diff options
author | Stefan Metzmacher <metze@samba.org> | 2011-06-16 12:34:42 +0200 |
---|---|---|
committer | Stefan Metzmacher <metze@samba.org> | 2011-06-16 12:40:14 +0200 |
commit | 11683ccf3e68606ecb1cdfa455f7921b119803c6 (patch) | |
tree | 1727813f6e3a067d43ee05f452aad1eb9347b7ac /source3/rpc_server | |
parent | 48de3e51eacbd1051f79dc99aaac8a4ec988fde5 (diff) | |
download | samba-11683ccf3e68606ecb1cdfa455f7921b119803c6.tar.gz samba-11683ccf3e68606ecb1cdfa455f7921b119803c6.tar.bz2 samba-11683ccf3e68606ecb1cdfa455f7921b119803c6.zip |
s3:rpc_server/svcctl: fix valgrind bugs in _svcctl_QueryServiceConfig2W()
r->out.buffer needs to stay in its size, as it will be marshalled completely.
As it's preallocated and initialized with zeros, we just need to copy
the payload into it.
If we always marshall the return buffer, we already have the needed
buffer size and don't need to call ndr_size_* functions.
metze
Diffstat (limited to 'source3/rpc_server')
-rw-r--r-- | source3/rpc_server/svcctl/srv_svcctl_nt.c | 14 |
1 files changed, 5 insertions, 9 deletions
diff --git a/source3/rpc_server/svcctl/srv_svcctl_nt.c b/source3/rpc_server/svcctl/srv_svcctl_nt.c index 4f8a2c1b7d..8523def037 100644 --- a/source3/rpc_server/svcctl/srv_svcctl_nt.c +++ b/source3/rpc_server/svcctl/srv_svcctl_nt.c @@ -775,7 +775,8 @@ WERROR _svcctl_QueryServiceConfig2W(struct pipes_struct *p, struct svcctl_QueryServiceConfig2W *r) { SERVICE_INFO *info = find_service_info_by_hnd( p, r->in.handle ); - uint32 buffer_size; + uint32_t buffer_size; + DATA_BLOB blob = data_blob_null; /* perform access checks */ @@ -795,7 +796,6 @@ WERROR _svcctl_QueryServiceConfig2W(struct pipes_struct *p, struct SERVICE_DESCRIPTION desc_buf; const char *description; enum ndr_err_code ndr_err; - DATA_BLOB blob; description = svcctl_lookup_description(p->mem_ctx, p->msg_ctx, @@ -810,9 +810,6 @@ WERROR _svcctl_QueryServiceConfig2W(struct pipes_struct *p, return WERR_INVALID_PARAM; } - buffer_size = ndr_size_SERVICE_DESCRIPTION(&desc_buf, 0); - r->out.buffer = blob.data; - break; } break; @@ -820,7 +817,6 @@ WERROR _svcctl_QueryServiceConfig2W(struct pipes_struct *p, { struct SERVICE_FAILURE_ACTIONS actions; enum ndr_err_code ndr_err; - DATA_BLOB blob; /* nothing to say...just service the request */ @@ -832,9 +828,6 @@ WERROR _svcctl_QueryServiceConfig2W(struct pipes_struct *p, return WERR_INVALID_PARAM; } - buffer_size = ndr_size_SERVICE_FAILURE_ACTIONS(&actions, 0); - r->out.buffer = blob.data; - break; } break; @@ -843,12 +836,15 @@ WERROR _svcctl_QueryServiceConfig2W(struct pipes_struct *p, return WERR_UNKNOWN_LEVEL; } + buffer_size = blob.length; buffer_size += buffer_size % 4; *r->out.needed = (buffer_size > r->in.offered) ? buffer_size : r->in.offered; if (buffer_size > r->in.offered) return WERR_INSUFFICIENT_BUFFER; + memcpy(r->out.buffer, blob.data, blob.length); + return WERR_OK; } |