[SCM] Samba Shared Repository - branch v4-3-test updated

Karolin Seeger Fri, 20 Nov 2015 03:20:13 -0800

The branch, v4-3-test has been updated
       via  da97bd4 fix writev(vector[...]) points to uninitialised bytes in 
call_trans2findfirst
       via  e7e5539 fix 'Invalid read of size 1' in reply_search
       via  6860eb7 fix writev(vector[...]) points to uninitialised bytes in 
call_trans2findnext
       via  9d0bbc8 fix uninitialised read in process_host_announce
       via  d06e6f8 remove many valgrind errors for base.lock test
      from  af1fe52 nss_wins: Use lp_global_no_reinit()


https://git.samba.org/?p=samba.git;a=shortlog;h=v4-3-test


- Log -----------------------------------------------------------------
commit da97bd42ce856f18319defec8d87223aba406214
Author: Noel Power <noel.po...@suse.com>
Date:   Wed Oct 28 15:42:06 2015 +0000

    fix writev(vector[...]) points to uninitialised bytes in 
call_trans2findfirst
    
    Signed-off-by: Noel Power <noel.po...@suse.com>
    Reviewed-by: Jeremy Allison <j...@samba.org>
    Reviewed-by: Volker Lendecke <v...@samba.org>
    (cherry picked from commit 9b2aba1b7aa7386dfc64bcefafa83374b6525354)
    
    The last 5 patches address
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=11597
    backport some valgrind fixes from upstream master to 4.2 / 4.3
    
    Autobuild-User(v4-3-test): Karolin Seeger <ksee...@samba.org>
    Autobuild-Date(v4-3-test): Fri Nov 20 12:18:55 CET 2015 on sn-devel-104

commit e7e55390b8b5ab266b71eb74c8cef6a193c10f8f
Author: Noel Power <noel.po...@suse.com>
Date:   Wed Oct 28 17:08:28 2015 +0000

    fix 'Invalid read of size 1' in reply_search
    
    Signed-off-by: Noel Power <noel.po...@suse.com>
    Reviewed-by: Jeremy Allison <j...@samba.org>
    Reviewed-by: Volker Lendecke <v...@samba.org>
    (cherry picked from commit 0f2f8a4f772ff22d00a9e87dafa97a431af8f6da)

commit 6860eb791f8963c150b7b3342c3458ae222a9a19
Author: Noel Power <noel.po...@suse.com>
Date:   Wed Oct 28 19:53:49 2015 +0000

    fix writev(vector[...]) points to uninitialised bytes in call_trans2findnext
    
    Signed-off-by: Noel Power <noel.po...@suse.com>
    Reviewed-by: Jeremy Allison <j...@samba.org>
    Reviewed-by: Volker Lendecke <v...@samba.org>
    (cherry picked from commit 17482d52160acc869af9f7a2029d5b595d33a12d)

commit 9d0bbc87b7661f306f5a9420063389d5f269011f
Author: Noel Power <noel.po...@suse.com>
Date:   Wed Oct 28 21:17:42 2015 +0000

    fix uninitialised read in process_host_announce
    
    Signed-off-by: Noel Power <noel.po...@suse.com>
    Reviewed-by: Jeremy Allison <j...@samba.org>
    Reviewed-by: Volker Lendecke <v...@samba.org>
    (cherry picked from commit 7ade51901381507beaeac92e9b0d2f0d424123a9)

commit d06e6f88548ca2493efd44840027cddb38408f28
Author: Noel Power <noel.po...@suse.com>
Date:   Thu Oct 29 11:11:00 2015 +0000

    remove many valgrind errors for base.lock test
    
    mostly "Conditional jump or move depends on uninitialised value" &
    "Use of uninitialised value of size 8" errors, suspect this is
    related to compiler padding for the struct
    
    Signed-off-by: Noel Power <noel.po...@suse.com>
    Reviewed-by: Jeremy Allison <j...@samba.org>
    Reviewed-by: Volker Lendecke <v...@samba.org>
    
    Autobuild-User(master): Jeremy Allison <j...@samba.org>
    Autobuild-Date(master): Fri Nov  6 00:16:53 CET 2015 on sn-devel-104
    
    (cherry picked from commit ce8068e70b11a3ce5634c56f43a035713c5ea2ed)

-----------------------------------------------------------------------

Summary of changes:
 source3/locking/brlock.c           |  2 ++
 source3/nmbd/nmbd_incomingdgrams.c |  2 ++
 source3/smbd/reply.c               |  9 +++++----
 source3/smbd/trans2.c              | 11 ++++++++++-
 4 files changed, 19 insertions(+), 5 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source3/locking/brlock.c b/source3/locking/brlock.c
index 05e7ee2..e8c8d89 100644
--- a/source3/locking/brlock.c
+++ b/source3/locking/brlock.c
@@ -1021,6 +1021,8 @@ NTSTATUS brl_lock(struct messaging_context *msg_ctx,
        NTSTATUS ret;
        struct lock_struct lock;
 
+       ZERO_STRUCT(lock);
+
 #if !ZERO_ZERO
        if (start == 0 && size == 0) {
                DEBUG(0,("client sent 0/0 lock - please report this\n"));
diff --git a/source3/nmbd/nmbd_incomingdgrams.c 
b/source3/nmbd/nmbd_incomingdgrams.c
index 9a69252..6fedcfd 100644
--- a/source3/nmbd/nmbd_incomingdgrams.c
+++ b/source3/nmbd/nmbd_incomingdgrams.c
@@ -105,6 +105,8 @@ void process_host_announce(struct subnet_record *subrec, 
struct packet_struct *p
        struct server_record *servrec;
        unstring work_name;
        unstring source_name;
+       ZERO_STRUCT(source_name);
+       ZERO_STRUCT(announce_name);
 
        pull_ascii_fstring(comment, buf+31);
   
diff --git a/source3/smbd/reply.c b/source3/smbd/reply.c
index 20c793f..b6f9992 100644
--- a/source3/smbd/reply.c
+++ b/source3/smbd/reply.c
@@ -1607,7 +1607,7 @@ void reply_search(struct smb_request *req)
 {
        connection_struct *conn = req->conn;
        char *path = NULL;
-       const char *mask = NULL;
+       char *mask = NULL;
        char *directory = NULL;
        struct smb_filename *smb_fname = NULL;
        char *fname = NULL;
@@ -1688,11 +1688,11 @@ void reply_search(struct smb_request *req)
 
                p = strrchr_m(directory,'/');
                if ((p != NULL) && (*directory != '/')) {
-                       mask = p + 1;
+                       mask = talloc_strdup(ctx, p + 1);
                        directory = talloc_strndup(ctx, directory,
                                                   PTR_DIFF(p, directory));
                } else {
-                       mask = directory;
+                       mask = talloc_strdup(ctx, directory);
                        directory = talloc_strdup(ctx,".");
                }
 
@@ -1741,7 +1741,7 @@ void reply_search(struct smb_request *req)
                        goto out;
                }
 
-               mask = dptr_wcard(sconn, dptr_num);
+               mask = talloc_strdup(ctx, dptr_wcard(sconn, dptr_num));
                if (!mask) {
                        goto SearchEmpty;
                }
@@ -1880,6 +1880,7 @@ void reply_search(struct smb_request *req)
                maxentries ));
  out:
        TALLOC_FREE(directory);
+       TALLOC_FREE(mask);
        TALLOC_FREE(smb_fname);
        END_PROFILE(SMBsearch);
        return;
diff --git a/source3/smbd/trans2.c b/source3/smbd/trans2.c
index 8816402..d5a38d4 100644
--- a/source3/smbd/trans2.c
+++ b/source3/smbd/trans2.c
@@ -2639,7 +2639,11 @@ total_data=%u (should be %u)\n", (unsigned 
int)total_data, (unsigned int)IVAL(pd
        }
        pdata = *ppdata;
        data_end = pdata + max_data_bytes + DIR_ENTRY_SAFETY_MARGIN - 1;
-
+       /*
+        * squash valgrind "writev(vector[...]) points to uninitialised byte(s)"
+        * error.
+        */
+       memset(pdata + total_data, 0, ((max_data_bytes + 
DIR_ENTRY_SAFETY_MARGIN) - total_data));
        /* Realloc the params space */
        *pparams = (char *)SMB_REALLOC(*pparams, 10);
        if (*pparams == NULL) {
@@ -2986,6 +2990,11 @@ total_data=%u (should be %u)\n", (unsigned 
int)total_data, (unsigned int)IVAL(pd
        pdata = *ppdata;
        data_end = pdata + max_data_bytes + DIR_ENTRY_SAFETY_MARGIN - 1;
 
+       /*
+        * squash valgrind "writev(vector[...]) points to uninitialised byte(s)"
+        * error.
+        */
+       memset(pdata + total_data, 0, (max_data_bytes + 
DIR_ENTRY_SAFETY_MARGIN) - total_data);
        /* Realloc the params space */
        *pparams = (char *)SMB_REALLOC(*pparams, 6*SIZEOFWORD);
        if(*pparams == NULL ) {


-- 
Samba Shared Repository

[SCM] Samba Shared Repository - branch v4-3-test updated

Reply via email to