summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAndrew Tridgell <tridge@samba.org>2009-09-12 15:21:33 +1000
committerAndrew Tridgell <tridge@samba.org>2009-09-12 15:21:33 +1000
commit5c33042498763ce814c0539e0a96f73a06a76dfd (patch)
tree84ef084109154d12f9d804aea1a33f8be8e671e7
parenta8ab1e2570ac2a2e772295cd0cc46b7e60398043 (diff)
downloadsamba-5c33042498763ce814c0539e0a96f73a06a76dfd.tar.gz
samba-5c33042498763ce814c0539e0a96f73a06a76dfd.tar.bz2
samba-5c33042498763ce814c0539e0a96f73a06a76dfd.zip
s4-ndr: fixed memory leaks in ndr_pull_*_blob()
We needed to free the ndr structures, both on error and normal return
-rw-r--r--librpc/ndr/libndr.h10
-rw-r--r--librpc/ndr/ndr.c25
2 files changed, 26 insertions, 9 deletions
diff --git a/librpc/ndr/libndr.h b/librpc/ndr/libndr.h
index 7b981f9171..d01b68ef51 100644
--- a/librpc/ndr/libndr.h
+++ b/librpc/ndr/libndr.h
@@ -254,6 +254,16 @@ enum ndr_compression_alg {
} \
} while (0)
+/* if the call fails then free the ndr pointer */
+#define NDR_CHECK_FREE(call) do { \
+ enum ndr_err_code _status; \
+ _status = call; \
+ if (!NDR_ERR_CODE_IS_SUCCESS(_status)) { \
+ talloc_free(ndr); \
+ return _status; \
+ } \
+} while (0)
+
#define NDR_PULL_GET_MEM_CTX(ndr) (ndr->current_mem_ctx)
#define NDR_PULL_SET_MEM_CTX(ndr, mem_ctx, flgs) do {\
diff --git a/librpc/ndr/ndr.c b/librpc/ndr/ndr.c
index 837690b484..2b3493b2e3 100644
--- a/librpc/ndr/ndr.c
+++ b/librpc/ndr/ndr.c
@@ -846,7 +846,8 @@ _PUBLIC_ enum ndr_err_code ndr_pull_struct_blob(const DATA_BLOB *blob, TALLOC_CT
struct ndr_pull *ndr;
ndr = ndr_pull_init_blob(blob, mem_ctx, iconv_convenience);
NDR_ERR_HAVE_NO_MEMORY(ndr);
- NDR_CHECK(fn(ndr, NDR_SCALARS|NDR_BUFFERS, p));
+ NDR_CHECK_FREE(fn(ndr, NDR_SCALARS|NDR_BUFFERS, p));
+ talloc_free(ndr);
return NDR_ERR_SUCCESS;
}
@@ -860,12 +861,13 @@ _PUBLIC_ enum ndr_err_code ndr_pull_struct_blob_all(const DATA_BLOB *blob, TALLO
struct ndr_pull *ndr;
ndr = ndr_pull_init_blob(blob, mem_ctx, iconv_convenience);
NDR_ERR_HAVE_NO_MEMORY(ndr);
- NDR_CHECK(fn(ndr, NDR_SCALARS|NDR_BUFFERS, p));
+ NDR_CHECK_FREE(fn(ndr, NDR_SCALARS|NDR_BUFFERS, p));
if (ndr->offset < ndr->data_size) {
return ndr_pull_error(ndr, NDR_ERR_UNREAD_BYTES,
"not all bytes consumed ofs[%u] size[%u]",
ndr->offset, ndr->data_size);
}
+ talloc_free(ndr);
return NDR_ERR_SUCCESS;
}
@@ -879,8 +881,9 @@ _PUBLIC_ enum ndr_err_code ndr_pull_union_blob(const DATA_BLOB *blob, TALLOC_CTX
struct ndr_pull *ndr;
ndr = ndr_pull_init_blob(blob, mem_ctx, iconv_convenience);
NDR_ERR_HAVE_NO_MEMORY(ndr);
- NDR_CHECK(ndr_pull_set_switch_value(ndr, p, level));
- NDR_CHECK(fn(ndr, NDR_SCALARS|NDR_BUFFERS, p));
+ NDR_CHECK_FREE(ndr_pull_set_switch_value(ndr, p, level));
+ NDR_CHECK_FREE(fn(ndr, NDR_SCALARS|NDR_BUFFERS, p));
+ talloc_free(ndr);
return NDR_ERR_SUCCESS;
}
@@ -895,13 +898,17 @@ _PUBLIC_ enum ndr_err_code ndr_pull_union_blob_all(const DATA_BLOB *blob, TALLOC
struct ndr_pull *ndr;
ndr = ndr_pull_init_blob(blob, mem_ctx, iconv_convenience);
NDR_ERR_HAVE_NO_MEMORY(ndr);
- NDR_CHECK(ndr_pull_set_switch_value(ndr, p, level));
- NDR_CHECK(fn(ndr, NDR_SCALARS|NDR_BUFFERS, p));
+ NDR_CHECK_FREE(ndr_pull_set_switch_value(ndr, p, level));
+ NDR_CHECK_FREE(fn(ndr, NDR_SCALARS|NDR_BUFFERS, p));
if (ndr->offset < ndr->data_size) {
- return ndr_pull_error(ndr, NDR_ERR_UNREAD_BYTES,
- "not all bytes consumed ofs[%u] size[%u]",
- ndr->offset, ndr->data_size);
+ enum ndr_err_code ret;
+ ret = ndr_pull_error(ndr, NDR_ERR_UNREAD_BYTES,
+ "not all bytes consumed ofs[%u] size[%u]",
+ ndr->offset, ndr->data_size);
+ talloc_free(ndr);
+ return ret;
}
+ talloc_free(ndr);
return NDR_ERR_SUCCESS;
}