[SCM] Samba Shared Repository - branch master updated

Thu, 07 Jan 2016 20:46:23 -0800 

The branch, master has been updated
       via  657610a smbd: Fix 240393 Uninitialized pointer read
       via  fc4c2dc bind_dlz: Fix CID 1347318 Unchecked return value
       via  0cb8b9d ctdb: Fix CID 1347319 Unchecked return value
       via  4a3ad42 samdb: Fix CID 1347320 Dereference null return value
      from  78e9f1e build: Add space before -D option

https://git.samba.org/?p=samba.git;a=shortlog;h=master


- Log -----------------------------------------------------------------
commit 657610a0e423aa0cd17f9137845a335b02217884
Author: Volker Lendecke <v...@samba.org>
Date:   Thu Jan 7 21:33:18 2016 +0100

    smbd: Fix 240393 Uninitialized pointer read
    
    If we run into the "This is a stream on the root of the share" case,
    in old line 409 (new line 417) we "goto done;". If then in old line 1027
    (new line 1035) "build_stream_path" fails, "start" is uninitialized.
    
    Signed-off-by: Volker Lendecke <v...@samba.org>
    Reviewed-by: Jeremy Allison <j...@samba.org>
    
    Autobuild-User(master): Jeremy Allison <j...@samba.org>
    Autobuild-Date(master): Fri Jan  8 05:44:15 CET 2016 on sn-devel-144

commit fc4c2dcd526851fa938f6d8edb15b58fbb644a45
Author: Volker Lendecke <v...@samba.org>
Date:   Thu Jan 7 21:17:43 2016 +0100

    bind_dlz: Fix CID 1347318 Unchecked return value
    
    Signed-off-by: Volker Lendecke <v...@samba.org>
    Reviewed-by: Jeremy Allison <j...@samba.org>

commit 0cb8b9d113b322f784100365669d2be8b7fa635a
Author: Volker Lendecke <v...@samba.org>
Date:   Thu Jan 7 21:14:05 2016 +0100

    ctdb: Fix CID 1347319 Unchecked return value
    
    Signed-off-by: Volker Lendecke <v...@samba.org>
    Reviewed-by: Jeremy Allison <j...@samba.org>

commit 4a3ad425b92122f5b5e61b140eb52d3fe06b724e
Author: Volker Lendecke <v...@samba.org>
Date:   Thu Jan 7 21:10:24 2016 +0100

    samdb: Fix CID 1347320 Dereference null return value
    
    Signed-off-by: Volker Lendecke <v...@samba.org>
    Reviewed-by: Jeremy Allison <j...@samba.org>

-----------------------------------------------------------------------

Summary of changes:
 ctdb/common/system_linux.c              |  8 +++++++-
 source3/smbd/filename.c                 | 10 +++++++++-
 source4/dns_server/dlz_bind9.c          | 16 +++++++++++++---
 source4/dsdb/samdb/ldb_modules/samldb.c |  6 ++++++
 4 files changed, 35 insertions(+), 5 deletions(-)


Changeset truncated at 500 lines:

diff --git a/ctdb/common/system_linux.c b/ctdb/common/system_linux.c
index 6447f56..55c22c5 100644
--- a/ctdb/common/system_linux.c
+++ b/ctdb/common/system_linux.c
@@ -247,7 +247,13 @@ int ctdb_sys_send_arp(const ctdb_sock_addr *addr, const 
char *iface)
                ip6->ip6_hlim = 255;
                ip6->ip6_src  = addr->ip6.sin6_addr;
                /* all-nodes multicast */
-               inet_pton(AF_INET6, "ff02::1", &ip6->ip6_dst);
+
+               ret = inet_pton(AF_INET6, "ff02::1", &ip6->ip6_dst);
+               if (ret != 1) {
+                       close(s);
+                       DEBUG(DEBUG_CRIT,(__location__ " failed inet_pton\n"));
+                       return -1;
+               }
 
                nd_na = (struct nd_neighbor_advert *)(ip6+1);
                nd_na->nd_na_type = ND_NEIGHBOR_ADVERT;
diff --git a/source3/smbd/filename.c b/source3/smbd/filename.c
index c2ed1fc..f2c9184 100644
--- a/source3/smbd/filename.c
+++ b/source3/smbd/filename.c
@@ -235,7 +235,15 @@ NTSTATUS unix_convert(TALLOC_CTX *ctx,
                      uint32_t ucf_flags)
 {
        struct smb_filename *smb_fname = NULL;
-       char *start, *end;
+
+       /*
+        * This looks strange. But we need "start" initialized to "" here but
+        * it can't be a const char *, so 'char *start = "";' does not work.
+        */
+       char cnull = '\0';
+       char *start = &cnull;
+
+       char *end;
        char *dirpath = NULL;
        char *stream = NULL;
        bool component_was_mangled = False;
diff --git a/source4/dns_server/dlz_bind9.c b/source4/dns_server/dlz_bind9.c
index 7a76fe5..4c21a5e 100644
--- a/source4/dns_server/dlz_bind9.c
+++ b/source4/dns_server/dlz_bind9.c
@@ -1438,10 +1438,20 @@ static bool b9_record_match(struct dlz_bind9_data 
*state,
        switch (rec1->wType) {
        case DNS_TYPE_A:
                return strcmp(rec1->data.ipv4, rec2->data.ipv4) == 0;
-       case DNS_TYPE_AAAA:
-               inet_pton(AF_INET6, rec1->data.ipv6, &rec1_in_addr6);
-               inet_pton(AF_INET6, rec2->data.ipv6, &rec2_in_addr6);
+       case DNS_TYPE_AAAA: {
+               int ret;
+
+               ret = inet_pton(AF_INET6, rec1->data.ipv6, &rec1_in_addr6);
+               if (ret != 1) {
+                       return false;
+               }
+               ret = inet_pton(AF_INET6, rec2->data.ipv6, &rec2_in_addr6);
+               if (ret != 1) {
+                       return false;
+               }
+
                return memcmp(&rec1_in_addr6, &rec2_in_addr6, 
sizeof(rec1_in_addr6)) == 0;
+       }
        case DNS_TYPE_CNAME:
                return dns_name_equal(rec1->data.cname, rec2->data.cname);
        case DNS_TYPE_TXT:
diff --git a/source4/dsdb/samdb/ldb_modules/samldb.c 
b/source4/dsdb/samdb/ldb_modules/samldb.c
index b9b57db..2394bd9 100644
--- a/source4/dsdb/samdb/ldb_modules/samldb.c
+++ b/source4/dsdb/samdb/ldb_modules/samldb.c
@@ -2886,6 +2886,12 @@ static int samldb_verify_subnet(struct samldb_ctx *ac)
        const struct ldb_val *rdn_value = NULL;
 
        rdn_value = ldb_dn_get_rdn_val(ac->msg->dn);
+       if (rdn_value == NULL) {
+               ldb_set_errstring(ldb, "samldb: ldb_dn_get_rdn_val "
+                                 "failed");
+               return LDB_ERR_UNWILLING_TO_PERFORM;
+       }
+
        cidr = ldb_dn_escape_value(ac, *rdn_value);
        DBG_INFO("looking at cidr '%s'\n", cidr);
        if (cidr == NULL) {


-- 
Samba Shared Repository

Reply via email to