The branch, master has been updated
via 490418d gpo: Fix CID 1034880 Resource leak
via 4d97b5d gpo: Fix CID 1034881 Resource leak
via b7420e4 ntvfs: Fix CID 1034883 Resource leak
via 1444280 backupkey: Fix CID 1034885 Resource leak
via 0e19812 smbd: Fix CID 1035365 Buffer not null terminated
via 2a73a49 smbd: Fix CID 1035366 Buffer not null terminated
via a60f513 smbd: Use fstring in conn_tdb.c
via 3b8c3e5 smbd: Use fstring in conn_tdb.h
via ea83ac6 smbd: Fix CID 1035478 Negative array index read
via df8dff7 samdb: Fix CID 241968 Uninitialized pointer read
via c6ca14a heimdal: Fix 241482 Resource leak
via d2731ad ldb: Fix CID 241329 Array compared against 0
via 6b7b007 libsmb: Fix CID 241313 Array compared against 0
via c85deee smbd: Fix CID 1035434 Same on both sides
via 43ac7e8 iniparser: Fix CID 241908 Copy into fixed size buffer
via 1cae867 libsmb: Fix CID 1127343 Dead default in switch
via 70dbb89 netapi: Fix CID 1127344 Uninitialized scalar variable
via 4ddb9cf net: Fix CID 1035403 Unchecked return value
via 55b0a16 registry: Fix Coverity ID 1034918 Wrong sizeof argument
via ba370ae registry: Fix Coverity ID 1034917 Wrong sizeof argument
via 4e80a30 registry: Fix Coverity ID 1034916 Wrong sizeof argument
via 0c8d5df dsdb: Fix Coverity ID 1034907 Dereference before null check
via 096358f oLschema2ldif: Add some NULL checks
from 97bbd63 s4:torture:smb2: add new lease.upgrade3 test to test the
contended upgrade
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 490418d6363d2735cd1d801f7b2bb804eb85b197
Author: Volker Lendecke <v...@samba.org>
Date: Sun Nov 10 19:45:11 2013 +0100
gpo: Fix CID 1034880 Resource leak
Signed-off-by: Volker Lendecke <v...@samba.org>
Reviewed-by: Ira Cooper <i...@samba.org>
Autobuild-User(master): Ira Cooper <i...@samba.org>
Autobuild-Date(master): Mon Nov 11 22:59:10 CET 2013 on sn-devel-104
commit 4d97b5dcca827d6767857182772f4ced0fdd5da7
Author: Volker Lendecke <v...@samba.org>
Date: Sun Nov 10 19:43:48 2013 +0100
gpo: Fix CID 1034881 Resource leak
Signed-off-by: Volker Lendecke <v...@samba.org>
Reviewed-by: Ira Cooper <i...@samba.org>
commit b7420e44b1f7e0e0f54cf9f329981bacf839f7c9
Author: Volker Lendecke <v...@samba.org>
Date: Sun Nov 10 19:41:15 2013 +0100
ntvfs: Fix CID 1034883 Resource leak
Signed-off-by: Volker Lendecke <v...@samba.org>
Reviewed-by: Ira Cooper <i...@samba.org>
commit 144428058a73b059d7389915e310ff48fd591e59
Author: Volker Lendecke <v...@samba.org>
Date: Sun Nov 10 19:34:31 2013 +0100
backupkey: Fix CID 1034885 Resource leak
Signed-off-by: Volker Lendecke <v...@samba.org>
Reviewed-by: Ira Cooper <i...@samba.org>
commit 0e19812782cd7a937de028494160ed3f5e8bac88
Author: Volker Lendecke <v...@samba.org>
Date: Sun Nov 10 11:58:58 2013 +0100
smbd: Fix CID 1035365 Buffer not null terminated
Signed-off-by: Volker Lendecke <v...@samba.org>
Reviewed-by: Ira Cooper <i...@samba.org>
commit 2a73a4985eb4a7fcd5dc31aee66dfcd0d305d94b
Author: Volker Lendecke <v...@samba.org>
Date: Sun Nov 10 11:57:37 2013 +0100
smbd: Fix CID 1035366 Buffer not null terminated
Signed-off-by: Volker Lendecke <v...@samba.org>
Reviewed-by: Ira Cooper <i...@samba.org>
commit a60f513e896c35bf21eb54456f38771152611e81
Author: Volker Lendecke <v...@samba.org>
Date: Sun Nov 10 11:56:06 2013 +0100
smbd: Use fstring in conn_tdb.c
It might be legacy, but as long as we have it, we can make use of it.
Signed-off-by: Volker Lendecke <v...@samba.org>
Reviewed-by: Ira Cooper <i...@samba.org>
commit 3b8c3e5dde9a5324eb82496f036d3a88349c3894
Author: Volker Lendecke <v...@samba.org>
Date: Sun Nov 10 11:56:06 2013 +0100
smbd: Use fstring in conn_tdb.h
It might be legacy, but as long as we have it, we can make use of it.
Signed-off-by: Volker Lendecke <v...@samba.org>
Reviewed-by: Ira Cooper <i...@samba.org>
commit ea83ac6b0142e99b514f7c4a3a4b038c2e409a8d
Author: Volker Lendecke <v...@samba.org>
Date: Sun Nov 10 11:48:17 2013 +0100
smbd: Fix CID 1035478 Negative array index read
lp_parm_enum can return -1. Add error checking.
Signed-off-by: Volker Lendecke <v...@samba.org>
Reviewed-by: Ira Cooper <i...@samba.org>
commit df8dff7dd27459dad337e66f3e2f75c47e28cc8c
Author: Volker Lendecke <v...@samba.org>
Date: Sun Nov 10 10:06:18 2013 +0100
samdb: Fix CID 241968 Uninitialized pointer read
Interestingly gcc does not catch this at all.
Signed-off-by: Volker Lendecke <v...@samba.org>
Reviewed-by: Ira Cooper <i...@samba.org>
commit c6ca14a78b52eabc70f338d136a93ea9ff4e51e4
Author: Volker Lendecke <v...@samba.org>
Date: Sun Nov 10 09:45:38 2013 +0100
heimdal: Fix 241482 Resource leak
Signed-off-by: Volker Lendecke <v...@samba.org>
Reviewed-by: Ira Cooper <i...@samba.org>
commit d2731ad5aae9f1fb8c1c6a65a61ef787e993b248
Author: Volker Lendecke <v...@samba.org>
Date: Sat Nov 9 21:29:24 2013 +0100
ldb: Fix CID 241329 Array compared against 0
u.generate.remote_names is an array, not a pointer
Signed-off-by: Volker Lendecke <v...@samba.org>
Reviewed-by: Ira Cooper <i...@samba.org>
commit 6b7b007a67ce8ec4e2979f09ba1bdea903116924
Author: Volker Lendecke <v...@samba.org>
Date: Sat Nov 9 21:11:41 2013 +0100
libsmb: Fix CID 241313 Array compared against 0
userinfo->passwrd is not a pointer, no point in checking for !=NULL
Signed-off-by: Volker Lendecke <v...@samba.org>
Reviewed-by: Ira Cooper <i...@samba.org>
commit c85deeed32607461e552636761b9cd402025b6da
Author: Volker Lendecke <v...@samba.org>
Date: Sat Nov 9 21:02:10 2013 +0100
smbd: Fix CID 1035434 Same on both sides
Looks scary, but the only effect of this bug is too many UNLOCK messages
Signed-off-by: Volker Lendecke <v...@samba.org>
Reviewed-by: Ira Cooper <i...@samba.org>
commit 43ac7e81ec58d9043728b0e12b31f2993ec726c0
Author: Volker Lendecke <v...@samba.org>
Date: Sat Nov 9 20:37:01 2013 +0100
iniparser: Fix CID 241908 Copy into fixed size buffer
strcpy is never a good idea....
Signed-off-by: Volker Lendecke <v...@samba.org>
Reviewed-by: Ira Cooper <i...@samba.org>
commit 1cae867f72b79995a02eed96265fe9f69ce945da
Author: Volker Lendecke <v...@samba.org>
Date: Sat Nov 9 19:14:15 2013 +0100
libsmb: Fix CID 1127343 Dead default in switch
We have checked sec_channel_type a few lines above already
Signed-off-by: Volker Lendecke <v...@samba.org>
Reviewed-by: Ira Cooper <i...@samba.org>
commit 70dbb893cf1a46cc31fa0e902fd8a6b8557cf461
Author: Volker Lendecke <v...@samba.org>
Date: Sat Nov 9 19:11:41 2013 +0100
netapi: Fix CID 1127344 Uninitialized scalar variable
Signed-off-by: Volker Lendecke <v...@samba.org>
Reviewed-by: Ira Cooper <i...@samba.org>
commit 4ddb9cfd955b77bfac57bcae93f734dc2ffb0676
Author: Volker Lendecke <v...@samba.org>
Date: Sat Nov 9 18:50:16 2013 +0100
net: Fix CID 1035403 Unchecked return value
Signed-off-by: Volker Lendecke <v...@samba.org>
Reviewed-by: Ira Cooper <i...@samba.org>
commit 55b0a16e9b08cb4bf5cf32307009b889b4288f3a
Author: Volker Lendecke <v...@samba.org>
Date: Sat Nov 9 18:40:08 2013 +0100
registry: Fix Coverity ID 1034918 Wrong sizeof argument
sizeof(data_val) is the size of the pointer. This might well be 8 bytes
where the string is only 4 bytes long
Signed-off-by: Volker Lendecke <v...@samba.org>
Reviewed-by: Ira Cooper <i...@samba.org>
commit ba370ae630e1f35cd20d6419100b5e0987382cfc
Author: Volker Lendecke <v...@samba.org>
Date: Sat Nov 9 18:40:08 2013 +0100
registry: Fix Coverity ID 1034917 Wrong sizeof argument
sizeof(data_val) is the size of the pointer. This might well be 8 bytes
where the string is only 4 bytes long
Signed-off-by: Volker Lendecke <v...@samba.org>
Reviewed-by: Ira Cooper <i...@samba.org>
commit 4e80a30daa16a6c0d0f1f96380fb213867f3ad5f
Author: Volker Lendecke <v...@samba.org>
Date: Sat Nov 9 18:40:08 2013 +0100
registry: Fix Coverity ID 1034916 Wrong sizeof argument
sizeof(data_val) is the size of the pointer. This might well be 8 bytes
where the string is only 4 bytes long
Signed-off-by: Volker Lendecke <v...@samba.org>
Reviewed-by: Ira Cooper <i...@samba.org>
commit 0c8d5df5cadf59bb7833ccdd8f9c710c61d55cca
Author: Volker Lendecke <v...@samba.org>
Date: Sat Nov 9 18:32:21 2013 +0100
dsdb: Fix Coverity ID 1034907 Dereference before null check
"module" has already been dereferenced by ldb_module_get_private(module)
Signed-off-by: Volker Lendecke <v...@samba.org>
Reviewed-by: Ira Cooper <i...@samba.org>
commit 096358f4e1b8000d1006293963f4c571ee6fc8cb
Author: Volker Lendecke <v...@samba.org>
Date: Sat Nov 9 16:40:18 2013 +0100
oLschema2ldif: Add some NULL checks
This should fix Coverity ID 1034812
Signed-off-by: Volker Lendecke <v...@samba.org>
Reviewed-by: Ira Cooper <i...@samba.org>
-----------------------------------------------------------------------
Summary of changes:
lib/iniparser/src/iniparser.c | 8 ++++--
lib/ldb/ldb_map/ldb_map.c | 2 +-
source3/lib/conn_tdb.c | 16 ++++++------
source3/lib/conn_tdb.h | 6 ++--
source3/lib/netapi/wkstainfo.c | 1 +
source3/libsmb/clirap2.c | 6 +---
source3/libsmb/trusts_util.c | 2 -
source3/locking/brlock.c | 2 +-
source3/modules/nfs4_acls.c | 25 +++++++++++++++----
source3/utils/net_rpc_registry.c | 5 +++-
source4/dsdb/samdb/ldb_modules/local_password.c | 2 +-
source4/dsdb/samdb/ldb_modules/partition.c | 2 +-
source4/heimdal/lib/gssapi/krb5/init_sec_context.c | 6 +++-
source4/lib/policy/gp_filesys.c | 4 +-
source4/lib/registry/tests/registry.c | 12 +++++----
source4/ntvfs/simple/vfs_simple.c | 5 +++-
source4/rpc_server/backupkey/dcesrv_backupkey.c | 1 +
source4/utils/oLschema2ldif.c | 6 ++++
18 files changed, 70 insertions(+), 41 deletions(-)
Changeset truncated at 500 lines:
diff --git a/lib/iniparser/src/iniparser.c b/lib/iniparser/src/iniparser.c
index 0934087..db00c88 100644
--- a/lib/iniparser/src/iniparser.c
+++ b/lib/iniparser/src/iniparser.c
@@ -38,16 +38,18 @@ static void iniparser_add_entry(
char * val)
{
char longkey[2*ASCIILINESZ+1];
+ char *l;
/* Make a key as section:keyword */
if (key!=NULL) {
- sprintf(longkey, "%s:%s", sec, key);
+ snprintf(longkey, sizeof(longkey), "%s:%s", sec, key);
+ l = longkey;
} else {
- strcpy(longkey, sec);
+ l = sec;
}
/* Add (key,val) to dictionary */
- dictionary_set(d, longkey, val);
+ dictionary_set(d, l, val);
return ;
}
diff --git a/lib/ldb/ldb_map/ldb_map.c b/lib/ldb/ldb_map/ldb_map.c
index 52b483b..66b0059 100644
--- a/lib/ldb/ldb_map/ldb_map.c
+++ b/lib/ldb/ldb_map/ldb_map.c
@@ -340,7 +340,7 @@ const struct ldb_map_attribute *map_attr_find_remote(const
struct ldb_map_contex
break;
case LDB_MAP_GENERATE:
- for (j = 0; map->u.generate.remote_names &&
map->u.generate.remote_names[j]; j++) {
+ for (j = 0; map->u.generate.remote_names[j]; j++) {
if
(ldb_attr_cmp(map->u.generate.remote_names[j], name) == 0) {
return map;
}
diff --git a/source3/lib/conn_tdb.c b/source3/lib/conn_tdb.c
index b218831..bf66d7d 100644
--- a/source3/lib/conn_tdb.c
+++ b/source3/lib/conn_tdb.c
@@ -39,8 +39,8 @@ struct connections_forall_state {
struct connections_forall_session {
uid_t uid;
gid_t gid;
- char machine[FSTRING_LEN];
- char addr[FSTRING_LEN];
+ fstring machine;
+ fstring addr;
};
static int collect_sessions_fn(struct smbXsrv_session_global0 *global,
@@ -60,8 +60,8 @@ static int collect_sessions_fn(struct smbXsrv_session_global0
*global,
sess.uid = global->auth_session_info->unix_token->uid;
sess.gid = global->auth_session_info->unix_token->gid;
}
- strncpy(sess.machine, global->channels[0].remote_name,
sizeof(sess.machine));
- strncpy(sess.addr, global->channels[0].remote_address,
sizeof(sess.addr));
+ fstrcpy(sess.machine, global->channels[0].remote_name);
+ fstrcpy(sess.addr, global->channels[0].remote_address);
status = dbwrap_store(state->session_by_pid,
make_tdb_data((void*)&id, sizeof(id)),
@@ -116,12 +116,12 @@ static int traverse_tcon_fn(struct smbXsrv_tcon_global0
*global,
key.pid = data.pid = global->server_id;
key.cnum = data.cnum = global->tcon_global_id;
- strncpy(key.name, global->share_name, sizeof(key.name));
- strncpy(data.servicename, global->share_name, sizeof(data.servicename));
+ fstrcpy(key.name, global->share_name);
+ fstrcpy(data.servicename, global->share_name);
data.uid = sess.uid;
data.gid = sess.gid;
- strncpy(data.addr, sess.addr, sizeof(data.addr));
- strncpy(data.machine, sess.machine, sizeof(data.machine));
+ fstrcpy(data.addr, sess.addr);
+ fstrcpy(data.machine, sess.machine);
data.start = nt_time_to_unix(global->creation_time);
state->count++;
diff --git a/source3/lib/conn_tdb.h b/source3/lib/conn_tdb.h
index b91a153..217814f 100644
--- a/source3/lib/conn_tdb.h
+++ b/source3/lib/conn_tdb.h
@@ -29,9 +29,9 @@ struct connections_data {
int cnum;
uid_t uid;
gid_t gid;
- char servicename[FSTRING_LEN];
- char addr[FSTRING_LEN];
- char machine[FSTRING_LEN];
+ fstring servicename;
+ fstring addr;
+ fstring machine;
time_t start;
};
diff --git a/source3/lib/netapi/wkstainfo.c b/source3/lib/netapi/wkstainfo.c
index cda4b50..b093958 100644
--- a/source3/lib/netapi/wkstainfo.c
+++ b/source3/lib/netapi/wkstainfo.c
@@ -83,6 +83,7 @@ static NTSTATUS
map_wksta_info_to_WKSTA_INFO_buffer(TALLOC_CTX *mem_ctx,
i102.wki102_ver_major = i->info102->version_major;
i102.wki102_ver_minor = i->info102->version_minor;
i102.wki102_lanroot = talloc_strdup(mem_ctx,
i->info102->lan_root);
+ i102.wki102_logged_on_users = i->info102->logged_on_users;
ADD_TO_ARRAY(mem_ctx, struct WKSTA_INFO_102, i102,
(struct WKSTA_INFO_102 **)buffer,
diff --git a/source3/libsmb/clirap2.c b/source3/libsmb/clirap2.c
index 05d8fb2..457a82e 100644
--- a/source3/libsmb/clirap2.c
+++ b/source3/libsmb/clirap2.c
@@ -867,10 +867,8 @@ int cli_NetUserAdd(struct cli_state *cli, struct
rap_user_info_1 * userinfo )
PUTWORD(p, 1); /* info level */
PUTWORD(p, 0); /* pwencrypt */
- if(userinfo->passwrd)
- PUTWORD(p,MIN(strlen((const char *)userinfo->passwrd),
RAP_UPASSWD_LEN));
- else
- PUTWORD(p, 0); /* password length */
+ PUTWORD(p, MIN(strlen((const char *)userinfo->passwrd),
+ RAP_UPASSWD_LEN));
p = data;
memset(data, '\0', soffset);
diff --git a/source3/libsmb/trusts_util.c b/source3/libsmb/trusts_util.c
index 428e0c1..52fb481 100644
--- a/source3/libsmb/trusts_util.c
+++ b/source3/libsmb/trusts_util.c
@@ -108,8 +108,6 @@ NTSTATUS trust_pw_find_change_and_store_it(struct
rpc_pipe_client *cli,
}
break;
}
- default:
- break;
}
}
diff --git a/source3/locking/brlock.c b/source3/locking/brlock.c
index b5eebc8..e92a2cf 100644
--- a/source3/locking/brlock.c
+++ b/source3/locking/brlock.c
@@ -2222,7 +2222,7 @@ static int compare_procids(const void *p1, const void *p2)
const struct server_id *i2 = (const struct server_id *)p2;
if (i1->pid < i2->pid) return -1;
- if (i2->pid > i2->pid) return 1;
+ if (i1->pid > i2->pid) return 1;
return 0;
}
diff --git a/source3/modules/nfs4_acls.c b/source3/modules/nfs4_acls.c
index 08ae141..774c40e 100644
--- a/source3/modules/nfs4_acls.c
+++ b/source3/modules/nfs4_acls.c
@@ -85,16 +85,29 @@ static int smbacl4_get_vfs_params(
{ e_merge, "merge" },
{ -1 , NULL }
};
+ int enumval;
memset(params, 0, sizeof(smbacl4_vfs_params));
- params->mode = (enum smbacl4_mode_enum)lp_parm_enum(
- SNUM(conn), type_name,
- "mode", enum_smbacl4_modes, e_simple);
+
+ enumval = lp_parm_enum(SNUM(conn), type_name, "mode",
+ enum_smbacl4_modes, e_simple);
+ if (enumval == -1) {
+ DEBUG(10, ("value for %s:mode unknown\n", type_name));
+ return -1;
+ }
+ params->mode = (enum smbacl4_mode_enum)enumval;
+
params->do_chown = lp_parm_bool(SNUM(conn), type_name,
"chown", true);
- params->acedup = (enum smbacl4_acedup_enum)lp_parm_enum(
- SNUM(conn), type_name,
- "acedup", enum_smbacl4_acedups, e_dontcare);
+
+ enumval = lp_parm_enum(SNUM(conn), type_name, "acedup",
+ enum_smbacl4_acedups, e_dontcare);
+ if (enumval == -1) {
+ DEBUG(10, ("value for %s:acedup unknown\n", type_name));
+ return -1;
+ }
+ params->acedup = (enum smbacl4_acedup_enum)enumval;
+
params->map_full_control = lp_acl_map_full_control(SNUM(conn));
DEBUG(10, ("mode:%s, do_chown:%s, acedup: %s map full control:%s\n",
diff --git a/source3/utils/net_rpc_registry.c b/source3/utils/net_rpc_registry.c
index 9445e09..cc4eaa7 100644
--- a/source3/utils/net_rpc_registry.c
+++ b/source3/utils/net_rpc_registry.c
@@ -1183,7 +1183,10 @@ static void dump_values( REGF_NK_REC *nk )
switch ( nk->values[i].type ) {
case REG_SZ:
blob = data_blob_const(nk->values[i].data,
data_size);
- pull_reg_sz(talloc_tos(), &blob, &data_str);
+ if (!pull_reg_sz(talloc_tos(), &blob,
+ &data_str)) {
+ data_str = NULL;
+ }
if (!data_str) {
break;
}
diff --git a/source4/dsdb/samdb/ldb_modules/local_password.c
b/source4/dsdb/samdb/ldb_modules/local_password.c
index 4adf180..86c79ee 100644
--- a/source4/dsdb/samdb/ldb_modules/local_password.c
+++ b/source4/dsdb/samdb/ldb_modules/local_password.c
@@ -181,7 +181,7 @@ static int local_password_add(struct ldb_module *module,
struct ldb_request *req
return ldb_operr(ldb);
}
- remote_message = ldb_msg_copy_shallow(remote_req, req->op.add.message);
+ remote_message = ldb_msg_copy_shallow(ac, req->op.add.message);
if (remote_message == NULL) {
return ldb_operr(ldb);
}
diff --git a/source4/dsdb/samdb/ldb_modules/partition.c
b/source4/dsdb/samdb/ldb_modules/partition.c
index 63835d8..39e85e4 100644
--- a/source4/dsdb/samdb/ldb_modules/partition.c
+++ b/source4/dsdb/samdb/ldb_modules/partition.c
@@ -811,7 +811,7 @@ static int partition_start_trans(struct ldb_module *module)
/* Look at base DN */
/* Figure out which partition it is under */
/* Skip the lot if 'data' isn't here yet (initialization) */
- if ((module && ldb_module_flags(ldb_module_get_ctx(module)) &
LDB_FLG_ENABLE_TRACING)) {
+ if (ldb_module_flags(ldb_module_get_ctx(module)) &
LDB_FLG_ENABLE_TRACING) {
ldb_debug(ldb_module_get_ctx(module), LDB_DEBUG_TRACE,
"partition_start_trans() -> (metadata partition)");
}
ret = ldb_next_start_trans(module);
diff --git a/source4/heimdal/lib/gssapi/krb5/init_sec_context.c
b/source4/heimdal/lib/gssapi/krb5/init_sec_context.c
index 5f8b01b..0a89ae1 100644
--- a/source4/heimdal/lib/gssapi/krb5/init_sec_context.c
+++ b/source4/heimdal/lib/gssapi/krb5/init_sec_context.c
@@ -137,6 +137,7 @@ _gsskrb5_create_ctx(
if (kret) {
*minor_status = kret;
HEIMDAL_MUTEX_destroy(&ctx->ctx_id_mutex);
+ free(ctx);
return GSS_S_FAILURE;
}
@@ -145,6 +146,7 @@ _gsskrb5_create_ctx(
*minor_status = kret;
krb5_auth_con_free(context, ctx->auth_context);
HEIMDAL_MUTEX_destroy(&ctx->ctx_id_mutex);
+ free(ctx);
return GSS_S_FAILURE;
}
@@ -156,7 +158,7 @@ _gsskrb5_create_ctx(
krb5_auth_con_free(context, ctx->deleg_auth_context);
HEIMDAL_MUTEX_destroy(&ctx->ctx_id_mutex);
-
+ free(ctx);
return GSS_S_BAD_BINDINGS;
}
@@ -168,7 +170,7 @@ _gsskrb5_create_ctx(
krb5_auth_con_free(context, ctx->deleg_auth_context);
HEIMDAL_MUTEX_destroy(&ctx->ctx_id_mutex);
-
+ free(ctx);
return GSS_S_BAD_BINDINGS;
}
diff --git a/source4/lib/policy/gp_filesys.c b/source4/lib/policy/gp_filesys.c
index 9f60d2f..b6107fc 100644
--- a/source4/lib/policy/gp_filesys.c
+++ b/source4/lib/policy/gp_filesys.c
@@ -251,6 +251,7 @@ static NTSTATUS gp_get_file (struct smbcli_tree *tree,
const char *remote_src,
DEBUG(0, ("Remote/local file size mismatch after copying file: "
"%s (remote %zu, local %zu).\n",
remote_src, file_size, nread));
+ close(fh_local);
talloc_free(buf);
return NT_STATUS_UNSUCCESSFUL;
}
@@ -562,14 +563,13 @@ NTSTATUS gp_create_gpt(struct gp_context *gp_ctx, const
char *name,
}
rv = write(fd, file_content, strlen(file_content));
+ close(fd);
if (rv != strlen(file_content)) {
DEBUG(0, ("Short write in GPT.INI\n"));
talloc_free(mem_ctx);
return NT_STATUS_UNSUCCESSFUL;
}
- close(fd);
-
/* Upload the GPT to the sysvol share on a DC */
status = gp_push_gpt(gp_ctx, policy_dir, file_sys_path);
if (!NT_STATUS_IS_OK(status)) {
diff --git a/source4/lib/registry/tests/registry.c
b/source4/lib/registry/tests/registry.c
index 4e6dda4..b9b7c28 100644
--- a/source4/lib/registry/tests/registry.c
+++ b/source4/lib/registry/tests/registry.c
@@ -449,14 +449,15 @@ static bool test_get_value(struct torture_context *tctx,
void *_data)
torture_assert_int_equal(tctx, REG_DWORD, type, "value type");
error = reg_val_set(subkey, "", REG_SZ,
- data_blob_talloc(tctx, data_val, sizeof(data_val)));
+ data_blob_talloc(tctx, data_val,
+ strlen(data_val)));
torture_assert_werr_ok(tctx, error, "set default value");
error = reg_key_get_value_by_name(tctx, subkey, "", &type,
&data);
torture_assert_werr_ok(tctx, error, "getting default value");
torture_assert_int_equal(tctx, REG_SZ, type, "value type ok");
- torture_assert_int_equal(tctx, sizeof(data_val), data.length, "value
length ok");
+ torture_assert_int_equal(tctx, strlen(data_val), data.length, "value
length ok");
torture_assert_str_equal(tctx, data_val, (char *)data.data, "value ok");
return true;
@@ -502,7 +503,8 @@ static bool test_del_value(struct torture_context *tctx,
void *_data)
"unsetting missing default value");
error = reg_val_set(subkey, "", REG_SZ,
- data_blob_talloc(tctx, data_val, sizeof(data_val)));
+ data_blob_talloc(tctx, data_val,
+ strlen(data_val)));
torture_assert_werr_ok(tctx, error, "set default value");
error = reg_del_value(tctx, subkey, "");
@@ -550,14 +552,14 @@ static bool test_list_values(struct torture_context
*tctx, void *_data)
"getting missing value");
error = reg_val_set(subkey, "", REG_SZ,
- data_blob_talloc(tctx, data_val, sizeof(data_val)));
+ data_blob_talloc(tctx, data_val, strlen(data_val)));
torture_assert_werr_ok(tctx, error, "set default value");
error = reg_key_get_value_by_index(tctx, subkey, 0, &name,
&type, &data);
torture_assert_werr_ok(tctx, error, "getting default value");
torture_assert_int_equal(tctx, REG_SZ, type, "value type ok");
- torture_assert_int_equal(tctx, sizeof(data_val), data.length, "value
length ok");
+ torture_assert_int_equal(tctx, strlen(data_val), data.length, "value
length ok");
torture_assert_str_equal(tctx, data_val, (char *)data.data, "value ok");
return true;
diff --git a/source4/ntvfs/simple/vfs_simple.c
b/source4/ntvfs/simple/vfs_simple.c
index 58c8df8..a652494 100644
--- a/source4/ntvfs/simple/vfs_simple.c
+++ b/source4/ntvfs/simple/vfs_simple.c
@@ -414,7 +414,10 @@ do_open:
NT_STATUS_NOT_OK_RETURN(status);
f = talloc(handle, struct svfs_file);
- NT_STATUS_HAVE_NO_MEMORY(f);
+ if (f == NULL) {
+ close(fd);
+ return NT_STATUS_NO_MEMORY;
+ }
f->fd = fd;
f->name = talloc_strdup(f, unix_path);
NT_STATUS_HAVE_NO_MEMORY(f->name);
diff --git a/source4/rpc_server/backupkey/dcesrv_backupkey.c
b/source4/rpc_server/backupkey/dcesrv_backupkey.c
index 87799db..83fb2bd 100644
--- a/source4/rpc_server/backupkey/dcesrv_backupkey.c
+++ b/source4/rpc_server/backupkey/dcesrv_backupkey.c
@@ -864,6 +864,7 @@ static WERROR self_sign_cert(TALLOC_CTX *ctx, hx509_context
*hctx, hx509_request
talloc_free(uniqueid.data);
hx509_name_free(&subject);
free_SubjectPublicKeyInfo(&spki);
+ hx509_ca_tbs_free(&tbs);
return WERR_INTERNAL_ERROR;
}
ret = hx509_ca_tbs_set_subject(*hctx, tbs, subject);
diff --git a/source4/utils/oLschema2ldif.c b/source4/utils/oLschema2ldif.c
index bcdf570..88dba01 100644
--- a/source4/utils/oLschema2ldif.c
+++ b/source4/utils/oLschema2ldif.c
@@ -352,7 +352,13 @@ static struct ldb_message *process_entry(TALLOC_CTX
*mem_ctx, const char *entry)
bool single_valued = false;
ctx = talloc_new(mem_ctx);
+ if (ctx == NULL) {
+ return NULL;
+ }
msg = ldb_msg_new(ctx);
+ if (msg == NULL) {
+ goto failed;
+ }
ldb_msg_add_string(msg, "objectClass", "top");
--
Samba Shared Repository
