The branch, master has been updated
via 4524f59 tsocket: Do not dereference a NULL pointer
via 1d4b20d s4: ldb: Ignore case of "range" in sscanf as we've already
checked for its presence.
from 826f619 s3-winbind: Fix memory leak with each cached credential
login
https://git.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 4524f5986c3cc6430fcc2ddae6970a62b3f22ac8
Author: Andreas Schneider <a...@samba.org>
Date: Wed Jun 22 15:36:59 2016 +0200
tsocket: Do not dereference a NULL pointer
Make sure the lrbsda pointer is not allocated and we will
not end up dereferencing a NULL pointer. In practice this
can't happen, but this change links the pointer with the
code that uses it.
Found by Coverity.
Signed-off-by: Andreas Schneider <a...@samba.org>
Reviewed-by: Jeremy Allison <j...@samba.org>
Autobuild-User(master): Jeremy Allison <j...@samba.org>
Autobuild-Date(master): Thu Jun 30 02:53:02 CEST 2016 on sn-devel-144
commit 1d4b20d4f3829eb3778006397990cd9fee4966a5
Author: Jeremy Allison <j...@samba.org>
Date: Tue Jun 28 15:38:22 2016 -0700
s4: ldb: Ignore case of "range" in sscanf as we've already checked for its
presence.
https://bugzilla.samba.org/show_bug.cgi?id=11838
Signed-off-by: Jeremy Allison <j...@samba.org>
Reviewed-by: Andrew Bartlett <abart...@samba.org>
-----------------------------------------------------------------------
Summary of changes:
lib/tsocket/tsocket_bsd.c | 12 ++++++++----
source4/dsdb/samdb/ldb_modules/ranged_results.c | 8 +++++---
2 files changed, 13 insertions(+), 7 deletions(-)
Changeset truncated at 500 lines:
diff --git a/lib/tsocket/tsocket_bsd.c b/lib/tsocket/tsocket_bsd.c
index 9608dde..708d17e 100644
--- a/lib/tsocket/tsocket_bsd.c
+++ b/lib/tsocket/tsocket_bsd.c
@@ -2327,10 +2327,14 @@ static struct tevent_req
*tstream_bsd_connect_send(TALLOC_CTX *mem_ctx,
goto post;
}
- ret = getsockname(state->fd, &lrbsda->u.sa, &lrbsda->sa_socklen);
- if (ret == -1) {
- tevent_req_error(req, errno);
- goto post;
+ if (lrbsda != NULL) {
+ ret = getsockname(state->fd,
+ &lrbsda->u.sa,
+ &lrbsda->sa_socklen);
+ if (ret == -1) {
+ tevent_req_error(req, errno);
+ goto post;
+ }
}
tevent_req_done(req);
diff --git a/source4/dsdb/samdb/ldb_modules/ranged_results.c
b/source4/dsdb/samdb/ldb_modules/ranged_results.c
index 60d7503..13bf3a2 100644
--- a/source4/dsdb/samdb/ldb_modules/ranged_results.c
+++ b/source4/dsdb/samdb/ldb_modules/ranged_results.c
@@ -201,6 +201,8 @@ static int rr_search(struct ldb_module *module, struct
ldb_request *req)
/* Strip the range request from the attribute */
for (i = 0; req->op.search.attrs && req->op.search.attrs[i]; i++) {
char *p;
+ size_t range_len = strlen(";range=");
+
new_attrs = talloc_realloc(req, new_attrs, const char *, i+2);
new_attrs[i] = req->op.search.attrs[i];
new_attrs[i+1] = NULL;
@@ -208,12 +210,12 @@ static int rr_search(struct ldb_module *module, struct
ldb_request *req)
if (!p) {
continue;
}
- if (strncasecmp(p, ";range=", strlen(";range=")) != 0) {
+ if (strncasecmp(p, ";range=", range_len) != 0) {
continue;
}
end = (unsigned int)-1;
- if (sscanf(p, ";range=%u-*", &start) != 1) {
- if (sscanf(p, ";range=%u-%u", &start, &end) != 2) {
+ if (sscanf(p + range_len, "%u-*", &start) != 1) {
+ if (sscanf(p + range_len, "%u-%u", &start, &end) != 2) {
ldb_asprintf_errstring(ldb,
"range request error: "
"range request malformed");
--
Samba Shared Repository
