The branch, master has been updated
via cebf26d0624 s3:modules: Fix possible dereference of NULL for fio
via 2e649846348 s3:libnet: Fix dereference of NULL win7
via 82f53c82ed6 s3:libnet: Fix dead code in libnet_join.c
via 5ac87622568 ctdb:utils: Improve error handling of hex_decode()
via 41c86c9dda3 s3:rpc_server: Fix possible NULL dereference
via 46460025175 s3:smbd: Fix dereferencing null pointer "fsp"
via 728600a40f9 s3:smbd: Fix trailing whitespaces in dosmode.c
via 4d7ed39fd8f s3:modules: Fix the horrible vfs_crossrename module
via 41ebb7f68c5 s3:modules: VFS CAP symlinkat always fails
from 745af26a1a6 s3: includes: Make the comments describing itime
consistent. Always use "invented" time.
https://git.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit cebf26d0624489db3cbf5e31e97c4a92771758f0
Author: Pavel Filipenský <pfili...@redhat.com>
Date: Mon Jan 10 13:26:25 2022 +0100
s3:modules: Fix possible dereference of NULL for fio
We do not check consistently for fio being NULL in this file.
Found by covescan.
Pair-Programmed-With: Andreas Schneider <a...@samba.org>
Signed-off-by: Pavel Filipenský <pfili...@redhat.com>
Signed-off-by: Andreas Schneider <a...@samba.org>
Reviewed-by: Jeremy Allison <j...@samba.org>
Autobuild-User(master): Jeremy Allison <j...@samba.org>
Autobuild-Date(master): Tue Jan 11 00:22:09 UTC 2022 on sn-devel-184
commit 2e649846348ad6ce451b32ab534ac0030ccc7c0f
Author: Pavel Filipenský <pfili...@redhat.com>
Date: Mon Jan 10 13:24:22 2022 +0100
s3:libnet: Fix dereference of NULL win7
Found by covscan.
Pair-Programmed-With: Andreas Schneider <a...@samba.org>
Signed-off-by: Pavel Filipenský <pfili...@redhat.com>
Signed-off-by: Andreas Schneider <a...@samba.org>
Reviewed-by: Jeremy Allison <j...@samba.org>
commit 82f53c82ed6ec4818bb1e2220e25e76fee7cb23e
Author: Pavel Filipenský <pfili...@redhat.com>
Date: Fri Jan 7 14:11:53 2022 +0100
s3:libnet: Fix dead code in libnet_join.c
Found by covscan.
Pair-programmed-with: Andreas Schneider <a...@samba.org>
Signed-off-by: Pavel Filipenský <pfili...@redhat.com>
Signed-off-by: Andreas Schneider <a...@samba.org>
Reviewed-by: Jeremy Allison <j...@samba.org>
commit 5ac8762256830f1c7e48dcc9684802f00fc3b5c2
Author: Pavel Filipenský <pfili...@redhat.com>
Date: Fri Jan 7 11:57:08 2022 +0100
ctdb:utils: Improve error handling of hex_decode()
This has been found by covscan and make analyzers happy.
Pair-programmed-with: Andreas Schneider <a...@samba.org>
Signed-off-by: Pavel Filipenský <pfili...@redhat.com>
Signed-off-by: Andreas Schneider <a...@samba.org>
Reviewed-by: Jeremy Allison <j...@samba.org>
commit 41c86c9dda3fd7a733f54fa1af31adec96bb4a33
Author: Pavel Filipenský <pfili...@redhat.com>
Date: Fri Jan 7 11:50:16 2022 +0100
s3:rpc_server: Fix possible NULL dereference
Found by covscan.
Pair-Programmed-With: Andreas Schneider <a...@samba.org>
Signed-off-by: Pavel Filipenský <pfili...@redhat.com>
Signed-off-by: Andreas Schneider <a...@samba.org>
Reviewed-by: Jeremy Allison <j...@samba.org>
commit 46460025175e83fbb47a510e412d83b1b2573db9
Author: Pavel Filipenský <pfili...@redhat.com>
Date: Fri Jan 7 21:18:59 2022 +0100
s3:smbd: Fix dereferencing null pointer "fsp"
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14942
Remove fsp which is always NULL and replace it with smb_fname->fsp.
Found by covscan.
Signed-off-by: Pavel Filipenský <pfili...@redhat.com>
Reviewed-by: Andreas Schneider <a...@samba.org>
Reviewed-by: Jeremy Allison <j...@samba.org>
commit 728600a40f939de3172bbe429e17ea65ff21699a
Author: Pavel Filipenský <pfili...@redhat.com>
Date: Fri Jan 7 21:18:59 2022 +0100
s3:smbd: Fix trailing whitespaces in dosmode.c
Signed-off-by: Pavel Filipenský <pfili...@redhat.com>
Reviewed-by: Andreas Schneider <a...@samba.org>
Reviewed-by: Jeremy Allison <j...@samba.org>
commit 4d7ed39fd8fa18f90756f215c8b0fc5d293e955e
Author: Pavel Filipenský <pfili...@redhat.com>
Date: Fri Jan 7 13:16:26 2022 +0100
s3:modules: Fix the horrible vfs_crossrename module
It really has to be removed! ;-)
Found by covscan. The code always leaves here as the dst variable
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14940
Pair-programmed-with: Andreas Schneider <a...@samba.org>
Signed-off-by: Pavel Filipenský <pfili...@redhat.com>
Signed-off-by: Andreas Schneider <a...@samba.org>
Reviewed-by: Jeremy Allison <j...@samba.org>
commit 41ebb7f68c5b21492f503afc4cb341a97654a43d
Author: Pavel Filipenský <pfili...@redhat.com>
Date: Fri Jan 7 13:55:38 2022 +0100
s3:modules: VFS CAP symlinkat always fails
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14941
Found by covscan.
Since capnew is initialized by NULL, checking it too early makes the
rest of the function a dead code.
Pair-programmed-with: Andreas Schneider <a...@samba.org>
Signed-off-by: Pavel Filipenský <pfili...@redhat.com>
Signed-off-by: Andreas Schneider <a...@samba.org>
Reviewed-by: Jeremy Allison <j...@samba.org>
-----------------------------------------------------------------------
Summary of changes:
ctdb/utils/tdb/tdb_mutex_check.c | 24 ++++++++++++-----
source3/libnet/libnet_join.c | 5 ++--
source3/libnet/libnet_join_offline.c | 3 +++
source3/modules/vfs_cap.c | 2 +-
source3/modules/vfs_crossrename.c | 2 +-
source3/modules/vfs_fruit.c | 41 ++++++++++++++++++-----------
source3/rpc_server/netlogon/srv_netlog_nt.c | 14 ++++------
source3/smbd/dosmode.c | 19 +++++++------
8 files changed, 65 insertions(+), 45 deletions(-)
Changeset truncated at 500 lines:
diff --git a/ctdb/utils/tdb/tdb_mutex_check.c b/ctdb/utils/tdb/tdb_mutex_check.c
index da794b8dab5..4da0c40d41b 100644
--- a/ctdb/utils/tdb/tdb_mutex_check.c
+++ b/ctdb/utils/tdb/tdb_mutex_check.c
@@ -30,30 +30,42 @@
#include "lib/tdb/common/tdb_private.h"
#include "lib/tdb/common/mutex.c"
-static uint8_t *hex_decode(const char *hex_in, size_t *len)
+static uint8_t *hex_decode(const char *hex_in, size_t *plen)
{
size_t i;
int num;
uint8_t *buffer;
+ size_t len;
- *len = strlen(hex_in) / 2;
- buffer = malloc(*len);
+ len = strlen(hex_in) / 2;
+ if (len == 0) {
+ return NULL;
+ }
+
+ buffer = malloc(len);
+ if (buffer == NULL) {
+ return NULL;
+ }
- for (i=0; i<*len; i++) {
+ for (i = 0; i < len; i++) {
sscanf(&hex_in[i*2], "%02X", &num);
buffer[i] = (uint8_t)num;
}
+ *plen = len;
+
return buffer;
}
static int get_hash_chain(struct tdb_context *tdb, const char *hex_key)
{
- TDB_DATA key;
+ TDB_DATA key = {
+ .dsize = 0,
+ };
unsigned int hash;
key.dptr = hex_decode(hex_key, &key.dsize);
- if (key.dsize == 0) {
+ if (key.dptr == NULL || key.dsize == 0) {
return -1;
}
hash = tdb_jenkins_hash(&key);
diff --git a/source3/libnet/libnet_join.c b/source3/libnet/libnet_join.c
index 02705f1c70c..00d71b97f2a 100644
--- a/source3/libnet/libnet_join.c
+++ b/source3/libnet/libnet_join.c
@@ -2669,7 +2669,6 @@ static WERROR libnet_DomainJoin(TALLOC_CTX *mem_ctx,
ADS_STATUS ads_status;
#endif /* HAVE_ADS */
const char *pre_connect_realm = NULL;
- const char *numeric_dcip = NULL;
const char *sitename = NULL;
struct netr_DsRGetDCNameInfo *info;
const char *dc;
@@ -2731,7 +2730,6 @@ static WERROR libnet_DomainJoin(TALLOC_CTX *mem_ctx,
return WERR_NERR_DCNOTFOUND;
}
- numeric_dcip = info->dc_address + 2;
sitename = info->dc_site_name;
/* info goes out of scope but the memory stays
allocated on the talloc context */
@@ -2741,8 +2739,9 @@ static WERROR libnet_DomainJoin(TALLOC_CTX *mem_ctx,
if (pre_connect_realm != NULL) {
struct sockaddr_storage ss = {0};
+ const char *numeric_dcip = info->dc_address + 2;
- if (numeric_dcip != NULL) {
+ if (numeric_dcip[0] == '\0') {
if (!interpret_string_addr(&ss, numeric_dcip,
AI_NUMERICHOST)) {
DBG_ERR(
diff --git a/source3/libnet/libnet_join_offline.c
b/source3/libnet/libnet_join_offline.c
index 33380207209..d1317ddfbea 100644
--- a/source3/libnet/libnet_join_offline.c
+++ b/source3/libnet/libnet_join_offline.c
@@ -175,6 +175,9 @@ static WERROR libnet_odj_compose_OP_PACKAGE_PART(TALLOC_CTX
*mem_ctx,
switch (level) {
case 1: /* ODJ_GUID_JOIN_PROVIDER */
+ if (win7 == NULL) {
+ return WERR_INVALID_PARAMETER;
+ }
p->Part->win7blob = *win7;
break;
case 2: /* ODJ_GUID_JOIN_PROVIDER2 */
diff --git a/source3/modules/vfs_cap.c b/source3/modules/vfs_cap.c
index 4a47b26c7b9..43c8edb8932 100644
--- a/source3/modules/vfs_cap.c
+++ b/source3/modules/vfs_cap.c
@@ -448,7 +448,7 @@ static int cap_symlinkat(vfs_handle_struct *handle,
int saved_errno = 0;
int ret;
- if (!capold || !capnew) {
+ if (capold == NULL) {
errno = ENOMEM;
return -1;
}
diff --git a/source3/modules/vfs_crossrename.c
b/source3/modules/vfs_crossrename.c
index 52b8af9d3f6..930eec02739 100644
--- a/source3/modules/vfs_crossrename.c
+++ b/source3/modules/vfs_crossrename.c
@@ -82,7 +82,7 @@ static NTSTATUS copy_reg(vfs_handle_struct *handle,
full_fname_src = full_path_from_dirfsp_atname(talloc_tos(),
srcfsp,
source);
- if (full_fname_dst == NULL) {
+ if (full_fname_src == NULL) {
status = NT_STATUS_NO_MEMORY;
goto out;
}
diff --git a/source3/modules/vfs_fruit.c b/source3/modules/vfs_fruit.c
index aeaddc5f796..d6aa7e3644e 100644
--- a/source3/modules/vfs_fruit.c
+++ b/source3/modules/vfs_fruit.c
@@ -1604,6 +1604,12 @@ static int fruit_open_rsrc_adouble(vfs_handle_struct
*handle,
* on close.
*/
fio = fruit_get_complete_fio(handle, fsp);
+ if (fio == NULL) {
+ DBG_ERR("fio=NULL for [%s]\n", fsp_str_dbg(fsp));
+ errno = EBADF;
+ rc = -1;
+ goto exit;
+ }
ref_fio = VFS_ADD_FSP_EXTENSION(handle, ad_fsp,
struct fio,
@@ -1780,19 +1786,19 @@ static int fruit_openat(vfs_handle_struct *handle,
static int fruit_close_meta(vfs_handle_struct *handle,
files_struct *fsp)
{
- struct fio *fio = fruit_get_complete_fio(handle, fsp);
int ret;
struct fruit_config_data *config = NULL;
SMB_VFS_HANDLE_GET_DATA(handle, config,
struct fruit_config_data, return -1);
- if (fio == NULL) {
- return -1;
- }
-
switch (config->meta) {
case FRUIT_META_STREAM:
+ {
+ struct fio *fio = fruit_get_complete_fio(handle, fsp);
+ if (fio == NULL) {
+ return -1;
+ }
if (fio->fake_fd) {
ret = vfs_fake_fd_close(fsp_get_pathref_fd(fsp));
fsp_set_fd(fsp, -1);
@@ -1800,7 +1806,7 @@ static int fruit_close_meta(vfs_handle_struct *handle,
ret = SMB_VFS_NEXT_CLOSE(handle, fsp);
}
break;
-
+ }
case FRUIT_META_NETATALK:
ret = vfs_fake_fd_close(fsp_get_pathref_fd(fsp));
fsp_set_fd(fsp, -1);
@@ -1818,7 +1824,6 @@ static int fruit_close_meta(vfs_handle_struct *handle,
static int fruit_close_rsrc(vfs_handle_struct *handle,
files_struct *fsp)
{
- struct fio *fio = fruit_get_complete_fio(handle, fsp);
int ret;
struct fruit_config_data *config = NULL;
@@ -1831,10 +1836,16 @@ static int fruit_close_rsrc(vfs_handle_struct *handle,
break;
case FRUIT_RSRC_ADFILE:
+ {
+ struct fio *fio = fruit_get_complete_fio(handle, fsp);
+ if (fio == NULL) {
+ return -1;
+ }
fio_close_ad_fsp(fio);
ret = vfs_fake_fd_close(fsp_get_pathref_fd(fsp));
fsp_set_fd(fsp, -1);
break;
+ }
case FRUIT_RSRC_XATTR:
ret = vfs_fake_fd_close(fsp_get_pathref_fd(fsp));
@@ -2448,8 +2459,8 @@ static ssize_t fruit_pread_rsrc_adouble(vfs_handle_struct
*handle,
struct adouble *ad = NULL;
ssize_t nread;
- if (fio->ad_fsp == NULL) {
- DBG_ERR("ad_fsp=NULL for [%s]\n", fsp_str_dbg(fsp));
+ if (fio == NULL || fio->ad_fsp == NULL) {
+ DBG_ERR("fio/ad_fsp=NULL for [%s]\n", fsp_str_dbg(fsp));
errno = EBADF;
return -1;
}
@@ -2876,8 +2887,8 @@ static ssize_t
fruit_pwrite_rsrc_adouble(vfs_handle_struct *handle,
ssize_t nwritten;
int ret;
- if (fio->ad_fsp == NULL) {
- DBG_ERR("ad_fsp=NULL for [%s]\n", fsp_str_dbg(fsp));
+ if (fio == NULL || fio->ad_fsp == NULL) {
+ DBG_ERR("fio/ad_fsp=NULL for [%s]\n", fsp_str_dbg(fsp));
errno = EBADF;
return -1;
}
@@ -3457,8 +3468,8 @@ static int fruit_fstat_rsrc_adouble(vfs_handle_struct
*handle,
struct adouble *ad = NULL;
int ret;
- if (fio->ad_fsp == NULL) {
- DBG_ERR("ad_fsp=NULL for [%s]\n", fsp_str_dbg(fsp));
+ if (fio == NULL || fio->ad_fsp == NULL) {
+ DBG_ERR("fio/ad_fsp=NULL for [%s]\n", fsp_str_dbg(fsp));
errno = EBADF;
return -1;
}
@@ -4002,8 +4013,8 @@ static int fruit_ftruncate_rsrc_adouble(struct
vfs_handle_struct *handle,
struct adouble *ad = NULL;
off_t ad_off;
- if (fio->ad_fsp == NULL) {
- DBG_ERR("ad_fsp=NULL for [%s]\n", fsp_str_dbg(fsp));
+ if (fio == NULL || fio->ad_fsp == NULL) {
+ DBG_ERR("fio/ad_fsp=NULL for [%s]\n", fsp_str_dbg(fsp));
errno = EBADF;
return -1;
}
diff --git a/source3/rpc_server/netlogon/srv_netlog_nt.c
b/source3/rpc_server/netlogon/srv_netlog_nt.c
index f3c56a6bef1..5906464a9f3 100644
--- a/source3/rpc_server/netlogon/srv_netlog_nt.c
+++ b/source3/rpc_server/netlogon/srv_netlog_nt.c
@@ -1512,14 +1512,9 @@ NTSTATUS _netr_ServerPasswordSet2(struct pipes_struct *p,
unbecome_root();
if (!NT_STATUS_IS_OK(status)) {
- const char *computer_name = "<unknown>";
-
- if (creds && creds->computer_name) {
- computer_name = creds->computer_name;
- }
- DEBUG(2,("_netr_ServerPasswordSet2: netlogon_creds_server_step "
- "failed. Rejecting auth request from client %s machine
account %s\n",
- r->in.computer_name, computer_name));
+ DBG_NOTICE("netlogon_creds_server_step failed. "
+ "Rejecting auth request from client %s\n",
+ r->in.computer_name);
TALLOC_FREE(creds);
return status;
}
@@ -1527,7 +1522,8 @@ NTSTATUS _netr_ServerPasswordSet2(struct pipes_struct *p,
DBG_NOTICE("Server Password Set2 by remote "
"machine:[%s] on account [%s]\n",
r->in.computer_name,
- creds->computer_name);
+ creds->computer_name != NULL ?
+ creds->computer_name : "<unknown>");
memcpy(password_buf.data, r->in.new_password->data, 512);
SIVAL(password_buf.data, 512, r->in.new_password->length);
diff --git a/source3/smbd/dosmode.c b/source3/smbd/dosmode.c
index e63bf6a22d6..5b252d2bf64 100644
--- a/source3/smbd/dosmode.c
+++ b/source3/smbd/dosmode.c
@@ -1,4 +1,4 @@
-/*
+/*
Unix SMB/CIFS implementation.
dos mode handling functions
Copyright (C) Andrew Tridgell 1992-1998
@@ -86,7 +86,7 @@ static uint32_t filter_mode_by_protocol(uint32_t mode)
Base permission for files:
if creating file and inheriting (i.e. parent_dir != NULL)
apply read/write bits from parent directory.
- else
+ else
everybody gets read bit set
dos readonly is represented in unix by removing everyone's write bit
dos archive is represented in unix by the user's execute bit
@@ -134,7 +134,7 @@ mode_t unix_mode(connection_struct *conn, int dosmode,
smb_fname_str_dbg(smb_fname), (int)dir_mode));
/* Clear "result" */
result = 0;
- }
+ }
if (IS_DOS_DIR(dosmode)) {
/* We never make directories read only for the owner as under
DOS a user
@@ -146,14 +146,14 @@ mode_t unix_mode(connection_struct *conn, int dosmode,
result |= dir_mode;
} else {
/* Provisionally add all 'x' bits */
- result |= (S_IXUSR | S_IXGRP | S_IXOTH);
+ result |= (S_IXUSR | S_IXGRP | S_IXOTH);
/* Apply directory mask */
result &= lp_directory_mask(SNUM(conn));
/* Add in force bits */
result |= lp_force_directory_mode(SNUM(conn));
}
- } else {
+ } else {
if (lp_map_archive(SNUM(conn)) && IS_DOS_ARCHIVE(dosmode))
result |= S_IXUSR;
@@ -161,7 +161,7 @@ mode_t unix_mode(connection_struct *conn, int dosmode,
result |= S_IXGRP;
if (lp_map_hidden(SNUM(conn)) && IS_DOS_HIDDEN(dosmode))
- result |= S_IXOTH;
+ result |= S_IXOTH;
if (dir_mode) {
/* Inherit 666 component of parent directory mode */
@@ -917,7 +917,6 @@ int file_set_dosmode(connection_struct *conn,
mode_t tmp;
mode_t unixmode;
int ret = -1, lret = -1;
- files_struct *fsp = NULL;
NTSTATUS status;
if (!CAN_WRITE(conn)) {
@@ -1000,7 +999,7 @@ int file_set_dosmode(connection_struct *conn,
unixmode |= tmp;
}
- /* if we previously had any w bits set then leave them alone
+ /* if we previously had any w bits set then leave them alone
whilst adding in the new w bits, if the new mode is not rdonly
*/
if (!IS_DOS_READONLY(dosmode)) {
unixmode |= (smb_fname->st.st_ex_mode &
(S_IWUSR|S_IWGRP|S_IWOTH));
@@ -1055,7 +1054,7 @@ int file_set_dosmode(connection_struct *conn,
}
become_root();
- ret = SMB_VFS_FCHMOD(fsp, unixmode);
+ ret = SMB_VFS_FCHMOD(smb_fname->fsp, unixmode);
unbecome_root();
if (!newfile) {
@@ -1180,7 +1179,7 @@ int file_ntimes(connection_struct *conn,
/* Don't update the time on read-only shares */
/* We need this as set_filetime (which can be called on
close and other paths) can end up calling this function
- without the NEED_WRITE protection. Found by :
+ without the NEED_WRITE protection. Found by :
Leo Weppelman <l...@wau.mis.ah.nl>
*/
--
Samba Shared Repository
