svn commit: samba r14171 - in trunk/source: libads smbd

Fri, 10 Mar 2006 10:33:35 -0800 

Author: jra
Date: 2006-03-10 18:32:23 +0000 (Fri, 10 Mar 2006)
New Revision: 14171

WebSVN: 
http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=14171

Log:
Paranioa fix for sesssetup.
Fix Coverity bug #26. Guard against NULL ref.
Jeremy.

Modified:
   trunk/source/libads/krb5_setpw.c
   trunk/source/smbd/sesssetup.c


Changeset:
Modified: trunk/source/libads/krb5_setpw.c
===================================================================
--- trunk/source/libads/krb5_setpw.c    2006-03-10 18:32:18 UTC (rev 14170)
+++ trunk/source/libads/krb5_setpw.c    2006-03-10 18:32:23 UTC (rev 14171)
@@ -65,19 +65,22 @@
        princ = SMB_STRDUP(principal);
 
        if ((c = strchr_m(princ, '/')) == NULL) {
-           c = princ; 
+               c = princ; 
        } else {
-           *c = '\0';
-           c++;
-           princ_part1 = princ;
+               *c = '\0';
+               c++;
+               princ_part1 = princ;
        }
 
        princ_part2 = c;
 
        if ((c = strchr_m(c, '@')) != NULL) {
-           *c = '\0';
-           c++;
-           realm = c;
+               *c = '\0';
+               c++;
+               realm = c;
+       } else {
+               /* We must have a realm component. */
+               return data_blob(NULL, 0);
        }
 
        memset(&req, 0, sizeof(req));
@@ -97,8 +100,9 @@
        asn1_push_tag(&req, ASN1_CONTEXT(1));
        asn1_push_tag(&req, ASN1_SEQUENCE(0));
 
-       if (princ_part1) 
-           asn1_write_GeneralString(&req, princ_part1);
+       if (princ_part1) {
+               asn1_write_GeneralString(&req, princ_part1);
+       }
        
        asn1_write_GeneralString(&req, princ_part2);
        asn1_pop_tag(&req);
@@ -151,6 +155,10 @@
        else
                return EINVAL;
 
+       if (setpw.data == NULL || setpw.length == 0) {
+               return EINVAL;
+       }
+
        encoded_setpw.data = (char *)setpw.data;
        encoded_setpw.length = setpw.length;
 

Modified: trunk/source/smbd/sesssetup.c
===================================================================
--- trunk/source/smbd/sesssetup.c       2006-03-10 18:32:18 UTC (rev 14170)
+++ trunk/source/smbd/sesssetup.c       2006-03-10 18:32:23 UTC (rev 14171)
@@ -1079,6 +1079,11 @@
                return ERROR_NT(nt_status_squash(nt_status));
        }
 
+       /* Ensure we can't possible take a code path leading to a null defref. 
*/
+       if (!server_info) {
+               return ERROR_NT(NT_STATUS_LOGON_FAILURE);
+       }
+
        nt_status = create_local_token(server_info);
        if (!NT_STATUS_IS_OK(nt_status)) {
                DEBUG(10, ("create_local_token failed: %s\n",

Reply via email to