The branch, master has been updated
via dea292c2fdb auth4: Fix CID 1034877 Resource leak
via fd8d0cba3fa ntvfs: Fix CID 1034883 Resource leak
via ab41b3612aa lib: Change ADD_TO_ARRAY to use a tmp variable
via d03096721e2 lib: Avoid duplicate definition of ADD_TO_ARRAY
via 14a53368024 lib: Factor out ADD_TO_MALLOC_ARRAY()
via f3e7d450eae lib: Fix CID 1596761 Resource leak
from 30b0fa892ad shadow_copy2: Ignore VFS_OPEN_HOW_WITH_BACKUP_INTENT
https://git.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit dea292c2fdb4a629c7d488b0bca636856309626b
Author: Volker Lendecke <v...@samba.org>
Date: Mon Sep 30 11:05:20 2024 +0200
auth4: Fix CID 1034877 Resource leak
Signed-off-by: Volker Lendecke <v...@samba.org>
Reviewed-by: Andreas Schneider <a...@samba.org>
Autobuild-User(master): Volker Lendecke <v...@samba.org>
Autobuild-Date(master): Wed Oct 2 14:19:08 UTC 2024 on atb-devel-224
commit fd8d0cba3fafc4900177fcfee3a5b6f95c845293
Author: Volker Lendecke <v...@samba.org>
Date: Mon Sep 30 11:01:04 2024 +0200
ntvfs: Fix CID 1034883 Resource leak
Signed-off-by: Volker Lendecke <v...@samba.org>
Reviewed-by: Andreas Schneider <a...@samba.org>
commit ab41b3612aa10af5c46f14dff3dee8581fbe8607
Author: Volker Lendecke <v...@samba.org>
Date: Mon Sep 30 10:43:00 2024 +0200
lib: Change ADD_TO_ARRAY to use a tmp variable
This should fix a few Coverity Resource Leak findings. Coverity does
not understand that SMB_ASSERT aborts the program, so it believes if
realloc fails we leak the previous allocation. Those are false
positives, but doing it this way does not cost much.
Signed-off-by: Volker Lendecke <v...@samba.org>
Reviewed-by: Andreas Schneider <a...@samba.org>
commit d03096721e2b86d7f736bd57b2d0f147ccb1e3fc
Author: Volker Lendecke <v...@samba.org>
Date: Mon Sep 30 10:37:06 2024 +0200
lib: Avoid duplicate definition of ADD_TO_ARRAY
Signed-off-by: Volker Lendecke <v...@samba.org>
Reviewed-by: Andreas Schneider <a...@samba.org>
commit 14a5336802450d8c0864ba64c302e591e0389a19
Author: Volker Lendecke <v...@samba.org>
Date: Mon Sep 30 10:34:17 2024 +0200
lib: Factor out ADD_TO_MALLOC_ARRAY()
ADD_TO_ARRAY with an explicit NULL mem_ctx is only used in 3
places. I've checked the other places, and I think I made sure that the
mem_ctx being passed in is non-NULL everywhere else.
This makes the "legacy" use with SMB_REALLOC more obvious.
Signed-off-by: Volker Lendecke <v...@samba.org>
Reviewed-by: Andreas Schneider <a...@samba.org>
commit f3e7d450eae8a89bbe84da78b69c8956e750f57d
Author: Volker Lendecke <v...@samba.org>
Date: Sun Sep 29 09:58:13 2024 +0200
lib: Fix CID 1596761 Resource leak
Signed-off-by: Volker Lendecke <v...@samba.org>
Reviewed-by: Andreas Schneider <a...@samba.org>
-----------------------------------------------------------------------
Summary of changes:
lib/printer_driver/printer_driver.c | 10 +---------
lib/util/util_paths.c | 6 ++++--
source3/include/smb_macros.h | 30 +++++++++++++++++++++---------
source3/modules/vfs_hpuxacl.c | 3 +--
source3/modules/vfs_solarisacl.c | 6 ++++--
source3/utils/net_rpc_shell.c | 4 ++--
source4/auth/session.c | 3 +++
source4/ntvfs/simple/vfs_simple.c | 5 ++++-
8 files changed, 40 insertions(+), 27 deletions(-)
Changeset truncated at 500 lines:
diff --git a/lib/printer_driver/printer_driver.c
b/lib/printer_driver/printer_driver.c
index 2d07df37adc..f04952eba64 100644
--- a/lib/printer_driver/printer_driver.c
+++ b/lib/printer_driver/printer_driver.c
@@ -22,15 +22,7 @@
#include "rpc_client/init_spoolss.h"
#include "libgpo/gpo_ini.h"
#include "printer_driver.h"
-
-#define ADD_TO_ARRAY(mem_ctx, type, elem, array, num) \
-do { \
- *(array) = talloc_realloc(mem_ctx, (*(array)), type, (*(num))+1); \
- SMB_ASSERT((*(array)) != NULL); \
- (*(array))[*(num)] = (elem); \
- (*(num)) += 1; \
-} while (0)
-
+#include "source3/include/smb_macros.h"
/* GetPrinterDriverDirectory -> drivers and dependent files */
#define PRINTER_INF_DIRID_66000
diff --git a/lib/util/util_paths.c b/lib/util/util_paths.c
index ce93028d563..b35cc7f5863 100644
--- a/lib/util/util_paths.c
+++ b/lib/util/util_paths.c
@@ -89,15 +89,17 @@ static char *get_user_home_dir(TALLOC_CTX *mem_ctx)
rc = getpwuid_r(getuid(), &pwd, buf, len, &pwdbuf);
while (rc == ERANGE) {
size_t newlen = 2 * len;
+ char *tmp = NULL;
if (newlen < len) {
/* Overflow */
goto done;
}
len = newlen;
- buf = talloc_realloc_size(mem_ctx, buf, len);
- if (buf == NULL) {
+ tmp = talloc_realloc_size(mem_ctx, buf, len);
+ if (tmp == NULL) {
goto done;
}
+ buf = tmp;
rc = getpwuid_r(getuid(), &pwd, buf, len, &pwdbuf);
}
if (rc != 0 || pwdbuf == NULL ) {
diff --git a/source3/include/smb_macros.h b/source3/include/smb_macros.h
index 4b3989dce93..3192cbe11d8 100644
--- a/source3/include/smb_macros.h
+++ b/source3/include/smb_macros.h
@@ -273,15 +273,27 @@ copy an IP address from one buffer to another
#endif
-#define ADD_TO_ARRAY(mem_ctx, type, elem, array, num) \
-do { \
- *(array) = ((mem_ctx) != NULL) ? \
- talloc_realloc(mem_ctx, (*(array)), type, (*(num))+1) : \
- SMB_REALLOC_ARRAY((*(array)), type, (*(num))+1); \
- SMB_ASSERT((*(array)) != NULL); \
- (*(array))[*(num)] = (elem); \
- (*(num)) += 1; \
-} while (0)
+#define ADD_TO_ARRAY(mem_ctx, type, elem, array, num) \
+ do { \
+ type *__add_to_array_tmp = talloc_realloc(mem_ctx, \
+ (*(array)), \
+ type, \
+ (*(num)) + 1); \
+ SMB_ASSERT(__add_to_array_tmp != NULL); \
+ __add_to_array_tmp[*(num)] = (elem); \
+ (*(num)) += 1; \
+ (*(array)) = __add_to_array_tmp; \
+ } while (0)
+
+#define ADD_TO_MALLOC_ARRAY(type, elem, array, num) \
+ do { \
+ type *__add_to_malloc_array_tmp = SMB_REALLOC_ARRAY( \
+ (*(array)), type, (*(num)) + 1); \
+ SMB_ASSERT(__add_to_malloc_array_tmp != NULL); \
+ __add_to_malloc_array_tmp[*(num)] = (elem); \
+ (*(num)) += 1; \
+ (*(array)) = __add_to_malloc_array_tmp; \
+ } while (0)
#define ADD_TO_LARGE_ARRAY(mem_ctx, type, elem, array, num, size) \
add_to_large_array((mem_ctx), sizeof(type), &(elem), (void *)(array),
(num), (size));
diff --git a/source3/modules/vfs_hpuxacl.c b/source3/modules/vfs_hpuxacl.c
index 31903a1feca..91801daca98 100644
--- a/source3/modules/vfs_hpuxacl.c
+++ b/source3/modules/vfs_hpuxacl.c
@@ -727,8 +727,7 @@ static bool hpux_add_to_acl(HPUX_ACL_T *hpux_acl, int
*count,
if (!_IS_OF_TYPE(add_acl[i], type)) {
continue;
}
- ADD_TO_ARRAY(NULL, HPUX_ACE_T, add_acl[i],
- hpux_acl, count);
+ ADD_TO_MALLOC_ARRAY(HPUX_ACE_T, add_acl[i], hpux_acl, count);
if (hpux_acl == NULL) {
DEBUG(10, ("error enlarging acl.\n"));
errno = ENOMEM;
diff --git a/source3/modules/vfs_solarisacl.c b/source3/modules/vfs_solarisacl.c
index d31bda50233..eb54c618315 100644
--- a/source3/modules/vfs_solarisacl.c
+++ b/source3/modules/vfs_solarisacl.c
@@ -609,8 +609,10 @@ static bool solaris_add_to_acl(SOLARIS_ACL_T *solaris_acl,
int *count,
if (!_IS_OF_TYPE(add_acl[i], type)) {
continue;
}
- ADD_TO_ARRAY(NULL, SOLARIS_ACE_T, add_acl[i],
- solaris_acl, count);
+ ADD_TO_MALLOC_ARRAY(SOLARIS_ACE_T,
+ add_acl[i],
+ solaris_acl,
+ count);
if (solaris_acl == NULL) {
DEBUG(10, ("error enlarging acl.\n"));
errno = ENOMEM;
diff --git a/source3/utils/net_rpc_shell.c b/source3/utils/net_rpc_shell.c
index 1ea7080e35d..5b1285086f8 100644
--- a/source3/utils/net_rpc_shell.c
+++ b/source3/utils/net_rpc_shell.c
@@ -52,7 +52,7 @@ static char **completion_fn(const char *text, int start, int
end)
return NULL;
}
- ADD_TO_ARRAY(NULL, char *, SMB_STRDUP(text), &cmds, &n_cmds);
+ ADD_TO_MALLOC_ARRAY(char *, SMB_STRDUP(text), &cmds, &n_cmds);
for (c = this_ctx->cmds; c->name != NULL; c++) {
bool match = (strncmp(text, c->name, strlen(text)) == 0);
@@ -69,7 +69,7 @@ static char **completion_fn(const char *text, int start, int
end)
n_cmds -= 1;
}
- ADD_TO_ARRAY(NULL, char *, NULL, &cmds, &n_cmds);
+ ADD_TO_MALLOC_ARRAY(char *, NULL, &cmds, &n_cmds);
return cmds;
}
diff --git a/source4/auth/session.c b/source4/auth/session.c
index 9c9d8c4aaff..8f5d58b3437 100644
--- a/source4/auth/session.c
+++ b/source4/auth/session.c
@@ -365,6 +365,7 @@ struct auth_session_info
*auth_session_info_from_transport(TALLOC_CTX *mem_ctx,
creds = cli_credentials_init(session_info);
if (!creds) {
+ gss_release_cred(&minor_status, &cred_handle);
*reason = "Out of memory in cli_credentials_init()";
return NULL;
}
@@ -372,6 +373,7 @@ struct auth_session_info
*auth_session_info_from_transport(TALLOC_CTX *mem_ctx,
ok = cli_credentials_set_conf(creds, lp_ctx);
if (!ok) {
+ gss_release_cred(&minor_status, &cred_handle);
*reason = "Failed to load smb.conf";
return NULL;
}
@@ -385,6 +387,7 @@ struct auth_session_info
*auth_session_info_from_transport(TALLOC_CTX *mem_ctx,
CRED_SPECIFIED,
&error_string);
if (ret) {
+ gss_release_cred(&minor_status, &cred_handle);
*reason = talloc_asprintf(mem_ctx,
"Failed to set pipe forwarded
"
"creds: %s\n", error_string);
diff --git a/source4/ntvfs/simple/vfs_simple.c
b/source4/ntvfs/simple/vfs_simple.c
index 000da41f066..794f06d3e06 100644
--- a/source4/ntvfs/simple/vfs_simple.c
+++ b/source4/ntvfs/simple/vfs_simple.c
@@ -414,7 +414,10 @@ do_open:
}
status = ntvfs_handle_new(ntvfs, req, &handle);
- NT_STATUS_NOT_OK_RETURN(status);
+ if (!NT_STATUS_IS_OK(status)) {
+ close(fd);
+ return status;
+ }
f = talloc(handle, struct svfs_file);
if (f == NULL) {
--
Samba Shared Repository
