The branch, master has been updated via 3563d79 s3:mdssvc: older glib2 versions require g_type_init() via f50c3fb libsmb: Fix CID 1356312 Explicit null dereferenced via deaab95 ctdb: Fix CID 1356313 Explicit null dereferenced via a243a90 lib: Fix CID 1356315 Dereference before null check via 3940d4e crypto: Fix CID 1356314 Resource leak via dcaa881 libads: Fix CID 1356316 Uninitialized pointer read from c06058a s3-auth: check for return code of cli_credentials_set_machine_account().
https://git.samba.org/?p=samba.git;a=shortlog;h=master - Log ----------------------------------------------------------------- commit 3563d79a8cb625ae78523cb32330c9f61c6c3a2f Author: Ralph Boehme <s...@samba.org> Date: Thu Mar 17 14:05:58 2016 +0100 s3:mdssvc: older glib2 versions require g_type_init() Older glib2 versions will crash if g_type_init is not called: (process:6712): GLib-GObject-CRITICAL **: ... ./gobject/gtype.c:2722: You forgot to call g_type_init() Bug: https://bugzilla.samba.org/show_bug.cgi?id=11801 Signed-off-by: Ralph Boehme <s...@samba.org> Reviewed-by: Jeremy Allison <j...@samba.org> Autobuild-User(master): Jeremy Allison <j...@samba.org> Autobuild-Date(master): Fri Mar 18 03:52:55 CET 2016 on sn-devel-144 commit f50c3fb1c58700522f1b742539dab9bd9ae7fd39 Author: Volker Lendecke <v...@samba.org> Date: Tue Mar 15 21:00:30 2016 +0100 libsmb: Fix CID 1356312 Explicit null dereferenced Signed-off-by: Volker Lendecke <v...@samba.org> Reviewed-by: Jeremy Allison <j...@samba.org> commit deaab95b8dbd412e744b3d2c75e64931d2417969 Author: Volker Lendecke <v...@samba.org> Date: Tue Mar 15 20:55:37 2016 +0100 ctdb: Fix CID 1356313 Explicit null dereferenced Signed-off-by: Volker Lendecke <v...@samba.org> Reviewed-by: Jeremy Allison <j...@samba.org> commit a243a9012feab3c8d0baf3302a285ccd69190344 Author: Volker Lendecke <v...@samba.org> Date: Tue Mar 15 20:48:19 2016 +0100 lib: Fix CID 1356315 Dereference before null check Signed-off-by: Volker Lendecke <v...@samba.org> Reviewed-by: Jeremy Allison <j...@samba.org> commit 3940d4e386cc641eba28bf23ac48c0a443de0877 Author: Volker Lendecke <v...@samba.org> Date: Tue Mar 15 20:38:02 2016 +0100 crypto: Fix CID 1356314 Resource leak Signed-off-by: Volker Lendecke <v...@samba.org> Reviewed-by: Jeremy Allison <j...@samba.org> commit dcaa88158e6f0a9964ad051b4062d82e9f279b8c Author: Volker Lendecke <v...@samba.org> Date: Tue Mar 15 20:34:27 2016 +0100 libads: Fix CID 1356316 Uninitialized pointer read Signed-off-by: Volker Lendecke <v...@samba.org> Reviewed-by: Jeremy Allison <j...@samba.org> ----------------------------------------------------------------------- Summary of changes: ctdb/server/ctdb_tunables.c | 14 ++++++++------ lib/krb5_wrap/krb5_samba.c | 7 ++----- source3/libads/sasl.c | 2 +- source3/librpc/crypto/gse_krb5.c | 3 +++ source3/libsmb/cliconnect.c | 5 +++++ source3/rpc_server/mdssvc/mdssvc.c | 5 ++++- 6 files changed, 23 insertions(+), 13 deletions(-) Changeset truncated at 500 lines: diff --git a/ctdb/server/ctdb_tunables.c b/ctdb/server/ctdb_tunables.c index 4e14279..4559aed 100644 --- a/ctdb/server/ctdb_tunables.c +++ b/ctdb/server/ctdb_tunables.c @@ -199,19 +199,21 @@ int32_t ctdb_control_list_tunables(struct ctdb_context *ctdb, TDB_DATA *outdata) int i; struct ctdb_control_list_tunable *t; + list = talloc_strdup(outdata, ":"); + CTDB_NO_MEMORY(ctdb, list); + for (i=0; i<ARRAY_SIZE(tunable_map); i++) { if (tunable_map[i].obsolete) { continue; } - if (list == NULL) { - list = talloc_strdup(outdata, tunable_map[i].name); - } else { - list = talloc_asprintf_append(list, ":%s", - tunable_map[i].name); - } + list = talloc_asprintf_append(list, "%s:", + tunable_map[i].name); CTDB_NO_MEMORY(ctdb, list); } + /* cut the last ':' */ + list[strlen(list)-1] = '\0'; + outdata->dsize = offsetof(struct ctdb_control_list_tunable, data) + strlen(list) + 1; outdata->dptr = talloc_size(outdata, outdata->dsize); diff --git a/lib/krb5_wrap/krb5_samba.c b/lib/krb5_wrap/krb5_samba.c index 9ee71f5..247b83b 100644 --- a/lib/krb5_wrap/krb5_samba.c +++ b/lib/krb5_wrap/krb5_samba.c @@ -1628,12 +1628,9 @@ out: if (memcmp(&zero_kt_entry, &kt_entry, sizeof(krb5_keytab_entry))) { smb_krb5_kt_free_entry(context, &kt_entry); } - if (keytab) { - if (memcmp(&cursor, &zero_csr, sizeof(krb5_kt_cursor)) != 0) { - krb5_kt_end_seq_get(context, keytab, &cursor); - } + if (memcmp(&cursor, &zero_csr, sizeof(krb5_kt_cursor)) != 0) { + krb5_kt_end_seq_get(context, keytab, &cursor); } - return ret; } diff --git a/source3/libads/sasl.c b/source3/libads/sasl.c index e707228..e205e9f 100644 --- a/source3/libads/sasl.c +++ b/source3/libads/sasl.c @@ -646,7 +646,7 @@ static ADS_STATUS ads_generate_service_principal(ADS_STRUCT *ads, static ADS_STATUS ads_sasl_spnego_bind(ADS_STRUCT *ads) { TALLOC_CTX *frame = talloc_stackframe(); - struct ads_service_principal p; + struct ads_service_principal p = {0}; struct berval *scred=NULL; int rc, i; ADS_STATUS status; diff --git a/source3/librpc/crypto/gse_krb5.c b/source3/librpc/crypto/gse_krb5.c index b213e83..e0021d0 100644 --- a/source3/librpc/crypto/gse_krb5.c +++ b/source3/librpc/crypto/gse_krb5.c @@ -144,6 +144,7 @@ static krb5_error_code fill_keytab_from_password(krb5_context krbctx, ret = krb5_unparse_name(krbctx, princ, &princ_s); if (ret != 0) { + SAFE_FREE(key); continue; } @@ -152,12 +153,14 @@ static krb5_error_code fill_keytab_from_password(krb5_context krbctx, enctypes[i]); SAFE_FREE(princ_s); if (salt_princ_s == NULL) { + SAFE_FREE(key); continue; } ret = krb5_parse_name(krbctx, salt_princ_s, &salt_princ); SAFE_FREE(salt_princ_s); if (ret != 0) { + SAFE_FREE(key); continue; } diff --git a/source3/libsmb/cliconnect.c b/source3/libsmb/cliconnect.c index 97d0352..50d1a0c 100644 --- a/source3/libsmb/cliconnect.c +++ b/source3/libsmb/cliconnect.c @@ -1361,6 +1361,11 @@ static struct tevent_req *cli_session_setup_gensec_send( size_t converted; bool ok; + if (pass == NULL) { + tevent_req_nterror(req, NT_STATUS_INVALID_PARAMETER_MIX); + return tevent_req_post(req, ev); + } + converted = strhex_to_str((char *)nt_hash.hash, sizeof(nt_hash.hash), pass, strlen(pass)); diff --git a/source3/rpc_server/mdssvc/mdssvc.c b/source3/rpc_server/mdssvc/mdssvc.c index abfea43..44d7703 100644 --- a/source3/rpc_server/mdssvc/mdssvc.c +++ b/source3/rpc_server/mdssvc/mdssvc.c @@ -1783,10 +1783,13 @@ done: } /** - * Init callbacks at startup, nothing to do here really + * Init callbacks at startup **/ bool mds_init(struct messaging_context *msg_ctx) { +#if (GLIB_MAJOR_VERSION < 3) && (GLIB_MINOR_VERSION < 36) + g_type_init(); +#endif return true; } -- Samba Shared Repository