[PATCH] Some fixes found by covscan

Andreas Schneider asn at samba.org
Thu Oct 18 09:57:49 UTC 2018 

Hi,

attached is a patch with a few fixes detected by covscan (internal tool).


Please review and push if OK.


Thanks,


	Andreas


-- 
Andreas Schneider                      asn at samba.org
Samba Team                             www.samba.org
GPG-ID:     8DFF53E18F2ABC8D8F3C92237EE0FC4DCC014E3D
-------------- next part --------------
>From 2fdf45d711a56e5bb41c2c7502417cc43a1c155f Mon Sep 17 00:00:00 2001
From: Andreas Schneider <asn at samba.org>
Date: Wed, 26 Sep 2018 14:29:50 +0200
Subject: [PATCH 1/4] s3:registry: Avoid a double-free in reg_perfcount

Found by covscan.

Signed-off-by: Andreas Schneider <asn at samba.org>
---
 source3/registry/reg_perfcount.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/source3/registry/reg_perfcount.c b/source3/registry/reg_perfcount.c
index 6fa96f314fb..394930b27a9 100644
--- a/source3/registry/reg_perfcount.c
+++ b/source3/registry/reg_perfcount.c
@@ -186,9 +186,9 @@ static uint32_t _reg_perfcount_multi_sz_from_tdb(TDB_CONTEXT *tdb,
 	}
 	/* First encode the name_index */
 	working_size = (kbuf.dsize + 1)*sizeof(uint16_t);
+	/* SMB_REALLOC frees buf1 on error */
 	p = (char *)SMB_REALLOC(buf1, buffer_size + working_size);
 	if (p == NULL) {
-		SAFE_FREE(buf1);
 		buffer_size = 0;
 		return buffer_size;
 	}
@@ -203,9 +203,9 @@ static uint32_t _reg_perfcount_multi_sz_from_tdb(TDB_CONTEXT *tdb,
 	buffer_size += working_size;
 	/* Now encode the actual name */
 	working_size = (dbuf.dsize + 1)*sizeof(uint16_t);
+	/* SMB_REALLOC frees buf1 on error */
 	p = (char *)SMB_REALLOC(buf1, buffer_size + working_size);
 	if (p == NULL) {
-		SAFE_FREE(buf1);
 		buffer_size = 0;
 		return buffer_size;
 	}
-- 
2.19.1


>From a0a45a6d4e0bdaa7c2cce205b4de790317f5d345 Mon Sep 17 00:00:00 2001
From: Andreas Schneider <asn at samba.org>
Date: Wed, 26 Sep 2018 14:30:32 +0200
Subject: [PATCH 2/4] ndr: Init variables of GUID_from_data_blob()

Found by covscan.

Signed-off-by: Andreas Schneider <asn at samba.org>
---
 librpc/ndr/uuid.c | 11 ++++++-----
 1 file changed, 6 insertions(+), 5 deletions(-)

diff --git a/librpc/ndr/uuid.c b/librpc/ndr/uuid.c
index 53540c7ddc8..6c5082190ca 100644
--- a/librpc/ndr/uuid.c
+++ b/librpc/ndr/uuid.c
@@ -59,11 +59,12 @@ _PUBLIC_ NTSTATUS GUID_from_ndr_blob(const DATA_BLOB *b, struct GUID *guid)
 _PUBLIC_ NTSTATUS GUID_from_data_blob(const DATA_BLOB *s, struct GUID *guid)
 {
 	NTSTATUS status = NT_STATUS_INVALID_PARAMETER;
-	uint32_t time_low;
-	uint32_t time_mid, time_hi_and_version;
-	uint32_t clock_seq[2];
-	uint32_t node[6];
-	uint8_t buf16[16];
+	uint32_t time_low = 0;
+	uint32_t time_mid = 0;
+	uint32_t time_hi_and_version = 0;
+	uint32_t clock_seq[2] = {0};
+	uint32_t node[6] = {0};
+	uint8_t buf16[16] = {0};
 
 	DATA_BLOB blob16 = data_blob_const(buf16, sizeof(buf16));
 	int i;
-- 
2.19.1


>From fd621cdb66068dc8519a76051a7dfa810b493449 Mon Sep 17 00:00:00 2001
From: Andreas Schneider <asn at samba.org>
Date: Wed, 26 Sep 2018 14:34:07 +0200
Subject: [PATCH 3/4] s4:torture: Fix the scope of the req variable in drsuapi
 test

Found by covscan.

Signed-off-by: Andreas Schneider <asn at samba.org>
---
 source4/torture/rpc/drsuapi.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/source4/torture/rpc/drsuapi.c b/source4/torture/rpc/drsuapi.c
index 1d535acafba..a424a3160c6 100644
--- a/source4/torture/rpc/drsuapi.c
+++ b/source4/torture/rpc/drsuapi.c
@@ -94,6 +94,7 @@ static bool test_DsGetDomainControllerInfo(struct torture_context *tctx,
 	struct dcerpc_pipe *p = priv->drs_pipe;
 	struct drsuapi_DsGetDomainControllerInfo r;
 	union drsuapi_DsGetDCInfoCtr ctr;
+	union drsuapi_DsGetDCInfoRequest req;
 	int32_t level_out = 0;
 	bool found = false;
 	int i, j, k;
@@ -124,7 +125,6 @@ static bool test_DsGetDomainControllerInfo(struct torture_context *tctx,
 
 	for (i=0; i < ARRAY_SIZE(levels); i++) {
 		for (j=0; j < ARRAY_SIZE(names); j++) {
-			union drsuapi_DsGetDCInfoRequest req;
 			level = levels[i];
 			r.in.bind_handle = &priv->bind_handle;
 			r.in.level = 1;
-- 
2.19.1


>From 5b9705374ee48d92aa4b39de2c8d4e6d7f77faf8 Mon Sep 17 00:00:00 2001
From: Andreas Schneider <asn at samba.org>
Date: Wed, 26 Sep 2018 14:47:20 +0200
Subject: [PATCH 4/4] s3:smbcontrol: Simplify the return code check

Signed-off-by: Andreas Schneider <asn at samba.org>
---
 source3/utils/smbcontrol.c | 9 ++++-----
 1 file changed, 4 insertions(+), 5 deletions(-)

diff --git a/source3/utils/smbcontrol.c b/source3/utils/smbcontrol.c
index e23e1284012..597bab6450d 100644
--- a/source3/utils/smbcontrol.c
+++ b/source3/utils/smbcontrol.c
@@ -1142,14 +1142,13 @@ static bool do_winbind_offline(struct tevent_context *ev_ctx,
 
 		/* Check that the entry "WINBINDD_OFFLINE" still exists. */
 		d = tdb_fetch_bystring( tdb, "WINBINDD_OFFLINE" );
-
-		if (!d.dptr || d.dsize != 4) {
-			SAFE_FREE(d.dptr);
-			DEBUG(10,("do_winbind_offline: offline state not set - retrying.\n"));
-		} else {
+		if (d.dptr != NULL && d.dsize == 4) {
 			SAFE_FREE(d.dptr);
 			break;
 		}
+
+		SAFE_FREE(d.dptr);
+		DEBUG(10,("do_winbind_offline: offline state not set - retrying.\n"));
 	}
 
 	tdb_close(tdb);
-- 
2.19.1

More information about the samba-technical mailing list