[PATCH] small winbind refactorings and CIDs

Thu Mar 17 20:40:25 UTC 2016

On Thu, Mar 17, 2016 at 09:03:22PM +0100, Volker Lendecke wrote:
> On Wed, Mar 16, 2016 at 06:56:02AM +0100, Volker Lendecke wrote:
> > Review appreciated!
> 
> The winbind changes don't apply anymore. But the CIDs should.
> Attached again for some reviewer.

LGTM - pushed !

> -- 
> SerNet GmbH, Bahnhofsallee 1b, 37081 Göttingen
> phone: +49-551-370000-0, fax: +49-551-370000-9
> AG Göttingen, HRB 2816, GF: Dr. Johannes Loxen
> http://www.sernet.de, mailto:kontakt at sernet.de

> From b4b50ef4cf41c0cfabaad01dffc176b0d7fc3919 Mon Sep 17 00:00:00 2001
> From: Volker Lendecke <vl at samba.org>
> Date: Tue, 15 Mar 2016 20:34:27 +0100
> Subject: [PATCH 1/5] libads: Fix CID 1356316 Uninitialized pointer read
> 
> Signed-off-by: Volker Lendecke <vl at samba.org>
> ---
>  source3/libads/sasl.c |    2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/source3/libads/sasl.c b/source3/libads/sasl.c
> index e707228..e205e9f 100644
> --- a/source3/libads/sasl.c
> +++ b/source3/libads/sasl.c
> @@ -646,7 +646,7 @@ static ADS_STATUS ads_generate_service_principal(ADS_STRUCT *ads,
>  static ADS_STATUS ads_sasl_spnego_bind(ADS_STRUCT *ads)
>  {
>  	TALLOC_CTX *frame = talloc_stackframe();
> -	struct ads_service_principal p;
> +	struct ads_service_principal p = {0};
>  	struct berval *scred=NULL;
>  	int rc, i;
>  	ADS_STATUS status;
> -- 
> 1.7.9.5
> 
> 
> From dc1f17d0866fe718a2917412d4134f54fab4dabc Mon Sep 17 00:00:00 2001
> From: Volker Lendecke <vl at samba.org>
> Date: Tue, 15 Mar 2016 20:38:02 +0100
> Subject: [PATCH 2/5] crypto: Fix CID 1356314 Resource leak
> 
> Signed-off-by: Volker Lendecke <vl at samba.org>
> ---
>  source3/librpc/crypto/gse_krb5.c |    3 +++
>  1 file changed, 3 insertions(+)
> 
> diff --git a/source3/librpc/crypto/gse_krb5.c b/source3/librpc/crypto/gse_krb5.c
> index b213e83..e0021d0 100644
> --- a/source3/librpc/crypto/gse_krb5.c
> +++ b/source3/librpc/crypto/gse_krb5.c
> @@ -144,6 +144,7 @@ static krb5_error_code fill_keytab_from_password(krb5_context krbctx,
>  
>  		ret = krb5_unparse_name(krbctx, princ, &princ_s);
>  		if (ret != 0) {
> +			SAFE_FREE(key);
>  			continue;
>  		}
>  
> @@ -152,12 +153,14 @@ static krb5_error_code fill_keytab_from_password(krb5_context krbctx,
>  									enctypes[i]);
>  		SAFE_FREE(princ_s);
>  		if (salt_princ_s == NULL) {
> +			SAFE_FREE(key);
>  			continue;
>  		}
>  
>  		ret = krb5_parse_name(krbctx, salt_princ_s, &salt_princ);
>  		SAFE_FREE(salt_princ_s);
>  		if (ret != 0) {
> +			SAFE_FREE(key);
>  			continue;
>  		}
>  
> -- 
> 1.7.9.5
> 
> 
> From e93a0851c8529157c4d7daca4e809d708250c5f7 Mon Sep 17 00:00:00 2001
> From: Volker Lendecke <vl at samba.org>
> Date: Tue, 15 Mar 2016 20:48:19 +0100
> Subject: [PATCH 3/5] lib: Fix CID 1356315 Dereference before null check
> 
> Signed-off-by: Volker Lendecke <vl at samba.org>
> ---
>  lib/krb5_wrap/krb5_samba.c |    7 ++-----
>  1 file changed, 2 insertions(+), 5 deletions(-)
> 
> diff --git a/lib/krb5_wrap/krb5_samba.c b/lib/krb5_wrap/krb5_samba.c
> index 9ee71f5..247b83b 100644
> --- a/lib/krb5_wrap/krb5_samba.c
> +++ b/lib/krb5_wrap/krb5_samba.c
> @@ -1628,12 +1628,9 @@ out:
>  	if (memcmp(&zero_kt_entry, &kt_entry, sizeof(krb5_keytab_entry))) {
>  		smb_krb5_kt_free_entry(context, &kt_entry);
>  	}
> -	if (keytab) {
> -		if (memcmp(&cursor, &zero_csr, sizeof(krb5_kt_cursor)) != 0) {
> -			krb5_kt_end_seq_get(context, keytab, &cursor);
> -		}
> +	if (memcmp(&cursor, &zero_csr, sizeof(krb5_kt_cursor)) != 0) {
> +		krb5_kt_end_seq_get(context, keytab, &cursor);
>  	}
> -
>  	return ret;
>  }
>  
> -- 
> 1.7.9.5
> 
> 
> From d5a574dc10aca1c2a5d08b6174b66917ea0ece10 Mon Sep 17 00:00:00 2001
> From: Volker Lendecke <vl at samba.org>
> Date: Tue, 15 Mar 2016 20:55:37 +0100
> Subject: [PATCH 4/5] ctdb: Fix CID 1356313 Explicit null dereferenced
> 
> Signed-off-by: Volker Lendecke <vl at samba.org>
> ---
>  ctdb/server/ctdb_tunables.c |   14 ++++++++------
>  1 file changed, 8 insertions(+), 6 deletions(-)
> 
> diff --git a/ctdb/server/ctdb_tunables.c b/ctdb/server/ctdb_tunables.c
> index 4e14279..4559aed 100644
> --- a/ctdb/server/ctdb_tunables.c
> +++ b/ctdb/server/ctdb_tunables.c
> @@ -199,19 +199,21 @@ int32_t ctdb_control_list_tunables(struct ctdb_context *ctdb, TDB_DATA *outdata)
>  	int i;
>  	struct ctdb_control_list_tunable *t;
>  
> +	list = talloc_strdup(outdata, ":");
> +	CTDB_NO_MEMORY(ctdb, list);
> +
>  	for (i=0; i<ARRAY_SIZE(tunable_map); i++) {
>  		if (tunable_map[i].obsolete) {
>  			continue;
>  		}
> -		if (list == NULL) {
> -			list = talloc_strdup(outdata, tunable_map[i].name);
> -		} else {
> -			list = talloc_asprintf_append(list, ":%s",
> -						      tunable_map[i].name);
> -		}
> +		list = talloc_asprintf_append(list, "%s:",
> +					      tunable_map[i].name);
>  		CTDB_NO_MEMORY(ctdb, list);
>  	}
>  
> +	/* cut the last ':' */
> +	list[strlen(list)-1] = '\0';
> +
>  	outdata->dsize = offsetof(struct ctdb_control_list_tunable, data) +
>  		strlen(list) + 1;
>  	outdata->dptr = talloc_size(outdata, outdata->dsize);
> -- 
> 1.7.9.5
> 
> 
> From c2831f4e54674b0cf81c93a340cac8de24a5192e Mon Sep 17 00:00:00 2001
> From: Volker Lendecke <vl at samba.org>
> Date: Tue, 15 Mar 2016 21:00:30 +0100
> Subject: [PATCH 5/5] libsmb: Fix CID 1356312 Explicit null dereferenced
> 
> Signed-off-by: Volker Lendecke <vl at samba.org>
> ---
>  source3/libsmb/cliconnect.c |    5 +++++
>  1 file changed, 5 insertions(+)
> 
> diff --git a/source3/libsmb/cliconnect.c b/source3/libsmb/cliconnect.c
> index 97d0352..50d1a0c 100644
> --- a/source3/libsmb/cliconnect.c
> +++ b/source3/libsmb/cliconnect.c
> @@ -1361,6 +1361,11 @@ static struct tevent_req *cli_session_setup_gensec_send(
>  		size_t converted;
>  		bool ok;
>  
> +		if (pass == NULL) {
> +			tevent_req_nterror(req, NT_STATUS_INVALID_PARAMETER_MIX);
> +			return tevent_req_post(req, ev);
> +		}
> +
>  		converted = strhex_to_str((char *)nt_hash.hash,
>  					  sizeof(nt_hash.hash),
>  					  pass, strlen(pass));
> -- 
> 1.7.9.5
>