[PATCH] Fix fresh Coverity defects
Volker Lendecke
Volker.Lendecke at SerNet.DE
Thu Jan 7 20:48:42 UTC 2016
Hi, Jeremy!
Pinging you directly for the last of the patches. This is a
bit tricky and from a new code path. Please take a look, I
don't 100% get the semantics of us restoring
smb_fname->base_name in the fail: case for the "stream of
rootdir" code.
Thanks for some review!
Volker
--
SerNet GmbH, Bahnhofsallee 1b, 37081 Göttingen
phone: +49-551-370000-0, fax: +49-551-370000-9
AG Göttingen, HRB 2816, GF: Dr. Johannes Loxen
http://www.sernet.de, mailto:kontakt at sernet.de
-------------- next part --------------
From 4973fb36622893b7257e1b5ee1bcdda851374e72 Mon Sep 17 00:00:00 2001
From: Volker Lendecke <vl at samba.org>
Date: Thu, 7 Jan 2016 21:10:24 +0100
Subject: [PATCH 1/4] samdb: Fix CID 1347320 Dereference null return value
Signed-off-by: Volker Lendecke <vl at samba.org>
---
source4/dsdb/samdb/ldb_modules/samldb.c | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/source4/dsdb/samdb/ldb_modules/samldb.c b/source4/dsdb/samdb/ldb_modules/samldb.c
index b9b57db..2394bd9 100644
--- a/source4/dsdb/samdb/ldb_modules/samldb.c
+++ b/source4/dsdb/samdb/ldb_modules/samldb.c
@@ -2886,6 +2886,12 @@ static int samldb_verify_subnet(struct samldb_ctx *ac)
const struct ldb_val *rdn_value = NULL;
rdn_value = ldb_dn_get_rdn_val(ac->msg->dn);
+ if (rdn_value == NULL) {
+ ldb_set_errstring(ldb, "samldb: ldb_dn_get_rdn_val "
+ "failed");
+ return LDB_ERR_UNWILLING_TO_PERFORM;
+ }
+
cidr = ldb_dn_escape_value(ac, *rdn_value);
DBG_INFO("looking at cidr '%s'\n", cidr);
if (cidr == NULL) {
--
1.7.9.5
From 19605e97687763d4672b84a37ab052a3271853d6 Mon Sep 17 00:00:00 2001
From: Volker Lendecke <vl at samba.org>
Date: Thu, 7 Jan 2016 21:14:05 +0100
Subject: [PATCH 2/4] ctdb: Fix CID 1347319 Unchecked return value
Signed-off-by: Volker Lendecke <vl at samba.org>
---
ctdb/common/system_linux.c | 8 +++++++-
1 file changed, 7 insertions(+), 1 deletion(-)
diff --git a/ctdb/common/system_linux.c b/ctdb/common/system_linux.c
index 6447f56..55c22c5 100644
--- a/ctdb/common/system_linux.c
+++ b/ctdb/common/system_linux.c
@@ -247,7 +247,13 @@ int ctdb_sys_send_arp(const ctdb_sock_addr *addr, const char *iface)
ip6->ip6_hlim = 255;
ip6->ip6_src = addr->ip6.sin6_addr;
/* all-nodes multicast */
- inet_pton(AF_INET6, "ff02::1", &ip6->ip6_dst);
+
+ ret = inet_pton(AF_INET6, "ff02::1", &ip6->ip6_dst);
+ if (ret != 1) {
+ close(s);
+ DEBUG(DEBUG_CRIT,(__location__ " failed inet_pton\n"));
+ return -1;
+ }
nd_na = (struct nd_neighbor_advert *)(ip6+1);
nd_na->nd_na_type = ND_NEIGHBOR_ADVERT;
--
1.7.9.5
From 003597a70d30b2bc248e680af813d0635d9cdf88 Mon Sep 17 00:00:00 2001
From: Volker Lendecke <vl at samba.org>
Date: Thu, 7 Jan 2016 21:17:43 +0100
Subject: [PATCH 3/4] bind_dlz: Fix CID 1347318 Unchecked return value
Signed-off-by: Volker Lendecke <vl at samba.org>
---
source4/dns_server/dlz_bind9.c | 16 +++++++++++++---
1 file changed, 13 insertions(+), 3 deletions(-)
diff --git a/source4/dns_server/dlz_bind9.c b/source4/dns_server/dlz_bind9.c
index 7a76fe5..4c21a5e 100644
--- a/source4/dns_server/dlz_bind9.c
+++ b/source4/dns_server/dlz_bind9.c
@@ -1438,10 +1438,20 @@ static bool b9_record_match(struct dlz_bind9_data *state,
switch (rec1->wType) {
case DNS_TYPE_A:
return strcmp(rec1->data.ipv4, rec2->data.ipv4) == 0;
- case DNS_TYPE_AAAA:
- inet_pton(AF_INET6, rec1->data.ipv6, &rec1_in_addr6);
- inet_pton(AF_INET6, rec2->data.ipv6, &rec2_in_addr6);
+ case DNS_TYPE_AAAA: {
+ int ret;
+
+ ret = inet_pton(AF_INET6, rec1->data.ipv6, &rec1_in_addr6);
+ if (ret != 1) {
+ return false;
+ }
+ ret = inet_pton(AF_INET6, rec2->data.ipv6, &rec2_in_addr6);
+ if (ret != 1) {
+ return false;
+ }
+
return memcmp(&rec1_in_addr6, &rec2_in_addr6, sizeof(rec1_in_addr6)) == 0;
+ }
case DNS_TYPE_CNAME:
return dns_name_equal(rec1->data.cname, rec2->data.cname);
case DNS_TYPE_TXT:
--
1.7.9.5
From 03946acf5fbdf119a2441c025820452136175f6a Mon Sep 17 00:00:00 2001
From: Volker Lendecke <vl at samba.org>
Date: Thu, 7 Jan 2016 21:33:18 +0100
Subject: [PATCH 4/4] smbd: Fix 240393 Uninitialized pointer read
If we run into the "This is a stream on the root of the share" case,
in old line 409 (new line 417) we "goto done;". If then in old line 1027
(new line 1035) "build_stream_path" fails, "start" is uninitialized.
Signed-off-by: Volker Lendecke <vl at samba.org>
---
source3/smbd/filename.c | 10 +++++++++-
1 file changed, 9 insertions(+), 1 deletion(-)
diff --git a/source3/smbd/filename.c b/source3/smbd/filename.c
index c2ed1fc..dad8a1e 100644
--- a/source3/smbd/filename.c
+++ b/source3/smbd/filename.c
@@ -235,7 +235,15 @@ NTSTATUS unix_convert(TALLOC_CTX *ctx,
uint32_t ucf_flags)
{
struct smb_filename *smb_fname = NULL;
- char *start, *end;
+
+ /*
+ * This looks strange. But we need "start" initialized to "" here but
+ * it can't be a const char *, so 'char *start = "";' does not work.
+ */
+ char null = '\0';
+ char *start = &null;
+
+ char *end;
char *dirpath = NULL;
char *stream = NULL;
bool component_was_mangled = False;
--
1.7.9.5
More information about the samba-technical
mailing list