The branch, master has been updated via 3e6ce5c s3:registry: Fix possible memory leak in _reg_perfcount_multi_sz_from_tdb() via dbdbd48 s3:libads: Fix memory leaks in ads_krb5_chg_password() via 3d32c02 s3:client: Avoid a possible fd leak in do_get() via d4fb124 s4:lib: Fix a possible fd leak in gp_get_file() via b7b4fc5 s3:utils: Do not leak memory in new_user() via f20150f s3:utils: Do not overflow the destination buffer in net_idmap_restore() via e4f4f5e s3:passdb: Don't leak memory on error in fetch_ldap_pw() via e6689c3 wbinfo: Free memory when we leave wbinfo_dsgetdcname() from bca4008 s3: tests: smbclient. Regression test to ensure we get NT_STATUS_DIRECTORY_NOT_EMPTY on rmdir.
https://git.samba.org/?p=samba.git;a=shortlog;h=master - Log ----------------------------------------------------------------- commit 3e6ce5c6e679fdb39ed8142bf5e1ed4105164826 Author: Andreas Schneider <a...@samba.org> Date: Thu Aug 9 16:15:10 2018 +0200 s3:registry: Fix possible memory leak in _reg_perfcount_multi_sz_from_tdb() Found by covscan. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13567 Pair-Programmed-With: Justin Stephenson <jstep...@redhat.com> Signed-off-by: Andreas Schneider <a...@samba.org> Signed-off-by: Justin Stephenson <jstep...@redhat.com> Reviewed-by: Jeremy Allison <j...@samba.org> Autobuild-User(master): Jeremy Allison <j...@samba.org> Autobuild-Date(master): Sat Aug 11 04:43:15 CEST 2018 on sn-devel-144 commit dbdbd4875ecac3e7334750f46f1f494b7afe6628 Author: Andreas Schneider <a...@samba.org> Date: Thu Aug 9 16:02:16 2018 +0200 s3:libads: Fix memory leaks in ads_krb5_chg_password() Found by covscan. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13567 Pair-Programmed-With: Justin Stephenson <jstep...@redhat.com> Signed-off-by: Andreas Schneider <a...@samba.org> Signed-off-by: Justin Stephenson <jstep...@redhat.com> Reviewed-by: Jeremy Allison <j...@samba.org> commit 3d32c0263b072e19335eba1451840284409ecb61 Author: Andreas Schneider <a...@samba.org> Date: Thu Aug 9 15:58:32 2018 +0200 s3:client: Avoid a possible fd leak in do_get() Found by covscan. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13567 Pair-Programmed-With: Justin Stephenson <jstep...@redhat.com> Signed-off-by: Andreas Schneider <a...@samba.org> Signed-off-by: Justin Stephenson <jstep...@redhat.com> Reviewed-by: Jeremy Allison <j...@samba.org> commit d4fb124adfc10de8b7eb1f72b74d7ca83f8415dd Author: Andreas Schneider <a...@samba.org> Date: Thu Aug 9 16:42:43 2018 +0200 s4:lib: Fix a possible fd leak in gp_get_file() Found by covscan. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13567 Pair-Programmed-With: Justin Stephenson <jstep...@redhat.com> Signed-off-by: Andreas Schneider <a...@samba.org> Signed-off-by: Justin Stephenson <jstep...@redhat.com> Reviewed-by: Jeremy Allison <j...@samba.org> commit b7b4fc51d0eadbbc94576dda75ae80098a205a24 Author: Andreas Schneider <a...@samba.org> Date: Thu Aug 9 16:30:03 2018 +0200 s3:utils: Do not leak memory in new_user() Found by covscan. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13567 Pair-Programmed-With: Justin Stephenson <jstep...@redhat.com> Signed-off-by: Andreas Schneider <a...@samba.org> Signed-off-by: Justin Stephenson <jstep...@redhat.com> Reviewed-by: Volker Lendecke <v...@samba.org> Reviewed-by: Jeremy Allison <j...@samba.org> commit f20150fb1ea5292f099862af6268d06844954d5e Author: Andreas Schneider <a...@samba.org> Date: Thu Aug 9 16:19:48 2018 +0200 s3:utils: Do not overflow the destination buffer in net_idmap_restore() Found by covsan. error[invalidScanfFormatWidth]: Width 128 given in format string (no. 2) is larger than destination buffer 'sid_string[128]', use %127s to prevent overflowing it. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13567 Pair-Programmed-With: Justin Stephenson <jstep...@redhat.com> Signed-off-by: Andreas Schneider <a...@samba.org> Signed-off-by: Justin Stephenson <jstep...@redhat.com> Reviewed-by: Volker Lendecke <v...@samba.org> Reviewed-by: Jeremy Allison <j...@samba.org> commit e4f4f5eb7303a0cce4f426dd9cfd1d6a488495b0 Author: Andreas Schneider <a...@samba.org> Date: Thu Aug 9 16:05:41 2018 +0200 s3:passdb: Don't leak memory on error in fetch_ldap_pw() Found by covscan. A candidate to use tallac ... BUG: https://bugzilla.samba.org/show_bug.cgi?id=13567 Pair-Programmed-With: Justin Stephenson <jstep...@redhat.com> Signed-off-by: Andreas Schneider <a...@samba.org> Signed-off-by: Justin Stephenson <jstep...@redhat.com> Reviewed-by: Volker Lendecke <v...@samba.org> Reviewed-by: Jeremy Allison <j...@samba.org> commit e6689c3e14c2dfaebaf1109f21e53184fea45d41 Author: Andreas Schneider <a...@samba.org> Date: Thu Aug 9 15:53:45 2018 +0200 wbinfo: Free memory when we leave wbinfo_dsgetdcname() Found by covscan. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13567 Pair-Programmed-With: Justin Stephenson <jstep...@redhat.com> Signed-off-by: Andreas Schneider <a...@samba.org> Signed-off-by: Justin Stephenson <jstep...@redhat.com> Reviewed-by: Volker Lendecke <v...@samba.org> Reviewed-by: Jeremy Allison <j...@samba.org> ----------------------------------------------------------------------- Summary of changes: nsswitch/wbinfo.c | 3 +++ source3/client/client.c | 7 +++++++ source3/libads/krb5_setpw.c | 2 ++ source3/passdb/secrets.c | 4 ++++ source3/registry/reg_perfcount.c | 15 +++++++++++---- source3/utils/net_idmap.c | 4 ++-- source3/utils/pdbedit.c | 10 +++++++--- source4/lib/policy/gp_filesys.c | 24 ++++++++++++++++-------- 8 files changed, 52 insertions(+), 17 deletions(-) Changeset truncated at 500 lines: diff --git a/nsswitch/wbinfo.c b/nsswitch/wbinfo.c index 1b58c73..c456f6e 100644 --- a/nsswitch/wbinfo.c +++ b/nsswitch/wbinfo.c @@ -747,6 +747,9 @@ static bool wbinfo_dsgetdcname(const char *domain_name, uint32_t flags) d_printf("%s\n", dc_info->dc_site_name); d_printf("%s\n", dc_info->client_site_name); + wbcFreeMemory(str); + wbcFreeMemory(dc_info); + return true; } diff --git a/source3/client/client.c b/source3/client/client.c index f112b8c..25ba01d 100644 --- a/source3/client/client.c +++ b/source3/client/client.c @@ -1160,6 +1160,7 @@ static int do_get(const char *rname, const char *lname_in, bool reget) start = lseek(handle, 0, SEEK_END); if (start == -1) { d_printf("Error seeking local file\n"); + close(handle); return 1; } } @@ -1181,6 +1182,9 @@ static int do_get(const char *rname, const char *lname_in, bool reget) NULL); if(!NT_STATUS_IS_OK(status)) { d_printf("getattrib: %s\n", nt_errstr(status)); + if (newhandle) { + close(handle); + } return 1; } } @@ -1193,6 +1197,9 @@ static int do_get(const char *rname, const char *lname_in, bool reget) if (!NT_STATUS_IS_OK(status)) { d_fprintf(stderr, "parallel_read returned %s\n", nt_errstr(status)); + if (newhandle) { + close(handle); + } cli_close(targetcli, fnum); return 1; } diff --git a/source3/libads/krb5_setpw.c b/source3/libads/krb5_setpw.c index bc96ac6..0418fec 100644 --- a/source3/libads/krb5_setpw.c +++ b/source3/libads/krb5_setpw.c @@ -224,6 +224,7 @@ static ADS_STATUS ads_krb5_chg_password(const char *kdc_host, krb5_get_init_creds_opt_free(context, opts); krb5_free_context(context); free(realm); + smb_krb5_free_addresses(context, addr); DEBUG(1,("ads_krb5_chg_password: asprintf fail\n")); return ADS_ERROR_NT(NT_STATUS_NO_MEMORY); } @@ -234,6 +235,7 @@ static ADS_STATUS ads_krb5_chg_password(const char *kdc_host, kerb_prompter, NULL, 0, chpw_princ, opts); krb5_get_init_creds_opt_free(context, opts); + smb_krb5_free_addresses(context, addr); SAFE_FREE(chpw_princ); SAFE_FREE(password); diff --git a/source3/passdb/secrets.c b/source3/passdb/secrets.c index 7533d6b..ce215b1 100644 --- a/source3/passdb/secrets.c +++ b/source3/passdb/secrets.c @@ -351,6 +351,8 @@ bool fetch_ldap_pw(char **dn, char** pw) if (!old_style_key) { DEBUG(0, ("fetch_ldap_pw: strdup failed!\n")); + SAFE_FREE(*pw); + SAFE_FREE(*dn); return False; } @@ -361,6 +363,7 @@ bool fetch_ldap_pw(char **dn, char** pw) if ((data == NULL) || (size < sizeof(old_style_pw))) { DEBUG(0,("fetch_ldap_pw: neither ldap secret retrieved!\n")); SAFE_FREE(old_style_key); + SAFE_FREE(*pw); SAFE_FREE(*dn); SAFE_FREE(data); return False; @@ -375,6 +378,7 @@ bool fetch_ldap_pw(char **dn, char** pw) if (!secrets_store_ldap_pw(*dn, old_style_pw)) { DEBUG(0,("fetch_ldap_pw: ldap secret could not be upgraded!\n")); SAFE_FREE(old_style_key); + SAFE_FREE(*pw); SAFE_FREE(*dn); return False; } diff --git a/source3/registry/reg_perfcount.c b/source3/registry/reg_perfcount.c index db4451e..e31f899 100644 --- a/source3/registry/reg_perfcount.c +++ b/source3/registry/reg_perfcount.c @@ -168,6 +168,7 @@ static uint32_t _reg_perfcount_multi_sz_from_tdb(TDB_CONTEXT *tdb, TDB_DATA kbuf, dbuf; char temp[PERFCOUNT_MAX_LEN] = {0}; char *buf1 = *retbuf; + char *p = NULL; uint32_t working_size = 0; DATA_BLOB name_index, name; bool ok; @@ -185,13 +186,16 @@ static uint32_t _reg_perfcount_multi_sz_from_tdb(TDB_CONTEXT *tdb, } /* First encode the name_index */ working_size = (kbuf.dsize + 1)*sizeof(uint16_t); - buf1 = (char *)SMB_REALLOC(buf1, buffer_size + working_size); - if(!buf1) { + p = (char *)SMB_REALLOC(buf1, buffer_size + working_size); + if (p == NULL) { + SAFE_FREE(buf1); buffer_size = 0; return buffer_size; } + buf1 = p; ok = push_reg_sz(talloc_tos(), &name_index, (const char *)kbuf.dptr); if (!ok) { + SAFE_FREE(buf1); buffer_size = 0; return buffer_size; } @@ -199,16 +203,19 @@ static uint32_t _reg_perfcount_multi_sz_from_tdb(TDB_CONTEXT *tdb, buffer_size += working_size; /* Now encode the actual name */ working_size = (dbuf.dsize + 1)*sizeof(uint16_t); - buf1 = (char *)SMB_REALLOC(buf1, buffer_size + working_size); - if(!buf1) { + p = (char *)SMB_REALLOC(buf1, buffer_size + working_size); + if (p == NULL) { + SAFE_FREE(buf1); buffer_size = 0; return buffer_size; } + buf1 = p; memset(temp, 0, sizeof(temp)); memcpy(temp, dbuf.dptr, dbuf.dsize); SAFE_FREE(dbuf.dptr); ok = push_reg_sz(talloc_tos(), &name, temp); if (!ok) { + SAFE_FREE(buf1); buffer_size = 0; return buffer_size; } diff --git a/source3/utils/net_idmap.c b/source3/utils/net_idmap.c index fee8121..4f36566 100644 --- a/source3/utils/net_idmap.c +++ b/source3/utils/net_idmap.c @@ -417,14 +417,14 @@ static int net_idmap_restore(struct net_context *c, int argc, const char **argv) if ( (len > 0) && (line[len-1] == '\n') ) line[len-1] = '\0'; - if (sscanf(line, "GID %lu %128s", &idval, sid_string) == 2) + if (sscanf(line, "GID %lu %127s", &idval, sid_string) == 2) { ret = net_idmap_store_id_mapping(db, ID_TYPE_GID, idval, sid_string); if (ret != 0) { break; } - } else if (sscanf(line, "UID %lu %128s", &idval, sid_string) == 2) + } else if (sscanf(line, "UID %lu %127s", &idval, sid_string) == 2) { ret = net_idmap_store_id_mapping(db, ID_TYPE_UID, idval, sid_string); diff --git a/source3/utils/pdbedit.c b/source3/utils/pdbedit.c index a353bae..5c947e2 100644 --- a/source3/utils/pdbedit.c +++ b/source3/utils/pdbedit.c @@ -750,7 +750,7 @@ static int new_user(const char *username, const char *fullname, NTSTATUS status; struct dom_sid u_sid; int flags; - int ret; + int ret = -1; tosctx = talloc_tos(); if (!tosctx) { @@ -766,10 +766,14 @@ static int new_user(const char *username, const char *fullname, } pwd1 = get_pass( "new password:", stdin_get); + if (pwd1 == NULL) { + fprintf(stderr, "Failed to read passwords.\n"); + goto done; + } pwd2 = get_pass( "retype new password:", stdin_get); - if (!pwd1 || !pwd2) { + if (pwd2 == NULL) { fprintf(stderr, "Failed to read passwords.\n"); - return -1; + goto done; } ret = strcmp(pwd1, pwd2); if (ret != 0) { diff --git a/source4/lib/policy/gp_filesys.c b/source4/lib/policy/gp_filesys.c index d48fc9f..267762d 100644 --- a/source4/lib/policy/gp_filesys.c +++ b/source4/lib/policy/gp_filesys.c @@ -215,6 +215,7 @@ static NTSTATUS gp_get_file (struct smbcli_tree *tree, const char *remote_src, fh_local = open(local_dst, O_WRONLY | O_CREAT | O_TRUNC, 0644); if (fh_local == -1) { DEBUG(0, ("Failed to open local file: %s\n", local_dst)); + smbcli_close(tree, fh_remote); return NT_STATUS_UNSUCCESSFUL; } @@ -224,11 +225,17 @@ static NTSTATUS gp_get_file (struct smbcli_tree *tree, const char *remote_src, NT_STATUS_IS_ERR(smbcli_getattrE(tree, fh_remote, &attr, &file_size, NULL, NULL, NULL))) { DEBUG(0, ("Failed to get remote file size: %s\n", smbcli_errstr(tree))); + smbcli_close(tree, fh_remote); + close(fh_local); return NT_STATUS_UNSUCCESSFUL; } buf = talloc_zero_array(tree, uint8_t, buf_size); - NT_STATUS_HAVE_NO_MEMORY(buf); + if (buf == NULL) { + smbcli_close(tree, fh_remote); + close(fh_local); + return NT_STATUS_NO_MEMORY; + } /* Copy the contents of the file */ while (1) { @@ -240,27 +247,28 @@ static NTSTATUS gp_get_file (struct smbcli_tree *tree, const char *remote_src, if (write(fh_local, buf, n) != n) { DEBUG(0, ("Short write while copying file.\n")); + smbcli_close(tree, fh_remote); + close(fh_local); talloc_free(buf); return NT_STATUS_UNSUCCESSFUL; } nread += n; } + /* Close the files */ + smbcli_close(tree, fh_remote); + close(fh_local); + + talloc_free(buf); + /* Bytes read should match the file size, or the copy was incomplete */ if (nread != file_size) { DEBUG(0, ("Remote/local file size mismatch after copying file: " "%s (remote %zu, local %zu).\n", remote_src, file_size, nread)); - close(fh_local); - talloc_free(buf); return NT_STATUS_UNSUCCESSFUL; } - /* Close the files */ - smbcli_close(tree, fh_remote); - close(fh_local); - - talloc_free(buf); return NT_STATUS_OK; } -- Samba Shared Repository