summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJeremy Allison <jra@samba.org>2006-03-08 17:50:44 +0000
committerGerald (Jerry) Carter <jerry@samba.org>2007-10-10 11:11:07 -0500
commit8d1dd8bb96ea6caec651397400a2cce8f37570e3 (patch)
tree1ec7177c4e92c27532baaf48b0748615c60a48e1
parent29c8cef22d48cdc95f121d6e3eea66d471a1e4fb (diff)
downloadsamba-8d1dd8bb96ea6caec651397400a2cce8f37570e3.tar.gz
samba-8d1dd8bb96ea6caec651397400a2cce8f37570e3.tar.bz2
samba-8d1dd8bb96ea6caec651397400a2cce8f37570e3.zip
r14043: After discussion with Jerry revert part of the
Coverity null-ref patch - put prs_rpcbuffer_p back to the way it was (with an additional coverity paranoia check) - move the real test into rpcbuf_alloc_size instead. Jeremy. (This used to be commit f74993e65c01bc0ef73d3e8710bb2f840910161a)
Diffstat
-rw-r--r--source3/rpc_parse/parse_buffer.c41
1 files changed, 15 insertions, 26 deletions
diff --git a/source3/rpc_parse/parse_buffer.c b/source3/rpc_parse/parse_buffer.c
index 52117dc44b..21dddfa3cf 100644
--- a/source3/rpc_parse/parse_buffer.c
+++ b/source3/rpc_parse/parse_buffer.c
@@ -108,37 +108,22 @@ BOOL prs_rpcbuffer_p(const char *desc, prs_struct *ps, int depth, RPC_BUFFER **b
data_p = *buffer ? 0xf000baaa : 0;
- if ( !prs_uint32("ptr", ps, depth, &data_p )) {
+ if ( !prs_uint32("ptr", ps, depth, &data_p ))
return False;
- }
-
- /* We must always return a valid buffer pointer even if the
- client didn't send one - just leave it initialized to null. */
- if ( UNMARSHALLING(ps) ) {
- if ( !(*buffer = PRS_ALLOC_MEM(ps, RPC_BUFFER, 1)) ) {
- return False;
- }
- }
/* we're done if there is no data */
- if (!data_p) {
- if (UNMARSHALLING(ps)) {
- RPC_BUFFER *pbuffer = *buffer;
- /* On unmarshalling we must return a valid,
- but zero size value RPC_BUFFER. */
- pbuffer->size = 0;
- pbuffer->string_at_end = 0;
- if (!prs_init(&pbuffer->prs, 0, prs_get_mem_context(ps), UNMARSHALL)) {
- return False;
- }
- }
+ if ( !data_p )
return True;
- }
- /* Coverity paranoia. Buffer must be valid. */
- if (!*buffer) {
- return False;
+ if ( UNMARSHALLING(ps) ) {
+ if ( !(*buffer = PRS_ALLOC_MEM(ps, RPC_BUFFER, 1)) )
+ return False;
+ } else {
+ /* Marshalling case. - coverity paranoia - should already be ok if data_p != 0 */
+ if (!*buffer) {
+ return True;
+ }
}
return prs_rpcbuffer( desc, ps, depth, *buffer);
@@ -158,7 +143,11 @@ BOOL rpcbuf_alloc_size(RPC_BUFFER *buffer, uint32 buffer_size)
if ( buffer_size == 0x0 )
return True;
-
+
+ if (!buffer) {
+ return False;
+ }
+
ps= &buffer->prs;
/* damn, I'm doing the reverse operation of prs_grow() :) */
generated by cgit (git 2.34.1) at 2024-08-02 16:18:19 +0000