The branch, master has been updated via 7e78d275424 gensec: Fix CID 1458419 Control flow issues (NO_EFFECT) via 43c808f2ff9 gensec: Fix CID 1458421 OVERRUN via ef0350221e1 auth: Fix CID 1458418 Null pointer dereferences (REVERSE_INULL) via 503fc8f2ba6 auth: Fix CID 1458420 Null pointer dereferences (REVERSE_INULL) from bd279d3f98d ctdb-tests: Fix getdbmap test so that it actually works sanely
https://git.samba.org/?p=samba.git;a=shortlog;h=master - Log ----------------------------------------------------------------- commit 7e78d275424db52544ee550ad0993c38d08d30a8 Author: Volker Lendecke <v...@samba.org> Date: Wed Feb 12 15:42:28 2020 +0100 gensec: Fix CID 1458419 Control flow issues (NO_EFFECT) socklen_t can be unsigned Signed-off-by: Volker Lendecke <v...@samba.org> Reviewed-by: Stefan Metzmacher <me...@samba.org> Autobuild-User(master): Stefan Metzmacher <me...@samba.org> Autobuild-Date(master): Fri Feb 14 13:42:26 UTC 2020 on sn-devel-184 commit 43c808f2ff907497dfff0988ff90a48fdcfc16ef Author: Volker Lendecke <v...@samba.org> Date: Wed Feb 12 15:36:20 2020 +0100 gensec: Fix CID 1458421 OVERRUN Signed-off-by: Volker Lendecke <v...@samba.org> Reviewed-by: Stefan Metzmacher <me...@samba.org> commit ef0350221e194a3dd3350eab02b38baeb32d8fd3 Author: Volker Lendecke <v...@samba.org> Date: Wed Feb 12 15:40:32 2020 +0100 auth: Fix CID 1458418 Null pointer dereferences (REVERSE_INULL) BUG: https://bugzilla.samba.org/show_bug.cgi?id=14247 Signed-off-by: Volker Lendecke <v...@samba.org> Reviewed-by: Stefan Metzmacher <me...@samba.org> commit 503fc8f2ba662ecbec0788bd1710440464dc5cfd Author: Volker Lendecke <v...@samba.org> Date: Wed Feb 12 15:39:54 2020 +0100 auth: Fix CID 1458420 Null pointer dereferences (REVERSE_INULL) BUG: https://bugzilla.samba.org/show_bug.cgi?id=14247 Signed-off-by: Volker Lendecke <v...@samba.org> Reviewed-by: Stefan Metzmacher <me...@samba.org> ----------------------------------------------------------------------- Summary of changes: source3/auth/auth_sam.c | 6 ++++-- source4/auth/gensec/gensec_krb5.c | 18 ++++++++++-------- 2 files changed, 14 insertions(+), 10 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/auth/auth_sam.c b/source3/auth/auth_sam.c index c6357c696ea..3c12f959faf 100644 --- a/source3/auth/auth_sam.c +++ b/source3/auth/auth_sam.c @@ -80,12 +80,13 @@ static NTSTATUS auth_samstrict_auth(const struct auth_context *auth_context, const struct auth_usersupplied_info *user_info, struct auth_serversupplied_info **server_info) { - const char *effective_domain = user_info->mapped.domain_name; + const char *effective_domain = NULL; bool is_local_name, is_my_domain; if (!user_info || !auth_context) { return NT_STATUS_LOGON_FAILURE; } + effective_domain = user_info->mapped.domain_name; if (user_info->mapped.account_name == NULL || user_info->mapped.account_name[0] == '\0') @@ -187,12 +188,13 @@ static NTSTATUS auth_sam_netlogon3_auth(const struct auth_context *auth_context, const struct auth_usersupplied_info *user_info, struct auth_serversupplied_info **server_info) { - const char *effective_domain = user_info->mapped.domain_name; + const char *effective_domain = NULL; bool is_my_domain; if (!user_info || !auth_context) { return NT_STATUS_LOGON_FAILURE; } + effective_domain = user_info->mapped.domain_name; if (user_info->mapped.account_name == NULL || user_info->mapped.account_name[0] == '\0') diff --git a/source4/auth/gensec/gensec_krb5.c b/source4/auth/gensec/gensec_krb5.c index c7d0fc6c225..866ecc82133 100644 --- a/source4/auth/gensec/gensec_krb5.c +++ b/source4/auth/gensec/gensec_krb5.c @@ -145,16 +145,17 @@ static NTSTATUS gensec_krb5_start(struct gensec_security *gensec_security, bool tlocal_addr = gensec_get_local_address(gensec_security); if (tlocal_addr) { + ssize_t sockaddr_ret; struct samba_sockaddr addr; bool ok; - addr.sa_socklen = tsocket_address_bsd_sockaddr(tlocal_addr, - &addr.u.sa, - sizeof(addr.u)); - if (addr.sa_socklen < 0) { + sockaddr_ret = tsocket_address_bsd_sockaddr( + tlocal_addr, &addr.u.sa, sizeof(addr.u.sa)); + if (sockaddr_ret < 0) { talloc_free(gensec_krb5_state); return NT_STATUS_INTERNAL_ERROR; } + addr.sa_socklen = sockaddr_ret; ok = smb_krb5_sockaddr_to_kaddr(&addr.u.ss, &my_krb5_addr); if (!ok) { DBG_WARNING("smb_krb5_sockaddr_to_kaddr (local) failed\n"); @@ -165,16 +166,17 @@ static NTSTATUS gensec_krb5_start(struct gensec_security *gensec_security, bool tremote_addr = gensec_get_remote_address(gensec_security); if (tremote_addr) { + ssize_t sockaddr_ret; struct samba_sockaddr addr; bool ok; - addr.sa_socklen = tsocket_address_bsd_sockaddr(tremote_addr, - &addr.u.sa, - sizeof(addr.u)); - if (addr.sa_socklen < 0) { + sockaddr_ret = tsocket_address_bsd_sockaddr( + tremote_addr, &addr.u.sa, sizeof(addr.u.sa)); + if (sockaddr_ret < 0) { talloc_free(gensec_krb5_state); return NT_STATUS_INTERNAL_ERROR; } + addr.sa_socklen = sockaddr_ret; ok = smb_krb5_sockaddr_to_kaddr(&addr.u.ss, &peer_krb5_addr); if (!ok) { DBG_WARNING("smb_krb5_sockaddr_to_kaddr (remote) failed\n"); -- Samba Shared Repository