diff options
author | Jeremy Allison <jra@samba.org> | 2006-12-09 02:58:18 +0000 |
---|---|---|
committer | Gerald (Jerry) Carter <jerry@samba.org> | 2007-10-10 12:16:24 -0500 |
commit | 63609fbb04d2ce620338b4b79e7c1abf39f08ef8 (patch) | |
tree | c036fe84a97efbee490c470051cf1de360d502d3 /source3/lib/util.c | |
parent | 19ddef3dd9065b04896c626e7b4c691c7bbbec53 (diff) | |
download | samba-63609fbb04d2ce620338b4b79e7c1abf39f08ef8.tar.gz samba-63609fbb04d2ce620338b4b79e7c1abf39f08ef8.tar.bz2 samba-63609fbb04d2ce620338b4b79e7c1abf39f08ef8.zip |
r20090: Fix a class of bugs found by James Peach. Ensure
we never mix malloc and talloc'ed contexts in the
add_XX_to_array() and add_XX_to_array_unique()
calls. Ensure that these calls always return
False on out of memory, True otherwise and always
check them. Ensure that the relevent parts of
the conn struct and the nt_user_tokens are
TALLOC_DESTROYED not SAFE_FREE'd.
James - this should fix your crash bug in both
branches.
Jeremy.
(This used to be commit 0ffca7559e07500bd09a64b775e230d448ce5c24)
Diffstat (limited to 'source3/lib/util.c')
-rw-r--r-- | source3/lib/util.c | 36 |
1 files changed, 12 insertions, 24 deletions
diff --git a/source3/lib/util.c b/source3/lib/util.c index 19c6cab5b2..d1801527e9 100644 --- a/source3/lib/util.c +++ b/source3/lib/util.c @@ -307,7 +307,7 @@ const char *tmpdir(void) Add a gid to an array of gids if it's not already there. ****************************************************************************/ -void add_gid_to_array_unique(TALLOC_CTX *mem_ctx, gid_t gid, +BOOL add_gid_to_array_unique(TALLOC_CTX *mem_ctx, gid_t gid, gid_t **gids, size_t *num_gids) { int i; @@ -316,26 +316,24 @@ void add_gid_to_array_unique(TALLOC_CTX *mem_ctx, gid_t gid, /* * A former call to this routine has failed to allocate memory */ - return; + return False; } for (i=0; i<*num_gids; i++) { - if ((*gids)[i] == gid) - return; - } - - if (mem_ctx != NULL) { - *gids = TALLOC_REALLOC_ARRAY(mem_ctx, *gids, gid_t, *num_gids+1); - } else { - *gids = SMB_REALLOC_ARRAY(*gids, gid_t, *num_gids+1); + if ((*gids)[i] == gid) { + return True; + } } + *gids = TALLOC_REALLOC_ARRAY(mem_ctx, *gids, gid_t, *num_gids+1); if (*gids == NULL) { - return; + *num_gids = 0; + return False; } (*gids)[*num_gids] = gid; *num_gids += 1; + return True; } /**************************************************************************** @@ -1077,12 +1075,7 @@ void add_to_large_array(TALLOC_CTX *mem_ctx, size_t element_size, goto error; } - if (mem_ctx != NULL) { - *array = TALLOC(mem_ctx, element_size * (*array_size)); - } else { - *array = SMB_MALLOC(element_size * (*array_size)); - } - + *array = TALLOC(mem_ctx, element_size * (*array_size)); if (*array == NULL) { goto error; } @@ -1095,13 +1088,8 @@ void add_to_large_array(TALLOC_CTX *mem_ctx, size_t element_size, goto error; } - if (mem_ctx != NULL) { - *array = TALLOC_REALLOC(mem_ctx, *array, - element_size * (*array_size)); - } else { - *array = SMB_REALLOC(*array, - element_size * (*array_size)); - } + *array = TALLOC_REALLOC(mem_ctx, *array, + element_size * (*array_size)); if (*array == NULL) { goto error; |