The branch, v4-6-test has been updated
via 7a29fe4 s3:winbind: work around coverity false positive.
via d4ac505 ctdb: Fix posible NULL deref in logging_init()
via 002bfb9 s3:librpc: Fix OM_uint32 comparsion in if-clause
via 7dddc61 s3:librpc: Make sure kt_curser and kt_entry are initialized
via 3e5207d pam_winbind: Return if we do not have a domain
via efeb8b3 s3:lib: Do not segfault if username is NULL
via 17463ee s3:torture: Fix uint64_t comparsion in if-clause
via f34ff6a s4:torture: Make sure handles are initialized
via 33fdd9f ndrdump: Fix a possible NULL pointer dereference
via c240402 s3-vfs: Do not deref a NULL pointer in
shadow_copy2_snapshot_to_gmt()
via c563d22 s4-kcc: Do not dereference a NULL pointer
via 2281afd s4-torture: Use the correct variable type in
torture_smb2_maxfid()
from f50fa9f VERSION: Bump version up to 4.6.0rc5...
https://git.samba.org/?p=samba.git;a=shortlog;h=v4-6-test
- Log -----------------------------------------------------------------
commit 7a29fe42da4365e54cb46c6b82eb936c1412d6f4
Author: Jeremy Allison <[email protected]>
Date: Thu Feb 23 09:41:03 2017 -0800
s3:winbind: work around coverity false positive.
Signed-off-by: Jeremy Allison <[email protected]>
Reviewed-by: Andreas Schneider <[email protected]>
Autobuild-User(master): Jeremy Allison <[email protected]>
Autobuild-Date(master): Thu Feb 23 23:54:48 CET 2017 on sn-devel-144
(cherry picked from commit 2e09407c5b992db0da5ca3a6d1f38341dc42d070)
Autobuild-User(v4-6-test): Karolin Seeger <[email protected]>
Autobuild-Date(v4-6-test): Thu Mar 2 13:06:40 CET 2017 on sn-devel-144
commit d4ac5058958cfdadfce9d298d201a0dcb66cd611
Author: Andreas Schneider <[email protected]>
Date: Thu Feb 16 17:38:41 2017 +0100
ctdb: Fix posible NULL deref in logging_init()
Found by covscan.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12592
Signed-off-by: Andreas Schneider <[email protected]>
Reviewed-by: Jeremy Allison <[email protected]>
(cherry picked from commit 08e03fa7f5fdc7f988fbbb26929e8c5727f36c2e)
commit 002bfb9ec4d0103c1e8d7e0e3c976d326983e8be
Author: Andreas Schneider <[email protected]>
Date: Fri Feb 17 09:49:39 2017 +0100
s3:librpc: Fix OM_uint32 comparsion in if-clause
Found by covscan.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12592
Signed-off-by: Andreas Schneider <[email protected]>
Reviewed-by: Jeremy Allison <[email protected]>
(cherry picked from commit 8ac43e0e6ef9236a5c6d2c27ebe24171582c1d49)
commit 7dddc614fab21bd54214cada5320f899a26bd960
Author: Andreas Schneider <[email protected]>
Date: Thu Feb 16 17:42:53 2017 +0100
s3:librpc: Make sure kt_curser and kt_entry are initialized
Found by covscan.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12592
Signed-off-by: Andreas Schneider <[email protected]>
Reviewed-by: Jeremy Allison <[email protected]>
(cherry picked from commit 2f83cfdb90d687673cfc4be14cd66425fb7f3e76)
commit 3e5207d9f1cb07e13fd6ade7f51e22d25bfe6c86
Author: Andreas Schneider <[email protected]>
Date: Fri Feb 17 11:53:52 2017 +0100
pam_winbind: Return if we do not have a domain
Found by covscan.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12592
Signed-off-by: Andreas Schneider <[email protected]>
Reviewed-by: Jeremy Allison <[email protected]>
(cherry picked from commit 1df1d873c849f68a91d067c7049dda12c22e98c5)
commit efeb8b3a272c1b5190283682a0e74e426b7ccefd
Author: Andreas Schneider <[email protected]>
Date: Fri Feb 17 10:08:17 2017 +0100
s3:lib: Do not segfault if username is NULL
Found by covscan.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12592
Signed-off-by: Andreas Schneider <[email protected]>
Reviewed-by: Jeremy Allison <[email protected]>
(cherry picked from commit 9297ac44f7e0455bb74ee77ad8b68f2e8c4a070d)
commit 17463ee527cf1245704a448765f4bd89564ce961
Author: Andreas Schneider <[email protected]>
Date: Fri Feb 17 09:45:33 2017 +0100
s3:torture: Fix uint64_t comparsion in if-clause
Found by covscan.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12592
Signed-off-by: Andreas Schneider <[email protected]>
Reviewed-by: Jeremy Allison <[email protected]>
(cherry picked from commit 13690569ee5893e3dbd96f2b28a41a35e3da42ff)
commit f34ff6ae9ef97ce9338ce192cc16753bdbdc503d
Author: Andreas Schneider <[email protected]>
Date: Thu Feb 16 17:52:41 2017 +0100
s4:torture: Make sure handles are initialized
The CHECK_STATUS macro might goto done which checks the values of the
handle so they should be initialized in this case.
Found by covscan.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12592
Signed-off-by: Andreas Schneider <[email protected]>
Reviewed-by: Jeremy Allison <[email protected]>
(cherry picked from commit 8a1b998acb3592ad67bb72db79965bae436748ec)
commit 33fdd9f52a4045347c273a0ce8ba1d207e06772a
Author: Andreas Schneider <[email protected]>
Date: Thu Feb 16 17:34:07 2017 +0100
ndrdump: Fix a possible NULL pointer dereference
Found by covscan.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12592
Signed-off-by: Andreas Schneider <[email protected]>
Reviewed-by: Jeremy Allison <[email protected]>
(cherry picked from commit 79a49dc19a83bd22684a71aecf4588b753669039)
commit c2404026ec5a299e2f7f93337c633934e0253d23
Author: Andreas Schneider <[email protected]>
Date: Thu Feb 16 17:15:38 2017 +0100
s3-vfs: Do not deref a NULL pointer in shadow_copy2_snapshot_to_gmt()
Found by covscan.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12592
Signed-off-by: Andreas Schneider <[email protected]>
Reviewed-by: Jeremy Allison <[email protected]>
(cherry picked from commit e6105f92cd24de49acecd67a9f0c2c53323fe2e9)
commit c563d224a31059bb7f0f4af98a7afd6aeb09e4d3
Author: Andreas Schneider <[email protected]>
Date: Thu Feb 16 17:08:50 2017 +0100
s4-kcc: Do not dereference a NULL pointer
Found by covscan.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12592
Signed-off-by: Andreas Schneider <[email protected]>
Reviewed-by: Jeremy Allison <[email protected]>
(cherry picked from commit 67b978bb26b3d0009b511bb2ae96d249041827a5)
commit 2281afdefc7e9700d31c82c78a34f7887e65ca36
Author: Andreas Schneider <[email protected]>
Date: Thu Feb 16 17:07:54 2017 +0100
s4-torture: Use the correct variable type in torture_smb2_maxfid()
Found by covscan.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12592
Signed-off-by: Andreas Schneider <[email protected]>
Reviewed-by: Jeremy Allison <[email protected]>
(cherry picked from commit 1daea6b0f848b2434c65dc90d7fe514242c78786)
-----------------------------------------------------------------------
Summary of changes:
ctdb/common/logging.c | 7 +++++++
librpc/tools/ndrdump.c | 4 ++++
nsswitch/pam_winbind.c | 10 +++++++---
source3/lib/util_cmdline.c | 5 ++++-
source3/librpc/crypto/gse.c | 2 +-
source3/librpc/crypto/gse_krb5.c | 7 ++-----
source3/modules/vfs_shadow_copy2.c | 3 +++
source3/torture/torture.c | 4 ++--
source3/winbindd/winbindd_list_users.c | 2 +-
source4/dsdb/kcc/garbage_collect_tombstones.c | 4 +++-
source4/torture/smb2/maxfid.c | 8 ++++----
source4/torture/smb2/rename.c | 24 ++++++++++++++++++++++++
12 files changed, 62 insertions(+), 18 deletions(-)
Changeset truncated at 500 lines:
diff --git a/ctdb/common/logging.c b/ctdb/common/logging.c
index 3d586bf..c8ccf26 100644
--- a/ctdb/common/logging.c
+++ b/ctdb/common/logging.c
@@ -521,7 +521,14 @@ int logging_init(TALLOC_CTX *mem_ctx, const char *logging,
}
name = strtok(str, ":");
+ if (name == NULL) {
+ return EINVAL;
+ }
option = strtok(NULL, ":");
+ /*
+ * option can be NULL here, both setup()
+ * backends handle this.
+ */
for (i=0; i<ARRAY_SIZE(log_backend); i++) {
if (strcmp(log_backend[i].name, name) == 0) {
diff --git a/librpc/tools/ndrdump.c b/librpc/tools/ndrdump.c
index d534e3c..d8b9916 100644
--- a/librpc/tools/ndrdump.c
+++ b/librpc/tools/ndrdump.c
@@ -493,6 +493,10 @@ static void ndr_print_dummy(struct ndr_print *ndr, const
char *format, ...)
bool differ;
ndr_v_push = ndr_push_init_ctx(mem_ctx);
+ if (ndr_v_push == NULL) {
+ printf("No memory\n");
+ exit(1);
+ }
if (assume_ndr64) {
ndr_v_push->flags |= LIBNDR_FLAG_NDR64;
diff --git a/nsswitch/pam_winbind.c b/nsswitch/pam_winbind.c
index b78c6bd..dca2c29 100644
--- a/nsswitch/pam_winbind.c
+++ b/nsswitch/pam_winbind.c
@@ -2479,10 +2479,14 @@ static char* winbind_upn_to_username(struct pwb_context
*ctx,
if (!name) {
return NULL;
}
- if ((p = strchr(name, '@')) != NULL) {
- *p = 0;
- domain = p + 1;
+
+ p = strchr(name, '@');
+ if (p == NULL) {
+ TALLOC_FREE(name);
+ return NULL;
}
+ *p = '\0';
+ domain = p + 1;
/* Convert the UPN to a SID */
diff --git a/source3/lib/util_cmdline.c b/source3/lib/util_cmdline.c
index 6c98b44..ad51a4f 100644
--- a/source3/lib/util_cmdline.c
+++ b/source3/lib/util_cmdline.c
@@ -112,11 +112,14 @@ void set_cmdline_auth_info_username(struct user_auth_info
*auth_info,
{
const char *new_val = NULL;
+ if (username == NULL) {
+ return;
+ }
cli_credentials_parse_string(auth_info->creds,
username,
CRED_SPECIFIED);
new_val = cli_credentials_get_username(auth_info->creds);
- if (username != NULL && new_val == NULL) {
+ if (new_val == NULL) {
exit(ENOMEM);
}
diff --git a/source3/librpc/crypto/gse.c b/source3/librpc/crypto/gse.c
index 792700e..99971d3 100644
--- a/source3/librpc/crypto/gse.c
+++ b/source3/librpc/crypto/gse.c
@@ -347,7 +347,7 @@ static NTSTATUS gse_get_client_auth_token(TALLOC_CTX
*mem_ctx,
break;
default:
if ((gss_maj == GSS_S_FAILURE) &&
- (gss_min == KRB5KRB_AP_ERR_TKT_EXPIRED)) {
+ (gss_min == (OM_uint32)KRB5KRB_AP_ERR_TKT_EXPIRED)) {
DBG_NOTICE("Ticket expired\n");
} else {
DBG_ERR("gss_init_sec_context failed with [%s]\n",
diff --git a/source3/librpc/crypto/gse_krb5.c b/source3/librpc/crypto/gse_krb5.c
index 83afd16..703d1b4 100644
--- a/source3/librpc/crypto/gse_krb5.c
+++ b/source3/librpc/crypto/gse_krb5.c
@@ -359,8 +359,8 @@ static krb5_error_code
fill_mem_keytab_from_system_keytab(krb5_context krbctx,
{
krb5_error_code ret = 0;
krb5_keytab keytab = NULL;
- krb5_kt_cursor kt_cursor;
- krb5_keytab_entry kt_entry;
+ krb5_kt_cursor kt_cursor = { 0, };
+ krb5_keytab_entry kt_entry = { 0, };
char *valid_princ_formats[7] = { NULL, NULL, NULL,
NULL, NULL, NULL, NULL };
char *entry_princ_s = NULL;
@@ -420,9 +420,6 @@ static krb5_error_code
fill_mem_keytab_from_system_keytab(krb5_context krbctx,
goto out;
}
- ZERO_STRUCT(kt_entry);
- ZERO_STRUCT(kt_cursor);
-
ret = smb_krb5_kt_open_relative(krbctx, NULL, false, &keytab);
if (ret) {
DEBUG(1, ("smb_krb5_kt_open failed (%s)\n",
diff --git a/source3/modules/vfs_shadow_copy2.c
b/source3/modules/vfs_shadow_copy2.c
index 402eb70..2afc595 100644
--- a/source3/modules/vfs_shadow_copy2.c
+++ b/source3/modules/vfs_shadow_copy2.c
@@ -1873,6 +1873,9 @@ static bool
shadow_copy2_snapshot_to_gmt(vfs_handle_struct *handle,
}
/* Extract the prefix */
tmp = strstr(tmpstr, priv->config->delimiter);
+ if (tmp == NULL) {
+ goto done;
+ }
*tmp = '\0';
/* Parse regex */
diff --git a/source3/torture/torture.c b/source3/torture/torture.c
index cafc1a8..393d343 100644
--- a/source3/torture/torture.c
+++ b/source3/torture/torture.c
@@ -5066,7 +5066,7 @@ static bool run_rename_access(int dummy)
}
if (cli) {
- if (fnum != -1) {
+ if (fnum != (uint64_t)-1) {
cli_close(cli, fnum);
}
cli_unlink(cli, src,
@@ -5457,7 +5457,7 @@ static bool run_owner_rights(int dummy)
fail:
if (cli) {
- if (fnum != -1) {
+ if (fnum != (uint16_t)-1) {
cli_close(cli, fnum);
}
cli_unlink(cli, fname,
diff --git a/source3/winbindd/winbindd_list_users.c
b/source3/winbindd/winbindd_list_users.c
index 9a751a7..fcbe8be 100644
--- a/source3/winbindd/winbindd_list_users.c
+++ b/source3/winbindd/winbindd_list_users.c
@@ -178,7 +178,7 @@ NTSTATUS winbindd_list_users_recv(struct tevent_req *req,
response->length += len;
response->data.num_entries = 0;
- if (len >= 1) {
+ if (result != NULL && len >= 1) {
len -= 1;
response->data.num_entries = 1;
diff --git a/source4/dsdb/kcc/garbage_collect_tombstones.c
b/source4/dsdb/kcc/garbage_collect_tombstones.c
index 1909cfe..d8d0a59 100644
--- a/source4/dsdb/kcc/garbage_collect_tombstones.c
+++ b/source4/dsdb/kcc/garbage_collect_tombstones.c
@@ -137,7 +137,9 @@ static NTSTATUS garbage_collect_tombstones_part(TALLOC_CTX
*mem_ctx,
element->name);
/* This avoids parsing isDeleted as a link */
- if (attrib->linkID == 0 || ((attrib->linkID & 1) == 1))
{
+ if (attrib == NULL ||
+ attrib->linkID == 0 ||
+ ((attrib->linkID & 1) == 1)) {
continue;
}
diff --git a/source4/torture/smb2/maxfid.c b/source4/torture/smb2/maxfid.c
index cfdf7c1..dbe3fac 100644
--- a/source4/torture/smb2/maxfid.c
+++ b/source4/torture/smb2/maxfid.c
@@ -32,7 +32,7 @@ bool torture_smb2_maxfid(struct torture_context *tctx)
NTSTATUS status;
struct smb2_tree *tree = NULL;
const char *dname = "smb2_maxfid";
- int i, maxfid;
+ size_t i, maxfid;
struct smb2_handle *handles, dir_handle = { };
size_t max_handles;
@@ -62,7 +62,7 @@ bool torture_smb2_maxfid(struct torture_context *tctx)
struct smb2_create create = { };
struct smb2_close close = { };
- name = talloc_asprintf(tctx, "%s\\%d", dname, i / 1000);
+ name = talloc_asprintf(tctx, "%s\\%zu", dname, i / 1000);
torture_assert_goto(tctx, (name != NULL), ret, done,
"no memory for directory name\n");
@@ -93,7 +93,7 @@ bool torture_smb2_maxfid(struct torture_context *tctx)
char *name;
struct smb2_create create = { };
- name = talloc_asprintf(tctx, "%s\\%d\\%d", dname, i / 1000, i);
+ name = talloc_asprintf(tctx, "%s\\%zu\\%zu", dname, i / 1000,
i);
torture_assert_goto(tctx, (name != NULL), ret, done,
"no memory for file name\n");
@@ -120,7 +120,7 @@ bool torture_smb2_maxfid(struct torture_context *tctx)
maxfid = i;
if (maxfid == max_handles) {
- torture_comment(tctx, "Reached test limit of %d open files. "
+ torture_comment(tctx, "Reached test limit of %zu open files. "
"Adjust to higher test with "
"--option=torture:maxopenfiles=NNN\n", maxfid);
}
diff --git a/source4/torture/smb2/rename.c b/source4/torture/smb2/rename.c
index 1a490f3..9652643 100644
--- a/source4/torture/smb2/rename.c
+++ b/source4/torture/smb2/rename.c
@@ -57,6 +57,8 @@ static bool torture_smb2_rename_simple(struct torture_context
*torture,
union smb_fileinfo fi;
struct smb2_handle h1;
+ ZERO_STRUCT(h1);
+
smb2_deltree(tree1, BASEDIR);
smb2_util_rmdir(tree1, BASEDIR);
@@ -145,6 +147,8 @@ static bool torture_smb2_rename_simple2(struct
torture_context *torture,
union smb_setfileinfo sinfo;
struct smb2_handle h1;
+ ZERO_STRUCT(h1);
+
smb2_deltree(tree1, BASEDIR);
smb2_util_rmdir(tree1, BASEDIR);
@@ -226,6 +230,8 @@ static bool torture_smb2_rename_no_sharemode(struct
torture_context *torture,
union smb_fileinfo fi;
struct smb2_handle h1;
+ ZERO_STRUCT(h1);
+
smb2_deltree(tree1, BASEDIR);
smb2_util_rmdir(tree1, BASEDIR);
@@ -314,6 +320,9 @@ static bool torture_smb2_rename_with_delete_access(struct
torture_context *tortu
union smb_setfileinfo sinfo;
struct smb2_handle fh, dh;
+ ZERO_STRUCT(fh);
+ ZERO_STRUCT(dh);
+
smb2_deltree(tree1, BASEDIR);
smb2_util_rmdir(tree1, BASEDIR);
@@ -439,6 +448,9 @@ static bool torture_smb2_rename_with_delete_access2(struct
torture_context *tort
union smb_setfileinfo sinfo;
struct smb2_handle fh, dh;
+ ZERO_STRUCT(fh);
+ ZERO_STRUCT(dh);
+
smb2_deltree(tree1, BASEDIR);
smb2_util_rmdir(tree1, BASEDIR);
@@ -563,6 +575,9 @@ static bool torture_smb2_rename_no_delete_access(struct
torture_context *torture
union smb_fileinfo fi;
struct smb2_handle fh, dh;
+ ZERO_STRUCT(fh);
+ ZERO_STRUCT(dh);
+
smb2_deltree(tree1, BASEDIR);
smb2_util_rmdir(tree1, BASEDIR);
@@ -697,6 +712,9 @@ static bool torture_smb2_rename_no_delete_access2(struct
torture_context *tortur
union smb_setfileinfo sinfo;
struct smb2_handle fh, dh;
+ ZERO_STRUCT(fh);
+ ZERO_STRUCT(dh);
+
smb2_deltree(tree1, BASEDIR);
smb2_util_rmdir(tree1, BASEDIR);
@@ -820,6 +838,9 @@ static bool torture_smb2_rename_msword(struct
torture_context *torture,
union smb_fileinfo fi;
struct smb2_handle fh, dh;
+ ZERO_STRUCT(fh);
+ ZERO_STRUCT(dh);
+
smb2_deltree(tree1, BASEDIR);
smb2_util_rmdir(tree1, BASEDIR);
@@ -938,6 +959,9 @@ static bool torture_smb2_rename_dir_openfile(struct
torture_context *torture,
union smb_setfileinfo sinfo;
struct smb2_handle d1, h1;
+ ZERO_STRUCT(d1);
+ ZERO_STRUCT(h1);
+
smb2_deltree(tree1, BASEDIR);
smb2_util_rmdir(tree1, BASEDIR);
--
Samba Shared Repository
