[SCM] Samba Shared Repository - branch master updated
Noel Power
npower at samba.org
Wed May 29 11:30:03 UTC 2019
The branch, master has been updated
via 0ae585db267 samba-tool dns: use bytes for inet_ntop
via 32b282d55e8 tests/samba-tool: test dns serverinfo/zoneinfo
via 6555fa9d8fb s3/smbd: cppcheck: Fix ctunullpointer error
via 02017d35f43 s3/printing: cppcheck avoid 'nullPointerArithmetic:' error
via 5477b83db28 s3/lib: don't write to buffer (which might be NULL) if bufsize <=0
via 75afaeb7499 s3/lib/netapi: Fix 'Possible null pointer dereference' warning
via f5af3cb21e2 s3/libads: cppcheck fix error: shiftTooManyBitsSigned: error
via fd3f37af927 lib/util: Fix cppcheck null pointer dereference warning
from 8831b06d3d4 ldb: Release ldb 2.0.3
https://git.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 0ae585db26727a944c957cb543bf72175dc55599
Author: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Date: Fri May 24 09:58:12 2019 +1200
samba-tool dns: use bytes for inet_ntop
From Python's point of view, array.AddrArray is a list of byte-valued
integers. In Python 3 we can convert directly using the likes of
bytes(array.AddrArray[i].MaxSa[8:24])
but in 4.10 we need to support both, so we use struct.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Noel Power <npower at samba.org>
Autobuild-User(master): Noel Power <npower at samba.org>
Autobuild-Date(master): Wed May 29 11:29:17 UTC 2019 on sn-devel-184
commit 32b282d55e8888aa7bbe02d95502669f1c714726
Author: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Date: Wed May 29 13:38:12 2019 +1200
tests/samba-tool: test dns serverinfo/zoneinfo
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Noel Power <npower at samba.org>
commit 6555fa9d8fbc7f7be39f5ffc3a31ef14af92779c
Author: Noel Power <noel.power at suse.com>
Date: Tue May 21 13:36:45 2019 +0000
s3/smbd: cppcheck: Fix ctunullpointer error
Fixes:
source3/smbd/files.c:783: error: ctunullpointer: Null pointer dereference: buf <--[cppcheck]
Signed-off-by: Noel Power <noel.power at suse.com>
Reviewed-by: Andreas Schneider <asn at samba.org>
commit 02017d35f43b69b988841b29bd68c5b440edb4e7
Author: Noel Power <noel.power at suse.com>
Date: Tue May 21 12:56:06 2019 +0100
s3/printing: cppcheck avoid 'nullPointerArithmetic:' error
source3/printing/notify.c:94: error: nullPointerArithmetic: Pointer addition with NULL pointer. <--[cppcheck]
/home/samba/samba-pidl/source3/printing/notify.c:96: error: nullPointerArithmetic: Pointer addition with NULL pointer. <--[cppcheck]
/home/samba/samba-pidl/source3/printing/notify.c:103: error: nullPointerArithmetic: Pointer addition with NULL pointer. <--[cppcheck]
flatten_message function depends on behaviour of tdb_pack which will
return the bytes that would be written (without actually writing to the
buffer) if the bufsize passed is <=0. What we need to avoid here is the
default modification of buf (when it is initially NULL)
Signed-off-by: Noel Power <noel.power at suse.com>
Reviewed-by: Andreas Schneider <asn at samba.org>
commit 5477b83db28c67743e25a638c93bc4117a8a7ced
Author: Noel Power <noel.power at suse.com>
Date: Tue May 21 13:08:15 2019 +0000
s3/lib: don't write to buffer (which might be NULL) if bufsize <=0
Some code depends that tdb_pack[va] will return the bytes it would
write to 'buf' if the bufsize passed in is <=0, writing to the
buffer is protected by with lines like
if (bufsize && bufsize >= len) {
/* write to 'buf' */
}
however in these instances the local pointer to the buffer is still
modified
buf += len;
It's quite probable if bufsize == 0 that buf itself is NULL,
in this case we should protect against performing pointer arithmetic.
Signed-off-by: Noel Power <noel.power at suse.com>
Reviewed-by: Andreas Schneider <asn at samba.org>
commit 75afaeb749991925f17517ce50a96178d32d7922
Author: Noel Power <noel.power at suse.com>
Date: Tue May 21 11:00:42 2019 +0000
s3/lib/netapi: Fix 'Possible null pointer dereference' warning
source3/lib/netapi/localgroup.c:1103: warning: nullPointer: Possible null pointer dereference: r <--[cppcheck]
Signed-off-by: Noel Power <noel.power at suse.com>
Reviewed-by: Andreas Schneider <asn at samba.org>
commit f5af3cb21e2515096d0b21aabda238a1c8f3bab3
Author: Noel Power <noel.power at suse.com>
Date: Tue May 21 10:52:56 2019 +0000
s3/libads: cppcheck fix error: shiftTooManyBitsSigned: error
Squash 'Shifting signed 32-bit value by 31 bits is undefined behaviour'
error
Signed-off-by: Noel Power <noel.power at suse.com>
Reviewed-by: Andreas Schneider <asn at samba.org>
commit fd3f37af927cd926431a5dbd8f966d8c8e772dae
Author: Noel Power <noel.power at suse.com>
Date: Tue May 21 10:48:18 2019 +0000
lib/util: Fix cppcheck null pointer dereference warning
lib/util/talloc_report.c:58: warning: nullPointer: Possible null pointer dereference: start <--[cppcheck]
Signed-off-by: Noel Power <noel.power at suse.com>
Reviewed-by: Andreas Schneider <asn at samba.org>
-----------------------------------------------------------------------
Summary of changes:
lib/util/talloc_report.c | 2 ++
python/samba/netcmd/dns.py | 5 +++--
python/samba/tests/samba_tool/dnscmd.py | 26 ++++++++++++++++++++++++++
source3/lib/netapi/localgroup.c | 2 +-
source3/lib/util_tdb.c | 13 +++++++------
source3/libads/disp_sec.c | 2 +-
source3/printing/notify.c | 12 ++++++++----
source3/smbd/files.c | 13 ++++++++++++-
8 files changed, 60 insertions(+), 15 deletions(-)
Changeset truncated at 500 lines:
diff --git a/lib/util/talloc_report.c b/lib/util/talloc_report.c
index bed0fd91e43..fb12a2f631c 100644
--- a/lib/util/talloc_report.c
+++ b/lib/util/talloc_report.c
@@ -52,6 +52,8 @@ static char *talloc_vasprintf_append_largebuf(char *buf, ssize_t *pstr_len,
if (buflen > str_len) {
start = buf + str_len;
space = buflen - str_len;
+ } else {
+ return NULL;
}
va_copy(ap2, ap);
diff --git a/python/samba/netcmd/dns.py b/python/samba/netcmd/dns.py
index b7459a71acd..d9fda0b93cd 100644
--- a/python/samba/netcmd/dns.py
+++ b/python/samba/netcmd/dns.py
@@ -26,6 +26,7 @@ from socket import inet_ntop
from socket import AF_INET
from socket import AF_INET6
import shlex
+import struct
from samba import remove_dc
from samba.samdb import SamDB
@@ -153,10 +154,10 @@ def dns_addr_array_string(array):
return ret
for i in range(array.AddrCount):
if array.AddrArray[i].MaxSa[0] == 0x02:
- x = "".join([chr(b) for b in array.AddrArray[i].MaxSa])[4:8]
+ x = struct.pack('4B', *array.AddrArray[i].MaxSa[4:8])
addr = inet_ntop(AF_INET, x)
elif array.AddrArray[i].MaxSa[0] == 0x17:
- x = "".join([chr(b) for b in array.AddrArray[i].MaxSa])[8:24]
+ x = struct.pack('16B', *array.AddrArray[i].MaxSa[8:24])
addr = inet_ntop(AF_INET6, x)
else:
addr = 'UNKNOWN'
diff --git a/python/samba/tests/samba_tool/dnscmd.py b/python/samba/tests/samba_tool/dnscmd.py
index 5e882972f46..e1459fee9ac 100644
--- a/python/samba/tests/samba_tool/dnscmd.py
+++ b/python/samba/tests/samba_tool/dnscmd.py
@@ -883,3 +883,29 @@ class DnsCmdTestCase(SambaToolCmdTest):
print(msg)
self.fail("Failed to accept valid commands. %d total failures."
"Errors above." % num_failures)
+
+ def test_serverinfo(self):
+ for v in ['w2k', 'dotnet', 'longhorn']:
+ result, out, err = self.runsubcmd("dns",
+ "serverinfo",
+ "--client-version", v,
+ os.environ["SERVER"],
+ self.creds_string)
+ self.assertCmdSuccess(result,
+ out,
+ err,
+ "Failed to print serverinfo with "
+ "client version %s" % v)
+ self.assertTrue(out != '')
+
+ def test_zoneinfo(self):
+ result, out, err = self.runsubcmd("dns",
+ "zoneinfo",
+ os.environ["SERVER"],
+ self.zone,
+ self.creds_string)
+ self.assertCmdSuccess(result,
+ out,
+ err,
+ "Failed to print zoneinfo")
+ self.assertTrue(out != '')
diff --git a/source3/lib/netapi/localgroup.c b/source3/lib/netapi/localgroup.c
index e0200a9ddd1..f3667987b1a 100644
--- a/source3/lib/netapi/localgroup.c
+++ b/source3/lib/netapi/localgroup.c
@@ -1100,7 +1100,7 @@ static WERROR NetLocalGroupModifyMembers_r(struct libnetapi_ctx *ctx,
r = (struct NetLocalGroupAddMembers *)set;
}
- if (!r->in.group_name) {
+ if (r==NULL || r->in.group_name == NULL) {
return WERR_INVALID_PARAMETER;
}
diff --git a/source3/lib/util_tdb.c b/source3/lib/util_tdb.c
index 0d1532193d4..943847f04a3 100644
--- a/source3/lib/util_tdb.c
+++ b/source3/lib/util_tdb.c
@@ -44,10 +44,9 @@ static size_t tdb_pack_va(uint8_t *buf, int bufsize, const char *fmt, va_list ap
int len = 0;
char *s;
char c;
- uint8_t *buf0 = buf;
const char *fmt0 = fmt;
int bufsize0 = bufsize;
-
+ size_t to_write = 0;
while (*fmt) {
switch ((c = *fmt++)) {
case 'b': /* unsigned 8-bit integer */
@@ -104,17 +103,19 @@ static size_t tdb_pack_va(uint8_t *buf, int bufsize, const char *fmt, va_list ap
break;
}
- buf += len;
- if (bufsize)
+ to_write += len;
+ if (bufsize > 0) {
bufsize -= len;
+ buf += len;
+ }
if (bufsize < 0)
bufsize = 0;
}
DEBUG(18,("tdb_pack_va(%s, %d) -> %d\n",
- fmt0, bufsize0, (int)PTR_DIFF(buf, buf0)));
+ fmt0, bufsize0, (int)to_write));
- return PTR_DIFF(buf, buf0);
+ return to_write;
}
size_t tdb_pack(uint8_t *buf, int bufsize, const char *fmt, ...)
diff --git a/source3/libads/disp_sec.c b/source3/libads/disp_sec.c
index 15c99b67176..0b5f117788a 100644
--- a/source3/libads/disp_sec.c
+++ b/source3/libads/disp_sec.c
@@ -73,7 +73,7 @@ static void ads_disp_perms(uint32_t type)
}
for (i = 0; i < 32; i++) {
- if (type & (1 << i)) {
+ if (type & ((uint32_t)1 << i)) {
for (j = 1; perms[j].str; j ++) {
if (perms[j].mask == (((unsigned) 1) << i)) {
printf("\n\t%s (0x%08x)", perms[j].str, perms[j].mask);
diff --git a/source3/printing/notify.c b/source3/printing/notify.c
index d2c5f72fff5..56747272394 100644
--- a/source3/printing/notify.c
+++ b/source3/printing/notify.c
@@ -91,19 +91,23 @@ again:
/* Pack header */
- len += tdb_pack(buf + len, buflen - len, "f", msg->printer);
+ len += tdb_pack(buf ? buf + len : NULL,
+ buf ? buflen - len : 0, "f", msg->printer);
- len += tdb_pack(buf + len, buflen - len, "ddddddd",
+ len += tdb_pack(buf ? buf + len : NULL,
+ buf ? buflen - len : 0, "ddddddd",
(uint32_t)q->tv.tv_sec, (uint32_t)q->tv.tv_usec,
msg->type, msg->field, msg->id, msg->len, msg->flags);
/* Pack data */
if (msg->len == 0)
- len += tdb_pack(buf + len, buflen - len, "dd",
+ len += tdb_pack(buf ? buf + len : NULL,
+ buf ? buflen - len : 0, "dd",
msg->notify.value[0], msg->notify.value[1]);
else
- len += tdb_pack(buf + len, buflen - len, "B",
+ len += tdb_pack(buf ? buf + len : NULL,
+ buf ? buflen - len : 0, "B",
msg->len, msg->notify.data);
if (buflen != len) {
diff --git a/source3/smbd/files.c b/source3/smbd/files.c
index 99b4937c99b..46fc4191950 100644
--- a/source3/smbd/files.c
+++ b/source3/smbd/files.c
@@ -778,7 +778,18 @@ const struct GUID *fsp_client_guid(const files_struct *fsp)
size_t fsp_fullbasepath(struct files_struct *fsp, char *buf, size_t buflen)
{
- int len;
+ int len = 0;
+ char tmp_buf[1] = {'\0'};
+
+ /*
+ * Don't pass NULL buffer to snprintf (to satisfy static checker)
+ * Some callers will call this function with NULL for buf and
+ * 0 for buflen in order to get length of fullbasepatch (without
+ * needing to allocate or write to buf)
+ */
+ if (buf == NULL) {
+ buf = tmp_buf;
+ }
len = snprintf(buf, buflen, "%s/%s", fsp->conn->connectpath,
fsp->fsp_name->base_name);
--
Samba Shared Repository
More information about the samba-cvs
mailing list