summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDavid Disseldorp <ddiss@suse.de>2012-01-03 10:14:23 +0100
committerGünther Deschner <gd@samba.org>2012-01-04 16:54:37 +0100
commitbd5fe0a3333e5db49e74c982bcfef9737b65cc78 (patch)
treef602fd74c0c36b7a2dfe077b8c96ff9d8e0f0650
parenta96a9534ab688626232240fcb689c82d8f4c1902 (diff)
downloadsamba-bd5fe0a3333e5db49e74c982bcfef9737b65cc78.tar.gz
samba-bd5fe0a3333e5db49e74c982bcfef9737b65cc78.tar.bz2
samba-bd5fe0a3333e5db49e74c982bcfef9737b65cc78.zip
s3-perfcount: fix incorrect array length calculations
As reported by Ismail Doenmez (idonmez@suse.com), sizeof() is incorrectly used by _reg_perfcount_init_data_block() in an attempt to determine the length of a talloced array. Signed-off-by: Günther Deschner <gd@samba.org> Autobuild-User: Günther Deschner <gd@samba.org> Autobuild-Date: Wed Jan 4 16:54:37 CET 2012 on sn-devel-104
-rw-r--r--source3/registry/reg_perfcount.c26
1 files changed, 17 insertions, 9 deletions
diff --git a/source3/registry/reg_perfcount.c b/source3/registry/reg_perfcount.c
index 64e3cbee0f..3203e092e3 100644
--- a/source3/registry/reg_perfcount.c
+++ b/source3/registry/reg_perfcount.c
@@ -919,13 +919,13 @@ static bool _reg_perfcount_init_data_block(struct PERF_DATA_BLOCK *block,
bool bigendian_data)
{
smb_ucs2_t *temp = NULL;
+ TALLOC_CTX *tmp_ctx = talloc_new(mem_ctx);
time_t tm;
+ size_t sz;
- if (rpcstr_push_talloc(mem_ctx, &temp, "PERF")==(size_t)-1) {
- return false;
- }
- if (!temp) {
- return false;
+ sz = rpcstr_push_talloc(tmp_ctx, &temp, "PERF");
+ if ((sz == -1) || (temp == NULL)) {
+ goto err_out;
}
memcpy(block->Signature, temp, strlen_w(temp) *2);
@@ -942,12 +942,15 @@ static bool _reg_perfcount_init_data_block(struct PERF_DATA_BLOCK *block,
tm = time(NULL);
make_systemtime(&(block->SystemTime), gmtime(&tm));
_reg_perfcount_init_data_block_perf(block, names);
- memset(temp, 0, sizeof(temp));
- rpcstr_push((void *)temp, lp_netbios_name(), sizeof(temp), STR_TERMINATE);
+
+ sz = rpcstr_push_talloc(tmp_ctx, &temp, lp_netbios_name());
+ if ((sz == -1) || (temp == NULL)) {
+ goto err_out;
+ }
block->SystemNameLength = (strlen_w(temp) * 2) + 2;
block->data = talloc_zero_array(mem_ctx, uint8, block->SystemNameLength + (8 - (block->SystemNameLength % 8)));
if (block->data == NULL) {
- return False;
+ goto err_out;
}
memcpy(block->data, temp, block->SystemNameLength);
block->SystemNameOffset = sizeof(struct PERF_DATA_BLOCK) - sizeof(block->objects) - sizeof(block->data);
@@ -955,8 +958,13 @@ static bool _reg_perfcount_init_data_block(struct PERF_DATA_BLOCK *block,
/* Make sure to adjust for 64-bit alignment for when we finish writing the system name,
so that the PERF_OBJECT_TYPE struct comes out 64-bit aligned */
block->HeaderLength += 8 - (block->HeaderLength % 8);
+ talloc_free(tmp_ctx);
- return True;
+ return true;
+
+err_out:
+ talloc_free(tmp_ctx);
+ return false;
}
/*********************************************************************