[PATCH] Address several issues in Samba

Andreas Schneider asn at samba.org
Thu Feb 23 13:26:06 UTC 2017


On Friday, 17 February 2017 23:45:02 CET Jeremy Allison wrote:
> On Fri, Feb 17, 2017 at 12:09:36PM +0100, Andreas Schneider wrote:
> > Hello,
> > 
> > I'm currently packaging Samba for the next RHEL release. Our covscan tool
> > found a lot of issues. I would like to address some. The atttached
> > patchset
> > fixes 12 issues and adds a modeling file for coverity we can upload to
> > tell it how tests are working. It can be extended and uploaded. Currently
> > it is only for cmocka tests.
> > 
> > Review and push appreciated.
> 
> +1 on all of these except:
> 
> ----------------------------------------------------------------------------
> ------- From 9fe8650643bd9bc5657d52d2507b3b76ef15def7 Mon Sep 17 00:00:00
> 2001 From: Andreas Schneider <asn at samba.org>
>  Date: Fri, 17 Feb 2017 10:04:14 +0100
>  Subject: [PATCH 08/13] s3:winbind: Add a paranoia check that result is not
>   NULL
> 
>  Found by covscan.
> 
>  BUG: https://bugzilla.samba.org/show_bug.cgi?id=12592
> 
>  Signed-off-by: Andreas Schneider <asn at samba.org>
>  ---
>   source3/winbindd/winbindd_list_users.c | 3 +++
>   1 file changed, 3 insertions(+)
> 
>  diff --git a/source3/winbindd/winbindd_list_users.c
> b/source3/winbindd/winbindd_list_users.c index 9a751a75c5b..aa76b3c4f79
> 100644
>  --- a/source3/winbindd/winbindd_list_users.c
>  +++ b/source3/winbindd/winbindd_list_users.c
>  @@ -171,6 +171,9 @@ NTSTATUS winbindd_list_users_recv(struct tevent_req
> *req, return map_nt_error_from_unix(ret);
>                }
>        }
>  +     if (result == NULL) {
>  +             return NT_STATUS_INTERNAL_ERROR;
>  +     }
> 
>        len = talloc_get_size(result);
> ----------------------------------------------------------------------------
> -------
> 
> Can you share the coverity error message on this one ?
> 
> Returning response->data.num_entries == 0 with
> NT_STATUS_OK (which is what you'd get if result == NULL)
> looks OK to me.

2. Defect type: FORWARD_NULL
3. samba-4.6.0rc3/source3/winbindd/winbindd_list_users.c:159: assign_zero: 
Assigning: "result" = "NULL".
16. samba-4.6.0rc3/source3/winbindd/winbindd_list_users.c:186: var_deref_op: 
Dereferencing null pointer "result".
#   184|   
#   185|   		for (i=0; i<len; i++) {
#   186|-> 			if (result[i] == '\0') {
#   187|   				result[i] = ',';
#   188|   				response->data.num_entries += 1;



-- 
Andreas Schneider                   GPG-ID: CC014E3D
Samba Team                             asn at samba.org
www.samba.org



More information about the samba-technical mailing list