[PATCH] some coverity fixes

Volker Lendecke Volker.Lendecke at SerNet.DE
Tue Mar 3 09:00:03 MST 2015


Hi!

Review&push appreciated!

Thanks,

Volker

-- 
SerNet GmbH, Bahnhofsallee 1b, 37081 Göttingen
phone: +49-551-370000-0, fax: +49-551-370000-9
AG Göttingen, HRB 2816, GF: Dr. Johannes Loxen
http://www.sernet.de, mailto:kontakt at sernet.de
-------------- next part --------------
From 3819466a64e0ee0e3ce151aa8f755ccb894c03b3 Mon Sep 17 00:00:00 2001
From: Volker Lendecke <vl at samba.org>
Date: Tue, 3 Mar 2015 15:48:46 +0100
Subject: [PATCH 1/5] aio_fork: Fix CID 1273291 Uninitialized scalar variable

The previous code left msg.msg_flags uninitialized

Signed-off-by: Volker Lendecke <vl at samba.org>
---
 source3/modules/vfs_aio_fork.c | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

diff --git a/source3/modules/vfs_aio_fork.c b/source3/modules/vfs_aio_fork.c
index bf29dd1..06f38c2 100644
--- a/source3/modules/vfs_aio_fork.c
+++ b/source3/modules/vfs_aio_fork.c
@@ -203,15 +203,13 @@ static ssize_t read_fd(int fd, void *ptr, size_t nbytes, int *recvfd)
 
 static ssize_t write_fd(int fd, void *ptr, size_t nbytes, int sendfd)
 {
-	struct msghdr msg;
+	struct msghdr msg = {0};
 	size_t bufsize = msghdr_prep_fds(NULL, NULL, 0, &sendfd, 1);
 	uint8_t buf[bufsize];
 	struct iovec iov;
 	ssize_t sent;
 
 	msghdr_prep_fds(&msg, buf, bufsize, &sendfd, 1);
-	msg.msg_name = NULL;
-	msg.msg_namelen = 0;
 
 	iov.iov_base = (void *)ptr;
 	iov.iov_len = nbytes;
-- 
1.9.1


From 0a312a7cca0f12a8f32db9bf94cefd0ce1654713 Mon Sep 17 00:00:00 2001
From: Volker Lendecke <vl at samba.org>
Date: Tue, 3 Mar 2015 15:53:34 +0100
Subject: [PATCH 2/5] smbd: Fix CID 1273088 Resource leak

Signed-off-by: Volker Lendecke <vl at samba.org>
---
 source3/smbd/smb2_setinfo.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/source3/smbd/smb2_setinfo.c b/source3/smbd/smb2_setinfo.c
index e6981d1..3f7bbec 100644
--- a/source3/smbd/smb2_setinfo.c
+++ b/source3/smbd/smb2_setinfo.c
@@ -474,6 +474,7 @@ static struct tevent_req *smbd_smb2_setinfo_send(TALLOC_CTX *mem_ctx,
 			lck = get_existing_share_mode_lock(mem_ctx,
 							fsp->file_id);
 			if (lck == NULL) {
+				SAFE_FREE(data);
 				tevent_req_nterror(req,
 					NT_STATUS_UNSUCCESSFUL);
 				return tevent_req_post(req, ev);
-- 
1.9.1


From 862929c6edb4aeba0a89b5c0a52327b9dacb5973 Mon Sep 17 00:00:00 2001
From: Volker Lendecke <vl at samba.org>
Date: Tue, 3 Mar 2015 15:57:02 +0100
Subject: [PATCH 3/5] lib: Fix CID 1273073 Assign instead of compare

This is a brown paper bag thingy, right?

Signed-off-by: Volker Lendecke <vl at samba.org>
---
 lib/util/close_low_fd.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/util/close_low_fd.c b/lib/util/close_low_fd.c
index b11d25f..5e74918 100644
--- a/lib/util/close_low_fd.c
+++ b/lib/util/close_low_fd.c
@@ -28,7 +28,7 @@ _PUBLIC_ int close_low_fd(int fd)
 
 	dev_null = open("/dev/null", O_RDWR, 0);
 
-	if ((dev_null == -1) && (errno = ENFILE)) {
+	if ((dev_null == -1) && (errno == ENFILE)) {
 		/*
 		 * Try to free up an fd
 		 */
-- 
1.9.1


From be8f04bd12e33f58755511e3122a88bc600a3404 Mon Sep 17 00:00:00 2001
From: Volker Lendecke <vl at samba.org>
Date: Tue, 3 Mar 2015 16:11:26 +0100
Subject: [PATCH 4/5] pam: Fix CID 1034870 Resource leak

Signed-off-by: Volker Lendecke <vl at samba.org>
---
 nsswitch/pam_winbind.c | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/nsswitch/pam_winbind.c b/nsswitch/pam_winbind.c
index f1b88cb..c6467c7 100644
--- a/nsswitch/pam_winbind.c
+++ b/nsswitch/pam_winbind.c
@@ -2436,6 +2436,7 @@ static char* winbind_upn_to_username(struct pwb_context *ctx,
 	char *domain = NULL;
 	char *name;
 	char *p;
+	char *result;
 
 	/* This cannot work when the winbind separator = @ */
 
@@ -2467,7 +2468,9 @@ static char* winbind_upn_to_username(struct pwb_context *ctx,
 		return NULL;
 	}
 
-	return talloc_asprintf(ctx, "%s%c%s", domain, sep, name);
+	result = talloc_asprintf(ctx, "%s%c%s", domain, sep, name);
+	wbcFreeMemory(domain);
+	return result;
 }
 
 static int _pam_delete_cred(pam_handle_t *pamh, int flags,
-- 
1.9.1


From 41cf39d32edd5ec89c6791286c1a1634432fbd7a Mon Sep 17 00:00:00 2001
From: Volker Lendecke <vl at samba.org>
Date: Tue, 3 Mar 2015 16:12:03 +0100
Subject: [PATCH 5/5] pam: Fix CID 1034871 Resource leak

Signed-off-by: Volker Lendecke <vl at samba.org>
---
 nsswitch/pam_winbind.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/nsswitch/pam_winbind.c b/nsswitch/pam_winbind.c
index c6467c7..1e16741 100644
--- a/nsswitch/pam_winbind.c
+++ b/nsswitch/pam_winbind.c
@@ -2470,6 +2470,7 @@ static char* winbind_upn_to_username(struct pwb_context *ctx,
 
 	result = talloc_asprintf(ctx, "%s%c%s", domain, sep, name);
 	wbcFreeMemory(domain);
+	wbcFreeMemory(name);
 	return result;
 }
 
-- 
1.9.1



More information about the samba-technical mailing list