[PATCH] Some fixes found by covscan

Jeremy Allison jra at samba.org
Thu Oct 18 23:24:03 UTC 2018 

On Thu, Oct 18, 2018 at 11:57:49AM +0200, Andreas Schneider via samba-technical wrote:
> Hi,
> 
> attached is a patch with a few fixes detected by covscan (internal tool).
> 
> 
> Please review and push if OK.

LGTM. RB+ and pushed !

Jeremy.

> 
> 
> 	Andreas
> 
> 
> -- 
> Andreas Schneider                      asn at samba.org
> Samba Team                             www.samba.org
> GPG-ID:     8DFF53E18F2ABC8D8F3C92237EE0FC4DCC014E3D

> From 2fdf45d711a56e5bb41c2c7502417cc43a1c155f Mon Sep 17 00:00:00 2001
> From: Andreas Schneider <asn at samba.org>
> Date: Wed, 26 Sep 2018 14:29:50 +0200
> Subject: [PATCH 1/4] s3:registry: Avoid a double-free in reg_perfcount
> 
> Found by covscan.
> 
> Signed-off-by: Andreas Schneider <asn at samba.org>
> ---
>  source3/registry/reg_perfcount.c | 4 ++--
>  1 file changed, 2 insertions(+), 2 deletions(-)
> 
> diff --git a/source3/registry/reg_perfcount.c b/source3/registry/reg_perfcount.c
> index 6fa96f314fb..394930b27a9 100644
> --- a/source3/registry/reg_perfcount.c
> +++ b/source3/registry/reg_perfcount.c
> @@ -186,9 +186,9 @@ static uint32_t _reg_perfcount_multi_sz_from_tdb(TDB_CONTEXT *tdb,
>  	}
>  	/* First encode the name_index */
>  	working_size = (kbuf.dsize + 1)*sizeof(uint16_t);
> +	/* SMB_REALLOC frees buf1 on error */
>  	p = (char *)SMB_REALLOC(buf1, buffer_size + working_size);
>  	if (p == NULL) {
> -		SAFE_FREE(buf1);
>  		buffer_size = 0;
>  		return buffer_size;
>  	}
> @@ -203,9 +203,9 @@ static uint32_t _reg_perfcount_multi_sz_from_tdb(TDB_CONTEXT *tdb,
>  	buffer_size += working_size;
>  	/* Now encode the actual name */
>  	working_size = (dbuf.dsize + 1)*sizeof(uint16_t);
> +	/* SMB_REALLOC frees buf1 on error */
>  	p = (char *)SMB_REALLOC(buf1, buffer_size + working_size);
>  	if (p == NULL) {
> -		SAFE_FREE(buf1);
>  		buffer_size = 0;
>  		return buffer_size;
>  	}
> -- 
> 2.19.1
> 
> 
> From a0a45a6d4e0bdaa7c2cce205b4de790317f5d345 Mon Sep 17 00:00:00 2001
> From: Andreas Schneider <asn at samba.org>
> Date: Wed, 26 Sep 2018 14:30:32 +0200
> Subject: [PATCH 2/4] ndr: Init variables of GUID_from_data_blob()
> 
> Found by covscan.
> 
> Signed-off-by: Andreas Schneider <asn at samba.org>
> ---
>  librpc/ndr/uuid.c | 11 ++++++-----
>  1 file changed, 6 insertions(+), 5 deletions(-)
> 
> diff --git a/librpc/ndr/uuid.c b/librpc/ndr/uuid.c
> index 53540c7ddc8..6c5082190ca 100644
> --- a/librpc/ndr/uuid.c
> +++ b/librpc/ndr/uuid.c
> @@ -59,11 +59,12 @@ _PUBLIC_ NTSTATUS GUID_from_ndr_blob(const DATA_BLOB *b, struct GUID *guid)
>  _PUBLIC_ NTSTATUS GUID_from_data_blob(const DATA_BLOB *s, struct GUID *guid)
>  {
>  	NTSTATUS status = NT_STATUS_INVALID_PARAMETER;
> -	uint32_t time_low;
> -	uint32_t time_mid, time_hi_and_version;
> -	uint32_t clock_seq[2];
> -	uint32_t node[6];
> -	uint8_t buf16[16];
> +	uint32_t time_low = 0;
> +	uint32_t time_mid = 0;
> +	uint32_t time_hi_and_version = 0;
> +	uint32_t clock_seq[2] = {0};
> +	uint32_t node[6] = {0};
> +	uint8_t buf16[16] = {0};
>  
>  	DATA_BLOB blob16 = data_blob_const(buf16, sizeof(buf16));
>  	int i;
> -- 
> 2.19.1
> 
> 
> From fd621cdb66068dc8519a76051a7dfa810b493449 Mon Sep 17 00:00:00 2001
> From: Andreas Schneider <asn at samba.org>
> Date: Wed, 26 Sep 2018 14:34:07 +0200
> Subject: [PATCH 3/4] s4:torture: Fix the scope of the req variable in drsuapi
>  test
> 
> Found by covscan.
> 
> Signed-off-by: Andreas Schneider <asn at samba.org>
> ---
>  source4/torture/rpc/drsuapi.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/source4/torture/rpc/drsuapi.c b/source4/torture/rpc/drsuapi.c
> index 1d535acafba..a424a3160c6 100644
> --- a/source4/torture/rpc/drsuapi.c
> +++ b/source4/torture/rpc/drsuapi.c
> @@ -94,6 +94,7 @@ static bool test_DsGetDomainControllerInfo(struct torture_context *tctx,
>  	struct dcerpc_pipe *p = priv->drs_pipe;
>  	struct drsuapi_DsGetDomainControllerInfo r;
>  	union drsuapi_DsGetDCInfoCtr ctr;
> +	union drsuapi_DsGetDCInfoRequest req;
>  	int32_t level_out = 0;
>  	bool found = false;
>  	int i, j, k;
> @@ -124,7 +125,6 @@ static bool test_DsGetDomainControllerInfo(struct torture_context *tctx,
>  
>  	for (i=0; i < ARRAY_SIZE(levels); i++) {
>  		for (j=0; j < ARRAY_SIZE(names); j++) {
> -			union drsuapi_DsGetDCInfoRequest req;
>  			level = levels[i];
>  			r.in.bind_handle = &priv->bind_handle;
>  			r.in.level = 1;
> -- 
> 2.19.1
> 
> 
> From 5b9705374ee48d92aa4b39de2c8d4e6d7f77faf8 Mon Sep 17 00:00:00 2001
> From: Andreas Schneider <asn at samba.org>
> Date: Wed, 26 Sep 2018 14:47:20 +0200
> Subject: [PATCH 4/4] s3:smbcontrol: Simplify the return code check
> 
> Signed-off-by: Andreas Schneider <asn at samba.org>
> ---
>  source3/utils/smbcontrol.c | 9 ++++-----
>  1 file changed, 4 insertions(+), 5 deletions(-)
> 
> diff --git a/source3/utils/smbcontrol.c b/source3/utils/smbcontrol.c
> index e23e1284012..597bab6450d 100644
> --- a/source3/utils/smbcontrol.c
> +++ b/source3/utils/smbcontrol.c
> @@ -1142,14 +1142,13 @@ static bool do_winbind_offline(struct tevent_context *ev_ctx,
>  
>  		/* Check that the entry "WINBINDD_OFFLINE" still exists. */
>  		d = tdb_fetch_bystring( tdb, "WINBINDD_OFFLINE" );
> -
> -		if (!d.dptr || d.dsize != 4) {
> -			SAFE_FREE(d.dptr);
> -			DEBUG(10,("do_winbind_offline: offline state not set - retrying.\n"));
> -		} else {
> +		if (d.dptr != NULL && d.dsize == 4) {
>  			SAFE_FREE(d.dptr);
>  			break;
>  		}
> +
> +		SAFE_FREE(d.dptr);
> +		DEBUG(10,("do_winbind_offline: offline state not set - retrying.\n"));
>  	}
>  
>  	tdb_close(tdb);
> -- 
> 2.19.1
>

More information about the samba-technical mailing list