diff options
author | Jeremy Allison <jra@samba.org> | 2007-05-22 20:20:01 +0000 |
---|---|---|
committer | Gerald (Jerry) Carter <jerry@samba.org> | 2007-10-10 12:22:43 -0500 |
commit | 71ee55f98d87ff70e5feb0d2b280e9c71f7b9b6a (patch) | |
tree | 873d148c4731b4d909d3bc1f50ddab49f5849182 /source3/rpc_parse/parse_lsa.c | |
parent | 725e90f1572be8734c321a3d638abdf778038349 (diff) | |
download | samba-71ee55f98d87ff70e5feb0d2b280e9c71f7b9b6a.tar.gz samba-71ee55f98d87ff70e5feb0d2b280e9c71f7b9b6a.tar.bz2 samba-71ee55f98d87ff70e5feb0d2b280e9c71f7b9b6a.zip |
r23080: Fix bug #4637 - we hads missed some cases where
we were calling PRS_ALLOC_MEM with zero count.
Jeremy.
(This used to be commit 9a10736e6fa276ca4b0726fbb7baf0daafbdc46d)
Diffstat (limited to 'source3/rpc_parse/parse_lsa.c')
-rw-r--r-- | source3/rpc_parse/parse_lsa.c | 20 |
1 files changed, 10 insertions, 10 deletions
diff --git a/source3/rpc_parse/parse_lsa.c b/source3/rpc_parse/parse_lsa.c index 06ccec4ab3..0add8b2bb0 100644 --- a/source3/rpc_parse/parse_lsa.c +++ b/source3/rpc_parse/parse_lsa.c @@ -1178,7 +1178,7 @@ static BOOL lsa_io_sid_enum(const char *desc, LSA_SID_ENUM *sen, prs_struct *ps, /* Mallocate memory if we're unpacking from the wire */ - if (UNMARSHALLING(ps)) { + if (UNMARSHALLING(ps) && sen->num_entries) { if ((sen->ptr_sid = PRS_ALLOC_MEM( ps, uint32, sen->num_entries)) == NULL) { DEBUG(3, ("init_lsa_sid_enum(): out of memory for " "ptr_sid\n")); @@ -1361,7 +1361,7 @@ static BOOL lsa_io_trans_names(const char *desc, LSA_TRANS_NAME_ENUM *trn, return False; } - if (UNMARSHALLING(ps)) { + if (UNMARSHALLING(ps) && trn->num_entries2) { if ((trn->name = PRS_ALLOC_MEM(ps, LSA_TRANS_NAME, trn->num_entries2)) == NULL) { return False; } @@ -1423,7 +1423,7 @@ static BOOL lsa_io_trans_names2(const char *desc, LSA_TRANS_NAME_ENUM2 *trn, return False; } - if (UNMARSHALLING(ps)) { + if (UNMARSHALLING(ps) && trn->num_entries2) { if ((trn->name = PRS_ALLOC_MEM(ps, LSA_TRANS_NAME2, trn->num_entries2)) == NULL) { return False; } @@ -1700,7 +1700,7 @@ BOOL lsa_io_r_lookup_names(const char *desc, LSA_R_LOOKUP_NAMES *out, prs_struct return False; } - if (UNMARSHALLING(ps)) { + if (UNMARSHALLING(ps) && out->num_entries2) { if ((out->dom_rid = PRS_ALLOC_MEM(ps, DOM_RID, out->num_entries2)) == NULL) { DEBUG(3, ("lsa_io_r_lookup_names(): out of memory\n")); @@ -1825,7 +1825,7 @@ BOOL lsa_io_r_lookup_names2(const char *desc, LSA_R_LOOKUP_NAMES2 *out, prs_stru return False; } - if (UNMARSHALLING(ps)) { + if (UNMARSHALLING(ps) && out->num_entries2) { if ((out->dom_rid = PRS_ALLOC_MEM(ps, DOM_RID2, out->num_entries2)) == NULL) { DEBUG(3, ("lsa_io_r_lookup_names2(): out of memory\n")); @@ -1978,7 +1978,7 @@ BOOL lsa_io_r_lookup_names3(const char *desc, LSA_R_LOOKUP_NAMES3 *out, prs_stru return False; } - if (UNMARSHALLING(ps)) { + if (UNMARSHALLING(ps) && out->num_entries2) { if ((out->trans_sids = PRS_ALLOC_MEM(ps, LSA_TRANSLATED_SID3, out->num_entries2)) == NULL) { DEBUG(3, ("lsa_io_r_lookup_names3(): out of memory\n")); @@ -2107,7 +2107,7 @@ BOOL lsa_io_r_lookup_names4(const char *desc, LSA_R_LOOKUP_NAMES4 *out, prs_stru return False; } - if (UNMARSHALLING(ps)) { + if (UNMARSHALLING(ps) && out->num_entries2) { if ((out->trans_sids = PRS_ALLOC_MEM(ps, LSA_TRANSLATED_SID3, out->num_entries2)) == NULL) { DEBUG(3, ("lsa_io_r_lookup_names4(): out of memory\n")); @@ -2346,7 +2346,7 @@ BOOL lsa_io_r_enum_privs(const char *desc, LSA_R_ENUM_PRIVS *out, prs_struct *ps if(!prs_uint32("count1", ps, depth, &out->count1)) return False; - if (UNMARSHALLING(ps)) + if (UNMARSHALLING(ps) && out->count1) if (!(out->privs = PRS_ALLOC_MEM(ps, LSA_PRIV_ENTRY, out->count1))) return False; @@ -3908,7 +3908,7 @@ static BOOL smb_io_lsa_data_buf(const char *desc, LSA_DATA_BUF *buf, prs_debug(ps, depth, desc, "smb_io_lsa_data_buf"); depth++; - if ( UNMARSHALLING(ps) ) { + if ( UNMARSHALLING(ps) && length ) { if ( !(buf->data = PRS_ALLOC_MEM( ps, uint8, length )) ) return False; } @@ -3922,7 +3922,7 @@ static BOOL smb_io_lsa_data_buf(const char *desc, LSA_DATA_BUF *buf, if (!prs_uint32("length", ps, depth, &buf->length)) return False; - if(!prs_uint8s(False, "data", ps, depth, buf->data, size)) + if(!prs_uint8s(False, "data", ps, depth, buf->data, length)) return False; return True; |