diff options
author | Andrew Kroeger <andrew@id10ts.net> | 2009-06-12 13:01:41 +0200 |
---|---|---|
committer | Andrew Bartlett <abartlet@samba.org> | 2009-06-18 13:49:25 +1000 |
commit | 71515ba190e90e0250b9de23b7ba871c1dd44f09 (patch) | |
tree | 88217cd2054ab02cbdc88aa9df620112572318e0 /libcli | |
parent | efe6552f0c1b2cf7e7f95987e7c808667166a303 (diff) | |
download | samba-71515ba190e90e0250b9de23b7ba871c1dd44f09.tar.gz samba-71515ba190e90e0250b9de23b7ba871c1dd44f09.tar.bz2 samba-71515ba190e90e0250b9de23b7ba871c1dd44f09.zip |
s4: Call va_end() after all va_start()/va_copy() calls.
This corrects the issues reaised in bug #6129, and some others that were not
originally identified. It also accounts for some code that was in the original
bug report but appears to have since been made common between S3 and S4.
Thanks to Erik Hovland <erik@hovland.org> for the original bug report.
Diffstat (limited to 'libcli')
-rw-r--r-- | libcli/auth/msrpc_parse.c | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/libcli/auth/msrpc_parse.c b/libcli/auth/msrpc_parse.c index 9125c1cd78..50e0d5c2f9 100644 --- a/libcli/auth/msrpc_parse.c +++ b/libcli/auth/msrpc_parse.c @@ -71,6 +71,7 @@ bool msrpc_gen(TALLOC_CTX *mem_ctx, (smb_ucs2_t **)(void *)&pointers[i].data, s, &n); if (!ret) { + va_end(ap); return false; } pointers[i].length = n; @@ -84,6 +85,7 @@ bool msrpc_gen(TALLOC_CTX *mem_ctx, pointers, (char **)(void *)&pointers[i].data, s, &n); if (!ret) { + va_end(ap); return false; } pointers[i].length = n; @@ -99,6 +101,7 @@ bool msrpc_gen(TALLOC_CTX *mem_ctx, (smb_ucs2_t **)(void *)&pointers[i].data, s, &n); if (!ret) { + va_end(ap); return false; } pointers[i].length = n; @@ -192,6 +195,7 @@ bool msrpc_gen(TALLOC_CTX *mem_ctx, /* a helpful macro to avoid running over the end of our blob */ #define NEED_DATA(amount) \ if ((head_ofs + amount) > blob->length) { \ + va_end(ap); \ return false; \ } |