The branch, master has been updated
via 02618cc rpc_server: Fix CID 1063255 Resource leak
via 980c757 gensec: Fix CID 1063258 Uninitialized scalar variable
via 2055ce1 registry4: Fix CID 1034911 Dereference before null check
via cc983c9 smbd: Fix CID 1063259 Uninitialized scalar variable
via cb598dd ldb_map: Fix CID 1034791 Dereference null return value
via cbb5c1c pyldb: Fix CID 1034792 Dereference null return value
via 15bd8255 ldb: Fix CID 1034793 Dereference null return value
via 6417d9e samdb: Fix CID 1034910 Dereference before null check
via 8c4e6f0 samdb: Fix CID 1034910 Dereference before null check
via 35330aa samdb: Fix CID 1034910 Dereference before null check
via f82daa0 registry4: Fix CID 1034911 Dereference before null check
via 817e0ae log2pcaphex: Fix nonempty line endings
from 0627350 ldb: Fix a const warning
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 02618cc58a49864bd0bf280d9f13a7f39fcf9658
Author: Volker Lendecke <v...@samba.org>
Date: Sun Aug 18 20:41:51 2013 +0000
rpc_server: Fix CID 1063255 Resource leak
We would leak a socket 0 here
Signed-off-by: Volker Lendecke <v...@samba.org>
Reviewed-by: Andrew Bartlett <abart...@samba.org>
Autobuild-User(master): Andrew Bartlett <abart...@samba.org>
Autobuild-Date(master): Mon Aug 19 03:10:51 CEST 2013 on sn-devel-104
commit 980c757388b9cd3a376cf45fc98b01c65124c6a5
Author: Volker Lendecke <v...@samba.org>
Date: Sun Aug 18 20:37:26 2013 +0000
gensec: Fix CID 1063258 Uninitialized scalar variable
Signed-off-by: Volker Lendecke <v...@samba.org>
Reviewed-by: Andrew Bartlett <abart...@samba.org>
commit 2055ce1dbe94a7f02497e72652a58736ff1cf2e0
Author: Volker Lendecke <v...@samba.org>
Date: Sun Aug 18 19:34:35 2013 +0000
registry4: Fix CID 1034911 Dereference before null check
curbegin is always != NULL here (curend + 1) and is dereferenced by
strchr.
Signed-off-by: Volker Lendecke <v...@samba.org>
Reviewed-by: Andrew Bartlett <abart...@samba.org>
commit cc983c9a6a92f3d127ec6461b15aed3fa90e6d30
Author: Volker Lendecke <v...@samba.org>
Date: Sun Aug 18 20:35:32 2013 +0000
smbd: Fix CID 1063259 Uninitialized scalar variable
Signed-off-by: Volker Lendecke <v...@samba.org>
Reviewed-by: Andrew Bartlett <abart...@samba.org>
commit cb598ddab6935820975042a8a307c75dba9d7e31
Author: Volker Lendecke <v...@samba.org>
Date: Sun Aug 18 19:54:31 2013 +0000
ldb_map: Fix CID 1034791 Dereference null return value
Add NULL checks
Signed-off-by: Volker Lendecke <v...@samba.org>
Reviewed-by: Andrew Bartlett <abart...@samba.org>
commit cbb5c1ce39640ffd01aeed6d87a57940e344792c
Author: Volker Lendecke <v...@samba.org>
Date: Sun Aug 18 19:51:49 2013 +0000
pyldb: Fix CID 1034792 Dereference null return value
Add a NULL check
Signed-off-by: Volker Lendecke <v...@samba.org>
Reviewed-by: Andrew Bartlett <abart...@samba.org>
commit 15bd82550dab7a4709e92d639ee563dbc4780366
Author: Volker Lendecke <v...@samba.org>
Date: Sun Aug 18 19:49:24 2013 +0000
ldb: Fix CID 1034793 Dereference null return value
Add a proper NULL check
Signed-off-by: Volker Lendecke <v...@samba.org>
Reviewed-by: Andrew Bartlett <abart...@samba.org>
commit 6417d9e0355f840ca4cf3b740ad5aabfc534d834
Author: Volker Lendecke <v...@samba.org>
Date: Sun Aug 18 19:37:56 2013 +0000
samdb: Fix CID 1034910 Dereference before null check
strncmp("tdb://", sam_name, 6) dereferences sam_name. Check for
NULL before that.
Signed-off-by: Volker Lendecke <v...@samba.org>
Reviewed-by: Andrew Bartlett <abart...@samba.org>
commit 8c4e6f0cba164c91661a654e2ccc13c265a06953
Author: Volker Lendecke <v...@samba.org>
Date: Sun Aug 18 19:37:56 2013 +0000
samdb: Fix CID 1034910 Dereference before null check
strncmp("tdb://", sam_name, 6) dereferences sam_name. Check for
NULL before that.
Signed-off-by: Volker Lendecke <v...@samba.org>
Reviewed-by: Andrew Bartlett <abart...@samba.org>
commit 35330aa2c8b255d74e94bc9dd742e621953c21f9
Author: Volker Lendecke <v...@samba.org>
Date: Sun Aug 18 19:37:56 2013 +0000
samdb: Fix CID 1034910 Dereference before null check
strncmp("tdb://", secrets_ldb, 6) dereferences secrets_ldb. Check for
NULL before that.
Signed-off-by: Volker Lendecke <v...@samba.org>
Reviewed-by: Andrew Bartlett <abart...@samba.org>
commit f82daa054ad95c6b1ae5cfce1efb6dc461389bc9
Author: Volker Lendecke <v...@samba.org>
Date: Sun Aug 18 19:34:35 2013 +0000
registry4: Fix CID 1034911 Dereference before null check
curbegin is always != NULL here (curend + 1) and is dereferenced by
strchr.
Signed-off-by: Volker Lendecke <v...@samba.org>
Reviewed-by: Andrew Bartlett <abart...@samba.org>
commit 817e0ae6875676c8d46b63539fe805ba215d2d6b
Author: Volker Lendecke <v...@samba.org>
Date: Sun Aug 18 17:19:14 2013 +0000
log2pcaphex: Fix nonempty line endings
Signed-off-by: Volker Lendecke <v...@samba.org>
Reviewed-by: Andrew Bartlett <abart...@samba.org>
-----------------------------------------------------------------------
Summary of changes:
auth/gensec/gensec.c | 1 +
lib/ldb/ldb_map/ldb_map.c | 6 ++++
lib/ldb/pyldb.c | 4 ++
lib/ldb/tools/ldbtest.c | 4 ++
source3/rpc_server/rpc_server.c | 2 +-
source3/smbd/process.c | 1 +
source3/utils/log2pcaphex.c | 31 +++++++++----------
.../dsdb/samdb/ldb_modules/partition_metadata.c | 6 ++--
source4/dsdb/samdb/ldb_modules/schema_load.c | 6 ++--
source4/dsdb/samdb/ldb_modules/secrets_tdb_sync.c | 6 ++--
source4/lib/registry/local.c | 4 +-
11 files changed, 43 insertions(+), 28 deletions(-)
Changeset truncated at 500 lines:
diff --git a/auth/gensec/gensec.c b/auth/gensec/gensec.c
index abcbcb9..63ebc19 100644
--- a/auth/gensec/gensec.c
+++ b/auth/gensec/gensec.c
@@ -273,6 +273,7 @@ _PUBLIC_ NTSTATUS gensec_update(struct gensec_security
*gensec_security, TALLOC_
subreq = ops->update_send(frame, ev, gensec_security, in);
if (subreq == NULL) {
+ status = NT_STATUS_NO_MEMORY;
goto fail;
}
ok = tevent_req_poll_ntstatus(subreq, ev, &status);
diff --git a/lib/ldb/ldb_map/ldb_map.c b/lib/ldb/ldb_map/ldb_map.c
index d95f050..ce2d660 100644
--- a/lib/ldb/ldb_map/ldb_map.c
+++ b/lib/ldb/ldb_map/ldb_map.c
@@ -223,12 +223,18 @@ int ldb_next_remote_request(struct ldb_module *module,
struct ldb_request *reque
case LDB_ADD:
msg = ldb_msg_copy_shallow(request, request->op.add.message);
+ if (msg == NULL) {
+ return LDB_ERR_OPERATIONS_ERROR;
+ }
msg->dn = ldb_dn_rebase_remote(msg, data, msg->dn);
request->op.add.message = msg;
break;
case LDB_MODIFY:
msg = ldb_msg_copy_shallow(request, request->op.mod.message);
+ if (msg == NULL) {
+ return LDB_ERR_OPERATIONS_ERROR;
+ }
msg->dn = ldb_dn_rebase_remote(msg, data, msg->dn);
request->op.mod.message = msg;
break;
diff --git a/lib/ldb/pyldb.c b/lib/ldb/pyldb.c
index ec6c7d0..4583132 100644
--- a/lib/ldb/pyldb.c
+++ b/lib/ldb/pyldb.c
@@ -1075,6 +1075,10 @@ static struct ldb_message *PyDict_AsMessage(TALLOC_CTX
*mem_ctx,
PyObject *dn_value = PyDict_GetItemString(py_obj, "dn");
msg = ldb_msg_new(mem_ctx);
+ if (msg == NULL) {
+ PyErr_NoMemory();
+ return NULL;
+ }
msg->elements = talloc_zero_array(msg, struct ldb_message_element,
PyDict_Size(py_obj));
if (dn_value) {
diff --git a/lib/ldb/tools/ldbtest.c b/lib/ldb/tools/ldbtest.c
index 4e181af..384624c 100644
--- a/lib/ldb/tools/ldbtest.c
+++ b/lib/ldb/tools/ldbtest.c
@@ -324,6 +324,10 @@ static void start_test_index(struct ldb_context **ldb)
ldb_delete(*ldb, indexlist);
msg = ldb_msg_new(NULL);
+ if (msg == NULL) {
+ printf("ldb_msg_new failed\n");
+ exit(LDB_ERR_OPERATIONS_ERROR);
+ }
msg->dn = indexlist;
ldb_msg_add_string(msg, "@IDXATTR", strdup("uid"));
diff --git a/source3/rpc_server/rpc_server.c b/source3/rpc_server/rpc_server.c
index de54ddc..fa3c870 100644
--- a/source3/rpc_server/rpc_server.c
+++ b/source3/rpc_server/rpc_server.c
@@ -620,7 +620,7 @@ int create_tcpip_socket(const struct sockaddr_storage
*ifss, uint16_t *port)
0,
ifss,
false);
- if (fd > 0) {
+ if (fd >= 0) {
*port = i;
break;
}
diff --git a/source3/smbd/process.c b/source3/smbd/process.c
index 3fbfc37..b8e01ba 100644
--- a/source3/smbd/process.c
+++ b/source3/smbd/process.c
@@ -165,6 +165,7 @@ bool srv_send_smb(struct smbd_server_connection *sconn,
char *buffer,
DEBUG(0, ("send_smb: SMB encryption failed "
"on outgoing packet! Error %s\n",
nt_errstr(status) ));
+ ret = -1;
goto out;
}
}
diff --git a/source3/utils/log2pcaphex.c b/source3/utils/log2pcaphex.c
index 0b1230e..8425a5e 100644
--- a/source3/utils/log2pcaphex.c
+++ b/source3/utils/log2pcaphex.c
@@ -1,4 +1,4 @@
-/*
+/*
Unix SMB/CIFS implementation.
Utility to extract pcap files from samba (log level 10) log files
@@ -154,7 +154,6 @@ static void print_hex_packet(FILE *out, unsigned char
*data, long length)
for(i = cur; i < length && i < cur + 16; i++) {
fprintf(out, "%02x ", data[i]);
}
-
cur = i;
fprintf(out, "\n");
}
@@ -162,10 +161,10 @@ static void print_hex_packet(FILE *out, unsigned char
*data, long length)
static void print_netbios_packet(FILE *out, unsigned char *data, long length,
long actual_length)
-{
+{
unsigned char *newdata; long offset = 0;
long newlen;
-
+
newlen = length+sizeof(HDR_IP)+sizeof(HDR_TCP);
newdata = (unsigned char *)malloc(newlen);
@@ -176,7 +175,7 @@ static void print_netbios_packet(FILE *out, unsigned char
*data, long length,
memcpy(newdata+offset, &HDR_IP, sizeof(HDR_IP));offset+=sizeof(HDR_IP);
memcpy(newdata+offset, &HDR_TCP,
sizeof(HDR_TCP));offset+=sizeof(HDR_TCP);
memcpy(newdata+offset,data,length);
-
+
print_pcap_packet(out, newdata, newlen, actual_length+offset);
free(newdata);
}
@@ -312,12 +311,12 @@ int main (int argc, char **argv)
{ "hex", 'h', POPT_ARG_NONE, &hexformat, 0, "Output format
readable by text2pcap" },
POPT_TABLEEND
};
-
+
pc = poptGetContext(NULL, argc, (const char **) argv, long_options,
POPT_CONTEXT_KEEP_FIRST);
poptSetOtherOptionHelp(pc, "[<infile> [<outfile>]]");
-
-
+
+
while((opt = poptGetNextOpt(pc)) != -1) {
switch (opt) {
}
@@ -334,13 +333,13 @@ int main (int argc, char **argv)
return 1;
}
} else in = stdin;
-
+
outfile = poptGetArg(pc);
if(outfile) {
out = fopen(outfile, "w+");
- if(!out) {
- perror("fopen");
+ if(!out) {
+ perror("fopen");
fprintf(stderr, "Can't find %s, using stdout...\n",
outfile);
return 1;
}
@@ -359,15 +358,15 @@ int main (int argc, char **argv)
read_log_msg(in, &curpacket, &curpacket_len,
&data_offset, &data_length);
} else if(in_packet && strstr(buffer, "dump_data")) {
data_bytes_read = read_log_data(in,
curpacket+data_offset, data_length);
- } else {
- if(in_packet){
- if(hexformat) print_hex_packet(out,
curpacket, curpacket_len);
+ } else {
+ if(in_packet){
+ if(hexformat) print_hex_packet(out,
curpacket, curpacket_len);
else print_netbios_packet(out,
curpacket, curpacket_len, data_bytes_read+data_offset);
- free(curpacket);
+ free(curpacket);
}
in_packet = 0;
}
- }
+ }
}
if (in != stdin) {
diff --git a/source4/dsdb/samdb/ldb_modules/partition_metadata.c
b/source4/dsdb/samdb/ldb_modules/partition_metadata.c
index 5826ac2..c67d6cf 100644
--- a/source4/dsdb/samdb/ldb_modules/partition_metadata.c
+++ b/source4/dsdb/samdb/ldb_modules/partition_metadata.c
@@ -199,13 +199,13 @@ static int partition_metadata_open(struct ldb_module
*module, bool create)
}
sam_name = (const char *)ldb_get_opaque(ldb, "ldb_url");
- if (strncmp("tdb://", sam_name, 6) == 0) {
- sam_name += 6;
- }
if (!sam_name) {
talloc_free(tmp_ctx);
return ldb_operr(ldb);
}
+ if (strncmp("tdb://", sam_name, 6) == 0) {
+ sam_name += 6;
+ }
filename = talloc_asprintf(tmp_ctx, "%s.d/metadata.tdb", sam_name);
if (!filename) {
talloc_free(tmp_ctx);
diff --git a/source4/dsdb/samdb/ldb_modules/schema_load.c
b/source4/dsdb/samdb/ldb_modules/schema_load.c
index faaf3f2..93e8e97 100644
--- a/source4/dsdb/samdb/ldb_modules/schema_load.c
+++ b/source4/dsdb/samdb/ldb_modules/schema_load.c
@@ -68,13 +68,13 @@ static int schema_metadata_open(struct ldb_module *module)
}
sam_name = (const char *)ldb_get_opaque(ldb, "ldb_url");
- if (strncmp("tdb://", sam_name, 6) == 0) {
- sam_name += 6;
- }
if (!sam_name) {
talloc_free(tmp_ctx);
return ldb_operr(ldb);
}
+ if (strncmp("tdb://", sam_name, 6) == 0) {
+ sam_name += 6;
+ }
filename = talloc_asprintf(tmp_ctx, "%s.d/metadata.tdb", sam_name);
if (!filename) {
talloc_free(tmp_ctx);
diff --git a/source4/dsdb/samdb/ldb_modules/secrets_tdb_sync.c
b/source4/dsdb/samdb/ldb_modules/secrets_tdb_sync.c
index e3d8485..284aa1b 100644
--- a/source4/dsdb/samdb/ldb_modules/secrets_tdb_sync.c
+++ b/source4/dsdb/samdb/ldb_modules/secrets_tdb_sync.c
@@ -489,12 +489,12 @@ static int secrets_tdb_sync_init(struct ldb_module
*module)
ldb_module_set_private(module, data);
secrets_ldb = (const char *)ldb_get_opaque(ldb, "ldb_url");
- if (strncmp("tdb://", secrets_ldb, 6) == 0) {
- secrets_ldb += 6;
- }
if (!secrets_ldb) {
return ldb_operr(ldb);
}
+ if (strncmp("tdb://", secrets_ldb, 6) == 0) {
+ secrets_ldb += 6;
+ }
private_dir = talloc_strdup(data, secrets_ldb);
p = strrchr(private_dir, '/');
if (p) {
diff --git a/source4/lib/registry/local.c b/source4/lib/registry/local.c
index 79c398b..2afb65c 100644
--- a/source4/lib/registry/local.c
+++ b/source4/lib/registry/local.c
@@ -124,7 +124,7 @@ static WERROR local_open_key(TALLOC_CTX *mem_ctx,
break;
curbegin = curend + 1;
curend = strchr(curbegin, '\\');
- } while (curbegin != NULL && curbegin[0] != '\0');
+ } while (curbegin[0] != '\0');
talloc_free(orig);
*result = reg_import_hive_key(local_parent->global.context, curkey,
@@ -233,7 +233,7 @@ static WERROR local_create_key(TALLOC_CTX *mem_ctx,
break;
curbegin = curend + 1;
curend = strchr(curbegin, '\\');
- } while (curbegin != NULL && curbegin[0] != '\0');
+ } while (curbegin[0] != '\0');
talloc_free(orig);
*result = reg_import_hive_key(local_parent->global.context, curkey,
--
Samba Shared Repository
