diff options
author | Jeremy Allison <jra@samba.org> | 2000-12-15 01:02:11 +0000 |
---|---|---|
committer | Jeremy Allison <jra@samba.org> | 2000-12-15 01:02:11 +0000 |
commit | 369f5fd1d7a6e6298bc3cbe01e3aaed0106f6cf4 (patch) | |
tree | e4237cf9927822e2b49faea870dd13012e5a5cb5 /source3/rpc_parse | |
parent | 1fc3e43f9b9b431e8499d2ebd7f557b9bf2ff14c (diff) | |
download | samba-369f5fd1d7a6e6298bc3cbe01e3aaed0106f6cf4.tar.gz samba-369f5fd1d7a6e6298bc3cbe01e3aaed0106f6cf4.tar.bz2 samba-369f5fd1d7a6e6298bc3cbe01e3aaed0106f6cf4.zip |
Fixed memory leaks in lsa_XX calls. Fixed memory leaks in smbcacls. Merged
in fixes from appliance-head and 2.2. Fixed multiple connection.tdb open
problem.
Jeremy.
(This used to be commit 0a40bc83e14c69a09948ec09bb6fc5026c4f4c14)
Diffstat (limited to 'source3/rpc_parse')
-rw-r--r-- | source3/rpc_parse/parse_lsa.c | 43 | ||||
-rw-r--r-- | source3/rpc_parse/parse_misc.c | 8 |
2 files changed, 34 insertions, 17 deletions
diff --git a/source3/rpc_parse/parse_lsa.c b/source3/rpc_parse/parse_lsa.c index 4b0e6e4106..41219854d1 100644 --- a/source3/rpc_parse/parse_lsa.c +++ b/source3/rpc_parse/parse_lsa.c @@ -710,14 +710,14 @@ static BOOL lsa_io_sid_enum(char *desc, LSA_SID_ENUM *sen, /* Mallocate memory if we're unpacking from the wire */ if (UNMARSHALLING(ps)) { - if ((sen->ptr_sid = (uint32 *)malloc( + if ((sen->ptr_sid = (uint32 *)prs_alloc_mem( ps, sen->num_entries * sizeof(uint32))) == NULL) { DEBUG(3, ("init_lsa_sid_enum(): out of memory for " "ptr_sid\n")); return False; } - if ((sen->sid = (DOM_SID2 *)malloc( + if ((sen->sid = (DOM_SID2 *)prs_alloc_mem( ps, sen->num_entries * sizeof(DOM_SID2))) == NULL) { DEBUG(3, ("init_lsa_sid_enum(): out of memory for " "sids\n")); @@ -824,13 +824,13 @@ static BOOL lsa_io_trans_names(char *desc, LSA_TRANS_NAME_ENUM *trn, if (UNMARSHALLING(ps)) { if ((trn->name = (LSA_TRANS_NAME *) - malloc(trn->num_entries * + prs_alloc_mem(ps, trn->num_entries * sizeof(LSA_TRANS_NAME))) == NULL) { return False; } if ((trn->uni_name = (UNISTR2 *) - malloc(trn->num_entries * + prs_alloc_mem(ps, trn->num_entries * sizeof(UNISTR2))) == NULL) { return False; } @@ -964,23 +964,40 @@ BOOL lsa_io_q_lookup_names(char *desc, LSA_Q_LOOKUP_NAMES *q_r, prs_struct *ps, if(!smb_io_pol_hnd("", &q_r->pol, ps, depth)) /* policy handle */ return False; + if(!prs_align(ps)) + return False; if(!prs_uint32("num_entries ", ps, depth, &q_r->num_entries)) return False; if(!prs_uint32("num_entries2 ", ps, depth, &q_r->num_entries2)) return False; + if (UNMARSHALLING(ps)) { + if (q_r->num_entries) { + if ((q_r->hdr_name = (UNIHDR *)prs_alloc_mem(ps, + q_r->num_entries * sizeof(UNIHDR))) == NULL) + return False; + if ((q_r->uni_name = (UNISTR2 *)prs_alloc_mem(ps, + q_r->num_entries * sizeof(UNISTR2))) == NULL) + return False; + } + } + for (i = 0; i < q_r->num_entries; i++) { + if(!prs_align(ps)) + return False; if(!smb_io_unihdr("hdr_name", &q_r->hdr_name[i], ps, depth)) /* pointer names */ return False; } for (i = 0; i < q_r->num_entries; i++) { - if(!smb_io_unistr2("dom_name", &q_r->uni_name[i], q_r->hdr_name[i].buffer, ps, depth)) /* names to be looked up */ - return False; if(!prs_align(ps)) return False; + if(!smb_io_unistr2("dom_name", &q_r->uni_name[i], q_r->hdr_name[i].buffer, ps, depth)) /* names to be looked up */ + return False; } + if(!prs_align(ps)) + return False; if(!prs_uint32("num_trans_entries ", ps, depth, &q_r->num_trans_entries)) return False; if(!prs_uint32("ptr_trans_sids ", ps, depth, &q_r->ptr_trans_sids)) @@ -997,8 +1014,7 @@ BOOL lsa_io_q_lookup_names(char *desc, LSA_Q_LOOKUP_NAMES *q_r, prs_struct *ps, reads or writes a structure. ********************************************************************/ -BOOL lsa_io_r_lookup_names(TALLOC_CTX *mem_ctx, char *desc, - LSA_R_LOOKUP_NAMES *r_r, prs_struct *ps, int depth) +BOOL lsa_io_r_lookup_names(char *desc, LSA_R_LOOKUP_NAMES *r_r, prs_struct *ps, int depth) { int i; @@ -1032,11 +1048,12 @@ BOOL lsa_io_r_lookup_names(TALLOC_CTX *mem_ctx, char *desc, return False; } - if ((r_r->dom_rid = (DOM_RID2 *) - talloc(mem_ctx, r_r->num_entries2 * sizeof(DOM_RID2))) - == NULL) { - DEBUG(3, ("lsa_io_r_lookup_names(): out of memory\n")); - return False; + if (UNMARSHALLING(ps)) { + if ((r_r->dom_rid = (DOM_RID2 *)prs_alloc_mem(ps, r_r->num_entries2 * sizeof(DOM_RID2))) + == NULL) { + DEBUG(3, ("lsa_io_r_lookup_names(): out of memory\n")); + return False; + } } for (i = 0; i < r_r->num_entries2; i++) diff --git a/source3/rpc_parse/parse_misc.c b/source3/rpc_parse/parse_misc.c index dd6784a8e7..859a800771 100644 --- a/source3/rpc_parse/parse_misc.c +++ b/source3/rpc_parse/parse_misc.c @@ -321,7 +321,7 @@ void init_uni_hdr(UNIHDR *hdr, int len) { hdr->uni_str_len = 2 * len; hdr->uni_max_len = 2 * len; - hdr->buffer = len != 0; + hdr->buffer = len != 0 ? 1 : 0; } /******************************************************************* @@ -867,8 +867,7 @@ void init_unistr2(UNISTR2 *str, const char *buf, size_t len) { ZERO_STRUCTP(str); - /* Set up string lengths. */ - + /* set up string lengths. */ str->uni_max_len = (uint32)len; str->undoc = 0; str->uni_str_len = (uint32)len; @@ -881,7 +880,8 @@ void init_unistr2(UNISTR2 *str, const char *buf, size_t len) len *= sizeof(uint16); str->buffer = (uint16 *)talloc(parse_misc_talloc, len); - if ((str->buffer == NULL) && (len > 0)) { + if ((str->buffer == NULL) && (len > 0)) + { smb_panic("init_unistr2: malloc fail\n"); return; } |