summaryrefslogtreecommitdiff
path: root/source3/rpc_parse
diff options
context:
space:
mode:
authorSimo Sorce <idra@samba.org>2001-08-12 17:30:01 +0000
committerSimo Sorce <idra@samba.org>2001-08-12 17:30:01 +0000
commit2e783a47076bd0994b6ce86df7ec967bc1c2da63 (patch)
treec6504d6e8396eef290fe499abb8586b758f1f3d4 /source3/rpc_parse
parentddec8306586414cc02eca612777bb547cb8dbcae (diff)
downloadsamba-2e783a47076bd0994b6ce86df7ec967bc1c2da63.tar.gz
samba-2e783a47076bd0994b6ce86df7ec967bc1c2da63.tar.bz2
samba-2e783a47076bd0994b6ce86df7ec967bc1c2da63.zip
this is a big global fix for the ptr = Realloc(ptr, size) bug.
many possible mem leaks, and segfaults fixed. someone should port this fix to 2.2 also. (This used to be commit fa8e55b8b465114ce209344965c1ca0333b84db9)
Diffstat (limited to 'source3/rpc_parse')
-rw-r--r--source3/rpc_parse/parse_creds.c20
-rw-r--r--source3/rpc_parse/parse_spoolss.c33
2 files changed, 36 insertions, 17 deletions
diff --git a/source3/rpc_parse/parse_creds.c b/source3/rpc_parse/parse_creds.c
index 7bdbe65880..ae8ba23a56 100644
--- a/source3/rpc_parse/parse_creds.c
+++ b/source3/rpc_parse/parse_creds.c
@@ -90,8 +90,7 @@ BOOL make_creds_unix_sec(CREDS_UNIX_SEC *r_u,
r_u->uid = uid;
r_u->gid = gid;
r_u->num_grps = num_grps;
- r_u->grps = (uint32*)Realloc(NULL, sizeof(r_u->grps[0]) *
- r_u->num_grps);
+ r_u->grps = (uint32*)malloc(sizeof(r_u->grps[0]) * r_u->num_grps);
if (r_u->grps == NULL && num_grps != 0)
{
return False;
@@ -123,14 +122,17 @@ BOOL creds_io_unix_sec(char *desc, CREDS_UNIX_SEC *r_u, prs_struct *ps, int dept
prs_uint32("num_grps", ps, depth, (uint32 *)&(r_u->num_grps));
if (r_u->num_grps != 0)
{
- r_u->grps = (uint32*)Realloc(r_u->grps,
+ uint32 *tgr;
+
+ tgr = (uint32*)Realloc(r_u->grps,
sizeof(r_u->grps[0]) *
r_u->num_grps);
- if (r_u->grps == NULL)
+ if (tgr == NULL)
{
creds_free_unix_sec(r_u);
return False;
}
+ else r_u->grps = tgr;
}
for (i = 0; i < r_u->num_grps; i++)
{
@@ -165,8 +167,7 @@ BOOL make_creds_nt_sec(CREDS_NT_SEC *r_u,
sid_copy(&r_u->sid, sid);
r_u->num_grps = num_grps;
- r_u->grp_rids = (uint32*)Realloc(NULL, sizeof(r_u->grp_rids[0]) *
- r_u->num_grps);
+ r_u->grp_rids = (uint32*)malloc(sizeof(r_u->grp_rids[0]) * r_u->num_grps);
if (r_u->grp_rids == NULL && num_grps != 0)
{
@@ -199,14 +200,17 @@ BOOL creds_io_nt_sec(char *desc, CREDS_NT_SEC *r_u, prs_struct *ps, int depth)
prs_uint32("num_grps", ps, depth, &(r_u->num_grps));
if (r_u->num_grps != 0)
{
- r_u->grp_rids = (uint32*)Realloc(r_u->grp_rids,
+ uint32 *tgrid;
+
+ tgrid = (uint32*)Realloc(r_u->grp_rids,
sizeof(r_u->grp_rids[0]) *
r_u->num_grps);
- if (r_u->grp_rids == NULL)
+ if (tgrid == NULL)
{
creds_free_nt_sec(r_u);
return False;
}
+ else r_u->grp_rids = tgrid;
}
for (i = 0; i < r_u->num_grps; i++)
{
diff --git a/source3/rpc_parse/parse_spoolss.c b/source3/rpc_parse/parse_spoolss.c
index b568995752..dd2c4a541a 100644
--- a/source3/rpc_parse/parse_spoolss.c
+++ b/source3/rpc_parse/parse_spoolss.c
@@ -1861,12 +1861,17 @@ static BOOL smb_io_relarraystr(char *desc, NEW_BUFFER *buffer, int depth, uint16
an extra NULL for termination */
if (l_chaine > 0)
{
+ uint16 *tc2;
+
realloc_size = (l_chaine2+l_chaine+2)*sizeof(uint16);
/* Yes this should be realloc - it's freed below. JRA */
- if((chaine2=(uint16 *)Realloc(chaine2, realloc_size)) == NULL)
+ if((tc2=(uint16 *)Realloc(chaine2, realloc_size)) == NULL) {
+ if (chaine2) free(chaine2);
return False;
+ }
+ else chaine2 = tc2;
memcpy(chaine2+l_chaine2, chaine.buffer, (l_chaine+1)*sizeof(uint16));
l_chaine2+=l_chaine+1;
}
@@ -4703,7 +4708,7 @@ BOOL spool_io_printer_driver_info_level_6(char *desc, SPOOL_PRINTER_DRIVER_INFO_
********************************************************************/
static BOOL uniarray_2_dosarray(BUFFER5 *buf5, fstring **ar)
{
- fstring f;
+ fstring f, *tar;
int n = 0;
char *src;
@@ -4715,7 +4720,9 @@ static BOOL uniarray_2_dosarray(BUFFER5 *buf5, fstring **ar)
while (src < ((char *)buf5->buffer) + buf5->buf_len*2) {
rpcstr_pull(f, src, sizeof(f)-1, -1, 0);
src = skip_unibuf(src, 2*buf5->buf_len - PTR_DIFF(src,buf5->buffer));
- *ar = (fstring *)Realloc(*ar, sizeof(fstring)*(n+2));
+ tar = (fstring *)Realloc(*ar, sizeof(fstring)*(n+2));
+ if (!tar) return False;
+ else *ar = tar;
fstrcpy((*ar)[n], f);
n++;
}
@@ -4993,9 +5000,11 @@ BOOL uni_2_asc_printer_driver_3(SPOOL_PRINTER_DRIVER_INFO_LEVEL_3 *uni,
DEBUGADD(8,( "monitorname: %s\n", d->monitorname));
DEBUGADD(8,( "defaultdatatype: %s\n", d->defaultdatatype));
- uniarray_2_dosarray(&uni->dependentfiles, &d->dependentfiles );
-
- return True;
+ if (uniarray_2_dosarray(&uni->dependentfiles, &d->dependentfiles ))
+ return True;
+
+ free(*asc);
+ return False;
}
/*******************************************************************
@@ -5038,10 +5047,16 @@ BOOL uni_2_asc_printer_driver_6(SPOOL_PRINTER_DRIVER_INFO_LEVEL_6 *uni,
DEBUGADD(8,( "monitorname: %s\n", d->monitorname));
DEBUGADD(8,( "defaultdatatype: %s\n", d->defaultdatatype));
- uniarray_2_dosarray(&uni->dependentfiles, &d->dependentfiles );
- uniarray_2_dosarray(&uni->previousnames, &d->previousnames );
-
+ if (!uniarray_2_dosarray(&uni->dependentfiles, &d->dependentfiles ))
+ goto error;
+ if (!uniarray_2_dosarray(&uni->previousnames, &d->previousnames ))
+ goto error;
+
return True;
+
+error:
+ free(*asc);
+ return False;
}
BOOL uni_2_asc_printer_info_2(const SPOOL_PRINTER_INFO_LEVEL_2 *uni,