Some Coverity fixes
Volker Lendecke
Volker.Lendecke at SerNet.DE
Sun Aug 18 13:59:09 MDT 2013
Hi!
Please review and push.
Thanks,
Volker
P.S: Yes, not only coverity fixes :-)
--
SerNet GmbH, Bahnhofsallee 1b, 37081 Göttingen
phone: +49-551-370000-0, fax: +49-551-370000-9
AG Göttingen, HRB 2816, GF: Dr. Johannes Loxen
http://www.sernet.de, mailto:kontakt at sernet.de
-------------- next part --------------
>From 4eee66d93d1b6ffb10714c932d42ba44cc8716d7 Mon Sep 17 00:00:00 2001
From: Volker Lendecke <vl at samba.org>
Date: Sun, 18 Aug 2013 17:19:14 +0000
Subject: [PATCH 01/11] log2pcaphex: Fix nonempty line endings
Signed-off-by: Volker Lendecke <vl at samba.org>
---
source3/utils/log2pcaphex.c | 31 +++++++++++++++----------------
1 file changed, 15 insertions(+), 16 deletions(-)
diff --git a/source3/utils/log2pcaphex.c b/source3/utils/log2pcaphex.c
index 0b1230e..8425a5e 100644
--- a/source3/utils/log2pcaphex.c
+++ b/source3/utils/log2pcaphex.c
@@ -1,4 +1,4 @@
-/*
+/*
Unix SMB/CIFS implementation.
Utility to extract pcap files from samba (log level 10) log files
@@ -154,7 +154,6 @@ static void print_hex_packet(FILE *out, unsigned char *data, long length)
for(i = cur; i < length && i < cur + 16; i++) {
fprintf(out, "%02x ", data[i]);
}
-
cur = i;
fprintf(out, "\n");
}
@@ -162,10 +161,10 @@ static void print_hex_packet(FILE *out, unsigned char *data, long length)
static void print_netbios_packet(FILE *out, unsigned char *data, long length,
long actual_length)
-{
+{
unsigned char *newdata; long offset = 0;
long newlen;
-
+
newlen = length+sizeof(HDR_IP)+sizeof(HDR_TCP);
newdata = (unsigned char *)malloc(newlen);
@@ -176,7 +175,7 @@ static void print_netbios_packet(FILE *out, unsigned char *data, long length,
memcpy(newdata+offset, &HDR_IP, sizeof(HDR_IP));offset+=sizeof(HDR_IP);
memcpy(newdata+offset, &HDR_TCP, sizeof(HDR_TCP));offset+=sizeof(HDR_TCP);
memcpy(newdata+offset,data,length);
-
+
print_pcap_packet(out, newdata, newlen, actual_length+offset);
free(newdata);
}
@@ -312,12 +311,12 @@ int main (int argc, char **argv)
{ "hex", 'h', POPT_ARG_NONE, &hexformat, 0, "Output format readable by text2pcap" },
POPT_TABLEEND
};
-
+
pc = poptGetContext(NULL, argc, (const char **) argv, long_options,
POPT_CONTEXT_KEEP_FIRST);
poptSetOtherOptionHelp(pc, "[<infile> [<outfile>]]");
-
-
+
+
while((opt = poptGetNextOpt(pc)) != -1) {
switch (opt) {
}
@@ -334,13 +333,13 @@ int main (int argc, char **argv)
return 1;
}
} else in = stdin;
-
+
outfile = poptGetArg(pc);
if(outfile) {
out = fopen(outfile, "w+");
- if(!out) {
- perror("fopen");
+ if(!out) {
+ perror("fopen");
fprintf(stderr, "Can't find %s, using stdout...\n", outfile);
return 1;
}
@@ -359,15 +358,15 @@ int main (int argc, char **argv)
read_log_msg(in, &curpacket, &curpacket_len, &data_offset, &data_length);
} else if(in_packet && strstr(buffer, "dump_data")) {
data_bytes_read = read_log_data(in, curpacket+data_offset, data_length);
- } else {
- if(in_packet){
- if(hexformat) print_hex_packet(out, curpacket, curpacket_len);
+ } else {
+ if(in_packet){
+ if(hexformat) print_hex_packet(out, curpacket, curpacket_len);
else print_netbios_packet(out, curpacket, curpacket_len, data_bytes_read+data_offset);
- free(curpacket);
+ free(curpacket);
}
in_packet = 0;
}
- }
+ }
}
if (in != stdin) {
--
1.8.1.2
>From 75685ffc061d46fbc1b49eccfbe236ed395bd63d Mon Sep 17 00:00:00 2001
From: Volker Lendecke <vl at samba.org>
Date: Sun, 18 Aug 2013 19:34:35 +0000
Subject: [PATCH 02/11] registry4: Fix CID 1034911 Dereference before null
check
curbegin is always != NULL here (curend + 1) and is dereferenced by
strchr.
Signed-off-by: Volker Lendecke <vl at samba.org>
---
source4/lib/registry/local.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/source4/lib/registry/local.c b/source4/lib/registry/local.c
index 79c398b..4db8cc6 100644
--- a/source4/lib/registry/local.c
+++ b/source4/lib/registry/local.c
@@ -233,7 +233,7 @@ static WERROR local_create_key(TALLOC_CTX *mem_ctx,
break;
curbegin = curend + 1;
curend = strchr(curbegin, '\\');
- } while (curbegin != NULL && curbegin[0] != '\0');
+ } while (curbegin[0] != '\0');
talloc_free(orig);
*result = reg_import_hive_key(local_parent->global.context, curkey,
--
1.8.1.2
>From 9fc899849d54e1cc2b0e7f445cb495ae119ba771 Mon Sep 17 00:00:00 2001
From: Volker Lendecke <vl at samba.org>
Date: Sun, 18 Aug 2013 19:37:56 +0000
Subject: [PATCH 03/11] samdb: Fix CID 1034910 Dereference before null check
strncmp("tdb://", secrets_ldb, 6) dereferences secrets_ldb. Check for
NULL before that.
Signed-off-by: Volker Lendecke <vl at samba.org>
---
source4/dsdb/samdb/ldb_modules/secrets_tdb_sync.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/source4/dsdb/samdb/ldb_modules/secrets_tdb_sync.c b/source4/dsdb/samdb/ldb_modules/secrets_tdb_sync.c
index e3d8485..284aa1b 100644
--- a/source4/dsdb/samdb/ldb_modules/secrets_tdb_sync.c
+++ b/source4/dsdb/samdb/ldb_modules/secrets_tdb_sync.c
@@ -489,12 +489,12 @@ static int secrets_tdb_sync_init(struct ldb_module *module)
ldb_module_set_private(module, data);
secrets_ldb = (const char *)ldb_get_opaque(ldb, "ldb_url");
- if (strncmp("tdb://", secrets_ldb, 6) == 0) {
- secrets_ldb += 6;
- }
if (!secrets_ldb) {
return ldb_operr(ldb);
}
+ if (strncmp("tdb://", secrets_ldb, 6) == 0) {
+ secrets_ldb += 6;
+ }
private_dir = talloc_strdup(data, secrets_ldb);
p = strrchr(private_dir, '/');
if (p) {
--
1.8.1.2
>From 7b2b4fd5a1e1e005207d7a511ebba36ce4d2faba Mon Sep 17 00:00:00 2001
From: Volker Lendecke <vl at samba.org>
Date: Sun, 18 Aug 2013 19:37:56 +0000
Subject: [PATCH 04/11] samdb: Fix CID 1034910 Dereference before null check
strncmp("tdb://", sam_name, 6) dereferences sam_name. Check for
NULL before that.
Signed-off-by: Volker Lendecke <vl at samba.org>
---
source4/dsdb/samdb/ldb_modules/schema_load.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/source4/dsdb/samdb/ldb_modules/schema_load.c b/source4/dsdb/samdb/ldb_modules/schema_load.c
index faaf3f2..93e8e97 100644
--- a/source4/dsdb/samdb/ldb_modules/schema_load.c
+++ b/source4/dsdb/samdb/ldb_modules/schema_load.c
@@ -68,13 +68,13 @@ static int schema_metadata_open(struct ldb_module *module)
}
sam_name = (const char *)ldb_get_opaque(ldb, "ldb_url");
- if (strncmp("tdb://", sam_name, 6) == 0) {
- sam_name += 6;
- }
if (!sam_name) {
talloc_free(tmp_ctx);
return ldb_operr(ldb);
}
+ if (strncmp("tdb://", sam_name, 6) == 0) {
+ sam_name += 6;
+ }
filename = talloc_asprintf(tmp_ctx, "%s.d/metadata.tdb", sam_name);
if (!filename) {
talloc_free(tmp_ctx);
--
1.8.1.2
>From 3690e687c731c9c2f242ddb19a43536bbe9d12ac Mon Sep 17 00:00:00 2001
From: Volker Lendecke <vl at samba.org>
Date: Sun, 18 Aug 2013 19:37:56 +0000
Subject: [PATCH 05/11] samdb: Fix CID 1034910 Dereference before null check
strncmp("tdb://", sam_name, 6) dereferences sam_name. Check for
NULL before that.
Signed-off-by: Volker Lendecke <vl at samba.org>
---
source4/dsdb/samdb/ldb_modules/partition_metadata.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/source4/dsdb/samdb/ldb_modules/partition_metadata.c b/source4/dsdb/samdb/ldb_modules/partition_metadata.c
index 5826ac2..c67d6cf 100644
--- a/source4/dsdb/samdb/ldb_modules/partition_metadata.c
+++ b/source4/dsdb/samdb/ldb_modules/partition_metadata.c
@@ -199,13 +199,13 @@ static int partition_metadata_open(struct ldb_module *module, bool create)
}
sam_name = (const char *)ldb_get_opaque(ldb, "ldb_url");
- if (strncmp("tdb://", sam_name, 6) == 0) {
- sam_name += 6;
- }
if (!sam_name) {
talloc_free(tmp_ctx);
return ldb_operr(ldb);
}
+ if (strncmp("tdb://", sam_name, 6) == 0) {
+ sam_name += 6;
+ }
filename = talloc_asprintf(tmp_ctx, "%s.d/metadata.tdb", sam_name);
if (!filename) {
talloc_free(tmp_ctx);
--
1.8.1.2
>From ab3cf93c702de94b6a369515d4a65f6c11e8b1d8 Mon Sep 17 00:00:00 2001
From: Volker Lendecke <vl at samba.org>
Date: Sun, 18 Aug 2013 19:49:24 +0000
Subject: [PATCH 06/11] ldb: Fix CID 1034793 Dereference null return value
Add a proper NULL check
Signed-off-by: Volker Lendecke <vl at samba.org>
---
lib/ldb/tools/ldbtest.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/lib/ldb/tools/ldbtest.c b/lib/ldb/tools/ldbtest.c
index 4e181af..384624c 100644
--- a/lib/ldb/tools/ldbtest.c
+++ b/lib/ldb/tools/ldbtest.c
@@ -324,6 +324,10 @@ static void start_test_index(struct ldb_context **ldb)
ldb_delete(*ldb, indexlist);
msg = ldb_msg_new(NULL);
+ if (msg == NULL) {
+ printf("ldb_msg_new failed\n");
+ exit(LDB_ERR_OPERATIONS_ERROR);
+ }
msg->dn = indexlist;
ldb_msg_add_string(msg, "@IDXATTR", strdup("uid"));
--
1.8.1.2
>From b1ddb9688745622d6514118f030c5c68c6b8e16c Mon Sep 17 00:00:00 2001
From: Volker Lendecke <vl at samba.org>
Date: Sun, 18 Aug 2013 19:51:49 +0000
Subject: [PATCH 07/11] pyldb: Fix CID 1034792 Dereference null return value
Add a NULL check
Signed-off-by: Volker Lendecke <vl at samba.org>
---
lib/ldb/pyldb.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/lib/ldb/pyldb.c b/lib/ldb/pyldb.c
index ec6c7d0..4583132 100644
--- a/lib/ldb/pyldb.c
+++ b/lib/ldb/pyldb.c
@@ -1075,6 +1075,10 @@ static struct ldb_message *PyDict_AsMessage(TALLOC_CTX *mem_ctx,
PyObject *dn_value = PyDict_GetItemString(py_obj, "dn");
msg = ldb_msg_new(mem_ctx);
+ if (msg == NULL) {
+ PyErr_NoMemory();
+ return NULL;
+ }
msg->elements = talloc_zero_array(msg, struct ldb_message_element, PyDict_Size(py_obj));
if (dn_value) {
--
1.8.1.2
>From 7da1de5ece6372e94d2faf77e614337aef6b6363 Mon Sep 17 00:00:00 2001
From: Volker Lendecke <vl at samba.org>
Date: Sun, 18 Aug 2013 19:54:31 +0000
Subject: [PATCH 08/11] ldb_map: Fix CID 1034791 Dereference null return value
Add NULL checks
Signed-off-by: Volker Lendecke <vl at samba.org>
---
lib/ldb/ldb_map/ldb_map.c | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/lib/ldb/ldb_map/ldb_map.c b/lib/ldb/ldb_map/ldb_map.c
index d35e5c6..6f5b39a 100644
--- a/lib/ldb/ldb_map/ldb_map.c
+++ b/lib/ldb/ldb_map/ldb_map.c
@@ -223,12 +223,18 @@ int ldb_next_remote_request(struct ldb_module *module, struct ldb_request *reque
case LDB_ADD:
msg = ldb_msg_copy_shallow(request, request->op.add.message);
+ if (msg == NULL) {
+ return LDB_ERR_OPERATIONS_ERROR;
+ }
msg->dn = ldb_dn_rebase_remote(msg, data, msg->dn);
request->op.add.message = msg;
break;
case LDB_MODIFY:
msg = ldb_msg_copy_shallow(request, request->op.mod.message);
+ if (msg == NULL) {
+ return LDB_ERR_OPERATIONS_ERROR;
+ }
msg->dn = ldb_dn_rebase_remote(msg, data, msg->dn);
request->op.mod.message = msg;
break;
--
1.8.1.2
>From b01a2ad1d5ac26e23ee0bc257eb929afbeba3a9b Mon Sep 17 00:00:00 2001
From: Volker Lendecke <vl at samba.org>
Date: Sun, 18 Aug 2013 20:35:32 +0000
Subject: [PATCH 09/11] smbd: Fix CID 1063259 Uninitialized scalar variable
Signed-off-by: Volker Lendecke <vl at samba.org>
---
source3/smbd/process.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/source3/smbd/process.c b/source3/smbd/process.c
index 3fbfc37..b8e01ba 100644
--- a/source3/smbd/process.c
+++ b/source3/smbd/process.c
@@ -165,6 +165,7 @@ bool srv_send_smb(struct smbd_server_connection *sconn, char *buffer,
DEBUG(0, ("send_smb: SMB encryption failed "
"on outgoing packet! Error %s\n",
nt_errstr(status) ));
+ ret = -1;
goto out;
}
}
--
1.8.1.2
>From b19185864411b7f0f10f1ace29501e69163dc252 Mon Sep 17 00:00:00 2001
From: Volker Lendecke <vl at samba.org>
Date: Sun, 18 Aug 2013 20:37:26 +0000
Subject: [PATCH 10/11] gensec: Fix CID 1063258 Uninitialized scalar variable
Signed-off-by: Volker Lendecke <vl at samba.org>
---
auth/gensec/gensec.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/auth/gensec/gensec.c b/auth/gensec/gensec.c
index abcbcb9..63ebc19 100644
--- a/auth/gensec/gensec.c
+++ b/auth/gensec/gensec.c
@@ -273,6 +273,7 @@ _PUBLIC_ NTSTATUS gensec_update(struct gensec_security *gensec_security, TALLOC_
subreq = ops->update_send(frame, ev, gensec_security, in);
if (subreq == NULL) {
+ status = NT_STATUS_NO_MEMORY;
goto fail;
}
ok = tevent_req_poll_ntstatus(subreq, ev, &status);
--
1.8.1.2
>From 1e072bd56ec824777a85f3306ef17378b0a2bf91 Mon Sep 17 00:00:00 2001
From: Volker Lendecke <vl at samba.org>
Date: Sun, 18 Aug 2013 20:41:51 +0000
Subject: [PATCH 11/11] rpc_server: Fix CID 1063255 Resource leak
We would leak a socket 0 here
Signed-off-by: Volker Lendecke <vl at samba.org>
---
source3/rpc_server/rpc_server.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/source3/rpc_server/rpc_server.c b/source3/rpc_server/rpc_server.c
index de54ddc..fa3c870 100644
--- a/source3/rpc_server/rpc_server.c
+++ b/source3/rpc_server/rpc_server.c
@@ -620,7 +620,7 @@ int create_tcpip_socket(const struct sockaddr_storage *ifss, uint16_t *port)
0,
ifss,
false);
- if (fd > 0) {
+ if (fd >= 0) {
*port = i;
break;
}
--
1.8.1.2
More information about the samba-technical
mailing list