[PATCH] tdb: Fix a possible null pointer dereference.
Volker Lendecke
Volker.Lendecke at SerNet.DE
Thu Nov 22 04:25:19 MST 2012
On Thu, Nov 22, 2012 at 12:14:33PM +0100, Andreas Schneider wrote:
> On Thursday 22 November 2012 12:09:45 Andreas Schneider wrote:
> > Signed-off-by: Andreas Schneider <asn at samba.org>
> > ---
> > lib/tdb/common/error.c | 4 ++++
> > 1 file changed, 4 insertions(+)
> >
> > diff --git a/lib/tdb/common/error.c b/lib/tdb/common/error.c
> > index 2aaaa81..ddb93af 100644
> > --- a/lib/tdb/common/error.c
> > +++ b/lib/tdb/common/error.c
> > @@ -29,6 +29,10 @@
> >
> > _PUBLIC_ enum TDB_ERROR tdb_error(struct tdb_context *tdb)
> > {
> > + if (tdb == NULL) {
> > + return TDB_ERR_EINVAL;
> > + }
> > +
> > return tdb->ecode;
> > }
>
> This only happens in a rare case when reopening a tdb fails, eventually
> freeing the mentioned pointer via tdb_close. The freed pointer is then
> dereferenced again during error reporting.
Isn't it smarter to fix the re-open path? I'd call
tdb_error(NULL) segfaulting a valid error message ...
Volker
--
SerNet GmbH, Bahnhofsallee 1b, 37081 Göttingen
phone: +49-551-370000-0, fax: +49-551-370000-9
AG Göttingen, HRB 2816, GF: Dr. Johannes Loxen
http://www.sernet.de, mailto:kontakt at sernet.de
More information about the samba-technical
mailing list