[PATCH] Fix fresh Coverity defects

Volker Lendecke Volker.Lendecke at SerNet.DE
Thu Jan 7 20:48:42 UTC 2016 

Hi, Jeremy!

Pinging you directly for the last of the patches. This is a
bit tricky and from a new code path. Please take a look, I
don't 100% get the semantics of us restoring
smb_fname->base_name in the fail: case for the "stream of
rootdir" code.

Thanks for some review!

Volker

-- 
SerNet GmbH, Bahnhofsallee 1b, 37081 Göttingen
phone: +49-551-370000-0, fax: +49-551-370000-9
AG Göttingen, HRB 2816, GF: Dr. Johannes Loxen
http://www.sernet.de, mailto:kontakt at sernet.de
-------------- next part --------------
From 4973fb36622893b7257e1b5ee1bcdda851374e72 Mon Sep 17 00:00:00 2001
From: Volker Lendecke <vl at samba.org>
Date: Thu, 7 Jan 2016 21:10:24 +0100
Subject: [PATCH 1/4] samdb: Fix CID 1347320 Dereference null return value

Signed-off-by: Volker Lendecke <vl at samba.org>
---
 source4/dsdb/samdb/ldb_modules/samldb.c |    6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/source4/dsdb/samdb/ldb_modules/samldb.c b/source4/dsdb/samdb/ldb_modules/samldb.c
index b9b57db..2394bd9 100644
--- a/source4/dsdb/samdb/ldb_modules/samldb.c
+++ b/source4/dsdb/samdb/ldb_modules/samldb.c
@@ -2886,6 +2886,12 @@ static int samldb_verify_subnet(struct samldb_ctx *ac)
 	const struct ldb_val *rdn_value = NULL;
 
 	rdn_value = ldb_dn_get_rdn_val(ac->msg->dn);
+	if (rdn_value == NULL) {
+		ldb_set_errstring(ldb, "samldb: ldb_dn_get_rdn_val "
+				  "failed");
+		return LDB_ERR_UNWILLING_TO_PERFORM;
+	}
+
 	cidr = ldb_dn_escape_value(ac, *rdn_value);
 	DBG_INFO("looking at cidr '%s'\n", cidr);
 	if (cidr == NULL) {
-- 
1.7.9.5


From 19605e97687763d4672b84a37ab052a3271853d6 Mon Sep 17 00:00:00 2001
From: Volker Lendecke <vl at samba.org>
Date: Thu, 7 Jan 2016 21:14:05 +0100
Subject: [PATCH 2/4] ctdb: Fix CID 1347319 Unchecked return value

Signed-off-by: Volker Lendecke <vl at samba.org>
---
 ctdb/common/system_linux.c |    8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/ctdb/common/system_linux.c b/ctdb/common/system_linux.c
index 6447f56..55c22c5 100644
--- a/ctdb/common/system_linux.c
+++ b/ctdb/common/system_linux.c
@@ -247,7 +247,13 @@ int ctdb_sys_send_arp(const ctdb_sock_addr *addr, const char *iface)
 		ip6->ip6_hlim = 255;
 		ip6->ip6_src  = addr->ip6.sin6_addr;
 		/* all-nodes multicast */
-		inet_pton(AF_INET6, "ff02::1", &ip6->ip6_dst);
+
+		ret = inet_pton(AF_INET6, "ff02::1", &ip6->ip6_dst);
+		if (ret != 1) {
+			close(s);
+			DEBUG(DEBUG_CRIT,(__location__ " failed inet_pton\n"));
+			return -1;
+		}
 
 		nd_na = (struct nd_neighbor_advert *)(ip6+1);
 		nd_na->nd_na_type = ND_NEIGHBOR_ADVERT;
-- 
1.7.9.5


From 003597a70d30b2bc248e680af813d0635d9cdf88 Mon Sep 17 00:00:00 2001
From: Volker Lendecke <vl at samba.org>
Date: Thu, 7 Jan 2016 21:17:43 +0100
Subject: [PATCH 3/4] bind_dlz: Fix CID 1347318 Unchecked return value

Signed-off-by: Volker Lendecke <vl at samba.org>
---
 source4/dns_server/dlz_bind9.c |   16 +++++++++++++---
 1 file changed, 13 insertions(+), 3 deletions(-)

diff --git a/source4/dns_server/dlz_bind9.c b/source4/dns_server/dlz_bind9.c
index 7a76fe5..4c21a5e 100644
--- a/source4/dns_server/dlz_bind9.c
+++ b/source4/dns_server/dlz_bind9.c
@@ -1438,10 +1438,20 @@ static bool b9_record_match(struct dlz_bind9_data *state,
 	switch (rec1->wType) {
 	case DNS_TYPE_A:
 		return strcmp(rec1->data.ipv4, rec2->data.ipv4) == 0;
-	case DNS_TYPE_AAAA:
-		inet_pton(AF_INET6, rec1->data.ipv6, &rec1_in_addr6);
-		inet_pton(AF_INET6, rec2->data.ipv6, &rec2_in_addr6);
+	case DNS_TYPE_AAAA: {
+		int ret;
+
+		ret = inet_pton(AF_INET6, rec1->data.ipv6, &rec1_in_addr6);
+		if (ret != 1) {
+			return false;
+		}
+		ret = inet_pton(AF_INET6, rec2->data.ipv6, &rec2_in_addr6);
+		if (ret != 1) {
+			return false;
+		}
+
 		return memcmp(&rec1_in_addr6, &rec2_in_addr6, sizeof(rec1_in_addr6)) == 0;
+	}
 	case DNS_TYPE_CNAME:
 		return dns_name_equal(rec1->data.cname, rec2->data.cname);
 	case DNS_TYPE_TXT:
-- 
1.7.9.5


From 03946acf5fbdf119a2441c025820452136175f6a Mon Sep 17 00:00:00 2001
From: Volker Lendecke <vl at samba.org>
Date: Thu, 7 Jan 2016 21:33:18 +0100
Subject: [PATCH 4/4] smbd: Fix 240393 Uninitialized pointer read

If we run into the "This is a stream on the root of the share" case,
in old line 409 (new line 417) we "goto done;". If then in old line 1027
(new line 1035) "build_stream_path" fails, "start" is uninitialized.

Signed-off-by: Volker Lendecke <vl at samba.org>
---
 source3/smbd/filename.c |   10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/source3/smbd/filename.c b/source3/smbd/filename.c
index c2ed1fc..dad8a1e 100644
--- a/source3/smbd/filename.c
+++ b/source3/smbd/filename.c
@@ -235,7 +235,15 @@ NTSTATUS unix_convert(TALLOC_CTX *ctx,
 		      uint32_t ucf_flags)
 {
 	struct smb_filename *smb_fname = NULL;
-	char *start, *end;
+
+	/*
+	 * This looks strange. But we need "start" initialized to "" here but
+	 * it can't be a const char *, so 'char *start = "";' does not work.
+	 */
+	char null = '\0';
+	char *start = &null;
+
+	char *end;
 	char *dirpath = NULL;
 	char *stream = NULL;
 	bool component_was_mangled = False;
-- 
1.7.9.5

More information about the samba-technical mailing list