The branch, v4-7-test has been updated
via e728f9f s4:kcc: Add a NULL check before qsort()
via 84bac58 s3:smbget: Fix buffer truncation issues with gcc8
via e0a7415 s3:registry: Fix buffer truncation issues issues with gcc8
via ce0b090 samdb: Fix build error with gcc8
via bc6a072 s3-winbindd: remove unused fill_domain_username()
via 6fa0630 s3-winbindd: use fill_domain_username_talloc() in winbind.
via 7b6a1de s3:libnet: Fix format-truncation warning in samsync_ldif
via 6aaf3a8 lib: Fix array size in audit_logging
via aab4aca s4:ntvfs: Fix string copy of share_name
via 461bd25 lib:util: Fix parameter aliasing in tfork test
via 99ab2e2 s3:passdb: Fix size of ascii_p16
via 992faaa s3:lib: Use memcpy() in escape_ldap_string()
via 7cf1573 s4:torture: Use strlcpy() in gen_name()
via c4a2cd3 s3-utils: fix format-truncation in smbpasswd
via 911417a s4-torture: fix format-truncation warning in smb2 session
tests.
via c146fd8 s3-printing: fix format-truncation in print_queue_update()
from 454f425 heimdal: lib/krb5: do not fail set_config_files due to
parse error
https://git.samba.org/?p=samba.git;a=shortlog;h=v4-7-test
- Log -----------------------------------------------------------------
commit e728f9f4e0c4a2a196b87d02f33892cdd0e032c2
Author: Andreas Schneider <a...@samba.org>
Date: Thu Jun 21 11:11:58 2018 +0200
s4:kcc: Add a NULL check before qsort()
../source4/dsdb/kcc/kcc_topology.c: In function
‘kcctpl_get_all_bridgehead_dcs.constprop’:
../source4/dsdb/kcc/kcc_topology.c:1330:3: error: argument 1 null where
non-null expected [-Werror=nonnull]
qsort(bridgeheads.data, bridgeheads.count,
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13437
Signed-off-by: Andreas Schneider <a...@samba.org>
Reviewed-by: Guenther Deschner <g...@samba.org>
Autobuild-User(v4-7-test): Karolin Seeger <ksee...@samba.org>
Autobuild-Date(v4-7-test): Wed Jun 27 14:52:13 CEST 2018 on sn-devel-144
commit 84bac589f3d4f8ce7131d374963f275ea80af80b
Author: Andreas Schneider <a...@samba.org>
Date: Mon Jun 18 10:43:53 2018 +0200
s3:smbget: Fix buffer truncation issues with gcc8
../source3/utils/smbget.c: In function ‘smb_download_file’:
../source3/utils/smbget.c:97:27: error: ‘b’ directive output may be
truncated writing 1 byte into a region of size between 0 and 19
[-Werror=format-truncation=]
snprintf(buffer, l, "%jdb", (intmax_t)s);
^
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13437
Signed-off-by: Andreas Schneider <a...@samba.org>
Reviewed-by: Guenther Deschner <g...@samba.org>
(cherry picked from commit 4a3164e0beea35c1f4ce44fbe43547f7104587d1)
commit e0a7415b48cf986ae8359e88dfd1eee51b7a2cb8
Author: Andreas Schneider <a...@samba.org>
Date: Mon Jun 18 10:34:27 2018 +0200
s3:registry: Fix buffer truncation issues issues with gcc8
../source3/registry/reg_perfcount.c: In function ‘reg_perfcount_get_hkpd’:
../source3/registry/reg_perfcount.c:337:29: error: ‘snprintf’ output may be
truncated before the last format character [-Werror=format-truncation=]
snprintf(buf, buflen,"%d%s", key_part1, key_part2);
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13437
Signed-off-by: Andreas Schneider <a...@samba.org>
Reviewed-by: Guenther Deschner <g...@samba.org>
(cherry picked from commit 29f6842ee86b768f3677b38c5640655e312c398e)
commit ce0b0908b7753d6daf5162c9694f9c96bc8b563d
Author: Andreas Schneider <a...@samba.org>
Date: Mon Jun 18 10:24:06 2018 +0200
samdb: Fix build error with gcc8
../source4/dsdb/samdb/ldb_modules/samldb.c: In function ‘samldb_add’:
../source4/dsdb/samdb/ldb_modules/samldb.c:424:6: error: ‘found’ may be
used uninitialized in this function [-Werror=maybe-uninitialized]
if (found) {
^
../source4/dsdb/samdb/ldb_modules/samldb.c:348:11: note: ‘found’ was
declared here
bool ok, found;
^~~~~
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13437
Signed-off-by: Andreas Schneider <a...@samba.org>
Reviewed-by: Guenther Deschner <g...@samba.org>
(cherry picked from commit 76828876faa3cd463023e323983df0be597c7361)
commit bc6a07241d30118589dd61d061a3a4498d0a6757
Author: Günther Deschner <g...@samba.org>
Date: Tue May 8 11:19:42 2018 +0200
s3-winbindd: remove unused fill_domain_username()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13437
Guenther
Signed-off-by: Guenther Deschner <g...@samba.org>
Reviewed-by: Andreas Schneider <a...@samba.org>
(cherry picked from commit b24d4eb7afad82afc3a9bab65e1d799edc4b5172)
commit 6fa063049a685970f962394aee034b4388e4be26
Author: Günther Deschner <g...@samba.org>
Date: Tue May 8 11:18:56 2018 +0200
s3-winbindd: use fill_domain_username_talloc() in winbind.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13437
Guenther
Signed-off-by: Guenther Deschner <g...@samba.org>
Reviewed-by: Andreas Schneider <a...@samba.org>
(cherry picked from commit 3c6481d75cea175d0a69988577163efb40e2316b)
commit 7b6a1de1bd0e401be14c64128be33c7c3eee208e
Author: Andreas Schneider <a...@samba.org>
Date: Wed Jun 13 17:56:59 2018 +0200
s3:libnet: Fix format-truncation warning in samsync_ldif
error: ‘%s’ directive output may be truncated writing up to 255 bytes
into a region of size 250 [-Werror=format-truncation=]
snprintf(homedir, sizeof(homedir), "/home/%s", username);
^~ ~~~~~~~~
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13437
Signed-off-by: Andreas Schneider <a...@samba.org>
Reviewed-by: Guenther Deschner <g...@samba.org>
commit 6aaf3a88f4bdc0f8fe34779c24b7716fe641561e
Author: Andreas Schneider <a...@samba.org>
Date: Wed May 16 13:59:55 2018 +0200
lib: Fix array size in audit_logging
../lib/audit_logging/audit_logging.c: In function ‘json_add_timestamp’:
../lib/audit_logging/audit_logging.c:603:12: error: ‘%s’ directive
output may be truncated writing up to 9 bytes into a region of size
between 0 and 43 [-Werror=format-truncation=]
"%s.%06ld%s",
^~
../lib/audit_logging/audit_logging.c:606:3:
tz);
~~
../lib/audit_logging/audit_logging.c:600:2: note: ‘snprintf’ output
between 8 and 70 bytes into a destination of size 50
snprintf(
^~~~~~~~~
timestamp,
~~~~~~~~~~
sizeof(timestamp),
~~~~~~~~~~~~~~~~~~
"%s.%06ld%s",
~~~~~~~~~~~~~
buffer,
~~~~~~~
tv.tv_usec,
~~~~~~~~~~~
tz);
~~~
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13437
Signed-off-by: Andreas Schneider <a...@samba.org>
Reviewed-by: Guenther Deschner <g...@samba.org>
(cherry picked from commit 8b7c8eb3907e2123acee67949e88c26072afc81a)
commit aab4aca2602ef734c8e1b1faa50085f56e64f748
Author: Andreas Schneider <a...@samba.org>
Date: Tue May 15 17:55:22 2018 +0200
s4:ntvfs: Fix string copy of share_name
../source4/ntvfs/ipc/rap_server.c:70:3: error: ‘strncpy’ specified bound 13
equals destination size [-Werror=stringop-truncation]
strncpy((char *)r->out.info[j].info1.share_name,
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
snames[i],
~~~~~~~~~~
sizeof(r->out.info[0].info1.share_name));
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Signed-off-by: Andreas Schneider <a...@samba.org>
Reviewed-by: Guenther Deschner <g...@samba.org>
(cherry picked from commit 609ef35c12900bbd5ecaa557f7b5d71b5784a103)
commit 461bd254c503c46b9c93dfdac292baffdc91f934
Author: Andreas Schneider <a...@samba.org>
Date: Wed May 9 17:52:19 2018 +0200
lib:util: Fix parameter aliasing in tfork test
../lib/util/tests/tfork.c:483:24: error: passing argument 1 to
restrict-qualified parameter aliases with argument 4 [-Werror=restrict]
ret = pthread_create(&threads[i],
^~~~~~~~~~~
../lib/util/tests/tfork.c:486:10:
(void *)&threads[i]);
~~~~~~~~~~~~~~~~~~~
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13437
Signed-off-by: Andreas Schneider <a...@samba.org>
Reviewed-by: Guenther Deschner <g...@samba.org>
(cherry picked from commit 6f06a0154f5769cb85f6e189eecd78cd7805090a)
commit 99ab2e29bf2d3ddb88bd1ed1d8a04ed4da288f8b
Author: Andreas Schneider <a...@samba.org>
Date: Wed May 9 18:05:01 2018 +0200
s3:passdb: Fix size of ascii_p16
../source3/passdb/pdb_smbpasswd.c: In function ‘mod_smbfilepwd_entry’:
../source3/passdb/pdb_smbpasswd.c:1015:7: error: ‘:LCT-’ directive
output may be truncated writing 5 bytes into a region of size between 0
and 255 [-Werror=format-truncat ion=]
"%s:LCT-%08X:",
^~~~~
../source3/passdb/pdb_smbpasswd.c:1015:4: note: using the range [0,
4294967295] for directive argument
"%s:LCT-%08X:",
^~~~~~~~~~~~~~
In file included from ../source3/include/includes.h:23,
from ../source3/passdb/pdb_smbpasswd.c:23:
../lib/replace/../replace/replace.h:514:18: note: ‘snprintf’ output
between 15 and 270 bytes into a destination of size 255
#define slprintf snprintf
../source3/passdb/pdb_smbpasswd.c:1013:3: note: in expansion of macro
‘slprintf’
slprintf(&ascii_p16[strlen(ascii_p16)],
^~~~~~~~
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13437
Signed-off-by: Andreas Schneider <a...@samba.org>
Reviewed-by: Guenther Deschner <g...@samba.org>
(cherry picked from commit 728297ca889b39ce2006778bf6a5bf1c3ce82d6d)
commit 992faaaffe6ed495cb88da5fe9669f82dbc59357
Author: Andreas Schneider <a...@samba.org>
Date: Wed May 9 17:29:39 2018 +0200
s3:lib: Use memcpy() in escape_ldap_string()
../source3/lib/ldap_escape.c: In function ‘escape_ldap_string’:
../source3/lib/ldap_escape.c:79:4: error: ‘strncpy’ output truncated
before terminating nul copying 3 bytes from a string of the same length
[-Werror=stringop-truncation]
strncpy (p, sub, 3);
^~~~~~~~~~~~~~~~~~~
We concatenat and do not care about NUL-termination till the loop has
finished.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13437
Signed-off-by: Andreas Schneider <a...@samba.org>
Reviewed-by: Guenther Deschner <g...@samba.org>
(cherry picked from commit ff7568daaeb19ff30f47f7f600ead247eaf4e826)
commit 7cf1573dec15fa806cf3b5265a86f74d8a1d77cc
Author: Andreas Schneider <a...@samba.org>
Date: Wed May 9 17:35:45 2018 +0200
s4:torture: Use strlcpy() in gen_name()
../source4/torture/basic/mangle_test.c: In function ‘gen_name’:
../source4/torture/basic/mangle_test.c:148:3: error: ‘strncpy’ output
truncated before terminating nul copying 5 bytes from a string of the
same length [-Werror=stringop-truncation]
strncpy(p, "ABCDE", 5);
^~~~~~~~~~~~~~~~~~~~~~
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13437
Signed-off-by: Andreas Schneider <a...@samba.org>
Reviewed-by: Guenther Deschner <g...@samba.org>
(cherry picked from commit 7a00d90d668f53914ffe035c41a5e79e60b51521)
commit c4a2cd3ec3bb69959fdd8ee1cc6bf8e92032206a
Author: Günther Deschner <g...@samba.org>
Date: Tue May 8 14:13:56 2018 +0200
s3-utils: fix format-truncation in smbpasswd
../source3/utils/smbpasswd.c: In function ‘process_root’:
../source3/utils/smbpasswd.c:414:37: error: ‘$’ directive output may be
truncated writing 1 byte into a region of size between 0 and 255
[-Werror=format-truncation=]
slprintf(buf, sizeof(buf) - 1, "%s$", user_name);
^
In file included from ../source3/include/includes.h:23,
from ../source3/utils/smbpasswd.c:19:
../lib/replace/../replace/replace.h:514:18: note: ‘snprintf’ output between
2 and 257 bytes into a destination of size 255
#define slprintf snprintf
../source3/utils/smbpasswd.c:414:3: note: in expansion of macro ‘slprintf’
slprintf(buf, sizeof(buf) - 1, "%s$", user_name);
^~~~~~~~
../source3/utils/smbpasswd.c:397:35: error: ‘$’ directive output may be
truncated writing 1 byte into a region of size between 0 and 255
[-Werror=format-truncation=]
slprintf(buf, sizeof(buf)-1, "%s$", user_name);
^
In file included from ../source3/include/includes.h:23,
from ../source3/utils/smbpasswd.c:19:
../lib/replace/../replace/replace.h:514:18: note: ‘snprintf’ output between
2 and 257 bytes into a destination of size 255
#define slprintf snprintf
../source3/utils/smbpasswd.c:397:3: note: in expansion of macro ‘slprintf’
slprintf(buf, sizeof(buf)-1, "%s$", user_name);
^~~~~~~~
cc1: some warnings being treated as errors
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13437
Pair-Programmed-With: Andreas Schneider <a...@samba.org>
Signed-off-by: Guenther Deschner <g...@samba.org>
Signed-off-by: Andreas Schneider <a...@samba.org>
(cherry picked from commit 9b6dc8f504c406ed8a044e5becca7e8f01da6c84)
commit 911417a5018c5c00695551ee83523efa72c6eb36
Author: Günther Deschner <g...@samba.org>
Date: Tue May 8 13:54:53 2018 +0200
s4-torture: fix format-truncation warning in smb2 session tests.
../source4/torture/smb2/session.c: In function ‘test_session_reauth5’:
../source4/torture/smb2/session.c:645:36: error: ‘\file.dat’ directive
output may be truncated writing 9 bytes into a region of size between 1 and 256
[-Werror=format-truncation=]
snprintf(fname, sizeof(fname), "%s\\file.dat", dname);
^~~~~~~~~~
../source4/torture/smb2/session.c:645:2: note: ‘snprintf’ output between 10
and 265 bytes into a destination of size 256
snprintf(fname, sizeof(fname), "%s\\file.dat", dname);
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
../source4/torture/smb2/session.c:696:38: error: ‘\file2.dat’ directive
output may be truncated writing 10 bytes into a region of size between 1 and
256 [-Werror=format-truncation=]
snprintf(fname2, sizeof(fname2), "%s\\file2.dat", dname);
^~~~~~~~~~~
../source4/torture/smb2/session.c:696:2: note: ‘snprintf’ output between 11
and 266 bytes into a destination of size 256
snprintf(fname2, sizeof(fname2), "%s\\file2.dat", dname);
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
cc1: some warnings being treated as errors
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13437
Guenther
Signed-off-by: Guenther Deschner <g...@samba.org>
Reviewed-by: Andreas Schneider <a...@samba.org>
(cherry picked from commit 5729898248041794ffdd0b769332e015baf12cce)
commit c146fd8433961dd3dc7bb194acaa7d2d4f25ef07
Author: Günther Deschner <g...@samba.org>
Date: Tue May 8 13:46:11 2018 +0200
s3-printing: fix format-truncation in print_queue_update()
../source3/printing/printing.c: In function ‘print_queue_update’:
../source3/printing/printing.c:1809:42: error: ‘%s’ directive output may be
truncated writing up to 255 bytes into a region of size 244
[-Werror=format-truncation=]
snprintf(key, sizeof(key), "MSG_PENDING/%s", sharename);
^~ ~~~~~~~~~
../source3/printing/printing.c:1809:2: note: ‘snprintf’ output between 13
and 268 bytes into a destination of size 256
snprintf(key, sizeof(key), "MSG_PENDING/%s", sharename);
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13437
Guenther
Signed-off-by: Guenther Deschner <g...@samba.org>
Reviewed-by: Andreas Schneider <a...@samba.org>
(cherry picked from commit 6326b3415f3e225aafd5912d0965c80abcd7b22c)
-----------------------------------------------------------------------
Summary of changes:
auth/auth_log.c | 2 +-
lib/util/tests/tfork.c | 7 ++---
source3/lib/ldap_escape.c | 2 +-
source3/libnet/libnet_samsync_ldif.c | 3 +-
source3/passdb/pdb_smbpasswd.c | 2 +-
source3/printing/printing.c | 2 +-
source3/registry/reg_perfcount.c | 12 ++++----
source3/utils/smbget.c | 2 +-
source3/utils/smbpasswd.c | 49 +++++++++++++++++----------------
source3/winbindd/wb_getpwsid.c | 15 ++++++++--
source3/winbindd/wb_query_user_list.c | 9 ++++--
source3/winbindd/winbindd_group.c | 12 +++++---
source3/winbindd/winbindd_list_groups.c | 14 +++++++---
source3/winbindd/winbindd_pam.c | 13 +++++++--
source3/winbindd/winbindd_proto.h | 1 -
source3/winbindd/winbindd_util.c | 20 --------------
source4/dsdb/kcc/kcc_topology.c | 5 ++++
source4/dsdb/samdb/ldb_modules/samldb.c | 2 +-
source4/ntvfs/ipc/rap_server.c | 9 ++++--
source4/torture/basic/mangle_test.c | 2 +-
source4/torture/smb2/session.c | 2 +-
21 files changed, 101 insertions(+), 84 deletions(-)
Changeset truncated at 500 lines:
diff --git a/auth/auth_log.c b/auth/auth_log.c
index d4c6c44..72d8f81 100644
--- a/auth/auth_log.c
+++ b/auth/auth_log.c
@@ -350,7 +350,7 @@ static void add_version(struct json_context *context, int
major, int minor)
static void add_timestamp(struct json_context *context)
{
char buffer[40]; /* formatted time less usec and timezone */
- char timestamp[50]; /* the formatted ISO 8601 time stamp */
+ char timestamp[65]; /* the formatted ISO 8601 time stamp */
char tz[10]; /* formatted time zone */
struct tm* tm_info; /* current local time */
struct timeval tv; /* current system time */
diff --git a/lib/util/tests/tfork.c b/lib/util/tests/tfork.c
index 9bcdc2f..3c73355 100644
--- a/lib/util/tests/tfork.c
+++ b/lib/util/tests/tfork.c
@@ -417,8 +417,7 @@ static void *tfork_thread(void *p)
struct tfork *t = NULL;
int status;
pid_t child;
- pthread_t *ptid = (pthread_t *)p;
- uint64_t tid;
+ uint64_t tid = (uint64_t)pthread_self();
uint64_t *result = NULL;
int up[2];
ssize_t nread;
@@ -429,8 +428,6 @@ static void *tfork_thread(void *p)
pthread_exit(NULL);
}
- tid = (uint64_t)*ptid;
-
t = tfork_create();
if (t == NULL) {
pthread_exit(NULL);
@@ -480,7 +477,7 @@ static bool test_tfork_threads(struct torture_context *tctx)
#endif
for (i = 0; i < num_threads; i++) {
- ret = pthread_create(&threads[i], NULL, tfork_thread,
&threads[i]);
+ ret = pthread_create(&threads[i], NULL, tfork_thread, NULL);
torture_assert_goto(tctx, ret == 0, ok, done,
"pthread_create failed\n");
}
diff --git a/source3/lib/ldap_escape.c b/source3/lib/ldap_escape.c
index fa75dab..0d2b8f5 100644
--- a/source3/lib/ldap_escape.c
+++ b/source3/lib/ldap_escape.c
@@ -76,7 +76,7 @@ char *escape_ldap_string(TALLOC_CTX *mem_ctx, const char *s)
output = tmp;
p = &output[i];
- strncpy (p, sub, 3);
+ memcpy(p, sub, 3);
p += 3;
i += 3;
diff --git a/source3/libnet/libnet_samsync_ldif.c
b/source3/libnet/libnet_samsync_ldif.c
index 1702316..e45a755 100644
--- a/source3/libnet/libnet_samsync_ldif.c
+++ b/source3/libnet/libnet_samsync_ldif.c
@@ -646,7 +646,8 @@ static NTSTATUS fetch_account_info_to_ldif(TALLOC_CTX
*mem_ctx,
const char *suffix,
int alloced)
{
- fstring username, logonscript, homedrive, homepath = "", homedir = "";
+ fstring username, logonscript, homedrive, homepath = "";
+ char homedir[262] = {0};
fstring hex_nt_passwd, hex_lm_passwd;
fstring description, profilepath, fullname, sambaSID;
char *flags, *user_rdn;
diff --git a/source3/passdb/pdb_smbpasswd.c b/source3/passdb/pdb_smbpasswd.c
index 9c38147..ec184ca 100644
--- a/source3/passdb/pdb_smbpasswd.c
+++ b/source3/passdb/pdb_smbpasswd.c
@@ -741,7 +741,7 @@ static bool mod_smbfilepwd_entry(struct smbpasswd_privates
*smbpasswd_state, con
char linebuf[LINEBUF_SIZE + 1];
char readbuf[1024];
int c;
- fstring ascii_p16;
+ char ascii_p16[FSTRING_LEN + 20];
fstring encode_bits;
unsigned char *p = NULL;
size_t linebuf_len = 0;
diff --git a/source3/printing/printing.c b/source3/printing/printing.c
index c6c42f3..ed5f489 100644
--- a/source3/printing/printing.c
+++ b/source3/printing/printing.c
@@ -1694,7 +1694,7 @@ extern pid_t background_lpq_updater_pid;
static void print_queue_update(struct messaging_context *msg_ctx,
int snum, bool force)
{
- fstring key;
+ char key[268];
fstring sharename;
char *lpqcommand = NULL;
char *lprmcommand = NULL;
diff --git a/source3/registry/reg_perfcount.c b/source3/registry/reg_perfcount.c
index a8f76ac..db4451e 100644
--- a/source3/registry/reg_perfcount.c
+++ b/source3/registry/reg_perfcount.c
@@ -166,13 +166,12 @@ static uint32_t
_reg_perfcount_multi_sz_from_tdb(TDB_CONTEXT *tdb,
uint32_t buffer_size)
{
TDB_DATA kbuf, dbuf;
- char temp[256];
+ char temp[PERFCOUNT_MAX_LEN] = {0};
char *buf1 = *retbuf;
uint32_t working_size = 0;
DATA_BLOB name_index, name;
bool ok;
- memset(temp, 0, sizeof(temp));
snprintf(temp, sizeof(temp), "%d", keyval);
kbuf = string_tdb_data(temp);
dbuf = tdb_fetch(tdb, kbuf);
@@ -709,13 +708,13 @@ static bool _reg_perfcount_get_instance_info(struct
PERF_INSTANCE_DEFINITION *in
TDB_CONTEXT *names)
{
TDB_DATA key, data;
- char buf[PERFCOUNT_MAX_LEN], temp[PERFCOUNT_MAX_LEN];
+ char buf[PERFCOUNT_MAX_LEN] = {0};
+ char temp[32] = {0};
smb_ucs2_t *name = NULL;
int pad;
/* First grab the instance data from the data file */
- memset(temp, 0, PERFCOUNT_MAX_LEN);
- snprintf(temp, PERFCOUNT_MAX_LEN, "i%d", instId);
+ snprintf(temp, sizeof(temp), "i%d", instId);
_reg_perfcount_make_key(&key, buf, PERFCOUNT_MAX_LEN,
obj->ObjectNameTitleIndex, temp);
if (!_reg_perfcount_get_counter_data(key, &data)) {
DEBUG(3, ("_reg_perfcount_get_counter_data failed\n"));
@@ -739,8 +738,7 @@ static bool _reg_perfcount_get_instance_info(struct
PERF_INSTANCE_DEFINITION *in
SAFE_FREE(data.dptr);
/* Fetch instance name */
- memset(temp, 0, PERFCOUNT_MAX_LEN);
- snprintf(temp, PERFCOUNT_MAX_LEN, "i%dname", instId);
+ snprintf(temp, sizeof(temp), "i%dname", instId);
_reg_perfcount_make_key(&key, buf, PERFCOUNT_MAX_LEN,
obj->ObjectNameTitleIndex, temp);
data = tdb_fetch(names, key);
if(data.dptr == NULL)
diff --git a/source3/utils/smbget.c b/source3/utils/smbget.c
index d2d5e00..e1be429 100644
--- a/source3/utils/smbget.c
+++ b/source3/utils/smbget.c
@@ -288,7 +288,7 @@ static void print_progress(const char *name, time_t start,
time_t now,
double avg = 0.0;
long eta = -1;
double prcnt = 0.0;
- char hpos[20], htotal[20], havg[20];
+ char hpos[22], htotal[22], havg[22];
char *status, *filename;
int len;
if (now - start) {
diff --git a/source3/utils/smbpasswd.c b/source3/utils/smbpasswd.c
index fb7ad28..88847be 100644
--- a/source3/utils/smbpasswd.c
+++ b/source3/utils/smbpasswd.c
@@ -368,36 +368,44 @@ static int process_root(int local_flags)
if (local_flags & LOCAL_TRUST_ACCOUNT) {
/* add the $ automatically */
- static fstring buf;
+ size_t user_name_len = strlen(user_name);
- /*
- * Remove any trailing '$' before we
- * generate the initial machine password.
- */
-
- if (user_name[strlen(user_name)-1] == '$') {
- user_name[strlen(user_name)-1] = 0;
+ if (user_name[user_name_len - 1] == '$') {
+ user_name_len--;
+ } else {
+ if (user_name_len + 2 > sizeof(user_name)) {
+ fprintf(stderr, "machine name too long\n");
+ exit(1);
+ }
+ user_name[user_name_len] = '$';
+ user_name[user_name_len + 1] = '\0';
}
if (local_flags & LOCAL_ADD_USER) {
SAFE_FREE(new_passwd);
- new_passwd = smb_xstrdup(user_name);
+
+ /*
+ * Remove any trailing '$' before we
+ * generate the initial machine password.
+ */
+ new_passwd = smb_xstrndup(user_name, user_name_len);
if (!strlower_m(new_passwd)) {
fprintf(stderr, "strlower_m %s failed\n",
new_passwd);
exit(1);
}
}
-
- /*
- * Now ensure the username ends in '$' for
- * the machine add.
- */
-
- slprintf(buf, sizeof(buf)-1, "%s$", user_name);
- strlcpy(user_name, buf, sizeof(user_name));
} else if (local_flags & LOCAL_INTERDOM_ACCOUNT) {
- static fstring buf;
+ size_t user_name_len = strlen(user_name);
+
+ if (user_name[user_name_len - 1] != '$') {
+ if (user_name_len + 2 > sizeof(user_name)) {
+ fprintf(stderr, "machine name too long\n");
+ exit(1);
+ }
+ user_name[user_name_len] = '$';
+ user_name[user_name_len + 1] = '\0';
+ }
if ((local_flags & LOCAL_ADD_USER) && (new_passwd == NULL)) {
/*
@@ -409,11 +417,6 @@ static int process_root(int local_flags)
exit(1);
}
}
-
- /* prepare uppercased and '$' terminated username */
- slprintf(buf, sizeof(buf) - 1, "%s$", user_name);
- strlcpy(user_name, buf, sizeof(user_name));
-
} else {
if (remote_machine != NULL) {
diff --git a/source3/winbindd/wb_getpwsid.c b/source3/winbindd/wb_getpwsid.c
index 0e58355..0595034 100644
--- a/source3/winbindd/wb_getpwsid.c
+++ b/source3/winbindd/wb_getpwsid.c
@@ -63,7 +63,8 @@ static void wb_getpwsid_queryuser_done(struct tevent_req
*subreq)
req, struct wb_getpwsid_state);
struct winbindd_pw *pw = state->pw;
struct wbint_userinfo *info;
- fstring acct_name, output_username;
+ fstring acct_name;
+ const char *output_username = NULL;
char *mapped_name = NULL;
char *tmp;
NTSTATUS status;
@@ -95,16 +96,24 @@ static void wb_getpwsid_queryuser_done(struct tevent_req
*subreq)
acct_name,
&mapped_name);
if (NT_STATUS_IS_OK(status)) {
- fill_domain_username(output_username,
+ output_username = fill_domain_username_talloc(state,
info->domain_name,
mapped_name, true);
+ if (output_username == NULL) {
+ tevent_req_nterror(req, NT_STATUS_NO_MEMORY);
+ return;
+ }
fstrcpy(acct_name, mapped_name);
} else if (NT_STATUS_EQUAL(status, NT_STATUS_FILE_RENAMED)) {
fstrcpy(acct_name, mapped_name);
} else {
- fill_domain_username(output_username,
+ output_username = fill_domain_username_talloc(state,
info->domain_name,
acct_name, true);
+ if (output_username == NULL) {
+ tevent_req_nterror(req, NT_STATUS_NO_MEMORY);
+ return;
+ }
}
strlcpy(pw->pw_name, output_username, sizeof(pw->pw_name));
diff --git a/source3/winbindd/wb_query_user_list.c
b/source3/winbindd/wb_query_user_list.c
index 3c18080..6d69987 100644
--- a/source3/winbindd/wb_query_user_list.c
+++ b/source3/winbindd/wb_query_user_list.c
@@ -104,11 +104,14 @@ static void wb_query_user_list_done(struct tevent_req
*subreq)
for (i=0; i<state->names.num_principals; i++) {
struct wbint_Principal *p = &state->names.principals[i];
- fstring name;
+ const char *name;
int ret;
- fill_domain_username(name, state->domain_name, p->name, true);
-
+ name = fill_domain_username_talloc(state, state->domain_name,
p->name, true);
+ if (name == NULL) {
+ tevent_req_nterror(req, NT_STATUS_NO_MEMORY);
+ return;
+ }
ret = strv_add(state, &state->users, name);
if (ret != 0) {
tevent_req_nterror(req, map_nt_error_from_unix(ret));
diff --git a/source3/winbindd/winbindd_group.c
b/source3/winbindd/winbindd_group.c
index ec95bf4..098d2f6 100644
--- a/source3/winbindd/winbindd_group.c
+++ b/source3/winbindd/winbindd_group.c
@@ -33,7 +33,7 @@
bool fill_grent(TALLOC_CTX *mem_ctx, struct winbindd_gr *gr,
const char *dom_name, const char *gr_name, gid_t unix_gid)
{
- fstring full_group_name;
+ const char *full_group_name;
char *mapped_name = NULL;
NTSTATUS nt_status = NT_STATUS_UNSUCCESSFUL;
@@ -42,19 +42,23 @@ bool fill_grent(TALLOC_CTX *mem_ctx, struct winbindd_gr *gr,
/* Basic whitespace replacement */
if (NT_STATUS_IS_OK(nt_status)) {
- fill_domain_username(full_group_name, dom_name,
+ full_group_name = fill_domain_username_talloc(mem_ctx, dom_name,
mapped_name, true);
}
/* Mapped to an aliase */
else if (NT_STATUS_EQUAL(nt_status, NT_STATUS_FILE_RENAMED)) {
- fstrcpy(full_group_name, mapped_name);
+ full_group_name = mapped_name;
}
/* no change */
else {
- fill_domain_username( full_group_name, dom_name,
+ full_group_name = fill_domain_username_talloc(mem_ctx, dom_name,
gr_name, True );
}
+ if (full_group_name == NULL) {
+ return false;
+ }
+
gr->gr_gid = unix_gid;
/* Group name and password */
diff --git a/source3/winbindd/winbindd_list_groups.c
b/source3/winbindd/winbindd_list_groups.c
index 3b5c9dd..03caef3 100644
--- a/source3/winbindd/winbindd_list_groups.c
+++ b/source3/winbindd/winbindd_list_groups.c
@@ -166,10 +166,13 @@ NTSTATUS winbindd_list_groups_recv(struct tevent_req *req,
struct winbindd_list_groups_domstate *d = &state->domains[i];
for (j=0; j<d->groups.num_principals; j++) {
- fstring name;
- fill_domain_username(name, d->domain->name,
+ const char *name;
+ name = fill_domain_username_talloc(response,
d->domain->name,
d->groups.principals[j].name,
True);
+ if (name == NULL) {
+ return NT_STATUS_NO_MEMORY;
+ }
len += strlen(name)+1;
}
response->data.num_entries += d->groups.num_principals;
@@ -185,11 +188,14 @@ NTSTATUS winbindd_list_groups_recv(struct tevent_req *req,
struct winbindd_list_groups_domstate *d = &state->domains[i];
for (j=0; j<d->groups.num_principals; j++) {
- fstring name;
+ const char *name;
size_t this_len;
- fill_domain_username(name, d->domain->name,
+ name = fill_domain_username_talloc(response,
d->domain->name,
d->groups.principals[j].name,
True);
+ if (name == NULL) {
+ return NT_STATUS_NO_MEMORY;
+ }
this_len = strlen(name);
memcpy(result+len, name, this_len);
len += this_len;
diff --git a/source3/winbindd/winbindd_pam.c b/source3/winbindd/winbindd_pam.c
index 8abd8f0..7660793 100644
--- a/source3/winbindd/winbindd_pam.c
+++ b/source3/winbindd/winbindd_pam.c
@@ -159,7 +159,7 @@ static NTSTATUS append_unix_username(TALLOC_CTX *mem_ctx,
/* We've been asked to return the unix username, per
'winbind use default domain' settings and the like */
- const char *nt_username, *nt_domain;
+ const char *nt_username, *nt_domain, *unix_username;
nt_domain = talloc_strdup(mem_ctx, info3->base.logon_domain.string);
if (!nt_domain) {
@@ -175,8 +175,15 @@ static NTSTATUS append_unix_username(TALLOC_CTX *mem_ctx,
nt_username = name_user;
}
- fill_domain_username(resp->data.auth.unix_username,
- nt_domain, nt_username, true);
+ unix_username = fill_domain_username_talloc(mem_ctx,
+ nt_domain,
+ nt_username,
+ true);
+ if (unix_username == NULL) {
+ return NT_STATUS_NO_MEMORY;
+ }
+
+ fstrcpy(resp->data.auth.unix_username, unix_username);
DEBUG(5, ("Setting unix username to [%s]\n",
resp->data.auth.unix_username));
diff --git a/source3/winbindd/winbindd_proto.h
b/source3/winbindd/winbindd_proto.h
index 25fae5f..3ff9121 100644
--- a/source3/winbindd/winbindd_proto.h
+++ b/source3/winbindd/winbindd_proto.h
@@ -488,7 +488,6 @@ bool parse_domain_user(const char *domuser, fstring domain,
fstring user);
bool parse_domain_user_talloc(TALLOC_CTX *mem_ctx, const char *domuser,
char **domain, char **user);
bool canonicalize_username(fstring username_inout, fstring domain, fstring
user);
-void fill_domain_username(fstring name, const char *domain, const char *user,
bool can_assume);
char *fill_domain_username_talloc(TALLOC_CTX *ctx,
const char *domain,
const char *user,
diff --git a/source3/winbindd/winbindd_util.c b/source3/winbindd/winbindd_util.c
index 2db8eaa..fbacf3e 100644
--- a/source3/winbindd/winbindd_util.c
+++ b/source3/winbindd/winbindd_util.c
@@ -1190,26 +1190,6 @@ bool canonicalize_username(fstring username_inout,
fstring domain, fstring user)
We always canonicalize as UPPERCASE DOMAIN, lowercase username.
*/
-void fill_domain_username(fstring name, const char *domain, const char *user,
bool can_assume)
-{
- fstring tmp_user;
-
- if (lp_server_role() == ROLE_ACTIVE_DIRECTORY_DC) {
- can_assume = false;
- }
-
- fstrcpy(tmp_user, user);
- (void)strlower_m(tmp_user);
-
- if (can_assume && assume_domain(domain)) {
- strlcpy(name, tmp_user, sizeof(fstring));
- } else {
- slprintf(name, sizeof(fstring) - 1, "%s%c%s",
- domain, *lp_winbind_separator(),
- tmp_user);
- }
-}
-
/**
* talloc version of fill_domain_username()
* return NULL on talloc failure.
diff --git a/source4/dsdb/kcc/kcc_topology.c b/source4/dsdb/kcc/kcc_topology.c
index 0e136ed..de69f0a 100644
--- a/source4/dsdb/kcc/kcc_topology.c
+++ b/source4/dsdb/kcc/kcc_topology.c
@@ -1327,6 +1327,11 @@ static NTSTATUS kcctpl_get_all_bridgehead_dcs(struct
kccsrv_service *service,
}
if (site_opts & NTDSSETTINGS_OPT_IS_RAND_BH_SELECTION_DISABLED) {
+ if (bridgeheads.data == NULL || bridgeheads.count == 0) {
+ talloc_free(tmp_ctx);
+ return NT_STATUS_INVALID_PARAMETER;
+ }
+
qsort(bridgeheads.data, bridgeheads.count,
sizeof(struct ldb_message), kcctpl_sort_bridgeheads);
} else {
diff --git a/source4/dsdb/samdb/ldb_modules/samldb.c
b/source4/dsdb/samdb/ldb_modules/samldb.c
index 11da629..734d0be 100644
--- a/source4/dsdb/samdb/ldb_modules/samldb.c
+++ b/source4/dsdb/samdb/ldb_modules/samldb.c
@@ -345,7 +345,7 @@ static int samldb_generate_next_linkid(struct samldb_ctx
*ac,
static int samldb_schema_add_handle_linkid(struct samldb_ctx *ac)
{
int ret;
- bool ok, found;
+ bool ok, found = false;
struct ldb_message_element *el;
const char *enc_str;
const struct dsdb_attribute *attr;
diff --git a/source4/ntvfs/ipc/rap_server.c b/source4/ntvfs/ipc/rap_server.c
index 3a133f5..fc2d3aa 100644
--- a/source4/ntvfs/ipc/rap_server.c
+++ b/source4/ntvfs/ipc/rap_server.c
@@ -63,13 +63,18 @@ NTSTATUS rap_netshareenum(TALLOC_CTX *mem_ctx,
union rap_share_info, r->out.available);
for (i = 0, j = 0; i < r->out.available; i++) {
+ size_t sname_len;
+
if (!NT_STATUS_IS_OK(share_get_config(mem_ctx, sctx, snames[i],
&scfg))) {
DEBUG(3, ("WARNING: Service [%s] disappeared after
enumeration!\n", snames[i]));
continue;
}
- strncpy((char *)r->out.info[j].info1.share_name,
+ /* Make sure we have NUL-termination */
+ sname_len = MIN(strlen(snames[i]),
+ sizeof(r->out.info[j].info1.share_name));
+ strlcpy((char *)r->out.info[j].info1.share_name,
snames[i],
- sizeof(r->out.info[0].info1.share_name));
--
Samba Shared Repository
