]> git.ipfire.org Git - thirdparty/samba.git/commitdiff
projects / thirdparty / samba.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 10b95ff)
s3:registry: Avoid possible double frees
authorAndreas Schneider <asn@samba.org>
Wed, 19 Jun 2024 09:46:15 +0000 (11:46 +0200)
committerAndreas Schneider <asn@cryptomilk.org>
Mon, 24 Jun 2024 06:14:36 +0000 (06:14 +0000)
Found by Covscan.

"Error: USE_AFTER_FREE (CWE-416):
samba-4.20.0rc2/source3/registry/reg_perfcount.c:309: freed_arg: ""_reg_perfcount_multi_sz_from_tdb"" frees ""*retbuf"".
samba-4.20.0rc2/source3/registry/reg_perfcount.c:313: double_free: Calling ""_reg_perfcount_multi_sz_from_tdb"" frees pointer ""*retbuf"" which has already been freed.
  311|    for(i = 1; i <= base_index; i++)
  312|    {
  313|->  buffer_size = _reg_perfcount_multi_sz_from_tdb(names, i*2, retbuf, buffer_size);
  314|    }
  315|    tdb_close(names);"

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Signed-off-by: Martin Schwenke <mschwenke@ddn.com>
source3/registry/reg_perfcount.c patch | blob | blame | history

diff --git a/source3/registry/reg_perfcount.c b/source3/registry/reg_perfcount.c
index 58dc508aed5a2c5cb877cfbc70f8cbaacb1cd587..6c8d7e83ede79a4791ff7dc0bd95b883ec9968c8 100644 (file)
--- a/source3/registry/reg_perfcount.c
+++ b/source3/registry/reg_perfcount.c
@@ -173,6 +173,9 @@ static uint32_t _reg_perfcount_multi_sz_from_tdb(TDB_CONTEXT *tdb,
        DATA_BLOB name_index, name;
        bool ok;
 
+       /* Set to NULL, to avoid possible double frees on error. */
+       *retbuf = NULL;
+
        snprintf(temp, sizeof(temp), "%d", keyval);
        kbuf = string_tdb_data(temp);
        dbuf = tdb_fetch(tdb, kbuf);
Mirror of https://github.com/samba-team/samba.git