The branch, master has been updated
via b0a9a69 libnetapi: Fix 241166 Fixing logically dead code
via fbb2d49 registry: Fix 1273042 Identical code for if/else branch
via 508b45f ctdb: Fix CID 1125615 Copy into fixed size buffer
via 93d4e80 ctdb: Fix CID 1125634 Out-of-bounds write
via c7cc3ad lib: Fix CID 1273009 Dereference after null check
via 5d0a5c4 loadparm: Fix CID 1273054 Improper use of negative value
via d02840a replace: clean-up strlcpy and add note on return value
from 4cc51f9 vfs_fruit: enhance handling of malformed AppleDouble files
https://git.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit b0a9a69bccd5a2c802c622fe7201212bcd3a6ac6
Author: Anoop C S <[email protected]>
Date: Thu Mar 26 14:05:19 2015 +0530
libnetapi: Fix 241166 Fixing logically dead code
Signed-off-by: Anoop C S <[email protected]>
Reviewed-by: Guenther Deschner <[email protected]>
Reviewed-by: Michael Adam <[email protected]>
Autobuild-User(master): Michael Adam <[email protected]>
Autobuild-Date(master): Thu Mar 26 17:30:27 CET 2015 on sn-devel-104
commit fbb2d4929f90aec862b963d224aeb586aae33c64
Author: Anoop C S <[email protected]>
Date: Thu Mar 26 18:06:44 2015 +0530
registry: Fix 1273042 Identical code for if/else branch
Signed-off-by: Anoop C S <[email protected]>
Reviewed-by: Michael Adam <[email protected]>
Reviewed-by: Volker Lendecke <[email protected]>
Reviewed-by: Ira Cooper <[email protected]>
Reviewed-by: Guenther Deschner <[email protected]>
commit 508b45fca93ca2dfb048fdf7465602bc34df42db
Author: Volker Lendecke <[email protected]>
Date: Thu Mar 26 13:11:14 2015 +0100
ctdb: Fix CID 1125615 Copy into fixed size buffer
Might be a "can't happen", but strcpy always looks fishy
Signed-off-by: Volker Lendecke <[email protected]>
Reviewed-by: Michael Adam <[email protected]>
commit 93d4e801298d8ebb7261adbfc2bdb1a5fbe7115c
Author: Volker Lendecke <[email protected]>
Date: Thu Mar 26 13:06:26 2015 +0100
ctdb: Fix CID 1125634 Out-of-bounds write
Signed-off-by: Volker Lendecke <[email protected]>
Reviewed-by: Michael Adam <[email protected]>
commit c7cc3adca2d7cfdd2350a9e0d540570bc826e2c7
Author: Volker Lendecke <[email protected]>
Date: Thu Mar 26 10:21:20 2015 +0100
lib: Fix CID 1273009 Dereference after null check
Signed-off-by: Volker Lendecke <[email protected]>
Reviewed-by: Michael Adam <[email protected]>
commit 5d0a5c421641f719bcee6133119c1443dd7a4710
Author: Volker Lendecke <[email protected]>
Date: Thu Mar 26 10:14:22 2015 +0100
loadparm: Fix CID 1273054 Improper use of negative value
Probably a "can't happen", but formally lpcfg_map_parameter can return -1
Signed-off-by: Volker Lendecke <[email protected]>
Reviewed-by: Michael Adam <[email protected]>
commit d02840a3a4d113e17a4225b0e7b1c893634a31d9
Author: David Disseldorp <[email protected]>
Date: Thu Mar 26 12:21:44 2015 +0100
replace: clean-up strlcpy and add note on return value
The existing implementation uses single line ifs, making the code hard
to visually parse.
Signed-off-by: David Disseldorp <[email protected]>
Reviewed-by: Michael Adam <[email protected]>
-----------------------------------------------------------------------
Summary of changes:
ctdb/tests/src/ctdb_takeover_tests.c | 2 +-
ctdb/tests/src/ctdb_test_stubs.c | 7 ++++++-
lib/param/loadparm.c | 3 +++
lib/replace/replace.c | 16 ++++++++++++----
source3/lib/messages.c | 1 +
source3/lib/netapi/user.c | 3 ---
source3/registry/reg_perfcount.c | 12 ++----------
7 files changed, 25 insertions(+), 19 deletions(-)
Changeset truncated at 500 lines:
diff --git a/ctdb/tests/src/ctdb_takeover_tests.c
b/ctdb/tests/src/ctdb_takeover_tests.c
index 8b07325..7ff8755 100644
--- a/ctdb/tests/src/ctdb_takeover_tests.c
+++ b/ctdb/tests/src/ctdb_takeover_tests.c
@@ -431,7 +431,7 @@ static void ctdb_test_init(const char nodestates[],
while (tok != NULL) {
nodeflags[numnodes] = (uint32_t) strtol(tok, NULL, 0);
numnodes++;
- if (numnodes > CTDB_TEST_MAX_NODES) {
+ if (numnodes >= CTDB_TEST_MAX_NODES) {
DEBUG(DEBUG_ERR, ("ERROR: Exceeding
CTDB_TEST_MAX_NODES: %d\n", CTDB_TEST_MAX_NODES));
exit(1);
}
diff --git a/ctdb/tests/src/ctdb_test_stubs.c b/ctdb/tests/src/ctdb_test_stubs.c
index 3ea508a..a9947b1 100644
--- a/ctdb/tests/src/ctdb_test_stubs.c
+++ b/ctdb/tests/src/ctdb_test_stubs.c
@@ -597,7 +597,12 @@ int32_t ctdb_control_get_ifaces(struct ctdb_context *ctdb,
i = 0;
for (cur=ctdb->ifaces;cur;cur=cur->next) {
- strcpy(ifaces->ifaces[i].name, cur->name);
+ size_t nlen = strlcpy(ifaces->ifaces[i].name, cur->name,
+ sizeof(ifaces->ifaces[i].name));
+ if (nlen >= sizeof(ifaces->ifaces[i].name)) {
+ /* Ignore invalid name */
+ continue;
+ }
ifaces->ifaces[i].link_state = cur->link_up;
ifaces->ifaces[i].references = cur->references;
i++;
diff --git a/lib/param/loadparm.c b/lib/param/loadparm.c
index e2b0ca2..ddb806a 100644
--- a/lib/param/loadparm.c
+++ b/lib/param/loadparm.c
@@ -1338,6 +1338,9 @@ bool handle_smb_ports(struct loadparm_context *lp_ctx,
struct loadparm_service *
if (parm_num == -1) {
parm_num = lpcfg_map_parameter("smb ports");
+ if (parm_num == -1) {
+ return false;
+ }
}
if(!set_variable_helper(lp_ctx->globals->ctx, parm_num, ptr, "smb
ports",
diff --git a/lib/replace/replace.c b/lib/replace/replace.c
index 2a9ca3e..9fae44a 100644
--- a/lib/replace/replace.c
+++ b/lib/replace/replace.c
@@ -64,14 +64,22 @@ int rep_ftruncate(int f, off_t l)
#ifndef HAVE_STRLCPY
-/* like strncpy but does not 0 fill the buffer and always null
- terminates. bufsize is the size of the destination buffer */
+/*
+ * Like strncpy but does not 0 fill the buffer and always null
+ * terminates. bufsize is the size of the destination buffer.
+ * Returns the length of s.
+ */
size_t rep_strlcpy(char *d, const char *s, size_t bufsize)
{
size_t len = strlen(s);
size_t ret = len;
- if (bufsize <= 0) return 0;
- if (len >= bufsize) len = bufsize-1;
+
+ if (bufsize <= 0) {
+ return 0;
+ }
+ if (len >= bufsize) {
+ len = bufsize - 1;
+ }
memcpy(d, s, len);
d[len] = 0;
return ret;
diff --git a/source3/lib/messages.c b/source3/lib/messages.c
index aa67640..f0d2797 100644
--- a/source3/lib/messages.c
+++ b/source3/lib/messages.c
@@ -1066,6 +1066,7 @@ static void mess_parent_dgm_cleanup_done(struct
tevent_req *req)
mess_parent_dgm_cleanup, msg);
if (req == NULL) {
DEBUG(1, ("background_job_send failed\n"));
+ return;
}
tevent_req_set_callback(req, mess_parent_dgm_cleanup_done, msg);
}
diff --git a/source3/lib/netapi/user.c b/source3/lib/netapi/user.c
index 6324084..bb598be 100644
--- a/source3/lib/netapi/user.c
+++ b/source3/lib/netapi/user.c
@@ -1201,9 +1201,6 @@ static NTSTATUS
libnetapi_samr_lookup_user_map_USER_INFO(TALLOC_CTX *mem_ctx,
}
switch (level) {
- case 0:
- /* already returned above */
- break;
case 1:
status = info21_to_USER_INFO_1(mem_ctx, info21, &info1);
NT_STATUS_NOT_OK_RETURN(status);
diff --git a/source3/registry/reg_perfcount.c b/source3/registry/reg_perfcount.c
index f78ab44..57ce307 100644
--- a/source3/registry/reg_perfcount.c
+++ b/source3/registry/reg_perfcount.c
@@ -1145,16 +1145,8 @@ static uint32 reg_perfcount_get_perf_data_block(uint32
base_index,
reg_perfcount_get_last_counter(base_index);
- if(object_ids == NULL)
- {
- /* we're getting a request for "Global" here */
- retval = _reg_perfcount_assemble_global(block, mem_ctx,
base_index, names);
- }
- else
- {
- /* we're getting a request for a specific set of
PERF_OBJECT_TYPES */
- retval = _reg_perfcount_assemble_global(block, mem_ctx,
base_index, names);
- }
+ retval = _reg_perfcount_assemble_global(block, mem_ctx, base_index,
names);
+
buffer_size = _reg_perfcount_perf_data_block_fixup(block, mem_ctx);
tdb_close(names);
--
Samba Shared Repository
