[PATCH] Fix a few CIDs
Volker Lendecke
Volker.Lendecke at SerNet.DE
Tue Apr 3 19:15:15 UTC 2018
Hi!
Review appreciated!
Thanks, Volker
--
SerNet GmbH, Bahnhofsallee 1b, 37081 Göttingen
phone: +49-551-370000-0, fax: +49-551-370000-9
AG Göttingen, HRB 2816, GF: Dr. Johannes Loxen
http://www.sernet.de, mailto:kontakt at sernet.de
-------------- next part --------------
From 4ce7b349733f892d3d4ca97d57f6e3999cd5d84a Mon Sep 17 00:00:00 2001
From: Volker Lendecke <vl at samba.org>
Date: Fri, 30 Mar 2018 12:32:26 -0500
Subject: [PATCH 01/22] libhttp: Fix CID 1273001 Dereference after null check
Signed-off-by: Volker Lendecke <vl at samba.org>
---
source4/lib/http/http.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/source4/lib/http/http.c b/source4/lib/http/http.c
index 10b49cd..9218c19 100644
--- a/source4/lib/http/http.c
+++ b/source4/lib/http/http.c
@@ -471,6 +471,7 @@ static int http_read_response_next_vector(struct tstream_context *stream,
/* Sanity checks */
if (!stream || !private_data || !_vector || !_count) {
DEBUG(0, ("%s: Invalid Parameter\n", __func__));
+ return -1;
}
state = talloc_get_type_abort(private_data, struct http_read_response_state);
--
1.9.1
From 58f60acca75db571570325373c3fb3bdba33bc95 Mon Sep 17 00:00:00 2001
From: Volker Lendecke <vl at samba.org>
Date: Fri, 30 Mar 2018 13:10:14 -0500
Subject: [PATCH 02/22] libcli: Fix CID 710748 Resource leak
Signed-off-by: Volker Lendecke <vl at samba.org>
---
libcli/smb/smbXcli_base.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/libcli/smb/smbXcli_base.c b/libcli/smb/smbXcli_base.c
index fbf2441..ad1b67b 100644
--- a/libcli/smb/smbXcli_base.c
+++ b/libcli/smb/smbXcli_base.c
@@ -2105,10 +2105,10 @@ static NTSTATUS smb1cli_inbuf_parse_chain(uint8_t *buf, TALLOC_CTX *mem_ctx,
wct_ofs = SVAL(cur[0].iov_base, 2);
if (wct_ofs < taken) {
- return NT_STATUS_INVALID_NETWORK_RESPONSE;
+ goto inval;
}
if (wct_ofs > buflen) {
- return NT_STATUS_INVALID_NETWORK_RESPONSE;
+ goto inval;
}
/*
--
1.9.1
From bd3549fb3357f29e5d79773331c8f889a78e5d86 Mon Sep 17 00:00:00 2001
From: Volker Lendecke <vl at samba.org>
Date: Fri, 30 Mar 2018 13:17:54 -0500
Subject: [PATCH 03/22] perfcount: Fix CID 1034875 Resource leak
Signed-off-by: Volker Lendecke <vl at samba.org>
---
source3/registry/reg_perfcount.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/source3/registry/reg_perfcount.c b/source3/registry/reg_perfcount.c
index a8f76ac..c68b6cd 100644
--- a/source3/registry/reg_perfcount.c
+++ b/source3/registry/reg_perfcount.c
@@ -193,6 +193,7 @@ static uint32_t _reg_perfcount_multi_sz_from_tdb(TDB_CONTEXT *tdb,
}
ok = push_reg_sz(talloc_tos(), &name_index, (const char *)kbuf.dptr);
if (!ok) {
+ SAFE_FREE(buf1);
buffer_size = 0;
return buffer_size;
}
@@ -202,6 +203,7 @@ static uint32_t _reg_perfcount_multi_sz_from_tdb(TDB_CONTEXT *tdb,
working_size = (dbuf.dsize + 1)*sizeof(uint16_t);
buf1 = (char *)SMB_REALLOC(buf1, buffer_size + working_size);
if(!buf1) {
+ SAFE_FREE(buf1);
buffer_size = 0;
return buffer_size;
}
@@ -210,6 +212,7 @@ static uint32_t _reg_perfcount_multi_sz_from_tdb(TDB_CONTEXT *tdb,
SAFE_FREE(dbuf.dptr);
ok = push_reg_sz(talloc_tos(), &name, temp);
if (!ok) {
+ SAFE_FREE(buf1);
buffer_size = 0;
return buffer_size;
}
--
1.9.1
From 4e3174ded0b7e69446d2ba15633576204aecae28 Mon Sep 17 00:00:00 2001
From: Volker Lendecke <vl at samba.org>
Date: Fri, 30 Mar 2018 13:23:01 -0500
Subject: [PATCH 04/22] lsasrv: Fix CID 241331 Self assignment
Signed-off-by: Volker Lendecke <vl at samba.org>
---
source4/rpc_server/lsa/dcesrv_lsa.c | 1 -
1 file changed, 1 deletion(-)
diff --git a/source4/rpc_server/lsa/dcesrv_lsa.c b/source4/rpc_server/lsa/dcesrv_lsa.c
index 17c07d6..3a413a5 100644
--- a/source4/rpc_server/lsa/dcesrv_lsa.c
+++ b/source4/rpc_server/lsa/dcesrv_lsa.c
@@ -2563,7 +2563,6 @@ static NTSTATUS dcesrv_lsa_EnumTrustDom(struct dcesrv_call_state *dce_call, TALL
1+(r->in.max_size/LSA_ENUM_TRUST_DOMAIN_MULTIPLIER));
r->out.domains->domains = entries + *r->in.resume_handle;
- r->out.domains->count = r->out.domains->count;
if (r->out.domains->count < count - *r->in.resume_handle) {
*r->out.resume_handle = *r->in.resume_handle + r->out.domains->count;
--
1.9.1
From e9f5f1422b3f9759634d4d2487e0705308bd5824 Mon Sep 17 00:00:00 2001
From: Volker Lendecke <vl at samba.org>
Date: Fri, 30 Mar 2018 13:23:43 -0500
Subject: [PATCH 05/22] lsasrv: Fix CID 241332 Self assignment
Signed-off-by: Volker Lendecke <vl at samba.org>
---
source4/rpc_server/lsa/dcesrv_lsa.c | 1 -
1 file changed, 1 deletion(-)
diff --git a/source4/rpc_server/lsa/dcesrv_lsa.c b/source4/rpc_server/lsa/dcesrv_lsa.c
index 3a413a5..9371bee 100644
--- a/source4/rpc_server/lsa/dcesrv_lsa.c
+++ b/source4/rpc_server/lsa/dcesrv_lsa.c
@@ -2657,7 +2657,6 @@ static NTSTATUS dcesrv_lsa_EnumTrustedDomainsEx(struct dcesrv_call_state *dce_ca
1+(r->in.max_size/LSA_ENUM_TRUST_DOMAIN_EX_MULTIPLIER));
r->out.domains->domains = entries + *r->in.resume_handle;
- r->out.domains->count = r->out.domains->count;
if (r->out.domains->count < count - *r->in.resume_handle) {
*r->out.resume_handle = *r->in.resume_handle + r->out.domains->count;
--
1.9.1
From 474e407fe0cb5b2c7d948d2924205843ef45db8b Mon Sep 17 00:00:00 2001
From: Volker Lendecke <vl at samba.org>
Date: Fri, 30 Mar 2018 11:37:49 -0500
Subject: [PATCH 06/22] smbd: Fix CID 240676 Dereference after null check
Signed-off-by: Volker Lendecke <vl at samba.org>
---
source3/smbd/open.c | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/source3/smbd/open.c b/source3/smbd/open.c
index 643e074..3c24d76 100644
--- a/source3/smbd/open.c
+++ b/source3/smbd/open.c
@@ -5079,6 +5079,13 @@ static NTSTATUS create_file_unixpath(connection_struct *conn,
if (lease != NULL) {
uint16_t epoch = lease->lease_epoch;
uint16_t version = lease->lease_version;
+
+ if (req == NULL) {
+ DBG_WARNING("Got lease on internal open\n");
+ status = NT_STATUS_INTERNAL_ERROR;
+ goto fail;
+ }
+
status = lease_match(conn,
req,
&lease->lease_key,
--
1.9.1
From cf313aae6a19764d5ad353cc822c5569a4c5f5b4 Mon Sep 17 00:00:00 2001
From: Volker Lendecke <vl at samba.org>
Date: Fri, 30 Mar 2018 12:08:42 -0500
Subject: [PATCH 07/22] cldap: Avoid a ZERO_STRUCTP
This is done implicitly by tevent_req_create
Signed-off-by: Volker Lendecke <vl at samba.org>
---
libcli/cldap/cldap.c | 1 -
1 file changed, 1 deletion(-)
diff --git a/libcli/cldap/cldap.c b/libcli/cldap/cldap.c
index 87f82b9..242a117 100644
--- a/libcli/cldap/cldap.c
+++ b/libcli/cldap/cldap.c
@@ -577,7 +577,6 @@ struct tevent_req *cldap_search_send(TALLOC_CTX *mem_ctx,
if (!req) {
return NULL;
}
- ZERO_STRUCTP(state);
state->caller.ev = ev;
state->req = req;
state->caller.cldap = cldap;
--
1.9.1
From c1cfa9d9e0aa5e3f7802d553a3f40dd6735f78cc Mon Sep 17 00:00:00 2001
From: Volker Lendecke <vl at samba.org>
Date: Fri, 30 Mar 2018 12:13:03 -0500
Subject: [PATCH 08/22] dsdb: Fix CID 1034744 Dereference after null check
This HIGHLY looks like a cut&paste error...
Signed-off-by: Volker Lendecke <vl at samba.org>
---
source4/dsdb/schema/schema_syntax.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/source4/dsdb/schema/schema_syntax.c b/source4/dsdb/schema/schema_syntax.c
index 6205373..b434b6b 100644
--- a/source4/dsdb/schema/schema_syntax.c
+++ b/source4/dsdb/schema/schema_syntax.c
@@ -662,7 +662,7 @@ static WERROR dsdb_syntax_NTTIME_UTC_validate_ldb(const struct dsdb_syntax_ctx *
}
if (attr->rangeUpper) {
- if ((int32_t)t > (int32_t)*attr->rangeLower) {
+ if ((int32_t)t > (int32_t)*attr->rangeUpper) {
return WERR_DS_INVALID_ATTRIBUTE_SYNTAX;
}
}
--
1.9.1
From 5f325b1993b9a5a43595fd239ce5e3ab53f4525e Mon Sep 17 00:00:00 2001
From: Volker Lendecke <vl at samba.org>
Date: Fri, 30 Mar 2018 12:19:24 -0500
Subject: [PATCH 09/22] groupdb: Fix CID 1167984 Ignoring number of bytes read
Signed-off-by: Volker Lendecke <vl at samba.org>
---
source3/groupdb/mapping.c | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/source3/groupdb/mapping.c b/source3/groupdb/mapping.c
index ac70fe6..1a8670e 100644
--- a/source3/groupdb/mapping.c
+++ b/source3/groupdb/mapping.c
@@ -237,9 +237,13 @@ int smb_create_group(const char *unix_group, gid_t *new_gid)
if (fd != 0) {
fstring output;
+ ssize_t nread;
*new_gid = 0;
- if (read(fd, output, sizeof(output)) > 0) {
+
+ nread = read(fd, output, sizeof(output)-1);
+ if (nread > 0) {
+ output[nread] = '\0';
*new_gid = (gid_t)strtoul(output, NULL, 10);
}
--
1.9.1
From c5a9210bbb4a8ae13d040d570832731b04b94121 Mon Sep 17 00:00:00 2001
From: Volker Lendecke <vl at samba.org>
Date: Fri, 30 Mar 2018 12:22:57 -0500
Subject: [PATCH 10/22] tstream: Fix CID 1167982 Unchecked return value
Signed-off-by: Volker Lendecke <vl at samba.org>
---
libcli/smb/tstream_smbXcli_np.c | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a/libcli/smb/tstream_smbXcli_np.c b/libcli/smb/tstream_smbXcli_np.c
index a59db13..7928f40 100644
--- a/libcli/smb/tstream_smbXcli_np.c
+++ b/libcli/smb/tstream_smbXcli_np.c
@@ -1008,9 +1008,8 @@ static void tstream_smbXcli_np_readv_trans_done(struct tevent_req *subreq)
cli_nps->read.ofs = 0;
cli_nps->read.left = received;
cli_nps->read.buf = talloc_array(cli_nps, uint8_t, received);
- if (cli_nps->read.buf == NULL) {
+ if (tevent_req_nomem(cli_nps->read.buf, req)) {
TALLOC_FREE(subreq);
- tevent_req_nomem(cli_nps->read.buf, req);
return;
}
memcpy(cli_nps->read.buf, rcvbuf, received);
--
1.9.1
From 346b78e1b1e5bef65e3060cc814d6ec5ad4835bb Mon Sep 17 00:00:00 2001
From: Volker Lendecke <vl at samba.org>
Date: Fri, 30 Mar 2018 12:23:47 -0500
Subject: [PATCH 11/22] tstream: Fix CID 1167981 Unchecked return value
Signed-off-by: Volker Lendecke <vl at samba.org>
---
libcli/smb/tstream_smbXcli_np.c | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a/libcli/smb/tstream_smbXcli_np.c b/libcli/smb/tstream_smbXcli_np.c
index 7928f40..949535d 100644
--- a/libcli/smb/tstream_smbXcli_np.c
+++ b/libcli/smb/tstream_smbXcli_np.c
@@ -1093,9 +1093,8 @@ static void tstream_smbXcli_np_readv_read_done(struct tevent_req *subreq)
cli_nps->read.ofs = 0;
cli_nps->read.left = received;
cli_nps->read.buf = talloc_array(cli_nps, uint8_t, received);
- if (cli_nps->read.buf == NULL) {
+ if (tevent_req_nomem(cli_nps->read.buf, req)) {
TALLOC_FREE(subreq);
- tevent_req_nomem(cli_nps->read.buf, req);
return;
}
memcpy(cli_nps->read.buf, rcvbuf, received);
--
1.9.1
From b293c87b9cde608533da606ffeaba0be19be69bb Mon Sep 17 00:00:00 2001
From: Volker Lendecke <vl at samba.org>
Date: Wed, 28 Mar 2018 15:23:16 -0500
Subject: [PATCH 12/22] libads: Fix CID 1272809 Free of address-of expression
Look at the other SAFE_FREE's in this function...
Signed-off-by: Volker Lendecke <vl at samba.org>
---
lib/krb5_wrap/krb5_samba.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/lib/krb5_wrap/krb5_samba.c b/lib/krb5_wrap/krb5_samba.c
index 7c461e5..1493d81 100644
--- a/lib/krb5_wrap/krb5_samba.c
+++ b/lib/krb5_wrap/krb5_samba.c
@@ -1087,7 +1087,7 @@ krb5_error_code smb_krb5_gen_netbios_krb5_address(smb_krb5_addresses **kerb_addr
addrs->val = (krb5_address *)SMB_MALLOC(sizeof(krb5_address));
if (addrs->val == NULL) {
SAFE_FREE(addrs);
- SAFE_FREE(kerb_addr);
+ SAFE_FREE(*kerb_addr);
return ENOMEM;
}
--
1.9.1
From b5820a24e065c1dd1c531d8ee7c2cddbb13dc42b Mon Sep 17 00:00:00 2001
From: Volker Lendecke <vl at samba.org>
Date: Wed, 28 Mar 2018 15:43:53 -0500
Subject: [PATCH 13/22] dsdb: Fix CID 1034966 Uninitialized scalar variable
"continue" in a do-while loop jumps to the "while"-check, so "id_exists" needs
to be initialized by that point.
Signed-off-by: Volker Lendecke <vl at samba.org>
---
source4/dsdb/samdb/ldb_modules/samldb.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/source4/dsdb/samdb/ldb_modules/samldb.c b/source4/dsdb/samdb/ldb_modules/samldb.c
index 108235a..a46fd37 100644
--- a/source4/dsdb/samdb/ldb_modules/samldb.c
+++ b/source4/dsdb/samdb/ldb_modules/samldb.c
@@ -875,6 +875,7 @@ static int samldb_add_handle_msDS_IntId(struct samldb_ctx *ac)
* order to be sure.
*/
if (dsdb_attribute_by_attributeID_id(schema, msds_intid)) {
+ id_exists = true;
msds_intid = generate_random() % 0X3FFFFFFF;
msds_intid += 0x80000000;
continue;
--
1.9.1
From fa0b226d42852bd8fdb7d7bb3d1a9cbfc9672747 Mon Sep 17 00:00:00 2001
From: Volker Lendecke <vl at samba.org>
Date: Wed, 28 Mar 2018 15:46:34 -0500
Subject: [PATCH 14/22] utils: Fix CID 1035541 Uninitialized scalar variable
Signed-off-by: Volker Lendecke <vl at samba.org>
---
source3/utils/log2pcaphex.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/source3/utils/log2pcaphex.c b/source3/utils/log2pcaphex.c
index 5310982..b5c234f 100644
--- a/source3/utils/log2pcaphex.c
+++ b/source3/utils/log2pcaphex.c
@@ -303,7 +303,7 @@ int main(int argc, const char **argv)
poptContext pc;
char buffer[4096];
long data_offset = 0;
- long data_length;
+ long data_length = 0;
long data_bytes_read = 0;
size_t in_packet = 0;
struct poptOption long_options[] = {
--
1.9.1
From ccbb35f7b818514b9953772774d7c12a0527bbae Mon Sep 17 00:00:00 2001
From: Volker Lendecke <vl at samba.org>
Date: Wed, 28 Mar 2018 15:49:30 -0500
Subject: [PATCH 15/22] pygpo: Fix CID 1422263 Resource leak
Signed-off-by: Volker Lendecke <vl at samba.org>
---
libgpo/pygpo.c | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a/libgpo/pygpo.c b/libgpo/pygpo.c
index ac6e323..db33602 100644
--- a/libgpo/pygpo.c
+++ b/libgpo/pygpo.c
@@ -264,12 +264,12 @@ static PyObject* py_ads_connect(ADS *self)
Py_RETURN_FALSE;
}
self->ads_ptr->auth.password = smb_xstrdup(passwd);
+ SAFE_FREE(passwd);
self->ads_ptr->auth.realm =
smb_xstrdup(self->ads_ptr->server.realm);
if (!strupper_m(self->ads_ptr->auth.realm)) {
PyErr_SetString(PyExc_SystemError, "Failed to strdup");
TALLOC_FREE(frame);
- SAFE_FREE(passwd);
Py_RETURN_FALSE;
}
@@ -278,7 +278,6 @@ static PyObject* py_ads_connect(ADS *self)
PyErr_SetString(PyExc_SystemError,
"ads_connect() failed");
TALLOC_FREE(frame);
- SAFE_FREE(passwd);
Py_RETURN_FALSE;
}
}
--
1.9.1
From 85848b2bb1d7210870d3896aadedbf57d31e3af1 Mon Sep 17 00:00:00 2001
From: Volker Lendecke <vl at samba.org>
Date: Fri, 30 Mar 2018 08:27:33 -0500
Subject: [PATCH 16/22] pdb_ldap: Fix CID 1363266 Resource leak
Signed-off-by: Volker Lendecke <vl at samba.org>
---
source3/passdb/pdb_ldap.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/source3/passdb/pdb_ldap.c b/source3/passdb/pdb_ldap.c
index bf9377c..39c7a06 100644
--- a/source3/passdb/pdb_ldap.c
+++ b/source3/passdb/pdb_ldap.c
@@ -6054,7 +6054,7 @@ static NTSTATUS ldapsam_set_primary_group(struct pdb_methods *my_methods,
char *filter;
char *escape_username;
char *gidstr;
- const char *dn = NULL;
+ char *dn = NULL;
gid_t gid;
int rc;
@@ -6125,11 +6125,12 @@ static NTSTATUS ldapsam_set_primary_group(struct pdb_methods *my_methods,
smbldap_make_mod(priv2ld(ldap_state), entry, &mods, "gidNumber", gidstr);
if (mods == NULL) {
+ TALLOC_FREE(dn);
return NT_STATUS_OK;
}
rc = smbldap_modify(ldap_state->smbldap_state, dn, mods);
-
+ TALLOC_FREE(dn);
if (rc != LDAP_SUCCESS) {
DEBUG(0,("ldapsam_set_primary_group: failed to modify [%s] primary group to [%s]\n",
pdb_get_username(sampass), gidstr));
--
1.9.1
From 0ef4de10710c9a5ac12b7cb3159b9904b65ad01b Mon Sep 17 00:00:00 2001
From: Volker Lendecke <vl at samba.org>
Date: Fri, 30 Mar 2018 09:15:30 -0500
Subject: [PATCH 17/22] net: Fix CID 1414752 Resource leak
Signed-off-by: Volker Lendecke <vl at samba.org>
---
source3/utils/net_cache.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/source3/utils/net_cache.c b/source3/utils/net_cache.c
index 8f9f69f..98c5803 100644
--- a/source3/utils/net_cache.c
+++ b/source3/utils/net_cache.c
@@ -456,6 +456,7 @@ static int net_cache_samlogon_show(struct net_context *c,
&num_user_sids,
true);
if (!NT_STATUS_IS_OK(status)) {
+ TALLOC_FREE(user_sids);
d_printf("sid_array_from_info3 failed for %s\n", sid_str);
return -1;
}
@@ -465,6 +466,8 @@ static int net_cache_samlogon_show(struct net_context *c,
i, sid_string_dbg(&user_sids[i]));
}
+ TALLOC_FREE(user_sids);
+
return 0;
}
--
1.9.1
From 410a1688c9133f434c13d9e8f03766d34756aeb7 Mon Sep 17 00:00:00 2001
From: Volker Lendecke <vl at samba.org>
Date: Fri, 30 Mar 2018 09:16:47 -0500
Subject: [PATCH 18/22] net: Avoid tallocs
Not really performance critical, but I think it's worth establishing sample
code to use more stack variables than going out to talloc.
Signed-off-by: Volker Lendecke <vl at samba.org>
---
source3/utils/net_cache.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/source3/utils/net_cache.c b/source3/utils/net_cache.c
index 98c5803..f9d12ef 100644
--- a/source3/utils/net_cache.c
+++ b/source3/utils/net_cache.c
@@ -462,8 +462,9 @@ static int net_cache_samlogon_show(struct net_context *c,
}
for (i = 0; i < num_user_sids; i++) {
- d_printf("SID %2" PRIu32 ": %s\n",
- i, sid_string_dbg(&user_sids[i]));
+ char buf[DOM_SID_STR_BUFLEN];
+ dom_sid_string_buf(&user_sids[i], buf, sizeof(buf));
+ d_printf("SID %2" PRIu32 ": %s\n", i, buf);
}
TALLOC_FREE(user_sids);
--
1.9.1
From d6829810d49f843b6d8d55bf40745b76b403aaea Mon Sep 17 00:00:00 2001
From: Volker Lendecke <vl at samba.org>
Date: Fri, 30 Mar 2018 09:23:07 -0500
Subject: [PATCH 19/22] krb5_wrap: Fix CID 1034833 Resource leak
Signed-off-by: Volker Lendecke <vl at samba.org>
---
lib/krb5_wrap/keytab_util.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/lib/krb5_wrap/keytab_util.c b/lib/krb5_wrap/keytab_util.c
index f9a8679..fd8308c 100644
--- a/lib/krb5_wrap/keytab_util.c
+++ b/lib/krb5_wrap/keytab_util.c
@@ -179,12 +179,14 @@ krb5_error_code kt_copy_one_principal(krb5_context context,
ret = krb5_kt_resolve (context, from, &src_keytab);
if (ret) {
+ krb5_free_principal(context, princ);
krb5_set_error_message(context, ret, "resolving src keytab `%s'", from);
return ret;
}
ret = krb5_kt_resolve (context, to, &dst_keytab);
if (ret) {
+ krb5_free_principal(context, princ);
krb5_kt_close (context, src_keytab);
krb5_set_error_message(context, ret, "resolving dst keytab `%s'", to);
return ret;
@@ -223,6 +225,7 @@ krb5_error_code kt_copy_one_principal(krb5_context context,
}
}
+ krb5_free_principal(context, princ);
krb5_kt_close (context, src_keytab);
krb5_kt_close (context, dst_keytab);
return ret;
--
1.9.1
From 73e14e4b76b99397bd47b1fc7e3e90f66d16cad4 Mon Sep 17 00:00:00 2001
From: Volker Lendecke <vl at samba.org>
Date: Fri, 30 Mar 2018 11:00:33 -0500
Subject: [PATCH 20/22] krb5_wrap: Fix a logic error
krb5_unparse_name returns 0 on success
Signed-off-by: Volker Lendecke <vl at samba.org>
---
lib/krb5_wrap/keytab_util.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/lib/krb5_wrap/keytab_util.c b/lib/krb5_wrap/keytab_util.c
index fd8308c..5a72389 100644
--- a/lib/krb5_wrap/keytab_util.c
+++ b/lib/krb5_wrap/keytab_util.c
@@ -213,7 +213,7 @@ krb5_error_code kt_copy_one_principal(krb5_context context,
if (!found_one) {
char *princ_string;
int ret2 = krb5_unparse_name (context, princ, &princ_string);
- if (ret2) {
+ if (ret2 == 0) {
krb5_set_error_message(context, ret,
"failed to fetch principal %s",
princ_string);
--
1.9.1
From aba7235077357a8fc2c14c88a0c94522febda738 Mon Sep 17 00:00:00 2001
From: Volker Lendecke <vl at samba.org>
Date: Fri, 30 Mar 2018 11:02:35 -0500
Subject: [PATCH 21/22] krb5_wrap: Fix CID 1414754 Resource leak
Signed-off-by: Volker Lendecke <vl at samba.org>
---
lib/krb5_wrap/keytab_util.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/lib/krb5_wrap/keytab_util.c b/lib/krb5_wrap/keytab_util.c
index 5a72389..33b2ccc 100644
--- a/lib/krb5_wrap/keytab_util.c
+++ b/lib/krb5_wrap/keytab_util.c
@@ -217,6 +217,7 @@ krb5_error_code kt_copy_one_principal(krb5_context context,
krb5_set_error_message(context, ret,
"failed to fetch principal %s",
princ_string);
+ krb5_free_unparsed_name(context, princ_string);
}
} else {
/* Not finding an enc type is not an error,
--
1.9.1
From f4c3b0fbb57b9924e71040c7a4e4393f0124a1d5 Mon Sep 17 00:00:00 2001
From: Volker Lendecke <vl at samba.org>
Date: Fri, 30 Mar 2018 11:08:05 -0500
Subject: [PATCH 22/22] krb5_wrap: Fix CID 1414755 Resource leak
Signed-off-by: Volker Lendecke <vl at samba.org>
---
lib/krb5_wrap/keytab_util.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/lib/krb5_wrap/keytab_util.c b/lib/krb5_wrap/keytab_util.c
index 33b2ccc..274ea6c 100644
--- a/lib/krb5_wrap/keytab_util.c
+++ b/lib/krb5_wrap/keytab_util.c
@@ -66,6 +66,7 @@ static krb5_error_code copy_one_entry(krb5_context context,
KRB5_KEY_TYPE(KRB5_KT_KEY(&entry)),
&etype_str);
if(ret) {
+ krb5_free_unparsed_name(context, name_str);
krb5_set_error_message(context, ret, "krb5_enctype_to_string");
etype_str = NULL; /* XXX */
return ret;
--
1.9.1
More information about the samba-technical
mailing list