[PATCH] Fix two possible NULL pointer deref in s4 code

Jeremy Allison jra at samba.org
Wed Jun 22 17:22:31 UTC 2016 

On Wed, Jun 22, 2016 at 04:14:00PM +0200, Andreas Schneider wrote:
> Review and push appreciated!

LGTM. Pushed.

> 	-- andreas
> 
> -- 
> Andreas Schneider                   GPG-ID: CC014E3D
> Samba Team                             asn at samba.org
> www.samba.org

> From fe4f1697b9086758ed2b8ead20a67ba092d7e81e Mon Sep 17 00:00:00 2001
> From: Andreas Schneider <asn at samba.org>
> Date: Wed, 22 Jun 2016 15:48:10 +0200
> Subject: [PATCH 1/2] s4-dsdb: Fix a possible NULL pointer dereference
> 
> Detected by clang compiler.
> 
> Signed-off-by: Andreas Schneider <asn at samba.org>
> ---
>  source4/dsdb/common/util_trusts.c | 4 +++-
>  1 file changed, 3 insertions(+), 1 deletion(-)
> 
> diff --git a/source4/dsdb/common/util_trusts.c b/source4/dsdb/common/util_trusts.c
> index 0e69ba2..a083d86 100644
> --- a/source4/dsdb/common/util_trusts.c
> +++ b/source4/dsdb/common/util_trusts.c
> @@ -2671,7 +2671,9 @@ NTSTATUS dsdb_trust_get_incoming_passwords(struct ldb_message *msg,
>  	if (_previous != NULL) {
>  		*_previous = talloc(mem_ctx, struct samr_Password);
>  		if (*_previous == NULL) {
> -			TALLOC_FREE(*_current);
> +			if (_current != NULL) {
> +				TALLOC_FREE(*_current);
> +			}
>  			TALLOC_FREE(frame);
>  			return NT_STATUS_NO_MEMORY;
>  		}
> -- 
> 2.9.0
> 
> 
> From 1cf6726fa599480e409f7bd272249e204d728b6a Mon Sep 17 00:00:00 2001
> From: Andreas Schneider <asn at samba.org>
> Date: Wed, 22 Jun 2016 15:53:59 +0200
> Subject: [PATCH 2/2] s4-ntlm: Fix a NULL pointer dereference in error path
> 
> Found by clang compiler.
> 
> Signed-off-by: Andreas Schneider <asn at samba.org>
> ---
>  source4/auth/ntlm/auth_winbind.c | 6 ++++--
>  1 file changed, 4 insertions(+), 2 deletions(-)
> 
> diff --git a/source4/auth/ntlm/auth_winbind.c b/source4/auth/ntlm/auth_winbind.c
> index aed893d..447c0de 100644
> --- a/source4/auth/ntlm/auth_winbind.c
> +++ b/source4/auth/ntlm/auth_winbind.c
> @@ -216,9 +216,11 @@ static NTSTATUS winbind_check_password_wbclient(struct auth_method_context *ctx,
>  		if (err) {
>  			DEBUG(1, ("error was %s (0x%08x)\nerror message was '%s'\n",
>  			      err->nt_string, err->nt_status, err->display_string));
> +			nt_status = NT_STATUS(err->nt_status);
> +			wbcFreeMemory(err);
> +		} else {
> +			nt_status = NT_STATUS_LOGON_FAILURE;
>  		}
> -		nt_status = NT_STATUS(err->nt_status);
> -		wbcFreeMemory(err);
>  		NT_STATUS_NOT_OK_RETURN(nt_status);
>  	} else if (!WBC_ERROR_IS_OK(wbc_status)) {
>  		DEBUG(1, ("wbcAuthenticateUserEx: failed with %u - %s\n",
> -- 
> 2.9.0
>

More information about the samba-technical mailing list