The branch, master has been updated
via 014512f dfs_server: Don't allocate a subcontext twice.
via ac434c4 util: Don't use the pid ret value uninitialized.
via f1fe877 s3-netapi: Initialize group_handle of NetGroupSetUsers_r().
via 7d20934 s4-netapi: Initialize group_handle of NetGroupGetUsers_r().
via 5bc5761 s3-auth: Make sure we work on valid data_blobs.
via d020c51 s3-netapi: Initialize group_handle of NetUserSetGroups_r.
via dc9fa1a torture: Fix torture_rpc_spoolss_printer_teardown_common().
via 33d1d52 s3-netapi: Fix zeroing policy handles in
NetLocalGroupAdd_r().
via 4c0b489 vfs: Make sure we don't call talloc_free on an
uninitialized pointer.
via e039676 s3-printing: Don't call talloc_free on an uninitialized
pointer.
via c83f933 idl: Fix spoolss check for the size of the struct.
via e4e3293 s3-net: Check the return value of strlower_m().
via f70c56b s3-net: Check return value of string_to_sid().
via 785cc6f s3-rpcclient: Check return value of add_string_to_array().
via ff32391 s3-registry: Check return code of push_reg_sz().
from 0f75d92 s3:auth: Tidy up some of the API confusion in
create_token_from_XXX() calls.
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 014512f56478152972c7cae75e872a48ea18c91d
Author: Andreas Schneider <a...@samba.org>
Date: Thu Dec 6 14:37:21 2012 +0100
dfs_server: Don't allocate a subcontext twice.
Signed-off-by: Andreas Schneider <a...@samba.org>
Reviewed-by: Guenther Deschner <g...@samba.org>
Autobuild-User(master): Günther Deschner <g...@samba.org>
Autobuild-Date(master): Wed Dec 12 11:28:39 CET 2012 on sn-devel-104
commit ac434c4223ba7a7cbbd97a59e305445a22a32c76
Author: Andreas Schneider <a...@samba.org>
Date: Thu Dec 6 16:02:57 2012 +0100
util: Don't use the pid ret value uninitialized.
Signed-off-by: Andreas Schneider <a...@samba.org>
Reviewed-by: Guenther Deschner <g...@samba.org>
commit f1fe877d07d6b1d04e9bbbec558bad90a855ae95
Author: Andreas Schneider <a...@samba.org>
Date: Thu Dec 6 17:04:47 2012 +0100
s3-netapi: Initialize group_handle of NetGroupSetUsers_r().
Found by Coverity.
Signed-off-by: Andreas Schneider <a...@samba.org>
Reviewed-by: Guenther Deschner <g...@samba.org>
commit 7d20934693174deac1f94a250ee9a2d39a7a8c8c
Author: Andreas Schneider <a...@samba.org>
Date: Thu Dec 6 18:06:59 2012 +0100
s4-netapi: Initialize group_handle of NetGroupGetUsers_r().
Signed-off-by: Andreas Schneider <a...@samba.org>
Reviewed-by: Guenther Deschner <g...@samba.org>
commit 5bc5761c06decc6b1fadff5f246c820e1db3fed3
Author: Andreas Schneider <a...@samba.org>
Date: Thu Dec 6 18:13:23 2012 +0100
s3-auth: Make sure we work on valid data_blobs.
Found by Coverity.
Signed-off-by: Andreas Schneider <a...@samba.org>
Reviewed-by: Guenther Deschner <g...@samba.org>
commit d020c51978727185803edc5575adaf485b6e894e
Author: Andreas Schneider <a...@samba.org>
Date: Thu Dec 6 18:15:12 2012 +0100
s3-netapi: Initialize group_handle of NetUserSetGroups_r.
Found by Coverity.
Signed-off-by: Andreas Schneider <a...@samba.org>
Reviewed-by: Guenther Deschner <g...@samba.org>
commit dc9fa1a026e9cd543a53b9ca72b0c52e1740c2e4
Author: Andreas Schneider <a...@samba.org>
Date: Mon Dec 10 13:22:52 2012 +0100
torture: Fix torture_rpc_spoolss_printer_teardown_common().
Found by Coverity.
Signed-off-by: Andreas Schneider <a...@samba.org>
Reviewed-by: Guenther Deschner <g...@samba.org>
commit 33d1d525080297686f60b46661b0b4021d31199b
Author: Andreas Schneider <a...@samba.org>
Date: Mon Dec 10 13:24:46 2012 +0100
s3-netapi: Fix zeroing policy handles in NetLocalGroupAdd_r().
Found by Coverity.
Signed-off-by: Andreas Schneider <a...@samba.org>
Reviewed-by: Guenther Deschner <g...@samba.org>
commit 4c0b4894d58094f95d8f053651104521e46da4ec
Author: Andreas Schneider <a...@samba.org>
Date: Mon Dec 10 13:35:27 2012 +0100
vfs: Make sure we don't call talloc_free on an uninitialized pointer.
Found by Coverity.
Signed-off-by: Andreas Schneider <a...@samba.org>
Reviewed-by: Guenther Deschner <g...@samba.org>
commit e039676fe2c2fe5c7ef53e1e58487dd048e37013
Author: Andreas Schneider <a...@samba.org>
Date: Mon Dec 10 13:42:37 2012 +0100
s3-printing: Don't call talloc_free on an uninitialized pointer.
Found by Coverity.
Signed-off-by: Andreas Schneider <a...@samba.org>
Reviewed-by: Guenther Deschner <g...@samba.org>
commit c83f9330a40fc53ec4cbfdfcafa2a95eae4cf7fa
Author: Andreas Schneider <a...@samba.org>
Date: Mon Dec 10 15:48:28 2012 +0100
idl: Fix spoolss check for the size of the struct.
Signed-off-by: Andreas Schneider <a...@samba.org>
Reviewed-by: Guenther Deschner <g...@samba.org>
commit e4e3293b482d48bc6a503e1280fe2a20556548ef
Author: Andreas Schneider <a...@samba.org>
Date: Mon Dec 10 17:36:39 2012 +0100
s3-net: Check the return value of strlower_m().
Found by Coverity.
Signed-off-by: Andreas Schneider <a...@samba.org>
Reviewed-by: Guenther Deschner <g...@samba.org>
commit f70c56b74769711e358860655bbb5c2329ad005b
Author: Andreas Schneider <a...@samba.org>
Date: Mon Dec 10 17:39:03 2012 +0100
s3-net: Check return value of string_to_sid().
Found by Coverity.
Signed-off-by: Andreas Schneider <a...@samba.org>
Reviewed-by: Guenther Deschner <g...@samba.org>
commit 785cc6f3f3b5fe0deae4352dbbb2cfe76257f47d
Author: Andreas Schneider <a...@samba.org>
Date: Mon Dec 10 17:41:46 2012 +0100
s3-rpcclient: Check return value of add_string_to_array().
Found by Coverity.
Signed-off-by: Andreas Schneider <a...@samba.org>
Reviewed-by: Guenther Deschner <g...@samba.org>
commit ff32391808322029a8d6caa9fdf1a4d253d9b1ff
Author: Andreas Schneider <a...@samba.org>
Date: Mon Dec 10 17:47:15 2012 +0100
s3-registry: Check return code of push_reg_sz().
Signed-off-by: Andreas Schneider <a...@samba.org>
Reviewed-by: Guenther Deschner <g...@samba.org>
-----------------------------------------------------------------------
Summary of changes:
dfs_server/dfs_server_ad.c | 2 +-
lib/util/pidfile.c | 2 +-
librpc/idl/spoolss.idl | 8 ++++----
source3/auth/auth_util.c | 4 ++--
source3/lib/netapi/group.c | 2 ++
source3/lib/netapi/localgroup.c | 10 +++++-----
source3/lib/netapi/user.c | 1 +
source3/modules/vfs_media_harmony.c | 2 +-
source3/printing/nt_printing.c | 2 +-
source3/registry/reg_perfcount.c | 13 +++++++++++--
source3/rpcclient/cmd_spoolss.c | 6 +++++-
source3/utils/net_rpc.c | 12 ++++++++++--
source4/torture/rpc/spoolss.c | 4 +---
13 files changed, 45 insertions(+), 23 deletions(-)
Changeset truncated at 500 lines:
diff --git a/dfs_server/dfs_server_ad.c b/dfs_server/dfs_server_ad.c
index ceabe05..4d3891a 100644
--- a/dfs_server/dfs_server_ad.c
+++ b/dfs_server/dfs_server_ad.c
@@ -278,7 +278,7 @@ static NTSTATUS get_dcs(TALLOC_CTX *ctx, struct ldb_context
*ldb,
int ret;
uint32_t current_pos = 0;
NTSTATUS status;
- TALLOC_CTX *subctx = talloc_new(ctx);
+ TALLOC_CTX *subctx;
*pset_list = set_list = NULL;
diff --git a/lib/util/pidfile.c b/lib/util/pidfile.c
index 8846371..1b382d1 100644
--- a/lib/util/pidfile.c
+++ b/lib/util/pidfile.c
@@ -36,7 +36,7 @@ pid_t pidfile_pid(const char *piddir, const char *name)
{
int fd;
char pidstr[20];
- pid_t ret;
+ pid_t ret = -1;
char *pidFile;
if (asprintf(&pidFile, "%s/%s.pid", piddir, name) < 0) {
diff --git a/librpc/idl/spoolss.idl b/librpc/idl/spoolss.idl
index d888a79..1a5f5e9 100644
--- a/librpc/idl/spoolss.idl
+++ b/librpc/idl/spoolss.idl
@@ -3013,11 +3013,11 @@ cpp_quote("#define spoolss_security_descriptor
security_descriptor")
PROTOCOL_LPR_TYPE = 2
} spoolss_PortProtocol;
- typedef [public] struct {
+ typedef [public,gensize] struct {
[charset(UTF16)] uint16 portname[64];
[value(0x00000001)] uint32 version;
spoolss_PortProtocol protocol;
- [value(sizeof(r))] uint32 size;
+ [value(ndr_size_spoolss_PortData1(r, ndr->flags))] uint32 size;
uint32 reserved;
[charset(UTF16)] uint16 hostaddress[49];
[charset(UTF16)] uint16 snmpcommunity[33];
@@ -3031,11 +3031,11 @@ cpp_quote("#define spoolss_security_descriptor
security_descriptor")
uint32 snmp_dev_index;
} spoolss_PortData1;
- typedef [public] struct {
+ typedef [public,gensize] struct {
[charset(UTF16)] uint16 portname[64];
[value(0x00000002)] uint32 version;
spoolss_PortProtocol protocol;
- [value(sizeof(r))] uint32 size;
+ [value(ndr_size_spoolss_PortData2(r, ndr->flags))] uint32 size;
uint32 reserved;
[charset(UTF16)] uint16 hostaddress[128];
[charset(UTF16)] uint16 snmpcommunity[33];
diff --git a/source3/auth/auth_util.c b/source3/auth/auth_util.c
index b75a390..1367186 100644
--- a/source3/auth/auth_util.c
+++ b/source3/auth/auth_util.c
@@ -231,8 +231,8 @@ bool make_user_info_netlogon_interactive(struct
auth_usersupplied_info **user_in
{
bool ret;
NTSTATUS nt_status;
- DATA_BLOB local_lm_blob;
- DATA_BLOB local_nt_blob;
+ DATA_BLOB local_lm_blob = data_blob_null;
+ DATA_BLOB local_nt_blob = data_blob_null;
if (lm_interactive_pwd) {
local_lm_blob = data_blob(local_lm_response,
diff --git a/source3/lib/netapi/group.c b/source3/lib/netapi/group.c
index 710ec37..9813f7e 100644
--- a/source3/lib/netapi/group.c
+++ b/source3/lib/netapi/group.c
@@ -1459,6 +1459,7 @@ WERROR NetGroupGetUsers_r(struct libnetapi_ctx *ctx,
ZERO_STRUCT(connect_handle);
ZERO_STRUCT(domain_handle);
+ ZERO_STRUCT(group_handle);
if (!r->out.buffer) {
return WERR_INVALID_PARAM;
@@ -1639,6 +1640,7 @@ WERROR NetGroupSetUsers_r(struct libnetapi_ctx *ctx,
ZERO_STRUCT(connect_handle);
ZERO_STRUCT(domain_handle);
+ ZERO_STRUCT(group_handle);
if (!r->in.buffer) {
return WERR_INVALID_PARAM;
diff --git a/source3/lib/netapi/localgroup.c b/source3/lib/netapi/localgroup.c
index 816afc2..1a544ad 100644
--- a/source3/lib/netapi/localgroup.c
+++ b/source3/lib/netapi/localgroup.c
@@ -159,6 +159,11 @@ WERROR NetLocalGroupAdd_r(struct libnetapi_ctx *ctx,
return WERR_INVALID_PARAM;
}
+ ZERO_STRUCT(connect_handle);
+ ZERO_STRUCT(builtin_handle);
+ ZERO_STRUCT(domain_handle);
+ ZERO_STRUCT(alias_handle);
+
switch (r->in.level) {
case 0:
info0 = (struct LOCALGROUP_INFO_0 *)r->in.buffer;
@@ -173,11 +178,6 @@ WERROR NetLocalGroupAdd_r(struct libnetapi_ctx *ctx,
goto done;
}
- ZERO_STRUCT(connect_handle);
- ZERO_STRUCT(builtin_handle);
- ZERO_STRUCT(domain_handle);
- ZERO_STRUCT(alias_handle);
-
werr = libnetapi_open_pipe(ctx, r->in.server_name,
&ndr_table_samr.syntax_id,
&pipe_cli);
diff --git a/source3/lib/netapi/user.c b/source3/lib/netapi/user.c
index 3003a39..dfcbb09 100644
--- a/source3/lib/netapi/user.c
+++ b/source3/lib/netapi/user.c
@@ -3150,6 +3150,7 @@ WERROR NetUserSetGroups_r(struct libnetapi_ctx *ctx,
ZERO_STRUCT(connect_handle);
ZERO_STRUCT(domain_handle);
+ ZERO_STRUCT(group_handle);
if (!r->in.buffer) {
return WERR_INVALID_PARAM;
diff --git a/source3/modules/vfs_media_harmony.c
b/source3/modules/vfs_media_harmony.c
index 360fca6..bdbb750 100644
--- a/source3/modules/vfs_media_harmony.c
+++ b/source3/modules/vfs_media_harmony.c
@@ -808,7 +808,7 @@ static DIR *mh_fdopendir(vfs_handle_struct *handle,
const char *mask,
uint32 attr)
{
- struct mh_dirinfo_struct *dirInfo;
+ struct mh_dirinfo_struct *dirInfo = NULL;
DIR *dirstream;
DEBUG(MH_INFO_DEBUG, ("Entering with fsp->fsp_name->base_name '%s'\n",
diff --git a/source3/printing/nt_printing.c b/source3/printing/nt_printing.c
index 5050a5d..252fbb8 100644
--- a/source3/printing/nt_printing.c
+++ b/source3/printing/nt_printing.c
@@ -1222,7 +1222,7 @@ bool printer_driver_in_use(TALLOC_CTX *mem_ctx,
DEBUG(10,("printer_driver_in_use: Completed search through
ntprinters.tdb...\n"));
if ( in_use ) {
- struct spoolss_DriverInfo8 *driver;
+ struct spoolss_DriverInfo8 *driver = NULL;
WERROR werr;
DEBUG(5,("printer_driver_in_use: driver \"%s\" is currently in
use\n", r->driver_name));
diff --git a/source3/registry/reg_perfcount.c b/source3/registry/reg_perfcount.c
index 3203e09..e51d374 100644
--- a/source3/registry/reg_perfcount.c
+++ b/source3/registry/reg_perfcount.c
@@ -158,6 +158,7 @@ static uint32 _reg_perfcount_multi_sz_from_tdb(TDB_CONTEXT
*tdb,
char *buf1 = *retbuf;
uint32 working_size = 0;
DATA_BLOB name_index, name;
+ bool ok;
memset(temp, 0, sizeof(temp));
snprintf(temp, sizeof(temp), "%d", keyval);
@@ -178,7 +179,11 @@ static uint32 _reg_perfcount_multi_sz_from_tdb(TDB_CONTEXT
*tdb,
buffer_size = 0;
return buffer_size;
}
- push_reg_sz(talloc_tos(), &name_index, (const char *)kbuf.dptr);
+ ok = push_reg_sz(talloc_tos(), &name_index, (const char *)kbuf.dptr);
+ if (!ok) {
+ buffer_size = 0;
+ return buffer_size;
+ }
memcpy(buf1+buffer_size, (char *)name_index.data, working_size);
buffer_size += working_size;
/* Now encode the actual name */
@@ -191,7 +196,11 @@ static uint32 _reg_perfcount_multi_sz_from_tdb(TDB_CONTEXT
*tdb,
memset(temp, 0, sizeof(temp));
memcpy(temp, dbuf.dptr, dbuf.dsize);
SAFE_FREE(dbuf.dptr);
- push_reg_sz(talloc_tos(), &name, temp);
+ ok = push_reg_sz(talloc_tos(), &name, temp);
+ if (!ok) {
+ buffer_size = 0;
+ return buffer_size;
+ }
memcpy(buf1+buffer_size, (char *)name.data, working_size);
buffer_size += working_size;
diff --git a/source3/rpcclient/cmd_spoolss.c b/source3/rpcclient/cmd_spoolss.c
index c3ac211..5263184 100644
--- a/source3/rpcclient/cmd_spoolss.c
+++ b/source3/rpcclient/cmd_spoolss.c
@@ -1672,7 +1672,11 @@ static bool init_drv_info_3_members(TALLOC_CTX *mem_ctx,
struct spoolss_AddDrive
}
while (str != NULL) {
- add_string_to_array(deps, str, &file_array, &count);
+ bool ok;
+ ok = add_string_to_array(deps, str, &file_array, &count);
+ if (!ok) {
+ return false;
+ }
str = strtok_r(NULL, ",", &saveptr);
}
diff --git a/source3/utils/net_rpc.c b/source3/utils/net_rpc.c
index 57d619e..c112a15 100644
--- a/source3/utils/net_rpc.c
+++ b/source3/utils/net_rpc.c
@@ -369,7 +369,9 @@ static NTSTATUS rpc_oldjoin_internals(struct net_context *c,
}
fstrcpy(trust_passwd, lp_netbios_name());
- strlower_m(trust_passwd);
+ if (!strlower_m(trust_passwd)) {
+ return NT_STATUS_UNSUCCESSFUL;
+ }
/*
* Machine names can be 15 characters, but the max length on
@@ -4682,6 +4684,7 @@ static bool get_user_sids(const char *domain, const char
*user, struct security_
for (i = 0; i < num_groups; i++) {
gid_t gid = groups[i];
struct dom_sid sid;
+ bool ok;
wbc_status = wbcGidToSid(gid, &wsid);
if (!WBC_ERROR_IS_OK(wbc_status)) {
@@ -4695,7 +4698,12 @@ static bool get_user_sids(const char *domain, const char
*user, struct security_
DEBUG(3, (" %s\n", sid_str));
- string_to_sid(&sid, sid_str);
+ ok = string_to_sid(&sid, sid_str);
+ if (!ok) {
+ DEBUG(1, ("Failed to convert string to SID\n"));
+ wbcFreeMemory(groups);
+ return false;
+ }
add_sid_to_token(token, &sid);
}
wbcFreeMemory(groups);
diff --git a/source4/torture/rpc/spoolss.c b/source4/torture/rpc/spoolss.c
index 6e0d9ed..b1229ac 100644
--- a/source4/torture/rpc/spoolss.c
+++ b/source4/torture/rpc/spoolss.c
@@ -7646,11 +7646,9 @@ static bool
torture_rpc_spoolss_printer_teardown_common(struct torture_context *
"failed to remove printer driver");
}
- if (p) {
+ if (p && !t->wellknown) {
b = p->binding_handle;
- }
- if (!t->wellknown) {
torture_assert(tctx,
test_DeletePrinter(tctx, b, &t->handle),
"failed to delete printer");
--
Samba Shared Repository
