summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJeremy Allison <jra@samba.org>2006-03-29 23:13:27 +0000
committerGerald (Jerry) Carter <jerry@samba.org>2007-10-10 11:15:47 -0500
commitf6a1f717197afe8e69c4f5c7bd552540b9d35267 (patch)
treefe14b2f293911fc7b04e09a40d429ac4fda72f06
parent4d9ad700604b093cc53f47a9f6c01006888ea2da (diff)
downloadsamba-f6a1f717197afe8e69c4f5c7bd552540b9d35267.tar.gz
samba-f6a1f717197afe8e69c4f5c7bd552540b9d35267.tar.bz2
samba-f6a1f717197afe8e69c4f5c7bd552540b9d35267.zip
r14776: Fix coverity #263 - #267. No one was checking talloc
returns. Doh ! Jeremy. (This used to be commit 68097e0fbb8f232573a2f7eae3da3a0c9873fbc5)
-rw-r--r--source3/rpc_parse/parse_reg.c95
1 files changed, 88 insertions, 7 deletions
diff --git a/source3/rpc_parse/parse_reg.c b/source3/rpc_parse/parse_reg.c
index 295fead103..a226bbb1d7 100644
--- a/source3/rpc_parse/parse_reg.c
+++ b/source3/rpc_parse/parse_reg.c
@@ -54,6 +54,10 @@ void init_reg_q_open_hive( REG_Q_OPEN_HIVE *q_o, uint32 access_desired )
{
q_o->server = TALLOC_P( get_talloc_ctx(), uint16);
+ if (!q_o->server) {
+ smb_panic("init_reg_q_open_hive: talloc fail.\n");
+ return;
+ }
*q_o->server = 0x1;
q_o->access = access_desired;
@@ -221,6 +225,10 @@ void init_reg_q_create_key_ex(REG_Q_CREATE_KEY_EX *q_c, POLICY_HND *hnd,
q_c->access = access_desired;
q_c->sec_info = TALLOC_P( get_talloc_ctx(), uint32 );
+ if (!q_c->sec_info) {
+ smb_panic("init_reg_q_create_key_ex: talloc fail\n");
+ return;
+ }
*q_c->sec_info = DACL_SECURITY_INFORMATION | SACL_SECURITY_INFORMATION;
q_c->data = sec_buf;
@@ -228,6 +236,10 @@ void init_reg_q_create_key_ex(REG_Q_CREATE_KEY_EX *q_c, POLICY_HND *hnd,
init_buf_hdr(&q_c->hdr_sec, sec_buf->len, sec_buf->len);
q_c->ptr3 = 1;
q_c->disposition = TALLOC_P( get_talloc_ctx(), uint32 );
+ if (!q_c->disposition) {
+ smb_panic("init_reg_q_create_key_ex: talloc fail\n");
+ return;
+ }
}
/*******************************************************************
@@ -997,14 +1009,23 @@ BOOL init_reg_r_query_value(uint32 include_keyval, REG_R_QUERY_VALUE *r_u,
return False;
r_u->type = TALLOC_P( get_talloc_ctx(), uint32 );
+ if (!r_u->type) {
+ return False;
+ }
*r_u->type = val->type;
buf_len = reg_init_regval_buffer( &buf2, val );
r_u->buf_max_len = TALLOC_P( get_talloc_ctx(), uint32 );
+ if (!r_u->buf_max_len) {
+ return False;
+ }
*r_u->buf_max_len = buf_len;
r_u->buf_len = TALLOC_P( get_talloc_ctx(), uint32 );
+ if (!r_u->buf_len) {
+ return False;
+ }
*r_u->buf_len = buf_len;
/* if include_keyval is not set, don't send the key value, just
@@ -1012,6 +1033,9 @@ BOOL init_reg_r_query_value(uint32 include_keyval, REG_R_QUERY_VALUE *r_u,
if ( include_keyval ) {
r_u->value = TALLOC_P( get_talloc_ctx(), REGVAL_BUFFER );
+ if (!r_u->value) {
+ return False;
+ }
/* steal the memory */
*r_u->value = buf2;
}
@@ -1071,18 +1095,39 @@ void init_reg_q_enum_val(REG_Q_ENUM_VALUE *q_u, POLICY_HND *pol,
q_u->name.size = max_name_len*2;
q_u->name.string = TALLOC_ZERO_P( get_talloc_ctx(), UNISTR2 );
+ if (!q_u->name.string) {
+ smb_panic("init_reg_q_enum_val: talloc fail\n");
+ return;
+ }
q_u->name.string->uni_max_len = max_name_len;
q_u->type = TALLOC_P( get_talloc_ctx(), uint32 );
+ if (!q_u->type) {
+ smb_panic("init_reg_q_enum_val: talloc fail\n");
+ return;
+ }
*q_u->type = 0x0;
q_u->value = TALLOC_ZERO_P( get_talloc_ctx(), REGVAL_BUFFER );
+ if (!q_u->value) {
+ smb_panic("init_reg_q_enum_val: talloc fail\n");
+ return;
+ }
+
q_u->value->buf_max_len = max_buf_len;
- q_u->buffer_len = TALLOC_P( get_talloc_ctx(), uint32 );
+ q_u->buffer_len = TALLOC_P( get_talloc_ctx(), uint32 );
+ if (q_u->buffer_len) {
+ smb_panic("init_reg_q_enum_val: talloc fail\n");
+ return;
+ }
*q_u->buffer_len = max_buf_len;
- q_u->name_len = TALLOC_P( get_talloc_ctx(), uint32 );
+ q_u->name_len = TALLOC_P( get_talloc_ctx(), uint32 );
+ if (!q_u->name_len) {
+ smb_panic("init_reg_q_enum_val: talloc fail\n");
+ return;
+ }
*q_u->name_len = 0x0;
}
@@ -1105,18 +1150,34 @@ void init_reg_r_enum_val(REG_R_ENUM_VALUE *r_u, REGISTRY_VALUE *val )
/* type */
r_u->type = TALLOC_P( get_talloc_ctx(), uint32 );
+ if (!r_u->type) {
+ smb_panic("init_reg_r_enum_val: talloc fail\n");
+ return;
+ }
*r_u->type = val->type;
/* REG_SZ & REG_MULTI_SZ must be converted to UNICODE */
r_u->value = TALLOC_P( get_talloc_ctx(), REGVAL_BUFFER );
+ if (!r_u->value) {
+ smb_panic("init_reg_r_enum_val: talloc fail\n");
+ return;
+ }
real_size = reg_init_regval_buffer( r_u->value, val );
/* lengths */
- r_u->buffer_len1 = TALLOC_P( get_talloc_ctx(), uint32 );
+ r_u->buffer_len1 = TALLOC_P( get_talloc_ctx(), uint32 );
+ if (!r_u->buffer_len1) {
+ smb_panic("init_reg_r_enum_val: talloc fail\n");
+ return;
+ }
*r_u->buffer_len1 = real_size;
- r_u->buffer_len2 = TALLOC_P( get_talloc_ctx(), uint32 );
+ r_u->buffer_len2 = TALLOC_P( get_talloc_ctx(), uint32 );
+ if (!r_u->buffer_len2) {
+ smb_panic("init_reg_r_enum_val: talloc fail\n");
+ return;
+ }
*r_u->buffer_len2 = real_size;
}
@@ -1312,7 +1373,15 @@ void init_reg_r_enum_key(REG_R_ENUM_KEY *r_u, char *subkey )
init_unistr4( &r_u->keyname, subkey, UNI_STR_TERMINATE );
r_u->classname = TALLOC_ZERO_P( get_talloc_ctx(), UNISTR4 );
- r_u->time = TALLOC_ZERO_P( get_talloc_ctx(), NTTIME );
+ if (!r_u->classname) {
+ smb_panic("init_reg_r_enum_key: talloc fail\n");
+ return;
+ }
+ r_u->time = TALLOC_ZERO_P( get_talloc_ctx(), NTTIME );
+ if (!r_u->time) {
+ smb_panic("init_reg_r_enum_key: talloc fail\n");
+ return;
+ }
}
/*******************************************************************
@@ -1482,9 +1551,17 @@ void init_reg_q_shutdown(REG_Q_SHUTDOWN *q_u, const char *msg,
uint32 timeout, BOOL do_reboot, BOOL force)
{
q_u->server = TALLOC_P( get_talloc_ctx(), uint16 );
+ if (!q_u->server) {
+ smb_panic("init_reg_q_shutdown: talloc fail\n");
+ return;
+ }
*q_u->server = 0x1;
q_u->message = TALLOC_ZERO_P( get_talloc_ctx(), UNISTR4 );
+ if (!q_u->message) {
+ smb_panic("init_reg_q_shutdown: talloc fail\n");
+ return;
+ }
if ( msg && *msg ) {
init_unistr4( q_u->message, msg, UNI_FLAGS_NONE );
@@ -1652,20 +1729,24 @@ BOOL reg_io_r_shutdown_ex(const char *desc, REG_R_SHUTDOWN_EX *r_u, prs_struct *
return True;
}
-
-
/*******************************************************************
Inits a structure.
********************************************************************/
+
void init_reg_q_abort_shutdown(REG_Q_ABORT_SHUTDOWN *q_u)
{
q_u->server = TALLOC_P( get_talloc_ctx(), uint16 );
+ if (!q_u->server) {
+ smb_panic("init_reg_q_abort_shutdown: talloc fail\n");
+ return;
+ }
*q_u->server = 0x1;
}
/*******************************************************************
reads or writes a structure.
********************************************************************/
+
BOOL reg_io_q_abort_shutdown(const char *desc, REG_Q_ABORT_SHUTDOWN *q_u,
prs_struct *ps, int depth)
{