[PATCH] Fix two CIDs
Volker Lendecke
Volker.Lendecke at SerNet.DE
Tue May 17 09:41:53 UTC 2016
Hi!
Review appreciated!
Thanks, Volker
--
SerNet GmbH, Bahnhofsallee 1b, 37081 Göttingen
phone: +49-551-370000-0, fax: +49-551-370000-9
AG Göttingen, HRB 2816, GF: Dr. Johannes Loxen
http://www.sernet.de, mailto:kontakt at sernet.de
-------------- next part --------------
From d9e731c759f5666e79e7c5d236a456e0806df0ff Mon Sep 17 00:00:00 2001
From: Volker Lendecke <vl at samba.org>
Date: Tue, 17 May 2016 11:36:44 +0200
Subject: [PATCH 1/2] ctdb: Fix CID 1361817 Dereference after null check
Signed-off-by: Volker Lendecke <vl at samba.org>
---
ctdb/tests/src/fake_ctdbd.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/ctdb/tests/src/fake_ctdbd.c b/ctdb/tests/src/fake_ctdbd.c
index 0d08313..9a53f46 100644
--- a/ctdb/tests/src/fake_ctdbd.c
+++ b/ctdb/tests/src/fake_ctdbd.c
@@ -2172,6 +2172,7 @@ static void start_server(TALLOC_CTX *mem_ctx, struct tevent_context *ev,
req = server_send(mem_ctx, ev, ctdb, fd);
if (req == NULL) {
fprintf(stderr, "Memory error\n");
+ exit(1);
}
len = write(pfd, &ret, sizeof(ret));
--
1.9.1
From 53ef6d080a7468806cb622da7a78c44962ff72a7 Mon Sep 17 00:00:00 2001
From: Volker Lendecke <vl at samba.org>
Date: Tue, 17 May 2016 11:39:38 +0200
Subject: [PATCH 2/2] ctdb: Fix CID 1327222 Copy into fixed size buffer
Signed-off-by: Volker Lendecke <vl at samba.org>
---
ctdb/tests/src/fake_ctdbd.c | 8 +++++++-
1 file changed, 7 insertions(+), 1 deletion(-)
diff --git a/ctdb/tests/src/fake_ctdbd.c b/ctdb/tests/src/fake_ctdbd.c
index 9a53f46..462ecb7 100644
--- a/ctdb/tests/src/fake_ctdbd.c
+++ b/ctdb/tests/src/fake_ctdbd.c
@@ -2097,11 +2097,17 @@ static bool server_recv(struct tevent_req *req, int *perr)
static int socket_init(const char *sockpath)
{
struct sockaddr_un addr;
+ size_t len;
int ret, fd;
memset(&addr, 0, sizeof(addr));
addr.sun_family = AF_UNIX;
- strcpy(addr.sun_path, sockpath);
+
+ len = strlcpy(addr.sun_path, sockpath, sizeof(addr.sun_path));
+ if (len >= sizeof(addr.sun_path)) {
+ fprintf(stderr, "path too long: %s\n", sockpath);
+ return -1;
+ }
fd = socket(AF_UNIX, SOCK_STREAM, 0);
if (fd == -1) {
--
1.9.1
More information about the samba-technical
mailing list