[SCM] Samba Shared Repository - branch master updated

Jeremy Allison Tue, 26 Apr 2016 17:13:55 -0700

The branch, master has been updated
       via  f4181f2 ldb-samba/ldb_matching_rules: Fix CID 1349424 - 
Uninitialized pointer read
       via  51f221c dcesrv_backupkey_heimdal: Fix CID 1321647 - Unchecked 
return value
       via  9a7a38a lib/http/http_auth: Fix CID 1273428 - Unchecked return value
       via  b9ffb93 talloc/testsuite: Fix CID 1291641 - Logically dead code
      from  f9099d3 s3-libads: Fix compilation with MIT Kerberos


https://git.samba.org/?p=samba.git;a=shortlog;h=master


- Log -----------------------------------------------------------------
commit f4181f25b4ae3db684e43837449617e75183ecc8
Author: Robin Hack <[email protected]>
Date:   Tue Apr 26 17:51:46 2016 +0200

    ldb-samba/ldb_matching_rules: Fix CID 1349424 - Uninitialized pointer read
    
    Fix unitialized 'visited' value (pointer to pointer) in
    ldb_eval_transitive_filter() which passes 'visited' value later to
    ldb_eval_transitive_filter_helper().
    
    Signed-off-by: Robin Hack <[email protected]>
    Reviewed-by: Jeremy Allison <[email protected]>
    Reviewed-by: Andreas Schneider <[email protected]>
    
    Autobuild-User(master): Jeremy Allison <[email protected]>
    Autobuild-Date(master): Wed Apr 27 02:12:39 CEST 2016 on sn-devel-144

commit 51f221c86eb7004f7a45c9cd03aa889e94a8dbc6
Author: Robin Hack <[email protected]>
Date:   Tue Apr 26 15:17:51 2016 +0200

    dcesrv_backupkey_heimdal: Fix CID 1321647 - Unchecked return value
    
    Unchecked return value of gnutls_global_init().
    
    Signed-off-by: Robin Hack <[email protected]>
    Reviewed-by: Andreas Schneider <[email protected]>
    Reviewed-by: Jeremy Allison <[email protected]>

commit 9a7a38a6dde6418e48048fdf8bfcd6f38674e443
Author: Robin Hack <[email protected]>
Date:   Tue Apr 26 13:58:27 2016 +0200

    lib/http/http_auth: Fix CID 1273428 - Unchecked return value
    
    There is missing check of status value in
    http_auth.c:http_create_auth_request() which can leave values
    inside 'DATA_BLOB in' unitialized.
    
    http_auth.c:http_create_auth_request() calls
    http_auth.c:http_parse_auth_response() which can return 
NT_STATUS_NOT_SUPPORTED
    and which is not checked by caller and later passed as argument to other 
functions.
    
    For example:
    'DATA_BLOB in' can be passed to
    auth/gensec/spnego.c:gensec_spnego_update() later:
    
    ...
    switch (spnego_state->state_position) {
    ..
        case SPNEGO_SERVER_START:
                if (in.length) {
    
    Signed-off-by: Robin Hack <[email protected]>
    Reviewed-by: Andreas Schneider <[email protected]>
    Reviewed-by: Jeremy Allison <[email protected]>

commit b9ffb9322b987409693e4faa277b5e3f46ad8b22
Author: Robin Hack <[email protected]>
Date:   Tue Apr 26 13:02:01 2016 +0200

    talloc/testsuite: Fix CID 1291641 - Logically dead code
    
    Add check for snprintf return code.
    
    Signed-off-by: Robin Hack <[email protected]>
    Reviewed-by: Jeremy Allison <[email protected]>
    Reviewed-by: Andreas Schneider <[email protected]>

-----------------------------------------------------------------------

Summary of changes:
 lib/ldb-samba/ldb_matching_rules.c                      |  2 +-
 lib/talloc/testsuite.c                                  | 10 +++++-----
 source4/lib/http/http_auth.c                            |  3 +++
 source4/rpc_server/backupkey/dcesrv_backupkey_heimdal.c |  6 +++++-
 4 files changed, 14 insertions(+), 7 deletions(-)


Changeset truncated at 500 lines:

diff --git a/lib/ldb-samba/ldb_matching_rules.c 
b/lib/ldb-samba/ldb_matching_rules.c
index 1692a73..637858f 100644
--- a/lib/ldb-samba/ldb_matching_rules.c
+++ b/lib/ldb-samba/ldb_matching_rules.c
@@ -206,7 +206,7 @@ static int ldb_eval_transitive_filter(TALLOC_CTX *mem_ctx,
        struct dsdb_dn *dn_to_match;
        const char *dn_oid;
        unsigned int count;
-       struct dsdb_dn **visited;
+       struct dsdb_dn **visited = NULL;
 
        schema = dsdb_get_schema(ldb, mem_ctx);
        if (schema == NULL) {
diff --git a/lib/talloc/testsuite.c b/lib/talloc/testsuite.c
index 34410b8..5eab839 100644
--- a/lib/talloc/testsuite.c
+++ b/lib/talloc/testsuite.c
@@ -1795,11 +1795,11 @@ static bool test_pthread_talloc_passing(void)
         * They will use their own toplevel contexts.
         */
        for (i = 0; i < NUM_THREADS; i++) {
-               (void)snprintf(str_array[i],
-                               20,
-                               "thread:%d",
-                               i);
-               if (str_array[i] == NULL) {
+               ret = snprintf(str_array[i],
+                              20,
+                              "thread:%d",
+                              i);
+               if (ret < 0) {
                        printf("snprintf %d failed\n", i);
                        return false;
                }
diff --git a/source4/lib/http/http_auth.c b/source4/lib/http/http_auth.c
index d846ec2..b6f102f 100644
--- a/source4/lib/http/http_auth.c
+++ b/source4/lib/http/http_auth.c
@@ -96,6 +96,9 @@ static NTSTATUS http_create_auth_request(TALLOC_CTX *mem_ctx,
 
        if (auth_response) {
                status = http_parse_auth_response(auth, auth_response, &in);
+               if (!NT_STATUS_IS_OK(status)) {
+                       return status;
+               }
        } else {
                in = data_blob_null;
        }
diff --git a/source4/rpc_server/backupkey/dcesrv_backupkey_heimdal.c 
b/source4/rpc_server/backupkey/dcesrv_backupkey_heimdal.c
index ac12c64..a9bd57f 100644
--- a/source4/rpc_server/backupkey/dcesrv_backupkey_heimdal.c
+++ b/source4/rpc_server/backupkey/dcesrv_backupkey_heimdal.c
@@ -829,7 +829,11 @@ static WERROR create_heimdal_rsa_key(TALLOC_CTX *ctx, 
hx509_context *hctx,
 
        *rsa = NULL;
 
-       gnutls_global_init();
+       ret = gnutls_global_init();
+       if (ret != GNUTLS_E_SUCCESS) {
+               DBG_ERR("TLS error: %s\n", gnutls_strerror(ret));
+               return WERR_INTERNAL_ERROR;
+       }
 #if defined(HAVE_GCRYPT_H) && !defined(HAVE_GNUTLS3)
        DEBUG(3,("Enabling QUICK mode in gcrypt\n"));
        gcry_control(GCRYCTL_ENABLE_QUICK_RANDOM, 0);


-- 
Samba Shared Repository

[SCM] Samba Shared Repository - branch master updated

Reply via email to