[PATCH] ldb: check return values
Jeremy Allison
jra at samba.org
Wed Jun 20 22:37:29 UTC 2018
On Tue, Jun 19, 2018 at 08:59:25AM +0000, Andrej Gessel via samba-technical wrote:
> Hello Andrew,
>
>
> BUG: https://bugzilla.samba.org/show_bug.cgi?id=13477
>
>
> I have found another "bad" place. Attached both patches.
>
>
> Gitlab CI Pipeline: https://gitlab.com/samba-team/devel/samba/pipelines/24121645
Thanks Andrej, These both look good to me.
RB+. Can I get a second Team reviewer please ?
Jeremy.
> ________________________________
> Von: Andrew Bartlett <abartlet at samba.org>
> Gesendet: Dienstag, 19. Juni 2018 06:43
> An: Andrej Gessel; samba-technical at lists.samba.org
> Betreff: Re: [PATCH] ldb: check return values
>
> On Mon, 2018-06-18 at 11:17 +0200, Andrej Gessel via samba-technical
> wrote:
> > PS: Pipeline on Gitlab:
> > https://gitlab.com/samba-team/devel/samba/pipelines/23925777
> >
> >
> > Am 18.06.2018 um 10:57 schrieb Andrej Gessel via samba-technical:
> > > Hello list,
> > >
> > >
> > > attached is a patch with additional NULL checks after memory allocation.
> > >
> > >
> > >
> > > Andrej
>
> G'Day Andrej
>
> Can you please file bugs about these and add a BUG: tag so we can
> backport them to (eg) the 4.8 series.
>
> Thanks,
>
> Andrew Bartlett
> --
> Andrew Bartlett http://samba.org/~abartlet/
> Authentication Developer, Samba Team http://samba.org
> Samba Developer, Catalyst IT http://catalyst.net.nz/services/samba
>
> From ac2314457fb35cffca9c552bcb3866f564b9c9ec Mon Sep 17 00:00:00 2001
> From: Andrej Gessel <Andrej.Gessel at janztec.com>
> Date: Fri, 15 Jun 2018 11:02:15 +0200
> Subject: [PATCH 1/2] ldb: check return values
>
> BUG: https://bugzilla.samba.org/show_bug.cgi?id=13477
> Signed-off-by: Andrej Gessel <Andrej.Gessel at janztec.com>
> ---
> lib/ldb/ldb_tdb/ldb_index.c | 7 +++++++
> lib/ldb/ldb_tdb/ldb_search.c | 5 ++++-
> 2 files changed, 11 insertions(+), 1 deletion(-)
>
> diff --git a/lib/ldb/ldb_tdb/ldb_index.c b/lib/ldb/ldb_tdb/ldb_index.c
> index 04ffbad..13f61ac 100644
> --- a/lib/ldb/ldb_tdb/ldb_index.c
> +++ b/lib/ldb/ldb_tdb/ldb_index.c
> @@ -446,6 +446,10 @@ normal_index:
>
> list->count = el->values[0].length / LTDB_GUID_SIZE;
> list->dn = talloc_array(list, struct ldb_val, list->count);
> + if (list->dn == NULL) {
> + talloc_free(msg);
> + return LDB_ERR_OPERATIONS_ERROR;
> + }
>
> /*
> * The actual data is on msg, due to
> @@ -710,6 +714,9 @@ static int ltdb_dn_list_store(struct ldb_module *module, struct ldb_dn *dn,
> }
>
> key.dptr = discard_const_p(unsigned char, ldb_dn_get_linearized(dn));
> + if (key.dptr == NULL) {
> + return LDB_ERR_OPERATIONS_ERROR;
> + }
> key.dsize = strlen((char *)key.dptr);
>
> rec = tdb_fetch(ltdb->idxptr->itdb, key);
> diff --git a/lib/ldb/ldb_tdb/ldb_search.c b/lib/ldb/ldb_tdb/ldb_search.c
> index cfc3714..14e5040 100644
> --- a/lib/ldb/ldb_tdb/ldb_search.c
> +++ b/lib/ldb/ldb_tdb/ldb_search.c
> @@ -102,8 +102,11 @@ static int msg_add_distinguished_name(struct ldb_message *msg)
> el.values = &val;
> el.flags = 0;
> val.data = (uint8_t *)ldb_dn_alloc_linearized(msg, msg->dn);
> + if (val.data == NULL) {
> + return -1;
> + }
> val.length = strlen((char *)val.data);
> -
> +
> ret = msg_add_element(msg, &el, 1);
> return ret;
> }
> --
> 2.7.4
>
>
> From 9b757c4cf560e61b8bc6cdb87d53c6729a472c04 Mon Sep 17 00:00:00 2001
> From: Andrej Gessel <Andrej.Gessel at janztec.com>
> Date: Tue, 19 Jun 2018 10:07:51 +0200
> Subject: [PATCH 2/2] check return value before using key_values
>
> BUG: https://bugzilla.samba.org/show_bug.cgi?id=13477
> Signed-off-by: Andrej Gessel <Andrej.Gessel at janztec.com>
> ---
> lib/ldb/ldb_tdb/ldb_index.c | 6 +++---
> 1 file changed, 3 insertions(+), 3 deletions(-)
>
> diff --git a/lib/ldb/ldb_tdb/ldb_index.c b/lib/ldb/ldb_tdb/ldb_index.c
> index 13f61ac..604a1f6 100644
> --- a/lib/ldb/ldb_tdb/ldb_index.c
> +++ b/lib/ldb/ldb_tdb/ldb_index.c
> @@ -1760,13 +1760,13 @@ static int ltdb_index_filter(struct ltdb_private *ltdb,
> struct guid_tdb_key,
> dn_list->count);
>
> + if (key_values == NULL) {
> + return ldb_module_oom(ac->module);
> + }
> for (i = 0; i < dn_list->count; i++) {
> keys[i].dptr = key_values[i].guid_key;
> keys[i].dsize = sizeof(key_values[i].guid_key);
> }
> - if (key_values == NULL) {
> - return ldb_module_oom(ac->module);
> - }
> } else {
> for (i = 0; i < dn_list->count; i++) {
> keys[i].dptr = NULL;
> --
> 2.7.4
>
More information about the samba-technical
mailing list