The branch, master has been updated
via 1a86474912d s3:libsmb: Return early if dir is NULL
via 6d021d64c65 s3:mdssd: Fix creating binding string for error message
via b20da08d413 s3:lsasd: Fix creating binding string for error message
via 35e977156c7 s3:spoolssd: Fix creating binding string for error
message
via 12b9e4408d7 winexe: Fix a possible null pointer derference
via 6123bd25ada s3:libsmb: Fix clang warnings that fnum might be used
uninitialized
from 53274d11488 samba_upgradedns: Do not print confusing logs about
missing .zone files
https://git.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 1a86474912d98dbecd45ee1f85009bcab77ea7b9
Author: Andreas Schneider <a...@samba.org>
Date: Wed Nov 25 13:01:46 2020 +0100
s3:libsmb: Return early if dir is NULL
This makes sure we do not dereference a NULL poineter.
Found by covscan.
Signed-off-by: Andreas Schneider <a...@samba.org>
Reviewed-by: Andrew Bartlett <abart...@samba.org>
Autobuild-User(master): Andreas Schneider <a...@cryptomilk.org>
Autobuild-Date(master): Thu Nov 26 11:07:09 UTC 2020 on sn-devel-184
commit 6d021d64c651b73d4e904240d62dbaf992cf4634
Author: Andreas Schneider <a...@samba.org>
Date: Wed Nov 25 12:55:56 2020 +0100
s3:mdssd: Fix creating binding string for error message
Found by covscan.
Signed-off-by: Andreas Schneider <a...@samba.org>
Reviewed-by: Andrew Bartlett <abart...@samba.org>
commit b20da08d4135d73548bde1452603108fffc29f6d
Author: Andreas Schneider <a...@samba.org>
Date: Wed Nov 25 12:55:24 2020 +0100
s3:lsasd: Fix creating binding string for error message
Found by covscan.
Signed-off-by: Andreas Schneider <a...@samba.org>
Reviewed-by: Andrew Bartlett <abart...@samba.org>
commit 35e977156c779a1405a7eadba794fb45fb41f625
Author: Andreas Schneider <a...@samba.org>
Date: Wed Nov 25 11:46:05 2020 +0100
s3:spoolssd: Fix creating binding string for error message
Found by covscan.
Signed-off-by: Andreas Schneider <a...@samba.org>
Reviewed-by: Andrew Bartlett <abart...@samba.org>
commit 12b9e4408d7e1edd1741d5afdf359bca82d3f75e
Author: Andreas Schneider <a...@samba.org>
Date: Wed Nov 25 11:38:01 2020 +0100
winexe: Fix a possible null pointer derference
Signed-off-by: Andreas Schneider <a...@samba.org>
Reviewed-by: Andrew Bartlett <abart...@samba.org>
commit 6123bd25ada0058973fe2ef8a13d59219c39255a
Author: Andreas Schneider <a...@samba.org>
Date: Wed Nov 25 11:34:09 2020 +0100
s3:libsmb: Fix clang warnings that fnum might be used uninitialized
Found by covscan.
Signed-off-by: Andreas Schneider <a...@samba.org>
Reviewed-by: Andrew Bartlett <abart...@samba.org>
-----------------------------------------------------------------------
Summary of changes:
examples/winexe/winexe.c | 22 +++++++++++++---------
source3/libsmb/cli_smb2_fnum.c | 8 ++++----
source3/libsmb/libsmb_dir.c | 16 +++++++++-------
source3/printing/spoolssd.c | 7 +++++--
source3/rpc_server/lsasd.c | 7 +++++--
source3/rpc_server/mdssd.c | 7 +++++--
6 files changed, 41 insertions(+), 26 deletions(-)
Changeset truncated at 500 lines:
diff --git a/examples/winexe/winexe.c b/examples/winexe/winexe.c
index 95386211c0a..529858ccbb8 100644
--- a/examples/winexe/winexe.c
+++ b/examples/winexe/winexe.c
@@ -347,7 +347,7 @@ static NTSTATUS winexe_svc_upload(
int flags)
{
struct cli_state *cli;
- uint16_t fnum;
+ uint16_t fnum = 0xffff;
NTSTATUS status;
const DATA_BLOB *binary = NULL;
@@ -389,7 +389,7 @@ static NTSTATUS winexe_svc_upload(
}
if (binary == NULL) {
- //TODO
+ goto done;
}
status = cli_ntcreate(
@@ -420,16 +420,20 @@ static NTSTATUS winexe_svc_upload(
NULL);
if (!NT_STATUS_IS_OK(status)) {
DBG_WARNING("Could not write file: %s\n", nt_errstr(status));
- goto close_done;
+ goto done;
}
-close_done:
- status = cli_close(cli, fnum);
- if (!NT_STATUS_IS_OK(status)) {
- DBG_WARNING("Close(%"PRIu16") failed for %s: %s\n", fnum,
- service_filename, nt_errstr(status));
- }
done:
+ if (fnum != 0xffff) {
+ status = cli_close(cli, fnum);
+ if (!NT_STATUS_IS_OK(status)) {
+ DBG_WARNING("Close(%"PRIu16") failed for %s: %s\n",
+ fnum,
+ service_filename,
+ nt_errstr(status));
+ }
+ }
+
TALLOC_FREE(cli);
return status;
}
diff --git a/source3/libsmb/cli_smb2_fnum.c b/source3/libsmb/cli_smb2_fnum.c
index 2dd76de967a..f70639e41bd 100644
--- a/source3/libsmb/cli_smb2_fnum.c
+++ b/source3/libsmb/cli_smb2_fnum.c
@@ -815,7 +815,7 @@ static void cli_smb2_mkdir_opened(struct tevent_req *subreq)
struct cli_smb2_mkdir_state *state = tevent_req_data(
req, struct cli_smb2_mkdir_state);
NTSTATUS status;
- uint16_t fnum;
+ uint16_t fnum = 0xffff;
status = cli_smb2_create_fnum_recv(subreq, &fnum, NULL, NULL, NULL);
TALLOC_FREE(subreq);
@@ -1082,7 +1082,7 @@ static void cli_smb2_unlink_opened1(struct tevent_req
*subreq)
subreq, struct tevent_req);
struct cli_smb2_unlink_state *state = tevent_req_data(
req, struct cli_smb2_unlink_state);
- uint16_t fnum;
+ uint16_t fnum = 0xffff;
NTSTATUS status;
status = cli_smb2_create_fnum_recv(subreq, &fnum, NULL, NULL, NULL);
@@ -1135,7 +1135,7 @@ static void cli_smb2_unlink_opened2(struct tevent_req
*subreq)
subreq, struct tevent_req);
struct cli_smb2_unlink_state *state = tevent_req_data(
req, struct cli_smb2_unlink_state);
- uint16_t fnum;
+ uint16_t fnum = 0xffff;
NTSTATUS status;
status = cli_smb2_create_fnum_recv(subreq, &fnum, NULL, NULL, NULL);
@@ -1682,7 +1682,7 @@ static void cli_smb2_chkpath_opened(struct tevent_req
*subreq)
struct cli_smb2_chkpath_state *state = tevent_req_data(
req, struct cli_smb2_chkpath_state);
NTSTATUS status;
- uint16_t fnum;
+ uint16_t fnum = 0xffff;
status = cli_smb2_create_fnum_recv(subreq, &fnum, NULL, NULL, NULL);
TALLOC_FREE(subreq);
diff --git a/source3/libsmb/libsmb_dir.c b/source3/libsmb/libsmb_dir.c
index 27d0fbd4db5..f1596b743ef 100644
--- a/source3/libsmb/libsmb_dir.c
+++ b/source3/libsmb/libsmb_dir.c
@@ -1041,14 +1041,19 @@ int
SMBC_closedir_ctx(SMBCCTX *context,
SMBCFILE *dir)
{
- TALLOC_CTX *frame = talloc_stackframe();
+ TALLOC_CTX *frame = NULL;
if (!context || !context->internal->initialized) {
errno = EINVAL;
- TALLOC_FREE(frame);
return -1;
}
+ if (dir == NULL) {
+ return 0;
+ }
+
+ frame = talloc_stackframe();
+
if (!SMBC_dlist_contains(context->internal->files, dir)) {
errno = EBADF;
TALLOC_FREE(frame);
@@ -1060,11 +1065,8 @@ SMBC_closedir_ctx(SMBCCTX *context,
DLIST_REMOVE(context->internal->files, dir);
- if (dir) {
-
- SAFE_FREE(dir->fname);
- SAFE_FREE(dir); /* Free the space too */
- }
+ SAFE_FREE(dir->fname);
+ SAFE_FREE(dir); /* Free the space too */
TALLOC_FREE(frame);
return 0;
diff --git a/source3/printing/spoolssd.c b/source3/printing/spoolssd.c
index bf10b19e4a0..babec72e299 100644
--- a/source3/printing/spoolssd.c
+++ b/source3/printing/spoolssd.c
@@ -611,8 +611,11 @@ static NTSTATUS spoolssd_create_sockets(struct
tevent_context *ev_ctx,
for (i = 0; i < *listen_fd_size; i++) {
rc = listen(listen_fd[i].fd,
pf_spoolss_cfg.max_allowed_clients);
if (rc == -1) {
- char *ep_string = dcerpc_binding_string(
- dce_ctx, e->ep_description);
+ char *ep_string = NULL;
+
+ e = listen_fd[i].fd_data;
+ ep_string = dcerpc_binding_string(dce_ctx,
+ e->ep_description);
DBG_ERR("Failed to listen on endpoint '%s': %s\n",
ep_string, strerror(errno));
status = map_nt_error_from_unix(errno);
diff --git a/source3/rpc_server/lsasd.c b/source3/rpc_server/lsasd.c
index aeeb4d7f10d..2c1fc2db5d0 100644
--- a/source3/rpc_server/lsasd.c
+++ b/source3/rpc_server/lsasd.c
@@ -576,8 +576,11 @@ static NTSTATUS lsasd_create_sockets(struct tevent_context
*ev_ctx,
for (i = 0; i < *listen_fd_size; i++) {
rc = listen(listen_fd[i].fd, pf_lsasd_cfg.max_allowed_clients);
if (rc == -1) {
- char *ep_string = dcerpc_binding_string(
- dce_ctx, e->ep_description);
+ char *ep_string = NULL;
+
+ e = listen_fd[i].fd_data;
+ ep_string = dcerpc_binding_string(dce_ctx,
+ e->ep_description);
DBG_ERR("Failed to listen on endpoint '%s': %s\n",
ep_string, strerror(errno));
status = map_nt_error_from_unix(errno);
diff --git a/source3/rpc_server/mdssd.c b/source3/rpc_server/mdssd.c
index baab1039e2e..d4ef815cd6c 100644
--- a/source3/rpc_server/mdssd.c
+++ b/source3/rpc_server/mdssd.c
@@ -526,8 +526,11 @@ static NTSTATUS mdssd_create_sockets(struct tevent_context
*ev_ctx,
for (i = 0; i < *listen_fd_size; i++) {
rc = listen(listen_fd[i].fd, pf_mdssd_cfg.max_allowed_clients);
if (rc == -1) {
- char *ep_string = dcerpc_binding_string(
- dce_ctx, e->ep_description);
+ char *ep_string = NULL;
+
+ e = listen_fd[i].fd_data;
+ ep_string = dcerpc_binding_string(dce_ctx,
+ e->ep_description);
DBG_ERR("Failed to listen on endpoint '%s': %s\n",
ep_string, strerror(errno));
status = map_nt_error_from_unix(errno);
--
Samba Shared Repository
