[PATCH] Fix two possible NULL pointer deref in s4 code
Jeremy Allison
jra at samba.org
Wed Jun 22 17:22:31 UTC 2016
On Wed, Jun 22, 2016 at 04:14:00PM +0200, Andreas Schneider wrote:
> Review and push appreciated!
LGTM. Pushed.
> -- andreas
>
> --
> Andreas Schneider GPG-ID: CC014E3D
> Samba Team asn at samba.org
> www.samba.org
> From fe4f1697b9086758ed2b8ead20a67ba092d7e81e Mon Sep 17 00:00:00 2001
> From: Andreas Schneider <asn at samba.org>
> Date: Wed, 22 Jun 2016 15:48:10 +0200
> Subject: [PATCH 1/2] s4-dsdb: Fix a possible NULL pointer dereference
>
> Detected by clang compiler.
>
> Signed-off-by: Andreas Schneider <asn at samba.org>
> ---
> source4/dsdb/common/util_trusts.c | 4 +++-
> 1 file changed, 3 insertions(+), 1 deletion(-)
>
> diff --git a/source4/dsdb/common/util_trusts.c b/source4/dsdb/common/util_trusts.c
> index 0e69ba2..a083d86 100644
> --- a/source4/dsdb/common/util_trusts.c
> +++ b/source4/dsdb/common/util_trusts.c
> @@ -2671,7 +2671,9 @@ NTSTATUS dsdb_trust_get_incoming_passwords(struct ldb_message *msg,
> if (_previous != NULL) {
> *_previous = talloc(mem_ctx, struct samr_Password);
> if (*_previous == NULL) {
> - TALLOC_FREE(*_current);
> + if (_current != NULL) {
> + TALLOC_FREE(*_current);
> + }
> TALLOC_FREE(frame);
> return NT_STATUS_NO_MEMORY;
> }
> --
> 2.9.0
>
>
> From 1cf6726fa599480e409f7bd272249e204d728b6a Mon Sep 17 00:00:00 2001
> From: Andreas Schneider <asn at samba.org>
> Date: Wed, 22 Jun 2016 15:53:59 +0200
> Subject: [PATCH 2/2] s4-ntlm: Fix a NULL pointer dereference in error path
>
> Found by clang compiler.
>
> Signed-off-by: Andreas Schneider <asn at samba.org>
> ---
> source4/auth/ntlm/auth_winbind.c | 6 ++++--
> 1 file changed, 4 insertions(+), 2 deletions(-)
>
> diff --git a/source4/auth/ntlm/auth_winbind.c b/source4/auth/ntlm/auth_winbind.c
> index aed893d..447c0de 100644
> --- a/source4/auth/ntlm/auth_winbind.c
> +++ b/source4/auth/ntlm/auth_winbind.c
> @@ -216,9 +216,11 @@ static NTSTATUS winbind_check_password_wbclient(struct auth_method_context *ctx,
> if (err) {
> DEBUG(1, ("error was %s (0x%08x)\nerror message was '%s'\n",
> err->nt_string, err->nt_status, err->display_string));
> + nt_status = NT_STATUS(err->nt_status);
> + wbcFreeMemory(err);
> + } else {
> + nt_status = NT_STATUS_LOGON_FAILURE;
> }
> - nt_status = NT_STATUS(err->nt_status);
> - wbcFreeMemory(err);
> NT_STATUS_NOT_OK_RETURN(nt_status);
> } else if (!WBC_ERROR_IS_OK(wbc_status)) {
> DEBUG(1, ("wbcAuthenticateUserEx: failed with %u - %s\n",
> --
> 2.9.0
>
More information about the samba-technical
mailing list