[SCM] Samba Shared Repository - branch master updated

Volker Lendecke Fri, 22 Apr 2011 01:54:21 -0700

The branch, master has been updated
       via  b48e223 s3: Fix Coverity ID 2047, UNUSED_VALUE
       via  726fa73 s3: Fix Coverity ID 2325, RESOURCE_LEAK
       via  f9e3af7 s3: Fix Coverity ID 2336, NULL_RETURNS
       via  018595e s3: Fix Coverity ID 2335, CHECKED_RETURN
       via  4981adc asn1: Fix Coverity ID 2299, CHECKED_RETURN
       via  3e8a8fa s3: Fix Coverity ID 2307, NULL_RETURNS
       via  9a0676d s3: Fix Coverity ID 986, BUFFER_SIZE_WARNING
       via  7e7ad53 s3: Fix Coverity ID 1340, NULL_RETURNS
      from  e919e76 Cosmetic. Fix bad indentation.


http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master


- Log -----------------------------------------------------------------
commit b48e22347d9b2d0b3b128197b4ef662558b0f2e9
Author: Volker Lendecke <v...@samba.org>
Date:   Fri Apr 22 10:05:42 2011 +0200

    s3: Fix Coverity ID 2047, UNUSED_VALUE
    
    Autobuild-User: Volker Lendecke <vlen...@samba.org>
    Autobuild-Date: Fri Apr 22 10:53:24 CEST 2011 on sn-devel-104

commit 726fa732facef55da6a27750f9daf12145db6639
Author: Volker Lendecke <v...@samba.org>
Date:   Fri Apr 22 09:51:42 2011 +0200

    s3: Fix Coverity ID 2325, RESOURCE_LEAK

commit f9e3af71d391027de353f0240f70e425e766c0e5
Author: Volker Lendecke <v...@samba.org>
Date:   Fri Apr 22 09:48:10 2011 +0200

    s3: Fix Coverity ID 2336, NULL_RETURNS

commit 018595e2587b5b5dd90bf318a1cf8b675e47b66b
Author: Volker Lendecke <v...@samba.org>
Date:   Fri Apr 22 09:45:54 2011 +0200

    s3: Fix Coverity ID 2335, CHECKED_RETURN

commit 4981adcca37391b6745f10f5849fedd7c944410d
Author: Volker Lendecke <v...@samba.org>
Date:   Fri Apr 22 09:41:52 2011 +0200

    asn1: Fix Coverity ID 2299, CHECKED_RETURN

commit 3e8a8fad59cfdd053ad96afc39ea7d6e98b91764
Author: Volker Lendecke <v...@samba.org>
Date:   Fri Apr 22 09:39:37 2011 +0200

    s3: Fix Coverity ID 2307, NULL_RETURNS

commit 9a0676d5c947033ac41f700be9ba92ab1666814e
Author: Volker Lendecke <v...@samba.org>
Date:   Fri Apr 22 09:34:35 2011 +0200

    s3: Fix Coverity ID 986, BUFFER_SIZE_WARNING
    
    strncpy can leave the destination unterminated

commit 7e7ad53cbd77ce2201fd46bd2c08a601725f9f5b
Author: Volker Lendecke <v...@samba.org>
Date:   Thu Apr 21 22:09:27 2011 +0200

    s3: Fix Coverity ID 1340, NULL_RETURNS

-----------------------------------------------------------------------

Summary of changes:
 lib/util/asn1.c                   |    6 +++++-
 source3/lib/smbconf/smbconf_reg.c |    4 ++++
 source3/lib/sysquotas_nfs.c       |    4 ++++
 source3/libads/ldap.c             |    4 ++++
 source3/libsmb/libsmb_dir.c       |    4 ++++
 source3/registry/reg_backend_db.c |    2 --
 source3/rpc_client/cli_pipe.c     |    2 +-
 source3/smbd/reply.c              |    4 +++-
 8 files changed, 25 insertions(+), 5 deletions(-)


Changeset truncated at 500 lines:

diff --git a/lib/util/asn1.c b/lib/util/asn1.c
index f4a6bc5..b716da6 100644
--- a/lib/util/asn1.c
+++ b/lib/util/asn1.c
@@ -290,7 +290,11 @@ bool ber_write_partial_OID_String(TALLOC_CTX *mem_ctx, 
DATA_BLOB *blob, const ch
        /* Add partially encoded sub-identifier */
        if (p) {
                DATA_BLOB tmp_blob = strhex_to_data_blob(tmp_ctx, p);
-               data_blob_append(mem_ctx, blob, tmp_blob.data, tmp_blob.length);
+               if (!data_blob_append(mem_ctx, blob, tmp_blob.data,
+                                     tmp_blob.length)) {
+                       talloc_free(tmp_ctx);
+                       return false;
+               }
        }
 
        talloc_free(tmp_ctx);
diff --git a/source3/lib/smbconf/smbconf_reg.c 
b/source3/lib/smbconf/smbconf_reg.c
index adac233..67df03c 100644
--- a/source3/lib/smbconf/smbconf_reg.c
+++ b/source3/lib/smbconf/smbconf_reg.c
@@ -714,6 +714,10 @@ static WERROR smbconf_reg_drop(struct smbconf_ctx *ctx)
                goto done;
        }
        p = strrchr(path, '\\');
+       if (p == NULL) {
+               werr = WERR_INVALID_PARAM;
+               goto done;
+       }
        *p = '\0';
        werr = reg_open_path(mem_ctx, path, REG_KEY_WRITE, token,
                             &parent_key);
diff --git a/source3/lib/sysquotas_nfs.c b/source3/lib/sysquotas_nfs.c
index 8272f53..eff5874 100644
--- a/source3/lib/sysquotas_nfs.c
+++ b/source3/lib/sysquotas_nfs.c
@@ -134,6 +134,10 @@ int sys_get_nfs_quota(const char *path, const char *bdev,
        memset(cutstr, '\0', len+1);
        host = strncat(cutstr, mnttype, sizeof(char) * len);
        testpath = strchr_m(mnttype, ':');
+       if (testpath == NULL) {
+               errno = EINVAL;
+               goto out;
+       }
        testpath++;
        gq_args.gqa_pathp = testpath;
        gq_args.gqa_uid = id.uid;
diff --git a/source3/libads/ldap.c b/source3/libads/ldap.c
index 3ce7a7e..90c645c 100644
--- a/source3/libads/ldap.c
+++ b/source3/libads/ldap.c
@@ -3502,6 +3502,10 @@ ADS_STATUS ads_leave_realm(ADS_STRUCT *ads, const char 
*hostname)
        }
 
        hostnameDN = ads_get_dn(ads, talloc_tos(), (LDAPMessage *)msg);
+       if (hostnameDN == NULL) {
+               SAFE_FREE(host);
+               return ADS_ERROR_SYSTEM(ENOENT);
+       }
 
        rc = ldap_delete_ext_s(ads->ldap.ld, hostnameDN, pldap_control, NULL);
        if (rc) {
diff --git a/source3/libsmb/libsmb_dir.c b/source3/libsmb/libsmb_dir.c
index 9939e25..c0c6e83 100644
--- a/source3/libsmb/libsmb_dir.c
+++ b/source3/libsmb/libsmb_dir.c
@@ -518,6 +518,10 @@ SMBC_opendir_ctx(SMBCCTX *context,
                        ip_list = (struct ip_service *)memdup(
                                &server_addr, sizeof(server_addr));
                        if (ip_list == NULL) {
+                               if (dir) {
+                                       SAFE_FREE(dir->fname);
+                                       SAFE_FREE(dir);
+                               }
                                TALLOC_FREE(frame);
                                errno = ENOMEM;
                                return NULL;
diff --git a/source3/registry/reg_backend_db.c 
b/source3/registry/reg_backend_db.c
index 4aed6e7..6024a35 100644
--- a/source3/registry/reg_backend_db.c
+++ b/source3/registry/reg_backend_db.c
@@ -1596,8 +1596,6 @@ static WERROR regdb_fetch_keys_internal(struct db_context 
*db, const char *key,
 
        DEBUG(11,("regdb_fetch_keys: Enter key => [%s]\n", key ? key : "NULL"));
 
-       frame = talloc_stackframe();
-
        if (!regdb_key_exists(db, key)) {
                DEBUG(10, ("key [%s] not found\n", key));
                werr = WERR_NOT_FOUND;
diff --git a/source3/rpc_client/cli_pipe.c b/source3/rpc_client/cli_pipe.c
index 02103e1..d7f990a 100644
--- a/source3/rpc_client/cli_pipe.c
+++ b/source3/rpc_client/cli_pipe.c
@@ -2691,7 +2691,7 @@ NTSTATUS rpc_pipe_open_ncalrpc(TALLOC_CTX *mem_ctx, const 
char *socket_path,
 
        ZERO_STRUCT(addr);
        addr.sun_family = AF_UNIX;
-       strncpy(addr.sun_path, socket_path, sizeof(addr.sun_path));
+       strlcpy(addr.sun_path, socket_path, sizeof(addr.sun_path));
 
        if (sys_connect(fd, (struct sockaddr *)(void *)&addr) == -1) {
                DEBUG(0, ("connect(%s) failed: %s\n", socket_path,
diff --git a/source3/smbd/reply.c b/source3/smbd/reply.c
index 9659522..01d4332 100644
--- a/source3/smbd/reply.c
+++ b/source3/smbd/reply.c
@@ -456,7 +456,9 @@ static bool netbios_session_retarget(struct 
smbd_server_connection *sconn,
        p = strchr_m(retarget, '#');
        if (p != NULL) {
                *p++ = '\0';
-               sscanf(p, "%x", &retarget_type);
+               if (sscanf(p, "%x", &retarget_type) != 1) {
+                       goto fail;
+               }
        }
 
        ret = resolve_name(retarget, &retarget_addr, retarget_type, false);


-- 
Samba Shared Repository

[SCM] Samba Shared Repository - branch master updated

Reply via email to