[SCM] Samba Shared Repository - branch master updated

Jeremy Allison jra at samba.org
Tue Jan 11 00:23:01 UTC 2022


The branch, master has been updated
       via  cebf26d0624 s3:modules: Fix possible dereference of NULL for fio
       via  2e649846348 s3:libnet: Fix dereference of NULL win7
       via  82f53c82ed6 s3:libnet: Fix dead code in libnet_join.c
       via  5ac87622568 ctdb:utils: Improve error handling of hex_decode()
       via  41c86c9dda3 s3:rpc_server: Fix possible NULL dereference
       via  46460025175 s3:smbd: Fix dereferencing null pointer "fsp"
       via  728600a40f9 s3:smbd: Fix trailing whitespaces in dosmode.c
       via  4d7ed39fd8f s3:modules: Fix the horrible vfs_crossrename module
       via  41ebb7f68c5 s3:modules: VFS CAP symlinkat always fails
      from  745af26a1a6 s3: includes: Make the comments describing itime consistent. Always use "invented" time.

https://git.samba.org/?p=samba.git;a=shortlog;h=master


- Log -----------------------------------------------------------------
commit cebf26d0624489db3cbf5e31e97c4a92771758f0
Author: Pavel Filipenský <pfilipen at redhat.com>
Date:   Mon Jan 10 13:26:25 2022 +0100

    s3:modules: Fix possible dereference of NULL for fio
    
    We do not check consistently for fio being NULL in this file.
    
    Found by covescan.
    
    Pair-Programmed-With: Andreas Schneider <asn at samba.org>
    
    Signed-off-by: Pavel Filipenský <pfilipen at redhat.com>
    Signed-off-by: Andreas Schneider <asn at samba.org>
    Reviewed-by: Jeremy Allison <jra at samba.org>
    
    Autobuild-User(master): Jeremy Allison <jra at samba.org>
    Autobuild-Date(master): Tue Jan 11 00:22:09 UTC 2022 on sn-devel-184

commit 2e649846348ad6ce451b32ab534ac0030ccc7c0f
Author: Pavel Filipenský <pfilipen at redhat.com>
Date:   Mon Jan 10 13:24:22 2022 +0100

    s3:libnet: Fix dereference of NULL win7
    
    Found by covscan.
    
    Pair-Programmed-With: Andreas Schneider <asn at samba.org>
    
    Signed-off-by: Pavel Filipenský <pfilipen at redhat.com>
    Signed-off-by: Andreas Schneider <asn at samba.org>
    Reviewed-by: Jeremy Allison <jra at samba.org>

commit 82f53c82ed6ec4818bb1e2220e25e76fee7cb23e
Author: Pavel Filipenský <pfilipen at redhat.com>
Date:   Fri Jan 7 14:11:53 2022 +0100

    s3:libnet: Fix dead code in libnet_join.c
    
    Found by covscan.
    
    Pair-programmed-with: Andreas Schneider <asn at samba.org>
    
    Signed-off-by: Pavel Filipenský <pfilipen at redhat.com>
    Signed-off-by: Andreas Schneider <asn at samba.org>
    Reviewed-by: Jeremy Allison <jra at samba.org>

commit 5ac8762256830f1c7e48dcc9684802f00fc3b5c2
Author: Pavel Filipenský <pfilipen at redhat.com>
Date:   Fri Jan 7 11:57:08 2022 +0100

    ctdb:utils: Improve error handling of hex_decode()
    
    This has been found by covscan and make analyzers happy.
    
    Pair-programmed-with: Andreas Schneider <asn at samba.org>
    
    Signed-off-by: Pavel Filipenský <pfilipen at redhat.com>
    Signed-off-by: Andreas Schneider <asn at samba.org>
    Reviewed-by: Jeremy Allison <jra at samba.org>

commit 41c86c9dda3fd7a733f54fa1af31adec96bb4a33
Author: Pavel Filipenský <pfilipen at redhat.com>
Date:   Fri Jan 7 11:50:16 2022 +0100

    s3:rpc_server: Fix possible NULL dereference
    
    Found by covscan.
    
    Pair-Programmed-With: Andreas Schneider <asn at samba.org>
    
    Signed-off-by: Pavel Filipenský <pfilipen at redhat.com>
    Signed-off-by: Andreas Schneider <asn at samba.org>
    Reviewed-by: Jeremy Allison <jra at samba.org>

commit 46460025175e83fbb47a510e412d83b1b2573db9
Author: Pavel Filipenský <pfilipen at redhat.com>
Date:   Fri Jan 7 21:18:59 2022 +0100

    s3:smbd: Fix dereferencing null pointer "fsp"
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=14942
    
    Remove fsp which is always NULL and replace it with smb_fname->fsp.
    
    Found by covscan.
    
    Signed-off-by: Pavel Filipenský <pfilipen at redhat.com>
    Reviewed-by: Andreas Schneider <asn at samba.org>
    Reviewed-by: Jeremy Allison <jra at samba.org>

commit 728600a40f939de3172bbe429e17ea65ff21699a
Author: Pavel Filipenský <pfilipen at redhat.com>
Date:   Fri Jan 7 21:18:59 2022 +0100

    s3:smbd: Fix trailing whitespaces in dosmode.c
    
    Signed-off-by: Pavel Filipenský <pfilipen at redhat.com>
    Reviewed-by: Andreas Schneider <asn at samba.org>
    Reviewed-by: Jeremy Allison <jra at samba.org>

commit 4d7ed39fd8fa18f90756f215c8b0fc5d293e955e
Author: Pavel Filipenský <pfilipen at redhat.com>
Date:   Fri Jan 7 13:16:26 2022 +0100

    s3:modules: Fix the horrible vfs_crossrename module
    
    It really has to be removed! ;-)
    
    Found by covscan. The code always leaves here as the dst variable
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=14940
    
    Pair-programmed-with: Andreas Schneider <asn at samba.org>
    
    Signed-off-by: Pavel Filipenský <pfilipen at redhat.com>
    Signed-off-by: Andreas Schneider <asn at samba.org>
    Reviewed-by: Jeremy Allison <jra at samba.org>

commit 41ebb7f68c5b21492f503afc4cb341a97654a43d
Author: Pavel Filipenský <pfilipen at redhat.com>
Date:   Fri Jan 7 13:55:38 2022 +0100

    s3:modules: VFS CAP symlinkat always fails
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=14941
    
    Found by covscan.
    
    Since capnew is initialized by NULL, checking it too early makes the
    rest of the function a dead code.
    
    Pair-programmed-with: Andreas Schneider <asn at samba.org>
    
    Signed-off-by: Pavel Filipenský <pfilipen at redhat.com>
    Signed-off-by: Andreas Schneider <asn at samba.org>
    Reviewed-by: Jeremy Allison <jra at samba.org>

-----------------------------------------------------------------------

Summary of changes:
 ctdb/utils/tdb/tdb_mutex_check.c            | 24 ++++++++++++-----
 source3/libnet/libnet_join.c                |  5 ++--
 source3/libnet/libnet_join_offline.c        |  3 +++
 source3/modules/vfs_cap.c                   |  2 +-
 source3/modules/vfs_crossrename.c           |  2 +-
 source3/modules/vfs_fruit.c                 | 41 ++++++++++++++++++-----------
 source3/rpc_server/netlogon/srv_netlog_nt.c | 14 ++++------
 source3/smbd/dosmode.c                      | 19 +++++++------
 8 files changed, 65 insertions(+), 45 deletions(-)


Changeset truncated at 500 lines:

diff --git a/ctdb/utils/tdb/tdb_mutex_check.c b/ctdb/utils/tdb/tdb_mutex_check.c
index da794b8dab5..4da0c40d41b 100644
--- a/ctdb/utils/tdb/tdb_mutex_check.c
+++ b/ctdb/utils/tdb/tdb_mutex_check.c
@@ -30,30 +30,42 @@
 #include "lib/tdb/common/tdb_private.h"
 #include "lib/tdb/common/mutex.c"
 
-static uint8_t *hex_decode(const char *hex_in, size_t *len)
+static uint8_t *hex_decode(const char *hex_in, size_t *plen)
 {
 	size_t i;
 	int num;
 	uint8_t *buffer;
+	size_t len;
 
-	*len = strlen(hex_in) / 2;
-	buffer = malloc(*len);
+	len = strlen(hex_in) / 2;
+	if (len == 0) {
+		return NULL;
+	}
+
+	buffer = malloc(len);
+	if (buffer == NULL) {
+		return NULL;
+	}
 
-	for (i=0; i<*len; i++) {
+	for (i = 0; i < len; i++) {
 		sscanf(&hex_in[i*2], "%02X", &num);
 		buffer[i] = (uint8_t)num;
 	}
 
+	*plen = len;
+
 	return buffer;
 }
 
 static int get_hash_chain(struct tdb_context *tdb, const char *hex_key)
 {
-	TDB_DATA key;
+	TDB_DATA key = {
+		.dsize = 0,
+	};
 	unsigned int hash;
 
 	key.dptr = hex_decode(hex_key, &key.dsize);
-	if (key.dsize == 0) {
+	if (key.dptr == NULL || key.dsize == 0) {
 		return -1;
 	}
 	hash = tdb_jenkins_hash(&key);
diff --git a/source3/libnet/libnet_join.c b/source3/libnet/libnet_join.c
index 02705f1c70c..00d71b97f2a 100644
--- a/source3/libnet/libnet_join.c
+++ b/source3/libnet/libnet_join.c
@@ -2669,7 +2669,6 @@ static WERROR libnet_DomainJoin(TALLOC_CTX *mem_ctx,
 	ADS_STATUS ads_status;
 #endif /* HAVE_ADS */
 	const char *pre_connect_realm = NULL;
-	const char *numeric_dcip = NULL;
 	const char *sitename = NULL;
 	struct netr_DsRGetDCNameInfo *info;
 	const char *dc;
@@ -2731,7 +2730,6 @@ static WERROR libnet_DomainJoin(TALLOC_CTX *mem_ctx,
 		return WERR_NERR_DCNOTFOUND;
 	}
 
-	numeric_dcip = info->dc_address + 2;
 	sitename = info->dc_site_name;
 	/* info goes out of scope but the memory stays
 	   allocated on the talloc context */
@@ -2741,8 +2739,9 @@ static WERROR libnet_DomainJoin(TALLOC_CTX *mem_ctx,
 
 	if (pre_connect_realm != NULL) {
 		struct sockaddr_storage ss = {0};
+		const char *numeric_dcip = info->dc_address + 2;
 
-		if (numeric_dcip != NULL) {
+		if (numeric_dcip[0] == '\0') {
 			if (!interpret_string_addr(&ss, numeric_dcip,
 						   AI_NUMERICHOST)) {
 				DBG_ERR(
diff --git a/source3/libnet/libnet_join_offline.c b/source3/libnet/libnet_join_offline.c
index 33380207209..d1317ddfbea 100644
--- a/source3/libnet/libnet_join_offline.c
+++ b/source3/libnet/libnet_join_offline.c
@@ -175,6 +175,9 @@ static WERROR libnet_odj_compose_OP_PACKAGE_PART(TALLOC_CTX *mem_ctx,
 
 	switch (level) {
 		case 1: /* ODJ_GUID_JOIN_PROVIDER */
+			if (win7 == NULL) {
+				return WERR_INVALID_PARAMETER;
+			}
 			p->Part->win7blob = *win7;
 			break;
 		case 2: /* ODJ_GUID_JOIN_PROVIDER2 */
diff --git a/source3/modules/vfs_cap.c b/source3/modules/vfs_cap.c
index 4a47b26c7b9..43c8edb8932 100644
--- a/source3/modules/vfs_cap.c
+++ b/source3/modules/vfs_cap.c
@@ -448,7 +448,7 @@ static int cap_symlinkat(vfs_handle_struct *handle,
 	int saved_errno = 0;
 	int ret;
 
-	if (!capold || !capnew) {
+	if (capold == NULL) {
 		errno = ENOMEM;
 		return -1;
 	}
diff --git a/source3/modules/vfs_crossrename.c b/source3/modules/vfs_crossrename.c
index 52b8af9d3f6..930eec02739 100644
--- a/source3/modules/vfs_crossrename.c
+++ b/source3/modules/vfs_crossrename.c
@@ -82,7 +82,7 @@ static NTSTATUS copy_reg(vfs_handle_struct *handle,
 	full_fname_src = full_path_from_dirfsp_atname(talloc_tos(),
 						      srcfsp,
 						      source);
-	if (full_fname_dst == NULL) {
+	if (full_fname_src == NULL) {
 		status = NT_STATUS_NO_MEMORY;
 		goto out;
 	}
diff --git a/source3/modules/vfs_fruit.c b/source3/modules/vfs_fruit.c
index aeaddc5f796..d6aa7e3644e 100644
--- a/source3/modules/vfs_fruit.c
+++ b/source3/modules/vfs_fruit.c
@@ -1604,6 +1604,12 @@ static int fruit_open_rsrc_adouble(vfs_handle_struct *handle,
 	 * on close.
 	 */
 	fio = fruit_get_complete_fio(handle, fsp);
+	if (fio == NULL) {
+		DBG_ERR("fio=NULL for [%s]\n", fsp_str_dbg(fsp));
+		errno = EBADF;
+		rc = -1;
+		goto exit;
+	}
 
 	ref_fio = VFS_ADD_FSP_EXTENSION(handle, ad_fsp,
 					struct fio,
@@ -1780,19 +1786,19 @@ static int fruit_openat(vfs_handle_struct *handle,
 static int fruit_close_meta(vfs_handle_struct *handle,
 			    files_struct *fsp)
 {
-	struct fio *fio = fruit_get_complete_fio(handle, fsp);
 	int ret;
 	struct fruit_config_data *config = NULL;
 
 	SMB_VFS_HANDLE_GET_DATA(handle, config,
 				struct fruit_config_data, return -1);
 
-	if (fio == NULL) {
-		return -1;
-	}
-
 	switch (config->meta) {
 	case FRUIT_META_STREAM:
+	{
+		struct fio *fio = fruit_get_complete_fio(handle, fsp);
+		if (fio == NULL) {
+			return -1;
+		}
 		if (fio->fake_fd) {
 			ret = vfs_fake_fd_close(fsp_get_pathref_fd(fsp));
 			fsp_set_fd(fsp, -1);
@@ -1800,7 +1806,7 @@ static int fruit_close_meta(vfs_handle_struct *handle,
 			ret = SMB_VFS_NEXT_CLOSE(handle, fsp);
 		}
 		break;
-
+	}
 	case FRUIT_META_NETATALK:
 		ret = vfs_fake_fd_close(fsp_get_pathref_fd(fsp));
 		fsp_set_fd(fsp, -1);
@@ -1818,7 +1824,6 @@ static int fruit_close_meta(vfs_handle_struct *handle,
 static int fruit_close_rsrc(vfs_handle_struct *handle,
 			    files_struct *fsp)
 {
-	struct fio *fio = fruit_get_complete_fio(handle, fsp);
 	int ret;
 	struct fruit_config_data *config = NULL;
 
@@ -1831,10 +1836,16 @@ static int fruit_close_rsrc(vfs_handle_struct *handle,
 		break;
 
 	case FRUIT_RSRC_ADFILE:
+	{
+		struct fio *fio = fruit_get_complete_fio(handle, fsp);
+		if (fio == NULL) {
+			return -1;
+		}
 		fio_close_ad_fsp(fio);
 		ret = vfs_fake_fd_close(fsp_get_pathref_fd(fsp));
 		fsp_set_fd(fsp, -1);
 		break;
+	}
 
 	case FRUIT_RSRC_XATTR:
 		ret = vfs_fake_fd_close(fsp_get_pathref_fd(fsp));
@@ -2448,8 +2459,8 @@ static ssize_t fruit_pread_rsrc_adouble(vfs_handle_struct *handle,
 	struct adouble *ad = NULL;
 	ssize_t nread;
 
-	if (fio->ad_fsp == NULL) {
-		DBG_ERR("ad_fsp=NULL for [%s]\n", fsp_str_dbg(fsp));
+	if (fio == NULL || fio->ad_fsp == NULL) {
+		DBG_ERR("fio/ad_fsp=NULL for [%s]\n", fsp_str_dbg(fsp));
 		errno = EBADF;
 		return -1;
 	}
@@ -2876,8 +2887,8 @@ static ssize_t fruit_pwrite_rsrc_adouble(vfs_handle_struct *handle,
 	ssize_t nwritten;
 	int ret;
 
-	if (fio->ad_fsp == NULL) {
-		DBG_ERR("ad_fsp=NULL for [%s]\n", fsp_str_dbg(fsp));
+	if (fio == NULL || fio->ad_fsp == NULL) {
+		DBG_ERR("fio/ad_fsp=NULL for [%s]\n", fsp_str_dbg(fsp));
 		errno = EBADF;
 		return -1;
 	}
@@ -3457,8 +3468,8 @@ static int fruit_fstat_rsrc_adouble(vfs_handle_struct *handle,
 	struct adouble *ad = NULL;
 	int ret;
 
-	if (fio->ad_fsp == NULL) {
-		DBG_ERR("ad_fsp=NULL for [%s]\n", fsp_str_dbg(fsp));
+	if (fio == NULL || fio->ad_fsp == NULL) {
+		DBG_ERR("fio/ad_fsp=NULL for [%s]\n", fsp_str_dbg(fsp));
 		errno = EBADF;
 		return -1;
 	}
@@ -4002,8 +4013,8 @@ static int fruit_ftruncate_rsrc_adouble(struct vfs_handle_struct *handle,
 	struct adouble *ad = NULL;
 	off_t ad_off;
 
-	if (fio->ad_fsp == NULL) {
-		DBG_ERR("ad_fsp=NULL for [%s]\n", fsp_str_dbg(fsp));
+	if (fio == NULL || fio->ad_fsp == NULL) {
+		DBG_ERR("fio/ad_fsp=NULL for [%s]\n", fsp_str_dbg(fsp));
 		errno = EBADF;
 		return -1;
 	}
diff --git a/source3/rpc_server/netlogon/srv_netlog_nt.c b/source3/rpc_server/netlogon/srv_netlog_nt.c
index f3c56a6bef1..5906464a9f3 100644
--- a/source3/rpc_server/netlogon/srv_netlog_nt.c
+++ b/source3/rpc_server/netlogon/srv_netlog_nt.c
@@ -1512,14 +1512,9 @@ NTSTATUS _netr_ServerPasswordSet2(struct pipes_struct *p,
 	unbecome_root();
 
 	if (!NT_STATUS_IS_OK(status)) {
-		const char *computer_name = "<unknown>";
-
-		if (creds && creds->computer_name) {
-			computer_name = creds->computer_name;
-		}
-		DEBUG(2,("_netr_ServerPasswordSet2: netlogon_creds_server_step "
-			"failed. Rejecting auth request from client %s machine account %s\n",
-			r->in.computer_name, computer_name));
+		DBG_NOTICE("netlogon_creds_server_step failed. "
+			   "Rejecting auth request from client %s\n",
+			   r->in.computer_name);
 		TALLOC_FREE(creds);
 		return status;
 	}
@@ -1527,7 +1522,8 @@ NTSTATUS _netr_ServerPasswordSet2(struct pipes_struct *p,
 	DBG_NOTICE("Server Password Set2 by remote "
 		   "machine:[%s] on account [%s]\n",
 		   r->in.computer_name,
-		   creds->computer_name);
+		   creds->computer_name != NULL ?
+			creds->computer_name : "<unknown>");
 
 	memcpy(password_buf.data, r->in.new_password->data, 512);
 	SIVAL(password_buf.data, 512, r->in.new_password->length);
diff --git a/source3/smbd/dosmode.c b/source3/smbd/dosmode.c
index e63bf6a22d6..5b252d2bf64 100644
--- a/source3/smbd/dosmode.c
+++ b/source3/smbd/dosmode.c
@@ -1,4 +1,4 @@
-/* 
+/*
    Unix SMB/CIFS implementation.
    dos mode handling functions
    Copyright (C) Andrew Tridgell 1992-1998
@@ -86,7 +86,7 @@ static uint32_t filter_mode_by_protocol(uint32_t mode)
     Base permission for files:
          if creating file and inheriting (i.e. parent_dir != NULL)
            apply read/write bits from parent directory.
-         else   
+         else
            everybody gets read bit set
          dos readonly is represented in unix by removing everyone's write bit
          dos archive is represented in unix by the user's execute bit
@@ -134,7 +134,7 @@ mode_t unix_mode(connection_struct *conn, int dosmode,
 			 smb_fname_str_dbg(smb_fname), (int)dir_mode));
 		/* Clear "result" */
 		result = 0;
-	} 
+	}
 
 	if (IS_DOS_DIR(dosmode)) {
 		/* We never make directories read only for the owner as under DOS a user
@@ -146,14 +146,14 @@ mode_t unix_mode(connection_struct *conn, int dosmode,
 			result |= dir_mode;
 		} else {
 			/* Provisionally add all 'x' bits */
-			result |= (S_IXUSR | S_IXGRP | S_IXOTH);                 
+			result |= (S_IXUSR | S_IXGRP | S_IXOTH);
 
 			/* Apply directory mask */
 			result &= lp_directory_mask(SNUM(conn));
 			/* Add in force bits */
 			result |= lp_force_directory_mode(SNUM(conn));
 		}
-	} else { 
+	} else {
 		if (lp_map_archive(SNUM(conn)) && IS_DOS_ARCHIVE(dosmode))
 			result |= S_IXUSR;
 
@@ -161,7 +161,7 @@ mode_t unix_mode(connection_struct *conn, int dosmode,
 			result |= S_IXGRP;
 
 		if (lp_map_hidden(SNUM(conn)) && IS_DOS_HIDDEN(dosmode))
-			result |= S_IXOTH;  
+			result |= S_IXOTH;
 
 		if (dir_mode) {
 			/* Inherit 666 component of parent directory mode */
@@ -917,7 +917,6 @@ int file_set_dosmode(connection_struct *conn,
 	mode_t tmp;
 	mode_t unixmode;
 	int ret = -1, lret = -1;
-	files_struct *fsp = NULL;
 	NTSTATUS status;
 
 	if (!CAN_WRITE(conn)) {
@@ -1000,7 +999,7 @@ int file_set_dosmode(connection_struct *conn,
 		unixmode |= tmp;
 	}
 
-	/* if we previously had any w bits set then leave them alone 
+	/* if we previously had any w bits set then leave them alone
 		whilst adding in the new w bits, if the new mode is not rdonly */
 	if (!IS_DOS_READONLY(dosmode)) {
 		unixmode |= (smb_fname->st.st_ex_mode & (S_IWUSR|S_IWGRP|S_IWOTH));
@@ -1055,7 +1054,7 @@ int file_set_dosmode(connection_struct *conn,
 	}
 
 	become_root();
-	ret = SMB_VFS_FCHMOD(fsp, unixmode);
+	ret = SMB_VFS_FCHMOD(smb_fname->fsp, unixmode);
 	unbecome_root();
 
 	if (!newfile) {
@@ -1180,7 +1179,7 @@ int file_ntimes(connection_struct *conn,
 	/* Don't update the time on read-only shares */
 	/* We need this as set_filetime (which can be called on
 	   close and other paths) can end up calling this function
-	   without the NEED_WRITE protection. Found by : 
+	   without the NEED_WRITE protection. Found by :
 	   Leo Weppelman <leo at wau.mis.ah.nl>
 	*/
 


-- 
Samba Shared Repository



More information about the samba-cvs mailing list