PATCH: Some coverity fixes
Volker Lendecke
Volker.Lendecke at SerNet.DE
Mon Nov 11 02:19:09 MST 2013
Hi!
Attached find some coverity fixes.
Please review & push!
Thanks,
Volker
--
SerNet GmbH, Bahnhofsallee 1b, 37081 Göttingen
phone: +49-551-370000-0, fax: +49-551-370000-9
AG Göttingen, HRB 2816, GF: Dr. Johannes Loxen
http://www.sernet.de, mailto:kontakt at sernet.de
-------------- next part --------------
From fcaefe5b3a443b5be78e77e0c66020deb15ed632 Mon Sep 17 00:00:00 2001
From: Volker Lendecke <vl at samba.org>
Date: Sat, 9 Nov 2013 16:40:18 +0100
Subject: [PATCH 01/23] oLschema2ldif: Add some NULL checks
This should fix Coverity ID 1034812
Signed-off-by: Volker Lendecke <vl at samba.org>
---
source4/utils/oLschema2ldif.c | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/source4/utils/oLschema2ldif.c b/source4/utils/oLschema2ldif.c
index bcdf570..88dba01 100644
--- a/source4/utils/oLschema2ldif.c
+++ b/source4/utils/oLschema2ldif.c
@@ -352,7 +352,13 @@ static struct ldb_message *process_entry(TALLOC_CTX *mem_ctx, const char *entry)
bool single_valued = false;
ctx = talloc_new(mem_ctx);
+ if (ctx == NULL) {
+ return NULL;
+ }
msg = ldb_msg_new(ctx);
+ if (msg == NULL) {
+ goto failed;
+ }
ldb_msg_add_string(msg, "objectClass", "top");
--
1.7.9.5
From f9eb0d37c67ff2e101e2a21edc75463144e7078f Mon Sep 17 00:00:00 2001
From: Volker Lendecke <vl at samba.org>
Date: Sat, 9 Nov 2013 18:32:21 +0100
Subject: [PATCH 02/23] dsdb: Fix Coverity ID 1034907 Dereference before null
check
"module" has already been dereferenced by ldb_module_get_private(module)
Signed-off-by: Volker Lendecke <vl at samba.org>
---
source4/dsdb/samdb/ldb_modules/partition.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/source4/dsdb/samdb/ldb_modules/partition.c b/source4/dsdb/samdb/ldb_modules/partition.c
index 63835d8..39e85e4 100644
--- a/source4/dsdb/samdb/ldb_modules/partition.c
+++ b/source4/dsdb/samdb/ldb_modules/partition.c
@@ -811,7 +811,7 @@ static int partition_start_trans(struct ldb_module *module)
/* Look at base DN */
/* Figure out which partition it is under */
/* Skip the lot if 'data' isn't here yet (initialization) */
- if ((module && ldb_module_flags(ldb_module_get_ctx(module)) & LDB_FLG_ENABLE_TRACING)) {
+ if (ldb_module_flags(ldb_module_get_ctx(module)) & LDB_FLG_ENABLE_TRACING) {
ldb_debug(ldb_module_get_ctx(module), LDB_DEBUG_TRACE, "partition_start_trans() -> (metadata partition)");
}
ret = ldb_next_start_trans(module);
--
1.7.9.5
From 960cf4d12bc6461598279e38ff0ee26048250b78 Mon Sep 17 00:00:00 2001
From: Volker Lendecke <vl at samba.org>
Date: Sat, 9 Nov 2013 18:40:08 +0100
Subject: [PATCH 03/23] registry: Fix Coverity ID 1034916 Wrong sizeof
argument
sizeof(data_val) is the size of the pointer. This might well be 8 bytes
where the string is only 4 bytes long
Signed-off-by: Volker Lendecke <vl at samba.org>
---
source4/lib/registry/tests/registry.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/source4/lib/registry/tests/registry.c b/source4/lib/registry/tests/registry.c
index 4e6dda4..ddf402c 100644
--- a/source4/lib/registry/tests/registry.c
+++ b/source4/lib/registry/tests/registry.c
@@ -502,7 +502,8 @@ static bool test_del_value(struct torture_context *tctx, void *_data)
"unsetting missing default value");
error = reg_val_set(subkey, "", REG_SZ,
- data_blob_talloc(tctx, data_val, sizeof(data_val)));
+ data_blob_talloc(tctx, data_val,
+ strlen(data_val)));
torture_assert_werr_ok(tctx, error, "set default value");
error = reg_del_value(tctx, subkey, "");
--
1.7.9.5
From 746a68d32ac54a3d001c7481b4f8bc953401695a Mon Sep 17 00:00:00 2001
From: Volker Lendecke <vl at samba.org>
Date: Sat, 9 Nov 2013 18:40:08 +0100
Subject: [PATCH 04/23] registry: Fix Coverity ID 1034917 Wrong sizeof
argument
sizeof(data_val) is the size of the pointer. This might well be 8 bytes
where the string is only 4 bytes long
Signed-off-by: Volker Lendecke <vl at samba.org>
---
source4/lib/registry/tests/registry.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/source4/lib/registry/tests/registry.c b/source4/lib/registry/tests/registry.c
index ddf402c..0c3c395 100644
--- a/source4/lib/registry/tests/registry.c
+++ b/source4/lib/registry/tests/registry.c
@@ -449,14 +449,15 @@ static bool test_get_value(struct torture_context *tctx, void *_data)
torture_assert_int_equal(tctx, REG_DWORD, type, "value type");
error = reg_val_set(subkey, "", REG_SZ,
- data_blob_talloc(tctx, data_val, sizeof(data_val)));
+ data_blob_talloc(tctx, data_val,
+ strlen(data_val)));
torture_assert_werr_ok(tctx, error, "set default value");
error = reg_key_get_value_by_name(tctx, subkey, "", &type,
&data);
torture_assert_werr_ok(tctx, error, "getting default value");
torture_assert_int_equal(tctx, REG_SZ, type, "value type ok");
- torture_assert_int_equal(tctx, sizeof(data_val), data.length, "value length ok");
+ torture_assert_int_equal(tctx, strlen(data_val), data.length, "value length ok");
torture_assert_str_equal(tctx, data_val, (char *)data.data, "value ok");
return true;
--
1.7.9.5
From 2dc7fadb82afb6290adb5ea330daeadae52d6cd0 Mon Sep 17 00:00:00 2001
From: Volker Lendecke <vl at samba.org>
Date: Sat, 9 Nov 2013 18:40:08 +0100
Subject: [PATCH 05/23] registry: Fix Coverity ID 1034918 Wrong sizeof
argument
sizeof(data_val) is the size of the pointer. This might well be 8 bytes
where the string is only 4 bytes long
Signed-off-by: Volker Lendecke <vl at samba.org>
---
source4/lib/registry/tests/registry.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/source4/lib/registry/tests/registry.c b/source4/lib/registry/tests/registry.c
index 0c3c395..b9b7c28 100644
--- a/source4/lib/registry/tests/registry.c
+++ b/source4/lib/registry/tests/registry.c
@@ -552,14 +552,14 @@ static bool test_list_values(struct torture_context *tctx, void *_data)
"getting missing value");
error = reg_val_set(subkey, "", REG_SZ,
- data_blob_talloc(tctx, data_val, sizeof(data_val)));
+ data_blob_talloc(tctx, data_val, strlen(data_val)));
torture_assert_werr_ok(tctx, error, "set default value");
error = reg_key_get_value_by_index(tctx, subkey, 0, &name,
&type, &data);
torture_assert_werr_ok(tctx, error, "getting default value");
torture_assert_int_equal(tctx, REG_SZ, type, "value type ok");
- torture_assert_int_equal(tctx, sizeof(data_val), data.length, "value length ok");
+ torture_assert_int_equal(tctx, strlen(data_val), data.length, "value length ok");
torture_assert_str_equal(tctx, data_val, (char *)data.data, "value ok");
return true;
--
1.7.9.5
From 8d4de53be7bb68cb22c9cf631c3f9808d3492625 Mon Sep 17 00:00:00 2001
From: Volker Lendecke <vl at samba.org>
Date: Sat, 9 Nov 2013 18:50:16 +0100
Subject: [PATCH 06/23] net: Fix CID 1035403 Unchecked return value
Signed-off-by: Volker Lendecke <vl at samba.org>
---
source3/utils/net_rpc_registry.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/source3/utils/net_rpc_registry.c b/source3/utils/net_rpc_registry.c
index 9445e09..cc4eaa7 100644
--- a/source3/utils/net_rpc_registry.c
+++ b/source3/utils/net_rpc_registry.c
@@ -1183,7 +1183,10 @@ static void dump_values( REGF_NK_REC *nk )
switch ( nk->values[i].type ) {
case REG_SZ:
blob = data_blob_const(nk->values[i].data, data_size);
- pull_reg_sz(talloc_tos(), &blob, &data_str);
+ if (!pull_reg_sz(talloc_tos(), &blob,
+ &data_str)) {
+ data_str = NULL;
+ }
if (!data_str) {
break;
}
--
1.7.9.5
From 7a5ab86682053b40b1e13ceeeb155b9100bd094d Mon Sep 17 00:00:00 2001
From: Volker Lendecke <vl at samba.org>
Date: Sat, 9 Nov 2013 19:11:41 +0100
Subject: [PATCH 07/23] netapi: Fix CID 1127344 Uninitialized scalar variable
Signed-off-by: Volker Lendecke <vl at samba.org>
---
source3/lib/netapi/wkstainfo.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/source3/lib/netapi/wkstainfo.c b/source3/lib/netapi/wkstainfo.c
index cda4b50..b093958 100644
--- a/source3/lib/netapi/wkstainfo.c
+++ b/source3/lib/netapi/wkstainfo.c
@@ -83,6 +83,7 @@ static NTSTATUS map_wksta_info_to_WKSTA_INFO_buffer(TALLOC_CTX *mem_ctx,
i102.wki102_ver_major = i->info102->version_major;
i102.wki102_ver_minor = i->info102->version_minor;
i102.wki102_lanroot = talloc_strdup(mem_ctx, i->info102->lan_root);
+ i102.wki102_logged_on_users = i->info102->logged_on_users;
ADD_TO_ARRAY(mem_ctx, struct WKSTA_INFO_102, i102,
(struct WKSTA_INFO_102 **)buffer,
--
1.7.9.5
From 7380db08dd9819ee2d95abac4fccd2d40f021402 Mon Sep 17 00:00:00 2001
From: Volker Lendecke <vl at samba.org>
Date: Sat, 9 Nov 2013 19:14:15 +0100
Subject: [PATCH 08/23] libsmb: Fix CID 1127343 Dead default in switch
We have checked sec_channel_type a few lines above already
Signed-off-by: Volker Lendecke <vl at samba.org>
---
source3/libsmb/trusts_util.c | 2 --
1 file changed, 2 deletions(-)
diff --git a/source3/libsmb/trusts_util.c b/source3/libsmb/trusts_util.c
index 428e0c1..52fb481 100644
--- a/source3/libsmb/trusts_util.c
+++ b/source3/libsmb/trusts_util.c
@@ -108,8 +108,6 @@ NTSTATUS trust_pw_find_change_and_store_it(struct rpc_pipe_client *cli,
}
break;
}
- default:
- break;
}
}
--
1.7.9.5
From bfbc0f11a905849663edf35b47c4b2607fd8561b Mon Sep 17 00:00:00 2001
From: Volker Lendecke <vl at samba.org>
Date: Sat, 9 Nov 2013 20:37:01 +0100
Subject: [PATCH 09/23] iniparser: Fix CID 241908 Copy into fixed size buffer
strcpy is never a good idea....
Signed-off-by: Volker Lendecke <vl at samba.org>
---
lib/iniparser/src/iniparser.c | 8 +++++---
1 file changed, 5 insertions(+), 3 deletions(-)
diff --git a/lib/iniparser/src/iniparser.c b/lib/iniparser/src/iniparser.c
index 0934087..db00c88 100644
--- a/lib/iniparser/src/iniparser.c
+++ b/lib/iniparser/src/iniparser.c
@@ -38,16 +38,18 @@ static void iniparser_add_entry(
char * val)
{
char longkey[2*ASCIILINESZ+1];
+ char *l;
/* Make a key as section:keyword */
if (key!=NULL) {
- sprintf(longkey, "%s:%s", sec, key);
+ snprintf(longkey, sizeof(longkey), "%s:%s", sec, key);
+ l = longkey;
} else {
- strcpy(longkey, sec);
+ l = sec;
}
/* Add (key,val) to dictionary */
- dictionary_set(d, longkey, val);
+ dictionary_set(d, l, val);
return ;
}
--
1.7.9.5
From 1fcfbfdf21697203c72be94eaa77a532e2a5d0f5 Mon Sep 17 00:00:00 2001
From: Volker Lendecke <vl at samba.org>
Date: Sat, 9 Nov 2013 21:02:10 +0100
Subject: [PATCH 10/23] smbd: Fix CID 1035434 Same on both sides
Looks scary, but the only effect of this bug is too many UNLOCK messages
Signed-off-by: Volker Lendecke <vl at samba.org>
---
source3/locking/brlock.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/source3/locking/brlock.c b/source3/locking/brlock.c
index b5eebc8..e92a2cf 100644
--- a/source3/locking/brlock.c
+++ b/source3/locking/brlock.c
@@ -2222,7 +2222,7 @@ static int compare_procids(const void *p1, const void *p2)
const struct server_id *i2 = (const struct server_id *)p2;
if (i1->pid < i2->pid) return -1;
- if (i2->pid > i2->pid) return 1;
+ if (i1->pid > i2->pid) return 1;
return 0;
}
--
1.7.9.5
From a806d62b4cd8138398a0c0297bbb0545848754f9 Mon Sep 17 00:00:00 2001
From: Volker Lendecke <vl at samba.org>
Date: Sat, 9 Nov 2013 21:11:41 +0100
Subject: [PATCH 11/23] libsmb: Fix CID 241313 Array compared against 0
userinfo->passwrd is not a pointer, no point in checking for !=NULL
Signed-off-by: Volker Lendecke <vl at samba.org>
---
source3/libsmb/clirap2.c | 6 ++----
1 file changed, 2 insertions(+), 4 deletions(-)
diff --git a/source3/libsmb/clirap2.c b/source3/libsmb/clirap2.c
index 05d8fb2..457a82e 100644
--- a/source3/libsmb/clirap2.c
+++ b/source3/libsmb/clirap2.c
@@ -867,10 +867,8 @@ int cli_NetUserAdd(struct cli_state *cli, struct rap_user_info_1 * userinfo )
PUTWORD(p, 1); /* info level */
PUTWORD(p, 0); /* pwencrypt */
- if(userinfo->passwrd)
- PUTWORD(p,MIN(strlen((const char *)userinfo->passwrd), RAP_UPASSWD_LEN));
- else
- PUTWORD(p, 0); /* password length */
+ PUTWORD(p, MIN(strlen((const char *)userinfo->passwrd),
+ RAP_UPASSWD_LEN));
p = data;
memset(data, '\0', soffset);
--
1.7.9.5
From 387702d264737a2851c0e3c6b23634875c5e19dc Mon Sep 17 00:00:00 2001
From: Volker Lendecke <vl at samba.org>
Date: Sat, 9 Nov 2013 21:29:24 +0100
Subject: [PATCH 12/23] ldb: Fix CID 241329 Array compared against 0
u.generate.remote_names is an array, not a pointer
Signed-off-by: Volker Lendecke <vl at samba.org>
---
lib/ldb/ldb_map/ldb_map.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/lib/ldb/ldb_map/ldb_map.c b/lib/ldb/ldb_map/ldb_map.c
index 52b483b..66b0059 100644
--- a/lib/ldb/ldb_map/ldb_map.c
+++ b/lib/ldb/ldb_map/ldb_map.c
@@ -340,7 +340,7 @@ const struct ldb_map_attribute *map_attr_find_remote(const struct ldb_map_contex
break;
case LDB_MAP_GENERATE:
- for (j = 0; map->u.generate.remote_names && map->u.generate.remote_names[j]; j++) {
+ for (j = 0; map->u.generate.remote_names[j]; j++) {
if (ldb_attr_cmp(map->u.generate.remote_names[j], name) == 0) {
return map;
}
--
1.7.9.5
From 065923a88bc569451717df1ede03720cfc98605b Mon Sep 17 00:00:00 2001
From: Volker Lendecke <vl at samba.org>
Date: Sun, 10 Nov 2013 09:45:38 +0100
Subject: [PATCH 13/23] heimdal: Fix 241482 Resource leak
Signed-off-by: Volker Lendecke <vl at samba.org>
---
source4/heimdal/lib/gssapi/krb5/init_sec_context.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/source4/heimdal/lib/gssapi/krb5/init_sec_context.c b/source4/heimdal/lib/gssapi/krb5/init_sec_context.c
index 5f8b01b..0a89ae1 100644
--- a/source4/heimdal/lib/gssapi/krb5/init_sec_context.c
+++ b/source4/heimdal/lib/gssapi/krb5/init_sec_context.c
@@ -137,6 +137,7 @@ _gsskrb5_create_ctx(
if (kret) {
*minor_status = kret;
HEIMDAL_MUTEX_destroy(&ctx->ctx_id_mutex);
+ free(ctx);
return GSS_S_FAILURE;
}
@@ -145,6 +146,7 @@ _gsskrb5_create_ctx(
*minor_status = kret;
krb5_auth_con_free(context, ctx->auth_context);
HEIMDAL_MUTEX_destroy(&ctx->ctx_id_mutex);
+ free(ctx);
return GSS_S_FAILURE;
}
@@ -156,7 +158,7 @@ _gsskrb5_create_ctx(
krb5_auth_con_free(context, ctx->deleg_auth_context);
HEIMDAL_MUTEX_destroy(&ctx->ctx_id_mutex);
-
+ free(ctx);
return GSS_S_BAD_BINDINGS;
}
@@ -168,7 +170,7 @@ _gsskrb5_create_ctx(
krb5_auth_con_free(context, ctx->deleg_auth_context);
HEIMDAL_MUTEX_destroy(&ctx->ctx_id_mutex);
-
+ free(ctx);
return GSS_S_BAD_BINDINGS;
}
--
1.7.9.5
From 810f4fe0f40462f6631cf9c49130fdf568b24b13 Mon Sep 17 00:00:00 2001
From: Volker Lendecke <vl at samba.org>
Date: Sun, 10 Nov 2013 10:06:18 +0100
Subject: [PATCH 14/23] samdb: Fix CID 241968 Uninitialized pointer read
Interestingly gcc does not catch this at all.
Signed-off-by: Volker Lendecke <vl at samba.org>
---
source4/dsdb/samdb/ldb_modules/local_password.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/source4/dsdb/samdb/ldb_modules/local_password.c b/source4/dsdb/samdb/ldb_modules/local_password.c
index 4adf180..86c79ee 100644
--- a/source4/dsdb/samdb/ldb_modules/local_password.c
+++ b/source4/dsdb/samdb/ldb_modules/local_password.c
@@ -181,7 +181,7 @@ static int local_password_add(struct ldb_module *module, struct ldb_request *req
return ldb_operr(ldb);
}
- remote_message = ldb_msg_copy_shallow(remote_req, req->op.add.message);
+ remote_message = ldb_msg_copy_shallow(ac, req->op.add.message);
if (remote_message == NULL) {
return ldb_operr(ldb);
}
--
1.7.9.5
From 85114d267db1afae11903570828952224c5ffdfb Mon Sep 17 00:00:00 2001
From: Volker Lendecke <vl at samba.org>
Date: Sun, 10 Nov 2013 11:48:17 +0100
Subject: [PATCH 15/23] smbd: Fix CID 1035478 Negative array index read
lp_parm_enum can return -1. Add error checking.
Signed-off-by: Volker Lendecke <vl at samba.org>
---
source3/modules/nfs4_acls.c | 25 +++++++++++++++++++------
1 file changed, 19 insertions(+), 6 deletions(-)
diff --git a/source3/modules/nfs4_acls.c b/source3/modules/nfs4_acls.c
index 08ae141..774c40e 100644
--- a/source3/modules/nfs4_acls.c
+++ b/source3/modules/nfs4_acls.c
@@ -85,16 +85,29 @@ static int smbacl4_get_vfs_params(
{ e_merge, "merge" },
{ -1 , NULL }
};
+ int enumval;
memset(params, 0, sizeof(smbacl4_vfs_params));
- params->mode = (enum smbacl4_mode_enum)lp_parm_enum(
- SNUM(conn), type_name,
- "mode", enum_smbacl4_modes, e_simple);
+
+ enumval = lp_parm_enum(SNUM(conn), type_name, "mode",
+ enum_smbacl4_modes, e_simple);
+ if (enumval == -1) {
+ DEBUG(10, ("value for %s:mode unknown\n", type_name));
+ return -1;
+ }
+ params->mode = (enum smbacl4_mode_enum)enumval;
+
params->do_chown = lp_parm_bool(SNUM(conn), type_name,
"chown", true);
- params->acedup = (enum smbacl4_acedup_enum)lp_parm_enum(
- SNUM(conn), type_name,
- "acedup", enum_smbacl4_acedups, e_dontcare);
+
+ enumval = lp_parm_enum(SNUM(conn), type_name, "acedup",
+ enum_smbacl4_acedups, e_dontcare);
+ if (enumval == -1) {
+ DEBUG(10, ("value for %s:acedup unknown\n", type_name));
+ return -1;
+ }
+ params->acedup = (enum smbacl4_acedup_enum)enumval;
+
params->map_full_control = lp_acl_map_full_control(SNUM(conn));
DEBUG(10, ("mode:%s, do_chown:%s, acedup: %s map full control:%s\n",
--
1.7.9.5
From 8a4e60872a897e4bbd6f9550066e909191982c72 Mon Sep 17 00:00:00 2001
From: Volker Lendecke <vl at samba.org>
Date: Sun, 10 Nov 2013 11:56:06 +0100
Subject: [PATCH 16/23] smbd: Use fstring in conn_tdb.h
It might be legacy, but as long as we have it, we can make use of it.
Signed-off-by: Volker Lendecke <vl at samba.org>
---
source3/lib/conn_tdb.h | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/source3/lib/conn_tdb.h b/source3/lib/conn_tdb.h
index b91a153..217814f 100644
--- a/source3/lib/conn_tdb.h
+++ b/source3/lib/conn_tdb.h
@@ -29,9 +29,9 @@ struct connections_data {
int cnum;
uid_t uid;
gid_t gid;
- char servicename[FSTRING_LEN];
- char addr[FSTRING_LEN];
- char machine[FSTRING_LEN];
+ fstring servicename;
+ fstring addr;
+ fstring machine;
time_t start;
};
--
1.7.9.5
From 0f30a9a41583e7bfc16017250fc9a2f30f11803e Mon Sep 17 00:00:00 2001
From: Volker Lendecke <vl at samba.org>
Date: Sun, 10 Nov 2013 11:56:06 +0100
Subject: [PATCH 17/23] smbd: Use fstring in conn_tdb.c
It might be legacy, but as long as we have it, we can make use of it.
Signed-off-by: Volker Lendecke <vl at samba.org>
---
source3/lib/conn_tdb.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/source3/lib/conn_tdb.c b/source3/lib/conn_tdb.c
index b218831..8c21b6f 100644
--- a/source3/lib/conn_tdb.c
+++ b/source3/lib/conn_tdb.c
@@ -39,8 +39,8 @@ struct connections_forall_state {
struct connections_forall_session {
uid_t uid;
gid_t gid;
- char machine[FSTRING_LEN];
- char addr[FSTRING_LEN];
+ fstring machine;
+ fstring addr;
};
static int collect_sessions_fn(struct smbXsrv_session_global0 *global,
--
1.7.9.5
From 15f7e55fddd8a40f3c39b306e08c85935d30b207 Mon Sep 17 00:00:00 2001
From: Volker Lendecke <vl at samba.org>
Date: Sun, 10 Nov 2013 11:57:37 +0100
Subject: [PATCH 18/23] smbd: Fix CID 1035366 Buffer not null terminated
Signed-off-by: Volker Lendecke <vl at samba.org>
---
source3/lib/conn_tdb.c | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/source3/lib/conn_tdb.c b/source3/lib/conn_tdb.c
index 8c21b6f..2169756 100644
--- a/source3/lib/conn_tdb.c
+++ b/source3/lib/conn_tdb.c
@@ -116,12 +116,12 @@ static int traverse_tcon_fn(struct smbXsrv_tcon_global0 *global,
key.pid = data.pid = global->server_id;
key.cnum = data.cnum = global->tcon_global_id;
- strncpy(key.name, global->share_name, sizeof(key.name));
- strncpy(data.servicename, global->share_name, sizeof(data.servicename));
+ fstrcpy(key.name, global->share_name);
+ fstrcpy(data.servicename, global->share_name);
data.uid = sess.uid;
data.gid = sess.gid;
- strncpy(data.addr, sess.addr, sizeof(data.addr));
- strncpy(data.machine, sess.machine, sizeof(data.machine));
+ fstrcpy(data.addr, sess.addr);
+ fstrcpy(data.machine, sess.machine);
data.start = nt_time_to_unix(global->creation_time);
state->count++;
--
1.7.9.5
From bc5a0a2d29481ce29cf4cdfe992b549d4dd7509e Mon Sep 17 00:00:00 2001
From: Volker Lendecke <vl at samba.org>
Date: Sun, 10 Nov 2013 11:58:58 +0100
Subject: [PATCH 19/23] smbd: Fix CID 1035365 Buffer not null terminated
Signed-off-by: Volker Lendecke <vl at samba.org>
---
source3/lib/conn_tdb.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/source3/lib/conn_tdb.c b/source3/lib/conn_tdb.c
index 2169756..bf66d7d 100644
--- a/source3/lib/conn_tdb.c
+++ b/source3/lib/conn_tdb.c
@@ -60,8 +60,8 @@ static int collect_sessions_fn(struct smbXsrv_session_global0 *global,
sess.uid = global->auth_session_info->unix_token->uid;
sess.gid = global->auth_session_info->unix_token->gid;
}
- strncpy(sess.machine, global->channels[0].remote_name, sizeof(sess.machine));
- strncpy(sess.addr, global->channels[0].remote_address, sizeof(sess.addr));
+ fstrcpy(sess.machine, global->channels[0].remote_name);
+ fstrcpy(sess.addr, global->channels[0].remote_address);
status = dbwrap_store(state->session_by_pid,
make_tdb_data((void*)&id, sizeof(id)),
--
1.7.9.5
From 145f3e5da840b9c10412458bd04fc3021ffa4e78 Mon Sep 17 00:00:00 2001
From: Volker Lendecke <vl at samba.org>
Date: Sun, 10 Nov 2013 19:34:31 +0100
Subject: [PATCH 20/23] backupkey: Fix CID 1034885 Resource leak
Signed-off-by: Volker Lendecke <vl at samba.org>
---
source4/rpc_server/backupkey/dcesrv_backupkey.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/source4/rpc_server/backupkey/dcesrv_backupkey.c b/source4/rpc_server/backupkey/dcesrv_backupkey.c
index 87799db..83fb2bd 100644
--- a/source4/rpc_server/backupkey/dcesrv_backupkey.c
+++ b/source4/rpc_server/backupkey/dcesrv_backupkey.c
@@ -864,6 +864,7 @@ static WERROR self_sign_cert(TALLOC_CTX *ctx, hx509_context *hctx, hx509_request
talloc_free(uniqueid.data);
hx509_name_free(&subject);
free_SubjectPublicKeyInfo(&spki);
+ hx509_ca_tbs_free(&tbs);
return WERR_INTERNAL_ERROR;
}
ret = hx509_ca_tbs_set_subject(*hctx, tbs, subject);
--
1.7.9.5
From 6f914d6e32008423b1a18ceb2e245a39f0cb8c27 Mon Sep 17 00:00:00 2001
From: Volker Lendecke <vl at samba.org>
Date: Sun, 10 Nov 2013 19:41:15 +0100
Subject: [PATCH 21/23] ntvfs: Fix CID 1034883 Resource leak
Signed-off-by: Volker Lendecke <vl at samba.org>
---
source4/ntvfs/simple/vfs_simple.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/source4/ntvfs/simple/vfs_simple.c b/source4/ntvfs/simple/vfs_simple.c
index 58c8df8..a652494 100644
--- a/source4/ntvfs/simple/vfs_simple.c
+++ b/source4/ntvfs/simple/vfs_simple.c
@@ -414,7 +414,10 @@ do_open:
NT_STATUS_NOT_OK_RETURN(status);
f = talloc(handle, struct svfs_file);
- NT_STATUS_HAVE_NO_MEMORY(f);
+ if (f == NULL) {
+ close(fd);
+ return NT_STATUS_NO_MEMORY;
+ }
f->fd = fd;
f->name = talloc_strdup(f, unix_path);
NT_STATUS_HAVE_NO_MEMORY(f->name);
--
1.7.9.5
From b772ee00531793ae6ef0cef9d5f863786931e5e0 Mon Sep 17 00:00:00 2001
From: Volker Lendecke <vl at samba.org>
Date: Sun, 10 Nov 2013 19:43:48 +0100
Subject: [PATCH 22/23] gpo: Fix CID 1034881 Resource leak
Signed-off-by: Volker Lendecke <vl at samba.org>
---
source4/lib/policy/gp_filesys.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/source4/lib/policy/gp_filesys.c b/source4/lib/policy/gp_filesys.c
index 9f60d2f..a528a2e 100644
--- a/source4/lib/policy/gp_filesys.c
+++ b/source4/lib/policy/gp_filesys.c
@@ -251,6 +251,7 @@ static NTSTATUS gp_get_file (struct smbcli_tree *tree, const char *remote_src,
DEBUG(0, ("Remote/local file size mismatch after copying file: "
"%s (remote %zu, local %zu).\n",
remote_src, file_size, nread));
+ close(fh_local);
talloc_free(buf);
return NT_STATUS_UNSUCCESSFUL;
}
--
1.7.9.5
From 87ba43a9bac64f7a0dfff07e4a30b493ae7105c5 Mon Sep 17 00:00:00 2001
From: Volker Lendecke <vl at samba.org>
Date: Sun, 10 Nov 2013 19:45:11 +0100
Subject: [PATCH 23/23] gpo: Fix CID 1034880 Resource leak
Signed-off-by: Volker Lendecke <vl at samba.org>
---
source4/lib/policy/gp_filesys.c | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a/source4/lib/policy/gp_filesys.c b/source4/lib/policy/gp_filesys.c
index a528a2e..b6107fc 100644
--- a/source4/lib/policy/gp_filesys.c
+++ b/source4/lib/policy/gp_filesys.c
@@ -563,14 +563,13 @@ NTSTATUS gp_create_gpt(struct gp_context *gp_ctx, const char *name,
}
rv = write(fd, file_content, strlen(file_content));
+ close(fd);
if (rv != strlen(file_content)) {
DEBUG(0, ("Short write in GPT.INI\n"));
talloc_free(mem_ctx);
return NT_STATUS_UNSUCCESSFUL;
}
- close(fd);
-
/* Upload the GPT to the sysvol share on a DC */
status = gp_push_gpt(gp_ctx, policy_dir, file_sys_path);
if (!NT_STATUS_IS_OK(status)) {
--
1.7.9.5
More information about the samba-technical
mailing list