[PATCH] small winbind refactorings and CIDs

Volker Lendecke Volker.Lendecke at SerNet.DE
Thu Mar 17 20:03:22 UTC 2016 

On Wed, Mar 16, 2016 at 06:56:02AM +0100, Volker Lendecke wrote:
> Review appreciated!

The winbind changes don't apply anymore. But the CIDs should.
Attached again for some reviewer.

Thanks, Volker

-- 
SerNet GmbH, Bahnhofsallee 1b, 37081 Göttingen
phone: +49-551-370000-0, fax: +49-551-370000-9
AG Göttingen, HRB 2816, GF: Dr. Johannes Loxen
http://www.sernet.de, mailto:kontakt at sernet.de
-------------- next part --------------
From b4b50ef4cf41c0cfabaad01dffc176b0d7fc3919 Mon Sep 17 00:00:00 2001
From: Volker Lendecke <vl at samba.org>
Date: Tue, 15 Mar 2016 20:34:27 +0100
Subject: [PATCH 1/5] libads: Fix CID 1356316 Uninitialized pointer read

Signed-off-by: Volker Lendecke <vl at samba.org>
---
 source3/libads/sasl.c |    2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/source3/libads/sasl.c b/source3/libads/sasl.c
index e707228..e205e9f 100644
--- a/source3/libads/sasl.c
+++ b/source3/libads/sasl.c
@@ -646,7 +646,7 @@ static ADS_STATUS ads_generate_service_principal(ADS_STRUCT *ads,
 static ADS_STATUS ads_sasl_spnego_bind(ADS_STRUCT *ads)
 {
 	TALLOC_CTX *frame = talloc_stackframe();
-	struct ads_service_principal p;
+	struct ads_service_principal p = {0};
 	struct berval *scred=NULL;
 	int rc, i;
 	ADS_STATUS status;
-- 
1.7.9.5


From dc1f17d0866fe718a2917412d4134f54fab4dabc Mon Sep 17 00:00:00 2001
From: Volker Lendecke <vl at samba.org>
Date: Tue, 15 Mar 2016 20:38:02 +0100
Subject: [PATCH 2/5] crypto: Fix CID 1356314 Resource leak

Signed-off-by: Volker Lendecke <vl at samba.org>
---
 source3/librpc/crypto/gse_krb5.c |    3 +++
 1 file changed, 3 insertions(+)

diff --git a/source3/librpc/crypto/gse_krb5.c b/source3/librpc/crypto/gse_krb5.c
index b213e83..e0021d0 100644
--- a/source3/librpc/crypto/gse_krb5.c
+++ b/source3/librpc/crypto/gse_krb5.c
@@ -144,6 +144,7 @@ static krb5_error_code fill_keytab_from_password(krb5_context krbctx,
 
 		ret = krb5_unparse_name(krbctx, princ, &princ_s);
 		if (ret != 0) {
+			SAFE_FREE(key);
 			continue;
 		}
 
@@ -152,12 +153,14 @@ static krb5_error_code fill_keytab_from_password(krb5_context krbctx,
 									enctypes[i]);
 		SAFE_FREE(princ_s);
 		if (salt_princ_s == NULL) {
+			SAFE_FREE(key);
 			continue;
 		}
 
 		ret = krb5_parse_name(krbctx, salt_princ_s, &salt_princ);
 		SAFE_FREE(salt_princ_s);
 		if (ret != 0) {
+			SAFE_FREE(key);
 			continue;
 		}
 
-- 
1.7.9.5


From e93a0851c8529157c4d7daca4e809d708250c5f7 Mon Sep 17 00:00:00 2001
From: Volker Lendecke <vl at samba.org>
Date: Tue, 15 Mar 2016 20:48:19 +0100
Subject: [PATCH 3/5] lib: Fix CID 1356315 Dereference before null check

Signed-off-by: Volker Lendecke <vl at samba.org>
---
 lib/krb5_wrap/krb5_samba.c |    7 ++-----
 1 file changed, 2 insertions(+), 5 deletions(-)

diff --git a/lib/krb5_wrap/krb5_samba.c b/lib/krb5_wrap/krb5_samba.c
index 9ee71f5..247b83b 100644
--- a/lib/krb5_wrap/krb5_samba.c
+++ b/lib/krb5_wrap/krb5_samba.c
@@ -1628,12 +1628,9 @@ out:
 	if (memcmp(&zero_kt_entry, &kt_entry, sizeof(krb5_keytab_entry))) {
 		smb_krb5_kt_free_entry(context, &kt_entry);
 	}
-	if (keytab) {
-		if (memcmp(&cursor, &zero_csr, sizeof(krb5_kt_cursor)) != 0) {
-			krb5_kt_end_seq_get(context, keytab, &cursor);
-		}
+	if (memcmp(&cursor, &zero_csr, sizeof(krb5_kt_cursor)) != 0) {
+		krb5_kt_end_seq_get(context, keytab, &cursor);
 	}
-
 	return ret;
 }
 
-- 
1.7.9.5


From d5a574dc10aca1c2a5d08b6174b66917ea0ece10 Mon Sep 17 00:00:00 2001
From: Volker Lendecke <vl at samba.org>
Date: Tue, 15 Mar 2016 20:55:37 +0100
Subject: [PATCH 4/5] ctdb: Fix CID 1356313 Explicit null dereferenced

Signed-off-by: Volker Lendecke <vl at samba.org>
---
 ctdb/server/ctdb_tunables.c |   14 ++++++++------
 1 file changed, 8 insertions(+), 6 deletions(-)

diff --git a/ctdb/server/ctdb_tunables.c b/ctdb/server/ctdb_tunables.c
index 4e14279..4559aed 100644
--- a/ctdb/server/ctdb_tunables.c
+++ b/ctdb/server/ctdb_tunables.c
@@ -199,19 +199,21 @@ int32_t ctdb_control_list_tunables(struct ctdb_context *ctdb, TDB_DATA *outdata)
 	int i;
 	struct ctdb_control_list_tunable *t;
 
+	list = talloc_strdup(outdata, ":");
+	CTDB_NO_MEMORY(ctdb, list);
+
 	for (i=0; i<ARRAY_SIZE(tunable_map); i++) {
 		if (tunable_map[i].obsolete) {
 			continue;
 		}
-		if (list == NULL) {
-			list = talloc_strdup(outdata, tunable_map[i].name);
-		} else {
-			list = talloc_asprintf_append(list, ":%s",
-						      tunable_map[i].name);
-		}
+		list = talloc_asprintf_append(list, "%s:",
+					      tunable_map[i].name);
 		CTDB_NO_MEMORY(ctdb, list);
 	}
 
+	/* cut the last ':' */
+	list[strlen(list)-1] = '\0';
+
 	outdata->dsize = offsetof(struct ctdb_control_list_tunable, data) +
 		strlen(list) + 1;
 	outdata->dptr = talloc_size(outdata, outdata->dsize);
-- 
1.7.9.5


From c2831f4e54674b0cf81c93a340cac8de24a5192e Mon Sep 17 00:00:00 2001
From: Volker Lendecke <vl at samba.org>
Date: Tue, 15 Mar 2016 21:00:30 +0100
Subject: [PATCH 5/5] libsmb: Fix CID 1356312 Explicit null dereferenced

Signed-off-by: Volker Lendecke <vl at samba.org>
---
 source3/libsmb/cliconnect.c |    5 +++++
 1 file changed, 5 insertions(+)

diff --git a/source3/libsmb/cliconnect.c b/source3/libsmb/cliconnect.c
index 97d0352..50d1a0c 100644
--- a/source3/libsmb/cliconnect.c
+++ b/source3/libsmb/cliconnect.c
@@ -1361,6 +1361,11 @@ static struct tevent_req *cli_session_setup_gensec_send(
 		size_t converted;
 		bool ok;
 
+		if (pass == NULL) {
+			tevent_req_nterror(req, NT_STATUS_INVALID_PARAMETER_MIX);
+			return tevent_req_post(req, ev);
+		}
+
 		converted = strhex_to_str((char *)nt_hash.hash,
 					  sizeof(nt_hash.hash),
 					  pass, strlen(pass));
-- 
1.7.9.5

More information about the samba-technical mailing list