summaryrefslogtreecommitdiff
path: root/source3/rpc_server
diff options
context:
space:
mode:
authorStefan Metzmacher <metze@samba.org>2011-06-16 12:34:42 +0200
committerStefan Metzmacher <metze@samba.org>2011-06-16 12:40:14 +0200
commit11683ccf3e68606ecb1cdfa455f7921b119803c6 (patch)
tree1727813f6e3a067d43ee05f452aad1eb9347b7ac /source3/rpc_server
parent48de3e51eacbd1051f79dc99aaac8a4ec988fde5 (diff)
downloadsamba-11683ccf3e68606ecb1cdfa455f7921b119803c6.tar.gz
samba-11683ccf3e68606ecb1cdfa455f7921b119803c6.tar.bz2
samba-11683ccf3e68606ecb1cdfa455f7921b119803c6.zip
s3:rpc_server/svcctl: fix valgrind bugs in _svcctl_QueryServiceConfig2W()
r->out.buffer needs to stay in its size, as it will be marshalled completely. As it's preallocated and initialized with zeros, we just need to copy the payload into it. If we always marshall the return buffer, we already have the needed buffer size and don't need to call ndr_size_* functions. metze
Diffstat (limited to 'source3/rpc_server')
-rw-r--r--source3/rpc_server/svcctl/srv_svcctl_nt.c14
1 files changed, 5 insertions, 9 deletions
diff --git a/source3/rpc_server/svcctl/srv_svcctl_nt.c b/source3/rpc_server/svcctl/srv_svcctl_nt.c
index 4f8a2c1b7d..8523def037 100644
--- a/source3/rpc_server/svcctl/srv_svcctl_nt.c
+++ b/source3/rpc_server/svcctl/srv_svcctl_nt.c
@@ -775,7 +775,8 @@ WERROR _svcctl_QueryServiceConfig2W(struct pipes_struct *p,
struct svcctl_QueryServiceConfig2W *r)
{
SERVICE_INFO *info = find_service_info_by_hnd( p, r->in.handle );
- uint32 buffer_size;
+ uint32_t buffer_size;
+ DATA_BLOB blob = data_blob_null;
/* perform access checks */
@@ -795,7 +796,6 @@ WERROR _svcctl_QueryServiceConfig2W(struct pipes_struct *p,
struct SERVICE_DESCRIPTION desc_buf;
const char *description;
enum ndr_err_code ndr_err;
- DATA_BLOB blob;
description = svcctl_lookup_description(p->mem_ctx,
p->msg_ctx,
@@ -810,9 +810,6 @@ WERROR _svcctl_QueryServiceConfig2W(struct pipes_struct *p,
return WERR_INVALID_PARAM;
}
- buffer_size = ndr_size_SERVICE_DESCRIPTION(&desc_buf, 0);
- r->out.buffer = blob.data;
-
break;
}
break;
@@ -820,7 +817,6 @@ WERROR _svcctl_QueryServiceConfig2W(struct pipes_struct *p,
{
struct SERVICE_FAILURE_ACTIONS actions;
enum ndr_err_code ndr_err;
- DATA_BLOB blob;
/* nothing to say...just service the request */
@@ -832,9 +828,6 @@ WERROR _svcctl_QueryServiceConfig2W(struct pipes_struct *p,
return WERR_INVALID_PARAM;
}
- buffer_size = ndr_size_SERVICE_FAILURE_ACTIONS(&actions, 0);
- r->out.buffer = blob.data;
-
break;
}
break;
@@ -843,12 +836,15 @@ WERROR _svcctl_QueryServiceConfig2W(struct pipes_struct *p,
return WERR_UNKNOWN_LEVEL;
}
+ buffer_size = blob.length;
buffer_size += buffer_size % 4;
*r->out.needed = (buffer_size > r->in.offered) ? buffer_size : r->in.offered;
if (buffer_size > r->in.offered)
return WERR_INSUFFICIENT_BUFFER;
+ memcpy(r->out.buffer, blob.data, blob.length);
+
return WERR_OK;
}