The branch, master has been updated
via 0c8174c libsmb: Fix CID 1438243 Unchecked return value
via ee3dd90 libsmb: Fix CID 1438244 Unsigned compared against 0
via 01d9be2 smbd: Fix CID 1438245 Dereference before null check
via 60c0a2b smbd: Fix CID 1438246 Unchecked return value
via 5b54ced smbd: Align integer types
from 0530ccc s3:waf: Install eventlogadm to /usr/sbin
https://git.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 0c8174cf9221ce5635073bb4a29e782f81f67dc5
Author: Volker Lendecke <[email protected]>
Date: Wed Aug 8 10:14:26 2018 +0200
libsmb: Fix CID 1438243 Unchecked return value
Signed-off-by: Volker Lendecke <[email protected]>
Reviewed-by: Jeremy Allison <[email protected]>
Autobuild-User(master): Jeremy Allison <[email protected]>
Autobuild-Date(master): Wed Aug 8 23:10:22 CEST 2018 on sn-devel-144
commit ee3dd90a76f649b3bec5063cddf9293ed4d5a82c
Author: Volker Lendecke <[email protected]>
Date: Wed Aug 8 10:08:38 2018 +0200
libsmb: Fix CID 1438244 Unsigned compared against 0
ndr_size_dom_sid returns a size_t, so that can't be <0. Also, the only
case that ndr_size_dom_sid returns 0 is a NULL sid
pointer. ndr_size_dom_sid can reasonably be assumed to not overflow, the
number of sub-auths is a uint8. That times 4 plus 8 always fits into a
size_t.
Signed-off-by: Volker Lendecke <[email protected]>
Reviewed-by: Jeremy Allison <[email protected]>
commit 01d9be278796e6ce73dd48939118ca492f08445c
Author: Volker Lendecke <[email protected]>
Date: Tue Aug 7 22:50:52 2018 +0200
smbd: Fix CID 1438245 Dereference before null check
Signed-off-by: Volker Lendecke <[email protected]>
Reviewed-by: Jeremy Allison <[email protected]>
commit 60c0a2b384d935e2ef6ffe5d167a423b1b2e7af8
Author: Volker Lendecke <[email protected]>
Date: Tue Aug 7 22:49:16 2018 +0200
smbd: Fix CID 1438246 Unchecked return value
Signed-off-by: Volker Lendecke <[email protected]>
Reviewed-by: Jeremy Allison <[email protected]>
commit 5b54ced31678999842f621e0023674dc920e28a9
Author: Volker Lendecke <[email protected]>
Date: Tue Aug 7 22:48:58 2018 +0200
smbd: Align integer types
Signed-off-by: Volker Lendecke <[email protected]>
Reviewed-by: Jeremy Allison <[email protected]>
-----------------------------------------------------------------------
Summary of changes:
source3/libsmb/cli_smb2_fnum.c | 4 ----
source3/libsmb/cliquota.c | 9 ++++++++-
source3/smbd/nttrans.c | 15 ++++++++++++---
3 files changed, 20 insertions(+), 8 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source3/libsmb/cli_smb2_fnum.c b/source3/libsmb/cli_smb2_fnum.c
index 3537932..74f2f2e 100644
--- a/source3/libsmb/cli_smb2_fnum.c
+++ b/source3/libsmb/cli_smb2_fnum.c
@@ -2943,10 +2943,6 @@ NTSTATUS cli_smb2_get_user_quota(struct cli_state *cli,
sid_len = ndr_size_dom_sid(&pqt->sid, 0);
query.return_single = 1;
- if (sid_len < 0) {
- status = NT_STATUS_INVALID_PARAMETER;
- goto fail;
- }
info.next_entry_offset = 0;
info.sid_length = sid_len;
diff --git a/source3/libsmb/cliquota.c b/source3/libsmb/cliquota.c
index 8efd2bb..52f98eb 100644
--- a/source3/libsmb/cliquota.c
+++ b/source3/libsmb/cliquota.c
@@ -649,7 +649,14 @@ NTSTATUS fill_quota_buffer(TALLOC_CTX *mem_ctx,
/* pidl will align to 8 bytes due to 8 byte members*/
/* Remember how much align padding we've used. */
padding = qndr->offset;
- ndr_push_align(qndr, 8);
+
+ err = ndr_push_align(qndr, 8);
+ if (!NDR_ERR_CODE_IS_SUCCESS(err)) {
+ DBG_DEBUG("ndr_push_align returned %s\n",
+ ndr_map_error2string(err));
+ return ndr_map_error2ntstatus(err);
+ }
+
padding = qndr->offset - padding;
/*
diff --git a/source3/smbd/nttrans.c b/source3/smbd/nttrans.c
index 5937380..6847076 100644
--- a/source3/smbd/nttrans.c
+++ b/source3/smbd/nttrans.c
@@ -2301,7 +2301,7 @@ static enum ndr_err_code fill_qtlist_from_sids(TALLOC_CTX
*mem_ctx,
struct dom_sid *sids,
uint32_t elems)
{
- int i;
+ uint32_t i;
TALLOC_CTX *list_ctx = NULL;
list_ctx = talloc_init("quota_sid_list");
@@ -2317,6 +2317,7 @@ static enum ndr_err_code fill_qtlist_from_sids(TALLOC_CTX
*mem_ctx,
for (i = 0; i < elems; i++) {
SMB_NTQUOTA_STRUCT qt;
SMB_NTQUOTA_LIST *list_item;
+ bool ok;
if (!NT_STATUS_IS_OK(vfs_get_ntquota(fsp,
SMB_USER_QUOTA_TYPE,
@@ -2333,7 +2334,15 @@ static enum ndr_err_code
fill_qtlist_from_sids(TALLOC_CTX *mem_ctx,
return NDR_ERR_ALLOC;
}
- sid_to_uid(&sids[i], &list_item->uid);
+ ok = sid_to_uid(&sids[i], &list_item->uid);
+ if (!ok) {
+ char buf[DOM_SID_STR_BUFLEN];
+ dom_sid_string_buf(&sids[i], buf, sizeof(buf));
+ DBG_WARNING("Could not convert SID %s to uid\n", buf);
+ /* No idea what to return here... */
+ return NDR_ERR_INVALID_POINTER;
+ }
+
list_item->quotas = talloc_zero(list_item, SMB_NTQUOTA_STRUCT);
if (list_item->quotas == NULL) {
DBG_ERR("failed to allocate\n");
@@ -2450,7 +2459,7 @@ static enum ndr_err_code extract_sids_from_buf(TALLOC_CTX
*mem_ctx,
}
}
*sids = talloc_zero_array(mem_ctx, struct dom_sid, i);
- if (!sids) {
+ if (*sids == NULL) {
DBG_ERR("OOM\n");
err = NDR_ERR_ALLOC;
goto done;
--
Samba Shared Repository
