[SCM] Samba Shared Repository - branch master updated
Andreas Schneider
asn at samba.org
Fri Jun 28 12:45:01 UTC 2024
The branch, master has been updated
via a77cffaa256 s4:torture: Initialize struct wrepl_wins_name
via 909506c91c1 examples: Initialize char arrays
via c814681c6b9 examples: Use cp with force option
via 54ce370f7d0 s4:torture: Fully initialize struct samr_OpenUser
via dd896862d0a s3:rpc_client: Check for array size instead of UINT16_MAX
via 7990a2ba08c s4:torture: Initialize struct wrepl_wins_name
via ec7dfedccf6 s3:auth: Avoid passing freed pamh pointer to funcitons using it
via 990a68fedb9 s3:auth: Remove trailing spaces in pampass.c
via 09d731470e1 s4:torture: Initialize struct smb2_handle
via 4777464946c s4:torture: Initialize struct nbt_name_query
via deced5eaae5 s3:torture: Remove trailing spaces in query.c
from f824e985167 doc: Update codeing guidelines for struct initialisation
https://git.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit a77cffaa256e6c4a6dbca115905c09ddbe9c22da
Author: Andreas Schneider <asn at samba.org>
Date: Mon Jun 24 15:19:20 2024 +0200
s4:torture: Initialize struct wrepl_wins_name
"Error: UNINIT (CWE-457):
samba-4.20.0rc2/source4/torture/nbt/winsreplication.c:1244: var_decl: Declaring variable ""wins_name1"" without initializer.
samba-4.20.0rc2/source4/torture/nbt/winsreplication.c:4835: assign: Assigning: ""wins_name_r1"" = ""&wins_name1"", which points to uninitialized data.
samba-4.20.0rc2/source4/torture/nbt/winsreplication.c:4905: uninit_use_in_call: Using uninitialized value ""*wins_name_r1"". Field ""wins_name_r1->is_group"" is uninitialized when calling ""test_wrepl_update_one"".
4903|
4904| /* now apply R1 */
4905|-> ret &= test_wrepl_update_one(tctx, ctx, records[i].r1.owner, wins_name_r1);
4906| ret &= test_wrepl_is_applied(tctx, ctx, records[i].r1.owner,
4907| wins_name_r1, records[i].r1.apply_expected);"
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Noel Power <npower at samba.org>
Autobuild-User(master): Andreas Schneider <asn at cryptomilk.org>
Autobuild-Date(master): Fri Jun 28 12:44:31 UTC 2024 on atb-devel-224
commit 909506c91c1660f124d772b5caa0191f10ee320c
Author: Andreas Schneider <asn at samba.org>
Date: Mon Jun 24 15:17:13 2024 +0200
examples: Initialize char arrays
"Error: UNINIT (CWE-457):
samba-4.20.0rc2/examples/libsmbclient/testacl3.c:15: var_decl: Declaring variable ""value"" without initializer.
samba-4.20.0rc2/examples/libsmbclient/testacl3.c:55: uninit_use_in_call: Using uninitialized value ""*value"" as argument to ""%s"" when calling ""printf"". [Note: The source code implementation of the function has been overridden by a builtin model.]
53| }
54|
55|-> printf(""Attributes for [%s] are:\n%s\n"", path, value);
56| }
57|"
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Noel Power <npower at samba.org>
commit c814681c6b965b15b3d4895cc0d47f01ba2c31d3
Author: Andreas Schneider <asn at samba.org>
Date: Mon Jun 24 15:14:43 2024 +0200
examples: Use cp with force option
"Error: SHELLCHECK_WARNING:
/usr/share/doc/samba/printing/VampireDriversFunctions:951:15: warning[SC2216]: Piping to 'cp', a command that doesn't read stdin. Wrong command or missing xargs?
949| CWD2=""$( pwd )"" ;
950| cd ""${i}"";
951|-> echo ""yes"" | cp ../alldriverfiles.txt . 2> /dev/null ;
952|
953| cat alldriverfiles.txt \"
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Noel Power <npower at samba.org>
commit 54ce370f7d0ac0972f9693cef424c4239b15c754
Author: Andreas Schneider <asn at samba.org>
Date: Mon Jun 24 15:09:21 2024 +0200
s4:torture: Fully initialize struct samr_OpenUser
"Error: UNINIT (CWE-457):
samba-4.20.0rc2/source4/torture/rpc/samr.c:7381: var_decl: Declaring variable ""r"" without initializer.
samba-4.20.0rc2/source4/torture/rpc/samr.c:7428: uninit_use: Using uninitialized value ""r.out.result.v"".
7426| torture_assert_ntstatus_ok(tctx, dcerpc_samr_QueryUserInfo_r(b, tctx, &q),
7427| ""QueryUserInfo failed"");
7428|-> if (!NT_STATUS_IS_OK(r.out.result)) {
7429| torture_result(tctx, TORTURE_FAIL, ""QueryUserInfo(%u) failed - %s\n"", r.in.rid, nt_errstr(r.out.result));
7430| return false;"
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Noel Power <npower at samba.org>
commit dd896862d0a430daa2f0c38325b6ef56dabe174e
Author: Andreas Schneider <asn at samba.org>
Date: Mon Jun 24 13:38:34 2024 +0200
s3:rpc_client: Check for array size instead of UINT16_MAX
mdscli_ctx->mdscmd_open.share_path is an array of size 1025. The
boundary is 1025 and not UINT16_MAX.
"Error: OVERRUN (CWE-119):
samba-4.20.0rc2/source3/rpc_client/cli_mdssvc.c:127: cond_at_least: Checking ""share_path_len < 1UL"" implies that ""share_path_len"" is at least 1 on the false branch.
samba-4.20.0rc2/source3/rpc_client/cli_mdssvc.c:127: cond_between: Checking ""share_path_len > 65535UL"" implies that ""share_path_len"" is between 1 and 65535 (inclusive) on the false branch.
samba-4.20.0rc2/source3/rpc_client/cli_mdssvc.c:133: overrun-local: Overrunning array ""mdscli_ctx->mdscmd_open.share_path"" of 1025 bytes at byte offset 65534 using index ""share_path_len - 1UL"" (which evaluates to 65534).
131| mdscli_ctx->mdscmd_open.share_path_len = share_path_len;
132|
133|-> if (mdscli_ctx->mdscmd_open.share_path[share_path_len-1] == '/') {
134| mdscli_ctx->mdscmd_open.share_path[share_path_len-1] = '\0';
135| mdscli_ctx->mdscmd_open.share_path_len--;"
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Noel Power <npower at samba.org>
commit 7990a2ba08ca8ce015282aa01f318ae9623e51df
Author: Andreas Schneider <asn at samba.org>
Date: Mon Jun 24 12:22:19 2024 +0200
s4:torture: Initialize struct wrepl_wins_name
"Error: UNINIT (CWE-457):
samba-4.20.0rc2/source4/torture/nbt/winsreplication.c:6759: var_decl: Declaring variable ""wins_name_"" without initializer.
samba-4.20.0rc2/source4/torture/nbt/winsreplication.c:6760: assign: Assigning: ""wins_name"" = ""&wins_name_"", which points to uninitialized data.
samba-4.20.0rc2/source4/torture/nbt/winsreplication.c:9455: uninit_use_in_call: Using uninitialized value ""*wins_name"". Field ""wins_name->is_group"" is uninitialized when calling ""test_wrepl_update_one"".
9453| wins_name->unknown = ""255.255.255.255"";
9454|
9455|-> ret &= test_wrepl_update_one(tctx, ctx, &ctx->b, wins_name);
9456|
9457| /*"
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Noel Power <npower at samba.org>
commit ec7dfedccf6b30c69398b8473b503c7d19b132cf
Author: Andreas Schneider <asn at samba.org>
Date: Mon Jun 24 10:20:51 2024 +0200
s3:auth: Avoid passing freed pamh pointer to funcitons using it
"Error: USE_AFTER_FREE (CWE-416):
samba-4.20.0rc2/source3/auth/pampass.c:466: freed_arg: ""pam_end"" frees ""pamh"".
samba-4.20.0rc2/source3/auth/pampass.c:467: pass_freed_arg: Passing freed pointer ""pamh"" as an argument to ""smb_pam_error_handler"".
465| if( pamh != NULL ) {
466| pam_error = pam_end(pamh, 0);
467|-> if(smb_pam_error_handler(pamh, pam_error, ""End Cleanup Failed"", 2) == True) {
468| DEBUG(4, (""smb_pam_end: PAM: PAM_END OK.\n""));
469| return True;"
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Noel Power <npower at samba.org>
commit 990a68fedb9ac33de8b52b4091c6152c76fbbd7e
Author: Andreas Schneider <asn at samba.org>
Date: Mon Jun 24 10:21:30 2024 +0200
s3:auth: Remove trailing spaces in pampass.c
Reviewed-by: Noel Power <npower at samba.org>
commit 09d731470e1cb5e0ea24a0a3e3daaa869daf3c93
Author: Andreas Schneider <asn at samba.org>
Date: Mon Jun 24 10:11:31 2024 +0200
s4:torture: Initialize struct smb2_handle
"Error: UNINIT (CWE-457):
samba-4.20.0rc2/source4/torture/smb2/lease.c:336: var_decl: Declaring variable ""hnew"" without initializer.
samba-4.20.0rc2/source4/torture/smb2/lease.c:377: uninit_use_in_call: Using uninitialized value ""hnew"" when calling ""smb2_util_close"".
375| done:
376| smb2_util_close(tree, h);
377|-> smb2_util_close(tree, hnew);
378|
379| smb2_util_unlink(tree, fname);"
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Noel Power <npower at samba.org>
commit 4777464946c16fb9d731e45a9ddb23a34c89d898
Author: Andreas Schneider <asn at samba.org>
Date: Mon Jun 24 10:09:43 2024 +0200
s4:torture: Initialize struct nbt_name_query
"Error: UNINIT (CWE-457):
samba-4.20.0rc2/source4/torture/nbt/query.c:53: var_decl: Declaring variable ""io"" without initializer.
samba-4.20.0rc2/source4/torture/nbt/query.c:76: uninit_use_in_call: Using uninitialized value ""io.in.retries"" when calling ""nbt_name_query_send"".
74| while (num_sent - (result->num_pass+result->num_fail) < 10) {
75| struct nbt_name_request *req;
76|-> req = nbt_name_query_send(nbtsock, &io);
77| torture_assert(tctx, req != NULL, ""Failed to setup request!"");
78| req->async.fn = increment_handler;"
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Noel Power <npower at samba.org>
commit deced5eaae54cb9d8fbbd7598be1550e4946a3a0
Author: Andreas Schneider <asn at samba.org>
Date: Mon Jun 24 10:09:24 2024 +0200
s3:torture: Remove trailing spaces in query.c
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Noel Power <npower at samba.org>
-----------------------------------------------------------------------
Summary of changes:
examples/libsmbclient/testacl3.c | 4 ++--
examples/printing/VampireDriversFunctions | 6 +++---
source3/auth/pampass.c | 28 ++++++++++++++++------------
source3/rpc_client/cli_mdssvc.c | 4 +++-
source4/torture/nbt/query.c | 18 +++++++++++-------
source4/torture/nbt/winsreplication.c | 12 +++++++++---
source4/torture/rpc/samr.c | 10 +++++++---
source4/torture/smb2/lease.c | 7 ++++++-
8 files changed, 57 insertions(+), 32 deletions(-)
Changeset truncated at 500 lines:
diff --git a/examples/libsmbclient/testacl3.c b/examples/libsmbclient/testacl3.c
index e5ec2c88b95..2e3ee5d4c3c 100644
--- a/examples/libsmbclient/testacl3.c
+++ b/examples/libsmbclient/testacl3.c
@@ -12,8 +12,8 @@ int main(int argc, char * argv[])
{
int ret;
int debug = 0;
- char value[2048];
- char path[2048];
+ char value[2048] = {};
+ char path[2048] = {};
char * the_acl;
char * p;
SMBCCTX * context;
diff --git a/examples/printing/VampireDriversFunctions b/examples/printing/VampireDriversFunctions
index b06e3653214..6580f0a2dc6 100644
--- a/examples/printing/VampireDriversFunctions
+++ b/examples/printing/VampireDriversFunctions
@@ -948,7 +948,7 @@ else
for i in */; do
CWD2="$( pwd )" ;
cd "${i}";
- echo "yes" | cp ../alldriverfiles.txt . 2> /dev/null ;
+ cp -f ../alldriverfiles.txt . 2> /dev/null ;
cat alldriverfiles.txt \
| egrep '(\\'"$(basename "$( pwd )")"'\\|Driver Name)' \
@@ -1076,7 +1076,7 @@ else
echo " "
echo " ###########################################################################################"
-###### echo "yes" | cp -f ../../../${nthost}/W32X86/${nthost}-enumdrivers3list-NTx86.txt . 2> /dev/null ;
+###### cp -f ../../../${nthost}/W32X86/${nthost}-enumdrivers3list-NTx86.txt . 2> /dev/null ;
ln -s -f ../${nthost}-enumdrivers3list-NTx86.txt ${nthost}-enumdrivers3list-NTx86.lnk ;
tac ${nthost}-enumdrivers3list-NTx86.lnk \
@@ -1095,7 +1095,7 @@ else
for i in */; do
CWD2="$( pwd )" ;
cd "${i}";
- echo "yes" | cp ../alldriverfiles.txt . 2> /dev/null ;
+ cp -f ../alldriverfiles.txt . 2> /dev/null ;
cat alldriverfiles.txt \
| egrep '(\\'"$(basename "$( pwd )")"'\\|Driver Name)' \
diff --git a/source3/auth/pampass.c b/source3/auth/pampass.c
index d64a6e83335..3e764f32f7d 100644
--- a/source3/auth/pampass.c
+++ b/source3/auth/pampass.c
@@ -1,4 +1,4 @@
-/*
+/*
Unix SMB/CIFS implementation.
PAM Password checking
Copyright (C) Andrew Tridgell 1992-2001
@@ -37,7 +37,7 @@
#ifdef WITH_PAM
/*******************************************************************
- * Handle PAM authentication
+ * Handle PAM authentication
* - Access, Authentication, Session, Password
* Note: See PAM Documentation and refer to local system PAM implementation
* which determines what actions/limitations/allowances become affected.
@@ -99,7 +99,7 @@ static bool smb_pam_error_handler(pam_handle_t *pamh, int pam_error, const char
*********************************************************************/
static bool smb_pam_nt_status_error_handler(pam_handle_t *pamh, int pam_error,
- const char *msg, int dbglvl,
+ const char *msg, int dbglvl,
NTSTATUS *nt_status)
{
*nt_status = pam_to_nt_status(pam_error);
@@ -220,7 +220,7 @@ struct chat_struct {
Create a linked list containing chat data.
***************************************************************/
-static struct chat_struct *make_pw_chat(const char *p)
+static struct chat_struct *make_pw_chat(const char *p)
{
char *prompt;
char *reply;
@@ -294,7 +294,7 @@ static int smb_pam_passchange_conv(int num_msg,
struct chat_struct *t;
const struct loadparm_substitution *lp_sub =
loadparm_s3_global_substitution();
- bool found;
+ bool found;
*resp = NULL;
DEBUG(10,("smb_pam_passchange_conv: starting conversation for %d messages\n", num_msg));
@@ -452,7 +452,7 @@ static struct pam_conv *smb_setup_pam_conv(smb_pam_conv_fn smb_pam_conv_fnptr, c
return pconv;
}
-/*
+/*
* PAM Closing out cleanup handler
*/
@@ -464,12 +464,16 @@ static bool smb_pam_end(pam_handle_t *pamh, struct pam_conv *smb_pam_conv_ptr)
if( pamh != NULL ) {
pam_error = pam_end(pamh, 0);
- if(smb_pam_error_handler(pamh, pam_error, "End Cleanup Failed", 2) == True) {
- DEBUG(4, ("smb_pam_end: PAM: PAM_END OK.\n"));
+ if (pam_error == PAM_SUCCESS) {
+ DBG_NOTICE("PAM: PAM_END OK.\n");
return True;
}
+
+ DBG_WARNING("PAM: PAM_END FAILED (%d).\n", pam_error);
+ } else {
+ DBG_INFO("PAM: not initialised\n");
}
- DEBUG(2,("smb_pam_end: PAM: not initialised\n"));
+
return False;
}
@@ -559,7 +563,7 @@ static NTSTATUS smb_pam_auth(pam_handle_t *pamh, const char *user)
return nt_status;
}
-/*
+/*
* PAM Account Handler
*/
static NTSTATUS smb_pam_account(pam_handle_t *pamh, const char * user)
@@ -612,7 +616,7 @@ static NTSTATUS smb_pam_setcred(pam_handle_t *pamh, const char * user)
*/
DEBUG(4,("PAM: Account Management SetCredentials for User: %s\n", user));
- pam_error = pam_setcred(pamh, (PAM_ESTABLISH_CRED|PAM_SILENT));
+ pam_error = pam_setcred(pamh, (PAM_ESTABLISH_CRED|PAM_SILENT));
switch( pam_error ) {
case PAM_CRED_UNAVAIL:
DEBUG(0, ("smb_pam_setcred: PAM: Credentials not found for user:%s\n", user ));
@@ -710,7 +714,7 @@ static bool smb_pam_chauthtok(pam_handle_t *pamh, const char * user)
default:
DEBUG(0, ("PAM: UNKNOWN PAM ERROR (%d) for User: %s\n", pam_error, user));
}
-
+
if(!smb_pam_error_handler(pamh, pam_error, "Password Change Failed", 2)) {
return False;
}
diff --git a/source3/rpc_client/cli_mdssvc.c b/source3/rpc_client/cli_mdssvc.c
index 93e032faa98..8678b4bbcb0 100644
--- a/source3/rpc_client/cli_mdssvc.c
+++ b/source3/rpc_client/cli_mdssvc.c
@@ -124,7 +124,9 @@ static void mdscli_connect_open_done(struct tevent_req *subreq)
}
share_path_len = strlen(mdscli_ctx->mdscmd_open.share_path);
- if (share_path_len < 1 || share_path_len > UINT16_MAX) {
+ if (share_path_len < 1 ||
+ share_path_len >= sizeof(mdscli_ctx->mdscmd_open.share_path))
+ {
tevent_req_nterror(req, NT_STATUS_INTERNAL_ERROR);
return;
}
diff --git a/source4/torture/nbt/query.c b/source4/torture/nbt/query.c
index 001ff19413b..6bdff3448cc 100644
--- a/source4/torture/nbt/query.c
+++ b/source4/torture/nbt/query.c
@@ -1,20 +1,20 @@
-/*
+/*
Unix SMB/CIFS implementation.
NBT name query testing
Copyright (C) Andrew Tridgell 2005
-
+
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 3 of the License, or
(at your option) any later version.
-
+
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
-
+
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
@@ -50,7 +50,11 @@ static bool bench_namequery(struct torture_context *tctx)
struct nbt_name_socket *nbtsock = torture_init_nbt_socket(tctx);
int num_sent=0;
struct result_struct *result;
- struct nbt_name_query io;
+ struct nbt_name_query io = {
+ .in = {
+ .retries = 0,
+ }
+ };
struct timeval tv = timeval_current();
int timelimit = torture_setting_int(tctx, "timelimit", 5);
@@ -80,7 +84,7 @@ static bool bench_namequery(struct torture_context *tctx)
num_sent++;
if (num_sent % 1000 == 0) {
if (torture_setting_bool(tctx, "progress", true)) {
- torture_comment(tctx, "%.1f queries per second (%d failures) \r",
+ torture_comment(tctx, "%.1f queries per second (%d failures) \r",
result->num_pass / timeval_elapsed(&tv),
result->num_fail);
fflush(stdout);
@@ -95,7 +99,7 @@ static bool bench_namequery(struct torture_context *tctx)
tevent_loop_once(nbtsock->event_ctx);
}
- torture_comment(tctx, "%.1f queries per second (%d failures) \n",
+ torture_comment(tctx, "%.1f queries per second (%d failures) \n",
result->num_pass / timeval_elapsed(&tv),
result->num_fail);
diff --git a/source4/torture/nbt/winsreplication.c b/source4/torture/nbt/winsreplication.c
index 90004cabe63..77bef8c81e1 100644
--- a/source4/torture/nbt/winsreplication.c
+++ b/source4/torture/nbt/winsreplication.c
@@ -1241,8 +1241,12 @@ static bool test_conflict_different_owner(struct torture_context *tctx,
struct test_wrepl_conflict_conn *ctx)
{
bool ret = true;
- struct wrepl_wins_name wins_name1;
- struct wrepl_wins_name wins_name2;
+ struct wrepl_wins_name wins_name1 = {
+ .flags = 0,
+ };
+ struct wrepl_wins_name wins_name2 = {
+ .flags = 0,
+ };
struct wrepl_wins_name *wins_name_r1;
struct wrepl_wins_name *wins_name_r2;
uint32_t i;
@@ -6758,7 +6762,9 @@ static bool test_conflict_owned_active_vs_replica(struct torture_context *tctx,
{
bool ret = true;
NTSTATUS status;
- struct wrepl_wins_name wins_name_;
+ struct wrepl_wins_name wins_name_ = {
+ .flags = 0,
+ };
struct wrepl_wins_name *wins_name = &wins_name_;
struct nbt_name_register name_register_;
struct nbt_name_register *name_register = &name_register_;
diff --git a/source4/torture/rpc/samr.c b/source4/torture/rpc/samr.c
index 22e0606de96..b7d0b2c72cf 100644
--- a/source4/torture/rpc/samr.c
+++ b/source4/torture/rpc/samr.c
@@ -7378,13 +7378,17 @@ static bool test_each_DisplayInfo_user(struct dcerpc_binding_handle *b,
struct samr_QueryDisplayInfo *querydisplayinfo,
bool *seen_testuser)
{
- struct samr_OpenUser r;
+ struct samr_OpenUser r = {
+ .in = {
+ .domain_handle = querydisplayinfo->in.domain_handle,
+ .access_mask = SEC_FLAG_MAXIMUM_ALLOWED,
+ },
+ };
struct samr_QueryUserInfo q;
union samr_UserInfo *info;
struct policy_handle user_handle;
int i, ret = true;
- r.in.domain_handle = querydisplayinfo->in.domain_handle;
- r.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
+
for (i = 0; ; i++) {
switch (querydisplayinfo->in.level) {
case 1:
diff --git a/source4/torture/smb2/lease.c b/source4/torture/smb2/lease.c
index 30bbefdce6a..60c79e7666b 100644
--- a/source4/torture/smb2/lease.c
+++ b/source4/torture/smb2/lease.c
@@ -333,7 +333,12 @@ static bool test_lease_upgrade2(struct torture_context *tctx,
struct smb2_tree *tree)
{
TALLOC_CTX *mem_ctx = talloc_new(tctx);
- struct smb2_handle h, hnew;
+ struct smb2_handle h = {
+ .data = {},
+ };
+ struct smb2_handle hnew = {
+ .data = {},
+ };
NTSTATUS status;
struct smb2_create io;
struct smb2_lease ls;
--
Samba Shared Repository
More information about the samba-cvs
mailing list