The branch, master has been updated via 11ae26e s3:vfs: Do not overrun array ad->ad_eid via ec8ec35 s4:torture: Do not overrun arrays in test_displayshares() via 1e002db s4:torture: Fix talloc_array in test_EnumValue() via d11532c s3:modules: Avoid setting the sign bit to 1. from 1f7f112 ctdb-client: Fix ctdb_attach() to use database flags
https://git.samba.org/?p=samba.git;a=shortlog;h=master - Log ----------------------------------------------------------------- commit 11ae26e6a688d5f86c2d03f171694fc28f0c6c89 Author: Andreas Schneider <a...@samba.org> Date: Fri Aug 25 14:45:29 2017 +0200 s3:vfs: Do not overrun array ad->ad_eid The array is defined as: struct ad_entry ad_eid[ADEID_MAX] Found by Coverity. Signed-off-by: Andreas Schneider <a...@samba.org> Reviewed-by: Ralph Boehme <s...@samba.org> Autobuild-User(master): Andreas Schneider <a...@cryptomilk.org> Autobuild-Date(master): Fri Aug 25 20:05:32 CEST 2017 on sn-devel-144 commit ec8ec35bd798db88d89256435a4e4d84717d3632 Author: Andreas Schneider <a...@samba.org> Date: Fri Aug 25 14:24:59 2017 +0200 s4:torture: Do not overrun arrays in test_displayshares() If we do not 'break', we overrun the array access size. Found by Coverity. Signed-off-by: Andreas Schneider <a...@samba.org> Reviewed-by: Ralph Boehme <s...@samba.org> commit 1e002db765f3d3fdd49cccfdddef2218e7bc329d Author: Andreas Schneider <a...@samba.org> Date: Fri Aug 25 14:17:54 2017 +0200 s4:torture: Fix talloc_array in test_EnumValue() Found by Coverity. Signed-off-by: Andreas Schneider <a...@samba.org> Reviewed-by: Ralph Boehme <s...@samba.org> commit d11532c446fa176eb24e35f01617c6cd7559c9bc Author: Andreas Schneider <a...@samba.org> Date: Fri Aug 25 14:11:02 2017 +0200 s3:modules: Avoid setting the sign bit to 1. Found by Coverity. Signed-off-by: Andreas Schneider <a...@samba.org> Reviewed-by: Ralph Boehme <s...@samba.org> ----------------------------------------------------------------------- Summary of changes: source3/modules/vfs_fileid.c | 2 +- source3/modules/vfs_fruit.c | 2 +- source4/torture/libnet/libnet_share.c | 80 ++++++++++++++++++++++++++--------- source4/torture/rpc/winreg.c | 2 +- 4 files changed, 64 insertions(+), 22 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/modules/vfs_fileid.c b/source3/modules/vfs_fileid.c index f751486..bb0a79c 100644 --- a/source3/modules/vfs_fileid.c +++ b/source3/modules/vfs_fileid.c @@ -129,7 +129,7 @@ static uint64_t fileid_uint64_hash(const uint8_t *s, size_t len) /* Set the initial value from the key size. */ for (value = 0x238F13AFLL * len, i=0; i < len; i++) - value = (value + (s[i] << (i*5 % 24))); + value = (value + (((uint64_t)s[i]) << (i*5 % 24))); return (1103515243LL * value + 12345LL); } diff --git a/source3/modules/vfs_fruit.c b/source3/modules/vfs_fruit.c index 09e0fcd..3ba5996 100644 --- a/source3/modules/vfs_fruit.c +++ b/source3/modules/vfs_fruit.c @@ -653,7 +653,7 @@ static bool ad_unpack(struct adouble *ad, const size_t nentries, off = RIVAL(ad->ad_data, AD_HEADER_LEN + (i * AD_ENTRY_LEN) + 4); len = RIVAL(ad->ad_data, AD_HEADER_LEN + (i * AD_ENTRY_LEN) + 8); - if (!eid || eid > ADEID_MAX) { + if (!eid || eid >= ADEID_MAX) { DEBUG(1, ("bogus eid %d\n", eid)); return false; } diff --git a/source4/torture/libnet/libnet_share.c b/source4/torture/libnet/libnet_share.c index c09790f..5b5741b 100644 --- a/source4/torture/libnet/libnet_share.c +++ b/source4/torture/libnet/libnet_share.c @@ -65,10 +65,16 @@ static void test_displayshares(struct torture_context *tctx, for (i = 0; i < s.out.ctr.ctr1->count; i++) { struct srvsvc_NetShareInfo1 *info = &s.out.ctr.ctr1->array[i]; for (j = 0; j < ARRAY_SIZE(share_types); j++) { - if (share_types[j].type == info->type) break; + if (share_types[j].type == info->type) { + torture_comment(tctx, + "\t[%d] %s (%s)\t%s\n", + i, + info->name, + info->comment, + share_types[j].desc); + break; + } } - torture_comment(tctx, "\t[%d] %s (%s)\t%s\n", i, info->name, - info->comment, share_types[j].desc); } break; @@ -76,13 +82,27 @@ static void test_displayshares(struct torture_context *tctx, for (i = 0; i < s.out.ctr.ctr2->count; i++) { struct srvsvc_NetShareInfo2 *info = &s.out.ctr.ctr2->array[i]; for (j = 0; j < ARRAY_SIZE(share_types); j++) { - if (share_types[j].type == info->type) break; + if (share_types[j].type == info->type) { + torture_comment(tctx, + "\t[%d] %s\t%s\n" + "\t %s\n" + "\t [perms=0x%08x, " + "max_usr=%d, " + "cur_usr=%d, " + "path=%s, " + "pass=%s]\n", + i, + info->name, + share_types[j].desc, + info->comment, + info->permissions, + info->max_users, + info->current_users, + info->path, + info->password); + break; + } } - torture_comment(tctx, "\t[%d] %s\t%s\n\t %s\n\t [perms=0x%08x, max_usr=%d, cur_usr=%d, path=%s, pass=%s]\n", - i, info->name, share_types[j].desc, info->comment, - info->permissions, info->max_users, - info->current_users, info->path, - info->password); } break; @@ -90,11 +110,20 @@ static void test_displayshares(struct torture_context *tctx, for (i = 0; i < s.out.ctr.ctr501->count; i++) { struct srvsvc_NetShareInfo501 *info = &s.out.ctr.ctr501->array[i]; for (j = 0; j < ARRAY_SIZE(share_types); j++) { - if (share_types[j].type == info->type) break; + if (share_types[j].type == info->type) { + torture_comment(tctx, + "\t[%d] %s" + "\t%s " + "[csc_policy=0x%08x]\n" + "\t %s\n", + i, + info->name, + share_types[j].desc, + info->csc_policy, + info->comment); + break; + } } - torture_comment(tctx, "\t[%d] %s\t%s [csc_policy=0x%08x]\n\t %s\n", i, info->name, - share_types[j].desc, info->csc_policy, - info->comment); } break; @@ -102,13 +131,26 @@ static void test_displayshares(struct torture_context *tctx, for (i = 0; i < s.out.ctr.ctr502->count; i++) { struct srvsvc_NetShareInfo502 *info = &s.out.ctr.ctr502->array[i]; for (j = 0; j < ARRAY_SIZE(share_types); j++) { - if (share_types[j].type == info->type) break; + if (share_types[j].type == info->type) { + torture_comment(tctx, + "\t[%d] %s\t%s\n" + "\t %s\n" + "\t [perms=0x%08x, " + "max_usr=%d, " + "cur_usr=%d, " + "path=%s, pass=%s]\n", + i, + info->name, + share_types[j].desc, + info->comment, + info->permissions, + info->max_users, + info->current_users, + info->path, + info->password); + break; + } } - torture_comment(tctx, "\t[%d] %s\t%s\n\t %s\n\t [perms=0x%08x, max_usr=%d, cur_usr=%d, path=%s, pass=%s]\n", - i, info->name, share_types[j].desc, info->comment, - info->permissions, info->max_users, - info->current_users, info->path, - info->password); } break; } diff --git a/source4/torture/rpc/winreg.c b/source4/torture/rpc/winreg.c index 1a7b60f..9fc92cd 100644 --- a/source4/torture/rpc/winreg.c +++ b/source4/torture/rpc/winreg.c @@ -1997,7 +1997,7 @@ static bool test_EnumValue(struct dcerpc_binding_handle *b, data = NULL; if (size) { - data = (uint8_t *) talloc_array(tctx, uint8_t *, size); + data = talloc_array(tctx, uint8_t, size); } r.in.value = data; -- Samba Shared Repository