[PATCH] tdb: Fix a possible null pointer dereference.
Andreas Schneider
asn at samba.org
Thu Nov 22 04:14:33 MST 2012
On Thursday 22 November 2012 12:09:45 Andreas Schneider wrote:
> Signed-off-by: Andreas Schneider <asn at samba.org>
> ---
> lib/tdb/common/error.c | 4 ++++
> 1 file changed, 4 insertions(+)
>
> diff --git a/lib/tdb/common/error.c b/lib/tdb/common/error.c
> index 2aaaa81..ddb93af 100644
> --- a/lib/tdb/common/error.c
> +++ b/lib/tdb/common/error.c
> @@ -29,6 +29,10 @@
>
> _PUBLIC_ enum TDB_ERROR tdb_error(struct tdb_context *tdb)
> {
> + if (tdb == NULL) {
> + return TDB_ERR_EINVAL;
> + }
> +
> return tdb->ecode;
> }
This only happens in a rare case when reopening a tdb fails, eventually
freeing the mentioned pointer via tdb_close. The freed pointer is then
dereferenced again during error reporting.
(Found by RHN Coverity Scan)
--
Andreas Schneider GPG-ID: F33E3FC6
Samba Team asn at samba.org
www.samba.org
More information about the samba-technical
mailing list