The branch, master has been updated via b48e223 s3: Fix Coverity ID 2047, UNUSED_VALUE via 726fa73 s3: Fix Coverity ID 2325, RESOURCE_LEAK via f9e3af7 s3: Fix Coverity ID 2336, NULL_RETURNS via 018595e s3: Fix Coverity ID 2335, CHECKED_RETURN via 4981adc asn1: Fix Coverity ID 2299, CHECKED_RETURN via 3e8a8fa s3: Fix Coverity ID 2307, NULL_RETURNS via 9a0676d s3: Fix Coverity ID 986, BUFFER_SIZE_WARNING via 7e7ad53 s3: Fix Coverity ID 1340, NULL_RETURNS from e919e76 Cosmetic. Fix bad indentation.
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log ----------------------------------------------------------------- commit b48e22347d9b2d0b3b128197b4ef662558b0f2e9 Author: Volker Lendecke <v...@samba.org> Date: Fri Apr 22 10:05:42 2011 +0200 s3: Fix Coverity ID 2047, UNUSED_VALUE Autobuild-User: Volker Lendecke <vlen...@samba.org> Autobuild-Date: Fri Apr 22 10:53:24 CEST 2011 on sn-devel-104 commit 726fa732facef55da6a27750f9daf12145db6639 Author: Volker Lendecke <v...@samba.org> Date: Fri Apr 22 09:51:42 2011 +0200 s3: Fix Coverity ID 2325, RESOURCE_LEAK commit f9e3af71d391027de353f0240f70e425e766c0e5 Author: Volker Lendecke <v...@samba.org> Date: Fri Apr 22 09:48:10 2011 +0200 s3: Fix Coverity ID 2336, NULL_RETURNS commit 018595e2587b5b5dd90bf318a1cf8b675e47b66b Author: Volker Lendecke <v...@samba.org> Date: Fri Apr 22 09:45:54 2011 +0200 s3: Fix Coverity ID 2335, CHECKED_RETURN commit 4981adcca37391b6745f10f5849fedd7c944410d Author: Volker Lendecke <v...@samba.org> Date: Fri Apr 22 09:41:52 2011 +0200 asn1: Fix Coverity ID 2299, CHECKED_RETURN commit 3e8a8fad59cfdd053ad96afc39ea7d6e98b91764 Author: Volker Lendecke <v...@samba.org> Date: Fri Apr 22 09:39:37 2011 +0200 s3: Fix Coverity ID 2307, NULL_RETURNS commit 9a0676d5c947033ac41f700be9ba92ab1666814e Author: Volker Lendecke <v...@samba.org> Date: Fri Apr 22 09:34:35 2011 +0200 s3: Fix Coverity ID 986, BUFFER_SIZE_WARNING strncpy can leave the destination unterminated commit 7e7ad53cbd77ce2201fd46bd2c08a601725f9f5b Author: Volker Lendecke <v...@samba.org> Date: Thu Apr 21 22:09:27 2011 +0200 s3: Fix Coverity ID 1340, NULL_RETURNS ----------------------------------------------------------------------- Summary of changes: lib/util/asn1.c | 6 +++++- source3/lib/smbconf/smbconf_reg.c | 4 ++++ source3/lib/sysquotas_nfs.c | 4 ++++ source3/libads/ldap.c | 4 ++++ source3/libsmb/libsmb_dir.c | 4 ++++ source3/registry/reg_backend_db.c | 2 -- source3/rpc_client/cli_pipe.c | 2 +- source3/smbd/reply.c | 4 +++- 8 files changed, 25 insertions(+), 5 deletions(-) Changeset truncated at 500 lines: diff --git a/lib/util/asn1.c b/lib/util/asn1.c index f4a6bc5..b716da6 100644 --- a/lib/util/asn1.c +++ b/lib/util/asn1.c @@ -290,7 +290,11 @@ bool ber_write_partial_OID_String(TALLOC_CTX *mem_ctx, DATA_BLOB *blob, const ch /* Add partially encoded sub-identifier */ if (p) { DATA_BLOB tmp_blob = strhex_to_data_blob(tmp_ctx, p); - data_blob_append(mem_ctx, blob, tmp_blob.data, tmp_blob.length); + if (!data_blob_append(mem_ctx, blob, tmp_blob.data, + tmp_blob.length)) { + talloc_free(tmp_ctx); + return false; + } } talloc_free(tmp_ctx); diff --git a/source3/lib/smbconf/smbconf_reg.c b/source3/lib/smbconf/smbconf_reg.c index adac233..67df03c 100644 --- a/source3/lib/smbconf/smbconf_reg.c +++ b/source3/lib/smbconf/smbconf_reg.c @@ -714,6 +714,10 @@ static WERROR smbconf_reg_drop(struct smbconf_ctx *ctx) goto done; } p = strrchr(path, '\\'); + if (p == NULL) { + werr = WERR_INVALID_PARAM; + goto done; + } *p = '\0'; werr = reg_open_path(mem_ctx, path, REG_KEY_WRITE, token, &parent_key); diff --git a/source3/lib/sysquotas_nfs.c b/source3/lib/sysquotas_nfs.c index 8272f53..eff5874 100644 --- a/source3/lib/sysquotas_nfs.c +++ b/source3/lib/sysquotas_nfs.c @@ -134,6 +134,10 @@ int sys_get_nfs_quota(const char *path, const char *bdev, memset(cutstr, '\0', len+1); host = strncat(cutstr, mnttype, sizeof(char) * len); testpath = strchr_m(mnttype, ':'); + if (testpath == NULL) { + errno = EINVAL; + goto out; + } testpath++; gq_args.gqa_pathp = testpath; gq_args.gqa_uid = id.uid; diff --git a/source3/libads/ldap.c b/source3/libads/ldap.c index 3ce7a7e..90c645c 100644 --- a/source3/libads/ldap.c +++ b/source3/libads/ldap.c @@ -3502,6 +3502,10 @@ ADS_STATUS ads_leave_realm(ADS_STRUCT *ads, const char *hostname) } hostnameDN = ads_get_dn(ads, talloc_tos(), (LDAPMessage *)msg); + if (hostnameDN == NULL) { + SAFE_FREE(host); + return ADS_ERROR_SYSTEM(ENOENT); + } rc = ldap_delete_ext_s(ads->ldap.ld, hostnameDN, pldap_control, NULL); if (rc) { diff --git a/source3/libsmb/libsmb_dir.c b/source3/libsmb/libsmb_dir.c index 9939e25..c0c6e83 100644 --- a/source3/libsmb/libsmb_dir.c +++ b/source3/libsmb/libsmb_dir.c @@ -518,6 +518,10 @@ SMBC_opendir_ctx(SMBCCTX *context, ip_list = (struct ip_service *)memdup( &server_addr, sizeof(server_addr)); if (ip_list == NULL) { + if (dir) { + SAFE_FREE(dir->fname); + SAFE_FREE(dir); + } TALLOC_FREE(frame); errno = ENOMEM; return NULL; diff --git a/source3/registry/reg_backend_db.c b/source3/registry/reg_backend_db.c index 4aed6e7..6024a35 100644 --- a/source3/registry/reg_backend_db.c +++ b/source3/registry/reg_backend_db.c @@ -1596,8 +1596,6 @@ static WERROR regdb_fetch_keys_internal(struct db_context *db, const char *key, DEBUG(11,("regdb_fetch_keys: Enter key => [%s]\n", key ? key : "NULL")); - frame = talloc_stackframe(); - if (!regdb_key_exists(db, key)) { DEBUG(10, ("key [%s] not found\n", key)); werr = WERR_NOT_FOUND; diff --git a/source3/rpc_client/cli_pipe.c b/source3/rpc_client/cli_pipe.c index 02103e1..d7f990a 100644 --- a/source3/rpc_client/cli_pipe.c +++ b/source3/rpc_client/cli_pipe.c @@ -2691,7 +2691,7 @@ NTSTATUS rpc_pipe_open_ncalrpc(TALLOC_CTX *mem_ctx, const char *socket_path, ZERO_STRUCT(addr); addr.sun_family = AF_UNIX; - strncpy(addr.sun_path, socket_path, sizeof(addr.sun_path)); + strlcpy(addr.sun_path, socket_path, sizeof(addr.sun_path)); if (sys_connect(fd, (struct sockaddr *)(void *)&addr) == -1) { DEBUG(0, ("connect(%s) failed: %s\n", socket_path, diff --git a/source3/smbd/reply.c b/source3/smbd/reply.c index 9659522..01d4332 100644 --- a/source3/smbd/reply.c +++ b/source3/smbd/reply.c @@ -456,7 +456,9 @@ static bool netbios_session_retarget(struct smbd_server_connection *sconn, p = strchr_m(retarget, '#'); if (p != NULL) { *p++ = '\0'; - sscanf(p, "%x", &retarget_type); + if (sscanf(p, "%x", &retarget_type) != 1) { + goto fail; + } } ret = resolve_name(retarget, &retarget_addr, retarget_type, false); -- Samba Shared Repository