From d3d8dffc0212662456a6251baee5afd432160fa2 Mon Sep 17 00:00:00 2001 From: Douglas Bagnall Date: Thu, 27 Jun 2024 16:03:30 +1200 Subject: [PATCH] cmdline:burn: always return true if burnt Before we have been trying to cram three cases into a boolean return value: * cmdline had secrets, we burnt them -> true * cmdline had no secrets, all good -> false * cmdline has NULL string, WTF! emergency! -> false This return value is only used by Python which wants to know whether to go to the trouble of replacing the command line. If samba_cmdline_burn() returns false, no action is taken. If samba_cmdline_burn() burns a password and then hits a NULL, it would be better not to do nothing. It would be better to crash. And that is what Python will end up doing, by some talloc returning NULL triggering a MemoryError. What about the case like {"--foo", NULL, "-Ua%b"} where the secret comes after the NULL? That will still be ignored by Python, as it is by all C tools, but we are hoping that can't happen anyway. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15674 Signed-off-by: Douglas Bagnall Reviewed-by: Jo Sutton --- lib/cmdline/cmdline.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/lib/cmdline/cmdline.c b/lib/cmdline/cmdline.c index 331da775455..b595439f786 100644 --- a/lib/cmdline/cmdline.c +++ b/lib/cmdline/cmdline.c @@ -147,7 +147,7 @@ bool samba_cmdline_burn(int argc, char *argv[]) for (i = 0; i < argc; i++) { p = argv[i]; if (p == NULL) { - return false; + return burnt; } found = false; @@ -203,7 +203,7 @@ bool samba_cmdline_burn(int argc, char *argv[]) } p = argv[i]; if (p == NULL) { - return false; + return burnt; } ulen = 0; }