[PATCH] 303, possible corruption, uninitialized variables
Andy Polyakov
appro at fy.chalmers.se
Thu Apr 29 22:46:35 GMT 2004
client/client.c patch is a quick-n-dirty fix for [potential] corruption
on 32-bit platforms where sizeof(size_t) != sizeof(SMB_BIG_UINT). I'm
not maintaining that proposed code is "the right way" to fix the
problem. Consider it as patch which rather *denotes* the problem than
fixes it.
libads/ldap.c and nsswitch/winbind_ads.c patches fix [potential]
corruption on 64-bit platforms where sizeof(size_t) != sizeof(int).
smbd/open.c and utils/ntlm_auth.c patches eliminate couple of
uninitalized variables.
I'm sorry I had no opportunity to test one of the RC versions. A.
-------------- next part --------------
--- ./client/client.c.orig 2004-04-20 22:42:58.000000000 +0200
+++ ./client/client.c 2004-04-29 23:59:51.000000000 +0200
@@ -653,6 +653,7 @@
int read_size = io_bufsize;
uint16 attr;
size_t size;
+ SMB_BIG_UINT Size;
off_t start = 0;
off_t nread = 0;
int rc = 0;
@@ -693,16 +694,16 @@
}
- if (!cli_qfileinfo(cli, fnum,
- &attr, &size, NULL, NULL, NULL, NULL, NULL) &&
+ if (!(cli_qfileinfo(cli, fnum,
+ &attr, &size, NULL, NULL, NULL, NULL, NULL) && (Size=size,1)) &&
!cli_getattrE(cli, fnum,
- &attr, &size, NULL, NULL, NULL)) {
+ &attr, &Size, NULL, NULL, NULL)) {
d_printf("getattrib: %s\n",cli_errstr(cli));
return 1;
}
DEBUG(2,("getting file %s of size %.0f as %s ",
- rname, (double)size, lname));
+ rname, (double)Size, lname));
if(!(data = (char *)malloc(read_size))) {
d_printf("malloc fail for size %d\n", read_size);
@@ -1060,6 +1061,7 @@
int fnum;
XFILE *f;
size_t start = 0;
+ SMB_BIG_UINT Start = 0;
off_t nread = 0;
char *buf = NULL;
int maxwrite = io_bufsize;
@@ -1071,8 +1073,8 @@
if (reput) {
fnum = cli_open(cli, rname, O_RDWR|O_CREAT, DENY_NONE);
if (fnum >= 0) {
- if (!cli_qfileinfo(cli, fnum, NULL, &start, NULL, NULL, NULL, NULL, NULL) &&
- !cli_getattrE(cli, fnum, NULL, &start, NULL, NULL, NULL)) {
+ if (!(cli_qfileinfo(cli, fnum, NULL, &start, NULL, NULL, NULL, NULL, NULL) && (Start=start,1)) &&
+ !cli_getattrE(cli, fnum, NULL, &Start, NULL, NULL, NULL)) {
d_printf("getattrib: %s\n",cli_errstr(cli));
return 1;
}
@@ -1097,7 +1099,7 @@
} else {
f = x_fopen(lname,O_RDONLY, 0);
if (f && reput) {
- if (x_tseek(f, start, SEEK_SET) == -1) {
+ if (x_tseek(f, Start, SEEK_SET) == -1) {
d_printf("Error seeking local file\n");
return 1;
}
@@ -1130,7 +1132,7 @@
break;
}
- ret = cli_write(cli, fnum, 0, buf, nread + start, n);
+ ret = cli_write(cli, fnum, 0, buf, nread + Start, n);
if (n != ret) {
d_printf("Error writing file: %s\n", cli_errstr(cli));
--- ./libads/ldap.c.orig 2004-04-20 22:42:58.000000000 +0200
+++ ./libads/ldap.c 2004-04-29 21:56:33.000000000 +0200
@@ -2083,7 +2083,7 @@
int i;
void *res;
const char *attrs[] = {"servicePrincipalName", NULL};
- int num_principals;
+ size_t num_principals;
(*workgroup) = NULL;
--- ./nsswitch/winbindd_ads.c.orig 2004-04-20 22:42:55.000000000 +0200
+++ ./nsswitch/winbindd_ads.c 2004-04-29 22:03:53.000000000 +0200
@@ -651,13 +651,13 @@
NTSTATUS status = NT_STATUS_UNSUCCESSFUL;
char *sidstr;
char **members;
- int i, num_members;
+ size_t num_members;
fstring sid_string;
BOOL more_values;
const char **attrs;
uint32 first_usn;
uint32 current_usn;
- int num_retries = 0;
+ int i,num_retries = 0;
DEBUG(10,("ads: lookup_groupmem %s sid=%s\n", domain->name,
sid_string_static(group_sid)));
--- ./smbd/open.c.orig 2004-04-04 09:37:29.000000000 +0200
+++ ./smbd/open.c 2004-04-29 20:03:47.000000000 +0200
@@ -820,7 +820,7 @@
ignored */
if (Access)
*Access = DOS_OPEN_WRONLY;
- if (action)
+ if (paction)
*paction = FILE_WAS_CREATED;
return print_fsp_open(conn, fname);
}
--- ./utils/ntlm_auth.c.orig 2004-04-20 22:42:58.000000000 +0200
+++ ./utils/ntlm_auth.c 2004-04-29 16:10:17.000000000 +0200
@@ -471,7 +471,7 @@
static NTSTATUS ntlm_auth_start_ntlmssp_client(NTLMSSP_STATE **client_ntlmssp_state)
{
- NTSTATUS status;
+ NTSTATUS status=NT_STATUS_UNSUCCESSFUL;
if ( (opt_username == NULL) || (opt_domain == NULL) ) {
DEBUG(1, ("Need username and domain for NTLMSSP\n"));
return status;
More information about the samba-technical
mailing list