[PATCH] Fix two CIDs

[Volker Lendecke]

Hi!

This NEWLY pushed file so severely needs overhaul to match
README.Coding :-(

For example there are several if-statements without {} around the
code. There's a reason why we don't want this: CVE 2014-1266, which
was an early one with a famous name. Is this file so completely immune
to any security-relevant exposure that this does not matter here? How
have we verified that this is irrelevant to security?

I'm not talking about the cosmetic 80-column thingy, something which
this file does not follow either. I am talking about our way to
protect from one aspect of security-aware coding, and a very easily
implemented one.

Garming and Andrew, you have both reviewed this file: Can you please
explain these obvious violations of README.Coding?

Thanks, Volker

-- 
SerNet GmbH, Bahnhofsallee 1b, 37081 Göttingen
phone: +49-551-370000-0, fax: +49-551-370000-9
AG Göttingen, HRB 2816, GF: Dr. Johannes Loxen
http://www.sernet.de, mailto:kontakt at sernet.de
-------------- next part --------------
From ab3f509ee25d90af7b51168a297a77a242474305 Mon Sep 17 00:00:00 2001
From: Volker Lendecke <vl at samba.org>
Date: Tue, 21 Nov 2017 20:30:08 +0100
Subject: [PATCH 1/2] libgpo: Fix CID 1422262 Explicit null dereferenced

Signed-off-by: Volker Lendecke <vl at samba.org>
---
 libgpo/pygpo.c | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/libgpo/pygpo.c b/libgpo/pygpo.c
index a54ddb98fe7..619985239cb 100644
--- a/libgpo/pygpo.c
+++ b/libgpo/pygpo.c
@@ -175,12 +175,16 @@ static int py_ads_init(ADS *self, PyObject *args, PyObject *kwds)
 	}
 
 	if (lp_obj) {
+		bool ok;
 		lp_ctx = pytalloc_get_type(lp_obj, struct loadparm_context);
 		if (lp_ctx == NULL) {
 			return -1;
 		}
+		ok = lp_load_initial_only(lp_ctx->szConfigFile);
+		if (!ok) {
+			return -1;
+		}
 	}
-	if (!lp_load_initial_only(lp_ctx->szConfigFile)) return -1;
 
 	if (self->cli_creds) {
 		realm = cli_credentials_get_realm(self->cli_creds);
-- 
2.11.0


From 4b9ebfb65f675b3b51ee412c2f9ba8eb7de48814 Mon Sep 17 00:00:00 2001
From: Volker Lendecke <vl at samba.org>
Date: Tue, 21 Nov 2017 20:41:47 +0100
Subject: [PATCH 2/2] libgpo: Fix CID 1422263 Resource leak

---
 libgpo/pygpo.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/libgpo/pygpo.c b/libgpo/pygpo.c
index 619985239cb..d7bb17382b2 100644
--- a/libgpo/pygpo.c
+++ b/libgpo/pygpo.c
@@ -248,6 +248,7 @@ static PyObject* py_ads_connect(ADS *self)
 		if (!strupper_m(self->ads_ptr->auth.realm)) {
 			PyErr_SetString(PyExc_SystemError, "Failed to strdup");
 			TALLOC_FREE(frame);
+			SAFE_FREE(passwd);
 			Py_RETURN_FALSE;
 		}
 
@@ -255,6 +256,7 @@ static PyObject* py_ads_connect(ADS *self)
 		if (!ADS_ERR_OK(status)) {
 			PyErr_SetString(PyExc_SystemError, "ads_connect() failed");
 			TALLOC_FREE(frame);
+			SAFE_FREE(passwd);
 			Py_RETURN_FALSE;
 		}
 	}
-- 
2.11.0