The branch, master has been updated via 490418d gpo: Fix CID 1034880 Resource leak via 4d97b5d gpo: Fix CID 1034881 Resource leak via b7420e4 ntvfs: Fix CID 1034883 Resource leak via 1444280 backupkey: Fix CID 1034885 Resource leak via 0e19812 smbd: Fix CID 1035365 Buffer not null terminated via 2a73a49 smbd: Fix CID 1035366 Buffer not null terminated via a60f513 smbd: Use fstring in conn_tdb.c via 3b8c3e5 smbd: Use fstring in conn_tdb.h via ea83ac6 smbd: Fix CID 1035478 Negative array index read via df8dff7 samdb: Fix CID 241968 Uninitialized pointer read via c6ca14a heimdal: Fix 241482 Resource leak via d2731ad ldb: Fix CID 241329 Array compared against 0 via 6b7b007 libsmb: Fix CID 241313 Array compared against 0 via c85deee smbd: Fix CID 1035434 Same on both sides via 43ac7e8 iniparser: Fix CID 241908 Copy into fixed size buffer via 1cae867 libsmb: Fix CID 1127343 Dead default in switch via 70dbb89 netapi: Fix CID 1127344 Uninitialized scalar variable via 4ddb9cf net: Fix CID 1035403 Unchecked return value via 55b0a16 registry: Fix Coverity ID 1034918 Wrong sizeof argument via ba370ae registry: Fix Coverity ID 1034917 Wrong sizeof argument via 4e80a30 registry: Fix Coverity ID 1034916 Wrong sizeof argument via 0c8d5df dsdb: Fix Coverity ID 1034907 Dereference before null check via 096358f oLschema2ldif: Add some NULL checks from 97bbd63 s4:torture:smb2: add new lease.upgrade3 test to test the contended upgrade
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log ----------------------------------------------------------------- commit 490418d6363d2735cd1d801f7b2bb804eb85b197 Author: Volker Lendecke <v...@samba.org> Date: Sun Nov 10 19:45:11 2013 +0100 gpo: Fix CID 1034880 Resource leak Signed-off-by: Volker Lendecke <v...@samba.org> Reviewed-by: Ira Cooper <i...@samba.org> Autobuild-User(master): Ira Cooper <i...@samba.org> Autobuild-Date(master): Mon Nov 11 22:59:10 CET 2013 on sn-devel-104 commit 4d97b5dcca827d6767857182772f4ced0fdd5da7 Author: Volker Lendecke <v...@samba.org> Date: Sun Nov 10 19:43:48 2013 +0100 gpo: Fix CID 1034881 Resource leak Signed-off-by: Volker Lendecke <v...@samba.org> Reviewed-by: Ira Cooper <i...@samba.org> commit b7420e44b1f7e0e0f54cf9f329981bacf839f7c9 Author: Volker Lendecke <v...@samba.org> Date: Sun Nov 10 19:41:15 2013 +0100 ntvfs: Fix CID 1034883 Resource leak Signed-off-by: Volker Lendecke <v...@samba.org> Reviewed-by: Ira Cooper <i...@samba.org> commit 144428058a73b059d7389915e310ff48fd591e59 Author: Volker Lendecke <v...@samba.org> Date: Sun Nov 10 19:34:31 2013 +0100 backupkey: Fix CID 1034885 Resource leak Signed-off-by: Volker Lendecke <v...@samba.org> Reviewed-by: Ira Cooper <i...@samba.org> commit 0e19812782cd7a937de028494160ed3f5e8bac88 Author: Volker Lendecke <v...@samba.org> Date: Sun Nov 10 11:58:58 2013 +0100 smbd: Fix CID 1035365 Buffer not null terminated Signed-off-by: Volker Lendecke <v...@samba.org> Reviewed-by: Ira Cooper <i...@samba.org> commit 2a73a4985eb4a7fcd5dc31aee66dfcd0d305d94b Author: Volker Lendecke <v...@samba.org> Date: Sun Nov 10 11:57:37 2013 +0100 smbd: Fix CID 1035366 Buffer not null terminated Signed-off-by: Volker Lendecke <v...@samba.org> Reviewed-by: Ira Cooper <i...@samba.org> commit a60f513e896c35bf21eb54456f38771152611e81 Author: Volker Lendecke <v...@samba.org> Date: Sun Nov 10 11:56:06 2013 +0100 smbd: Use fstring in conn_tdb.c It might be legacy, but as long as we have it, we can make use of it. Signed-off-by: Volker Lendecke <v...@samba.org> Reviewed-by: Ira Cooper <i...@samba.org> commit 3b8c3e5dde9a5324eb82496f036d3a88349c3894 Author: Volker Lendecke <v...@samba.org> Date: Sun Nov 10 11:56:06 2013 +0100 smbd: Use fstring in conn_tdb.h It might be legacy, but as long as we have it, we can make use of it. Signed-off-by: Volker Lendecke <v...@samba.org> Reviewed-by: Ira Cooper <i...@samba.org> commit ea83ac6b0142e99b514f7c4a3a4b038c2e409a8d Author: Volker Lendecke <v...@samba.org> Date: Sun Nov 10 11:48:17 2013 +0100 smbd: Fix CID 1035478 Negative array index read lp_parm_enum can return -1. Add error checking. Signed-off-by: Volker Lendecke <v...@samba.org> Reviewed-by: Ira Cooper <i...@samba.org> commit df8dff7dd27459dad337e66f3e2f75c47e28cc8c Author: Volker Lendecke <v...@samba.org> Date: Sun Nov 10 10:06:18 2013 +0100 samdb: Fix CID 241968 Uninitialized pointer read Interestingly gcc does not catch this at all. Signed-off-by: Volker Lendecke <v...@samba.org> Reviewed-by: Ira Cooper <i...@samba.org> commit c6ca14a78b52eabc70f338d136a93ea9ff4e51e4 Author: Volker Lendecke <v...@samba.org> Date: Sun Nov 10 09:45:38 2013 +0100 heimdal: Fix 241482 Resource leak Signed-off-by: Volker Lendecke <v...@samba.org> Reviewed-by: Ira Cooper <i...@samba.org> commit d2731ad5aae9f1fb8c1c6a65a61ef787e993b248 Author: Volker Lendecke <v...@samba.org> Date: Sat Nov 9 21:29:24 2013 +0100 ldb: Fix CID 241329 Array compared against 0 u.generate.remote_names is an array, not a pointer Signed-off-by: Volker Lendecke <v...@samba.org> Reviewed-by: Ira Cooper <i...@samba.org> commit 6b7b007a67ce8ec4e2979f09ba1bdea903116924 Author: Volker Lendecke <v...@samba.org> Date: Sat Nov 9 21:11:41 2013 +0100 libsmb: Fix CID 241313 Array compared against 0 userinfo->passwrd is not a pointer, no point in checking for !=NULL Signed-off-by: Volker Lendecke <v...@samba.org> Reviewed-by: Ira Cooper <i...@samba.org> commit c85deeed32607461e552636761b9cd402025b6da Author: Volker Lendecke <v...@samba.org> Date: Sat Nov 9 21:02:10 2013 +0100 smbd: Fix CID 1035434 Same on both sides Looks scary, but the only effect of this bug is too many UNLOCK messages Signed-off-by: Volker Lendecke <v...@samba.org> Reviewed-by: Ira Cooper <i...@samba.org> commit 43ac7e81ec58d9043728b0e12b31f2993ec726c0 Author: Volker Lendecke <v...@samba.org> Date: Sat Nov 9 20:37:01 2013 +0100 iniparser: Fix CID 241908 Copy into fixed size buffer strcpy is never a good idea.... Signed-off-by: Volker Lendecke <v...@samba.org> Reviewed-by: Ira Cooper <i...@samba.org> commit 1cae867f72b79995a02eed96265fe9f69ce945da Author: Volker Lendecke <v...@samba.org> Date: Sat Nov 9 19:14:15 2013 +0100 libsmb: Fix CID 1127343 Dead default in switch We have checked sec_channel_type a few lines above already Signed-off-by: Volker Lendecke <v...@samba.org> Reviewed-by: Ira Cooper <i...@samba.org> commit 70dbb893cf1a46cc31fa0e902fd8a6b8557cf461 Author: Volker Lendecke <v...@samba.org> Date: Sat Nov 9 19:11:41 2013 +0100 netapi: Fix CID 1127344 Uninitialized scalar variable Signed-off-by: Volker Lendecke <v...@samba.org> Reviewed-by: Ira Cooper <i...@samba.org> commit 4ddb9cfd955b77bfac57bcae93f734dc2ffb0676 Author: Volker Lendecke <v...@samba.org> Date: Sat Nov 9 18:50:16 2013 +0100 net: Fix CID 1035403 Unchecked return value Signed-off-by: Volker Lendecke <v...@samba.org> Reviewed-by: Ira Cooper <i...@samba.org> commit 55b0a16e9b08cb4bf5cf32307009b889b4288f3a Author: Volker Lendecke <v...@samba.org> Date: Sat Nov 9 18:40:08 2013 +0100 registry: Fix Coverity ID 1034918 Wrong sizeof argument sizeof(data_val) is the size of the pointer. This might well be 8 bytes where the string is only 4 bytes long Signed-off-by: Volker Lendecke <v...@samba.org> Reviewed-by: Ira Cooper <i...@samba.org> commit ba370ae630e1f35cd20d6419100b5e0987382cfc Author: Volker Lendecke <v...@samba.org> Date: Sat Nov 9 18:40:08 2013 +0100 registry: Fix Coverity ID 1034917 Wrong sizeof argument sizeof(data_val) is the size of the pointer. This might well be 8 bytes where the string is only 4 bytes long Signed-off-by: Volker Lendecke <v...@samba.org> Reviewed-by: Ira Cooper <i...@samba.org> commit 4e80a30daa16a6c0d0f1f96380fb213867f3ad5f Author: Volker Lendecke <v...@samba.org> Date: Sat Nov 9 18:40:08 2013 +0100 registry: Fix Coverity ID 1034916 Wrong sizeof argument sizeof(data_val) is the size of the pointer. This might well be 8 bytes where the string is only 4 bytes long Signed-off-by: Volker Lendecke <v...@samba.org> Reviewed-by: Ira Cooper <i...@samba.org> commit 0c8d5df5cadf59bb7833ccdd8f9c710c61d55cca Author: Volker Lendecke <v...@samba.org> Date: Sat Nov 9 18:32:21 2013 +0100 dsdb: Fix Coverity ID 1034907 Dereference before null check "module" has already been dereferenced by ldb_module_get_private(module) Signed-off-by: Volker Lendecke <v...@samba.org> Reviewed-by: Ira Cooper <i...@samba.org> commit 096358f4e1b8000d1006293963f4c571ee6fc8cb Author: Volker Lendecke <v...@samba.org> Date: Sat Nov 9 16:40:18 2013 +0100 oLschema2ldif: Add some NULL checks This should fix Coverity ID 1034812 Signed-off-by: Volker Lendecke <v...@samba.org> Reviewed-by: Ira Cooper <i...@samba.org> ----------------------------------------------------------------------- Summary of changes: lib/iniparser/src/iniparser.c | 8 ++++-- lib/ldb/ldb_map/ldb_map.c | 2 +- source3/lib/conn_tdb.c | 16 ++++++------ source3/lib/conn_tdb.h | 6 ++-- source3/lib/netapi/wkstainfo.c | 1 + source3/libsmb/clirap2.c | 6 +--- source3/libsmb/trusts_util.c | 2 - source3/locking/brlock.c | 2 +- source3/modules/nfs4_acls.c | 25 +++++++++++++++---- source3/utils/net_rpc_registry.c | 5 +++- source4/dsdb/samdb/ldb_modules/local_password.c | 2 +- source4/dsdb/samdb/ldb_modules/partition.c | 2 +- source4/heimdal/lib/gssapi/krb5/init_sec_context.c | 6 +++- source4/lib/policy/gp_filesys.c | 4 +- source4/lib/registry/tests/registry.c | 12 +++++---- source4/ntvfs/simple/vfs_simple.c | 5 +++- source4/rpc_server/backupkey/dcesrv_backupkey.c | 1 + source4/utils/oLschema2ldif.c | 6 ++++ 18 files changed, 70 insertions(+), 41 deletions(-) Changeset truncated at 500 lines: diff --git a/lib/iniparser/src/iniparser.c b/lib/iniparser/src/iniparser.c index 0934087..db00c88 100644 --- a/lib/iniparser/src/iniparser.c +++ b/lib/iniparser/src/iniparser.c @@ -38,16 +38,18 @@ static void iniparser_add_entry( char * val) { char longkey[2*ASCIILINESZ+1]; + char *l; /* Make a key as section:keyword */ if (key!=NULL) { - sprintf(longkey, "%s:%s", sec, key); + snprintf(longkey, sizeof(longkey), "%s:%s", sec, key); + l = longkey; } else { - strcpy(longkey, sec); + l = sec; } /* Add (key,val) to dictionary */ - dictionary_set(d, longkey, val); + dictionary_set(d, l, val); return ; } diff --git a/lib/ldb/ldb_map/ldb_map.c b/lib/ldb/ldb_map/ldb_map.c index 52b483b..66b0059 100644 --- a/lib/ldb/ldb_map/ldb_map.c +++ b/lib/ldb/ldb_map/ldb_map.c @@ -340,7 +340,7 @@ const struct ldb_map_attribute *map_attr_find_remote(const struct ldb_map_contex break; case LDB_MAP_GENERATE: - for (j = 0; map->u.generate.remote_names && map->u.generate.remote_names[j]; j++) { + for (j = 0; map->u.generate.remote_names[j]; j++) { if (ldb_attr_cmp(map->u.generate.remote_names[j], name) == 0) { return map; } diff --git a/source3/lib/conn_tdb.c b/source3/lib/conn_tdb.c index b218831..bf66d7d 100644 --- a/source3/lib/conn_tdb.c +++ b/source3/lib/conn_tdb.c @@ -39,8 +39,8 @@ struct connections_forall_state { struct connections_forall_session { uid_t uid; gid_t gid; - char machine[FSTRING_LEN]; - char addr[FSTRING_LEN]; + fstring machine; + fstring addr; }; static int collect_sessions_fn(struct smbXsrv_session_global0 *global, @@ -60,8 +60,8 @@ static int collect_sessions_fn(struct smbXsrv_session_global0 *global, sess.uid = global->auth_session_info->unix_token->uid; sess.gid = global->auth_session_info->unix_token->gid; } - strncpy(sess.machine, global->channels[0].remote_name, sizeof(sess.machine)); - strncpy(sess.addr, global->channels[0].remote_address, sizeof(sess.addr)); + fstrcpy(sess.machine, global->channels[0].remote_name); + fstrcpy(sess.addr, global->channels[0].remote_address); status = dbwrap_store(state->session_by_pid, make_tdb_data((void*)&id, sizeof(id)), @@ -116,12 +116,12 @@ static int traverse_tcon_fn(struct smbXsrv_tcon_global0 *global, key.pid = data.pid = global->server_id; key.cnum = data.cnum = global->tcon_global_id; - strncpy(key.name, global->share_name, sizeof(key.name)); - strncpy(data.servicename, global->share_name, sizeof(data.servicename)); + fstrcpy(key.name, global->share_name); + fstrcpy(data.servicename, global->share_name); data.uid = sess.uid; data.gid = sess.gid; - strncpy(data.addr, sess.addr, sizeof(data.addr)); - strncpy(data.machine, sess.machine, sizeof(data.machine)); + fstrcpy(data.addr, sess.addr); + fstrcpy(data.machine, sess.machine); data.start = nt_time_to_unix(global->creation_time); state->count++; diff --git a/source3/lib/conn_tdb.h b/source3/lib/conn_tdb.h index b91a153..217814f 100644 --- a/source3/lib/conn_tdb.h +++ b/source3/lib/conn_tdb.h @@ -29,9 +29,9 @@ struct connections_data { int cnum; uid_t uid; gid_t gid; - char servicename[FSTRING_LEN]; - char addr[FSTRING_LEN]; - char machine[FSTRING_LEN]; + fstring servicename; + fstring addr; + fstring machine; time_t start; }; diff --git a/source3/lib/netapi/wkstainfo.c b/source3/lib/netapi/wkstainfo.c index cda4b50..b093958 100644 --- a/source3/lib/netapi/wkstainfo.c +++ b/source3/lib/netapi/wkstainfo.c @@ -83,6 +83,7 @@ static NTSTATUS map_wksta_info_to_WKSTA_INFO_buffer(TALLOC_CTX *mem_ctx, i102.wki102_ver_major = i->info102->version_major; i102.wki102_ver_minor = i->info102->version_minor; i102.wki102_lanroot = talloc_strdup(mem_ctx, i->info102->lan_root); + i102.wki102_logged_on_users = i->info102->logged_on_users; ADD_TO_ARRAY(mem_ctx, struct WKSTA_INFO_102, i102, (struct WKSTA_INFO_102 **)buffer, diff --git a/source3/libsmb/clirap2.c b/source3/libsmb/clirap2.c index 05d8fb2..457a82e 100644 --- a/source3/libsmb/clirap2.c +++ b/source3/libsmb/clirap2.c @@ -867,10 +867,8 @@ int cli_NetUserAdd(struct cli_state *cli, struct rap_user_info_1 * userinfo ) PUTWORD(p, 1); /* info level */ PUTWORD(p, 0); /* pwencrypt */ - if(userinfo->passwrd) - PUTWORD(p,MIN(strlen((const char *)userinfo->passwrd), RAP_UPASSWD_LEN)); - else - PUTWORD(p, 0); /* password length */ + PUTWORD(p, MIN(strlen((const char *)userinfo->passwrd), + RAP_UPASSWD_LEN)); p = data; memset(data, '\0', soffset); diff --git a/source3/libsmb/trusts_util.c b/source3/libsmb/trusts_util.c index 428e0c1..52fb481 100644 --- a/source3/libsmb/trusts_util.c +++ b/source3/libsmb/trusts_util.c @@ -108,8 +108,6 @@ NTSTATUS trust_pw_find_change_and_store_it(struct rpc_pipe_client *cli, } break; } - default: - break; } } diff --git a/source3/locking/brlock.c b/source3/locking/brlock.c index b5eebc8..e92a2cf 100644 --- a/source3/locking/brlock.c +++ b/source3/locking/brlock.c @@ -2222,7 +2222,7 @@ static int compare_procids(const void *p1, const void *p2) const struct server_id *i2 = (const struct server_id *)p2; if (i1->pid < i2->pid) return -1; - if (i2->pid > i2->pid) return 1; + if (i1->pid > i2->pid) return 1; return 0; } diff --git a/source3/modules/nfs4_acls.c b/source3/modules/nfs4_acls.c index 08ae141..774c40e 100644 --- a/source3/modules/nfs4_acls.c +++ b/source3/modules/nfs4_acls.c @@ -85,16 +85,29 @@ static int smbacl4_get_vfs_params( { e_merge, "merge" }, { -1 , NULL } }; + int enumval; memset(params, 0, sizeof(smbacl4_vfs_params)); - params->mode = (enum smbacl4_mode_enum)lp_parm_enum( - SNUM(conn), type_name, - "mode", enum_smbacl4_modes, e_simple); + + enumval = lp_parm_enum(SNUM(conn), type_name, "mode", + enum_smbacl4_modes, e_simple); + if (enumval == -1) { + DEBUG(10, ("value for %s:mode unknown\n", type_name)); + return -1; + } + params->mode = (enum smbacl4_mode_enum)enumval; + params->do_chown = lp_parm_bool(SNUM(conn), type_name, "chown", true); - params->acedup = (enum smbacl4_acedup_enum)lp_parm_enum( - SNUM(conn), type_name, - "acedup", enum_smbacl4_acedups, e_dontcare); + + enumval = lp_parm_enum(SNUM(conn), type_name, "acedup", + enum_smbacl4_acedups, e_dontcare); + if (enumval == -1) { + DEBUG(10, ("value for %s:acedup unknown\n", type_name)); + return -1; + } + params->acedup = (enum smbacl4_acedup_enum)enumval; + params->map_full_control = lp_acl_map_full_control(SNUM(conn)); DEBUG(10, ("mode:%s, do_chown:%s, acedup: %s map full control:%s\n", diff --git a/source3/utils/net_rpc_registry.c b/source3/utils/net_rpc_registry.c index 9445e09..cc4eaa7 100644 --- a/source3/utils/net_rpc_registry.c +++ b/source3/utils/net_rpc_registry.c @@ -1183,7 +1183,10 @@ static void dump_values( REGF_NK_REC *nk ) switch ( nk->values[i].type ) { case REG_SZ: blob = data_blob_const(nk->values[i].data, data_size); - pull_reg_sz(talloc_tos(), &blob, &data_str); + if (!pull_reg_sz(talloc_tos(), &blob, + &data_str)) { + data_str = NULL; + } if (!data_str) { break; } diff --git a/source4/dsdb/samdb/ldb_modules/local_password.c b/source4/dsdb/samdb/ldb_modules/local_password.c index 4adf180..86c79ee 100644 --- a/source4/dsdb/samdb/ldb_modules/local_password.c +++ b/source4/dsdb/samdb/ldb_modules/local_password.c @@ -181,7 +181,7 @@ static int local_password_add(struct ldb_module *module, struct ldb_request *req return ldb_operr(ldb); } - remote_message = ldb_msg_copy_shallow(remote_req, req->op.add.message); + remote_message = ldb_msg_copy_shallow(ac, req->op.add.message); if (remote_message == NULL) { return ldb_operr(ldb); } diff --git a/source4/dsdb/samdb/ldb_modules/partition.c b/source4/dsdb/samdb/ldb_modules/partition.c index 63835d8..39e85e4 100644 --- a/source4/dsdb/samdb/ldb_modules/partition.c +++ b/source4/dsdb/samdb/ldb_modules/partition.c @@ -811,7 +811,7 @@ static int partition_start_trans(struct ldb_module *module) /* Look at base DN */ /* Figure out which partition it is under */ /* Skip the lot if 'data' isn't here yet (initialization) */ - if ((module && ldb_module_flags(ldb_module_get_ctx(module)) & LDB_FLG_ENABLE_TRACING)) { + if (ldb_module_flags(ldb_module_get_ctx(module)) & LDB_FLG_ENABLE_TRACING) { ldb_debug(ldb_module_get_ctx(module), LDB_DEBUG_TRACE, "partition_start_trans() -> (metadata partition)"); } ret = ldb_next_start_trans(module); diff --git a/source4/heimdal/lib/gssapi/krb5/init_sec_context.c b/source4/heimdal/lib/gssapi/krb5/init_sec_context.c index 5f8b01b..0a89ae1 100644 --- a/source4/heimdal/lib/gssapi/krb5/init_sec_context.c +++ b/source4/heimdal/lib/gssapi/krb5/init_sec_context.c @@ -137,6 +137,7 @@ _gsskrb5_create_ctx( if (kret) { *minor_status = kret; HEIMDAL_MUTEX_destroy(&ctx->ctx_id_mutex); + free(ctx); return GSS_S_FAILURE; } @@ -145,6 +146,7 @@ _gsskrb5_create_ctx( *minor_status = kret; krb5_auth_con_free(context, ctx->auth_context); HEIMDAL_MUTEX_destroy(&ctx->ctx_id_mutex); + free(ctx); return GSS_S_FAILURE; } @@ -156,7 +158,7 @@ _gsskrb5_create_ctx( krb5_auth_con_free(context, ctx->deleg_auth_context); HEIMDAL_MUTEX_destroy(&ctx->ctx_id_mutex); - + free(ctx); return GSS_S_BAD_BINDINGS; } @@ -168,7 +170,7 @@ _gsskrb5_create_ctx( krb5_auth_con_free(context, ctx->deleg_auth_context); HEIMDAL_MUTEX_destroy(&ctx->ctx_id_mutex); - + free(ctx); return GSS_S_BAD_BINDINGS; } diff --git a/source4/lib/policy/gp_filesys.c b/source4/lib/policy/gp_filesys.c index 9f60d2f..b6107fc 100644 --- a/source4/lib/policy/gp_filesys.c +++ b/source4/lib/policy/gp_filesys.c @@ -251,6 +251,7 @@ static NTSTATUS gp_get_file (struct smbcli_tree *tree, const char *remote_src, DEBUG(0, ("Remote/local file size mismatch after copying file: " "%s (remote %zu, local %zu).\n", remote_src, file_size, nread)); + close(fh_local); talloc_free(buf); return NT_STATUS_UNSUCCESSFUL; } @@ -562,14 +563,13 @@ NTSTATUS gp_create_gpt(struct gp_context *gp_ctx, const char *name, } rv = write(fd, file_content, strlen(file_content)); + close(fd); if (rv != strlen(file_content)) { DEBUG(0, ("Short write in GPT.INI\n")); talloc_free(mem_ctx); return NT_STATUS_UNSUCCESSFUL; } - close(fd); - /* Upload the GPT to the sysvol share on a DC */ status = gp_push_gpt(gp_ctx, policy_dir, file_sys_path); if (!NT_STATUS_IS_OK(status)) { diff --git a/source4/lib/registry/tests/registry.c b/source4/lib/registry/tests/registry.c index 4e6dda4..b9b7c28 100644 --- a/source4/lib/registry/tests/registry.c +++ b/source4/lib/registry/tests/registry.c @@ -449,14 +449,15 @@ static bool test_get_value(struct torture_context *tctx, void *_data) torture_assert_int_equal(tctx, REG_DWORD, type, "value type"); error = reg_val_set(subkey, "", REG_SZ, - data_blob_talloc(tctx, data_val, sizeof(data_val))); + data_blob_talloc(tctx, data_val, + strlen(data_val))); torture_assert_werr_ok(tctx, error, "set default value"); error = reg_key_get_value_by_name(tctx, subkey, "", &type, &data); torture_assert_werr_ok(tctx, error, "getting default value"); torture_assert_int_equal(tctx, REG_SZ, type, "value type ok"); - torture_assert_int_equal(tctx, sizeof(data_val), data.length, "value length ok"); + torture_assert_int_equal(tctx, strlen(data_val), data.length, "value length ok"); torture_assert_str_equal(tctx, data_val, (char *)data.data, "value ok"); return true; @@ -502,7 +503,8 @@ static bool test_del_value(struct torture_context *tctx, void *_data) "unsetting missing default value"); error = reg_val_set(subkey, "", REG_SZ, - data_blob_talloc(tctx, data_val, sizeof(data_val))); + data_blob_talloc(tctx, data_val, + strlen(data_val))); torture_assert_werr_ok(tctx, error, "set default value"); error = reg_del_value(tctx, subkey, ""); @@ -550,14 +552,14 @@ static bool test_list_values(struct torture_context *tctx, void *_data) "getting missing value"); error = reg_val_set(subkey, "", REG_SZ, - data_blob_talloc(tctx, data_val, sizeof(data_val))); + data_blob_talloc(tctx, data_val, strlen(data_val))); torture_assert_werr_ok(tctx, error, "set default value"); error = reg_key_get_value_by_index(tctx, subkey, 0, &name, &type, &data); torture_assert_werr_ok(tctx, error, "getting default value"); torture_assert_int_equal(tctx, REG_SZ, type, "value type ok"); - torture_assert_int_equal(tctx, sizeof(data_val), data.length, "value length ok"); + torture_assert_int_equal(tctx, strlen(data_val), data.length, "value length ok"); torture_assert_str_equal(tctx, data_val, (char *)data.data, "value ok"); return true; diff --git a/source4/ntvfs/simple/vfs_simple.c b/source4/ntvfs/simple/vfs_simple.c index 58c8df8..a652494 100644 --- a/source4/ntvfs/simple/vfs_simple.c +++ b/source4/ntvfs/simple/vfs_simple.c @@ -414,7 +414,10 @@ do_open: NT_STATUS_NOT_OK_RETURN(status); f = talloc(handle, struct svfs_file); - NT_STATUS_HAVE_NO_MEMORY(f); + if (f == NULL) { + close(fd); + return NT_STATUS_NO_MEMORY; + } f->fd = fd; f->name = talloc_strdup(f, unix_path); NT_STATUS_HAVE_NO_MEMORY(f->name); diff --git a/source4/rpc_server/backupkey/dcesrv_backupkey.c b/source4/rpc_server/backupkey/dcesrv_backupkey.c index 87799db..83fb2bd 100644 --- a/source4/rpc_server/backupkey/dcesrv_backupkey.c +++ b/source4/rpc_server/backupkey/dcesrv_backupkey.c @@ -864,6 +864,7 @@ static WERROR self_sign_cert(TALLOC_CTX *ctx, hx509_context *hctx, hx509_request talloc_free(uniqueid.data); hx509_name_free(&subject); free_SubjectPublicKeyInfo(&spki); + hx509_ca_tbs_free(&tbs); return WERR_INTERNAL_ERROR; } ret = hx509_ca_tbs_set_subject(*hctx, tbs, subject); diff --git a/source4/utils/oLschema2ldif.c b/source4/utils/oLschema2ldif.c index bcdf570..88dba01 100644 --- a/source4/utils/oLschema2ldif.c +++ b/source4/utils/oLschema2ldif.c @@ -352,7 +352,13 @@ static struct ldb_message *process_entry(TALLOC_CTX *mem_ctx, const char *entry) bool single_valued = false; ctx = talloc_new(mem_ctx); + if (ctx == NULL) { + return NULL; + } msg = ldb_msg_new(ctx); + if (msg == NULL) { + goto failed; + } ldb_msg_add_string(msg, "objectClass", "top"); -- Samba Shared Repository