From: Douglas Bagnall Date: Thu, 27 Jun 2024 04:03:30 +0000 (+1200) Subject: cmdline:burn: always return true if burnt X-Git-Tag: samba-4.19.8~13 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=0285ea8c1ea3b4f80aab78187a2437b7aed4903c;p=thirdparty%2Fsamba.git cmdline:burn: always return true if burnt Before we have been trying to cram three cases into a boolean return value: * cmdline had secrets, we burnt them -> true * cmdline had no secrets, all good -> false * cmdline has NULL string, WTF! emergency! -> false This return value is only used by Python which wants to know whether to go to the trouble of replacing the command line. If samba_cmdline_burn() returns false, no action is taken. If samba_cmdline_burn() burns a password and then hits a NULL, it would be better not to do nothing. It would be better to crash. And that is what Python will end up doing, by some talloc returning NULL triggering a MemoryError. What about the case like {"--foo", NULL, "-Ua%b"} where the secret comes after the NULL? That will still be ignored by Python, as it is by all C tools, but we are hoping that can't happen anyway. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15674 Signed-off-by: Douglas Bagnall Reviewed-by: Jo Sutton (cherry picked from commit d3d8dffc0212662456a6251baee5afd432160fa2) --- diff --git a/lib/cmdline/cmdline.c b/lib/cmdline/cmdline.c index 48801be2606..fa3bfefeced 100644 --- a/lib/cmdline/cmdline.c +++ b/lib/cmdline/cmdline.c @@ -147,7 +147,7 @@ bool samba_cmdline_burn(int argc, char *argv[]) for (i = 0; i < argc; i++) { p = argv[i]; if (p == NULL) { - return false; + return burnt; } found = false; @@ -203,7 +203,7 @@ bool samba_cmdline_burn(int argc, char *argv[]) } p = argv[i]; if (p == NULL) { - return false; + return burnt; } ulen = 0; }