diff options
author | David Disseldorp <ddiss@suse.de> | 2012-01-03 10:14:23 +0100 |
---|---|---|
committer | Günther Deschner <gd@samba.org> | 2012-01-04 16:54:37 +0100 |
commit | bd5fe0a3333e5db49e74c982bcfef9737b65cc78 (patch) | |
tree | f602fd74c0c36b7a2dfe077b8c96ff9d8e0f0650 /source3/registry | |
parent | a96a9534ab688626232240fcb689c82d8f4c1902 (diff) | |
download | samba-bd5fe0a3333e5db49e74c982bcfef9737b65cc78.tar.gz samba-bd5fe0a3333e5db49e74c982bcfef9737b65cc78.tar.bz2 samba-bd5fe0a3333e5db49e74c982bcfef9737b65cc78.zip |
s3-perfcount: fix incorrect array length calculations
As reported by Ismail Doenmez (idonmez@suse.com), sizeof() is
incorrectly used by _reg_perfcount_init_data_block() in an attempt to
determine the length of a talloced array.
Signed-off-by: Günther Deschner <gd@samba.org>
Autobuild-User: Günther Deschner <gd@samba.org>
Autobuild-Date: Wed Jan 4 16:54:37 CET 2012 on sn-devel-104
Diffstat (limited to 'source3/registry')
-rw-r--r-- | source3/registry/reg_perfcount.c | 26 |
1 files changed, 17 insertions, 9 deletions
diff --git a/source3/registry/reg_perfcount.c b/source3/registry/reg_perfcount.c index 64e3cbee0f..3203e092e3 100644 --- a/source3/registry/reg_perfcount.c +++ b/source3/registry/reg_perfcount.c @@ -919,13 +919,13 @@ static bool _reg_perfcount_init_data_block(struct PERF_DATA_BLOCK *block, bool bigendian_data) { smb_ucs2_t *temp = NULL; + TALLOC_CTX *tmp_ctx = talloc_new(mem_ctx); time_t tm; + size_t sz; - if (rpcstr_push_talloc(mem_ctx, &temp, "PERF")==(size_t)-1) { - return false; - } - if (!temp) { - return false; + sz = rpcstr_push_talloc(tmp_ctx, &temp, "PERF"); + if ((sz == -1) || (temp == NULL)) { + goto err_out; } memcpy(block->Signature, temp, strlen_w(temp) *2); @@ -942,12 +942,15 @@ static bool _reg_perfcount_init_data_block(struct PERF_DATA_BLOCK *block, tm = time(NULL); make_systemtime(&(block->SystemTime), gmtime(&tm)); _reg_perfcount_init_data_block_perf(block, names); - memset(temp, 0, sizeof(temp)); - rpcstr_push((void *)temp, lp_netbios_name(), sizeof(temp), STR_TERMINATE); + + sz = rpcstr_push_talloc(tmp_ctx, &temp, lp_netbios_name()); + if ((sz == -1) || (temp == NULL)) { + goto err_out; + } block->SystemNameLength = (strlen_w(temp) * 2) + 2; block->data = talloc_zero_array(mem_ctx, uint8, block->SystemNameLength + (8 - (block->SystemNameLength % 8))); if (block->data == NULL) { - return False; + goto err_out; } memcpy(block->data, temp, block->SystemNameLength); block->SystemNameOffset = sizeof(struct PERF_DATA_BLOCK) - sizeof(block->objects) - sizeof(block->data); @@ -955,8 +958,13 @@ static bool _reg_perfcount_init_data_block(struct PERF_DATA_BLOCK *block, /* Make sure to adjust for 64-bit alignment for when we finish writing the system name, so that the PERF_OBJECT_TYPE struct comes out 64-bit aligned */ block->HeaderLength += 8 - (block->HeaderLength % 8); + talloc_free(tmp_ctx); - return True; + return true; + +err_out: + talloc_free(tmp_ctx); + return false; } /********************************************************************* |