The branch, master has been updated via 02618cc rpc_server: Fix CID 1063255 Resource leak via 980c757 gensec: Fix CID 1063258 Uninitialized scalar variable via 2055ce1 registry4: Fix CID 1034911 Dereference before null check via cc983c9 smbd: Fix CID 1063259 Uninitialized scalar variable via cb598dd ldb_map: Fix CID 1034791 Dereference null return value via cbb5c1c pyldb: Fix CID 1034792 Dereference null return value via 15bd8255 ldb: Fix CID 1034793 Dereference null return value via 6417d9e samdb: Fix CID 1034910 Dereference before null check via 8c4e6f0 samdb: Fix CID 1034910 Dereference before null check via 35330aa samdb: Fix CID 1034910 Dereference before null check via f82daa0 registry4: Fix CID 1034911 Dereference before null check via 817e0ae log2pcaphex: Fix nonempty line endings from 0627350 ldb: Fix a const warning
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log ----------------------------------------------------------------- commit 02618cc58a49864bd0bf280d9f13a7f39fcf9658 Author: Volker Lendecke <v...@samba.org> Date: Sun Aug 18 20:41:51 2013 +0000 rpc_server: Fix CID 1063255 Resource leak We would leak a socket 0 here Signed-off-by: Volker Lendecke <v...@samba.org> Reviewed-by: Andrew Bartlett <abart...@samba.org> Autobuild-User(master): Andrew Bartlett <abart...@samba.org> Autobuild-Date(master): Mon Aug 19 03:10:51 CEST 2013 on sn-devel-104 commit 980c757388b9cd3a376cf45fc98b01c65124c6a5 Author: Volker Lendecke <v...@samba.org> Date: Sun Aug 18 20:37:26 2013 +0000 gensec: Fix CID 1063258 Uninitialized scalar variable Signed-off-by: Volker Lendecke <v...@samba.org> Reviewed-by: Andrew Bartlett <abart...@samba.org> commit 2055ce1dbe94a7f02497e72652a58736ff1cf2e0 Author: Volker Lendecke <v...@samba.org> Date: Sun Aug 18 19:34:35 2013 +0000 registry4: Fix CID 1034911 Dereference before null check curbegin is always != NULL here (curend + 1) and is dereferenced by strchr. Signed-off-by: Volker Lendecke <v...@samba.org> Reviewed-by: Andrew Bartlett <abart...@samba.org> commit cc983c9a6a92f3d127ec6461b15aed3fa90e6d30 Author: Volker Lendecke <v...@samba.org> Date: Sun Aug 18 20:35:32 2013 +0000 smbd: Fix CID 1063259 Uninitialized scalar variable Signed-off-by: Volker Lendecke <v...@samba.org> Reviewed-by: Andrew Bartlett <abart...@samba.org> commit cb598ddab6935820975042a8a307c75dba9d7e31 Author: Volker Lendecke <v...@samba.org> Date: Sun Aug 18 19:54:31 2013 +0000 ldb_map: Fix CID 1034791 Dereference null return value Add NULL checks Signed-off-by: Volker Lendecke <v...@samba.org> Reviewed-by: Andrew Bartlett <abart...@samba.org> commit cbb5c1ce39640ffd01aeed6d87a57940e344792c Author: Volker Lendecke <v...@samba.org> Date: Sun Aug 18 19:51:49 2013 +0000 pyldb: Fix CID 1034792 Dereference null return value Add a NULL check Signed-off-by: Volker Lendecke <v...@samba.org> Reviewed-by: Andrew Bartlett <abart...@samba.org> commit 15bd82550dab7a4709e92d639ee563dbc4780366 Author: Volker Lendecke <v...@samba.org> Date: Sun Aug 18 19:49:24 2013 +0000 ldb: Fix CID 1034793 Dereference null return value Add a proper NULL check Signed-off-by: Volker Lendecke <v...@samba.org> Reviewed-by: Andrew Bartlett <abart...@samba.org> commit 6417d9e0355f840ca4cf3b740ad5aabfc534d834 Author: Volker Lendecke <v...@samba.org> Date: Sun Aug 18 19:37:56 2013 +0000 samdb: Fix CID 1034910 Dereference before null check strncmp("tdb://", sam_name, 6) dereferences sam_name. Check for NULL before that. Signed-off-by: Volker Lendecke <v...@samba.org> Reviewed-by: Andrew Bartlett <abart...@samba.org> commit 8c4e6f0cba164c91661a654e2ccc13c265a06953 Author: Volker Lendecke <v...@samba.org> Date: Sun Aug 18 19:37:56 2013 +0000 samdb: Fix CID 1034910 Dereference before null check strncmp("tdb://", sam_name, 6) dereferences sam_name. Check for NULL before that. Signed-off-by: Volker Lendecke <v...@samba.org> Reviewed-by: Andrew Bartlett <abart...@samba.org> commit 35330aa2c8b255d74e94bc9dd742e621953c21f9 Author: Volker Lendecke <v...@samba.org> Date: Sun Aug 18 19:37:56 2013 +0000 samdb: Fix CID 1034910 Dereference before null check strncmp("tdb://", secrets_ldb, 6) dereferences secrets_ldb. Check for NULL before that. Signed-off-by: Volker Lendecke <v...@samba.org> Reviewed-by: Andrew Bartlett <abart...@samba.org> commit f82daa054ad95c6b1ae5cfce1efb6dc461389bc9 Author: Volker Lendecke <v...@samba.org> Date: Sun Aug 18 19:34:35 2013 +0000 registry4: Fix CID 1034911 Dereference before null check curbegin is always != NULL here (curend + 1) and is dereferenced by strchr. Signed-off-by: Volker Lendecke <v...@samba.org> Reviewed-by: Andrew Bartlett <abart...@samba.org> commit 817e0ae6875676c8d46b63539fe805ba215d2d6b Author: Volker Lendecke <v...@samba.org> Date: Sun Aug 18 17:19:14 2013 +0000 log2pcaphex: Fix nonempty line endings Signed-off-by: Volker Lendecke <v...@samba.org> Reviewed-by: Andrew Bartlett <abart...@samba.org> ----------------------------------------------------------------------- Summary of changes: auth/gensec/gensec.c | 1 + lib/ldb/ldb_map/ldb_map.c | 6 ++++ lib/ldb/pyldb.c | 4 ++ lib/ldb/tools/ldbtest.c | 4 ++ source3/rpc_server/rpc_server.c | 2 +- source3/smbd/process.c | 1 + source3/utils/log2pcaphex.c | 31 +++++++++---------- .../dsdb/samdb/ldb_modules/partition_metadata.c | 6 ++-- source4/dsdb/samdb/ldb_modules/schema_load.c | 6 ++-- source4/dsdb/samdb/ldb_modules/secrets_tdb_sync.c | 6 ++-- source4/lib/registry/local.c | 4 +- 11 files changed, 43 insertions(+), 28 deletions(-) Changeset truncated at 500 lines: diff --git a/auth/gensec/gensec.c b/auth/gensec/gensec.c index abcbcb9..63ebc19 100644 --- a/auth/gensec/gensec.c +++ b/auth/gensec/gensec.c @@ -273,6 +273,7 @@ _PUBLIC_ NTSTATUS gensec_update(struct gensec_security *gensec_security, TALLOC_ subreq = ops->update_send(frame, ev, gensec_security, in); if (subreq == NULL) { + status = NT_STATUS_NO_MEMORY; goto fail; } ok = tevent_req_poll_ntstatus(subreq, ev, &status); diff --git a/lib/ldb/ldb_map/ldb_map.c b/lib/ldb/ldb_map/ldb_map.c index d95f050..ce2d660 100644 --- a/lib/ldb/ldb_map/ldb_map.c +++ b/lib/ldb/ldb_map/ldb_map.c @@ -223,12 +223,18 @@ int ldb_next_remote_request(struct ldb_module *module, struct ldb_request *reque case LDB_ADD: msg = ldb_msg_copy_shallow(request, request->op.add.message); + if (msg == NULL) { + return LDB_ERR_OPERATIONS_ERROR; + } msg->dn = ldb_dn_rebase_remote(msg, data, msg->dn); request->op.add.message = msg; break; case LDB_MODIFY: msg = ldb_msg_copy_shallow(request, request->op.mod.message); + if (msg == NULL) { + return LDB_ERR_OPERATIONS_ERROR; + } msg->dn = ldb_dn_rebase_remote(msg, data, msg->dn); request->op.mod.message = msg; break; diff --git a/lib/ldb/pyldb.c b/lib/ldb/pyldb.c index ec6c7d0..4583132 100644 --- a/lib/ldb/pyldb.c +++ b/lib/ldb/pyldb.c @@ -1075,6 +1075,10 @@ static struct ldb_message *PyDict_AsMessage(TALLOC_CTX *mem_ctx, PyObject *dn_value = PyDict_GetItemString(py_obj, "dn"); msg = ldb_msg_new(mem_ctx); + if (msg == NULL) { + PyErr_NoMemory(); + return NULL; + } msg->elements = talloc_zero_array(msg, struct ldb_message_element, PyDict_Size(py_obj)); if (dn_value) { diff --git a/lib/ldb/tools/ldbtest.c b/lib/ldb/tools/ldbtest.c index 4e181af..384624c 100644 --- a/lib/ldb/tools/ldbtest.c +++ b/lib/ldb/tools/ldbtest.c @@ -324,6 +324,10 @@ static void start_test_index(struct ldb_context **ldb) ldb_delete(*ldb, indexlist); msg = ldb_msg_new(NULL); + if (msg == NULL) { + printf("ldb_msg_new failed\n"); + exit(LDB_ERR_OPERATIONS_ERROR); + } msg->dn = indexlist; ldb_msg_add_string(msg, "@IDXATTR", strdup("uid")); diff --git a/source3/rpc_server/rpc_server.c b/source3/rpc_server/rpc_server.c index de54ddc..fa3c870 100644 --- a/source3/rpc_server/rpc_server.c +++ b/source3/rpc_server/rpc_server.c @@ -620,7 +620,7 @@ int create_tcpip_socket(const struct sockaddr_storage *ifss, uint16_t *port) 0, ifss, false); - if (fd > 0) { + if (fd >= 0) { *port = i; break; } diff --git a/source3/smbd/process.c b/source3/smbd/process.c index 3fbfc37..b8e01ba 100644 --- a/source3/smbd/process.c +++ b/source3/smbd/process.c @@ -165,6 +165,7 @@ bool srv_send_smb(struct smbd_server_connection *sconn, char *buffer, DEBUG(0, ("send_smb: SMB encryption failed " "on outgoing packet! Error %s\n", nt_errstr(status) )); + ret = -1; goto out; } } diff --git a/source3/utils/log2pcaphex.c b/source3/utils/log2pcaphex.c index 0b1230e..8425a5e 100644 --- a/source3/utils/log2pcaphex.c +++ b/source3/utils/log2pcaphex.c @@ -1,4 +1,4 @@ -/* +/* Unix SMB/CIFS implementation. Utility to extract pcap files from samba (log level 10) log files @@ -154,7 +154,6 @@ static void print_hex_packet(FILE *out, unsigned char *data, long length) for(i = cur; i < length && i < cur + 16; i++) { fprintf(out, "%02x ", data[i]); } - cur = i; fprintf(out, "\n"); } @@ -162,10 +161,10 @@ static void print_hex_packet(FILE *out, unsigned char *data, long length) static void print_netbios_packet(FILE *out, unsigned char *data, long length, long actual_length) -{ +{ unsigned char *newdata; long offset = 0; long newlen; - + newlen = length+sizeof(HDR_IP)+sizeof(HDR_TCP); newdata = (unsigned char *)malloc(newlen); @@ -176,7 +175,7 @@ static void print_netbios_packet(FILE *out, unsigned char *data, long length, memcpy(newdata+offset, &HDR_IP, sizeof(HDR_IP));offset+=sizeof(HDR_IP); memcpy(newdata+offset, &HDR_TCP, sizeof(HDR_TCP));offset+=sizeof(HDR_TCP); memcpy(newdata+offset,data,length); - + print_pcap_packet(out, newdata, newlen, actual_length+offset); free(newdata); } @@ -312,12 +311,12 @@ int main (int argc, char **argv) { "hex", 'h', POPT_ARG_NONE, &hexformat, 0, "Output format readable by text2pcap" }, POPT_TABLEEND }; - + pc = poptGetContext(NULL, argc, (const char **) argv, long_options, POPT_CONTEXT_KEEP_FIRST); poptSetOtherOptionHelp(pc, "[<infile> [<outfile>]]"); - - + + while((opt = poptGetNextOpt(pc)) != -1) { switch (opt) { } @@ -334,13 +333,13 @@ int main (int argc, char **argv) return 1; } } else in = stdin; - + outfile = poptGetArg(pc); if(outfile) { out = fopen(outfile, "w+"); - if(!out) { - perror("fopen"); + if(!out) { + perror("fopen"); fprintf(stderr, "Can't find %s, using stdout...\n", outfile); return 1; } @@ -359,15 +358,15 @@ int main (int argc, char **argv) read_log_msg(in, &curpacket, &curpacket_len, &data_offset, &data_length); } else if(in_packet && strstr(buffer, "dump_data")) { data_bytes_read = read_log_data(in, curpacket+data_offset, data_length); - } else { - if(in_packet){ - if(hexformat) print_hex_packet(out, curpacket, curpacket_len); + } else { + if(in_packet){ + if(hexformat) print_hex_packet(out, curpacket, curpacket_len); else print_netbios_packet(out, curpacket, curpacket_len, data_bytes_read+data_offset); - free(curpacket); + free(curpacket); } in_packet = 0; } - } + } } if (in != stdin) { diff --git a/source4/dsdb/samdb/ldb_modules/partition_metadata.c b/source4/dsdb/samdb/ldb_modules/partition_metadata.c index 5826ac2..c67d6cf 100644 --- a/source4/dsdb/samdb/ldb_modules/partition_metadata.c +++ b/source4/dsdb/samdb/ldb_modules/partition_metadata.c @@ -199,13 +199,13 @@ static int partition_metadata_open(struct ldb_module *module, bool create) } sam_name = (const char *)ldb_get_opaque(ldb, "ldb_url"); - if (strncmp("tdb://", sam_name, 6) == 0) { - sam_name += 6; - } if (!sam_name) { talloc_free(tmp_ctx); return ldb_operr(ldb); } + if (strncmp("tdb://", sam_name, 6) == 0) { + sam_name += 6; + } filename = talloc_asprintf(tmp_ctx, "%s.d/metadata.tdb", sam_name); if (!filename) { talloc_free(tmp_ctx); diff --git a/source4/dsdb/samdb/ldb_modules/schema_load.c b/source4/dsdb/samdb/ldb_modules/schema_load.c index faaf3f2..93e8e97 100644 --- a/source4/dsdb/samdb/ldb_modules/schema_load.c +++ b/source4/dsdb/samdb/ldb_modules/schema_load.c @@ -68,13 +68,13 @@ static int schema_metadata_open(struct ldb_module *module) } sam_name = (const char *)ldb_get_opaque(ldb, "ldb_url"); - if (strncmp("tdb://", sam_name, 6) == 0) { - sam_name += 6; - } if (!sam_name) { talloc_free(tmp_ctx); return ldb_operr(ldb); } + if (strncmp("tdb://", sam_name, 6) == 0) { + sam_name += 6; + } filename = talloc_asprintf(tmp_ctx, "%s.d/metadata.tdb", sam_name); if (!filename) { talloc_free(tmp_ctx); diff --git a/source4/dsdb/samdb/ldb_modules/secrets_tdb_sync.c b/source4/dsdb/samdb/ldb_modules/secrets_tdb_sync.c index e3d8485..284aa1b 100644 --- a/source4/dsdb/samdb/ldb_modules/secrets_tdb_sync.c +++ b/source4/dsdb/samdb/ldb_modules/secrets_tdb_sync.c @@ -489,12 +489,12 @@ static int secrets_tdb_sync_init(struct ldb_module *module) ldb_module_set_private(module, data); secrets_ldb = (const char *)ldb_get_opaque(ldb, "ldb_url"); - if (strncmp("tdb://", secrets_ldb, 6) == 0) { - secrets_ldb += 6; - } if (!secrets_ldb) { return ldb_operr(ldb); } + if (strncmp("tdb://", secrets_ldb, 6) == 0) { + secrets_ldb += 6; + } private_dir = talloc_strdup(data, secrets_ldb); p = strrchr(private_dir, '/'); if (p) { diff --git a/source4/lib/registry/local.c b/source4/lib/registry/local.c index 79c398b..2afb65c 100644 --- a/source4/lib/registry/local.c +++ b/source4/lib/registry/local.c @@ -124,7 +124,7 @@ static WERROR local_open_key(TALLOC_CTX *mem_ctx, break; curbegin = curend + 1; curend = strchr(curbegin, '\\'); - } while (curbegin != NULL && curbegin[0] != '\0'); + } while (curbegin[0] != '\0'); talloc_free(orig); *result = reg_import_hive_key(local_parent->global.context, curkey, @@ -233,7 +233,7 @@ static WERROR local_create_key(TALLOC_CTX *mem_ctx, break; curbegin = curend + 1; curend = strchr(curbegin, '\\'); - } while (curbegin != NULL && curbegin[0] != '\0'); + } while (curbegin[0] != '\0'); talloc_free(orig); *result = reg_import_hive_key(local_parent->global.context, curkey, -- Samba Shared Repository