diff options
author | Simo Sorce <idra@samba.org> | 2001-08-12 17:30:01 +0000 |
---|---|---|
committer | Simo Sorce <idra@samba.org> | 2001-08-12 17:30:01 +0000 |
commit | 2e783a47076bd0994b6ce86df7ec967bc1c2da63 (patch) | |
tree | c6504d6e8396eef290fe499abb8586b758f1f3d4 /source3/rpc_parse | |
parent | ddec8306586414cc02eca612777bb547cb8dbcae (diff) | |
download | samba-2e783a47076bd0994b6ce86df7ec967bc1c2da63.tar.gz samba-2e783a47076bd0994b6ce86df7ec967bc1c2da63.tar.bz2 samba-2e783a47076bd0994b6ce86df7ec967bc1c2da63.zip |
this is a big global fix for the ptr = Realloc(ptr, size) bug.
many possible mem leaks, and segfaults fixed.
someone should port this fix to 2.2 also.
(This used to be commit fa8e55b8b465114ce209344965c1ca0333b84db9)
Diffstat (limited to 'source3/rpc_parse')
-rw-r--r-- | source3/rpc_parse/parse_creds.c | 20 | ||||
-rw-r--r-- | source3/rpc_parse/parse_spoolss.c | 33 |
2 files changed, 36 insertions, 17 deletions
diff --git a/source3/rpc_parse/parse_creds.c b/source3/rpc_parse/parse_creds.c index 7bdbe65880..ae8ba23a56 100644 --- a/source3/rpc_parse/parse_creds.c +++ b/source3/rpc_parse/parse_creds.c @@ -90,8 +90,7 @@ BOOL make_creds_unix_sec(CREDS_UNIX_SEC *r_u, r_u->uid = uid; r_u->gid = gid; r_u->num_grps = num_grps; - r_u->grps = (uint32*)Realloc(NULL, sizeof(r_u->grps[0]) * - r_u->num_grps); + r_u->grps = (uint32*)malloc(sizeof(r_u->grps[0]) * r_u->num_grps); if (r_u->grps == NULL && num_grps != 0) { return False; @@ -123,14 +122,17 @@ BOOL creds_io_unix_sec(char *desc, CREDS_UNIX_SEC *r_u, prs_struct *ps, int dept prs_uint32("num_grps", ps, depth, (uint32 *)&(r_u->num_grps)); if (r_u->num_grps != 0) { - r_u->grps = (uint32*)Realloc(r_u->grps, + uint32 *tgr; + + tgr = (uint32*)Realloc(r_u->grps, sizeof(r_u->grps[0]) * r_u->num_grps); - if (r_u->grps == NULL) + if (tgr == NULL) { creds_free_unix_sec(r_u); return False; } + else r_u->grps = tgr; } for (i = 0; i < r_u->num_grps; i++) { @@ -165,8 +167,7 @@ BOOL make_creds_nt_sec(CREDS_NT_SEC *r_u, sid_copy(&r_u->sid, sid); r_u->num_grps = num_grps; - r_u->grp_rids = (uint32*)Realloc(NULL, sizeof(r_u->grp_rids[0]) * - r_u->num_grps); + r_u->grp_rids = (uint32*)malloc(sizeof(r_u->grp_rids[0]) * r_u->num_grps); if (r_u->grp_rids == NULL && num_grps != 0) { @@ -199,14 +200,17 @@ BOOL creds_io_nt_sec(char *desc, CREDS_NT_SEC *r_u, prs_struct *ps, int depth) prs_uint32("num_grps", ps, depth, &(r_u->num_grps)); if (r_u->num_grps != 0) { - r_u->grp_rids = (uint32*)Realloc(r_u->grp_rids, + uint32 *tgrid; + + tgrid = (uint32*)Realloc(r_u->grp_rids, sizeof(r_u->grp_rids[0]) * r_u->num_grps); - if (r_u->grp_rids == NULL) + if (tgrid == NULL) { creds_free_nt_sec(r_u); return False; } + else r_u->grp_rids = tgrid; } for (i = 0; i < r_u->num_grps; i++) { diff --git a/source3/rpc_parse/parse_spoolss.c b/source3/rpc_parse/parse_spoolss.c index b568995752..dd2c4a541a 100644 --- a/source3/rpc_parse/parse_spoolss.c +++ b/source3/rpc_parse/parse_spoolss.c @@ -1861,12 +1861,17 @@ static BOOL smb_io_relarraystr(char *desc, NEW_BUFFER *buffer, int depth, uint16 an extra NULL for termination */ if (l_chaine > 0) { + uint16 *tc2; + realloc_size = (l_chaine2+l_chaine+2)*sizeof(uint16); /* Yes this should be realloc - it's freed below. JRA */ - if((chaine2=(uint16 *)Realloc(chaine2, realloc_size)) == NULL) + if((tc2=(uint16 *)Realloc(chaine2, realloc_size)) == NULL) { + if (chaine2) free(chaine2); return False; + } + else chaine2 = tc2; memcpy(chaine2+l_chaine2, chaine.buffer, (l_chaine+1)*sizeof(uint16)); l_chaine2+=l_chaine+1; } @@ -4703,7 +4708,7 @@ BOOL spool_io_printer_driver_info_level_6(char *desc, SPOOL_PRINTER_DRIVER_INFO_ ********************************************************************/ static BOOL uniarray_2_dosarray(BUFFER5 *buf5, fstring **ar) { - fstring f; + fstring f, *tar; int n = 0; char *src; @@ -4715,7 +4720,9 @@ static BOOL uniarray_2_dosarray(BUFFER5 *buf5, fstring **ar) while (src < ((char *)buf5->buffer) + buf5->buf_len*2) { rpcstr_pull(f, src, sizeof(f)-1, -1, 0); src = skip_unibuf(src, 2*buf5->buf_len - PTR_DIFF(src,buf5->buffer)); - *ar = (fstring *)Realloc(*ar, sizeof(fstring)*(n+2)); + tar = (fstring *)Realloc(*ar, sizeof(fstring)*(n+2)); + if (!tar) return False; + else *ar = tar; fstrcpy((*ar)[n], f); n++; } @@ -4993,9 +5000,11 @@ BOOL uni_2_asc_printer_driver_3(SPOOL_PRINTER_DRIVER_INFO_LEVEL_3 *uni, DEBUGADD(8,( "monitorname: %s\n", d->monitorname)); DEBUGADD(8,( "defaultdatatype: %s\n", d->defaultdatatype)); - uniarray_2_dosarray(&uni->dependentfiles, &d->dependentfiles ); - - return True; + if (uniarray_2_dosarray(&uni->dependentfiles, &d->dependentfiles )) + return True; + + free(*asc); + return False; } /******************************************************************* @@ -5038,10 +5047,16 @@ BOOL uni_2_asc_printer_driver_6(SPOOL_PRINTER_DRIVER_INFO_LEVEL_6 *uni, DEBUGADD(8,( "monitorname: %s\n", d->monitorname)); DEBUGADD(8,( "defaultdatatype: %s\n", d->defaultdatatype)); - uniarray_2_dosarray(&uni->dependentfiles, &d->dependentfiles ); - uniarray_2_dosarray(&uni->previousnames, &d->previousnames ); - + if (!uniarray_2_dosarray(&uni->dependentfiles, &d->dependentfiles )) + goto error; + if (!uniarray_2_dosarray(&uni->previousnames, &d->previousnames )) + goto error; + return True; + +error: + free(*asc); + return False; } BOOL uni_2_asc_printer_info_2(const SPOOL_PRINTER_INFO_LEVEL_2 *uni, |