CVE-2020-14383: s4/dns: Ensure variable initialization with NULL.

Based on patches from Francis Brosnan Blázquez <francis@aspl.es> and Jeremy Allison <jra@samba.org> BUG: https://bugzilla.samba.org/show_bug.cgi?id=14472 BUG: https://bugzilla.samba.org/show_bug.cgi?id=12795 Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Jeremy Allison <jra@samba.org> (based on commit 7afe449e7201be92bed8e53cbb37b74af720ef4e)
author: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> 2020-08-21 17:10:22 +1200
committer: Karolin Seeger <kseeger@samba.org> 2020-10-26 15:00:49 +0100
commit: 2632e8ebae826a7305fe7d3948ee28b77d2ffbc0 (patch)
tree: f9bb1f1dce24905827fb80756596b773b4f4f155
parent: 6093b2d815a00a577036fa001b47d7fc5514ad2c (diff)
download: samba-2632e8ebae826a7305fe7d3948ee28b77d2ffbc0.tar.gz
1 files changed, 13 insertions, 11 deletions
diff --git a/source4/rpc_server/dnsserver/dcerpc_dnsserver.c b/source4/rpc_server/dnsserver/dcerpc_dnsserver.c
index b6389f2328a..ec610168266 100644
--- a/source4/rpc_server/dnsserver/dcerpc_dnsserver.c
+++ b/source4/rpc_server/dnsserver/dcerpc_dnsserver.c
@@ -1759,15 +1759,17 @@ static WERROR dnsserver_enumerate_records(struct dnsserver_state *dsstate,
 	TALLOC_CTX *tmp_ctx;
 	char *name;
 	const char * const attrs[] = { "name", "dnsRecord", NULL };
-	struct ldb_result *res;
-	struct DNS_RPC_RECORDS_ARRAY *recs;
+	struct ldb_result *res = NULL;
+	struct DNS_RPC_RECORDS_ARRAY *recs = NULL;
 	char **add_names = NULL;
-	char *rname;
+	char *rname = NULL;
 	const char *preference_name = NULL;
 	int add_count = 0;
 	int i, ret, len;
 	WERROR status;
-	struct dns_tree *tree, *base, *node;
+	struct dns_tree *tree = NULL;
+	struct dns_tree *base = NULL;
+	struct dns_tree *node = NULL;
 
 	tmp_ctx = talloc_new(mem_ctx);
 	W_ERROR_HAVE_NO_MEMORY(tmp_ctx);
@@ -1850,9 +1852,9 @@ static WERROR dnsserver_enumerate_records(struct dnsserver_state *dsstate,
 		}
 	}
 
-	talloc_free(res);
-	talloc_free(tree);
-	talloc_free(name);
+	TALLOC_FREE(res);
+	TALLOC_FREE(tree);
+	TALLOC_FREE(name);
 
 	/* Add any additional records */
 	if (select_flag & DNS_RPC_VIEW_ADDITIONAL_DATA) {
@@ -1870,14 +1872,14 @@ static WERROR dnsserver_enumerate_records(struct dnsserver_state *dsstate,
 						LDB_SCOPE_ONELEVEL, attrs,
 						"(&(objectClass=dnsNode)(name=%s)(!(dNSTombstoned=TRUE)))",
 						encoded_name);
-				talloc_free(name);
+				TALLOC_FREE(name);
 				if (ret != LDB_SUCCESS) {
 					continue;
 				}
 				if (res->count == 1) {
 					break;
 				} else {
-					talloc_free(res);
+					TALLOC_FREE(res);
 					continue;
 				}
 			}
@@ -1892,8 +1894,8 @@ static WERROR dnsserver_enumerate_records(struct dnsserver_state *dsstate,
 							select_flag, rname,
 							res->msgs[0], 0, recs,
 							NULL, NULL);
-			talloc_free(rname);
-			talloc_free(res);
+			TALLOC_FREE(rname);
+			TALLOC_FREE(res);
 			if (!W_ERROR_IS_OK(status)) {
 				talloc_free(tmp_ctx);
 				return status;
author	Douglas Bagnall <douglas.bagnall@catalyst.net.nz>	2020-08-21 17:10:22 +1200
committer	Karolin Seeger <kseeger@samba.org>	2020-10-26 15:00:49 +0100
commit	2632e8ebae826a7305fe7d3948ee28b77d2ffbc0 (patch)
tree	f9bb1f1dce24905827fb80756596b773b4f4f155
parent	6093b2d815a00a577036fa001b47d7fc5514ad2c (diff)
download	samba-2632e8ebae826a7305fe7d3948ee28b77d2ffbc0.tar.gz