[SCM] Samba Shared Repository - branch master updated

Wed, 03 Feb 2016 06:05:09 -0800 

The branch, master has been updated
       via  2d80498 smbd: Fix CID 1351215 Improper use of negative value
       via  f193361 smbd: Fix CID 1351216 Dereference null return value
      from  915185a python:tests/core: add tests for arcfour_encrypt() and 
string_to_byte_array()

https://git.samba.org/?p=samba.git;a=shortlog;h=master


- Log -----------------------------------------------------------------
commit 2d80498e64bc7f9e1fd2d080825c1e8904018a19
Author: Volker Lendecke <[email protected]>
Date:   Wed Feb 3 09:18:14 2016 +0100

    smbd: Fix CID 1351215 Improper use of negative value
    
    Signed-off-by: Volker Lendecke <[email protected]>
    Reviewed-by: Michael Adam <[email protected]>
    
    Autobuild-User(master): Michael Adam <[email protected]>
    Autobuild-Date(master): Wed Feb  3 15:03:09 CET 2016 on sn-devel-144

commit f1933618500f8c4787f3bf7aa260e21cd6bf7cd8
Author: Volker Lendecke <[email protected]>
Date:   Wed Feb 3 09:10:46 2016 +0100

    smbd: Fix CID 1351216 Dereference null return value
    
    Signed-off-by: Volker Lendecke <[email protected]>
    Reviewed-by: Michael Adam <[email protected]>

-----------------------------------------------------------------------

Summary of changes:
 source3/smbd/smbXsrv_client.c | 15 ++++++++++++---
 1 file changed, 12 insertions(+), 3 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source3/smbd/smbXsrv_client.c b/source3/smbd/smbXsrv_client.c
index 87cc307..0e21fc6 100644
--- a/source3/smbd/smbXsrv_client.c
+++ b/source3/smbd/smbXsrv_client.c
@@ -63,6 +63,9 @@ NTSTATUS smbXsrv_client_global_init(void)
         * This contains secret information like client keys!
         */
        global_path = lock_path("smbXsrv_client_global.tdb");
+       if (global_path == NULL) {
+               return NT_STATUS_NO_MEMORY;
+       }
 
        db_ctx = db_open(NULL, global_path,
                         0, /* hash_size */
@@ -287,14 +290,20 @@ NTSTATUS smb2srv_client_connection_pass(struct 
smbd_smb2_request *smb2req,
        NTSTATUS status;
        struct smbXsrv_connection_pass0 pass_info0;
        struct smbXsrv_connection_passB pass_blob;
+       ssize_t reqlen;
        struct iovec iov;
 
        pass_info0.initial_connect_time = global->initial_connect_time;
        pass_info0.client_guid = global->client_guid;
-       pass_info0.negotiate_request.length = iov_buflen(smb2req->in.vector,
-                                                        
smb2req->in.vector_count);
+
+       reqlen = iov_buflen(smb2req->in.vector, smb2req->in.vector_count);
+       if (reqlen == -1) {
+               return NT_STATUS_INVALID_BUFFER_SIZE;
+       }
+
+       pass_info0.negotiate_request.length = reqlen;
        pass_info0.negotiate_request.data = talloc_array(talloc_tos(), uint8_t,
-                                       pass_info0.negotiate_request.length);
+                                                        reqlen);
        if (pass_info0.negotiate_request.data == NULL) {
                return NT_STATUS_NO_MEMORY;
        }


-- 
Samba Shared Repository

Reply via email to