[SCM] Samba Shared Repository - branch master updated

Martin Schwenke martins at samba.org
Thu Apr 2 11:27:02 UTC 2020 

The branch, master has been updated
       via  130c26b43ff dbwrap: fix possible memleak and false result check.
       via  f34582af1d6 dbwrap: fix comment in code leading to wrong function parameter
       via  2bdb5a75788 ctdbd_conn: possible memleak in ctdbd_db_attach
       via  95fc8bd44a2 ctdbd_conn: possible memleak in ctdbd_dbpath
       via  6e146c855ac ctdbd_conn: possible memleak in ctdbd_working
      from  9b1e96197e0 script/autobuild.py: allow write_system_info commands to fail

https://git.samba.org/?p=samba.git;a=shortlog;h=master


- Log -----------------------------------------------------------------
commit 130c26b43ffbb577438006e4e4acfb0e88199c64
Author: Swen Schillig <swen at linux.ibm.com>
Date:   Mon Mar 30 12:54:00 2020 +0200

    dbwrap: fix possible memleak and false result check.
    
    A cstatus != 0 or a data.dsize != sizeof(uint32_t)
    does not guarantee to have no received data referenced by data.dptr.
    Therefore, make sure data.dptr is free'd.
    Reusing the same data structure as data input and data output parameter
    can lead to wrong results, especially when the output parameters value
    is used to detect errors. Create the additional local variable outdata
    to prevent this issue.
    
    Signed-off-by: Swen Schillig <swen at linux.ibm.com>
    Reviewed-by: Volker Lendecke <vl at samba.org>
    Reviewed-by: Martin Schwenke <martin at meltin.net>
    
    Autobuild-User(master): Martin Schwenke <martins at samba.org>
    Autobuild-Date(master): Thu Apr  2 11:26:32 UTC 2020 on sn-devel-184

commit f34582af1d61e7c6e28226e7a5e9c1de45eac56b
Author: Swen Schillig <swen at linux.ibm.com>
Date:   Mon Mar 30 12:44:59 2020 +0200

    dbwrap: fix comment in code leading to wrong function parameter
    
    Signed-off-by: Swen Schillig <swen at linux.ibm.com>
    Reviewed-by: Volker Lendecke <vl at samba.org>
    Reviewed-by: Martin Schwenke <martin at meltin.net>

commit 2bdb5a75788936e75c31235f4855e7096b9af68c
Author: Swen Schillig <swen at linux.ibm.com>
Date:   Mon Mar 30 12:34:12 2020 +0200

    ctdbd_conn: possible memleak in ctdbd_db_attach
    
    A cstatus != 0 or a data.dsize != sizeof(uint32_t)
    does not guarantee to have no received data referenced by data.dptr.
    Therefore, make sure data.dptr is free'd.
    
    Signed-off-by: Swen Schillig <swen at linux.ibm.com>
    Reviewed-by: Volker Lendecke <vl at samba.org>
    Reviewed-by: Martin Schwenke <martin at meltin.net>

commit 95fc8bd44a2ba942a6052fe8abaf6a4dceca8b3d
Author: Swen Schillig <swen at linux.ibm.com>
Date:   Mon Mar 30 12:29:38 2020 +0200

    ctdbd_conn: possible memleak in ctdbd_dbpath
    
    A cstatus != 0 does not guarantee to have no received data
    referenced by rdata.dptr.
    Therefore, make sure rdata.dptr is free'd.
    
    Signed-off-by: Swen Schillig <swen at linux.ibm.com>
    Reviewed-by: Volker Lendecke <vl at samba.org>
    Reviewed-by: Martin Schwenke <martin at meltin.net>

commit 6e146c855ac87fd78c873789b37227970b2fed96
Author: Swen Schillig <swen at linux.ibm.com>
Date:   Mon Mar 30 12:22:46 2020 +0200

    ctdbd_conn: possible memleak in ctdbd_working
    
    A cstatus != 0 does not guarantee to have no received data
    referenced by outdata.dptr.
    Therefore, make sure outdata.dptr is free'd.
    
    Signed-off-by: Swen Schillig <swen at linux.ibm.com>
    Reviewed-by: Volker Lendecke <vl at samba.org>
    Reviewed-by: Martin Schwenke <martin at meltin.net>

-----------------------------------------------------------------------

Summary of changes:
 source3/lib/ctdbd_conn.c         |  9 +++++----
 source3/lib/dbwrap/dbwrap_ctdb.c | 11 +++++++----
 2 files changed, 12 insertions(+), 8 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source3/lib/ctdbd_conn.c b/source3/lib/ctdbd_conn.c
index db6ad9404d8..e968ec5e491 100644
--- a/source3/lib/ctdbd_conn.c
+++ b/source3/lib/ctdbd_conn.c
@@ -242,7 +242,7 @@ static int get_cluster_vnn(struct ctdbd_connection *conn, uint32_t *vnn)
 static bool ctdbd_working(struct ctdbd_connection *conn, uint32_t vnn)
 {
 	int32_t cstatus=-1;
-	TDB_DATA outdata;
+	TDB_DATA outdata = {0};
 	struct ctdb_node_map_old *m;
 	bool ok = false;
 	uint32_t i;
@@ -256,7 +256,7 @@ static bool ctdbd_working(struct ctdbd_connection *conn, uint32_t vnn)
 	}
 	if ((cstatus != 0) || (outdata.dptr == NULL)) {
 		DEBUG(2, ("Received invalid ctdb data\n"));
-		return false;
+		goto fail;
 	}
 
 	m = (struct ctdb_node_map_old *)outdata.dptr;
@@ -834,7 +834,7 @@ char *ctdbd_dbpath(struct ctdbd_connection *conn,
 	if ((ret != 0) || cstatus != 0) {
 		DEBUG(0, (__location__ " ctdb_control for getdbpath failed: %s\n",
 			  strerror(ret)));
-		return NULL;
+		TALLOC_FREE(rdata.dptr);
 	}
 
 	return (char *)rdata.dptr;
@@ -847,7 +847,7 @@ int ctdbd_db_attach(struct ctdbd_connection *conn,
 		    const char *name, uint32_t *db_id, bool persistent)
 {
 	int ret;
-	TDB_DATA data;
+	TDB_DATA data = {0};
 	int32_t cstatus;
 
 	data = string_term_tdb_data(name);
@@ -865,6 +865,7 @@ int ctdbd_db_attach(struct ctdbd_connection *conn,
 
 	if (cstatus != 0 || data.dsize != sizeof(uint32_t)) {
 		DEBUG(0,(__location__ " ctdb_control for db_attach failed\n"));
+		TALLOC_FREE(data.dptr);
 		return EIO;
 	}
 
diff --git a/source3/lib/dbwrap/dbwrap_ctdb.c b/source3/lib/dbwrap/dbwrap_ctdb.c
index 84ea015f385..4441ffa0285 100644
--- a/source3/lib/dbwrap/dbwrap_ctdb.c
+++ b/source3/lib/dbwrap/dbwrap_ctdb.c
@@ -947,8 +947,8 @@ static NTSTATUS db_ctdb_send_schedule_for_deletion(struct db_record *rec)
 				  crec->ctdb_ctx->db_id,
 				  CTDB_CTRL_FLAG_NOREPLY, /* flags */
 				  indata,
+				  NULL, /* mem_ctx */
 				  NULL, /* outdata */
-				  NULL, /* errmsg */
 				  &cstatus);
 	talloc_free(indata.dptr);
 
@@ -1825,6 +1825,7 @@ struct db_context *db_open_ctdb(TALLOC_CTX *mem_ctx,
 	char *db_path;
 	struct loadparm_context *lp_ctx;
 	TDB_DATA data;
+	TDB_DATA outdata = {0};
 	bool persistent = (tdb_flags & TDB_CLEAR_IF_FIRST) == 0;
 	int32_t cstatus;
 	int ret;
@@ -1897,7 +1898,7 @@ struct db_context *db_open_ctdb(TALLOC_CTX *mem_ctx,
 
 	ret = ctdbd_control_local(messaging_ctdb_connection(),
 				  CTDB_CONTROL_DB_OPEN_FLAGS,
-				  0, 0, data, NULL, &data, &cstatus);
+				  0, 0, data, NULL, &outdata, &cstatus);
 	if (ret != 0) {
 		DBG_ERR(" ctdb control for db_open_flags "
 			 "failed: %s\n", strerror(ret));
@@ -1905,13 +1906,15 @@ struct db_context *db_open_ctdb(TALLOC_CTX *mem_ctx,
 		return NULL;
 	}
 
-	if (cstatus != 0 || data.dsize != sizeof(int)) {
+	if (cstatus != 0 || outdata.dsize != sizeof(int)) {
 		DBG_ERR("ctdb_control for db_open_flags failed\n");
+		TALLOC_FREE(outdata.dptr);
 		TALLOC_FREE(result);
 		return NULL;
 	}
 
-	tdb_flags = *(int *)data.dptr;
+	tdb_flags = *(int *)outdata.dptr;
+	TALLOC_FREE(outdata.dptr);
 
 	if (!result->persistent) {
 		ret = ctdb_async_ctx_init(NULL, messaging_tevent_context(msg_ctx));


-- 
Samba Shared Repository

More information about the samba-cvs mailing list