[SCM] Samba Shared Repository - branch master updated

Andreas Schneider asn at samba.org
Thu Nov 26 11:08:02 UTC 2020 

The branch, master has been updated
       via  1a86474912d s3:libsmb: Return early if dir is NULL
       via  6d021d64c65 s3:mdssd: Fix creating binding string for error message
       via  b20da08d413 s3:lsasd: Fix creating binding string for error message
       via  35e977156c7 s3:spoolssd: Fix creating binding string for error message
       via  12b9e4408d7 winexe: Fix a possible null pointer derference
       via  6123bd25ada s3:libsmb: Fix clang warnings that fnum might be used uninitialized
      from  53274d11488 samba_upgradedns: Do not print confusing logs about missing .zone files

https://git.samba.org/?p=samba.git;a=shortlog;h=master


- Log -----------------------------------------------------------------
commit 1a86474912d98dbecd45ee1f85009bcab77ea7b9
Author: Andreas Schneider <asn at samba.org>
Date:   Wed Nov 25 13:01:46 2020 +0100

    s3:libsmb: Return early if dir is NULL
    
    This makes sure we do not dereference a NULL poineter.
    
    Found by covscan.
    
    Signed-off-by: Andreas Schneider <asn at samba.org>
    Reviewed-by: Andrew Bartlett <abartlet at samba.org>
    
    Autobuild-User(master): Andreas Schneider <asn at cryptomilk.org>
    Autobuild-Date(master): Thu Nov 26 11:07:09 UTC 2020 on sn-devel-184

commit 6d021d64c651b73d4e904240d62dbaf992cf4634
Author: Andreas Schneider <asn at samba.org>
Date:   Wed Nov 25 12:55:56 2020 +0100

    s3:mdssd: Fix creating binding string for error message
    
    Found by covscan.
    
    Signed-off-by: Andreas Schneider <asn at samba.org>
    Reviewed-by: Andrew Bartlett <abartlet at samba.org>

commit b20da08d4135d73548bde1452603108fffc29f6d
Author: Andreas Schneider <asn at samba.org>
Date:   Wed Nov 25 12:55:24 2020 +0100

    s3:lsasd: Fix creating binding string for error message
    
    Found by covscan.
    
    Signed-off-by: Andreas Schneider <asn at samba.org>
    Reviewed-by: Andrew Bartlett <abartlet at samba.org>

commit 35e977156c779a1405a7eadba794fb45fb41f625
Author: Andreas Schneider <asn at samba.org>
Date:   Wed Nov 25 11:46:05 2020 +0100

    s3:spoolssd: Fix creating binding string for error message
    
    Found by covscan.
    
    Signed-off-by: Andreas Schneider <asn at samba.org>
    Reviewed-by: Andrew Bartlett <abartlet at samba.org>

commit 12b9e4408d7e1edd1741d5afdf359bca82d3f75e
Author: Andreas Schneider <asn at samba.org>
Date:   Wed Nov 25 11:38:01 2020 +0100

    winexe: Fix a possible null pointer derference
    
    Signed-off-by: Andreas Schneider <asn at samba.org>
    Reviewed-by: Andrew Bartlett <abartlet at samba.org>

commit 6123bd25ada0058973fe2ef8a13d59219c39255a
Author: Andreas Schneider <asn at samba.org>
Date:   Wed Nov 25 11:34:09 2020 +0100

    s3:libsmb: Fix clang warnings that fnum might be used uninitialized
    
    Found by covscan.
    
    Signed-off-by: Andreas Schneider <asn at samba.org>
    Reviewed-by: Andrew Bartlett <abartlet at samba.org>

-----------------------------------------------------------------------

Summary of changes:
 examples/winexe/winexe.c       | 22 +++++++++++++---------
 source3/libsmb/cli_smb2_fnum.c |  8 ++++----
 source3/libsmb/libsmb_dir.c    | 16 +++++++++-------
 source3/printing/spoolssd.c    |  7 +++++--
 source3/rpc_server/lsasd.c     |  7 +++++--
 source3/rpc_server/mdssd.c     |  7 +++++--
 6 files changed, 41 insertions(+), 26 deletions(-)


Changeset truncated at 500 lines:

diff --git a/examples/winexe/winexe.c b/examples/winexe/winexe.c
index 95386211c0a..529858ccbb8 100644
--- a/examples/winexe/winexe.c
+++ b/examples/winexe/winexe.c
@@ -347,7 +347,7 @@ static NTSTATUS winexe_svc_upload(
 	int flags)
 {
 	struct cli_state *cli;
-	uint16_t fnum;
+	uint16_t fnum = 0xffff;
 	NTSTATUS status;
 	const DATA_BLOB *binary = NULL;
 
@@ -389,7 +389,7 @@ static NTSTATUS winexe_svc_upload(
 	}
 
 	if (binary == NULL) {
-		//TODO
+		goto done;
 	}
 
 	status = cli_ntcreate(
@@ -420,16 +420,20 @@ static NTSTATUS winexe_svc_upload(
 		NULL);
 	if (!NT_STATUS_IS_OK(status)) {
 		DBG_WARNING("Could not write file: %s\n", nt_errstr(status));
-		goto close_done;
+		goto done;
 	}
 
-close_done:
-	status = cli_close(cli, fnum);
-	if (!NT_STATUS_IS_OK(status)) {
-		DBG_WARNING("Close(%"PRIu16") failed for %s: %s\n", fnum,
-			    service_filename, nt_errstr(status));
-	}
 done:
+	if (fnum != 0xffff) {
+		status = cli_close(cli, fnum);
+		if (!NT_STATUS_IS_OK(status)) {
+			DBG_WARNING("Close(%"PRIu16") failed for %s: %s\n",
+				    fnum,
+				    service_filename,
+				    nt_errstr(status));
+		}
+	}
+
 	TALLOC_FREE(cli);
 	return status;
 }
diff --git a/source3/libsmb/cli_smb2_fnum.c b/source3/libsmb/cli_smb2_fnum.c
index 2dd76de967a..f70639e41bd 100644
--- a/source3/libsmb/cli_smb2_fnum.c
+++ b/source3/libsmb/cli_smb2_fnum.c
@@ -815,7 +815,7 @@ static void cli_smb2_mkdir_opened(struct tevent_req *subreq)
 	struct cli_smb2_mkdir_state *state = tevent_req_data(
 		req, struct cli_smb2_mkdir_state);
 	NTSTATUS status;
-	uint16_t fnum;
+	uint16_t fnum = 0xffff;
 
 	status = cli_smb2_create_fnum_recv(subreq, &fnum, NULL, NULL, NULL);
 	TALLOC_FREE(subreq);
@@ -1082,7 +1082,7 @@ static void cli_smb2_unlink_opened1(struct tevent_req *subreq)
 		subreq, struct tevent_req);
 	struct cli_smb2_unlink_state *state = tevent_req_data(
 		req, struct cli_smb2_unlink_state);
-	uint16_t fnum;
+	uint16_t fnum = 0xffff;
 	NTSTATUS status;
 
 	status = cli_smb2_create_fnum_recv(subreq, &fnum, NULL, NULL, NULL);
@@ -1135,7 +1135,7 @@ static void cli_smb2_unlink_opened2(struct tevent_req *subreq)
 		subreq, struct tevent_req);
 	struct cli_smb2_unlink_state *state = tevent_req_data(
 		req, struct cli_smb2_unlink_state);
-	uint16_t fnum;
+	uint16_t fnum = 0xffff;
 	NTSTATUS status;
 
 	status = cli_smb2_create_fnum_recv(subreq, &fnum, NULL, NULL, NULL);
@@ -1682,7 +1682,7 @@ static void cli_smb2_chkpath_opened(struct tevent_req *subreq)
 	struct cli_smb2_chkpath_state *state = tevent_req_data(
 		req, struct cli_smb2_chkpath_state);
 	NTSTATUS status;
-	uint16_t fnum;
+	uint16_t fnum = 0xffff;
 
 	status = cli_smb2_create_fnum_recv(subreq, &fnum, NULL, NULL, NULL);
 	TALLOC_FREE(subreq);
diff --git a/source3/libsmb/libsmb_dir.c b/source3/libsmb/libsmb_dir.c
index 27d0fbd4db5..f1596b743ef 100644
--- a/source3/libsmb/libsmb_dir.c
+++ b/source3/libsmb/libsmb_dir.c
@@ -1041,14 +1041,19 @@ int
 SMBC_closedir_ctx(SMBCCTX *context,
                   SMBCFILE *dir)
 {
-	TALLOC_CTX *frame = talloc_stackframe();
+	TALLOC_CTX *frame = NULL;
 
 	if (!context || !context->internal->initialized) {
 		errno = EINVAL;
-		TALLOC_FREE(frame);
 		return -1;
 	}
 
+	if (dir == NULL) {
+		return 0;
+	}
+
+	frame = talloc_stackframe();
+
 	if (!SMBC_dlist_contains(context->internal->files, dir)) {
 		errno = EBADF;
 		TALLOC_FREE(frame);
@@ -1060,11 +1065,8 @@ SMBC_closedir_ctx(SMBCCTX *context,
 
 	DLIST_REMOVE(context->internal->files, dir);
 
-	if (dir) {
-
-		SAFE_FREE(dir->fname);
-		SAFE_FREE(dir);    /* Free the space too */
-	}
+	SAFE_FREE(dir->fname);
+	SAFE_FREE(dir);    /* Free the space too */
 
 	TALLOC_FREE(frame);
 	return 0;
diff --git a/source3/printing/spoolssd.c b/source3/printing/spoolssd.c
index bf10b19e4a0..babec72e299 100644
--- a/source3/printing/spoolssd.c
+++ b/source3/printing/spoolssd.c
@@ -611,8 +611,11 @@ static NTSTATUS spoolssd_create_sockets(struct tevent_context *ev_ctx,
 	for (i = 0; i < *listen_fd_size; i++) {
 		rc = listen(listen_fd[i].fd, pf_spoolss_cfg.max_allowed_clients);
 		if (rc == -1) {
-			char *ep_string = dcerpc_binding_string(
-					dce_ctx, e->ep_description);
+			char *ep_string = NULL;
+
+			e = listen_fd[i].fd_data;
+			ep_string = dcerpc_binding_string(dce_ctx,
+							  e->ep_description);
 			DBG_ERR("Failed to listen on endpoint '%s': %s\n",
 				ep_string, strerror(errno));
 			status = map_nt_error_from_unix(errno);
diff --git a/source3/rpc_server/lsasd.c b/source3/rpc_server/lsasd.c
index aeeb4d7f10d..2c1fc2db5d0 100644
--- a/source3/rpc_server/lsasd.c
+++ b/source3/rpc_server/lsasd.c
@@ -576,8 +576,11 @@ static NTSTATUS lsasd_create_sockets(struct tevent_context *ev_ctx,
 	for (i = 0; i < *listen_fd_size; i++) {
 		rc = listen(listen_fd[i].fd, pf_lsasd_cfg.max_allowed_clients);
 		if (rc == -1) {
-			char *ep_string = dcerpc_binding_string(
-					dce_ctx, e->ep_description);
+			char *ep_string = NULL;
+
+			e = listen_fd[i].fd_data;
+			ep_string = dcerpc_binding_string(dce_ctx,
+							  e->ep_description);
 			DBG_ERR("Failed to listen on endpoint '%s': %s\n",
 				ep_string, strerror(errno));
 			status = map_nt_error_from_unix(errno);
diff --git a/source3/rpc_server/mdssd.c b/source3/rpc_server/mdssd.c
index baab1039e2e..d4ef815cd6c 100644
--- a/source3/rpc_server/mdssd.c
+++ b/source3/rpc_server/mdssd.c
@@ -526,8 +526,11 @@ static NTSTATUS mdssd_create_sockets(struct tevent_context *ev_ctx,
 	for (i = 0; i < *listen_fd_size; i++) {
 		rc = listen(listen_fd[i].fd, pf_mdssd_cfg.max_allowed_clients);
 		if (rc == -1) {
-			char *ep_string = dcerpc_binding_string(
-					dce_ctx, e->ep_description);
+			char *ep_string = NULL;
+
+			e = listen_fd[i].fd_data;
+			ep_string = dcerpc_binding_string(dce_ctx,
+							  e->ep_description);
 			DBG_ERR("Failed to listen on endpoint '%s': %s\n",
 				ep_string, strerror(errno));
 			status = map_nt_error_from_unix(errno);


-- 
Samba Shared Repository

More information about the samba-cvs mailing list