29f029a6..2dc098a64a0 100644
--- a/source4/rpc_server/dnsserver/dnsdata.c
+++ b/source4/rpc_server/dnsserver/dnsdata.c
@@ -778,6 +778,7 @@ struct dns_tree *dns_build_tree(TALLOC_CTX *mem_ctx, const char *name, struct ld
root = dns_tree_init(mem_ctx, nlist[rootcount-1], NULL);
if (root == NULL) {
+ talloc_free(nlist);
return NULL;
}
@@ -794,6 +795,11 @@ struct dns_tree *dns_build_tree(TALLOC_CTX *mem_ctx, const char *name, struct ld
--
Samba Shared Repository
More information about the samba-cvs
mailing list