[PATCH] Fix two CIDs

David Mulder dmulder at suse.com
Wed Nov 22 14:54:05 UTC 2017


On 11/21/2017 01:04 PM, Volker Lendecke via samba-technical wrote:
> Hi!
>
> This NEWLY pushed file so severely needs overhaul to match
> README.Coding :-(
>
> For example there are several if-statements without {} around the
> code. There's a reason why we don't want this: CVE 2014-1266, which
> was an early one with a famous name. Is this file so completely immune
> to any security-relevant exposure that this does not matter here? How
> have we verified that this is irrelevant to security?
I think security does matter here, since we're authenticating and
pulling info from the sysvol.
Not putting {} around if statements is a bad habit of mine.
> I'm not talking about the cosmetic 80-column thingy, something which
> this file does not follow either. I am talking about our way to
> protect from one aspect of security-aware coding, and a very easily
> implemented one.
Actually, if you set your tabwidth to 4 chars, the file abides by the
80-column width (my bad).
Obviously that was a mistake.
> Garming and Andrew, you have both reviewed this file: Can you please
> explain these obvious violations of README.Coding?
>
> Thanks, Volker
>

-- 
David Mulder
SUSE Labs Software Engineer - Samba
dmulder at suse.com
SUSE Linux GmbH, GF: Felix Imend├Ârffer, Jane Smithard, Graham Norton, HRB 21284 (AG N├╝rnberg)





More information about the samba-technical mailing list