samba.git/source3/registry, branch master Unnamed repository; edit this file 'description' to name the repository. s3: talloc_destroy() -> TALLOC_FREE() 2025-11-10T13:29:30+00:00 Volker Lendecke vl@samba.org 2025-10-17T12:39:18+00:00 38b76366888ab366c6ea13382f93b443cbee1e8e Sweeping change, I know. Should not change compiled code in most cases, the compiler should be smart enough to elide the assignment right before a return. In the cases where this is not right before the return, TALLOC_FREE() is safer as it makes use-after-free crash. Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Anoop C S <anoopcs@samba.org> 
Sweeping change, I know. Should not change compiled code in most
cases, the compiler should be smart enough to elide the assignment
right before a return. In the cases where this is not right before the
return, TALLOC_FREE() is safer as it makes use-after-free crash.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Anoop C S <anoopcs@samba.org>
rpc registry: add ProductType for AD DC 2025-07-01T09:17:08+00:00 Michael Saxl mike@mwsys.mine.bz 2025-05-28T14:49:13+00:00 d0be58d4c2191209da4fc313618ecf5478ff1f16 HKLM\SYSTEM\CurrentControlSet\Control\ProductOptions contains a key ProductType The value of that key should be LanmanNT on a domain controller (of any type). The switch had no case for ROLE_ACTIVE_DIRECTORY_DC BUG: https://bugzilla.samba.org/show_bug.cgi?id=15863 Signed-off-by: Michael Saxl <mike@mwsys.mine.bz> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andreas Schneider <asn@samba.org> Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org> Autobuild-Date(master): Tue Jul 1 09:17:08 UTC 2025 on atb-devel-224 
HKLM\SYSTEM\CurrentControlSet\Control\ProductOptions contains a key
ProductType

The value of that key should be LanmanNT on a domain controller (of any
type).
The switch had no case for ROLE_ACTIVE_DIRECTORY_DC

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15863
Signed-off-by: Michael Saxl <mike@mwsys.mine.bz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>

Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Tue Jul  1 09:17:08 UTC 2025 on atb-devel-224
lib: Save lines by avoiding explicit ZERO_STRUCTP calls 2025-05-15T14:03:34+00:00 Volker Lendecke vl@samba.org 2025-04-04T10:24:59+00:00 0a0abbf2939bac2ffcf340aab35b9b1b98bcac96 SMB_CALLOC_ARRAY(..., 1) does this. Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> 
SMB_CALLOC_ARRAY(..., 1) does this.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
lib: Add a few explicit includes 2024-08-27T07:19:32+00:00 Volker Lendecke vl@samba.org 2024-08-22T16:25:06+00:00 56ec6fe5ed02fb37ea80216d468746d6c77edb7a Required to trim down includes from gen_ndr/*security* Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jennifer Sutton <jsutton@samba.org> 
Required to trim down includes from gen_ndr/*security*

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jennifer Sutton <jsutton@samba.org>
s3:registry: Use correct integer sizes 2024-07-08T07:36:32+00:00 Andreas Schneider asn@samba.org 2024-06-26T12:32:41+00:00 8abda0a134168c63f70877f120fc0b02bf557a02 Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Volker Lendecke <vl@samba.org> 
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
 s3:registry: Check for integer overflow 2024-07-08T07:36:32+00:00 Andreas Schneider asn@samba.org 2024-06-26T12:31:48+00:00 6cadb1d695ef1d45d2b64c8ad95cc442658f0991 "Error: INTEGER_OVERFLOW (CWE-190): samba-4.20.0rc2/source3/registry/regfio.c:175: tainted_data_argument: The check ""bytes_read < block_size"" contains the tainted expression ""bytes_read"" which causes ""block_size"" to be considered tainted. samba-4.20.0rc2/source3/registry/regfio.c:176: overflow: The expression ""block_size - bytes_read"" is deemed overflowed because at least one of its arguments has overflowed. samba-4.20.0rc2/source3/registry/regfio.c:176: overflow_sink: ""block_size - bytes_read"", which might have underflowed, is passed to ""read(file->fd, buffer + bytes_read, block_size - bytes_read)"". [Note: The source code implementation of the function has been overridden by a builtin model.] 174| 175| while ( bytes_read < block_size ) { 176|-> if ( (returned = read( file->fd, buffer+bytes_read, block_size-bytes_read )) == -1 ) { 177| DEBUG(0,(""read_block: read() failed (%s)\n"", strerror(errno) )); 178| return False;" Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Volker Lendecke <vl@samba.org> 
"Error: INTEGER_OVERFLOW (CWE-190):
samba-4.20.0rc2/source3/registry/regfio.c:175: tainted_data_argument: The check ""bytes_read < block_size"" contains the tainted expression ""bytes_read"" which causes ""block_size"" to be considered tainted.
samba-4.20.0rc2/source3/registry/regfio.c:176: overflow: The expression ""block_size - bytes_read"" is deemed overflowed because at least one of its arguments has overflowed.
samba-4.20.0rc2/source3/registry/regfio.c:176: overflow_sink: ""block_size - bytes_read"", which might have underflowed, is passed to ""read(file->fd, buffer + bytes_read, block_size - bytes_read)"". [Note: The source code implementation of the function has been overridden by a builtin model.]
  174|
  175|   	while ( bytes_read < block_size ) {
  176|-> 		if ( (returned = read( file->fd, buffer+bytes_read, block_size-bytes_read )) == -1 ) {
  177|   			DEBUG(0,(""read_block: read() failed (%s)\n"", strerror(errno) ));
  178|   			return False;"

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
 s3:registry: Initialize struct security_ace ace[] 2024-07-05T07:45:32+00:00 Pavel Filipenský pfilipensky@samba.org 2024-07-03T15:34:47+00:00 fd4afa309efc97b75d032ca8f59b16b08c51f1c8 Error: UNINIT (CWE-457): samba-4.20.0rc2/source3/registry/reg_dispatcher.c:43: var_decl: Declaring variable "ace" without initializer. samba-4.20.0rc2/source3/registry/reg_dispatcher.c:66: uninit_use_in_call: Using uninitialized value "*ace". Field "ace->object" is uninitialized when calling "make_sec_acl". 64| /* create the security descriptor */ 65| 66|-> theacl = make_sec_acl(ctx, NT4_ACL_REVISION, i, ace); 67| if (theacl == NULL) { 68| return WERR_NOT_ENOUGH_MEMORY; Signed-off-by: Pavel Filipenský <pfilipensky@samba.org> Reviewed-by: Volker Lendecke <vl@samba.org> 
Error: UNINIT (CWE-457):
samba-4.20.0rc2/source3/registry/reg_dispatcher.c:43: var_decl: Declaring variable "ace" without initializer.
samba-4.20.0rc2/source3/registry/reg_dispatcher.c:66: uninit_use_in_call: Using uninitialized value "*ace". Field "ace->object" is uninitialized when calling "make_sec_acl".
  64|           /* create the security descriptor */
  65|
  66|->         theacl = make_sec_acl(ctx, NT4_ACL_REVISION, i, ace);
  67|           if (theacl == NULL) {
  68|                   return WERR_NOT_ENOUGH_MEMORY;

Signed-off-by: Pavel Filipenský <pfilipensky@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
s3:registry: Add missing return value checks 2024-06-24T06:14:36+00:00 Andreas Schneider asn@samba.org 2024-06-19T09:47:41+00:00 b57bddacd765c48f3f427095ba4a474dbaf51c23 Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Signed-off-by: Martin Schwenke <mschwenke@ddn.com> 
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Signed-off-by: Martin Schwenke <mschwenke@ddn.com>
 s3:registry: Avoid possible double frees 2024-06-24T06:14:36+00:00 Andreas Schneider asn@samba.org 2024-06-19T09:46:15+00:00 8c4f807350d6815582019bb0c52358e7db43ea24 Found by Covscan. "Error: USE_AFTER_FREE (CWE-416): samba-4.20.0rc2/source3/registry/reg_perfcount.c:309: freed_arg: ""_reg_perfcount_multi_sz_from_tdb"" frees ""*retbuf"". samba-4.20.0rc2/source3/registry/reg_perfcount.c:313: double_free: Calling ""_reg_perfcount_multi_sz_from_tdb"" frees pointer ""*retbuf"" which has already been freed. 311| for(i = 1; i <= base_index; i++) 312| { 313|-> buffer_size = _reg_perfcount_multi_sz_from_tdb(names, i*2, retbuf, buffer_size); 314| } 315| tdb_close(names);" Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Signed-off-by: Martin Schwenke <mschwenke@ddn.com> 
Found by Covscan.

"Error: USE_AFTER_FREE (CWE-416):
samba-4.20.0rc2/source3/registry/reg_perfcount.c:309: freed_arg: ""_reg_perfcount_multi_sz_from_tdb"" frees ""*retbuf"".
samba-4.20.0rc2/source3/registry/reg_perfcount.c:313: double_free: Calling ""_reg_perfcount_multi_sz_from_tdb"" frees pointer ""*retbuf"" which has already been freed.
  311|   	for(i = 1; i <= base_index; i++)
  312|   	{
  313|-> 		buffer_size = _reg_perfcount_multi_sz_from_tdb(names, i*2, retbuf, buffer_size);
  314|   	}
  315|   	tdb_close(names);"

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Signed-off-by: Martin Schwenke <mschwenke@ddn.com>
 s3:registry: Remove trailing spaces in reg_perfcount.c 2024-06-24T06:14:36+00:00 Andreas Schneider asn@samba.org 2024-06-19T09:45:01+00:00 10b95ff436866e484755fc2c5189263394029a29 Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Signed-off-by: Martin Schwenke <mschwenke@ddn.com> 
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Signed-off-by: Martin Schwenke <mschwenke@ddn.com>