[PATCH] Coverity fixes

Andreas Schneider asn at samba.org
Mon May 15 15:27:20 UTC 2017 

Hi,

here are some coverity fixes.


Review and push much appreciated.


Thanks,


	Andreas

-- 
Andreas Schneider                   GPG-ID: CC014E3D
Samba Team                             asn at samba.org
www.samba.org
-------------- next part --------------
>From d4d92273d345cbebe9fc865274a9f08f4968a51c Mon Sep 17 00:00:00 2001
From: Andreas Schneider <asn at samba.org>
Date: Mon, 8 May 2017 11:22:51 +0200
Subject: [PATCH 1/3] librpc:ndr: Set the length to 1 if we assign and empty
 string

CID #1399648

Signed-off-by: Andreas Schneider <asn at samba.org>
---
 librpc/ndr/ndr_string.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/librpc/ndr/ndr_string.c b/librpc/ndr/ndr_string.c
index f9366b494a8..067f91781ee 100644
--- a/librpc/ndr/ndr_string.c
+++ b/librpc/ndr/ndr_string.c
@@ -677,6 +677,7 @@ _PUBLIC_ enum ndr_err_code ndr_push_charset_to_null(struct ndr_push *ndr, int nd
 
 	if (str == NULL) {
 		str = "";
+		length = 1;
 	}
 
 	return ndr_push_charset(ndr, ndr_flags, str, length, byte_mul, chset);
-- 
2.12.2


>From fdce6266231482c844bb243c48f3ef1661f31634 Mon Sep 17 00:00:00 2001
From: Andreas Schneider <asn at samba.org>
Date: Mon, 8 May 2017 11:34:54 +0200
Subject: [PATCH 2/3] s3:winbind: Use a talloc stackframe for
 rpc_query_user_list

CID #1401581

Signed-off-by: Andreas Schneider <asn at samba.org>
---
 source3/winbindd/winbindd_rpc.c | 40 ++++++++++++++++++++++++----------------
 1 file changed, 24 insertions(+), 16 deletions(-)

diff --git a/source3/winbindd/winbindd_rpc.c b/source3/winbindd/winbindd_rpc.c
index 0023e2aa8d7..2c76e1abd6c 100644
--- a/source3/winbindd/winbindd_rpc.c
+++ b/source3/winbindd/winbindd_rpc.c
@@ -46,54 +46,62 @@ NTSTATUS rpc_query_user_list(TALLOC_CTX *mem_ctx,
 	uint32_t num_rids = 0;
 	uint32_t i = 0;
 	uint32_t resume_handle = 0;
-	NTSTATUS result;
+	NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
+	NTSTATUS status = NT_STATUS_UNSUCCESSFUL;
+	TALLOC_CTX *tmp_ctx;
 
 	*prids = NULL;
 
+	tmp_ctx = talloc_stackframe();
+	if (tmp_ctx == NULL) {
+		return NT_STATUS_NO_MEMORY;
+	}
+
 	do {
 		struct samr_SamArray *sam_array = NULL;
 		uint32_t count = 0;
-		NTSTATUS status;
 		uint32_t *tmp;
 
 		status = dcerpc_samr_EnumDomainUsers(
-			b, mem_ctx, samr_policy, &resume_handle,
+			b, tmp_ctx, samr_policy, &resume_handle,
 			ACB_NORMAL, &sam_array, 0xffff, &count, &result);
 		if (!NT_STATUS_IS_OK(status)) {
-			return status;
+			goto done;
 		}
 		if (!NT_STATUS_IS_OK(result)) {
 			if (!NT_STATUS_EQUAL(result, STATUS_MORE_ENTRIES)) {
 				DBG_WARNING("EnumDomainUsers failed: %s\n",
 					    nt_errstr(result));
-				TALLOC_FREE(rids);
-				TALLOC_FREE(sam_array);
-				return result;
+				status = result;
+				goto done;
 			}
 		}
 
 		if (num_rids + count < num_rids) {
-			TALLOC_FREE(sam_array);
-			TALLOC_FREE(rids);
-			return NT_STATUS_INTEGER_OVERFLOW;
+			status = NT_STATUS_INTEGER_OVERFLOW;
+			goto done;
 		}
 
-		tmp = talloc_realloc(mem_ctx, rids, uint32_t, num_rids+count);
+		tmp = talloc_realloc(tmp_ctx, rids, uint32_t, num_rids+count);
 		if (tmp == NULL) {
-			TALLOC_FREE(sam_array);
-			TALLOC_FREE(rids);
-			return NT_STATUS_NO_MEMORY;
+			status = NT_STATUS_NO_MEMORY;
+			goto done;
 		}
 		rids = tmp;
 
 		for (i=0; i<count; i++) {
 			rids[num_rids++] = sam_array->entries[i].idx;
 		}
+
+		TALLOC_FREE(sam_array);
 	} while (NT_STATUS_EQUAL(result, STATUS_MORE_ENTRIES));
 
-	*prids = rids;
+	*prids = talloc_steal(mem_ctx, rids);
+	status = NT_STATUS_OK;
 
-	return NT_STATUS_OK;
+done:
+	TALLOC_FREE(tmp_ctx);
+	return status;
 }
 
 /* List all domain groups */
-- 
2.12.2


>From 4c70ca4d0d7d36e10867928f606abfb58bcb3175 Mon Sep 17 00:00:00 2001
From: Andreas Schneider <asn at samba.org>
Date: Mon, 8 May 2017 11:44:34 +0200
Subject: [PATCH 3/3] ldb-samba: Fix a possible NULL pointer dereference

CID: #1402566
CID: #1402567

Signed-off-by: Andreas Schneider <asn at samba.org>
---
 lib/ldb-samba/ldb_ildap.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/lib/ldb-samba/ldb_ildap.c b/lib/ldb-samba/ldb_ildap.c
index 541971f63de..a4e96e4f138 100644
--- a/lib/ldb-samba/ldb_ildap.c
+++ b/lib/ldb-samba/ldb_ildap.c
@@ -863,7 +863,9 @@ static int ildb_connect(struct ldb_context *ldb, const char *url,
 	return LDB_SUCCESS;
 
 failed:
-	ldb_set_errstring(ldb, ldap_errstr(ildb->ldap, module, status));
+	if (ildb != NULL && ildb->ldap != NULL) {
+		ldb_set_errstring(ldb, ldap_errstr(ildb->ldap, module, status));
+	}
 	talloc_free(module);
 	if (NT_STATUS_IS_LDAP(status)) {
 		return NT_STATUS_LDAP_CODE(status);
-- 
2.12.2

More information about the samba-technical mailing list