summaryrefslogtreecommitdiff
path: root/source3/smbd
diff options
context:
space:
mode:
authorJeremy Allison <jra@samba.org>2000-07-27 00:47:19 +0000
committerJeremy Allison <jra@samba.org>2000-07-27 00:47:19 +0000
commit5ec1642809d9de83da8c88c65d6595c6eb0270f5 (patch)
treef6f4f1e0b3678394fca8b7c37f71084a1b166671 /source3/smbd
parent134a4b86548db77cba292c50fbd6b91ecaa69f14 (diff)
downloadsamba-5ec1642809d9de83da8c88c65d6595c6eb0270f5.tar.gz
samba-5ec1642809d9de83da8c88c65d6595c6eb0270f5.tar.bz2
samba-5ec1642809d9de83da8c88c65d6595c6eb0270f5.zip
Ok - this is a *BIG* change - but it fixes the problems with static strings
in the RPC code. This change was prompted by trying to save a long (>256) character comment in the printer properties page. The new system associates a TALLOC_CTX with the pipe struct, and frees the pool on return of a complete PDU. A global TALLOC_CTX is used for the odd buffer allocated in the BUFFERxx code, and is freed in the main loop. This code works with insure, and seems to be free of memory leaks and crashes (so far) but there are probably the occasional problem with code that uses UNISTRxx structs on the stack and expects them to contain storage without doing a init_unistrXX(). This means that rpcclient will probably be horribly broken. A TALLOC_CTX also needed associating with the struct cli_state also, to make the prs_xx code there work. The main interface change is the addition of a TALLOC_CTX to the prs_init calls - used for dynamic allocation in the prs_XXX calls. Now this is in place it should make dynamic allocation of all RPC memory on unmarshall *much* easier to fix. Jeremy. (This used to be commit 0ff2ce543ee54f7364e6d839db6d06e7ef1edcf4)
Diffstat (limited to 'source3/smbd')
-rw-r--r--source3/smbd/nttrans.c22
-rw-r--r--source3/smbd/process.c1
2 files changed, 21 insertions, 2 deletions
diff --git a/source3/smbd/nttrans.c b/source3/smbd/nttrans.c
index 4e4e418efd..4673c87f58 100644
--- a/source3/smbd/nttrans.c
+++ b/source3/smbd/nttrans.c
@@ -1496,6 +1496,7 @@ static int call_nt_transact_query_security_desc(connection_struct *conn,
prs_struct pd;
SEC_DESC *psd = NULL;
size_t sd_size;
+ TALLOC_CTX *mem_ctx;
files_struct *fsp = file_fsp(params,0);
@@ -1544,7 +1545,13 @@ static int call_nt_transact_query_security_desc(connection_struct *conn,
* Init the parse struct we will marshall into.
*/
- prs_init(&pd, 0, 4, MARSHALL);
+ if ((mem_ctx = talloc_init()) == NULL) {
+ DEBUG(0,("call_nt_transact_query_security_desc: talloc_init failed.\n"));
+ free_sec_desc(&psd);
+ return(ERROR(ERRDOS,ERRnomem));
+ }
+
+ prs_init(&pd, 0, 4, mem_ctx, MARSHALL);
/*
* Setup the prs_struct to point at the memory we just
@@ -1564,6 +1571,7 @@ security descriptor.\n"));
/*
* Return access denied for want of a better error message..
*/
+ talloc_destroy(mem_ctx);
return(UNIXERROR(ERRDOS,ERRnoaccess));
}
@@ -1572,6 +1580,7 @@ security descriptor.\n"));
*/
free_sec_desc(&psd);
+ talloc_destroy(mem_ctx);
send_nt_replies(inbuf, outbuf, bufsize, 0, params, 4, data, (int)sd_size);
return -1;
@@ -1594,6 +1603,7 @@ static int call_nt_transact_set_security_desc(connection_struct *conn,
uint32 total_data_count = (uint32)IVAL(inbuf, smb_nts_TotalDataCount);
files_struct *fsp = NULL;
uint32 security_info_sent = 0;
+ TALLOC_CTX *mem_ctx;
if(!lp_nt_acl_support())
return(UNIXERROR(ERRDOS,ERRnoaccess));
@@ -1613,7 +1623,12 @@ static int call_nt_transact_set_security_desc(connection_struct *conn,
* Init the parse struct we will unmarshall from.
*/
- prs_init(&pd, 0, 4, UNMARSHALL);
+ if ((mem_ctx = talloc_init()) == NULL) {
+ DEBUG(0,("call_nt_transact_query_security_desc: talloc_init failed.\n"));
+ return(ERROR(ERRDOS,ERRnomem));
+ }
+
+ prs_init(&pd, 0, 4, mem_ctx, UNMARSHALL);
/*
* Setup the prs_struct to point at the memory we just
@@ -1633,15 +1648,18 @@ security descriptor.\n"));
/*
* Return access denied for want of a better error message..
*/
+ talloc_destroy(mem_ctx);
return(UNIXERROR(ERRDOS,ERRnoaccess));
}
if (!set_nt_acl(fsp, security_info_sent, psd)) {
free_sec_desc(&psd);
+ talloc_destroy(mem_ctx);
return(UNIXERROR(ERRDOS,ERRnoaccess));
}
free_sec_desc(&psd);
+ talloc_destroy(mem_ctx);
send_nt_replies(inbuf, outbuf, bufsize, 0, NULL, 0, NULL, 0);
return -1;
}
diff --git a/source3/smbd/process.c b/source3/smbd/process.c
index 3c85c05312..2662db5896 100644
--- a/source3/smbd/process.c
+++ b/source3/smbd/process.c
@@ -1042,6 +1042,7 @@ void smbd_process(void)
/* free up temporary memory */
lp_talloc_free();
+ parse_talloc_free();
while (!receive_message_or_smb(InBuffer,BUFFER_SIZE,select_timeout)) {
if(!timeout_processing( deadtime, &select_timeout, &last_timeout_processing_time))