The Samba-Bugzilla – Attachment 12998 Details for
Bug 12592
Fix several issues found by covscan
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
patch for 4.6
covscan_fixes.patch (text/plain), 16.18 KB, created by
Andreas Schneider
on 2017-03-01 08:34:48 UTC
(
hide
)
Description:
patch for 4.6
Filename:
MIME Type:
Creator:
Andreas Schneider
Created:
2017-03-01 08:34:48 UTC
Size:
16.18 KB
patch
obsolete
>From 850ff697e363c7fc6e78a4af004fdda93daaa991 Mon Sep 17 00:00:00 2001 >From: Andreas Schneider <asn@samba.org> >Date: Thu, 16 Feb 2017 17:07:54 +0100 >Subject: [PATCH 01/12] s4-torture: Use the correct variable type in > torture_smb2_maxfid() > >Found by covscan. > >BUG: https://bugzilla.samba.org/show_bug.cgi?id=12592 > >Signed-off-by: Andreas Schneider <asn@samba.org> >Reviewed-by: Jeremy Allison <jra@samba.org> >(cherry picked from commit 1daea6b0f848b2434c65dc90d7fe514242c78786) >--- > source4/torture/smb2/maxfid.c | 8 ++++---- > 1 file changed, 4 insertions(+), 4 deletions(-) > >diff --git a/source4/torture/smb2/maxfid.c b/source4/torture/smb2/maxfid.c >index cfdf7c17939..dbe3fac9d39 100644 >--- a/source4/torture/smb2/maxfid.c >+++ b/source4/torture/smb2/maxfid.c >@@ -32,7 +32,7 @@ bool torture_smb2_maxfid(struct torture_context *tctx) > NTSTATUS status; > struct smb2_tree *tree = NULL; > const char *dname = "smb2_maxfid"; >- int i, maxfid; >+ size_t i, maxfid; > struct smb2_handle *handles, dir_handle = { }; > size_t max_handles; > >@@ -62,7 +62,7 @@ bool torture_smb2_maxfid(struct torture_context *tctx) > struct smb2_create create = { }; > struct smb2_close close = { }; > >- name = talloc_asprintf(tctx, "%s\\%d", dname, i / 1000); >+ name = talloc_asprintf(tctx, "%s\\%zu", dname, i / 1000); > torture_assert_goto(tctx, (name != NULL), ret, done, > "no memory for directory name\n"); > >@@ -93,7 +93,7 @@ bool torture_smb2_maxfid(struct torture_context *tctx) > char *name; > struct smb2_create create = { }; > >- name = talloc_asprintf(tctx, "%s\\%d\\%d", dname, i / 1000, i); >+ name = talloc_asprintf(tctx, "%s\\%zu\\%zu", dname, i / 1000, i); > torture_assert_goto(tctx, (name != NULL), ret, done, > "no memory for file name\n"); > >@@ -120,7 +120,7 @@ bool torture_smb2_maxfid(struct torture_context *tctx) > > maxfid = i; > if (maxfid == max_handles) { >- torture_comment(tctx, "Reached test limit of %d open files. " >+ torture_comment(tctx, "Reached test limit of %zu open files. " > "Adjust to higher test with " > "--option=torture:maxopenfiles=NNN\n", maxfid); > } >-- >2.12.0 > > >From ae1dc636668dbb72b5d10b3629cbd9b42862fe31 Mon Sep 17 00:00:00 2001 >From: Andreas Schneider <asn@samba.org> >Date: Thu, 16 Feb 2017 17:08:50 +0100 >Subject: [PATCH 02/12] s4-kcc: Do not dereference a NULL pointer > >Found by covscan. > >BUG: https://bugzilla.samba.org/show_bug.cgi?id=12592 > >Signed-off-by: Andreas Schneider <asn@samba.org> >Reviewed-by: Jeremy Allison <jra@samba.org> >(cherry picked from commit 67b978bb26b3d0009b511bb2ae96d249041827a5) >--- > source4/dsdb/kcc/garbage_collect_tombstones.c | 4 +++- > 1 file changed, 3 insertions(+), 1 deletion(-) > >diff --git a/source4/dsdb/kcc/garbage_collect_tombstones.c b/source4/dsdb/kcc/garbage_collect_tombstones.c >index 1909cfeff76..d8d0a5995c2 100644 >--- a/source4/dsdb/kcc/garbage_collect_tombstones.c >+++ b/source4/dsdb/kcc/garbage_collect_tombstones.c >@@ -137,7 +137,9 @@ static NTSTATUS garbage_collect_tombstones_part(TALLOC_CTX *mem_ctx, > element->name); > > /* This avoids parsing isDeleted as a link */ >- if (attrib->linkID == 0 || ((attrib->linkID & 1) == 1)) { >+ if (attrib == NULL || >+ attrib->linkID == 0 || >+ ((attrib->linkID & 1) == 1)) { > continue; > } > >-- >2.12.0 > > >From dc0568ce7c695142cf0928a7d44eed132889d477 Mon Sep 17 00:00:00 2001 >From: Andreas Schneider <asn@samba.org> >Date: Thu, 16 Feb 2017 17:15:38 +0100 >Subject: [PATCH 03/12] s3-vfs: Do not deref a NULL pointer in > shadow_copy2_snapshot_to_gmt() > >Found by covscan. > >BUG: https://bugzilla.samba.org/show_bug.cgi?id=12592 > >Signed-off-by: Andreas Schneider <asn@samba.org> >Reviewed-by: Jeremy Allison <jra@samba.org> >(cherry picked from commit e6105f92cd24de49acecd67a9f0c2c53323fe2e9) >--- > source3/modules/vfs_shadow_copy2.c | 3 +++ > 1 file changed, 3 insertions(+) > >diff --git a/source3/modules/vfs_shadow_copy2.c b/source3/modules/vfs_shadow_copy2.c >index 402eb70936b..2afc5954e7d 100644 >--- a/source3/modules/vfs_shadow_copy2.c >+++ b/source3/modules/vfs_shadow_copy2.c >@@ -1873,6 +1873,9 @@ static bool shadow_copy2_snapshot_to_gmt(vfs_handle_struct *handle, > } > /* Extract the prefix */ > tmp = strstr(tmpstr, priv->config->delimiter); >+ if (tmp == NULL) { >+ goto done; >+ } > *tmp = '\0'; > > /* Parse regex */ >-- >2.12.0 > > >From efadbd1bfaf44a7d32f2df3f67f226bff2b61d92 Mon Sep 17 00:00:00 2001 >From: Andreas Schneider <asn@samba.org> >Date: Thu, 16 Feb 2017 17:34:07 +0100 >Subject: [PATCH 04/12] ndrdump: Fix a possible NULL pointer dereference > >Found by covscan. > >BUG: https://bugzilla.samba.org/show_bug.cgi?id=12592 > >Signed-off-by: Andreas Schneider <asn@samba.org> >Reviewed-by: Jeremy Allison <jra@samba.org> >(cherry picked from commit 79a49dc19a83bd22684a71aecf4588b753669039) >--- > librpc/tools/ndrdump.c | 4 ++++ > 1 file changed, 4 insertions(+) > >diff --git a/librpc/tools/ndrdump.c b/librpc/tools/ndrdump.c >index d534e3c1dba..d8b991606b0 100644 >--- a/librpc/tools/ndrdump.c >+++ b/librpc/tools/ndrdump.c >@@ -493,6 +493,10 @@ static void ndr_print_dummy(struct ndr_print *ndr, const char *format, ...) > bool differ; > > ndr_v_push = ndr_push_init_ctx(mem_ctx); >+ if (ndr_v_push == NULL) { >+ printf("No memory\n"); >+ exit(1); >+ } > > if (assume_ndr64) { > ndr_v_push->flags |= LIBNDR_FLAG_NDR64; >-- >2.12.0 > > >From 63d0a22fe574cfa91fd07d87b2d3003d3e6d5814 Mon Sep 17 00:00:00 2001 >From: Andreas Schneider <asn@samba.org> >Date: Thu, 16 Feb 2017 17:52:41 +0100 >Subject: [PATCH 05/12] s4:torture: Make sure handles are initialized > >The CHECK_STATUS macro might goto done which checks the values of the >handle so they should be initialized in this case. > >Found by covscan. > >BUG: https://bugzilla.samba.org/show_bug.cgi?id=12592 > >Signed-off-by: Andreas Schneider <asn@samba.org> >Reviewed-by: Jeremy Allison <jra@samba.org> >(cherry picked from commit 8a1b998acb3592ad67bb72db79965bae436748ec) >--- > source4/torture/smb2/rename.c | 24 ++++++++++++++++++++++++ > 1 file changed, 24 insertions(+) > >diff --git a/source4/torture/smb2/rename.c b/source4/torture/smb2/rename.c >index 1a490f31240..96526435e46 100644 >--- a/source4/torture/smb2/rename.c >+++ b/source4/torture/smb2/rename.c >@@ -57,6 +57,8 @@ static bool torture_smb2_rename_simple(struct torture_context *torture, > union smb_fileinfo fi; > struct smb2_handle h1; > >+ ZERO_STRUCT(h1); >+ > smb2_deltree(tree1, BASEDIR); > smb2_util_rmdir(tree1, BASEDIR); > >@@ -145,6 +147,8 @@ static bool torture_smb2_rename_simple2(struct torture_context *torture, > union smb_setfileinfo sinfo; > struct smb2_handle h1; > >+ ZERO_STRUCT(h1); >+ > smb2_deltree(tree1, BASEDIR); > smb2_util_rmdir(tree1, BASEDIR); > >@@ -226,6 +230,8 @@ static bool torture_smb2_rename_no_sharemode(struct torture_context *torture, > union smb_fileinfo fi; > struct smb2_handle h1; > >+ ZERO_STRUCT(h1); >+ > smb2_deltree(tree1, BASEDIR); > smb2_util_rmdir(tree1, BASEDIR); > >@@ -314,6 +320,9 @@ static bool torture_smb2_rename_with_delete_access(struct torture_context *tortu > union smb_setfileinfo sinfo; > struct smb2_handle fh, dh; > >+ ZERO_STRUCT(fh); >+ ZERO_STRUCT(dh); >+ > smb2_deltree(tree1, BASEDIR); > smb2_util_rmdir(tree1, BASEDIR); > >@@ -439,6 +448,9 @@ static bool torture_smb2_rename_with_delete_access2(struct torture_context *tort > union smb_setfileinfo sinfo; > struct smb2_handle fh, dh; > >+ ZERO_STRUCT(fh); >+ ZERO_STRUCT(dh); >+ > smb2_deltree(tree1, BASEDIR); > smb2_util_rmdir(tree1, BASEDIR); > >@@ -563,6 +575,9 @@ static bool torture_smb2_rename_no_delete_access(struct torture_context *torture > union smb_fileinfo fi; > struct smb2_handle fh, dh; > >+ ZERO_STRUCT(fh); >+ ZERO_STRUCT(dh); >+ > smb2_deltree(tree1, BASEDIR); > smb2_util_rmdir(tree1, BASEDIR); > >@@ -697,6 +712,9 @@ static bool torture_smb2_rename_no_delete_access2(struct torture_context *tortur > union smb_setfileinfo sinfo; > struct smb2_handle fh, dh; > >+ ZERO_STRUCT(fh); >+ ZERO_STRUCT(dh); >+ > smb2_deltree(tree1, BASEDIR); > smb2_util_rmdir(tree1, BASEDIR); > >@@ -820,6 +838,9 @@ static bool torture_smb2_rename_msword(struct torture_context *torture, > union smb_fileinfo fi; > struct smb2_handle fh, dh; > >+ ZERO_STRUCT(fh); >+ ZERO_STRUCT(dh); >+ > smb2_deltree(tree1, BASEDIR); > smb2_util_rmdir(tree1, BASEDIR); > >@@ -938,6 +959,9 @@ static bool torture_smb2_rename_dir_openfile(struct torture_context *torture, > union smb_setfileinfo sinfo; > struct smb2_handle d1, h1; > >+ ZERO_STRUCT(d1); >+ ZERO_STRUCT(h1); >+ > smb2_deltree(tree1, BASEDIR); > smb2_util_rmdir(tree1, BASEDIR); > >-- >2.12.0 > > >From 4c3c69e26fe1e68dd20945987062754def2a0092 Mon Sep 17 00:00:00 2001 >From: Andreas Schneider <asn@samba.org> >Date: Fri, 17 Feb 2017 09:45:33 +0100 >Subject: [PATCH 06/12] s3:torture: Fix uint64_t comparsion in if-clause > >Found by covscan. > >BUG: https://bugzilla.samba.org/show_bug.cgi?id=12592 > >Signed-off-by: Andreas Schneider <asn@samba.org> >Reviewed-by: Jeremy Allison <jra@samba.org> >(cherry picked from commit 13690569ee5893e3dbd96f2b28a41a35e3da42ff) >--- > source3/torture/torture.c | 4 ++-- > 1 file changed, 2 insertions(+), 2 deletions(-) > >diff --git a/source3/torture/torture.c b/source3/torture/torture.c >index cafc1a8c3d4..393d3435543 100644 >--- a/source3/torture/torture.c >+++ b/source3/torture/torture.c >@@ -5066,7 +5066,7 @@ static bool run_rename_access(int dummy) > } > > if (cli) { >- if (fnum != -1) { >+ if (fnum != (uint64_t)-1) { > cli_close(cli, fnum); > } > cli_unlink(cli, src, >@@ -5457,7 +5457,7 @@ static bool run_owner_rights(int dummy) > fail: > > if (cli) { >- if (fnum != -1) { >+ if (fnum != (uint16_t)-1) { > cli_close(cli, fnum); > } > cli_unlink(cli, fname, >-- >2.12.0 > > >From 36d119b19c60b27cbb5b29c70174ebd8196706e8 Mon Sep 17 00:00:00 2001 >From: Andreas Schneider <asn@samba.org> >Date: Fri, 17 Feb 2017 10:08:17 +0100 >Subject: [PATCH 07/12] s3:lib: Do not segfault if username is NULL > >Found by covscan. > >BUG: https://bugzilla.samba.org/show_bug.cgi?id=12592 > >Signed-off-by: Andreas Schneider <asn@samba.org> >Reviewed-by: Jeremy Allison <jra@samba.org> >(cherry picked from commit 9297ac44f7e0455bb74ee77ad8b68f2e8c4a070d) >--- > source3/lib/util_cmdline.c | 5 ++++- > 1 file changed, 4 insertions(+), 1 deletion(-) > >diff --git a/source3/lib/util_cmdline.c b/source3/lib/util_cmdline.c >index 6c98b44ebd2..ad51a4f5217 100644 >--- a/source3/lib/util_cmdline.c >+++ b/source3/lib/util_cmdline.c >@@ -112,11 +112,14 @@ void set_cmdline_auth_info_username(struct user_auth_info *auth_info, > { > const char *new_val = NULL; > >+ if (username == NULL) { >+ return; >+ } > cli_credentials_parse_string(auth_info->creds, > username, > CRED_SPECIFIED); > new_val = cli_credentials_get_username(auth_info->creds); >- if (username != NULL && new_val == NULL) { >+ if (new_val == NULL) { > exit(ENOMEM); > } > >-- >2.12.0 > > >From 68dbfbd62762d5f8283850e2728d81ab39d7b8de Mon Sep 17 00:00:00 2001 >From: Andreas Schneider <asn@samba.org> >Date: Fri, 17 Feb 2017 11:53:52 +0100 >Subject: [PATCH 08/12] pam_winbind: Return if we do not have a domain > >Found by covscan. > >BUG: https://bugzilla.samba.org/show_bug.cgi?id=12592 > >Signed-off-by: Andreas Schneider <asn@samba.org> >Reviewed-by: Jeremy Allison <jra@samba.org> >(cherry picked from commit 1df1d873c849f68a91d067c7049dda12c22e98c5) >--- > nsswitch/pam_winbind.c | 10 +++++++--- > 1 file changed, 7 insertions(+), 3 deletions(-) > >diff --git a/nsswitch/pam_winbind.c b/nsswitch/pam_winbind.c >index b78c6bd93e2..dca2c299d00 100644 >--- a/nsswitch/pam_winbind.c >+++ b/nsswitch/pam_winbind.c >@@ -2479,10 +2479,14 @@ static char* winbind_upn_to_username(struct pwb_context *ctx, > if (!name) { > return NULL; > } >- if ((p = strchr(name, '@')) != NULL) { >- *p = 0; >- domain = p + 1; >+ >+ p = strchr(name, '@'); >+ if (p == NULL) { >+ TALLOC_FREE(name); >+ return NULL; > } >+ *p = '\0'; >+ domain = p + 1; > > /* Convert the UPN to a SID */ > >-- >2.12.0 > > >From 240cb45837507f60d8cfdeb30b767b17e2c2d7f7 Mon Sep 17 00:00:00 2001 >From: Andreas Schneider <asn@samba.org> >Date: Thu, 16 Feb 2017 17:42:53 +0100 >Subject: [PATCH 09/12] s3:librpc: Make sure kt_curser and kt_entry are > initialized > >Found by covscan. > >BUG: https://bugzilla.samba.org/show_bug.cgi?id=12592 > >Signed-off-by: Andreas Schneider <asn@samba.org> >Reviewed-by: Jeremy Allison <jra@samba.org> >(cherry picked from commit 2f83cfdb90d687673cfc4be14cd66425fb7f3e76) >--- > source3/librpc/crypto/gse_krb5.c | 7 ++----- > 1 file changed, 2 insertions(+), 5 deletions(-) > >diff --git a/source3/librpc/crypto/gse_krb5.c b/source3/librpc/crypto/gse_krb5.c >index 83afd16e7ce..703d1b4c925 100644 >--- a/source3/librpc/crypto/gse_krb5.c >+++ b/source3/librpc/crypto/gse_krb5.c >@@ -359,8 +359,8 @@ static krb5_error_code fill_mem_keytab_from_system_keytab(krb5_context krbctx, > { > krb5_error_code ret = 0; > krb5_keytab keytab = NULL; >- krb5_kt_cursor kt_cursor; >- krb5_keytab_entry kt_entry; >+ krb5_kt_cursor kt_cursor = { 0, }; >+ krb5_keytab_entry kt_entry = { 0, }; > char *valid_princ_formats[7] = { NULL, NULL, NULL, > NULL, NULL, NULL, NULL }; > char *entry_princ_s = NULL; >@@ -420,9 +420,6 @@ static krb5_error_code fill_mem_keytab_from_system_keytab(krb5_context krbctx, > goto out; > } > >- ZERO_STRUCT(kt_entry); >- ZERO_STRUCT(kt_cursor); >- > ret = smb_krb5_kt_open_relative(krbctx, NULL, false, &keytab); > if (ret) { > DEBUG(1, ("smb_krb5_kt_open failed (%s)\n", >-- >2.12.0 > > >From fa658a9df2659dc79f88862ed225140e701c470c Mon Sep 17 00:00:00 2001 >From: Andreas Schneider <asn@samba.org> >Date: Fri, 17 Feb 2017 09:49:39 +0100 >Subject: [PATCH 10/12] s3:librpc: Fix OM_uint32 comparsion in if-clause > >Found by covscan. > >BUG: https://bugzilla.samba.org/show_bug.cgi?id=12592 > >Signed-off-by: Andreas Schneider <asn@samba.org> >Reviewed-by: Jeremy Allison <jra@samba.org> >(cherry picked from commit 8ac43e0e6ef9236a5c6d2c27ebe24171582c1d49) >--- > source3/librpc/crypto/gse.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > >diff --git a/source3/librpc/crypto/gse.c b/source3/librpc/crypto/gse.c >index 792700ede04..99971d30881 100644 >--- a/source3/librpc/crypto/gse.c >+++ b/source3/librpc/crypto/gse.c >@@ -347,7 +347,7 @@ static NTSTATUS gse_get_client_auth_token(TALLOC_CTX *mem_ctx, > break; > default: > if ((gss_maj == GSS_S_FAILURE) && >- (gss_min == KRB5KRB_AP_ERR_TKT_EXPIRED)) { >+ (gss_min == (OM_uint32)KRB5KRB_AP_ERR_TKT_EXPIRED)) { > DBG_NOTICE("Ticket expired\n"); > } else { > DBG_ERR("gss_init_sec_context failed with [%s]\n", >-- >2.12.0 > > >From 472f068baa3c46299fa59d832d9c4dc6d063132d Mon Sep 17 00:00:00 2001 >From: Andreas Schneider <asn@samba.org> >Date: Thu, 16 Feb 2017 17:38:41 +0100 >Subject: [PATCH 11/12] ctdb: Fix posible NULL deref in logging_init() > >Found by covscan. > >BUG: https://bugzilla.samba.org/show_bug.cgi?id=12592 > >Signed-off-by: Andreas Schneider <asn@samba.org> >Reviewed-by: Jeremy Allison <jra@samba.org> >(cherry picked from commit 08e03fa7f5fdc7f988fbbb26929e8c5727f36c2e) >--- > ctdb/common/logging.c | 7 +++++++ > 1 file changed, 7 insertions(+) > >diff --git a/ctdb/common/logging.c b/ctdb/common/logging.c >index 3d586bfb49b..c8ccf26b565 100644 >--- a/ctdb/common/logging.c >+++ b/ctdb/common/logging.c >@@ -521,7 +521,14 @@ int logging_init(TALLOC_CTX *mem_ctx, const char *logging, > } > > name = strtok(str, ":"); >+ if (name == NULL) { >+ return EINVAL; >+ } > option = strtok(NULL, ":"); >+ /* >+ * option can be NULL here, both setup() >+ * backends handle this. >+ */ > > for (i=0; i<ARRAY_SIZE(log_backend); i++) { > if (strcmp(log_backend[i].name, name) == 0) { >-- >2.12.0 > > >From 453d68ee40caffe812c9095586fed6160916f48f Mon Sep 17 00:00:00 2001 >From: Jeremy Allison <jra@samba.org> >Date: Thu, 23 Feb 2017 09:41:03 -0800 >Subject: [PATCH 12/12] s3:winbind: work around coverity false positive. > >Signed-off-by: Jeremy Allison <jra@samba.org> >Reviewed-by: Andreas Schneider <asn@samba.org> > >Autobuild-User(master): Jeremy Allison <jra@samba.org> >Autobuild-Date(master): Thu Feb 23 23:54:48 CET 2017 on sn-devel-144 > >(cherry picked from commit 2e09407c5b992db0da5ca3a6d1f38341dc42d070) >--- > source3/winbindd/winbindd_list_users.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > >diff --git a/source3/winbindd/winbindd_list_users.c b/source3/winbindd/winbindd_list_users.c >index 9a751a75c5b..fcbe8beff6f 100644 >--- a/source3/winbindd/winbindd_list_users.c >+++ b/source3/winbindd/winbindd_list_users.c >@@ -178,7 +178,7 @@ NTSTATUS winbindd_list_users_recv(struct tevent_req *req, > response->length += len; > response->data.num_entries = 0; > >- if (len >= 1) { >+ if (result != NULL && len >= 1) { > len -= 1; > response->data.num_entries = 1; > >-- >2.12.0 >
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Raw
Flags:
jra
:
review+
Actions:
View
Attachments on
bug 12592
: 12998 |
13004