diff options
| author | Andreas Schneider <asn@samba.org> | 2012-12-21 16:03:51 +0100 |
|---|---|---|
| committer | Günther Deschner <gd@samba.org> | 2013-01-02 14:19:50 +0100 |
| commit | 94f11e9d168931018125a1552f22b786ba290dd0 (patch) | |
| tree | aaa90120dd8381002407389b570107f3c0fc0137 /source3/utils/net_rpc_service.c | |
| parent | 9b0c1ab07c2c9a3fce1c49ad3d476ca1301182a4 (diff) | |
| download | samba-94f11e9d168931018125a1552f22b786ba290dd0.tar.gz samba-94f11e9d168931018125a1552f22b786ba290dd0.tar.bz2 samba-94f11e9d168931018125a1552f22b786ba290dd0.zip | |
s3-net: Fix rpc_service_list_internal() null pointer passing.
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
Found by Coverity.
Autobuild-User(master): Günther Deschner <gd@samba.org>
Autobuild-Date(master): Wed Jan 2 14:19:50 CET 2013 on sn-devel-104
Diffstat (limited to 'source3/utils/net_rpc_service.c')
| -rw-r--r-- | source3/utils/net_rpc_service.c | 15 |
1 files changed, 13 insertions, 2 deletions
diff --git a/source3/utils/net_rpc_service.c b/source3/utils/net_rpc_service.c index 523eafd653..0c0995a1dc 100644 --- a/source3/utils/net_rpc_service.c +++ b/source3/utils/net_rpc_service.c @@ -289,7 +289,7 @@ static NTSTATUS rpc_service_list_internal(struct net_context *c, int i; struct dcerpc_binding_handle *b = pipe_hnd->binding_handle; - uint8_t *buffer = NULL; + uint8_t *buffer; uint32_t buf_size = 0; uint32_t bytes_needed = 0; uint32_t num_services = 0; @@ -307,6 +307,12 @@ static NTSTATUS rpc_service_list_internal(struct net_context *c, return werror_to_ntstatus(result); } + buffer = talloc_array(mem_ctx, uint8_t, buf_size); + if (buffer == NULL) { + status = NT_STATUS_NO_MEMORY; + goto done; + } + do { status = dcerpc_svcctl_EnumServicesStatusW(b, mem_ctx, &hSCM, @@ -327,8 +333,12 @@ static NTSTATUS rpc_service_list_internal(struct net_context *c, } if (W_ERROR_EQUAL(result, WERR_MORE_DATA) && bytes_needed > 0) { - buffer = talloc_array(mem_ctx, uint8_t, bytes_needed); buf_size = bytes_needed; + buffer = talloc_realloc(mem_ctx, buffer, uint8_t, bytes_needed); + if (buffer == NULL) { + status = NT_STATUS_NO_MEMORY; + break; + } continue; } @@ -381,6 +391,7 @@ static NTSTATUS rpc_service_list_internal(struct net_context *c, } while (W_ERROR_EQUAL(result, WERR_MORE_DATA)); +done: if (is_valid_policy_hnd(&hSCM)) { WERROR _result; dcerpc_svcctl_CloseServiceHandle(b, mem_ctx, &hSCM, &_result); |