The branch, master has been updated via a737efe s4-ntlm: Fix a NULL pointer dereference in error path via f01f424 s4-dsdb: Fix a possible NULL pointer dereference via 5499cff s3-torture: Do some code hygiene in the ldb test via 7bac35e librpc: Check for negative return value of socket_get_fd() via 8e88ab7 util: Fix a possible null pointer dereference from c0704d9 s3: libsmb: Correctly trim a trailing \ character in cli_smb2_create_fnum_send() when passing a pathname to SMB2 create.
https://git.samba.org/?p=samba.git;a=shortlog;h=master - Log ----------------------------------------------------------------- commit a737efe2bd45fffe82d1815789c63172e01ed1d7 Author: Andreas Schneider <a...@samba.org> Date: Wed Jun 22 15:53:59 2016 +0200 s4-ntlm: Fix a NULL pointer dereference in error path Found by clang compiler. Signed-off-by: Andreas Schneider <a...@samba.org> Reviewed-by: Jeremy Allison <j...@samba.org> Autobuild-User(master): Jeremy Allison <j...@samba.org> Autobuild-Date(master): Wed Jun 22 23:21:33 CEST 2016 on sn-devel-144 commit f01f4248536c6f4b2cfe6f28f775deb7cb2fe01a Author: Andreas Schneider <a...@samba.org> Date: Wed Jun 22 15:48:10 2016 +0200 s4-dsdb: Fix a possible NULL pointer dereference Detected by clang compiler. Signed-off-by: Andreas Schneider <a...@samba.org> Reviewed-by: Jeremy Allison <j...@samba.org> commit 5499cff2014e64ab9b40f038631a9b8eb847ca03 Author: Andreas Schneider <a...@samba.org> Date: Wed Jun 22 15:15:05 2016 +0200 s3-torture: Do some code hygiene in the ldb test Coverity is confused if in a expresion we use = and not ==. Signed-off-by: Andreas Schneider <a...@samba.org> Reviewed-by: Jeremy Allison <j...@samba.org> commit 7bac35e7fd6d2e580648e0028e114626edf3dc2e Author: Andreas Schneider <a...@samba.org> Date: Wed Jun 22 09:25:16 2016 +0200 librpc: Check for negative return value of socket_get_fd() Found by Coverity. Signed-off-by: Andreas Schneider <a...@samba.org> Reviewed-by: Jeremy Allison <j...@samba.org> commit 8e88ab727a68eb3979ad1bde65001130c7166d1f Author: Andreas Schneider <a...@samba.org> Date: Wed Jun 22 09:17:07 2016 +0200 util: Fix a possible null pointer dereference Found by cppcheck. Signed-off-by: Andreas Schneider <a...@samba.org> Reviewed-by: Jeremy Allison <j...@samba.org> ----------------------------------------------------------------------- Summary of changes: lib/util/talloc_report.c | 3 +++ source4/auth/ntlm/auth_winbind.c | 6 ++++-- source4/dsdb/common/util_trusts.c | 4 +++- source4/librpc/rpc/dcerpc_sock.c | 5 +++++ source4/torture/ldb/ldb.c | 12 ++++++++---- 5 files changed, 23 insertions(+), 7 deletions(-) Changeset truncated at 500 lines: diff --git a/lib/util/talloc_report.c b/lib/util/talloc_report.c index 9b98347..018d9ab 100644 --- a/lib/util/talloc_report.c +++ b/lib/util/talloc_report.c @@ -40,6 +40,9 @@ static char *talloc_vasprintf_append_largebuf(char *buf, ssize_t *pstr_len, if (buf == NULL) { return NULL; } + if (fmt == NULL) { + return NULL; + } buflen = talloc_get_size(buf); if (buflen > str_len) { diff --git a/source4/auth/ntlm/auth_winbind.c b/source4/auth/ntlm/auth_winbind.c index aed893d..447c0de 100644 --- a/source4/auth/ntlm/auth_winbind.c +++ b/source4/auth/ntlm/auth_winbind.c @@ -216,9 +216,11 @@ static NTSTATUS winbind_check_password_wbclient(struct auth_method_context *ctx, if (err) { DEBUG(1, ("error was %s (0x%08x)\nerror message was '%s'\n", err->nt_string, err->nt_status, err->display_string)); + nt_status = NT_STATUS(err->nt_status); + wbcFreeMemory(err); + } else { + nt_status = NT_STATUS_LOGON_FAILURE; } - nt_status = NT_STATUS(err->nt_status); - wbcFreeMemory(err); NT_STATUS_NOT_OK_RETURN(nt_status); } else if (!WBC_ERROR_IS_OK(wbc_status)) { DEBUG(1, ("wbcAuthenticateUserEx: failed with %u - %s\n", diff --git a/source4/dsdb/common/util_trusts.c b/source4/dsdb/common/util_trusts.c index 0e69ba2..a083d86 100644 --- a/source4/dsdb/common/util_trusts.c +++ b/source4/dsdb/common/util_trusts.c @@ -2671,7 +2671,9 @@ NTSTATUS dsdb_trust_get_incoming_passwords(struct ldb_message *msg, if (_previous != NULL) { *_previous = talloc(mem_ctx, struct samr_Password); if (*_previous == NULL) { - TALLOC_FREE(*_current); + if (_current != NULL) { + TALLOC_FREE(*_current); + } TALLOC_FREE(frame); return NT_STATUS_NO_MEMORY; } diff --git a/source4/librpc/rpc/dcerpc_sock.c b/source4/librpc/rpc/dcerpc_sock.c index f5a1c07..7175eb2 100644 --- a/source4/librpc/rpc/dcerpc_sock.c +++ b/source4/librpc/rpc/dcerpc_sock.c @@ -72,6 +72,11 @@ static void continue_socket_connect(struct composite_context *ctx) return; } sock_fd = socket_get_fd(s->socket_ctx); + if (sock_fd == -1) { + TALLOC_FREE(s->socket_ctx); + composite_error(c, NT_STATUS_INVALID_HANDLE); + return; + } socket_set_flags(s->socket_ctx, SOCKET_FLAG_NOCLOSE); TALLOC_FREE(s->socket_ctx); diff --git a/source4/torture/ldb/ldb.c b/source4/torture/ldb/ldb.c index 6210419..7ea9726 100644 --- a/source4/torture/ldb/ldb.c +++ b/source4/torture/ldb/ldb.c @@ -1084,8 +1084,9 @@ static bool torture_ldb_unpack(struct torture_context *torture) const char *ldif_text = dda1d01d_ldif; struct ldb_ldif ldif; + ldb = samba_ldb_init(mem_ctx, torture->ev, NULL, NULL, NULL); torture_assert(torture, - ldb = samba_ldb_init(mem_ctx, torture->ev, NULL, NULL, NULL), + ldb != NULL, "Failed to init ldb"); torture_assert_int_equal(torture, ldb_unpack_data(ldb, &data, msg), 0, @@ -1111,12 +1112,14 @@ static bool torture_ldb_parse_ldif(struct torture_context *torture) struct ldb_val data = data_blob_const(dda1d01d_bin, sizeof(dda1d01d_bin)); struct ldb_message *msg = ldb_msg_new(mem_ctx); + ldb = samba_ldb_init(mem_ctx, torture->ev, NULL,NULL,NULL); torture_assert(torture, - ldb=samba_ldb_init(mem_ctx, torture->ev, NULL,NULL,NULL), + ldb != NULL, "Failed to init ldb"); + ldif = ldb_ldif_read_string(ldb, &ldif_text); torture_assert(torture, - ldif = ldb_ldif_read_string(ldb, &ldif_text), + ldif != NULL, "ldb_ldif_read_string failed"); torture_assert_int_equal(torture, ldif->changetype, LDB_CHANGETYPE_NONE, "changetype is incorrect"); @@ -1147,8 +1150,9 @@ static bool torture_ldb_unpack_only_attr_list(struct torture_context *torture) const char *ldif_text; struct ldb_ldif ldif; + ldb = samba_ldb_init(mem_ctx, torture->ev, NULL, NULL, NULL); torture_assert(torture, - ldb=samba_ldb_init(mem_ctx, torture->ev, NULL, NULL, NULL), + ldb != NULL, "Failed to init samba"); torture_assert_int_equal(torture, -- Samba Shared Repository