The branch, master has been updated
via 94f11e9 s3-net: Fix rpc_service_list_internal() null pointer
passing.
via 9b0c1ab s3-rpcclient: Fix cmd_eventlog_loginfo() null pointer
passing.
via 30e1dc0 s3-rpcclient: Fix cmd_eventlog_readlog() null pointer
passing.
via ab14918 s3-idmap: Check return value of string_to_sid().
from 6cb7c4f docs: Fix typo in vfs_tsmsm.8.xml.
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 94f11e9d168931018125a1552f22b786ba290dd0
Author: Andreas Schneider <a...@samba.org>
Date: Fri Dec 21 16:03:51 2012 +0100
s3-net: Fix rpc_service_list_internal() null pointer passing.
Signed-off-by: Andreas Schneider <a...@samba.org>
Reviewed-by: Günther Deschner <g...@samba.org>
Found by Coverity.
Autobuild-User(master): Günther Deschner <g...@samba.org>
Autobuild-Date(master): Wed Jan 2 14:19:50 CET 2013 on sn-devel-104
commit 9b0c1ab07c2c9a3fce1c49ad3d476ca1301182a4
Author: Andreas Schneider <a...@samba.org>
Date: Fri Dec 21 15:58:49 2012 +0100
s3-rpcclient: Fix cmd_eventlog_loginfo() null pointer passing.
Signed-off-by: Andreas Schneider <a...@samba.org>
Reviewed-by: Günther Deschner <g...@samba.org>
Found by Coverity.
commit 30e1dc08df8d891e1ab6e17d786a7a239417947f
Author: Andreas Schneider <a...@samba.org>
Date: Fri Dec 21 15:52:02 2012 +0100
s3-rpcclient: Fix cmd_eventlog_readlog() null pointer passing.
Signed-off-by: Andreas Schneider <a...@samba.org>
Reviewed-by: Günther Deschner <g...@samba.org>
Found by Coverity.
commit ab14918ea406eed2ed79c39dea7b855e4ecbac74
Author: Andreas Schneider <a...@samba.org>
Date: Fri Dec 14 16:54:55 2012 +0100
s3-idmap: Check return value of string_to_sid().
Found by Coverity.
Signed-off-by: Andreas Schneider <a...@samba.org>
Reviewed-by: Günther Deschner <g...@samba.org>
Reviewed-by: Christian Ambach <a...@samba.org>
-----------------------------------------------------------------------
Summary of changes:
source3/rpcclient/cmd_eventlog.c | 25 ++++++++++++++++---------
source3/utils/net_rpc_service.c | 15 +++++++++++++--
source3/winbindd/idmap_autorid.c | 7 ++++++-
3 files changed, 35 insertions(+), 12 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source3/rpcclient/cmd_eventlog.c b/source3/rpcclient/cmd_eventlog.c
index a9d971e..949e025 100644
--- a/source3/rpcclient/cmd_eventlog.c
+++ b/source3/rpcclient/cmd_eventlog.c
@@ -69,7 +69,7 @@ static NTSTATUS cmd_eventlog_readlog(struct rpc_pipe_client
*cli,
EVENTLOG_SEQUENTIAL_READ;
uint32_t offset = 0;
uint32_t number_of_bytes = 0;
- uint8_t *data = NULL;
+ uint8_t *data;
uint32_t sent_size = 0;
uint32_t real_size = 0;
@@ -84,10 +84,6 @@ static NTSTATUS cmd_eventlog_readlog(struct rpc_pipe_client
*cli,
if (argc >= 4) {
number_of_bytes = atoi(argv[3]);
- data = talloc_array(mem_ctx, uint8_t, number_of_bytes);
- if (!data) {
- goto done;
- }
}
status = get_eventlog_handle(cli, mem_ctx, argv[1], &handle);
@@ -95,6 +91,11 @@ static NTSTATUS cmd_eventlog_readlog(struct rpc_pipe_client
*cli,
return status;
}
+ data = talloc_array(mem_ctx, uint8_t, number_of_bytes);
+ if (data == NULL) {
+ goto done;
+ }
+
do {
enum ndr_err_code ndr_err;
@@ -118,8 +119,8 @@ static NTSTATUS cmd_eventlog_readlog(struct rpc_pipe_client
*cli,
if (NT_STATUS_EQUAL(result, NT_STATUS_BUFFER_TOO_SMALL) &&
real_size > 0 ) {
number_of_bytes = real_size;
- data = talloc_array(mem_ctx, uint8_t, real_size);
- if (!data) {
+ data = talloc_realloc(mem_ctx, data, uint8_t,
real_size);
+ if (data == NULL) {
goto done;
}
status = dcerpc_eventlog_ReadEventLogW(b, mem_ctx,
@@ -509,6 +510,12 @@ static NTSTATUS cmd_eventlog_loginfo(struct
rpc_pipe_client *cli,
return status;
}
+ buffer = talloc_array(mem_ctx, uint8_t, bytes_needed);
+ if (buffer == NULL) {
+ status = NT_STATUS_NO_MEMORY;
+ goto done;
+ }
+
status = dcerpc_eventlog_GetLogInformation(b, mem_ctx,
&handle,
0, /* level */
@@ -525,8 +532,8 @@ static NTSTATUS cmd_eventlog_loginfo(struct rpc_pipe_client
*cli,
}
buf_size = bytes_needed;
- buffer = talloc_array(mem_ctx, uint8_t, bytes_needed);
- if (!buffer) {
+ buffer = talloc_realloc(mem_ctx, buffer, uint8_t, bytes_needed);
+ if (buffer == NULL) {
status = NT_STATUS_NO_MEMORY;
goto done;
}
diff --git a/source3/utils/net_rpc_service.c b/source3/utils/net_rpc_service.c
index 523eafd..0c0995a 100644
--- a/source3/utils/net_rpc_service.c
+++ b/source3/utils/net_rpc_service.c
@@ -289,7 +289,7 @@ static NTSTATUS rpc_service_list_internal(struct
net_context *c,
int i;
struct dcerpc_binding_handle *b = pipe_hnd->binding_handle;
- uint8_t *buffer = NULL;
+ uint8_t *buffer;
uint32_t buf_size = 0;
uint32_t bytes_needed = 0;
uint32_t num_services = 0;
@@ -307,6 +307,12 @@ static NTSTATUS rpc_service_list_internal(struct
net_context *c,
return werror_to_ntstatus(result);
}
+ buffer = talloc_array(mem_ctx, uint8_t, buf_size);
+ if (buffer == NULL) {
+ status = NT_STATUS_NO_MEMORY;
+ goto done;
+ }
+
do {
status = dcerpc_svcctl_EnumServicesStatusW(b, mem_ctx,
&hSCM,
@@ -327,8 +333,12 @@ static NTSTATUS rpc_service_list_internal(struct
net_context *c,
}
if (W_ERROR_EQUAL(result, WERR_MORE_DATA) && bytes_needed > 0) {
- buffer = talloc_array(mem_ctx, uint8_t, bytes_needed);
buf_size = bytes_needed;
+ buffer = talloc_realloc(mem_ctx, buffer, uint8_t,
bytes_needed);
+ if (buffer == NULL) {
+ status = NT_STATUS_NO_MEMORY;
+ break;
+ }
continue;
}
@@ -381,6 +391,7 @@ static NTSTATUS rpc_service_list_internal(struct
net_context *c,
} while (W_ERROR_EQUAL(result, WERR_MORE_DATA));
+done:
if (is_valid_policy_hnd(&hSCM)) {
WERROR _result;
dcerpc_svcctl_CloseServiceHandle(b, mem_ctx, &hSCM, &_result);
diff --git a/source3/winbindd/idmap_autorid.c b/source3/winbindd/idmap_autorid.c
index 621cae9..b7b1689 100644
--- a/source3/winbindd/idmap_autorid.c
+++ b/source3/winbindd/idmap_autorid.c
@@ -248,6 +248,7 @@ static NTSTATUS idmap_autorid_id_to_sid(struct
autorid_global_config *cfg,
char *keystr;
struct dom_sid sid;
NTSTATUS status;
+ bool ok;
/* can this be one of our ids? */
if (map->xid.id < cfg->minvalue) {
@@ -297,8 +298,12 @@ static NTSTATUS idmap_autorid_id_to_sid(struct
autorid_global_config *cfg,
return idmap_autorid_map_id_to_sid(dom, map);
}
- string_to_sid(&sid, (const char *)data.dptr);
+ ok = string_to_sid(&sid, (const char *)data.dptr);
TALLOC_FREE(data.dptr);
+ if (!ok) {
+ map->status = ID_UNKNOWN;
+ return NT_STATUS_OK;
+ }
sid_compose(map->sid, &sid,
(map->xid.id - cfg->minvalue -
--
Samba Shared Repository
