The branch, master has been updated
via 3e6ce5c s3:registry: Fix possible memory leak in
_reg_perfcount_multi_sz_from_tdb()
via dbdbd48 s3:libads: Fix memory leaks in ads_krb5_chg_password()
via 3d32c02 s3:client: Avoid a possible fd leak in do_get()
via d4fb124 s4:lib: Fix a possible fd leak in gp_get_file()
via b7b4fc5 s3:utils: Do not leak memory in new_user()
via f20150f s3:utils: Do not overflow the destination buffer in
net_idmap_restore()
via e4f4f5e s3:passdb: Don't leak memory on error in fetch_ldap_pw()
via e6689c3 wbinfo: Free memory when we leave wbinfo_dsgetdcname()
from bca4008 s3: tests: smbclient. Regression test to ensure we get
NT_STATUS_DIRECTORY_NOT_EMPTY on rmdir.
https://git.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 3e6ce5c6e679fdb39ed8142bf5e1ed4105164826
Author: Andreas Schneider <a...@samba.org>
Date: Thu Aug 9 16:15:10 2018 +0200
s3:registry: Fix possible memory leak in _reg_perfcount_multi_sz_from_tdb()
Found by covscan.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13567
Pair-Programmed-With: Justin Stephenson <jstep...@redhat.com>
Signed-off-by: Andreas Schneider <a...@samba.org>
Signed-off-by: Justin Stephenson <jstep...@redhat.com>
Reviewed-by: Jeremy Allison <j...@samba.org>
Autobuild-User(master): Jeremy Allison <j...@samba.org>
Autobuild-Date(master): Sat Aug 11 04:43:15 CEST 2018 on sn-devel-144
commit dbdbd4875ecac3e7334750f46f1f494b7afe6628
Author: Andreas Schneider <a...@samba.org>
Date: Thu Aug 9 16:02:16 2018 +0200
s3:libads: Fix memory leaks in ads_krb5_chg_password()
Found by covscan.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13567
Pair-Programmed-With: Justin Stephenson <jstep...@redhat.com>
Signed-off-by: Andreas Schneider <a...@samba.org>
Signed-off-by: Justin Stephenson <jstep...@redhat.com>
Reviewed-by: Jeremy Allison <j...@samba.org>
commit 3d32c0263b072e19335eba1451840284409ecb61
Author: Andreas Schneider <a...@samba.org>
Date: Thu Aug 9 15:58:32 2018 +0200
s3:client: Avoid a possible fd leak in do_get()
Found by covscan.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13567
Pair-Programmed-With: Justin Stephenson <jstep...@redhat.com>
Signed-off-by: Andreas Schneider <a...@samba.org>
Signed-off-by: Justin Stephenson <jstep...@redhat.com>
Reviewed-by: Jeremy Allison <j...@samba.org>
commit d4fb124adfc10de8b7eb1f72b74d7ca83f8415dd
Author: Andreas Schneider <a...@samba.org>
Date: Thu Aug 9 16:42:43 2018 +0200
s4:lib: Fix a possible fd leak in gp_get_file()
Found by covscan.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13567
Pair-Programmed-With: Justin Stephenson <jstep...@redhat.com>
Signed-off-by: Andreas Schneider <a...@samba.org>
Signed-off-by: Justin Stephenson <jstep...@redhat.com>
Reviewed-by: Jeremy Allison <j...@samba.org>
commit b7b4fc51d0eadbbc94576dda75ae80098a205a24
Author: Andreas Schneider <a...@samba.org>
Date: Thu Aug 9 16:30:03 2018 +0200
s3:utils: Do not leak memory in new_user()
Found by covscan.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13567
Pair-Programmed-With: Justin Stephenson <jstep...@redhat.com>
Signed-off-by: Andreas Schneider <a...@samba.org>
Signed-off-by: Justin Stephenson <jstep...@redhat.com>
Reviewed-by: Volker Lendecke <v...@samba.org>
Reviewed-by: Jeremy Allison <j...@samba.org>
commit f20150fb1ea5292f099862af6268d06844954d5e
Author: Andreas Schneider <a...@samba.org>
Date: Thu Aug 9 16:19:48 2018 +0200
s3:utils: Do not overflow the destination buffer in net_idmap_restore()
Found by covsan.
error[invalidScanfFormatWidth]: Width 128 given in format string (no. 2)
is larger than destination buffer 'sid_string[128]', use %127s to
prevent overflowing it.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13567
Pair-Programmed-With: Justin Stephenson <jstep...@redhat.com>
Signed-off-by: Andreas Schneider <a...@samba.org>
Signed-off-by: Justin Stephenson <jstep...@redhat.com>
Reviewed-by: Volker Lendecke <v...@samba.org>
Reviewed-by: Jeremy Allison <j...@samba.org>
commit e4f4f5eb7303a0cce4f426dd9cfd1d6a488495b0
Author: Andreas Schneider <a...@samba.org>
Date: Thu Aug 9 16:05:41 2018 +0200
s3:passdb: Don't leak memory on error in fetch_ldap_pw()
Found by covscan.
A candidate to use tallac ...
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13567
Pair-Programmed-With: Justin Stephenson <jstep...@redhat.com>
Signed-off-by: Andreas Schneider <a...@samba.org>
Signed-off-by: Justin Stephenson <jstep...@redhat.com>
Reviewed-by: Volker Lendecke <v...@samba.org>
Reviewed-by: Jeremy Allison <j...@samba.org>
commit e6689c3e14c2dfaebaf1109f21e53184fea45d41
Author: Andreas Schneider <a...@samba.org>
Date: Thu Aug 9 15:53:45 2018 +0200
wbinfo: Free memory when we leave wbinfo_dsgetdcname()
Found by covscan.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13567
Pair-Programmed-With: Justin Stephenson <jstep...@redhat.com>
Signed-off-by: Andreas Schneider <a...@samba.org>
Signed-off-by: Justin Stephenson <jstep...@redhat.com>
Reviewed-by: Volker Lendecke <v...@samba.org>
Reviewed-by: Jeremy Allison <j...@samba.org>
-----------------------------------------------------------------------
Summary of changes:
nsswitch/wbinfo.c | 3 +++
source3/client/client.c | 7 +++++++
source3/libads/krb5_setpw.c | 2 ++
source3/passdb/secrets.c | 4 ++++
source3/registry/reg_perfcount.c | 15 +++++++++++----
source3/utils/net_idmap.c | 4 ++--
source3/utils/pdbedit.c | 10 +++++++---
source4/lib/policy/gp_filesys.c | 24 ++++++++++++++++--------
8 files changed, 52 insertions(+), 17 deletions(-)
Changeset truncated at 500 lines:
diff --git a/nsswitch/wbinfo.c b/nsswitch/wbinfo.c
index 1b58c73..c456f6e 100644
--- a/nsswitch/wbinfo.c
+++ b/nsswitch/wbinfo.c
@@ -747,6 +747,9 @@ static bool wbinfo_dsgetdcname(const char *domain_name,
uint32_t flags)
d_printf("%s\n", dc_info->dc_site_name);
d_printf("%s\n", dc_info->client_site_name);
+ wbcFreeMemory(str);
+ wbcFreeMemory(dc_info);
+
return true;
}
diff --git a/source3/client/client.c b/source3/client/client.c
index f112b8c..25ba01d 100644
--- a/source3/client/client.c
+++ b/source3/client/client.c
@@ -1160,6 +1160,7 @@ static int do_get(const char *rname, const char
*lname_in, bool reget)
start = lseek(handle, 0, SEEK_END);
if (start == -1) {
d_printf("Error seeking local file\n");
+ close(handle);
return 1;
}
}
@@ -1181,6 +1182,9 @@ static int do_get(const char *rname, const char
*lname_in, bool reget)
NULL);
if(!NT_STATUS_IS_OK(status)) {
d_printf("getattrib: %s\n", nt_errstr(status));
+ if (newhandle) {
+ close(handle);
+ }
return 1;
}
}
@@ -1193,6 +1197,9 @@ static int do_get(const char *rname, const char
*lname_in, bool reget)
if (!NT_STATUS_IS_OK(status)) {
d_fprintf(stderr, "parallel_read returned %s\n",
nt_errstr(status));
+ if (newhandle) {
+ close(handle);
+ }
cli_close(targetcli, fnum);
return 1;
}
diff --git a/source3/libads/krb5_setpw.c b/source3/libads/krb5_setpw.c
index bc96ac6..0418fec 100644
--- a/source3/libads/krb5_setpw.c
+++ b/source3/libads/krb5_setpw.c
@@ -224,6 +224,7 @@ static ADS_STATUS ads_krb5_chg_password(const char
*kdc_host,
krb5_get_init_creds_opt_free(context, opts);
krb5_free_context(context);
free(realm);
+ smb_krb5_free_addresses(context, addr);
DEBUG(1,("ads_krb5_chg_password: asprintf fail\n"));
return ADS_ERROR_NT(NT_STATUS_NO_MEMORY);
}
@@ -234,6 +235,7 @@ static ADS_STATUS ads_krb5_chg_password(const char
*kdc_host,
kerb_prompter, NULL,
0, chpw_princ, opts);
krb5_get_init_creds_opt_free(context, opts);
+ smb_krb5_free_addresses(context, addr);
SAFE_FREE(chpw_princ);
SAFE_FREE(password);
diff --git a/source3/passdb/secrets.c b/source3/passdb/secrets.c
index 7533d6b..ce215b1 100644
--- a/source3/passdb/secrets.c
+++ b/source3/passdb/secrets.c
@@ -351,6 +351,8 @@ bool fetch_ldap_pw(char **dn, char** pw)
if (!old_style_key) {
DEBUG(0, ("fetch_ldap_pw: strdup failed!\n"));
+ SAFE_FREE(*pw);
+ SAFE_FREE(*dn);
return False;
}
@@ -361,6 +363,7 @@ bool fetch_ldap_pw(char **dn, char** pw)
if ((data == NULL) || (size < sizeof(old_style_pw))) {
DEBUG(0,("fetch_ldap_pw: neither ldap secret
retrieved!\n"));
SAFE_FREE(old_style_key);
+ SAFE_FREE(*pw);
SAFE_FREE(*dn);
SAFE_FREE(data);
return False;
@@ -375,6 +378,7 @@ bool fetch_ldap_pw(char **dn, char** pw)
if (!secrets_store_ldap_pw(*dn, old_style_pw)) {
DEBUG(0,("fetch_ldap_pw: ldap secret could not be
upgraded!\n"));
SAFE_FREE(old_style_key);
+ SAFE_FREE(*pw);
SAFE_FREE(*dn);
return False;
}
diff --git a/source3/registry/reg_perfcount.c b/source3/registry/reg_perfcount.c
index db4451e..e31f899 100644
--- a/source3/registry/reg_perfcount.c
+++ b/source3/registry/reg_perfcount.c
@@ -168,6 +168,7 @@ static uint32_t
_reg_perfcount_multi_sz_from_tdb(TDB_CONTEXT *tdb,
TDB_DATA kbuf, dbuf;
char temp[PERFCOUNT_MAX_LEN] = {0};
char *buf1 = *retbuf;
+ char *p = NULL;
uint32_t working_size = 0;
DATA_BLOB name_index, name;
bool ok;
@@ -185,13 +186,16 @@ static uint32_t
_reg_perfcount_multi_sz_from_tdb(TDB_CONTEXT *tdb,
}
/* First encode the name_index */
working_size = (kbuf.dsize + 1)*sizeof(uint16_t);
- buf1 = (char *)SMB_REALLOC(buf1, buffer_size + working_size);
- if(!buf1) {
+ p = (char *)SMB_REALLOC(buf1, buffer_size + working_size);
+ if (p == NULL) {
+ SAFE_FREE(buf1);
buffer_size = 0;
return buffer_size;
}
+ buf1 = p;
ok = push_reg_sz(talloc_tos(), &name_index, (const char *)kbuf.dptr);
if (!ok) {
+ SAFE_FREE(buf1);
buffer_size = 0;
return buffer_size;
}
@@ -199,16 +203,19 @@ static uint32_t
_reg_perfcount_multi_sz_from_tdb(TDB_CONTEXT *tdb,
buffer_size += working_size;
/* Now encode the actual name */
working_size = (dbuf.dsize + 1)*sizeof(uint16_t);
- buf1 = (char *)SMB_REALLOC(buf1, buffer_size + working_size);
- if(!buf1) {
+ p = (char *)SMB_REALLOC(buf1, buffer_size + working_size);
+ if (p == NULL) {
+ SAFE_FREE(buf1);
buffer_size = 0;
return buffer_size;
}
+ buf1 = p;
memset(temp, 0, sizeof(temp));
memcpy(temp, dbuf.dptr, dbuf.dsize);
SAFE_FREE(dbuf.dptr);
ok = push_reg_sz(talloc_tos(), &name, temp);
if (!ok) {
+ SAFE_FREE(buf1);
buffer_size = 0;
return buffer_size;
}
diff --git a/source3/utils/net_idmap.c b/source3/utils/net_idmap.c
index fee8121..4f36566 100644
--- a/source3/utils/net_idmap.c
+++ b/source3/utils/net_idmap.c
@@ -417,14 +417,14 @@ static int net_idmap_restore(struct net_context *c, int
argc, const char **argv)
if ( (len > 0) && (line[len-1] == '\n') )
line[len-1] = '\0';
- if (sscanf(line, "GID %lu %128s", &idval, sid_string) == 2)
+ if (sscanf(line, "GID %lu %127s", &idval, sid_string) == 2)
{
ret = net_idmap_store_id_mapping(db, ID_TYPE_GID,
idval, sid_string);
if (ret != 0) {
break;
}
- } else if (sscanf(line, "UID %lu %128s", &idval, sid_string) ==
2)
+ } else if (sscanf(line, "UID %lu %127s", &idval, sid_string) ==
2)
{
ret = net_idmap_store_id_mapping(db, ID_TYPE_UID,
idval, sid_string);
diff --git a/source3/utils/pdbedit.c b/source3/utils/pdbedit.c
index a353bae..5c947e2 100644
--- a/source3/utils/pdbedit.c
+++ b/source3/utils/pdbedit.c
@@ -750,7 +750,7 @@ static int new_user(const char *username, const char
*fullname,
NTSTATUS status;
struct dom_sid u_sid;
int flags;
- int ret;
+ int ret = -1;
tosctx = talloc_tos();
if (!tosctx) {
@@ -766,10 +766,14 @@ static int new_user(const char *username, const char
*fullname,
}
pwd1 = get_pass( "new password:", stdin_get);
+ if (pwd1 == NULL) {
+ fprintf(stderr, "Failed to read passwords.\n");
+ goto done;
+ }
pwd2 = get_pass( "retype new password:", stdin_get);
- if (!pwd1 || !pwd2) {
+ if (pwd2 == NULL) {
fprintf(stderr, "Failed to read passwords.\n");
- return -1;
+ goto done;
}
ret = strcmp(pwd1, pwd2);
if (ret != 0) {
diff --git a/source4/lib/policy/gp_filesys.c b/source4/lib/policy/gp_filesys.c
index d48fc9f..267762d 100644
--- a/source4/lib/policy/gp_filesys.c
+++ b/source4/lib/policy/gp_filesys.c
@@ -215,6 +215,7 @@ static NTSTATUS gp_get_file (struct smbcli_tree *tree,
const char *remote_src,
fh_local = open(local_dst, O_WRONLY | O_CREAT | O_TRUNC, 0644);
if (fh_local == -1) {
DEBUG(0, ("Failed to open local file: %s\n", local_dst));
+ smbcli_close(tree, fh_remote);
return NT_STATUS_UNSUCCESSFUL;
}
@@ -224,11 +225,17 @@ static NTSTATUS gp_get_file (struct smbcli_tree *tree,
const char *remote_src,
NT_STATUS_IS_ERR(smbcli_getattrE(tree, fh_remote,
&attr, &file_size, NULL, NULL, NULL))) {
DEBUG(0, ("Failed to get remote file size: %s\n",
smbcli_errstr(tree)));
+ smbcli_close(tree, fh_remote);
+ close(fh_local);
return NT_STATUS_UNSUCCESSFUL;
}
buf = talloc_zero_array(tree, uint8_t, buf_size);
- NT_STATUS_HAVE_NO_MEMORY(buf);
+ if (buf == NULL) {
+ smbcli_close(tree, fh_remote);
+ close(fh_local);
+ return NT_STATUS_NO_MEMORY;
+ }
/* Copy the contents of the file */
while (1) {
@@ -240,27 +247,28 @@ static NTSTATUS gp_get_file (struct smbcli_tree *tree,
const char *remote_src,
if (write(fh_local, buf, n) != n) {
DEBUG(0, ("Short write while copying file.\n"));
+ smbcli_close(tree, fh_remote);
+ close(fh_local);
talloc_free(buf);
return NT_STATUS_UNSUCCESSFUL;
}
nread += n;
}
+ /* Close the files */
+ smbcli_close(tree, fh_remote);
+ close(fh_local);
+
+ talloc_free(buf);
+
/* Bytes read should match the file size, or the copy was incomplete */
if (nread != file_size) {
DEBUG(0, ("Remote/local file size mismatch after copying file: "
"%s (remote %zu, local %zu).\n",
remote_src, file_size, nread));
- close(fh_local);
- talloc_free(buf);
return NT_STATUS_UNSUCCESSFUL;
}
- /* Close the files */
- smbcli_close(tree, fh_remote);
- close(fh_local);
-
- talloc_free(buf);
return NT_STATUS_OK;
}
--
Samba Shared Repository
