The branch, master has been updated via 657610a smbd: Fix 240393 Uninitialized pointer read via fc4c2dc bind_dlz: Fix CID 1347318 Unchecked return value via 0cb8b9d ctdb: Fix CID 1347319 Unchecked return value via 4a3ad42 samdb: Fix CID 1347320 Dereference null return value from 78e9f1e build: Add space before -D option
https://git.samba.org/?p=samba.git;a=shortlog;h=master - Log ----------------------------------------------------------------- commit 657610a0e423aa0cd17f9137845a335b02217884 Author: Volker Lendecke <v...@samba.org> Date: Thu Jan 7 21:33:18 2016 +0100 smbd: Fix 240393 Uninitialized pointer read If we run into the "This is a stream on the root of the share" case, in old line 409 (new line 417) we "goto done;". If then in old line 1027 (new line 1035) "build_stream_path" fails, "start" is uninitialized. Signed-off-by: Volker Lendecke <v...@samba.org> Reviewed-by: Jeremy Allison <j...@samba.org> Autobuild-User(master): Jeremy Allison <j...@samba.org> Autobuild-Date(master): Fri Jan 8 05:44:15 CET 2016 on sn-devel-144 commit fc4c2dcd526851fa938f6d8edb15b58fbb644a45 Author: Volker Lendecke <v...@samba.org> Date: Thu Jan 7 21:17:43 2016 +0100 bind_dlz: Fix CID 1347318 Unchecked return value Signed-off-by: Volker Lendecke <v...@samba.org> Reviewed-by: Jeremy Allison <j...@samba.org> commit 0cb8b9d113b322f784100365669d2be8b7fa635a Author: Volker Lendecke <v...@samba.org> Date: Thu Jan 7 21:14:05 2016 +0100 ctdb: Fix CID 1347319 Unchecked return value Signed-off-by: Volker Lendecke <v...@samba.org> Reviewed-by: Jeremy Allison <j...@samba.org> commit 4a3ad425b92122f5b5e61b140eb52d3fe06b724e Author: Volker Lendecke <v...@samba.org> Date: Thu Jan 7 21:10:24 2016 +0100 samdb: Fix CID 1347320 Dereference null return value Signed-off-by: Volker Lendecke <v...@samba.org> Reviewed-by: Jeremy Allison <j...@samba.org> ----------------------------------------------------------------------- Summary of changes: ctdb/common/system_linux.c | 8 +++++++- source3/smbd/filename.c | 10 +++++++++- source4/dns_server/dlz_bind9.c | 16 +++++++++++++--- source4/dsdb/samdb/ldb_modules/samldb.c | 6 ++++++ 4 files changed, 35 insertions(+), 5 deletions(-) Changeset truncated at 500 lines: diff --git a/ctdb/common/system_linux.c b/ctdb/common/system_linux.c index 6447f56..55c22c5 100644 --- a/ctdb/common/system_linux.c +++ b/ctdb/common/system_linux.c @@ -247,7 +247,13 @@ int ctdb_sys_send_arp(const ctdb_sock_addr *addr, const char *iface) ip6->ip6_hlim = 255; ip6->ip6_src = addr->ip6.sin6_addr; /* all-nodes multicast */ - inet_pton(AF_INET6, "ff02::1", &ip6->ip6_dst); + + ret = inet_pton(AF_INET6, "ff02::1", &ip6->ip6_dst); + if (ret != 1) { + close(s); + DEBUG(DEBUG_CRIT,(__location__ " failed inet_pton\n")); + return -1; + } nd_na = (struct nd_neighbor_advert *)(ip6+1); nd_na->nd_na_type = ND_NEIGHBOR_ADVERT; diff --git a/source3/smbd/filename.c b/source3/smbd/filename.c index c2ed1fc..f2c9184 100644 --- a/source3/smbd/filename.c +++ b/source3/smbd/filename.c @@ -235,7 +235,15 @@ NTSTATUS unix_convert(TALLOC_CTX *ctx, uint32_t ucf_flags) { struct smb_filename *smb_fname = NULL; - char *start, *end; + + /* + * This looks strange. But we need "start" initialized to "" here but + * it can't be a const char *, so 'char *start = "";' does not work. + */ + char cnull = '\0'; + char *start = &cnull; + + char *end; char *dirpath = NULL; char *stream = NULL; bool component_was_mangled = False; diff --git a/source4/dns_server/dlz_bind9.c b/source4/dns_server/dlz_bind9.c index 7a76fe5..4c21a5e 100644 --- a/source4/dns_server/dlz_bind9.c +++ b/source4/dns_server/dlz_bind9.c @@ -1438,10 +1438,20 @@ static bool b9_record_match(struct dlz_bind9_data *state, switch (rec1->wType) { case DNS_TYPE_A: return strcmp(rec1->data.ipv4, rec2->data.ipv4) == 0; - case DNS_TYPE_AAAA: - inet_pton(AF_INET6, rec1->data.ipv6, &rec1_in_addr6); - inet_pton(AF_INET6, rec2->data.ipv6, &rec2_in_addr6); + case DNS_TYPE_AAAA: { + int ret; + + ret = inet_pton(AF_INET6, rec1->data.ipv6, &rec1_in_addr6); + if (ret != 1) { + return false; + } + ret = inet_pton(AF_INET6, rec2->data.ipv6, &rec2_in_addr6); + if (ret != 1) { + return false; + } + return memcmp(&rec1_in_addr6, &rec2_in_addr6, sizeof(rec1_in_addr6)) == 0; + } case DNS_TYPE_CNAME: return dns_name_equal(rec1->data.cname, rec2->data.cname); case DNS_TYPE_TXT: diff --git a/source4/dsdb/samdb/ldb_modules/samldb.c b/source4/dsdb/samdb/ldb_modules/samldb.c index b9b57db..2394bd9 100644 --- a/source4/dsdb/samdb/ldb_modules/samldb.c +++ b/source4/dsdb/samdb/ldb_modules/samldb.c @@ -2886,6 +2886,12 @@ static int samldb_verify_subnet(struct samldb_ctx *ac) const struct ldb_val *rdn_value = NULL; rdn_value = ldb_dn_get_rdn_val(ac->msg->dn); + if (rdn_value == NULL) { + ldb_set_errstring(ldb, "samldb: ldb_dn_get_rdn_val " + "failed"); + return LDB_ERR_UNWILLING_TO_PERFORM; + } + cidr = ldb_dn_escape_value(ac, *rdn_value); DBG_INFO("looking at cidr '%s'\n", cidr); if (cidr == NULL) { -- Samba Shared Repository