diff options
author | Volker Lendecke <vl@samba.org> | 2013-11-11 20:37:48 +0000 |
---|---|---|
committer | Andreas Schneider <asn@samba.org> | 2013-11-13 09:01:55 +0100 |
commit | 7039c627c5eda7eb5497d872b9fe68b5dbe23693 (patch) | |
tree | 797cec173d607f0fc3586ea83bcbe4c3d7293d5d /source3/libsmb | |
parent | 744abc882284bfde41b087bc06e13160b915f371 (diff) | |
download | samba-7039c627c5eda7eb5497d872b9fe68b5dbe23693.tar.gz samba-7039c627c5eda7eb5497d872b9fe68b5dbe23693.tar.xz samba-7039c627c5eda7eb5497d872b9fe68b5dbe23693.zip |
libsmb: Fix CID 242665 Out-of-bounds access
Coverity is confused by the dual-use of "pss" as an array of size 1. This
is not strictly a bug here, but it is admittedly a small subtlety. It
should fix a whole bunch of Coverity issues. Normally I would resist to
change our code in response to a deficient static checker, but here I
would vote for this compromise.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Diffstat (limited to 'source3/libsmb')
-rw-r--r-- | source3/libsmb/cliconnect.c | 10 |
1 files changed, 7 insertions, 3 deletions
diff --git a/source3/libsmb/cliconnect.c b/source3/libsmb/cliconnect.c index 81bc028b26..3c9d03a076 100644 --- a/source3/libsmb/cliconnect.c +++ b/source3/libsmb/cliconnect.c @@ -2870,6 +2870,7 @@ static struct tevent_req *cli_connect_sock_send( struct tevent_req *req, *subreq; struct cli_connect_sock_state *state; const char *prog; + struct sockaddr_storage *addrs; unsigned i, num_addrs; NTSTATUS status; @@ -2893,7 +2894,6 @@ static struct tevent_req *cli_connect_sock_send( } if ((pss == NULL) || is_zero_addr(pss)) { - struct sockaddr_storage *addrs; /* * Here we cheat. resolve_name_list is not async at all. So @@ -2907,8 +2907,12 @@ static struct tevent_req *cli_connect_sock_send( tevent_req_nterror(req, status); return tevent_req_post(req, ev); } - pss = addrs; } else { + addrs = talloc_array(state, struct sockaddr_storage, 1); + if (tevent_req_nomem(addrs, req)) { + return tevent_req_post(req, ev); + } + addrs[0] = *pss; num_addrs = 1; } @@ -2931,7 +2935,7 @@ static struct tevent_req *cli_connect_sock_send( } subreq = smbsock_any_connect_send( - state, ev, pss, state->called_names, state->called_types, + state, ev, addrs, state->called_names, state->called_types, state->calling_names, NULL, num_addrs, port); if (tevent_req_nomem(subreq, req)) { return tevent_req_post(req, ev); |