The branch, master has been updated
via 11ae26e s3:vfs: Do not overrun array ad->ad_eid
via ec8ec35 s4:torture: Do not overrun arrays in test_displayshares()
via 1e002db s4:torture: Fix talloc_array in test_EnumValue()
via d11532c s3:modules: Avoid setting the sign bit to 1.
from 1f7f112 ctdb-client: Fix ctdb_attach() to use database flags
https://git.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 11ae26e6a688d5f86c2d03f171694fc28f0c6c89
Author: Andreas Schneider <a...@samba.org>
Date: Fri Aug 25 14:45:29 2017 +0200
s3:vfs: Do not overrun array ad->ad_eid
The array is defined as:
struct ad_entry ad_eid[ADEID_MAX]
Found by Coverity.
Signed-off-by: Andreas Schneider <a...@samba.org>
Reviewed-by: Ralph Boehme <s...@samba.org>
Autobuild-User(master): Andreas Schneider <a...@cryptomilk.org>
Autobuild-Date(master): Fri Aug 25 20:05:32 CEST 2017 on sn-devel-144
commit ec8ec35bd798db88d89256435a4e4d84717d3632
Author: Andreas Schneider <a...@samba.org>
Date: Fri Aug 25 14:24:59 2017 +0200
s4:torture: Do not overrun arrays in test_displayshares()
If we do not 'break', we overrun the array access size.
Found by Coverity.
Signed-off-by: Andreas Schneider <a...@samba.org>
Reviewed-by: Ralph Boehme <s...@samba.org>
commit 1e002db765f3d3fdd49cccfdddef2218e7bc329d
Author: Andreas Schneider <a...@samba.org>
Date: Fri Aug 25 14:17:54 2017 +0200
s4:torture: Fix talloc_array in test_EnumValue()
Found by Coverity.
Signed-off-by: Andreas Schneider <a...@samba.org>
Reviewed-by: Ralph Boehme <s...@samba.org>
commit d11532c446fa176eb24e35f01617c6cd7559c9bc
Author: Andreas Schneider <a...@samba.org>
Date: Fri Aug 25 14:11:02 2017 +0200
s3:modules: Avoid setting the sign bit to 1.
Found by Coverity.
Signed-off-by: Andreas Schneider <a...@samba.org>
Reviewed-by: Ralph Boehme <s...@samba.org>
-----------------------------------------------------------------------
Summary of changes:
source3/modules/vfs_fileid.c | 2 +-
source3/modules/vfs_fruit.c | 2 +-
source4/torture/libnet/libnet_share.c | 80 ++++++++++++++++++++++++++---------
source4/torture/rpc/winreg.c | 2 +-
4 files changed, 64 insertions(+), 22 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source3/modules/vfs_fileid.c b/source3/modules/vfs_fileid.c
index f751486..bb0a79c 100644
--- a/source3/modules/vfs_fileid.c
+++ b/source3/modules/vfs_fileid.c
@@ -129,7 +129,7 @@ static uint64_t fileid_uint64_hash(const uint8_t *s, size_t
len)
/* Set the initial value from the key size. */
for (value = 0x238F13AFLL * len, i=0; i < len; i++)
- value = (value + (s[i] << (i*5 % 24)));
+ value = (value + (((uint64_t)s[i]) << (i*5 % 24)));
return (1103515243LL * value + 12345LL);
}
diff --git a/source3/modules/vfs_fruit.c b/source3/modules/vfs_fruit.c
index 09e0fcd..3ba5996 100644
--- a/source3/modules/vfs_fruit.c
+++ b/source3/modules/vfs_fruit.c
@@ -653,7 +653,7 @@ static bool ad_unpack(struct adouble *ad, const size_t
nentries,
off = RIVAL(ad->ad_data, AD_HEADER_LEN + (i * AD_ENTRY_LEN) +
4);
len = RIVAL(ad->ad_data, AD_HEADER_LEN + (i * AD_ENTRY_LEN) +
8);
- if (!eid || eid > ADEID_MAX) {
+ if (!eid || eid >= ADEID_MAX) {
DEBUG(1, ("bogus eid %d\n", eid));
return false;
}
diff --git a/source4/torture/libnet/libnet_share.c
b/source4/torture/libnet/libnet_share.c
index c09790f..5b5741b 100644
--- a/source4/torture/libnet/libnet_share.c
+++ b/source4/torture/libnet/libnet_share.c
@@ -65,10 +65,16 @@ static void test_displayshares(struct torture_context *tctx,
for (i = 0; i < s.out.ctr.ctr1->count; i++) {
struct srvsvc_NetShareInfo1 *info =
&s.out.ctr.ctr1->array[i];
for (j = 0; j < ARRAY_SIZE(share_types); j++) {
- if (share_types[j].type == info->type) break;
+ if (share_types[j].type == info->type) {
+ torture_comment(tctx,
+ "\t[%d] %s (%s)\t%s\n",
+ i,
+ info->name,
+ info->comment,
+ share_types[j].desc);
+ break;
+ }
}
- torture_comment(tctx, "\t[%d] %s (%s)\t%s\n", i,
info->name,
- info->comment, share_types[j].desc);
}
break;
@@ -76,13 +82,27 @@ static void test_displayshares(struct torture_context *tctx,
for (i = 0; i < s.out.ctr.ctr2->count; i++) {
struct srvsvc_NetShareInfo2 *info =
&s.out.ctr.ctr2->array[i];
for (j = 0; j < ARRAY_SIZE(share_types); j++) {
- if (share_types[j].type == info->type) break;
+ if (share_types[j].type == info->type) {
+ torture_comment(tctx,
+ "\t[%d] %s\t%s\n"
+ "\t %s\n"
+ "\t [perms=0x%08x, "
+ "max_usr=%d, "
+ "cur_usr=%d, "
+ "path=%s, "
+ "pass=%s]\n",
+ i,
+ info->name,
+ share_types[j].desc,
+ info->comment,
+ info->permissions,
+ info->max_users,
+ info->current_users,
+ info->path,
+ info->password);
+ break;
+ }
}
- torture_comment(tctx, "\t[%d] %s\t%s\n\t %s\n\t
[perms=0x%08x, max_usr=%d, cur_usr=%d, path=%s, pass=%s]\n",
- i, info->name, share_types[j].desc,
info->comment,
- info->permissions, info->max_users,
- info->current_users, info->path,
- info->password);
}
break;
@@ -90,11 +110,20 @@ static void test_displayshares(struct torture_context
*tctx,
for (i = 0; i < s.out.ctr.ctr501->count; i++) {
struct srvsvc_NetShareInfo501 *info =
&s.out.ctr.ctr501->array[i];
for (j = 0; j < ARRAY_SIZE(share_types); j++) {
- if (share_types[j].type == info->type) break;
+ if (share_types[j].type == info->type) {
+ torture_comment(tctx,
+ "\t[%d] %s"
+ "\t%s "
+ "[csc_policy=0x%08x]\n"
+ "\t %s\n",
+ i,
+ info->name,
+ share_types[j].desc,
+ info->csc_policy,
+ info->comment);
+ break;
+ }
}
- torture_comment(tctx, "\t[%d] %s\t%s
[csc_policy=0x%08x]\n\t %s\n", i, info->name,
- share_types[j].desc, info->csc_policy,
- info->comment);
}
break;
@@ -102,13 +131,26 @@ static void test_displayshares(struct torture_context
*tctx,
for (i = 0; i < s.out.ctr.ctr502->count; i++) {
struct srvsvc_NetShareInfo502 *info =
&s.out.ctr.ctr502->array[i];
for (j = 0; j < ARRAY_SIZE(share_types); j++) {
- if (share_types[j].type == info->type) break;
+ if (share_types[j].type == info->type) {
+ torture_comment(tctx,
+ "\t[%d] %s\t%s\n"
+ "\t %s\n"
+ "\t [perms=0x%08x, "
+ "max_usr=%d, "
+ "cur_usr=%d, "
+ "path=%s, pass=%s]\n",
+ i,
+ info->name,
+ share_types[j].desc,
+ info->comment,
+ info->permissions,
+ info->max_users,
+ info->current_users,
+ info->path,
+ info->password);
+ break;
+ }
}
- torture_comment(tctx, "\t[%d] %s\t%s\n\t %s\n\t
[perms=0x%08x, max_usr=%d, cur_usr=%d, path=%s, pass=%s]\n",
- i, info->name, share_types[j].desc,
info->comment,
- info->permissions, info->max_users,
- info->current_users, info->path,
- info->password);
}
break;
}
diff --git a/source4/torture/rpc/winreg.c b/source4/torture/rpc/winreg.c
index 1a7b60f..9fc92cd 100644
--- a/source4/torture/rpc/winreg.c
+++ b/source4/torture/rpc/winreg.c
@@ -1997,7 +1997,7 @@ static bool test_EnumValue(struct dcerpc_binding_handle
*b,
data = NULL;
if (size) {
- data = (uint8_t *) talloc_array(tctx, uint8_t *, size);
+ data = talloc_array(tctx, uint8_t, size);
}
r.in.value = data;
--
Samba Shared Repository
