Attachment 14216 Details for Bug 13437 – patch for 4.8

[patch] patch for 4.8

v4-8-test.patch2.txt (text/plain), 31.22 KB, created by Andreas Schneider on 2018-05-24 14:54:05 UTC

(hide)

Description:

Filename:

MIME Type:

Creator: Andreas Schneider

Created: 2018-05-24 14:54:05 UTC

Size: 31.22 KB

patch

obsolete

>From e6ec7889e8cc9bd6a2572219496ea152216c6f43 Mon Sep 17 00:00:00 2001
>From: =?UTF-8?q?G=C3=BCnther=20Deschner?= <gd@samba.org>
>Date: Tue, 8 May 2018 11:18:56 +0200
>Subject: [PATCH 01/14] s3-winbindd: use fill_domain_username_talloc() in
> winbind.
>
>BUG: https://bugzilla.samba.org/show_bug.cgi?id=13437
>
>Guenther
>
>Signed-off-by: Guenther Deschner <gd@samba.org>
>Reviewed-by: Andreas Schneider <asn@samba.org>
>(cherry picked from commit 3c6481d75cea175d0a69988577163efb40e2316b)
>---
> source3/winbindd/wb_getpwsid.c          | 15 ++++++++++++---
> source3/winbindd/wb_query_user_list.c   |  9 ++++++---
> source3/winbindd/winbindd_group.c       | 12 ++++++++----
> source3/winbindd/winbindd_list_groups.c | 14 ++++++++++----
> source3/winbindd/winbindd_pam.c         | 13 ++++++++++---
> 5 files changed, 46 insertions(+), 17 deletions(-)
>
>diff --git a/source3/winbindd/wb_getpwsid.c b/source3/winbindd/wb_getpwsid.c
>index 01c2f9cebfb..a8f32f2fc94 100644
>--- a/source3/winbindd/wb_getpwsid.c
>+++ b/source3/winbindd/wb_getpwsid.c
>@@ -69,7 +69,8 @@ static void wb_getpwsid_queryuser_done(struct tevent_req *subreq)
> 		req, struct wb_getpwsid_state);
> 	struct winbindd_pw *pw = state->pw;
> 	struct wbint_userinfo *info;
>-	fstring acct_name, output_username;
>+	fstring acct_name;
>+	const char *output_username;
> 	char *mapped_name = NULL;
> 	char *tmp;
> 	NTSTATUS status;
>@@ -101,16 +102,24 @@ static void wb_getpwsid_queryuser_done(struct tevent_req *subreq)
> 				    acct_name,
> 				    &mapped_name);
> 	if (NT_STATUS_IS_OK(status)) {
>-		fill_domain_username(output_username,
>+		output_username = fill_domain_username_talloc(state,
> 				     info->domain_name,
> 				     mapped_name, true);
>+		if (output_username == NULL) {
>+			tevent_req_nterror(req, NT_STATUS_NO_MEMORY);
>+			return;
>+		}
> 		fstrcpy(acct_name, mapped_name);
> 	} else if (NT_STATUS_EQUAL(status, NT_STATUS_FILE_RENAMED)) {
> 		fstrcpy(acct_name, mapped_name);
> 	} else {
>-		fill_domain_username(output_username,
>+		output_username = fill_domain_username_talloc(state,
> 				     info->domain_name,
> 				     acct_name, true);
>+		if (output_username == NULL) {
>+			tevent_req_nterror(req, NT_STATUS_NO_MEMORY);
>+			return;
>+		}
> 	}
> 
> 	strlcpy(pw->pw_name, output_username, sizeof(pw->pw_name));
>diff --git a/source3/winbindd/wb_query_user_list.c b/source3/winbindd/wb_query_user_list.c
>index 3c18080e847..6d699875e9b 100644
>--- a/source3/winbindd/wb_query_user_list.c
>+++ b/source3/winbindd/wb_query_user_list.c
>@@ -104,11 +104,14 @@ static void wb_query_user_list_done(struct tevent_req *subreq)
> 
> 	for (i=0; i<state->names.num_principals; i++) {
> 		struct wbint_Principal *p = &state->names.principals[i];
>-		fstring name;
>+		const char *name;
> 		int ret;
> 
>-		fill_domain_username(name, state->domain_name, p->name, true);
>-
>+		name = fill_domain_username_talloc(state, state->domain_name, p->name, true);
>+		if (name == NULL) {
>+			tevent_req_nterror(req, NT_STATUS_NO_MEMORY);
>+			return;
>+		}
> 		ret = strv_add(state, &state->users, name);
> 		if (ret != 0) {
> 			tevent_req_nterror(req, map_nt_error_from_unix(ret));
>diff --git a/source3/winbindd/winbindd_group.c b/source3/winbindd/winbindd_group.c
>index 417565ecbf0..76ba14afb3b 100644
>--- a/source3/winbindd/winbindd_group.c
>+++ b/source3/winbindd/winbindd_group.c
>@@ -34,7 +34,7 @@
> bool fill_grent(TALLOC_CTX *mem_ctx, struct winbindd_gr *gr,
> 		const char *dom_name, const char *gr_name, gid_t unix_gid)
> {
>-	fstring full_group_name;
>+	const char *full_group_name;
> 	char *mapped_name = NULL;
> 	NTSTATUS nt_status = NT_STATUS_UNSUCCESSFUL;
> 
>@@ -43,19 +43,23 @@ bool fill_grent(TALLOC_CTX *mem_ctx, struct winbindd_gr *gr,
> 
> 	/* Basic whitespace replacement */
> 	if (NT_STATUS_IS_OK(nt_status)) {
>-		fill_domain_username(full_group_name, dom_name,
>+		full_group_name = fill_domain_username_talloc(mem_ctx, dom_name,
> 				     mapped_name, true);
> 	}
> 	/* Mapped to an aliase */
> 	else if (NT_STATUS_EQUAL(nt_status, NT_STATUS_FILE_RENAMED)) {
>-		fstrcpy(full_group_name, mapped_name);
>+		full_group_name = mapped_name;
> 	}
> 	/* no change */
> 	else {
>-		fill_domain_username( full_group_name, dom_name,
>+		full_group_name = fill_domain_username_talloc(mem_ctx, dom_name,
> 				      gr_name, True );
> 	}
> 
>+	if (full_group_name == NULL) {
>+		return false;
>+	}
>+
> 	gr->gr_gid = unix_gid;
> 
> 	/* Group name and password */
>diff --git a/source3/winbindd/winbindd_list_groups.c b/source3/winbindd/winbindd_list_groups.c
>index 3b5c9dd60e7..03caef3ba96 100644
>--- a/source3/winbindd/winbindd_list_groups.c
>+++ b/source3/winbindd/winbindd_list_groups.c
>@@ -166,10 +166,13 @@ NTSTATUS winbindd_list_groups_recv(struct tevent_req *req,
> 		struct winbindd_list_groups_domstate *d = &state->domains[i];
> 
> 		for (j=0; j<d->groups.num_principals; j++) {
>-			fstring name;
>-			fill_domain_username(name, d->domain->name,
>+			const char *name;
>+			name = fill_domain_username_talloc(response, d->domain->name,
> 					     d->groups.principals[j].name,
> 					     True);
>+			if (name == NULL) {
>+				return NT_STATUS_NO_MEMORY;
>+			}
> 			len += strlen(name)+1;
> 		}
> 		response->data.num_entries += d->groups.num_principals;
>@@ -185,11 +188,14 @@ NTSTATUS winbindd_list_groups_recv(struct tevent_req *req,
> 		struct winbindd_list_groups_domstate *d = &state->domains[i];
> 
> 		for (j=0; j<d->groups.num_principals; j++) {
>-			fstring name;
>+			const char *name;
> 			size_t this_len;
>-			fill_domain_username(name, d->domain->name,
>+			name = fill_domain_username_talloc(response, d->domain->name,
> 					     d->groups.principals[j].name,
> 					     True);
>+			if (name == NULL) {
>+				return NT_STATUS_NO_MEMORY;
>+			}
> 			this_len = strlen(name);
> 			memcpy(result+len, name, this_len);
> 			len += this_len;
>diff --git a/source3/winbindd/winbindd_pam.c b/source3/winbindd/winbindd_pam.c
>index 9c66c6bdb82..5a14051437c 100644
>--- a/source3/winbindd/winbindd_pam.c
>+++ b/source3/winbindd/winbindd_pam.c
>@@ -193,7 +193,7 @@ static NTSTATUS append_unix_username(TALLOC_CTX *mem_ctx,
> 	/* We've been asked to return the unix username, per
> 	   'winbind use default domain' settings and the like */
> 
>-	const char *nt_username, *nt_domain;
>+	const char *nt_username, *nt_domain, *unix_username;
> 
> 	nt_domain = talloc_strdup(mem_ctx, info3->base.logon_domain.string);
> 	if (!nt_domain) {
>@@ -209,8 +209,15 @@ static NTSTATUS append_unix_username(TALLOC_CTX *mem_ctx,
> 		nt_username = name_user;
> 	}
> 
>-	fill_domain_username(resp->data.auth.unix_username,
>-			     nt_domain, nt_username, true);
>+	unix_username = fill_domain_username_talloc(mem_ctx,
>+						    nt_domain,
>+						    nt_username,
>+						    true);
>+	if (unix_username == NULL) {
>+		return NT_STATUS_NO_MEMORY;
>+	}
>+
>+	fstrcpy(resp->data.auth.unix_username, unix_username);
> 
> 	DEBUG(5, ("Setting unix username to [%s]\n",
> 		  resp->data.auth.unix_username));
>-- 
>2.17.0
>
>
>From 32e858564791e46d14a450bf70ad930e062b610f Mon Sep 17 00:00:00 2001
>From: =?UTF-8?q?G=C3=BCnther=20Deschner?= <gd@samba.org>
>Date: Tue, 8 May 2018 11:19:42 +0200
>Subject: [PATCH 02/14] s3-winbindd: remove unused fill_domain_username()
>
>BUG: https://bugzilla.samba.org/show_bug.cgi?id=13437
>
>Guenther
>
>Signed-off-by: Guenther Deschner <gd@samba.org>
>Reviewed-by: Andreas Schneider <asn@samba.org>
>(cherry picked from commit b24d4eb7afad82afc3a9bab65e1d799edc4b5172)
>---
> source3/winbindd/winbindd_proto.h |  1 -
> source3/winbindd/winbindd_util.c  | 20 --------------------
> 2 files changed, 21 deletions(-)
>
>diff --git a/source3/winbindd/winbindd_proto.h b/source3/winbindd/winbindd_proto.h
>index 95f24d2c279..85cd50b8ed7 100644
>--- a/source3/winbindd/winbindd_proto.h
>+++ b/source3/winbindd/winbindd_proto.h
>@@ -485,7 +485,6 @@ bool canonicalize_username(fstring username_inout,
> 			   fstring namespace,
> 			   fstring domain,
> 			   fstring user);
>-void fill_domain_username(fstring name, const char *domain, const char *user, bool can_assume);
> char *fill_domain_username_talloc(TALLOC_CTX *ctx,
> 				  const char *domain,
> 				  const char *user,
>diff --git a/source3/winbindd/winbindd_util.c b/source3/winbindd/winbindd_util.c
>index c2ec164e143..aa633419c9a 100644
>--- a/source3/winbindd/winbindd_util.c
>+++ b/source3/winbindd/winbindd_util.c
>@@ -1650,26 +1650,6 @@ bool canonicalize_username(fstring username_inout,
> 
>     We always canonicalize as UPPERCASE DOMAIN, lowercase username.
> */
>-void fill_domain_username(fstring name, const char *domain, const char *user, bool can_assume)
>-{
>-	fstring tmp_user;
>-
>-	if (lp_server_role() == ROLE_ACTIVE_DIRECTORY_DC) {
>-		can_assume = false;
>-	}
>-
>-	fstrcpy(tmp_user, user);
>-	(void)strlower_m(tmp_user);
>-
>-	if (can_assume && assume_domain(domain)) {
>-		strlcpy(name, tmp_user, sizeof(fstring));
>-	} else {
>-		slprintf(name, sizeof(fstring) - 1, "%s%c%s",
>-			 domain, *lp_winbind_separator(),
>-			 tmp_user);
>-	}
>-}
>-
> /**
>  * talloc version of fill_domain_username()
>  * return NULL on talloc failure.
>-- 
>2.17.0
>
>
>From 21d85da9f652f33ecd9060ddb5e5a1ef5d530aa2 Mon Sep 17 00:00:00 2001
>From: =?UTF-8?q?G=C3=BCnther=20Deschner?= <gd@samba.org>
>Date: Tue, 8 May 2018 13:46:11 +0200
>Subject: [PATCH 03/14] s3-printing: fix format-truncation in
> print_queue_update()
>MIME-Version: 1.0
>Content-Type: text/plain; charset=UTF-8
>Content-Transfer-Encoding: 8bit
>
>../source3/printing/printing.c: In function âprint_queue_updateâ:
>../source3/printing/printing.c:1809:42: error: â%sâ directive output may be truncated writing up to 255 bytes into a region of size 244 [-Werror=format-truncation=]
>  snprintf(key, sizeof(key), "MSG_PENDING/%s", sharename);
>                                          ^~   ~~~~~~~~~
>../source3/printing/printing.c:1809:2: note: âsnprintfâ output between 13 and 268 bytes into a destination of size 256
>  snprintf(key, sizeof(key), "MSG_PENDING/%s", sharename);
>
>BUG: https://bugzilla.samba.org/show_bug.cgi?id=13437
>
>Guenther
>
>Signed-off-by: Guenther Deschner <gd@samba.org>
>Reviewed-by: Andreas Schneider <asn@samba.org>
>(cherry picked from commit 6326b3415f3e225aafd5912d0965c80abcd7b22c)
>---
> source3/printing/printing.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
>diff --git a/source3/printing/printing.c b/source3/printing/printing.c
>index e4bb1d84f69..38d718045a1 100644
>--- a/source3/printing/printing.c
>+++ b/source3/printing/printing.c
>@@ -1693,7 +1693,7 @@ extern pid_t background_lpq_updater_pid;
> static void print_queue_update(struct messaging_context *msg_ctx,
> 			       int snum, bool force)
> {
>-	fstring key;
>+	char key[268];
> 	fstring sharename;
> 	char *lpqcommand = NULL;
> 	char *lprmcommand = NULL;
>-- 
>2.17.0
>
>
>From 357434d38497d0b9aaca914ce0b496d661f67d9e Mon Sep 17 00:00:00 2001
>From: =?UTF-8?q?G=C3=BCnther=20Deschner?= <gd@samba.org>
>Date: Tue, 8 May 2018 13:54:53 +0200
>Subject: [PATCH 04/14] s4-torture: fix format-truncation warning in smb2
> session tests.
>MIME-Version: 1.0
>Content-Type: text/plain; charset=UTF-8
>Content-Transfer-Encoding: 8bit
>
>../source4/torture/smb2/session.c: In function âtest_session_reauth5â:
>../source4/torture/smb2/session.c:645:36: error: â\file.datâ directive output may be truncated writing 9 bytes into a region of size between 1 and 256 [-Werror=format-truncation=]
>  snprintf(fname, sizeof(fname), "%s\\file.dat", dname);
>                                    ^~~~~~~~~~
>../source4/torture/smb2/session.c:645:2: note: âsnprintfâ output between 10 and 265 bytes into a destination of size 256
>  snprintf(fname, sizeof(fname), "%s\\file.dat", dname);
>  ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>../source4/torture/smb2/session.c:696:38: error: â\file2.datâ directive output may be truncated writing 10 bytes into a region of size between 1 and 256 [-Werror=format-truncation=]
>  snprintf(fname2, sizeof(fname2), "%s\\file2.dat", dname);
>                                      ^~~~~~~~~~~
>../source4/torture/smb2/session.c:696:2: note: âsnprintfâ output between 11 and 266 bytes into a destination of size 256
>  snprintf(fname2, sizeof(fname2), "%s\\file2.dat", dname);
>  ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>cc1: some warnings being treated as errors
>
>BUG: https://bugzilla.samba.org/show_bug.cgi?id=13437
>
>Guenther
>
>Signed-off-by: Guenther Deschner <gd@samba.org>
>Reviewed-by: Andreas Schneider <asn@samba.org>
>(cherry picked from commit 5729898248041794ffdd0b769332e015baf12cce)
>---
> source4/torture/smb2/session.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
>diff --git a/source4/torture/smb2/session.c b/source4/torture/smb2/session.c
>index 15a11e235d6..f3fa596e464 100644
>--- a/source4/torture/smb2/session.c
>+++ b/source4/torture/smb2/session.c
>@@ -616,7 +616,7 @@ bool test_session_reauth5(struct torture_context *tctx, struct smb2_tree *tree)
> {
> 	NTSTATUS status;
> 	TALLOC_CTX *mem_ctx = talloc_new(tctx);
>-	char dname[256];
>+	char dname[128];
> 	char fname[256];
> 	char fname2[256];
> 	struct smb2_handle _dh1;
>-- 
>2.17.0
>
>
>From c9dc22cefab90e89d33617eb42c0b8721aae9f83 Mon Sep 17 00:00:00 2001
>From: =?UTF-8?q?G=C3=BCnther=20Deschner?= <gd@samba.org>
>Date: Tue, 8 May 2018 14:13:56 +0200
>Subject: [PATCH 05/14] s3-utils: fix format-truncation in smbpasswd
>MIME-Version: 1.0
>Content-Type: text/plain; charset=UTF-8
>Content-Transfer-Encoding: 8bit
>
>../source3/utils/smbpasswd.c: In function âprocess_rootâ:
>../source3/utils/smbpasswd.c:414:37: error: â$â directive output may be truncated writing 1 byte into a region of size between 0 and 255 [-Werror=format-truncation=]
>   slprintf(buf, sizeof(buf) - 1, "%s$", user_name);
>                                     ^
>In file included from ../source3/include/includes.h:23,
>                 from ../source3/utils/smbpasswd.c:19:
>../lib/replace/../replace/replace.h:514:18: note: âsnprintfâ output between 2 and 257 bytes into a destination of size 255
> #define slprintf snprintf
>../source3/utils/smbpasswd.c:414:3: note: in expansion of macro âslprintfâ
>   slprintf(buf, sizeof(buf) - 1, "%s$", user_name);
>   ^~~~~~~~
>../source3/utils/smbpasswd.c:397:35: error: â$â directive output may be truncated writing 1 byte into a region of size between 0 and 255 [-Werror=format-truncation=]
>   slprintf(buf, sizeof(buf)-1, "%s$", user_name);
>                                   ^
>In file included from ../source3/include/includes.h:23,
>                 from ../source3/utils/smbpasswd.c:19:
>../lib/replace/../replace/replace.h:514:18: note: âsnprintfâ output between 2 and 257 bytes into a destination of size 255
> #define slprintf snprintf
>../source3/utils/smbpasswd.c:397:3: note: in expansion of macro âslprintfâ
>   slprintf(buf, sizeof(buf)-1, "%s$", user_name);
>   ^~~~~~~~
>cc1: some warnings being treated as errors
>
>BUG: https://bugzilla.samba.org/show_bug.cgi?id=13437
>
>Pair-Programmed-With: Andreas Schneider <asn@samba.org>
>
>Signed-off-by: Guenther Deschner <gd@samba.org>
>Signed-off-by: Andreas Schneider <asn@samba.org>
>(cherry picked from commit 9b6dc8f504c406ed8a044e5becca7e8f01da6c84)
>---
> source3/utils/smbpasswd.c | 49 +++++++++++++++++++++------------------
> 1 file changed, 26 insertions(+), 23 deletions(-)
>
>diff --git a/source3/utils/smbpasswd.c b/source3/utils/smbpasswd.c
>index 3136de6a23d..04f34aa9b69 100644
>--- a/source3/utils/smbpasswd.c
>+++ b/source3/utils/smbpasswd.c
>@@ -368,36 +368,44 @@ static int process_root(int local_flags)
> 
> 	if (local_flags & LOCAL_TRUST_ACCOUNT) {
> 		/* add the $ automatically */
>-		static fstring buf;
>+		size_t user_name_len = strlen(user_name);
> 
>-		/*
>-		 * Remove any trailing '$' before we
>-		 * generate the initial machine password.
>-		 */
>-
>-		if (user_name[strlen(user_name)-1] == '$') {
>-			user_name[strlen(user_name)-1] = 0;
>+		if (user_name[user_name_len - 1] == '$') {
>+			user_name_len--;
>+		} else {
>+			if (user_name_len + 2 > sizeof(user_name)) {
>+				fprintf(stderr, "machine name too long\n");
>+				exit(1);
>+			}
>+			user_name[user_name_len] = '$';
>+			user_name[user_name_len + 1] = '\0';
> 		}
> 
> 		if (local_flags & LOCAL_ADD_USER) {
> 		        SAFE_FREE(new_passwd);
>-			new_passwd = smb_xstrdup(user_name);
>+
>+			/*
>+			 * Remove any trailing '$' before we
>+			 * generate the initial machine password.
>+			 */
>+			new_passwd = smb_xstrndup(user_name, user_name_len);
> 			if (!strlower_m(new_passwd)) {
> 				fprintf(stderr, "strlower_m %s failed\n",
> 					new_passwd);
> 				exit(1);
> 			}
> 		}
>-
>-		/*
>-		 * Now ensure the username ends in '$' for
>-		 * the machine add.
>-		 */
>-
>-		slprintf(buf, sizeof(buf)-1, "%s$", user_name);
>-		strlcpy(user_name, buf, sizeof(user_name));
> 	} else if (local_flags & LOCAL_INTERDOM_ACCOUNT) {
>-		static fstring buf;
>+		size_t user_name_len = strlen(user_name);
>+
>+		if (user_name[user_name_len - 1] != '$') {
>+			if (user_name_len + 2 > sizeof(user_name)) {
>+				fprintf(stderr, "machine name too long\n");
>+				exit(1);
>+			}
>+			user_name[user_name_len] = '$';
>+			user_name[user_name_len + 1] = '\0';
>+		}
> 
> 		if ((local_flags & LOCAL_ADD_USER) && (new_passwd == NULL)) {
> 			/*
>@@ -409,11 +417,6 @@ static int process_root(int local_flags)
> 				exit(1);
> 			}
> 		}
>-
>-		/* prepare uppercased and '$' terminated username */
>-		slprintf(buf, sizeof(buf) - 1, "%s$", user_name);
>-		strlcpy(user_name, buf, sizeof(user_name));
>-
> 	} else {
> 
> 		if (remote_machine != NULL) {
>-- 
>2.17.0
>
>
>From 74f2ed24441e29d61cdfd7907d44378abd08cca7 Mon Sep 17 00:00:00 2001
>From: Andreas Schneider <asn@samba.org>
>Date: Tue, 8 May 2018 09:22:00 +0200
>Subject: [PATCH 06/14] lib:util: Fix string check in mkdir_p()
>
>BUG: https://bugzilla.samba.org/show_bug.cgi?id=13437
>
>Signed-off-by: Andreas Schneider <asn@samba.org>
>Reviewed-by: Guenther Deschner <gd@samba.org>
>(cherry picked from commit 7cec343a89a0862c09f5ddd4707eb442157a4af2)
>---
> lib/util/mkdir_p.c | 4 ++--
> 1 file changed, 2 insertions(+), 2 deletions(-)
>
>diff --git a/lib/util/mkdir_p.c b/lib/util/mkdir_p.c
>index 290a1f39520..87a3f797618 100644
>--- a/lib/util/mkdir_p.c
>+++ b/lib/util/mkdir_p.c
>@@ -49,11 +49,11 @@ int mkdir_p(const char *dir, int mode)
> 
> 	/* Create ancestors */
> 	len = strlen(dir);
>-	if (len >= PATH_MAX) {
>+	ret = snprintf(t, sizeof(t), "%s", dir);
>+	if (ret != len) {
> 		errno = ENAMETOOLONG;
> 		return -1;
> 	}
>-	strncpy(t, dir, len+1);
> 
> 	ret = mkdir_p(dirname(t), mode);
> 	if (ret != 0) {
>-- 
>2.17.0
>
>
>From e8cb01434ca8969ed5f97b11b1a7f2a2800f87a9 Mon Sep 17 00:00:00 2001
>From: Andreas Schneider <asn@samba.org>
>Date: Wed, 9 May 2018 17:35:45 +0200
>Subject: [PATCH 07/14] s4:torture: Use strlcpy() in gen_name()
>MIME-Version: 1.0
>Content-Type: text/plain; charset=UTF-8
>Content-Transfer-Encoding: 8bit
>
>../source4/torture/basic/mangle_test.c: In function âgen_nameâ:
>../source4/torture/basic/mangle_test.c:148:3: error: âstrncpyâ output
>    truncated before terminating nul copying 5 bytes from a string of the
>    same length [-Werror=stringop-truncation]
>   strncpy(p, "ABCDE", 5);
>   ^~~~~~~~~~~~~~~~~~~~~~
>
>BUG: https://bugzilla.samba.org/show_bug.cgi?id=13437
>
>Signed-off-by: Andreas Schneider <asn@samba.org>
>Reviewed-by: Guenther Deschner <gd@samba.org>
>(cherry picked from commit 7a00d90d668f53914ffe035c41a5e79e60b51521)
>---
> source4/torture/basic/mangle_test.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
>diff --git a/source4/torture/basic/mangle_test.c b/source4/torture/basic/mangle_test.c
>index 0b7d696e677..df12b3ce821 100644
>--- a/source4/torture/basic/mangle_test.c
>+++ b/source4/torture/basic/mangle_test.c
>@@ -145,7 +145,7 @@ static char *gen_name(TALLOC_CTX *mem_ctx)
> 
> 	/* and a medium probability of a common lead string */
> 	if ((len > 5) && (random() % 10 == 0)) {
>-		strncpy(p, "ABCDE", 5);
>+		strlcpy(p, "ABCDE", 6);
> 	}
> 
> 	/* and a high probability of a good extension length */
>-- 
>2.17.0
>
>
>From ddd8d252ed8b36ee173f95fa7c4d9031762ce201 Mon Sep 17 00:00:00 2001
>From: Andreas Schneider <asn@samba.org>
>Date: Wed, 9 May 2018 17:29:39 +0200
>Subject: [PATCH 08/14] s3:lib: Use memcpy() in escape_ldap_string()
>MIME-Version: 1.0
>Content-Type: text/plain; charset=UTF-8
>Content-Transfer-Encoding: 8bit
>
>../source3/lib/ldap_escape.c: In function âescape_ldap_stringâ:
>../source3/lib/ldap_escape.c:79:4: error: âstrncpyâ output truncated
>    before terminating nul copying 3 bytes from a string of the same length
>[-Werror=stringop-truncation]
>    strncpy (p, sub, 3);
>    ^~~~~~~~~~~~~~~~~~~
>
>We concatenat and do not care about NUL-termination till the loop has
>finished.
>
>BUG: https://bugzilla.samba.org/show_bug.cgi?id=13437
>
>Signed-off-by: Andreas Schneider <asn@samba.org>
>Reviewed-by: Guenther Deschner <gd@samba.org>
>(cherry picked from commit ff7568daaeb19ff30f47f7f600ead247eaf4e826)
>---
> source3/lib/ldap_escape.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
>diff --git a/source3/lib/ldap_escape.c b/source3/lib/ldap_escape.c
>index fa75dabcae6..0d2b8f5fe01 100644
>--- a/source3/lib/ldap_escape.c
>+++ b/source3/lib/ldap_escape.c
>@@ -76,7 +76,7 @@ char *escape_ldap_string(TALLOC_CTX *mem_ctx, const char *s)
> 			output = tmp;
> 
> 			p = &output[i];
>-			strncpy (p, sub, 3);
>+			memcpy(p, sub, 3);
> 			p += 3;
> 			i += 3;
> 
>-- 
>2.17.0
>
>
>From 2a3ee0895720c2149b064133d4e21eda9d628c8f Mon Sep 17 00:00:00 2001
>From: Andreas Schneider <asn@samba.org>
>Date: Wed, 9 May 2018 18:05:01 +0200
>Subject: [PATCH 09/14] s3:passdb: Fix size of ascii_p16
>MIME-Version: 1.0
>Content-Type: text/plain; charset=UTF-8
>Content-Transfer-Encoding: 8bit
>
>../source3/passdb/pdb_smbpasswd.c: In function âmod_smbfilepwd_entryâ:
>../source3/passdb/pdb_smbpasswd.c:1015:7: error: â:LCT-â directive
>    output may be truncated writing 5 bytes into a region of size between 0
>    and 255 [-Werror=format-truncat ion=]
>    "%s:LCT-%08X:",
>       ^~~~~
>../source3/passdb/pdb_smbpasswd.c:1015:4: note: using the range [0,
>    4294967295] for directive argument
>    "%s:LCT-%08X:",
>    ^~~~~~~~~~~~~~
>In file included from ../source3/include/includes.h:23,
>                 from ../source3/passdb/pdb_smbpasswd.c:23:
>../lib/replace/../replace/replace.h:514:18: note: âsnprintfâ output
>    between 15 and 270 bytes into a destination of size 255
> #define slprintf snprintf
>../source3/passdb/pdb_smbpasswd.c:1013:3: note: in expansion of macro âslprintfâ
>   slprintf(&ascii_p16[strlen(ascii_p16)],
>   ^~~~~~~~
>
>BUG: https://bugzilla.samba.org/show_bug.cgi?id=13437
>
>Signed-off-by: Andreas Schneider <asn@samba.org>
>Reviewed-by: Guenther Deschner <gd@samba.org>
>(cherry picked from commit 728297ca889b39ce2006778bf6a5bf1c3ce82d6d)
>---
> source3/passdb/pdb_smbpasswd.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
>diff --git a/source3/passdb/pdb_smbpasswd.c b/source3/passdb/pdb_smbpasswd.c
>index 9c381471dda..ec184caf3db 100644
>--- a/source3/passdb/pdb_smbpasswd.c
>+++ b/source3/passdb/pdb_smbpasswd.c
>@@ -741,7 +741,7 @@ static bool mod_smbfilepwd_entry(struct smbpasswd_privates *smbpasswd_state, con
> 	char linebuf[LINEBUF_SIZE + 1];
> 	char readbuf[1024];
> 	int c;
>-	fstring ascii_p16;
>+	char ascii_p16[FSTRING_LEN + 20];
> 	fstring encode_bits;
> 	unsigned char *p = NULL;
> 	size_t linebuf_len = 0;
>-- 
>2.17.0
>
>
>From 4be30e4ba826b8077f8339595d9c2ef9d516bf9a Mon Sep 17 00:00:00 2001
>From: Andreas Schneider <asn@samba.org>
>Date: Wed, 9 May 2018 18:07:47 +0200
>Subject: [PATCH 10/14] s3:winbind: Fix uninitialzed variable warning
>
>Raised by GCC8.
>
>BUG: https://bugzilla.samba.org/show_bug.cgi?id=13437
>
>Signed-off-by: Andreas Schneider <asn@samba.org>
>Reviewed-by: Guenther Deschner <gd@samba.org>
>(cherry picked from commit 6b728b87bf5726f14100d76956c3df3fd9bb1058)
>---
> source3/winbindd/wb_getpwsid.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
>diff --git a/source3/winbindd/wb_getpwsid.c b/source3/winbindd/wb_getpwsid.c
>index a8f32f2fc94..8e114abf965 100644
>--- a/source3/winbindd/wb_getpwsid.c
>+++ b/source3/winbindd/wb_getpwsid.c
>@@ -70,7 +70,7 @@ static void wb_getpwsid_queryuser_done(struct tevent_req *subreq)
> 	struct winbindd_pw *pw = state->pw;
> 	struct wbint_userinfo *info;
> 	fstring acct_name;
>-	const char *output_username;
>+	const char *output_username = NULL;
> 	char *mapped_name = NULL;
> 	char *tmp;
> 	NTSTATUS status;
>-- 
>2.17.0
>
>
>From 895e198c8f225ea0824075a5a08eaca975f54179 Mon Sep 17 00:00:00 2001
>From: Andreas Schneider <asn@samba.org>
>Date: Wed, 9 May 2018 17:52:19 +0200
>Subject: [PATCH 11/14] lib:util: Fix parameter aliasing in tfork test
>
>../lib/util/tests/tfork.c:483:24: error: passing argument 1 to
>    restrict-qualified parameter aliases with argument 4 [-Werror=restrict]
>   ret = pthread_create(&threads[i],
>                        ^~~~~~~~~~~
>../lib/util/tests/tfork.c:486:10:
>          (void *)&threads[i]);
>          ~~~~~~~~~~~~~~~~~~~
>
>BUG: https://bugzilla.samba.org/show_bug.cgi?id=13437
>
>Signed-off-by: Andreas Schneider <asn@samba.org>
>Reviewed-by: Guenther Deschner <gd@samba.org>
>(cherry picked from commit 6f06a0154f5769cb85f6e189eecd78cd7805090a)
>---
> lib/util/tests/tfork.c | 7 ++-----
> 1 file changed, 2 insertions(+), 5 deletions(-)
>
>diff --git a/lib/util/tests/tfork.c b/lib/util/tests/tfork.c
>index 9bcdc2f3d6d..3c73355b3f0 100644
>--- a/lib/util/tests/tfork.c
>+++ b/lib/util/tests/tfork.c
>@@ -417,8 +417,7 @@ static void *tfork_thread(void *p)
> 	struct tfork *t = NULL;
> 	int status;
> 	pid_t child;
>-	pthread_t *ptid = (pthread_t *)p;
>-	uint64_t tid;
>+	uint64_t tid = (uint64_t)pthread_self();
> 	uint64_t *result = NULL;
> 	int up[2];
> 	ssize_t nread;
>@@ -429,8 +428,6 @@ static void *tfork_thread(void *p)
> 		pthread_exit(NULL);
> 	}
> 
>-	tid = (uint64_t)*ptid;
>-
> 	t = tfork_create();
> 	if (t == NULL) {
> 		pthread_exit(NULL);
>@@ -480,7 +477,7 @@ static bool test_tfork_threads(struct torture_context *tctx)
> #endif
> 
> 	for (i = 0; i < num_threads; i++) {
>-		ret = pthread_create(&threads[i], NULL, tfork_thread, &threads[i]);
>+		ret = pthread_create(&threads[i], NULL, tfork_thread, NULL);
> 		torture_assert_goto(tctx, ret == 0, ok, done,
> 				    "pthread_create failed\n");
> 	}
>-- 
>2.17.0
>
>
>From 5c403efd9edac1072a195d77a42e4b505c152028 Mon Sep 17 00:00:00 2001
>From: Andreas Schneider <asn@samba.org>
>Date: Tue, 8 May 2018 09:31:51 +0200
>Subject: [PATCH 12/14] lib:util: Fix size types in debug.c
>
>BUG: https://bugzilla.samba.org/show_bug.cgi?id=13437
>
>Signed-off-by: Andreas Schneider <asn@samba.org>
>Reviewed-by: Guenther Deschner <gd@samba.org>
>(cherry picked from commit fb6cd9c44ac6fcc9f6abe3b63fc742aeac42969a)
>---
> lib/util/debug.c | 14 +++++++-------
> 1 file changed, 7 insertions(+), 7 deletions(-)
>
>diff --git a/lib/util/debug.c b/lib/util/debug.c
>index d010b724203..b58303e8c82 100644
>--- a/lib/util/debug.c
>+++ b/lib/util/debug.c
>@@ -480,8 +480,8 @@ static void debug_set_backends(const char *param)
> static void debug_backends_log(const char *msg, int msg_level)
> {
> 	char msg_no_nl[FORMAT_BUFR_SIZE];
>-	unsigned i;
>-	int len;
>+	size_t i;
>+	size_t len;
> 
> 	/*
> 	 * Some backends already add an extra newline, so also provide
>@@ -551,7 +551,7 @@ static const char *default_classname_table[] = {
>  */
> static const int debug_class_list_initial[ARRAY_SIZE(default_classname_table)];
> 
>-static int debug_num_classes = 0;
>+static size_t debug_num_classes = 0;
> int     *DEBUGLEVEL_CLASS = discard_const_p(int, debug_class_list_initial);
> 
> 
>@@ -630,7 +630,7 @@ utility lists registered debug class names's
> char *debug_list_class_names_and_levels(void)
> {
> 	char *buf = NULL;
>-	int i;
>+	size_t i;
> 	/* prepare strings */
> 	for (i = 0; i < debug_num_classes; i++) {
> 		buf = talloc_asprintf_append(buf,
>@@ -651,7 +651,7 @@ char *debug_list_class_names_and_levels(void)
> 
> static int debug_lookup_classname_int(const char* classname)
> {
>-	int i;
>+	size_t i;
> 
> 	if (!classname) return -1;
> 
>@@ -741,7 +741,7 @@ static int debug_lookup_classname(const char *classname)
> 
> static void debug_dump_status(int level)
> {
>-	int q;
>+	size_t q;
> 
> 	DEBUG(level, ("INFO: Current debug levels:\n"));
> 	for (q = 0; q < debug_num_classes; q++) {
>@@ -790,7 +790,7 @@ bool debug_parse_levels(const char *params_str)
> 	size_t str_len = strlen(params_str);
> 	char str[str_len+1];
> 	char *tok, *saveptr;
>-	int i;
>+	size_t i;
> 
> 	/* Just in case */
> 	debug_init();
>-- 
>2.17.0
>
>
>From 3d9f51fdf0564d5ce0d85067f17c5fe1c95e5497 Mon Sep 17 00:00:00 2001
>From: Andreas Schneider <asn@samba.org>
>Date: Tue, 15 May 2018 17:55:22 +0200
>Subject: [PATCH 13/14] s4:ntvfs: Fix string copy of share_name
>MIME-Version: 1.0
>Content-Type: text/plain; charset=UTF-8
>Content-Transfer-Encoding: 8bit
>
>../source4/ntvfs/ipc/rap_server.c:70:3: error: âstrncpyâ specified bound 13 equals destination size [-Werror=stringop-truncation]
>   strncpy((char *)r->out.info[j].info1.share_name,
>   ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>    snames[i],
>    ~~~~~~~~~~
>    sizeof(r->out.info[0].info1.share_name));
>    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>
>Signed-off-by: Andreas Schneider <asn@samba.org>
>Reviewed-by: Guenther Deschner <gd@samba.org>
>(cherry picked from commit 609ef35c12900bbd5ecaa557f7b5d71b5784a103)
>---
> source4/ntvfs/ipc/rap_server.c | 9 +++++++--
> 1 file changed, 7 insertions(+), 2 deletions(-)
>
>diff --git a/source4/ntvfs/ipc/rap_server.c b/source4/ntvfs/ipc/rap_server.c
>index 3a133f568da..fc2d3aa611d 100644
>--- a/source4/ntvfs/ipc/rap_server.c
>+++ b/source4/ntvfs/ipc/rap_server.c
>@@ -63,13 +63,18 @@ NTSTATUS rap_netshareenum(TALLOC_CTX *mem_ctx,
> 				   union rap_share_info, r->out.available);
> 
> 	for (i = 0, j = 0; i < r->out.available; i++) {
>+		size_t sname_len;
>+
> 		if (!NT_STATUS_IS_OK(share_get_config(mem_ctx, sctx, snames[i], &scfg))) {
> 			DEBUG(3, ("WARNING: Service [%s] disappeared after enumeration!\n", snames[i]));
> 			continue;
> 		}
>-		strncpy((char *)r->out.info[j].info1.share_name,
>+		/* Make sure we have NUL-termination */
>+		sname_len = MIN(strlen(snames[i]),
>+				sizeof(r->out.info[j].info1.share_name));
>+		strlcpy((char *)r->out.info[j].info1.share_name,
> 			snames[i],
>-			sizeof(r->out.info[0].info1.share_name));
>+			sname_len);
> 		r->out.info[i].info1.reserved1 = 0;
> 		r->out.info[i].info1.share_type = dcesrv_common_get_share_type(mem_ctx, NULL, scfg);
> 		r->out.info[i].info1.comment = share_string_option(mem_ctx, scfg, SHARE_COMMENT, "");
>-- 
>2.17.0
>
>
>From fb93b1b033978b79fad7dedc05c702913f4d0fdf Mon Sep 17 00:00:00 2001
>From: Andreas Schneider <asn@samba.org>
>Date: Wed, 16 May 2018 13:59:55 +0200
>Subject: [PATCH 14/14] lib: Fix array size in audit_logging
>MIME-Version: 1.0
>Content-Type: text/plain; charset=UTF-8
>Content-Transfer-Encoding: 8bit
>
>../lib/audit_logging/audit_logging.c: In function âjson_add_timestampâ:
>../lib/audit_logging/audit_logging.c:603:12: error: â%sâ directive
>       output may be truncated writing up to 9 bytes into a region of size
>       between 0 and 43 [-Werror=format-truncation=]
>   "%s.%06ld%s",
>            ^~
>../lib/audit_logging/audit_logging.c:606:3:
>   tz);
>   ~~
>../lib/audit_logging/audit_logging.c:600:2: note: âsnprintfâ output
>       between 8 and 70 bytes into a destination of size 50
>  snprintf(
>  ^~~~~~~~~
>   timestamp,
>   ~~~~~~~~~~
>   sizeof(timestamp),
>   ~~~~~~~~~~~~~~~~~~
>   "%s.%06ld%s",
>   ~~~~~~~~~~~~~
>   buffer,
>   ~~~~~~~
>   tv.tv_usec,
>   ~~~~~~~~~~~
>   tz);
>   ~~~
>
>BUG: https://bugzilla.samba.org/show_bug.cgi?id=13437
>
>Signed-off-by: Andreas Schneider <asn@samba.org>
>Reviewed-by: Guenther Deschner <gd@samba.org>
>
>(cherry picked from commit 8b7c8eb3907e2123acee67949e88c26072afc81a)
>---
> auth/auth_log.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
>diff --git a/auth/auth_log.c b/auth/auth_log.c
>index d4c6c445bed..72d8f818396 100644
>--- a/auth/auth_log.c
>+++ b/auth/auth_log.c
>@@ -350,7 +350,7 @@ static void add_version(struct json_context *context, int major, int minor)
> static void add_timestamp(struct json_context *context)
> {
> 	char buffer[40];	/* formatted time less usec and timezone */
>-	char timestamp[50];	/* the formatted ISO 8601 time stamp	 */
>+	char timestamp[65];	/* the formatted ISO 8601 time stamp	 */
> 	char tz[10];		/* formatted time zone			 */
> 	struct tm* tm_info;	/* current local time			 */
> 	struct timeval tv;	/* current system time			 */
>-- 
>2.17.0
>

Flags:

gd: review+

Actions: View

Attachments on bug 13437: 14214 | 14216 | 14233 | 14234 | 14244 | 14248 | 14249 | 14250