diff options
| author | Jeremy Allison <jra@samba.org> | 2006-06-15 21:03:40 +0000 |
|---|---|---|
| committer | Gerald (Jerry) Carter <jerry@samba.org> | 2007-10-10 11:17:28 -0500 |
| commit | 835bfbb8ac6a6239299a22a9e79643674a0a75e2 (patch) | |
| tree | 084127a37fc92a118cd1a06e6188139fa804edec | |
| parent | e942ca4e0a2a28ad5132abb2bf165f064d792c44 (diff) | |
| download | samba-835bfbb8ac6a6239299a22a9e79643674a0a75e2.tar.gz samba-835bfbb8ac6a6239299a22a9e79643674a0a75e2.tar.bz2 samba-835bfbb8ac6a6239299a22a9e79643674a0a75e2.zip | |
r16267: Fix Klocwork #401, #402 - ensure format specifier
limited. Fix memleak in printing gencache contents.
Jeremy.
(This used to be commit 81731e1f68cdf4af80733338238aeae0a7d108c0)
| -rw-r--r-- | source3/lib/gencache.c | 74 | ||||
| -rw-r--r-- | source3/utils/net_cache.c | 9 |
2 files changed, 67 insertions, 16 deletions
diff --git a/source3/lib/gencache.c b/source3/lib/gencache.c index 6725ed4c12..defc7ca206 100644 --- a/source3/lib/gencache.c +++ b/source3/lib/gencache.c @@ -28,6 +28,7 @@ #define TIMEOUT_LEN 12 #define CACHE_DATA_FMT "%12u/%s" +#define READ_CACHE_DATA_FMT_TEMPLATE "%%12u/%%%us" static TDB_CONTEXT *cache; @@ -242,8 +243,9 @@ BOOL gencache_get(const char *keystr, char **valstr, time_t *timeout) /* fail completely if get null pointers passed */ SMB_ASSERT(keystr); - if (!gencache_init()) + if (!gencache_init()) { return False; + } keybuf.dptr = SMB_STRDUP(keystr); keybuf.dsize = strlen(keystr)+1; @@ -256,13 +258,26 @@ BOOL gencache_get(const char *keystr, char **valstr, time_t *timeout) time_t t; unsigned u; int status; + char *fmt; + + v = SMB_MALLOC(databuf.dsize + 1 - TIMEOUT_LEN); + if (!v) { + return False; + } - v = SMB_MALLOC(databuf.dsize - TIMEOUT_LEN); - SAFE_FREE(databuf.dptr); - status = sscanf(entry_buf, CACHE_DATA_FMT, &u, v); + + asprintf(&fmt, READ_CACHE_DATA_FMT_TEMPLATE, (unsigned int)databuf.dsize - TIMEOUT_LEN); + if (!fmt) { + SAFE_FREE(v); + return False; + } + + status = sscanf(entry_buf, fmt, &u, v); + SAFE_FREE(fmt); + if ( status != 2 ) { - DEBUG(0, ("gencache_get: Invalid return %d from sscanf\n", status )); + DEBUG(0, ("gencache_get: Invalid return %d from sscanf\n", status )); } t = u; SAFE_FREE(entry_buf); @@ -271,13 +286,15 @@ BOOL gencache_get(const char *keystr, char **valstr, time_t *timeout) "timeout = %s", t > time(NULL) ? "valid" : "expired", keystr, v, ctime(&t))); - if (valstr) + if (valstr) { *valstr = v; - else + } else { SAFE_FREE(v); + } - if (timeout) + if (timeout) { *timeout = t; + } return t > time(NULL); @@ -285,17 +302,17 @@ BOOL gencache_get(const char *keystr, char **valstr, time_t *timeout) SAFE_FREE(databuf.dptr); - if (valstr) + if (valstr) { *valstr = NULL; - if (timeout) + } + if (timeout) { timeout = NULL; + } DEBUG(10, ("Cache entry with key = %s couldn't be found\n", keystr)); - return False; } - /** * Iterate through all entries which key matches to specified pattern * @@ -327,8 +344,13 @@ void gencache_iterate(void (*fn)(const char* key, const char *value, time_t time first_node = node; while (node) { + char *fmt; + /* ensure null termination of the key string */ keystr = SMB_STRNDUP(node->node_key.dptr, node->node_key.dsize); + if (!keystr) { + return; + } /* * We don't use gencache_get function, because we need to iterate through @@ -342,11 +364,33 @@ void gencache_iterate(void (*fn)(const char* key, const char *value, time_t time continue; } entry = SMB_STRNDUP(databuf.dptr, databuf.dsize); + if (!entry) { + SAFE_FREE(databuf.dptr); + SAFE_FREE(keystr); + return; + } + SAFE_FREE(databuf.dptr); - valstr = SMB_MALLOC(databuf.dsize - TIMEOUT_LEN); - status = sscanf(entry, CACHE_DATA_FMT, &u, valstr); + + valstr = SMB_MALLOC(databuf.dsize + 1 - TIMEOUT_LEN); + if (!valstr) { + SAFE_FREE(entry); + SAFE_FREE(keystr); + return; + } + + asprintf(&fmt, READ_CACHE_DATA_FMT_TEMPLATE, (unsigned int)databuf.dsize - TIMEOUT_LEN); + if (!fmt) { + SAFE_FREE(valstr); + SAFE_FREE(entry); + SAFE_FREE(keystr); + return; + } + status = sscanf(entry, fmt, &u, valstr); + SAFE_FREE(fmt); + if ( status != 2 ) { - DEBUG(0,("gencache_iterate: invalid return from sscanf %d\n",status)); + DEBUG(0,("gencache_iterate: invalid return from sscanf %d\n",status)); } timeout = u; diff --git a/source3/utils/net_cache.c b/source3/utils/net_cache.c index 69b3327f7a..b90befcca2 100644 --- a/source3/utils/net_cache.c +++ b/source3/utils/net_cache.c @@ -38,6 +38,7 @@ static void print_cache_entry(const char* keystr, const char* datastr, const time_t timeout, void* dptr) { char *timeout_str; + char *alloc_str = NULL; time_t now_t = time(NULL); struct tm timeout_tm, *now_tm; /* localtime returns statically allocated pointer, so timeout_tm @@ -64,12 +65,18 @@ static void print_cache_entry(const char* keystr, const char* datastr, } timeout_str[strlen(timeout_str) - 1] = '\0'; /* remove tailing CR */ } else { - asprintf(&timeout_str, "%.2d:%.2d:%.2d", timeout_tm.tm_hour, + asprintf(&alloc_str, "%.2d:%.2d:%.2d", timeout_tm.tm_hour, timeout_tm.tm_min, timeout_tm.tm_sec); + if (!alloc_str) { + return; + } + timeout_str = alloc_str; } d_printf("Key: %s\t Timeout: %s\t Value: %s %s\n", keystr, timeout_str, datastr, timeout > now_t ? "": "(expired)"); + + SAFE_FREE(alloc_str); } static void delete_cache_entry(const char* keystr, const char* datastr, |