[PATCH] Some fixes found by covscan
Jeremy Allison
jra at samba.org
Thu Oct 18 23:24:03 UTC 2018
On Thu, Oct 18, 2018 at 11:57:49AM +0200, Andreas Schneider via samba-technical wrote:
> Hi,
>
> attached is a patch with a few fixes detected by covscan (internal tool).
>
>
> Please review and push if OK.
LGTM. RB+ and pushed !
Jeremy.
>
>
> Andreas
>
>
> --
> Andreas Schneider asn at samba.org
> Samba Team www.samba.org
> GPG-ID: 8DFF53E18F2ABC8D8F3C92237EE0FC4DCC014E3D
> From 2fdf45d711a56e5bb41c2c7502417cc43a1c155f Mon Sep 17 00:00:00 2001
> From: Andreas Schneider <asn at samba.org>
> Date: Wed, 26 Sep 2018 14:29:50 +0200
> Subject: [PATCH 1/4] s3:registry: Avoid a double-free in reg_perfcount
>
> Found by covscan.
>
> Signed-off-by: Andreas Schneider <asn at samba.org>
> ---
> source3/registry/reg_perfcount.c | 4 ++--
> 1 file changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/source3/registry/reg_perfcount.c b/source3/registry/reg_perfcount.c
> index 6fa96f314fb..394930b27a9 100644
> --- a/source3/registry/reg_perfcount.c
> +++ b/source3/registry/reg_perfcount.c
> @@ -186,9 +186,9 @@ static uint32_t _reg_perfcount_multi_sz_from_tdb(TDB_CONTEXT *tdb,
> }
> /* First encode the name_index */
> working_size = (kbuf.dsize + 1)*sizeof(uint16_t);
> + /* SMB_REALLOC frees buf1 on error */
> p = (char *)SMB_REALLOC(buf1, buffer_size + working_size);
> if (p == NULL) {
> - SAFE_FREE(buf1);
> buffer_size = 0;
> return buffer_size;
> }
> @@ -203,9 +203,9 @@ static uint32_t _reg_perfcount_multi_sz_from_tdb(TDB_CONTEXT *tdb,
> buffer_size += working_size;
> /* Now encode the actual name */
> working_size = (dbuf.dsize + 1)*sizeof(uint16_t);
> + /* SMB_REALLOC frees buf1 on error */
> p = (char *)SMB_REALLOC(buf1, buffer_size + working_size);
> if (p == NULL) {
> - SAFE_FREE(buf1);
> buffer_size = 0;
> return buffer_size;
> }
> --
> 2.19.1
>
>
> From a0a45a6d4e0bdaa7c2cce205b4de790317f5d345 Mon Sep 17 00:00:00 2001
> From: Andreas Schneider <asn at samba.org>
> Date: Wed, 26 Sep 2018 14:30:32 +0200
> Subject: [PATCH 2/4] ndr: Init variables of GUID_from_data_blob()
>
> Found by covscan.
>
> Signed-off-by: Andreas Schneider <asn at samba.org>
> ---
> librpc/ndr/uuid.c | 11 ++++++-----
> 1 file changed, 6 insertions(+), 5 deletions(-)
>
> diff --git a/librpc/ndr/uuid.c b/librpc/ndr/uuid.c
> index 53540c7ddc8..6c5082190ca 100644
> --- a/librpc/ndr/uuid.c
> +++ b/librpc/ndr/uuid.c
> @@ -59,11 +59,12 @@ _PUBLIC_ NTSTATUS GUID_from_ndr_blob(const DATA_BLOB *b, struct GUID *guid)
> _PUBLIC_ NTSTATUS GUID_from_data_blob(const DATA_BLOB *s, struct GUID *guid)
> {
> NTSTATUS status = NT_STATUS_INVALID_PARAMETER;
> - uint32_t time_low;
> - uint32_t time_mid, time_hi_and_version;
> - uint32_t clock_seq[2];
> - uint32_t node[6];
> - uint8_t buf16[16];
> + uint32_t time_low = 0;
> + uint32_t time_mid = 0;
> + uint32_t time_hi_and_version = 0;
> + uint32_t clock_seq[2] = {0};
> + uint32_t node[6] = {0};
> + uint8_t buf16[16] = {0};
>
> DATA_BLOB blob16 = data_blob_const(buf16, sizeof(buf16));
> int i;
> --
> 2.19.1
>
>
> From fd621cdb66068dc8519a76051a7dfa810b493449 Mon Sep 17 00:00:00 2001
> From: Andreas Schneider <asn at samba.org>
> Date: Wed, 26 Sep 2018 14:34:07 +0200
> Subject: [PATCH 3/4] s4:torture: Fix the scope of the req variable in drsuapi
> test
>
> Found by covscan.
>
> Signed-off-by: Andreas Schneider <asn at samba.org>
> ---
> source4/torture/rpc/drsuapi.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/source4/torture/rpc/drsuapi.c b/source4/torture/rpc/drsuapi.c
> index 1d535acafba..a424a3160c6 100644
> --- a/source4/torture/rpc/drsuapi.c
> +++ b/source4/torture/rpc/drsuapi.c
> @@ -94,6 +94,7 @@ static bool test_DsGetDomainControllerInfo(struct torture_context *tctx,
> struct dcerpc_pipe *p = priv->drs_pipe;
> struct drsuapi_DsGetDomainControllerInfo r;
> union drsuapi_DsGetDCInfoCtr ctr;
> + union drsuapi_DsGetDCInfoRequest req;
> int32_t level_out = 0;
> bool found = false;
> int i, j, k;
> @@ -124,7 +125,6 @@ static bool test_DsGetDomainControllerInfo(struct torture_context *tctx,
>
> for (i=0; i < ARRAY_SIZE(levels); i++) {
> for (j=0; j < ARRAY_SIZE(names); j++) {
> - union drsuapi_DsGetDCInfoRequest req;
> level = levels[i];
> r.in.bind_handle = &priv->bind_handle;
> r.in.level = 1;
> --
> 2.19.1
>
>
> From 5b9705374ee48d92aa4b39de2c8d4e6d7f77faf8 Mon Sep 17 00:00:00 2001
> From: Andreas Schneider <asn at samba.org>
> Date: Wed, 26 Sep 2018 14:47:20 +0200
> Subject: [PATCH 4/4] s3:smbcontrol: Simplify the return code check
>
> Signed-off-by: Andreas Schneider <asn at samba.org>
> ---
> source3/utils/smbcontrol.c | 9 ++++-----
> 1 file changed, 4 insertions(+), 5 deletions(-)
>
> diff --git a/source3/utils/smbcontrol.c b/source3/utils/smbcontrol.c
> index e23e1284012..597bab6450d 100644
> --- a/source3/utils/smbcontrol.c
> +++ b/source3/utils/smbcontrol.c
> @@ -1142,14 +1142,13 @@ static bool do_winbind_offline(struct tevent_context *ev_ctx,
>
> /* Check that the entry "WINBINDD_OFFLINE" still exists. */
> d = tdb_fetch_bystring( tdb, "WINBINDD_OFFLINE" );
> -
> - if (!d.dptr || d.dsize != 4) {
> - SAFE_FREE(d.dptr);
> - DEBUG(10,("do_winbind_offline: offline state not set - retrying.\n"));
> - } else {
> + if (d.dptr != NULL && d.dsize == 4) {
> SAFE_FREE(d.dptr);
> break;
> }
> +
> + SAFE_FREE(d.dptr);
> + DEBUG(10,("do_winbind_offline: offline state not set - retrying.\n"));
> }
>
> tdb_close(tdb);
> --
> 2.19.1
>
More information about the samba-technical
mailing list