[bug] simple but severe coding bugs of rpcclient

Samba-JP TAKAHASHI Motonobu monyo at samba.gr.jp
Sat Jun 23 12:53:32 GMT 2001 

Hello

The following problem was found at Samba-JP, that the evaluation
of rpc_api_pipe_req() return value is mistaken.

Please look at the patch in detail :-(

Here is a patch to fix it for Samba 2.0.9/Samba HEAD branch.

And there may be 2 other similar bug in cli_reg.c, bug we have not
examined them.

% grep -n rpc_api_pipe_req */*.[ch] | grep -v '\!rpc' | grep -v DEBUG

include/proto.h:2394:BOOL rpc_api_pipe_req(struct cli_state *cli,
rpc_client/cli_connect.c:374:        ret = rpc_api_pipe_req(
rpc_client/cli_netlogon.c:88:  if (rpc_api_pipe_req(cli,
rpc_client/cli_netlogon.c:151:  if (rpc_api_pipe_req(cli, NET_AUTH2,
rpc_client/cli_netlogon.c:240:  if (rpc_api_pipe_req(cli, NET_REQCHAL,
rpc_client/cli_netlogon.c:307:  if (rpc_api_pipe_req(cli,
rpc_client/cli_netlogon.c:522:  if (rpc_api_pipe_req(cli,
rpc_client/cli_pipe.c:771:BOOL rpc_api_pipe_req(struct cli_state *cli,
rpc_client/cli_reg.c:167:       if (rpc_api_pipe_req(cli,
rpc_client/cli_reg.c:359:       if (rpc_api_pipe_req(cli, REG_UNK_1A,
rpc_client/cli_reg.c:601:       if (rpc_api_pipe_req(cli,
rpc_client/cli_reg.c:736:       if (rpc_api_pipe_req(cli,

And if you could, please adjust that use always "if (!rpc_api_pipe_req())"
and modify "if (rpc_api_pipe_req()" to "if (!rpc_api_pipe_req())" over
all Samba code to reduce bugs.

samba-2.0.9
diff -ur rpc_client/cli_reg.c.010621 rpc_client/cli_reg.c
--- rpc_client/cli_reg.c.010621	Wed May 10 23:28:49 2000
+++ rpc_client/cli_reg.c	Thu Jun 21 13:43:07 2001
@@ -164,7 +164,7 @@
 	}
 
 	/* send the data on \PIPE\ */
-	if (rpc_api_pipe_req(cli, REG_OPEN_HKU, &buf, &rbuf)) {
+	if (!rpc_api_pipe_req(cli, REG_OPEN_HKU, &buf, &rbuf)) {
 		prs_mem_free(&buf);
 		prs_mem_free(&rbuf);
 		return False;
@@ -356,7 +356,7 @@
 	}
 
 	/* send the data on \PIPE\ */
-	if (rpc_api_pipe_req(cli, REG_UNK_1A, &buf, &rbuf)) {
+	if (!rpc_api_pipe_req(cli, REG_UNK_1A, &buf, &rbuf)) {
 		prs_mem_free(&buf);
 		prs_mem_free(&rbuf);
 		return False;
----- Cut Here -----

HEAD
----- Cut Here -----
diff -urNP ../../samba-head/source/rpc_client/cli_reg.c
./rpc_client/cli_reg.c
--- ../../samba-head/source/rpc_client/cli_reg.c        Mon Mar 12
06:50:08 2001
+++ ./rpc_client/cli_reg.c      Thu Jun 21 13:44:46 2001
@@ -164,7 +164,7 @@
        }
 
        /* send the data on \PIPE\ */
-       if (rpc_api_pipe_req(cli, REG_OPEN_HKU, &buf, &rbuf)) {
+       if (!rpc_api_pipe_req(cli, REG_OPEN_HKU, &buf, &rbuf)) {
                prs_mem_free(&buf);
                prs_mem_free(&rbuf);
                return False;
@@ -356,7 +356,7 @@
        }
 
        /* send the data on \PIPE\ */
-       if (rpc_api_pipe_req(cli, REG_UNK_1A, &buf, &rbuf)) {
+       if (!rpc_api_pipe_req(cli, REG_UNK_1A, &buf, &rbuf)) {
                prs_mem_free(&buf);
                prs_mem_free(&rbuf);
                return False;
----- Cut Here -----

-----
TAKAHASHI Motonobu                    mailto:monyo at samba.gr.jp
Samba Users Group Japan               http://www.samba.gr.jp/

More information about the samba-technical mailing list