[PATCH] Address several issues in Samba
Andreas Schneider
asn at samba.org
Thu Feb 23 13:26:06 UTC 2017
On Friday, 17 February 2017 23:45:02 CET Jeremy Allison wrote:
> On Fri, Feb 17, 2017 at 12:09:36PM +0100, Andreas Schneider wrote:
> > Hello,
> >
> > I'm currently packaging Samba for the next RHEL release. Our covscan tool
> > found a lot of issues. I would like to address some. The atttached
> > patchset
> > fixes 12 issues and adds a modeling file for coverity we can upload to
> > tell it how tests are working. It can be extended and uploaded. Currently
> > it is only for cmocka tests.
> >
> > Review and push appreciated.
>
> +1 on all of these except:
>
> ----------------------------------------------------------------------------
> ------- From 9fe8650643bd9bc5657d52d2507b3b76ef15def7 Mon Sep 17 00:00:00
> 2001 From: Andreas Schneider <asn at samba.org>
> Date: Fri, 17 Feb 2017 10:04:14 +0100
> Subject: [PATCH 08/13] s3:winbind: Add a paranoia check that result is not
> NULL
>
> Found by covscan.
>
> BUG: https://bugzilla.samba.org/show_bug.cgi?id=12592
>
> Signed-off-by: Andreas Schneider <asn at samba.org>
> ---
> source3/winbindd/winbindd_list_users.c | 3 +++
> 1 file changed, 3 insertions(+)
>
> diff --git a/source3/winbindd/winbindd_list_users.c
> b/source3/winbindd/winbindd_list_users.c index 9a751a75c5b..aa76b3c4f79
> 100644
> --- a/source3/winbindd/winbindd_list_users.c
> +++ b/source3/winbindd/winbindd_list_users.c
> @@ -171,6 +171,9 @@ NTSTATUS winbindd_list_users_recv(struct tevent_req
> *req, return map_nt_error_from_unix(ret);
> }
> }
> + if (result == NULL) {
> + return NT_STATUS_INTERNAL_ERROR;
> + }
>
> len = talloc_get_size(result);
> ----------------------------------------------------------------------------
> -------
>
> Can you share the coverity error message on this one ?
>
> Returning response->data.num_entries == 0 with
> NT_STATUS_OK (which is what you'd get if result == NULL)
> looks OK to me.
2. Defect type: FORWARD_NULL
3. samba-4.6.0rc3/source3/winbindd/winbindd_list_users.c:159: assign_zero:
Assigning: "result" = "NULL".
16. samba-4.6.0rc3/source3/winbindd/winbindd_list_users.c:186: var_deref_op:
Dereferencing null pointer "result".
# 184|
# 185| for (i=0; i<len; i++) {
# 186|-> if (result[i] == '\0') {
# 187| result[i] = ',';
# 188| response->data.num_entries += 1;
--
Andreas Schneider GPG-ID: CC014E3D
Samba Team asn at samba.org
www.samba.org
More information about the samba-technical
mailing list