diff options
| author | Jeremy Allison <jra@samba.org> | 2004-12-07 18:25:53 +0000 |
|---|---|---|
| committer | Gerald (Jerry) Carter <jerry@samba.org> | 2007-10-10 10:53:32 -0500 |
| commit | acf9d61421faa6c0055d57fdee7db300dc5431aa (patch) | |
| tree | 5482afecfe9b4a68b9a1f18d541a3109f8143ab7 /source3/smbd | |
| parent | 3bd3be97dc8a581c0502410453091c195e322766 (diff) | |
| download | samba-acf9d61421faa6c0055d57fdee7db300dc5431aa.tar.gz samba-acf9d61421faa6c0055d57fdee7db300dc5431aa.tar.bz2 samba-acf9d61421faa6c0055d57fdee7db300dc5431aa.zip | |
r4088: Get medieval on our ass about malloc.... :-). Take control of all our allocation
functions so we can funnel through some well known functions. Should help greatly with
malloc checking.
HEAD patch to follow.
Jeremy.
(This used to be commit 620f2e608f70ba92f032720c031283d295c5c06a)
Diffstat (limited to 'source3/smbd')
| -rw-r--r-- | source3/smbd/blocking.c | 4 | ||||
| -rw-r--r-- | source3/smbd/conn.c | 2 | ||||
| -rw-r--r-- | source3/smbd/dir.c | 6 | ||||
| -rw-r--r-- | source3/smbd/fake_file.c | 2 | ||||
| -rw-r--r-- | source3/smbd/fileio.c | 4 | ||||
| -rw-r--r-- | source3/smbd/files.c | 2 | ||||
| -rw-r--r-- | source3/smbd/ipc.c | 8 | ||||
| -rw-r--r-- | source3/smbd/lanman.c | 129 | ||||
| -rw-r--r-- | source3/smbd/mangle_hash.c | 4 | ||||
| -rw-r--r-- | source3/smbd/mangle_hash2.c | 18 | ||||
| -rw-r--r-- | source3/smbd/msdfs.c | 13 | ||||
| -rw-r--r-- | source3/smbd/notify.c | 2 | ||||
| -rw-r--r-- | source3/smbd/ntquotas.c | 6 | ||||
| -rw-r--r-- | source3/smbd/nttrans.c | 23 | ||||
| -rw-r--r-- | source3/smbd/open.c | 2 | ||||
| -rw-r--r-- | source3/smbd/oplock.c | 4 | ||||
| -rw-r--r-- | source3/smbd/password.c | 8 | ||||
| -rw-r--r-- | source3/smbd/posix_acls.c | 29 | ||||
| -rw-r--r-- | source3/smbd/process.c | 7 | ||||
| -rw-r--r-- | source3/smbd/reply.c | 4 | ||||
| -rw-r--r-- | source3/smbd/sec_ctx.c | 4 | ||||
| -rw-r--r-- | source3/smbd/session.c | 6 | ||||
| -rw-r--r-- | source3/smbd/statcache.c | 6 | ||||
| -rw-r--r-- | source3/smbd/trans2.c | 40 | ||||
| -rw-r--r-- | source3/smbd/vfs.c | 8 |
25 files changed, 179 insertions, 162 deletions
diff --git a/source3/smbd/blocking.c b/source3/smbd/blocking.c index e143999a78..0e71174a2e 100644 --- a/source3/smbd/blocking.c +++ b/source3/smbd/blocking.c @@ -106,12 +106,12 @@ BOOL push_blocking_lock_request( char *inbuf, int length, int lock_timeout, * the expiration time here. */ - if((blr = (blocking_lock_record *)malloc(sizeof(blocking_lock_record))) == NULL) { + if((blr = SMB_MALLOC_P(blocking_lock_record)) == NULL) { DEBUG(0,("push_blocking_lock_request: Malloc fail !\n" )); return False; } - if((blr->inbuf = (char *)malloc(length)) == NULL) { + if((blr->inbuf = (char *)SMB_MALLOC(length)) == NULL) { DEBUG(0,("push_blocking_lock_request: Malloc fail (2)!\n" )); SAFE_FREE(blr); return False; diff --git a/source3/smbd/conn.c b/source3/smbd/conn.c index 34e19a3ca6..6b5942f7f6 100644 --- a/source3/smbd/conn.c +++ b/source3/smbd/conn.c @@ -132,7 +132,7 @@ find_again: return NULL; } - if ((conn=(connection_struct *)talloc_zero(mem_ctx, sizeof(*conn)))==NULL) { + if ((conn=TALLOC_ZERO_P(mem_ctx, connection_struct))==NULL) { DEBUG(0,("talloc_zero() failed!\n")); return NULL; } diff --git a/source3/smbd/dir.c b/source3/smbd/dir.c index 2bda42f76d..f721bf3ba8 100644 --- a/source3/smbd/dir.c +++ b/source3/smbd/dir.c @@ -407,7 +407,7 @@ int dptr_create(connection_struct *conn, pstring path, BOOL old_handle, BOOL exp if (dptrs_open >= MAX_OPEN_DIRECTORIES) dptr_idleoldest(); - dptr = (dptr_struct *)malloc(sizeof(dptr_struct)); + dptr = SMB_MALLOC_P(dptr_struct); if(!dptr) { DEBUG(0,("malloc fail in dptr_create.\n")); return -1; @@ -819,7 +819,7 @@ void *OpenDir(connection_struct *conn, const char *name, BOOL use_veto) if (!p) return(NULL); - dirp = (Dir *)malloc(sizeof(Dir)); + dirp = SMB_MALLOC_P(Dir); if (!dirp) { DEBUG(0,("Out of memory in OpenDir\n")); SMB_VFS_CLOSEDIR(conn,p); @@ -900,7 +900,7 @@ void *OpenDir(connection_struct *conn, const char *name, BOOL use_veto) if (used + l > dirp->mallocsize) { int s = MAX(used+l,used+2000); char *r; - r = (char *)Realloc(dirp->data,s); + r = (char *)SMB_REALLOC(dirp->data,s); if (!r) { DEBUG(0,("Out of memory in OpenDir\n")); break; diff --git a/source3/smbd/fake_file.c b/source3/smbd/fake_file.c index fc874dc086..53aac1e036 100644 --- a/source3/smbd/fake_file.c +++ b/source3/smbd/fake_file.c @@ -132,7 +132,7 @@ struct _FAKE_FILE_HANDLE *init_fake_file_handle(enum FAKE_FILE_TYPE type) return NULL; } - if ((fh =(FAKE_FILE_HANDLE *)talloc_zero(mem_ctx, sizeof(FAKE_FILE_HANDLE)))==NULL) { + if ((fh =TALLOC_ZERO_P(mem_ctx, FAKE_FILE_HANDLE))==NULL) { DEBUG(0,("talloc_zero() failed.\n")); talloc_destroy(mem_ctx); return NULL; diff --git a/source3/smbd/fileio.c b/source3/smbd/fileio.c index 060fbb124d..a21bd69a36 100644 --- a/source3/smbd/fileio.c +++ b/source3/smbd/fileio.c @@ -676,7 +676,7 @@ static BOOL setup_write_cache(files_struct *fsp, SMB_OFF_T file_size) if(alloc_size == 0 || fsp->wcp) return False; - if((wcp = (write_cache *)malloc(sizeof(write_cache))) == NULL) { + if((wcp = SMB_MALLOC_P(write_cache)) == NULL) { DEBUG(0,("setup_write_cache: malloc fail.\n")); return False; } @@ -685,7 +685,7 @@ static BOOL setup_write_cache(files_struct *fsp, SMB_OFF_T file_size) wcp->offset = 0; wcp->alloc_size = alloc_size; wcp->data_size = 0; - if((wcp->data = malloc(wcp->alloc_size)) == NULL) { + if((wcp->data = SMB_MALLOC(wcp->alloc_size)) == NULL) { DEBUG(0,("setup_write_cache: malloc fail for buffer size %u.\n", (unsigned int)wcp->alloc_size )); SAFE_FREE(wcp); diff --git a/source3/smbd/files.c b/source3/smbd/files.c index 580dc54545..ecf39c2b54 100644 --- a/source3/smbd/files.c +++ b/source3/smbd/files.c @@ -93,7 +93,7 @@ files_struct *file_new(connection_struct *conn) return NULL; } - fsp = (files_struct *)malloc(sizeof(*fsp)); + fsp = SMB_MALLOC_P(files_struct); if (!fsp) { unix_ERR_class = ERRSRV; unix_ERR_code = ERRnofids; diff --git a/source3/smbd/ipc.c b/source3/smbd/ipc.c index 35e670c9fa..9fcd39b500 100644 --- a/source3/smbd/ipc.c +++ b/source3/smbd/ipc.c @@ -165,7 +165,7 @@ void send_trans_reply(char *outbuf, static BOOL api_rpc_trans_reply(char *outbuf, smb_np_struct *p) { BOOL is_data_outstanding; - char *rdata = malloc(p->max_trans_reply); + char *rdata = SMB_MALLOC(p->max_trans_reply); int data_len; if(rdata == NULL) { @@ -389,7 +389,7 @@ int reply_trans(connection_struct *conn, char *inbuf,char *outbuf, int size, int goto bad_param; if (tdscnt) { - if((data = (char *)malloc(tdscnt)) == NULL) { + if((data = (char *)SMB_MALLOC(tdscnt)) == NULL) { DEBUG(0,("reply_trans: data malloc fail for %u bytes !\n", tdscnt)); END_PROFILE(SMBtrans); return(ERROR_DOS(ERRDOS,ERRnomem)); @@ -404,7 +404,7 @@ int reply_trans(connection_struct *conn, char *inbuf,char *outbuf, int size, int } if (tpscnt) { - if((params = (char *)malloc(tpscnt)) == NULL) { + if((params = (char *)SMB_MALLOC(tpscnt)) == NULL) { DEBUG(0,("reply_trans: param malloc fail for %u bytes !\n", tpscnt)); SAFE_FREE(data); END_PROFILE(SMBtrans); @@ -421,7 +421,7 @@ int reply_trans(connection_struct *conn, char *inbuf,char *outbuf, int size, int if (suwcnt) { unsigned int i; - if((setup = (uint16 *)malloc(suwcnt*sizeof(uint16))) == NULL) { + if((setup = SMB_MALLOC_ARRAY(uint16,suwcnt)) == NULL) { DEBUG(0,("reply_trans: setup malloc fail for %u bytes !\n", (unsigned int)(suwcnt * sizeof(uint16)))); SAFE_FREE(data); SAFE_FREE(params); diff --git a/source3/smbd/lanman.c b/source3/smbd/lanman.c index 7d5e0f5ad2..4af11da784 100644 --- a/source3/smbd/lanman.c +++ b/source3/smbd/lanman.c @@ -753,7 +753,7 @@ static BOOL api_DosPrintQGetInfo(connection_struct *conn, */ *rdata_len = 0; *rparam_len = 6; - *rparam = REALLOC(*rparam,*rparam_len); + *rparam = SMB_REALLOC_LIMIT(*rparam,*rparam_len); SSVALS(*rparam,0,ERRunknownlevel); SSVAL(*rparam,2,0); SSVAL(*rparam,4,0); @@ -772,7 +772,7 @@ static BOOL api_DosPrintQGetInfo(connection_struct *conn, } if (mdrcnt > 0) { - *rdata = REALLOC(*rdata,mdrcnt); + *rdata = SMB_REALLOC_LIMIT(*rdata,mdrcnt); desc.base = *rdata; desc.buflen = mdrcnt; } else { @@ -781,7 +781,7 @@ static BOOL api_DosPrintQGetInfo(connection_struct *conn, * init_package will return wrong size if buflen=0 */ desc.buflen = getlen(desc.format); - desc.base = tmpdata = (char *) malloc (desc.buflen); + desc.base = tmpdata = (char *) SMB_MALLOC (desc.buflen); } if (init_package(&desc,1,count)) { @@ -801,7 +801,7 @@ static BOOL api_DosPrintQGetInfo(connection_struct *conn, *rdata_len = desc.usedlen; *rparam_len = 6; - *rparam = REALLOC(*rparam,*rparam_len); + *rparam = SMB_REALLOC_LIMIT(*rparam,*rparam_len); SSVALS(*rparam,0,desc.errcode); SSVAL(*rparam,2,0); SSVAL(*rparam,4,desc.neededlen); @@ -849,7 +849,7 @@ static BOOL api_DosPrintQEnum(connection_struct *conn, uint16 vuid, char* param, */ *rdata_len = 0; *rparam_len = 6; - *rparam = REALLOC(*rparam,*rparam_len); + *rparam = SMB_REALLOC_LIMIT(*rparam,*rparam_len); SSVALS(*rparam,0,ERRunknownlevel); SSVAL(*rparam,2,0); SSVAL(*rparam,4,0); @@ -861,17 +861,17 @@ static BOOL api_DosPrintQEnum(connection_struct *conn, uint16 vuid, char* param, if (lp_snum_ok(i) && lp_print_ok(i) && lp_browseable(i)) queuecnt++; if (uLevel > 0) { - if((queue = (print_queue_struct**)malloc(queuecnt*sizeof(print_queue_struct*))) == NULL) { + if((queue = SMB_MALLOC_ARRAY(print_queue_struct*, queuecnt)) == NULL) { DEBUG(0,("api_DosPrintQEnum: malloc fail !\n")); return False; } memset(queue,0,queuecnt*sizeof(print_queue_struct*)); - if((status = (print_status_struct*)malloc(queuecnt*sizeof(print_status_struct))) == NULL) { + if((status = SMB_MALLOC_ARRAY(print_status_struct,queuecnt)) == NULL) { DEBUG(0,("api_DosPrintQEnum: malloc fail !\n")); return False; } memset(status,0,queuecnt*sizeof(print_status_struct)); - if((subcntarr = (int*)malloc(queuecnt*sizeof(int))) == NULL) { + if((subcntarr = SMB_MALLOC_ARRAY(int,queuecnt)) == NULL) { DEBUG(0,("api_DosPrintQEnum: malloc fail !\n")); return False; } @@ -884,7 +884,7 @@ static BOOL api_DosPrintQEnum(connection_struct *conn, uint16 vuid, char* param, n++; } } - if (mdrcnt > 0) *rdata = REALLOC(*rdata,mdrcnt); + if (mdrcnt > 0) *rdata = SMB_REALLOC_LIMIT(*rdata,mdrcnt); desc.base = *rdata; desc.buflen = mdrcnt; @@ -903,7 +903,7 @@ static BOOL api_DosPrintQEnum(connection_struct *conn, uint16 vuid, char* param, *rdata_len = desc.usedlen; *rparam_len = 8; - *rparam = REALLOC(*rparam,*rparam_len); + *rparam = SMB_REALLOC_LIMIT(*rparam,*rparam_len); SSVALS(*rparam,0,desc.errcode); SSVAL(*rparam,2,0); SSVAL(*rparam,4,succnt); @@ -987,8 +987,7 @@ static int get_server_info(uint32 servertype, struct srv_info_struct *ts; alloced += 10; - ts = (struct srv_info_struct *) - Realloc(*servers,sizeof(**servers)*alloced); + ts = SMB_REALLOC_ARRAY(*servers,struct srv_info_struct, alloced); if (!ts) { DEBUG(0,("get_server_info: failed to enlarge servers info struct!\n")); return(0); @@ -1234,7 +1233,7 @@ static BOOL api_RNetServerEnum(connection_struct *conn, uint16 vuid, char *param } *rdata_len = fixed_len + string_len; - *rdata = REALLOC(*rdata,*rdata_len); + *rdata = SMB_REALLOC_LIMIT(*rdata,*rdata_len); memset(*rdata,'\0',*rdata_len); p2 = (*rdata) + fixed_len; /* auxilliary data (strings) will go here */ @@ -1258,7 +1257,7 @@ static BOOL api_RNetServerEnum(connection_struct *conn, uint16 vuid, char *param } *rparam_len = 8; - *rparam = REALLOC(*rparam,*rparam_len); + *rparam = SMB_REALLOC_LIMIT(*rparam,*rparam_len); SSVAL(*rparam,0,(missed == 0 ? NERR_Success : ERRmoredata)); SSVAL(*rparam,2,0); SSVAL(*rparam,4,counted); @@ -1295,7 +1294,7 @@ static BOOL api_RNetGroupGetUsers(connection_struct *conn, uint16 vuid, char *pa *rdata_len = 0; *rparam_len = 8; - *rparam = REALLOC(*rparam,*rparam_len); + *rparam = SMB_REALLOC_LIMIT(*rparam,*rparam_len); SSVAL(*rparam,0,0x08AC); /* informational warning message */ SSVAL(*rparam,2,0); @@ -1441,13 +1440,13 @@ static BOOL api_RNetShareGetInfo(connection_struct *conn,uint16 vuid, char *para if (!prefix_ok(str1,"zWrLh")) return False; if (!check_share_info(uLevel,str2)) return False; - *rdata = REALLOC(*rdata,mdrcnt); + *rdata = SMB_REALLOC_LIMIT(*rdata,mdrcnt); p = *rdata; *rdata_len = fill_share_info(conn,snum,uLevel,&p,&mdrcnt,0,0,0); if (*rdata_len < 0) return False; *rparam_len = 6; - *rparam = REALLOC(*rparam,*rparam_len); + *rparam = SMB_REALLOC_LIMIT(*rparam,*rparam_len); SSVAL(*rparam,0,NERR_Success); SSVAL(*rparam,2,0); /* converter word */ SSVAL(*rparam,4,*rdata_len); @@ -1514,7 +1513,7 @@ static BOOL api_RNetShareEnum( connection_struct *conn, } } *rdata_len = fixed_len + string_len; - *rdata = REALLOC(*rdata,*rdata_len); + *rdata = SMB_REALLOC_LIMIT(*rdata,*rdata_len); memset(*rdata,0,*rdata_len); p2 = (*rdata) + fixed_len; /* auxiliary data (strings) will go here */ @@ -1537,7 +1536,7 @@ static BOOL api_RNetShareEnum( connection_struct *conn, } *rparam_len = 8; - *rparam = REALLOC(*rparam,*rparam_len); + *rparam = SMB_REALLOC_LIMIT(*rparam,*rparam_len); SSVAL(*rparam,0,missed ? ERRmoredata : NERR_Success); SSVAL(*rparam,2,0); SSVAL(*rparam,4,counted); @@ -1623,7 +1622,7 @@ static BOOL api_RNetShareAdd(connection_struct *conn,uint16 vuid, char *param,ch } else return False; *rparam_len = 6; - *rparam = REALLOC(*rparam,*rparam_len); + *rparam = SMB_REALLOC_LIMIT(*rparam,*rparam_len); SSVAL(*rparam,0,NERR_Success); SSVAL(*rparam,2,0); /* converter word */ SSVAL(*rparam,4,*rdata_len); @@ -1633,7 +1632,7 @@ static BOOL api_RNetShareAdd(connection_struct *conn,uint16 vuid, char *param,ch error_exit: *rparam_len = 4; - *rparam = REALLOC(*rparam,*rparam_len); + *rparam = SMB_REALLOC_LIMIT(*rparam,*rparam_len); *rdata_len = 0; SSVAL(*rparam,0,res); SSVAL(*rparam,2,0); @@ -1688,7 +1687,7 @@ static BOOL api_RNetGroupEnum(connection_struct *conn,uint16 vuid, char *param,c DEBUG(10,("api_RNetGroupEnum:resume context: %d, client buffer size: %d\n", resume_context, cli_buf_size)); *rdata_len = cli_buf_size; - *rdata = REALLOC(*rdata,*rdata_len); + *rdata = SMB_REALLOC_LIMIT(*rdata,*rdata_len); p = *rdata; @@ -1710,7 +1709,7 @@ static BOOL api_RNetGroupEnum(connection_struct *conn,uint16 vuid, char *param,c *rdata_len = PTR_DIFF(p,*rdata); *rparam_len = 8; - *rparam = REALLOC(*rparam,*rparam_len); + *rparam = SMB_REALLOC_LIMIT(*rparam,*rparam_len); SSVAL(*rparam, 0, errflags); SSVAL(*rparam, 2, 0); /* converter word */ @@ -1748,7 +1747,7 @@ static BOOL api_NetUserGetGroups(connection_struct *conn,uint16 vuid, char *para NTSTATUS result; *rparam_len = 8; - *rparam = REALLOC(*rparam,*rparam_len); + *rparam = SMB_REALLOC_LIMIT(*rparam,*rparam_len); /* check it's a supported varient */ @@ -1767,7 +1766,7 @@ static BOOL api_NetUserGetGroups(connection_struct *conn,uint16 vuid, char *para return False; *rdata_len = mdrcnt + 1024; - *rdata = REALLOC(*rdata,*rdata_len); + *rdata = SMB_REALLOC_LIMIT(*rdata,*rdata_len); SSVAL(*rparam,0,NERR_Success); SSVAL(*rparam,2,0); /* converter word */ @@ -1859,14 +1858,14 @@ static BOOL api_RNetUserEnum(connection_struct *conn,uint16 vuid, char *param,ch DEBUG(10,("api_RNetUserEnum:resume context: %d, client buffer size: %d\n", resume_context, cli_buf_size)); *rparam_len = 8; - *rparam = REALLOC(*rparam,*rparam_len); + *rparam = SMB_REALLOC_LIMIT(*rparam,*rparam_len); /* check it's a supported varient */ if (strcmp("B21",str2) != 0) return False; *rdata_len = cli_buf_size; - *rdata = REALLOC(*rdata,*rdata_len); + *rdata = SMB_REALLOC_LIMIT(*rdata,*rdata_len); p = *rdata; @@ -1929,10 +1928,10 @@ static BOOL api_NetRemoteTOD(connection_struct *conn,uint16 vuid, char *param,ch { char *p; *rparam_len = 4; - *rparam = REALLOC(*rparam,*rparam_len); + *rparam = SMB_REALLOC_LIMIT(*rparam,*rparam_len); *rdata_len = 21; - *rdata = REALLOC(*rdata,*rdata_len); + *rdata = SMB_REALLOC_LIMIT(*rdata,*rdata_len); SSVAL(*rparam,0,NERR_Success); SSVAL(*rparam,2,0); /* converter word */ @@ -1991,7 +1990,7 @@ static BOOL api_SetUserPassword(connection_struct *conn,uint16 vuid, char *param memcpy(pass2,p+16,16); *rparam_len = 4; - *rparam = REALLOC(*rparam,*rparam_len); + *rparam = SMB_REALLOC_LIMIT(*rparam,*rparam_len); *rdata_len = 0; @@ -2063,7 +2062,7 @@ static BOOL api_SamOEMChangePassword(connection_struct *conn,uint16 vuid, char * fstring user; char *p = param + 2; *rparam_len = 2; - *rparam = REALLOC(*rparam,*rparam_len); + *rparam = SMB_REALLOC_LIMIT(*rparam,*rparam_len); *rdata_len = 0; @@ -2130,7 +2129,7 @@ static BOOL api_RDosPrintJobDel(connection_struct *conn,uint16 vuid, char *param return(False); *rparam_len = 4; - *rparam = REALLOC(*rparam,*rparam_len); + *rparam = SMB_REALLOC_LIMIT(*rparam,*rparam_len); *rdata_len = 0; if (!print_job_exists(sharename, jobid)) { @@ -2193,7 +2192,7 @@ static BOOL api_WPrintQueueCtrl(connection_struct *conn,uint16 vuid, char *param return(False); *rparam_len = 4; - *rparam = REALLOC(*rparam,*rparam_len); + *rparam = SMB_REALLOC_LIMIT(*rparam,*rparam_len); *rdata_len = 0; snum = print_queue_snum(QueueName); @@ -2267,7 +2266,7 @@ static BOOL api_PrintJobInfo(connection_struct *conn,uint16 vuid,char *param,cha if(!rap_to_pjobid(SVAL(p,0), sharename, &jobid)) return False; *rparam_len = 4; - *rparam = REALLOC(*rparam,*rparam_len); + *rparam = SMB_REALLOC_LIMIT(*rparam,*rparam_len); if ( (snum = lp_servicenumber(sharename)) == -1 ) { DEBUG(0,("api_PrintJobInfo: unable to get service number from sharename [%s]\n", @@ -2368,7 +2367,7 @@ static BOOL api_RNetServerGetInfo(connection_struct *conn,uint16 vuid, char *par } *rdata_len = mdrcnt; - *rdata = REALLOC(*rdata,*rdata_len); + *rdata = SMB_REALLOC_LIMIT(*rdata,*rdata_len); p = *rdata; p2 = p + struct_len; @@ -2417,7 +2416,7 @@ static BOOL api_RNetServerGetInfo(connection_struct *conn,uint16 vuid, char *par *rdata_len = PTR_DIFF(p2,*rdata); *rparam_len = 6; - *rparam = REALLOC(*rparam,*rparam_len); + *rparam = SMB_REALLOC_LIMIT(*rparam,*rparam_len); SSVAL(*rparam,0,NERR_Success); SSVAL(*rparam,2,0); /* converter word */ SSVAL(*rparam,4,*rdata_len); @@ -2444,14 +2443,14 @@ static BOOL api_NetWkstaGetInfo(connection_struct *conn,uint16 vuid, char *param DEBUG(4,("NetWkstaGetInfo level %d\n",level)); *rparam_len = 6; - *rparam = REALLOC(*rparam,*rparam_len); + *rparam = SMB_REALLOC_LIMIT(*rparam,*rparam_len); /* check it's a supported varient */ if (!(level==10 && strcsequal(str1,"WrLh") && strcsequal(str2,"zzzBBzz"))) return(False); *rdata_len = mdrcnt + 1024; - *rdata = REALLOC(*rdata,*rdata_len); + *rdata = SMB_REALLOC_LIMIT(*rdata,*rdata_len); SSVAL(*rparam,0,NERR_Success); SSVAL(*rparam,2,0); /* converter word */ @@ -2690,7 +2689,7 @@ static BOOL api_RNetUserGetInfo(connection_struct *conn,uint16 vuid, char *param vuser->user.unix_name)); *rparam_len = 6; - *rparam = REALLOC(*rparam,*rparam_len); + *rparam = SMB_REALLOC_LIMIT(*rparam,*rparam_len); DEBUG(4,("RNetUserGetInfo level=%d\n", uLevel)); @@ -2709,7 +2708,7 @@ static BOOL api_RNetUserGetInfo(connection_struct *conn,uint16 vuid, char *param if (strcmp(level_string,str2) != 0) return False; *rdata_len = mdrcnt + 1024; - *rdata = REALLOC(*rdata,*rdata_len); + *rdata = SMB_REALLOC_LIMIT(*rdata,*rdata_len); SSVAL(*rparam,0,NERR_Success); SSVAL(*rparam,2,0); /* converter word */ @@ -2856,7 +2855,7 @@ static BOOL api_WWkstaUserLogon(connection_struct *conn,uint16 vuid, char *param /* check it's a supported varient */ if (strcmp(str1,"OOWb54WrLh") != 0) return False; if (uLevel != 1 || strcmp(str2,"WB21BWDWWDDDDDDDzzzD") != 0) return False; - if (mdrcnt > 0) *rdata = REALLOC(*rdata,mdrcnt); + if (mdrcnt > 0) *rdata = SMB_REALLOC_LIMIT(*rdata,mdrcnt); desc.base = *rdata; desc.buflen = mdrcnt; desc.subformat = NULL; @@ -2895,7 +2894,7 @@ static BOOL api_WWkstaUserLogon(connection_struct *conn,uint16 vuid, char *param *rdata_len = desc.usedlen; *rparam_len = 6; - *rparam = REALLOC(*rparam,*rparam_len); + *rparam = SMB_REALLOC_LIMIT(*rparam,*rparam_len); SSVALS(*rparam,0,desc.errcode); SSVAL(*rparam,2,0); SSVAL(*rparam,4,desc.neededlen); @@ -2925,7 +2924,7 @@ static BOOL api_WAccessGetUserPerms(connection_struct *conn,uint16 vuid, char *p if (strcmp(str2,"") != 0) return False; *rparam_len = 6; - *rparam = REALLOC(*rparam,*rparam_len); + *rparam = SMB_REALLOC_LIMIT(*rparam,*rparam_len); SSVALS(*rparam,0,0); /* errorcode */ SSVAL(*rparam,2,0); /* converter word */ SSVAL(*rparam,4,0x7f); /* permission flags */ @@ -2978,7 +2977,7 @@ static BOOL api_WPrintJobGetInfo(connection_struct *conn,uint16 vuid, char *para } if (mdrcnt > 0) { - *rdata = REALLOC(*rdata,mdrcnt); + *rdata = SMB_REALLOC_LIMIT(*rdata,mdrcnt); desc.base = *rdata; desc.buflen = mdrcnt; } else { @@ -2987,7 +2986,7 @@ static BOOL api_WPrintJobGetInfo(connection_struct *conn,uint16 vuid, char *para * init_package will return wrong size if buflen=0 */ desc.buflen = getlen(desc.format); - desc.base = tmpdata = (char *)malloc ( desc.buflen ); + desc.base = tmpdata = (char *)SMB_MALLOC( desc.buflen ); } if (init_package(&desc,1,0)) { @@ -3002,7 +3001,7 @@ static BOOL api_WPrintJobGetInfo(connection_struct *conn,uint16 vuid, char *para } *rparam_len = 6; - *rparam = REALLOC(*rparam,*rparam_len); + *rparam = SMB_REALLOC_LIMIT(*rparam,*rparam_len); SSVALS(*rparam,0,desc.errcode); SSVAL(*rparam,2,0); SSVAL(*rparam,4,desc.neededlen); @@ -3054,7 +3053,7 @@ static BOOL api_WPrintJobEnumerate(connection_struct *conn,uint16 vuid, char *pa return False; count = print_queue_status(snum,&queue,&status); - if (mdrcnt > 0) *rdata = REALLOC(*rdata,mdrcnt); + if (mdrcnt > 0) *rdata = SMB_REALLOC_LIMIT(*rdata,mdrcnt); desc.base = *rdata; desc.buflen = mdrcnt; @@ -3069,7 +3068,7 @@ static BOOL api_WPrintJobEnumerate(connection_struct *conn,uint16 vuid, char *pa *rdata_len = desc.usedlen; *rparam_len = 8; - *rparam = REALLOC(*rparam,*rparam_len); + *rparam = SMB_REALLOC_LIMIT(*rparam,*rparam_len); SSVALS(*rparam,0,desc.errcode); SSVAL(*rparam,2,0); SSVAL(*rparam,4,succnt); @@ -3162,7 +3161,7 @@ static BOOL api_WPrintDestGetInfo(connection_struct *conn,uint16 vuid, char *par } else { if (mdrcnt > 0) { - *rdata = REALLOC(*rdata,mdrcnt); + *rdata = SMB_REALLOC_LIMIT(*rdata,mdrcnt); desc.base = *rdata; desc.buflen = mdrcnt; } else { @@ -3171,7 +3170,7 @@ static BOOL api_WPrintDestGetInfo(connection_struct *conn,uint16 vuid, char *par * init_package will return wrong size if buflen=0 */ desc.buflen = getlen(desc.format); - desc.base = tmpdata = (char *)malloc ( desc.buflen ); + desc.base = tmpdata = (char *)SMB_MALLOC( desc.buflen ); } if (init_package(&desc,1,0)) { fill_printdest_info(conn,snum,uLevel,&desc); @@ -3180,7 +3179,7 @@ static BOOL api_WPrintDestGetInfo(connection_struct *conn,uint16 vuid, char *par } *rparam_len = 6; - *rparam = REALLOC(*rparam,*rparam_len); + *rparam = SMB_REALLOC_LIMIT(*rparam,*rparam_len); SSVALS(*rparam,0,desc.errcode); SSVAL(*rparam,2,0); SSVAL(*rparam,4,desc.neededlen); @@ -3219,7 +3218,7 @@ static BOOL api_WPrintDestEnum(connection_struct *conn,uint16 vuid, char *param, if (lp_snum_ok(i) && lp_print_ok(i) && lp_browseable(i)) queuecnt++; - if (mdrcnt > 0) *rdata = REALLOC(*rdata,mdrcnt); + if (mdrcnt > 0) *rdata = SMB_REALLOC_LIMIT(*rdata,mdrcnt); desc.base = *rdata; desc.buflen = mdrcnt; if (init_package(&desc,queuecnt,0)) { @@ -3237,7 +3236,7 @@ static BOOL api_WPrintDestEnum(connection_struct *conn,uint16 vuid, char *param, *rdata_len = desc.usedlen; *rparam_len = 8; - *rparam = REALLOC(*rparam,*rparam_len); + *rparam = SMB_REALLOC_LIMIT(*rparam,*rparam_len); SSVALS(*rparam,0,desc.errcode); SSVAL(*rparam,2,0); SSVAL(*rparam,4,succnt); @@ -3269,7 +3268,7 @@ static BOOL api_WPrintDriverEnum(connection_struct *conn,uint16 vuid, char *para if (strcmp(str1,"WrLeh") != 0) return False; if (uLevel != 0 || strcmp(str2,"B41") != 0) return False; - if (mdrcnt > 0) *rdata = REALLOC(*rdata,mdrcnt); + if (mdrcnt > 0) *rdata = SMB_REALLOC_LIMIT(*rdata,mdrcnt); desc.base = *rdata; desc.buflen = mdrcnt; if (init_package(&desc,1,0)) { @@ -3281,7 +3280,7 @@ static BOOL api_WPrintDriverEnum(connection_struct *conn,uint16 vuid, char *para *rdata_len = desc.usedlen; *rparam_len = 8; - *rparam = REALLOC(*rparam,*rparam_len); + *rparam = SMB_REALLOC_LIMIT(*rparam,*rparam_len); SSVALS(*rparam,0,desc.errcode); SSVAL(*rparam,2,0); SSVAL(*rparam,4,succnt); @@ -3313,7 +3312,7 @@ static BOOL api_WPrintQProcEnum(connection_struct *conn,uint16 vuid, char *param if (strcmp(str1,"WrLeh") != 0) return False; if (uLevel != 0 || strcmp(str2,"B13") != 0) return False; - if (mdrcnt > 0) *rdata = REALLOC(*rdata,mdrcnt); + if (mdrcnt > 0) *rdata = SMB_REALLOC_LIMIT(*rdata,mdrcnt); desc.base = *rdata; desc.buflen = mdrcnt; desc.format = str2; @@ -3326,7 +3325,7 @@ static BOOL api_WPrintQProcEnum(connection_struct *conn,uint16 vuid, char *param *rdata_len = desc.usedlen; *rparam_len = 8; - *rparam = REALLOC(*rparam,*rparam_len); + *rparam = SMB_REALLOC_LIMIT(*rparam,*rparam_len); SSVALS(*rparam,0,desc.errcode); SSVAL(*rparam,2,0); SSVAL(*rparam,4,succnt); @@ -3358,7 +3357,7 @@ static BOOL api_WPrintPortEnum(connection_struct *conn,uint16 vuid, char *param, if (strcmp(str1,"WrLeh") != 0) return False; if (uLevel != 0 || strcmp(str2,"B9") != 0) return False; - if (mdrcnt > 0) *rdata = REALLOC(*rdata,mdrcnt); + if (mdrcnt > 0) *rdata = SMB_REALLOC_LIMIT(*rdata,mdrcnt); memset((char *)&desc,'\0',sizeof(desc)); desc.base = *rdata; desc.buflen = mdrcnt; @@ -3372,7 +3371,7 @@ static BOOL api_WPrintPortEnum(connection_struct *conn,uint16 vuid, char *param, *rdata_len = desc.usedlen; *rparam_len = 8; - *rparam = REALLOC(*rparam,*rparam_len); + *rparam = SMB_REALLOC_LIMIT(*rparam,*rparam_len); SSVALS(*rparam,0,desc.errcode); SSVAL(*rparam,2,0); SSVAL(*rparam,4,succnt); @@ -3414,7 +3413,7 @@ static BOOL api_RNetSessionEnum(connection_struct *conn,uint16 vuid, char *param num_sessions = list_sessions(&session_list); - if (mdrcnt > 0) *rdata = REALLOC(*rdata,mdrcnt); + if (mdrcnt > 0) *rdata = SMB_REALLOC_LIMIT(*rdata,mdrcnt); memset((char *)&desc,'\0',sizeof(desc)); desc.base = *rdata; desc.buflen = mdrcnt; @@ -3438,7 +3437,7 @@ static BOOL api_RNetSessionEnum(connection_struct *conn,uint16 vuid, char *param *rdata_len = desc.usedlen; *rparam_len = 8; - *rparam = REALLOC(*rparam,*rparam_len); + *rparam = SMB_REALLOC_LIMIT(*rparam,*rparam_len); SSVALS(*rparam,0,desc.errcode); SSVAL(*rparam,2,0); /* converter */ SSVAL(*rparam,4,num_sessions); /* count */ @@ -3458,7 +3457,7 @@ static BOOL api_TooSmall(connection_struct *conn,uint16 vuid, char *param,char * int *rdata_len,int *rparam_len) { *rparam_len = MIN(*rparam_len,mprcnt); - *rparam = REALLOC(*rparam,*rparam_len); + *rparam = SMB_REALLOC_LIMIT(*rparam,*rparam_len); *rdata_len = 0; @@ -3480,7 +3479,7 @@ static BOOL api_Unsupported(connection_struct *conn,uint16 vuid, char *param,cha int *rdata_len,int *rparam_len) { *rparam_len = 4; - *rparam = REALLOC(*rparam,*rparam_len); + *rparam = SMB_REALLOC_LIMIT(*rparam,*rparam_len); *rdata_len = 0; @@ -3587,11 +3586,11 @@ int api_reply(connection_struct *conn,uint16 vuid,char *outbuf,char *data,char * return ERROR_NT(NT_STATUS_ACCESS_DENIED); } - rdata = (char *)malloc(1024); + rdata = (char *)SMB_MALLOC(1024); if (rdata) memset(rdata,'\0',1024); - rparam = (char *)malloc(1024); + rparam = (char *)SMB_MALLOC(1024); if (rparam) memset(rparam,'\0',1024); diff --git a/source3/smbd/mangle_hash.c b/source3/smbd/mangle_hash.c index 26ddf1b3a3..0067023e61 100644 --- a/source3/smbd/mangle_hash.c +++ b/source3/smbd/mangle_hash.c @@ -476,7 +476,7 @@ static BOOL check_cache( char *s, size_t maxlen ) if(data_val.dptr == NULL || data_val.dsize == 0) { ext_start = strrchr( s, '.' ); if( ext_start ) { - if((saved_ext = strdup(ext_start)) == NULL) + if((saved_ext = SMB_STRDUP(ext_start)) == NULL) return False; *ext_start = '\0'; @@ -624,7 +624,7 @@ static void name_map(char *OutName, BOOL need83, BOOL cache83, int default_case) /* mangle it into 8.3 */ if (cache83) - tmp = strdup(OutName); + tmp = SMB_STRDUP(OutName); to_8_3(OutName, default_case); diff --git a/source3/smbd/mangle_hash2.c b/source3/smbd/mangle_hash2.c index c6ad1215b0..4896cfb17b 100644 --- a/source3/smbd/mangle_hash2.c +++ b/source3/smbd/mangle_hash2.c @@ -153,13 +153,19 @@ static u32 mangle_hash(const char *key, unsigned int length) */ static BOOL cache_init(void) { - if (prefix_cache) return True; + if (prefix_cache) { + return True; + } - prefix_cache = calloc(MANGLE_CACHE_SIZE, sizeof(char *)); - if (!prefix_cache) return False; + prefix_cache = SMB_CALLOC_ARRAY(char *,MANGLE_CACHE_SIZE); + if (!prefix_cache) { + return False; + } - prefix_cache_hashes = calloc(MANGLE_CACHE_SIZE, sizeof(u32)); - if (!prefix_cache_hashes) return False; + prefix_cache_hashes = SMB_CALLOC_ARRAY(u32, MANGLE_CACHE_SIZE); + if (!prefix_cache_hashes) { + return False; + } return True; } @@ -175,7 +181,7 @@ static void cache_insert(const char *prefix, int length, u32 hash) free(prefix_cache[i]); } - prefix_cache[i] = strndup(prefix, length); + prefix_cache[i] = SMB_STRNDUP(prefix, length); prefix_cache_hashes[i] = hash; } diff --git a/source3/smbd/msdfs.c b/source3/smbd/msdfs.c index 6c132897f9..b5ae7486d3 100644 --- a/source3/smbd/msdfs.c +++ b/source3/smbd/msdfs.c @@ -189,7 +189,7 @@ static BOOL parse_symlink(char* buf,struct referral** preflist, DEBUG(10,("parse_symlink: count=%d\n", count)); - reflist = *preflist = (struct referral*) malloc(count * sizeof(struct referral)); + reflist = *preflist = SMB_MALLOC_ARRAY(struct referral, count); if(reflist == NULL) { DEBUG(0,("parse_symlink: Malloc failed!\n")); return False; @@ -417,7 +417,7 @@ static BOOL self_ref(char *pathname, struct junction_map *jucn, *self_referralp = True; jucn->referral_count = 1; - if((ref = (struct referral*) malloc(sizeof(struct referral))) == NULL) { + if((ref = SMB_MALLOC_P(struct referral)) == NULL) { DEBUG(0,("self_ref: malloc failed for referral\n")); return False; } @@ -503,7 +503,7 @@ BOOL get_referred_path(char *pathname, struct junction_map *jucn, self_referralp); jucn->referral_count = 1; - if ((ref = (struct referral*) malloc(sizeof(struct referral))) == NULL) { + if ((ref = SMB_MALLOC_P(struct referral)) == NULL) { DEBUG(0, ("malloc failed for referral\n")); goto out; } @@ -595,7 +595,7 @@ static int setup_ver2_dfs_referral(char* pathname, char** ppdata, /* add the unexplained 0x16 bytes */ reply_size += 0x16; - pdata = Realloc(pdata,reply_size); + pdata = SMB_REALLOC(pdata,reply_size); if(pdata == NULL) { DEBUG(0,("malloc failed for Realloc!\n")); return -1; @@ -676,7 +676,7 @@ static int setup_ver3_dfs_referral(char* pathname, char** ppdata, reply_size += (strlen(junction->referral_list[i].alternate_path)+1)*2; } - pdata = Realloc(pdata,reply_size); + pdata = SMB_REALLOC(pdata,reply_size); if(pdata == NULL) { DEBUG(0,("version3 referral setup: malloc failed for Realloc!\n")); return -1; @@ -962,8 +962,7 @@ static BOOL form_junctions(int snum, struct junction_map* jucn, int* jn_count) jucn[cnt].volume_name[0] = '\0'; jucn[cnt].referral_count = 1; - ref = jucn[cnt].referral_list - = (struct referral*) malloc(sizeof(struct referral)); + ref = jucn[cnt].referral_list = SMB_MALLOC_P(struct referral); if (jucn[cnt].referral_list == NULL) { DEBUG(0, ("Malloc failed!\n")); goto out; diff --git a/source3/smbd/notify.c b/source3/smbd/notify.c index 9adf827c79..92b86f350c 100644 --- a/source3/smbd/notify.c +++ b/source3/smbd/notify.c @@ -178,7 +178,7 @@ BOOL change_notify_set(char *inbuf, files_struct *fsp, connection_struct *conn, { struct change_notify *cnbp; - if((cnbp = (struct change_notify *)malloc(sizeof(*cnbp))) == NULL) { + if((cnbp = SMB_MALLOC_P(struct change_notify)) == NULL) { DEBUG(0,("change_notify_set: malloc fail !\n" )); return -1; } diff --git a/source3/smbd/ntquotas.c b/source3/smbd/ntquotas.c index 555f32d773..8fbf858008 100644 --- a/source3/smbd/ntquotas.c +++ b/source3/smbd/ntquotas.c @@ -199,14 +199,14 @@ int vfs_get_user_ntquota_list(files_struct *fsp, SMB_NTQUOTA_LIST **qt_list) DEBUG(15,("quota entry for id[%s] path[%s]\n", sid_string_static(&sid),fsp->conn->connectpath)); - if ((tmp_list_ent=(SMB_NTQUOTA_LIST *)talloc_zero(mem_ctx,sizeof(SMB_NTQUOTA_LIST)))==NULL) { + if ((tmp_list_ent=TALLOC_ZERO_P(mem_ctx,SMB_NTQUOTA_LIST))==NULL) { DEBUG(0,("talloc_zero() failed\n")); *qt_list = NULL; talloc_destroy(mem_ctx); return (-1); } - if ((tmp_list_ent->quotas=(SMB_NTQUOTA_STRUCT *)talloc_zero(mem_ctx,sizeof(SMB_NTQUOTA_STRUCT)))==NULL) { + if ((tmp_list_ent->quotas=TALLOC_ZERO_P(mem_ctx,SMB_NTQUOTA_STRUCT))==NULL) { DEBUG(0,("talloc_zero() failed\n")); *qt_list = NULL; talloc_destroy(mem_ctx); @@ -232,7 +232,7 @@ void *init_quota_handle(TALLOC_CTX *mem_ctx) if (!mem_ctx) return False; - qt_handle = (SMB_NTQUOTA_HANDLE *)talloc_zero(mem_ctx,sizeof(SMB_NTQUOTA_HANDLE)); + qt_handle = TALLOC_ZERO_P(mem_ctx,SMB_NTQUOTA_HANDLE); if (qt_handle==NULL) { DEBUG(0,("talloc_zero() failed\n")); return NULL; diff --git a/source3/smbd/nttrans.c b/source3/smbd/nttrans.c index 42953a1b7a..2395d0d8db 100644 --- a/source3/smbd/nttrans.c +++ b/source3/smbd/nttrans.c @@ -58,11 +58,12 @@ static char *nttrans_realloc(char **ptr, size_t size) if (ptr==NULL) smb_panic("nttrans_realloc() called with NULL ptr\n"); - tptr = Realloc_zero(*ptr, size); + tptr = SMB_REALLOC(*ptr, size); if(tptr == NULL) { *ptr = NULL; return NULL; } + memset(tptr,'\0',size); *ptr = tptr; @@ -2139,7 +2140,7 @@ static int call_nt_transact_ioctl(connection_struct *conn, char *inbuf, char *ou return ERROR_NT(NT_STATUS_NO_MEMORY); } - shadow_data = (SHADOW_COPY_DATA *)talloc_zero(shadow_mem_ctx,sizeof(SHADOW_COPY_DATA)); + shadow_data = TALLOC_ZERO_P(shadow_mem_ctx,SHADOW_COPY_DATA); if (shadow_data == NULL) { DEBUG(0,("talloc_zero() failed!\n")); return ERROR_NT(NT_STATUS_NO_MEMORY); @@ -2449,6 +2450,10 @@ static int call_nt_transact_get_user_quota(connection_struct *conn, char *inbuf, } sid_len = IVAL(pdata,4); + /* Ensure this is less than 1mb. */ + if (sid_len > (1024*1024)) { + return ERROR_DOS(ERRDOS,ERRnomem); + } if (data_count < 8+sid_len) { DEBUG(0,("TRANSACT_GET_USER_QUOTA_FOR_SID: requires %d >= %lu bytes data\n",data_count,(unsigned long)(8+sid_len))); @@ -2703,15 +2708,21 @@ due to being in oplock break state.\n", (unsigned int)function_code )); CVAL(inbuf, smb_wct), 19 + (setup_count/2))); goto bad_param; } - + + /* Don't allow more than 128mb for each value. */ + if ((total_parameter_count > (1024*1024*128)) || (total_data_count > (1024*1024*128))) { + END_PROFILE(SMBnttrans); + return ERROR_DOS(ERRDOS,ERRnomem); + } + /* Allocate the space for the setup, the maximum needed parameters and data */ if(setup_count > 0) - setup = (char *)malloc(setup_count); + setup = (char *)SMB_MALLOC(setup_count); if (total_parameter_count > 0) - params = (char *)malloc(total_parameter_count); + params = (char *)SMB_MALLOC(total_parameter_count); if (total_data_count > 0) - data = (char *)malloc(total_data_count); + data = (char *)SMB_MALLOC(total_data_count); if ((total_parameter_count && !params) || (total_data_count && !data) || (setup_count && !setup)) { diff --git a/source3/smbd/open.c b/source3/smbd/open.c index 7cadf5adba..bf3fbf7fec 100644 --- a/source3/smbd/open.c +++ b/source3/smbd/open.c @@ -681,7 +681,7 @@ dev = %x, inode = %.0f\n", old_shares[i].op_type, fname, (unsigned int)dev, (dou return -1; } - broken_entry = malloc(sizeof(struct share_mode_entry_list)); + broken_entry = SMB_MALLOC_P(struct share_mode_entry_list); if (!broken_entry) { smb_panic("open_mode_check: malloc fail.\n"); } diff --git a/source3/smbd/oplock.c b/source3/smbd/oplock.c index 1ffc798b1f..3ebf93e560 100644 --- a/source3/smbd/oplock.c +++ b/source3/smbd/oplock.c @@ -740,12 +740,12 @@ static BOOL oplock_break(SMB_DEV_T dev, SMB_INO_T inode, unsigned long file_id, * messages crossing on the wire. */ - if((inbuf = (char *)malloc(BUFFER_SIZE + LARGE_WRITEX_HDR_SIZE + SAFETY_MARGIN))==NULL) { + if((inbuf = (char *)SMB_MALLOC(BUFFER_SIZE + LARGE_WRITEX_HDR_SIZE + SAFETY_MARGIN))==NULL) { DEBUG(0,("oplock_break: malloc fail for input buffer.\n")); return False; } - if((outbuf = (char *)malloc(BUFFER_SIZE + LARGE_WRITEX_HDR_SIZE + SAFETY_MARGIN))==NULL) { + if((outbuf = (char *)SMB_MALLOC(BUFFER_SIZE + LARGE_WRITEX_HDR_SIZE + SAFETY_MARGIN))==NULL) { DEBUG(0,("oplock_break: malloc fail for output buffer.\n")); SAFE_FREE(inbuf); return False; diff --git a/source3/smbd/password.c b/source3/smbd/password.c index eb389d7013..213ef98ea3 100644 --- a/source3/smbd/password.c +++ b/source3/smbd/password.c @@ -139,7 +139,7 @@ int register_vuid(auth_serversupplied_info *server_info, DATA_BLOB session_key, return UID_FIELD_INVALID; } - if((vuser = (user_struct *)malloc( sizeof(user_struct) )) == NULL) { + if((vuser = SMB_MALLOC_P(user_struct)) == NULL) { DEBUG(0,("Failed to malloc users struct!\n")); data_blob_free(&session_key); return UID_FIELD_INVALID; @@ -316,7 +316,7 @@ void add_session_user(const char *user) DEBUG(3,("add_session_user: session userlist already too large.\n")); return; } - newlist = Realloc( session_userlist, len_session_userlist + PSTRING_LEN ); + newlist = SMB_REALLOC( session_userlist, len_session_userlist + PSTRING_LEN ); if( newlist == NULL ) { DEBUG(1,("Unable to resize session_userlist\n")); return; @@ -498,9 +498,9 @@ BOOL authorise_login(int snum, fstring user, DATA_BLOB password, char *user_list = NULL; if ( session_userlist ) - user_list = strdup(session_userlist); + user_list = SMB_STRDUP(session_userlist); else - user_list = strdup(""); + user_list = SMB_STRDUP(""); if (!user_list) return(False); diff --git a/source3/smbd/posix_acls.c b/source3/smbd/posix_acls.c index d30cf62e7c..903b943522 100644 --- a/source3/smbd/posix_acls.c +++ b/source3/smbd/posix_acls.c @@ -166,7 +166,7 @@ static char *create_pai_buf(canon_ace *file_ace_list, canon_ace *dir_ace_list, B *store_size = PAI_ENTRIES_BASE + ((num_entries + num_def_entries)*PAI_ENTRY_LENGTH); - pai_buf = malloc(*store_size); + pai_buf = SMB_MALLOC(*store_size); if (!pai_buf) { return NULL; } @@ -343,7 +343,7 @@ static struct pai_val *create_pai_val(char *buf, size_t size) if (!check_pai_ok(buf, size)) return NULL; - paiv = malloc(sizeof(struct pai_val)); + paiv = SMB_MALLOC_P(struct pai_val); if (!paiv) return NULL; @@ -362,7 +362,7 @@ static struct pai_val *create_pai_val(char *buf, size_t size) for (i = 0; i < paiv->num_entries; i++) { struct pai_entry *paie; - paie = malloc(sizeof(struct pai_entry)); + paie = SMB_MALLOC_P(struct pai_entry); if (!paie) { free_inherited_info(paiv); return NULL; @@ -393,7 +393,7 @@ static struct pai_val *create_pai_val(char *buf, size_t size) for (i = 0; i < paiv->num_def_entries; i++) { struct pai_entry *paie; - paie = malloc(sizeof(struct pai_entry)); + paie = SMB_MALLOC_P(struct pai_entry); if (!paie) { free_inherited_info(paiv); return NULL; @@ -438,7 +438,7 @@ static struct pai_val *load_inherited_info(files_struct *fsp) if (!lp_map_acl_inherit(SNUM(fsp->conn))) return NULL; - if ((pai_buf = malloc(pai_buf_size)) == NULL) + if ((pai_buf = SMB_MALLOC(pai_buf_size)) == NULL) return NULL; do { @@ -456,7 +456,10 @@ static struct pai_val *load_inherited_info(files_struct *fsp) /* Buffer too small - enlarge it. */ pai_buf_size *= 2; SAFE_FREE(pai_buf); - if ((pai_buf = malloc(pai_buf_size)) == NULL) + if (pai_buf_size > 1024*1024) { + return NULL; /* Limit malloc to 1mb. */ + } + if ((pai_buf = SMB_MALLOC(pai_buf_size)) == NULL) return NULL; } } while (ret == -1); @@ -523,7 +526,7 @@ static void free_canon_ace_list( canon_ace *list_head ) static canon_ace *dup_canon_ace( canon_ace *src_ace) { - canon_ace *dst_ace = (canon_ace *)malloc(sizeof(canon_ace)); + canon_ace *dst_ace = SMB_MALLOC_P(canon_ace); if (dst_ace == NULL) return NULL; @@ -1083,7 +1086,7 @@ static BOOL ensure_canon_entry_valid(canon_ace **pp_ace, } if (!got_user) { - if ((pace = (canon_ace *)malloc(sizeof(canon_ace))) == NULL) { + if ((pace = SMB_MALLOC_P(canon_ace)) == NULL) { DEBUG(0,("ensure_canon_entry_valid: malloc fail.\n")); return False; } @@ -1113,7 +1116,7 @@ static BOOL ensure_canon_entry_valid(canon_ace **pp_ace, } if (!got_grp) { - if ((pace = (canon_ace *)malloc(sizeof(canon_ace))) == NULL) { + if ((pace = SMB_MALLOC_P(canon_ace)) == NULL) { DEBUG(0,("ensure_canon_entry_valid: malloc fail.\n")); return False; } @@ -1139,7 +1142,7 @@ static BOOL ensure_canon_entry_valid(canon_ace **pp_ace, } if (!got_other) { - if ((pace = (canon_ace *)malloc(sizeof(canon_ace))) == NULL) { + if ((pace = SMB_MALLOC_P(canon_ace)) == NULL) { DEBUG(0,("ensure_canon_entry_valid: malloc fail.\n")); return False; } @@ -1323,7 +1326,7 @@ static BOOL create_canon_ace_lists(files_struct *fsp, SMB_STRUCT_STAT *pst, * Create a cannon_ace entry representing this NT DACL ACE. */ - if ((current_ace = (canon_ace *)malloc(sizeof(canon_ace))) == NULL) { + if ((current_ace = SMB_MALLOC_P(canon_ace)) == NULL) { free_canon_ace_list(file_ace); free_canon_ace_list(dir_ace); DEBUG(0,("create_canon_ace_lists: malloc fail.\n")); @@ -2161,7 +2164,7 @@ static canon_ace *canonicalise_acl( files_struct *fsp, SMB_ACL_T posix_acl, SMB_ * Add this entry to the list. */ - if ((ace = (canon_ace *)malloc(sizeof(canon_ace))) == NULL) + if ((ace = SMB_MALLOC_P(canon_ace)) == NULL) goto fail; ZERO_STRUCTP(ace); @@ -2793,7 +2796,7 @@ size_t get_nt_acl(files_struct *fsp, uint32 security_info, SEC_DESC **ppdesc) num_def_acls = count_canon_ace_list(dir_ace); /* Allocate the ace list. */ - if ((nt_ace_list = (SEC_ACE *)malloc((num_acls + num_profile_acls + num_def_acls)* sizeof(SEC_ACE))) == NULL) { + if ((nt_ace_list = SMB_MALLOC_ARRAY(SEC_ACE,num_acls + num_profile_acls + num_def_acls)) == NULL) { DEBUG(0,("get_nt_acl: Unable to malloc space for nt_ace_list.\n")); goto done; } diff --git a/source3/smbd/process.c b/source3/smbd/process.c index 5be68d9f0a..8adc5c2e66 100644 --- a/source3/smbd/process.c +++ b/source3/smbd/process.c @@ -85,8 +85,7 @@ static void free_queued_message(struct pending_message_list *msg) static BOOL push_queued_message(enum q_type qt, char *buf, int msg_len, struct timeval *ptv, char *private, size_t private_len) { struct pending_message_list *tmp_msg; - struct pending_message_list *msg = (struct pending_message_list *) - malloc(sizeof(struct pending_message_list)); + struct pending_message_list *msg = SMB_MALLOC_P(struct pending_message_list); if(msg == NULL) { DEBUG(0,("push_message: malloc fail (1)\n")); @@ -1498,8 +1497,8 @@ void smbd_process(void) unsigned int num_smbs = 0; const size_t total_buffer_size = BUFFER_SIZE + LARGE_WRITEX_HDR_SIZE + SAFETY_MARGIN; - InBuffer = (char *)malloc(total_buffer_size); - OutBuffer = (char *)malloc(total_buffer_size); + InBuffer = (char *)SMB_MALLOC(total_buffer_size); + OutBuffer = (char *)SMB_MALLOC(total_buffer_size); if ((InBuffer == NULL) || (OutBuffer == NULL)) return; diff --git a/source3/smbd/reply.c b/source3/smbd/reply.c index eda523e73a..23657d3f1f 100644 --- a/source3/smbd/reply.c +++ b/source3/smbd/reply.c @@ -899,7 +899,7 @@ int reply_search(connection_struct *conn, char *inbuf,char *outbuf, int dum_size END_PROFILE(SMBsearch); return ERROR_DOS(ERRDOS,ERRnofids); } - dptr_set_wcard(dptr_num, strdup(mask)); + dptr_set_wcard(dptr_num, SMB_STRDUP(mask)); dptr_set_attr(dptr_num, dirtype); } else { dirtype = dptr_attr(dptr_num); @@ -4945,7 +4945,7 @@ int reply_writebmpx(connection_struct *conn, char *inbuf,char *outbuf, int size, if(fsp->wbmpx_ptr != NULL) wbms = fsp->wbmpx_ptr; /* Use an existing struct */ else - wbms = (write_bmpx_struct *)malloc(sizeof(write_bmpx_struct)); + wbms = SMB_MALLOC_P(write_bmpx_struct); if(!wbms) { DEBUG(0,("Out of memory in reply_readmpx\n")); END_PROFILE(SMBwriteBmpx); diff --git a/source3/smbd/sec_ctx.c b/source3/smbd/sec_ctx.c index 8a85792ead..a5411b94a1 100644 --- a/source3/smbd/sec_ctx.c +++ b/source3/smbd/sec_ctx.c @@ -154,7 +154,7 @@ int get_current_groups(gid_t gid, int *p_ngroups, gid_t **p_groups) goto fail; } - if((groups = (gid_t *)malloc(sizeof(gid_t)*(ngroups+1))) == NULL) { + if((groups = SMB_MALLOC_ARRAY(gid_t, ngroups+1)) == NULL) { DEBUG(0,("setup_groups malloc fail !\n")); goto fail; } @@ -260,7 +260,7 @@ BOOL push_sec_ctx(void) ctx_p->ngroups = sys_getgroups(0, NULL); if (ctx_p->ngroups != 0) { - if (!(ctx_p->groups = malloc(ctx_p->ngroups * sizeof(gid_t)))) { + if (!(ctx_p->groups = SMB_MALLOC_ARRAY(gid_t, ctx_p->ngroups))) { DEBUG(0, ("Out of memory in push_sec_ctx()\n")); delete_nt_token(&ctx_p->token); return False; diff --git a/source3/smbd/session.c b/source3/smbd/session.c index 91ebaeb830..9a9a0d90b2 100644 --- a/source3/smbd/session.c +++ b/source3/smbd/session.c @@ -151,7 +151,7 @@ BOOL session_claim(user_struct *vuser) sessionid.id_str, sessionid.id_num); } - vuser->session_keystr = strdup(keystr); + vuser->session_keystr = SMB_STRDUP(keystr); if (!vuser->session_keystr) { DEBUG(0, ("session_claim: strdup() failed for session_keystr\n")); return False; @@ -221,8 +221,8 @@ static int gather_sessioninfo(TDB_CONTEXT *stdb, TDB_DATA kbuf, TDB_DATA dbuf, const struct sessionid *current = (const struct sessionid *) dbuf.dptr; sesslist->count += 1; - sesslist->sessions = REALLOC(sesslist->sessions, sesslist->count * - sizeof(struct sessionid)); + sesslist->sessions = SMB_REALLOC_ARRAY(sesslist->sessions, struct sessionid, + sesslist->count); memcpy(&sesslist->sessions[sesslist->count - 1], current, sizeof(struct sessionid)); diff --git a/source3/smbd/statcache.c b/source3/smbd/statcache.c index ba37d4927c..cfc5286327 100644 --- a/source3/smbd/statcache.c +++ b/source3/smbd/statcache.c @@ -76,7 +76,7 @@ void stat_cache_add( const char *full_orig_name, const char *orig_translated_pat * translated path. */ - translated_path = strdup(orig_translated_path); + translated_path = SMB_STRDUP(orig_translated_path); if (!translated_path) return; @@ -88,7 +88,7 @@ void stat_cache_add( const char *full_orig_name, const char *orig_translated_pat } if(case_sensitive) { - original_path = strdup(full_orig_name); + original_path = SMB_STRDUP(full_orig_name); } else { original_path = strdup_upper(full_orig_name); } @@ -179,7 +179,7 @@ BOOL stat_cache_lookup(connection_struct *conn, pstring name, pstring dirpath, return False; if (conn->case_sensitive) { - chk_name = strdup(name); + chk_name = SMB_STRDUP(name); if (!chk_name) { DEBUG(0, ("stat_cache_lookup: strdup failed!\n")); return False; diff --git a/source3/smbd/trans2.c b/source3/smbd/trans2.c index 4a10511a0e..7269ab9157 100644 --- a/source3/smbd/trans2.c +++ b/source3/smbd/trans2.c @@ -115,7 +115,7 @@ static BOOL get_ea_value(TALLOC_CTX *mem_ctx, connection_struct *conn, files_str again: - val = talloc_realloc(mem_ctx, val, attr_size); + val = TALLOC_REALLOC_ARRAY(mem_ctx, val, char, attr_size); if (!val) { return False; } @@ -169,8 +169,8 @@ static struct ea_list *get_ea_list(TALLOC_CTX *mem_ctx, connection_struct *conn, return NULL; } - for (i = 0, ea_namelist = talloc(mem_ctx, ea_namelist_size); i < 6; - ea_namelist = talloc_realloc(mem_ctx, ea_namelist, ea_namelist_size), i++) { + for (i = 0, ea_namelist = TALLOC(mem_ctx, ea_namelist_size); i < 6; + ea_namelist = TALLOC_REALLOC_ARRAY(mem_ctx, ea_namelist, char, ea_namelist_size), i++) { if (fsp && fsp->fd != -1) { sizeret = SMB_VFS_FLISTXATTR(fsp, fsp->fd, ea_namelist, ea_namelist_size); } else { @@ -196,7 +196,7 @@ static struct ea_list *get_ea_list(TALLOC_CTX *mem_ctx, connection_struct *conn, if (strnequal(p, "system.", 7) || samba_private_attr_name(p)) continue; - listp = talloc(mem_ctx, sizeof(struct ea_list)); + listp = TALLOC_P(mem_ctx, struct ea_list); if (!listp) return NULL; @@ -672,7 +672,7 @@ static int call_trans2open(connection_struct *conn, char *inbuf, char *outbuf, i } /* Realloc the size of parameters and data we will return */ - params = Realloc(*pparams, 28); + params = SMB_REALLOC(*pparams, 28); if( params == NULL ) return(ERROR_DOS(ERRDOS,ERRnomem)); *pparams = params; @@ -1418,7 +1418,7 @@ close_if_end = %d requires_resume_key = %d level = 0x%x, max_data_bytes = %d\n", DEBUG(5,("dir=%s, mask = %s\n",directory, mask)); - pdata = Realloc(*ppdata, max_data_bytes + DIR_ENTRY_SAFETY_MARGIN); + pdata = SMB_REALLOC(*ppdata, max_data_bytes + DIR_ENTRY_SAFETY_MARGIN); if( pdata == NULL ) return(ERROR_DOS(ERRDOS,ERRnomem)); @@ -1426,7 +1426,7 @@ close_if_end = %d requires_resume_key = %d level = 0x%x, max_data_bytes = %d\n", memset((char *)pdata,'\0',max_data_bytes + DIR_ENTRY_SAFETY_MARGIN); /* Realloc the params space */ - params = Realloc(*pparams, 10); + params = SMB_REALLOC(*pparams, 10); if (params == NULL) return ERROR_DOS(ERRDOS,ERRnomem); *pparams = params; @@ -1438,7 +1438,7 @@ close_if_end = %d requires_resume_key = %d level = 0x%x, max_data_bytes = %d\n", /* Save the wildcard match and attribs we are using on this directory - needed as lanman2 assumes these are being saved between calls */ - if(!(wcard = strdup(mask))) { + if(!(wcard = SMB_STRDUP(mask))) { dptr_close(&dptr_num); return ERROR_DOS(ERRDOS,ERRnomem); } @@ -1617,7 +1617,7 @@ resume_key = %d resume name = %s continue=%d level = %d\n", return ERROR_DOS(ERRDOS,ERRunknownlevel); } - pdata = Realloc( *ppdata, max_data_bytes + DIR_ENTRY_SAFETY_MARGIN); + pdata = SMB_REALLOC( *ppdata, max_data_bytes + DIR_ENTRY_SAFETY_MARGIN); if(pdata == NULL) return ERROR_DOS(ERRDOS,ERRnomem); @@ -1625,7 +1625,7 @@ resume_key = %d resume name = %s continue=%d level = %d\n", memset((char *)pdata,'\0',max_data_bytes + DIR_ENTRY_SAFETY_MARGIN); /* Realloc the params space */ - params = Realloc(*pparams, 6*SIZEOFWORD); + params = SMB_REALLOC(*pparams, 6*SIZEOFWORD); if( params == NULL ) return ERROR_DOS(ERRDOS,ERRnomem); @@ -1836,7 +1836,7 @@ static int call_trans2qfsinfo(connection_struct *conn, char *inbuf, char *outbuf return ERROR_DOS(ERRSRV,ERRinvdevice); } - pdata = Realloc(*ppdata, max_data_bytes + DIR_ENTRY_SAFETY_MARGIN); + pdata = SMB_REALLOC(*ppdata, max_data_bytes + DIR_ENTRY_SAFETY_MARGIN); if ( pdata == NULL ) return ERROR_DOS(ERRDOS,ERRnomem); @@ -2519,13 +2519,13 @@ static int call_trans2qfilepathinfo(connection_struct *conn, char *inbuf, char * file_size = 0; } - params = Realloc(*pparams,2); + params = SMB_REALLOC(*pparams,2); if (params == NULL) return ERROR_DOS(ERRDOS,ERRnomem); *pparams = params; memset((char *)params,'\0',2); data_size = max_data_bytes + DIR_ENTRY_SAFETY_MARGIN; - pdata = Realloc(*ppdata, data_size); + pdata = SMB_REALLOC(*ppdata, data_size); if ( pdata == NULL ) return ERROR_DOS(ERRDOS,ERRnomem); *ppdata = pdata; @@ -3302,7 +3302,7 @@ static int call_trans2setfilepathinfo(connection_struct *conn, char *inbuf, char tran_call,fname, fsp ? fsp->fnum : -1, info_level,total_data)); /* Realloc the parameter and data sizes */ - params = Realloc(*pparams,2); + params = SMB_REALLOC(*pparams,2); if(params == NULL) return ERROR_DOS(ERRDOS,ERRnomem); *pparams = params; @@ -4028,7 +4028,7 @@ static int call_trans2mkdir(connection_struct *conn, char *inbuf, char *outbuf, } /* Realloc the parameter and data sizes */ - params = Realloc(*pparams,2); + params = SMB_REALLOC(*pparams,2); if(params == NULL) return ERROR_DOS(ERRDOS,ERRnomem); *pparams = params; @@ -4068,7 +4068,7 @@ static int call_trans2findnotifyfirst(connection_struct *conn, char *inbuf, char } /* Realloc the parameter and data sizes */ - params = Realloc(*pparams,6); + params = SMB_REALLOC(*pparams,6); if(params == NULL) return ERROR_DOS(ERRDOS,ERRnomem); *pparams = params; @@ -4101,7 +4101,7 @@ static int call_trans2findnotifynext(connection_struct *conn, char *inbuf, char DEBUG(3,("call_trans2findnotifynext\n")); /* Realloc the parameter and data sizes */ - params = Realloc(*pparams,4); + params = SMB_REALLOC(*pparams,4); if(params == NULL) return ERROR_DOS(ERRDOS,ERRnomem); *pparams = params; @@ -4168,7 +4168,7 @@ static int call_trans2ioctl(connection_struct *conn, char* inbuf, char* outbuf, if ((SVAL(inbuf,(smb_setup+4)) == LMCAT_SPL) && (SVAL(inbuf,(smb_setup+6)) == LMFUNC_GETJOBID)) { - pdata = Realloc(*ppdata, 32); + pdata = SMB_REALLOC(*ppdata, 32); if(pdata == NULL) return ERROR_DOS(ERRDOS,ERRnomem); *ppdata = pdata; @@ -4319,9 +4319,9 @@ int reply_trans2(connection_struct *conn, /* Allocate the space for the maximum needed parameters and data */ if (total_params > 0) - params = (char *)malloc(total_params); + params = (char *)SMB_MALLOC(total_params); if (total_data > 0) - data = (char *)malloc(total_data); + data = (char *)SMB_MALLOC(total_data); if ((total_params && !params) || (total_data && !data)) { DEBUG(2,("Out of memory in reply_trans2\n")); diff --git a/source3/smbd/vfs.c b/source3/smbd/vfs.c index 10599c50a1..0102739fe3 100644 --- a/source3/smbd/vfs.c +++ b/source3/smbd/vfs.c @@ -188,7 +188,7 @@ NTSTATUS smb_register_vfs(int version, const char *name, vfs_op_tuple *vfs_op_tu return NT_STATUS_OBJECT_NAME_COLLISION; } - entry = smb_xmalloc(sizeof(struct vfs_init_function_entry)); + entry = SMB_XMALLOC_P(struct vfs_init_function_entry); entry->name = smb_xstrdup(name); entry->vfs_op_tuples = vfs_op_tuples; @@ -261,7 +261,7 @@ BOOL vfs_init_custom(connection_struct *conn, const char *vfs_object) return False; } - handle = (vfs_handle_struct *)talloc_zero(conn->mem_ctx,sizeof(vfs_handle_struct)); + handle = TALLOC_ZERO_P(conn->mem_ctx,vfs_handle_struct); if (!handle) { DEBUG(0,("talloc_zero() failed!\n")); SAFE_FREE(module_name); @@ -684,7 +684,7 @@ static void array_promote(char *array,int elsize,int element) if (element == 0) return; - p = (char *)malloc(elsize); + p = (char *)SMB_MALLOC(elsize); if (!p) { DEBUG(5,("array_promote: malloc fail\n")); @@ -879,7 +879,7 @@ BOOL reduce_name(connection_struct *conn, const pstring fname) pstrcat(tmp_fname, last_component); #ifdef REALPATH_TAKES_NULL SAFE_FREE(resolved_name); - resolved_name = strdup(tmp_fname); + resolved_name = SMB_STRDUP(tmp_fname); if (!resolved_name) { DEBUG(0,("reduce_name: malloc fail for %s\n", tmp_fname)); errno = saved_errno; |