[PATCH] Fix new Coverity IDs
Jeremy Allison
jra at samba.org
Thu Jan 12 17:07:33 UTC 2017
On Thu, Jan 12, 2017 at 11:33:30AM +0100, Andreas Schneider wrote:
>
> uint32_t *rids;
>
>
> needs to be initialized with NULL!
>
> uint32_t *rids = NULL;
>
> or the TALLOC_FREE() in 'done' might crash! Which just happend here!
Hi Andreas,
Fixed version attached (plus I've fixed to match metze's critiques on
the coding standards). Sorry for the blunder.
Please re-review - thanks !
Jeremy.
-------------- next part --------------
From 717ab0599a8a84694435730c3b205605ebf59045 Mon Sep 17 00:00:00 2001
From: Jeremy Allison <jra at samba.org>
Date: Wed, 11 Jan 2017 11:52:44 -0800
Subject: [PATCH] winbind: Fix CID 1398534 Dereference before null check
Make all query_user_list backends consistent.
Signed-off-by: Jeremy Allison <jra at samba.org>
---
source3/winbindd/winbindd_ads.c | 8 ++++----
source3/winbindd/winbindd_samr.c | 6 ++----
2 files changed, 6 insertions(+), 8 deletions(-)
diff --git a/source3/winbindd/winbindd_ads.c b/source3/winbindd/winbindd_ads.c
index b14f21e3644..077c6ec7b7c 100644
--- a/source3/winbindd/winbindd_ads.c
+++ b/source3/winbindd/winbindd_ads.c
@@ -293,14 +293,12 @@ static NTSTATUS query_user_list(struct winbindd_domain *domain,
ADS_STRUCT *ads = NULL;
const char *attrs[] = { "sAMAccountType", "objectSid", NULL };
int count;
- uint32_t *rids;
+ uint32_t *rids = NULL;
ADS_STATUS rc;
LDAPMessage *res = NULL;
LDAPMessage *msg = NULL;
NTSTATUS status = NT_STATUS_UNSUCCESSFUL;
- *prids = NULL;
-
DEBUG(3,("ads: query_user_list\n"));
if ( !winbindd_can_contact_domain( domain ) ) {
@@ -375,7 +373,9 @@ static NTSTATUS query_user_list(struct winbindd_domain *domain,
}
rids = talloc_realloc(mem_ctx, rids, uint32_t, count);
- *prids = rids;
+ if (prids != NULL) {
+ *prids = rids;
+ }
status = NT_STATUS_OK;
diff --git a/source3/winbindd/winbindd_samr.c b/source3/winbindd/winbindd_samr.c
index 224f1058348..1a73fc4fcc6 100644
--- a/source3/winbindd/winbindd_samr.c
+++ b/source3/winbindd/winbindd_samr.c
@@ -169,15 +169,13 @@ static NTSTATUS sam_query_user_list(struct winbindd_domain *domain,
{
struct rpc_pipe_client *samr_pipe = NULL;
struct policy_handle dom_pol = { 0 };
- uint32_t *rids;
+ uint32_t *rids = NULL;
TALLOC_CTX *tmp_ctx;
NTSTATUS status, result;
struct dcerpc_binding_handle *b = NULL;
DEBUG(3,("samr_query_user_list\n"));
- *prids = NULL;
-
tmp_ctx = talloc_stackframe();
if (tmp_ctx == NULL) {
return NT_STATUS_NO_MEMORY;
@@ -199,7 +197,7 @@ static NTSTATUS sam_query_user_list(struct winbindd_domain *domain,
goto done;
}
- if (prids) {
+ if (prids != NULL) {
*prids = talloc_move(mem_ctx, &rids);
}
--
2.11.0.390.gc69c2f50cf-goog
More information about the samba-technical
mailing list