[PATCH] Some fixes found by covscan
Andreas Schneider
asn at samba.org
Thu Oct 18 09:57:49 UTC 2018
Hi,
attached is a patch with a few fixes detected by covscan (internal tool).
Please review and push if OK.
Thanks,
Andreas
--
Andreas Schneider asn at samba.org
Samba Team www.samba.org
GPG-ID: 8DFF53E18F2ABC8D8F3C92237EE0FC4DCC014E3D
-------------- next part --------------
>From 2fdf45d711a56e5bb41c2c7502417cc43a1c155f Mon Sep 17 00:00:00 2001
From: Andreas Schneider <asn at samba.org>
Date: Wed, 26 Sep 2018 14:29:50 +0200
Subject: [PATCH 1/4] s3:registry: Avoid a double-free in reg_perfcount
Found by covscan.
Signed-off-by: Andreas Schneider <asn at samba.org>
---
source3/registry/reg_perfcount.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/source3/registry/reg_perfcount.c b/source3/registry/reg_perfcount.c
index 6fa96f314fb..394930b27a9 100644
--- a/source3/registry/reg_perfcount.c
+++ b/source3/registry/reg_perfcount.c
@@ -186,9 +186,9 @@ static uint32_t _reg_perfcount_multi_sz_from_tdb(TDB_CONTEXT *tdb,
}
/* First encode the name_index */
working_size = (kbuf.dsize + 1)*sizeof(uint16_t);
+ /* SMB_REALLOC frees buf1 on error */
p = (char *)SMB_REALLOC(buf1, buffer_size + working_size);
if (p == NULL) {
- SAFE_FREE(buf1);
buffer_size = 0;
return buffer_size;
}
@@ -203,9 +203,9 @@ static uint32_t _reg_perfcount_multi_sz_from_tdb(TDB_CONTEXT *tdb,
buffer_size += working_size;
/* Now encode the actual name */
working_size = (dbuf.dsize + 1)*sizeof(uint16_t);
+ /* SMB_REALLOC frees buf1 on error */
p = (char *)SMB_REALLOC(buf1, buffer_size + working_size);
if (p == NULL) {
- SAFE_FREE(buf1);
buffer_size = 0;
return buffer_size;
}
--
2.19.1
>From a0a45a6d4e0bdaa7c2cce205b4de790317f5d345 Mon Sep 17 00:00:00 2001
From: Andreas Schneider <asn at samba.org>
Date: Wed, 26 Sep 2018 14:30:32 +0200
Subject: [PATCH 2/4] ndr: Init variables of GUID_from_data_blob()
Found by covscan.
Signed-off-by: Andreas Schneider <asn at samba.org>
---
librpc/ndr/uuid.c | 11 ++++++-----
1 file changed, 6 insertions(+), 5 deletions(-)
diff --git a/librpc/ndr/uuid.c b/librpc/ndr/uuid.c
index 53540c7ddc8..6c5082190ca 100644
--- a/librpc/ndr/uuid.c
+++ b/librpc/ndr/uuid.c
@@ -59,11 +59,12 @@ _PUBLIC_ NTSTATUS GUID_from_ndr_blob(const DATA_BLOB *b, struct GUID *guid)
_PUBLIC_ NTSTATUS GUID_from_data_blob(const DATA_BLOB *s, struct GUID *guid)
{
NTSTATUS status = NT_STATUS_INVALID_PARAMETER;
- uint32_t time_low;
- uint32_t time_mid, time_hi_and_version;
- uint32_t clock_seq[2];
- uint32_t node[6];
- uint8_t buf16[16];
+ uint32_t time_low = 0;
+ uint32_t time_mid = 0;
+ uint32_t time_hi_and_version = 0;
+ uint32_t clock_seq[2] = {0};
+ uint32_t node[6] = {0};
+ uint8_t buf16[16] = {0};
DATA_BLOB blob16 = data_blob_const(buf16, sizeof(buf16));
int i;
--
2.19.1
>From fd621cdb66068dc8519a76051a7dfa810b493449 Mon Sep 17 00:00:00 2001
From: Andreas Schneider <asn at samba.org>
Date: Wed, 26 Sep 2018 14:34:07 +0200
Subject: [PATCH 3/4] s4:torture: Fix the scope of the req variable in drsuapi
test
Found by covscan.
Signed-off-by: Andreas Schneider <asn at samba.org>
---
source4/torture/rpc/drsuapi.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/source4/torture/rpc/drsuapi.c b/source4/torture/rpc/drsuapi.c
index 1d535acafba..a424a3160c6 100644
--- a/source4/torture/rpc/drsuapi.c
+++ b/source4/torture/rpc/drsuapi.c
@@ -94,6 +94,7 @@ static bool test_DsGetDomainControllerInfo(struct torture_context *tctx,
struct dcerpc_pipe *p = priv->drs_pipe;
struct drsuapi_DsGetDomainControllerInfo r;
union drsuapi_DsGetDCInfoCtr ctr;
+ union drsuapi_DsGetDCInfoRequest req;
int32_t level_out = 0;
bool found = false;
int i, j, k;
@@ -124,7 +125,6 @@ static bool test_DsGetDomainControllerInfo(struct torture_context *tctx,
for (i=0; i < ARRAY_SIZE(levels); i++) {
for (j=0; j < ARRAY_SIZE(names); j++) {
- union drsuapi_DsGetDCInfoRequest req;
level = levels[i];
r.in.bind_handle = &priv->bind_handle;
r.in.level = 1;
--
2.19.1
>From 5b9705374ee48d92aa4b39de2c8d4e6d7f77faf8 Mon Sep 17 00:00:00 2001
From: Andreas Schneider <asn at samba.org>
Date: Wed, 26 Sep 2018 14:47:20 +0200
Subject: [PATCH 4/4] s3:smbcontrol: Simplify the return code check
Signed-off-by: Andreas Schneider <asn at samba.org>
---
source3/utils/smbcontrol.c | 9 ++++-----
1 file changed, 4 insertions(+), 5 deletions(-)
diff --git a/source3/utils/smbcontrol.c b/source3/utils/smbcontrol.c
index e23e1284012..597bab6450d 100644
--- a/source3/utils/smbcontrol.c
+++ b/source3/utils/smbcontrol.c
@@ -1142,14 +1142,13 @@ static bool do_winbind_offline(struct tevent_context *ev_ctx,
/* Check that the entry "WINBINDD_OFFLINE" still exists. */
d = tdb_fetch_bystring( tdb, "WINBINDD_OFFLINE" );
-
- if (!d.dptr || d.dsize != 4) {
- SAFE_FREE(d.dptr);
- DEBUG(10,("do_winbind_offline: offline state not set - retrying.\n"));
- } else {
+ if (d.dptr != NULL && d.dsize == 4) {
SAFE_FREE(d.dptr);
break;
}
+
+ SAFE_FREE(d.dptr);
+ DEBUG(10,("do_winbind_offline: offline state not set - retrying.\n"));
}
tdb_close(tdb);
--
2.19.1
More information about the samba-technical
mailing list