summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJeremy Allison <jra@samba.org>2006-06-15 21:03:40 +0000
committerGerald (Jerry) Carter <jerry@samba.org>2007-10-10 11:17:28 -0500
commit835bfbb8ac6a6239299a22a9e79643674a0a75e2 (patch)
tree084127a37fc92a118cd1a06e6188139fa804edec
parente942ca4e0a2a28ad5132abb2bf165f064d792c44 (diff)
downloadsamba-835bfbb8ac6a6239299a22a9e79643674a0a75e2.tar.gz
samba-835bfbb8ac6a6239299a22a9e79643674a0a75e2.tar.bz2
samba-835bfbb8ac6a6239299a22a9e79643674a0a75e2.zip
r16267: Fix Klocwork #401, #402 - ensure format specifier
limited. Fix memleak in printing gencache contents. Jeremy. (This used to be commit 81731e1f68cdf4af80733338238aeae0a7d108c0)
-rw-r--r--source3/lib/gencache.c74
-rw-r--r--source3/utils/net_cache.c9
2 files changed, 67 insertions, 16 deletions
diff --git a/source3/lib/gencache.c b/source3/lib/gencache.c
index 6725ed4c12..defc7ca206 100644
--- a/source3/lib/gencache.c
+++ b/source3/lib/gencache.c
@@ -28,6 +28,7 @@
#define TIMEOUT_LEN 12
#define CACHE_DATA_FMT "%12u/%s"
+#define READ_CACHE_DATA_FMT_TEMPLATE "%%12u/%%%us"
static TDB_CONTEXT *cache;
@@ -242,8 +243,9 @@ BOOL gencache_get(const char *keystr, char **valstr, time_t *timeout)
/* fail completely if get null pointers passed */
SMB_ASSERT(keystr);
- if (!gencache_init())
+ if (!gencache_init()) {
return False;
+ }
keybuf.dptr = SMB_STRDUP(keystr);
keybuf.dsize = strlen(keystr)+1;
@@ -256,13 +258,26 @@ BOOL gencache_get(const char *keystr, char **valstr, time_t *timeout)
time_t t;
unsigned u;
int status;
+ char *fmt;
+
+ v = SMB_MALLOC(databuf.dsize + 1 - TIMEOUT_LEN);
+ if (!v) {
+ return False;
+ }
- v = SMB_MALLOC(databuf.dsize - TIMEOUT_LEN);
-
SAFE_FREE(databuf.dptr);
- status = sscanf(entry_buf, CACHE_DATA_FMT, &u, v);
+
+ asprintf(&fmt, READ_CACHE_DATA_FMT_TEMPLATE, (unsigned int)databuf.dsize - TIMEOUT_LEN);
+ if (!fmt) {
+ SAFE_FREE(v);
+ return False;
+ }
+
+ status = sscanf(entry_buf, fmt, &u, v);
+ SAFE_FREE(fmt);
+
if ( status != 2 ) {
- DEBUG(0, ("gencache_get: Invalid return %d from sscanf\n", status ));
+ DEBUG(0, ("gencache_get: Invalid return %d from sscanf\n", status ));
}
t = u;
SAFE_FREE(entry_buf);
@@ -271,13 +286,15 @@ BOOL gencache_get(const char *keystr, char **valstr, time_t *timeout)
"timeout = %s", t > time(NULL) ? "valid" :
"expired", keystr, v, ctime(&t)));
- if (valstr)
+ if (valstr) {
*valstr = v;
- else
+ } else {
SAFE_FREE(v);
+ }
- if (timeout)
+ if (timeout) {
*timeout = t;
+ }
return t > time(NULL);
@@ -285,17 +302,17 @@ BOOL gencache_get(const char *keystr, char **valstr, time_t *timeout)
SAFE_FREE(databuf.dptr);
- if (valstr)
+ if (valstr) {
*valstr = NULL;
- if (timeout)
+ }
+ if (timeout) {
timeout = NULL;
+ }
DEBUG(10, ("Cache entry with key = %s couldn't be found\n", keystr));
-
return False;
}
-
/**
* Iterate through all entries which key matches to specified pattern
*
@@ -327,8 +344,13 @@ void gencache_iterate(void (*fn)(const char* key, const char *value, time_t time
first_node = node;
while (node) {
+ char *fmt;
+
/* ensure null termination of the key string */
keystr = SMB_STRNDUP(node->node_key.dptr, node->node_key.dsize);
+ if (!keystr) {
+ return;
+ }
/*
* We don't use gencache_get function, because we need to iterate through
@@ -342,11 +364,33 @@ void gencache_iterate(void (*fn)(const char* key, const char *value, time_t time
continue;
}
entry = SMB_STRNDUP(databuf.dptr, databuf.dsize);
+ if (!entry) {
+ SAFE_FREE(databuf.dptr);
+ SAFE_FREE(keystr);
+ return;
+ }
+
SAFE_FREE(databuf.dptr);
- valstr = SMB_MALLOC(databuf.dsize - TIMEOUT_LEN);
- status = sscanf(entry, CACHE_DATA_FMT, &u, valstr);
+
+ valstr = SMB_MALLOC(databuf.dsize + 1 - TIMEOUT_LEN);
+ if (!valstr) {
+ SAFE_FREE(entry);
+ SAFE_FREE(keystr);
+ return;
+ }
+
+ asprintf(&fmt, READ_CACHE_DATA_FMT_TEMPLATE, (unsigned int)databuf.dsize - TIMEOUT_LEN);
+ if (!fmt) {
+ SAFE_FREE(valstr);
+ SAFE_FREE(entry);
+ SAFE_FREE(keystr);
+ return;
+ }
+ status = sscanf(entry, fmt, &u, valstr);
+ SAFE_FREE(fmt);
+
if ( status != 2 ) {
- DEBUG(0,("gencache_iterate: invalid return from sscanf %d\n",status));
+ DEBUG(0,("gencache_iterate: invalid return from sscanf %d\n",status));
}
timeout = u;
diff --git a/source3/utils/net_cache.c b/source3/utils/net_cache.c
index 69b3327f7a..b90befcca2 100644
--- a/source3/utils/net_cache.c
+++ b/source3/utils/net_cache.c
@@ -38,6 +38,7 @@ static void print_cache_entry(const char* keystr, const char* datastr,
const time_t timeout, void* dptr)
{
char *timeout_str;
+ char *alloc_str = NULL;
time_t now_t = time(NULL);
struct tm timeout_tm, *now_tm;
/* localtime returns statically allocated pointer, so timeout_tm
@@ -64,12 +65,18 @@ static void print_cache_entry(const char* keystr, const char* datastr,
}
timeout_str[strlen(timeout_str) - 1] = '\0'; /* remove tailing CR */
} else {
- asprintf(&timeout_str, "%.2d:%.2d:%.2d", timeout_tm.tm_hour,
+ asprintf(&alloc_str, "%.2d:%.2d:%.2d", timeout_tm.tm_hour,
timeout_tm.tm_min, timeout_tm.tm_sec);
+ if (!alloc_str) {
+ return;
+ }
+ timeout_str = alloc_str;
}
d_printf("Key: %s\t Timeout: %s\t Value: %s %s\n", keystr,
timeout_str, datastr, timeout > now_t ? "": "(expired)");
+
+ SAFE_FREE(alloc_str);
}
static void delete_cache_entry(const char* keystr, const char* datastr,