summaryrefslogtreecommitdiff
path: root/source3
diff options
context:
space:
mode:
authorSimo Sorce <idra@samba.org>2001-08-12 17:30:01 +0000
committerSimo Sorce <idra@samba.org>2001-08-12 17:30:01 +0000
commit2e783a47076bd0994b6ce86df7ec967bc1c2da63 (patch)
treec6504d6e8396eef290fe499abb8586b758f1f3d4 /source3
parentddec8306586414cc02eca612777bb547cb8dbcae (diff)
downloadsamba-2e783a47076bd0994b6ce86df7ec967bc1c2da63.tar.gz
samba-2e783a47076bd0994b6ce86df7ec967bc1c2da63.tar.bz2
samba-2e783a47076bd0994b6ce86df7ec967bc1c2da63.zip
this is a big global fix for the ptr = Realloc(ptr, size) bug.
many possible mem leaks, and segfaults fixed. someone should port this fix to 2.2 also. (This used to be commit fa8e55b8b465114ce209344965c1ca0333b84db9)
Diffstat (limited to 'source3')
-rw-r--r--source3/aparser/parser.c10
-rw-r--r--source3/client/client.c6
-rw-r--r--source3/client/clitar.c6
-rw-r--r--source3/groupdb/aliasdb.c7
-rw-r--r--source3/groupdb/aliasfile.c7
-rw-r--r--source3/groupdb/groupdb.c7
-rw-r--r--source3/groupdb/groupfile.c7
-rw-r--r--source3/groupdb/mapping.c27
-rw-r--r--source3/lib/time.c9
-rw-r--r--source3/lib/util.c8
-rw-r--r--source3/lib/util_array.c7
-rw-r--r--source3/lib/util_file.c22
-rw-r--r--source3/libsmb/clilist.c19
-rw-r--r--source3/libsmb/clitrans.c30
-rw-r--r--source3/locking/brlock.c6
-rw-r--r--source3/locking/posix.c13
-rw-r--r--source3/msdfs/msdfs.c6
-rw-r--r--source3/nsswitch/wb_client.c7
-rw-r--r--source3/nsswitch/winbindd_group.c9
-rw-r--r--source3/nsswitch/winbindd_misc.c11
-rw-r--r--source3/nsswitch/winbindd_user.c9
-rw-r--r--source3/param/loadparm.c23
-rw-r--r--source3/param/params.c27
-rw-r--r--source3/passdb/ldap.c19
-rw-r--r--source3/printing/nt_printing.c60
-rw-r--r--source3/rpc_parse/parse_creds.c20
-rw-r--r--source3/rpc_parse/parse_spoolss.c33
-rw-r--r--source3/rpc_server/srv_spoolss_nt.c69
-rw-r--r--source3/smbd/lanman.c10
-rw-r--r--source3/smbwrapper/smbw_dir.c5
30 files changed, 363 insertions, 136 deletions
diff --git a/source3/aparser/parser.c b/source3/aparser/parser.c
index c2348b84f9..0c7153e1fb 100644
--- a/source3/aparser/parser.c
+++ b/source3/aparser/parser.c
@@ -460,8 +460,12 @@ realloc some memory for a parse structure
********************************************************************/
BOOL io_realloc(char *name, io_struct *ps, void **ptr, unsigned size)
{
- (*ptr) = (void *)Realloc(*ptr, size);
- if (*ptr) return True;
- return False;
+ BOOL ret = True;
+ void *tp;
+
+ tp = (void *)Realloc(*ptr, size);
+ if (tp) *ptr = tp;
+ else ret = False;
+ return ret;
}
diff --git a/source3/client/client.c b/source3/client/client.c
index 32cc34b225..f3cc28cc60 100644
--- a/source3/client/client.c
+++ b/source3/client/client.c
@@ -415,20 +415,22 @@ static void adjust_do_list_queue(void)
static void add_to_do_list_queue(const char* entry)
{
+ char *dlq;
long new_end = do_list_queue_end + ((long)strlen(entry)) + 1;
while (new_end > do_list_queue_size)
{
do_list_queue_size *= 2;
DEBUG(4,("enlarging do_list_queue to %d\n",
(int)do_list_queue_size));
- do_list_queue = Realloc(do_list_queue, do_list_queue_size);
- if (! do_list_queue) {
+ dlq = Realloc(do_list_queue, do_list_queue_size);
+ if (! dlq) {
DEBUG(0,("failure enlarging do_list_queue to %d bytes\n",
(int)do_list_queue_size));
reset_do_list_queue();
}
else
{
+ do_list_queue = dlq;
memset(do_list_queue + do_list_queue_size / 2,
0, do_list_queue_size / 2);
}
diff --git a/source3/client/clitar.c b/source3/client/clitar.c
index d28e652b35..3ae4cafc18 100644
--- a/source3/client/clitar.c
+++ b/source3/client/clitar.c
@@ -1569,14 +1569,16 @@ static int read_inclusion_file(char *filename)
}
if ((strlen(buf) + 1 + inclusion_buffer_sofar) >= inclusion_buffer_size) {
+ char *ib;
inclusion_buffer_size *= 2;
- inclusion_buffer = Realloc(inclusion_buffer,inclusion_buffer_size);
- if (! inclusion_buffer) {
+ ib = Realloc(inclusion_buffer,inclusion_buffer_size);
+ if (! ib) {
DEBUG(0,("failure enlarging inclusion buffer to %d bytes\n",
inclusion_buffer_size));
error = 1;
break;
}
+ else inclusion_buffer = ib;
}
safe_strcpy(inclusion_buffer + inclusion_buffer_sofar, buf, inclusion_buffer_size - inclusion_buffer_sofar);
diff --git a/source3/groupdb/aliasdb.c b/source3/groupdb/aliasdb.c
index a6876d0afc..eed417a699 100644
--- a/source3/groupdb/aliasdb.c
+++ b/source3/groupdb/aliasdb.c
@@ -140,16 +140,19 @@ LOCAL_GRP *iterate_getaliasnam(char *name, LOCAL_GRP_MEMBER **mem, int *num_mem)
*************************************************************************/
BOOL add_domain_alias(LOCAL_GRP **alss, int *num_alss, LOCAL_GRP *als)
{
+ LOCAL_GRP *talss;
+
if (alss == NULL || num_alss == NULL || als == NULL)
{
return False;
}
- (*alss) = Realloc((*alss), ((*num_alss)+1) * sizeof(LOCAL_GRP));
- if ((*alss) == NULL)
+ talss = Realloc((*alss), ((*num_alss)+1) * sizeof(LOCAL_GRP));
+ if (talss == NULL)
{
return False;
}
+ else (*alss) = talss;
DEBUG(10,("adding alias %s(%s)\n", als->name, als->comment));
diff --git a/source3/groupdb/aliasfile.c b/source3/groupdb/aliasfile.c
index 4b8bbe3079..2735fef38f 100644
--- a/source3/groupdb/aliasfile.c
+++ b/source3/groupdb/aliasfile.c
@@ -128,12 +128,13 @@ static char *get_alias_members(char *p, int *num_mem, LOCAL_GRP_MEMBER **members
while (next_token(&p, name, ",", sizeof(fstring)))
{
+ LOCAL_GRP_MEMBER *mbrs;
DOM_SID sid;
uint8 type;
if (lookup_sid(name, &sid, &type))
{
- (*members) = Realloc((*members), ((*num_mem)+1) * sizeof(LOCAL_GRP_MEMBER));
+ mbrs = Realloc((*members), ((*num_mem)+1) * sizeof(LOCAL_GRP_MEMBER));
(*num_mem)++;
}
else
@@ -141,10 +142,12 @@ static char *get_alias_members(char *p, int *num_mem, LOCAL_GRP_MEMBER **members
DEBUG(0,("alias database: could not resolve alias named %s\n", name));
continue;
}
- if ((*members) == NULL)
+ if (mbrs == NULL)
{
return NULL;
}
+ else (*members) = mbrs;
+
fstrcpy((*members)[(*num_mem)-1].name, name);
(*members)[(*num_mem)-1].sid_use = type;
sid_copy(&(*members)[(*num_mem)-1].sid, &sid);
diff --git a/source3/groupdb/groupdb.c b/source3/groupdb/groupdb.c
index 1f773d9f15..4b7795c57b 100644
--- a/source3/groupdb/groupdb.c
+++ b/source3/groupdb/groupdb.c
@@ -138,16 +138,19 @@ DOMAIN_GRP *iterate_getgroupnam(char *name, DOMAIN_GRP_MEMBER **mem, int *num_me
*************************************************************************/
BOOL add_domain_group(DOMAIN_GRP **grps, int *num_grps, DOMAIN_GRP *grp)
{
+ DOMAIN_GRP *tgrps;
+
if (grps == NULL || num_grps == NULL || grp == NULL)
{
return False;
}
- (*grps) = Realloc((*grps), ((*num_grps)+1) * sizeof(DOMAIN_GRP));
- if ((*grps) == NULL)
+ tgrps = Realloc((*grps), ((*num_grps)+1) * sizeof(DOMAIN_GRP));
+ if (tgrps == NULL)
{
return False;
}
+ else (*grps) = tgrps;
DEBUG(10,("adding group %s(%s)\n", grp->name, grp->comment));
diff --git a/source3/groupdb/groupfile.c b/source3/groupdb/groupfile.c
index 88d362e7d4..ba9027b4f6 100644
--- a/source3/groupdb/groupfile.c
+++ b/source3/groupdb/groupfile.c
@@ -128,11 +128,14 @@ static char *get_group_members(char *p, int *num_mem, DOMAIN_GRP_MEMBER **member
while (next_token(&p, name, ",", sizeof(fstring)))
{
- (*members) = Realloc((*members), ((*num_mem)+1) * sizeof(DOMAIN_GRP_MEMBER));
- if ((*members) == NULL)
+ DOMAIN_GRP_MEMBER *mbrs;
+
+ mbrs = Realloc((*members), ((*num_mem)+1) * sizeof(DOMAIN_GRP_MEMBER));
+ if (mbrs == NULL)
{
return NULL;
}
+ else (*members) = mbrs;
fstrcpy((*members)[(*num_mem)].name, name);
(*members)[(*num_mem)].attr = 0x07;
(*num_mem)++;
diff --git a/source3/groupdb/mapping.c b/source3/groupdb/mapping.c
index 97e7551586..268a1b1bd4 100644
--- a/source3/groupdb/mapping.c
+++ b/source3/groupdb/mapping.c
@@ -395,7 +395,7 @@ BOOL enum_group_mapping(enum SID_NAME_USE sid_name_use, GROUP_MAP **rmap,
fstring string_sid;
fstring group_type;
GROUP_MAP map;
- GROUP_MAP *mapt=NULL;
+ GROUP_MAP *mapt;
int ret;
int entries=0;
@@ -433,7 +433,14 @@ BOOL enum_group_mapping(enum SID_NAME_USE sid_name_use, GROUP_MAP **rmap,
decode_sid_name_use(group_type, map.sid_name_use);
- mapt=(GROUP_MAP *)Realloc(mapt, (entries+1)*sizeof(GROUP_MAP));
+ mapt=(GROUP_MAP *)Realloc((*rmap), (entries+1)*sizeof(GROUP_MAP));
+ if (!mapt) {
+ DEBUG(0,("enum_group_mapping: Unable to enlarge group map!\n"));
+ if (*rmap) free(*rmap);
+ *rmap=NULL;
+ return False;
+ }
+ else (*rmap) = mapt;
mapt[entries].gid = map.gid;
sid_copy( &mapt[entries].sid, &map.sid);
@@ -445,7 +452,6 @@ BOOL enum_group_mapping(enum SID_NAME_USE sid_name_use, GROUP_MAP **rmap,
entries++;
}
- *rmap=mapt;
*num_entries=entries;
return True;
}
@@ -661,6 +667,7 @@ BOOL get_uid_list_of_group(gid_t gid, uid_t **uid, int *num_uids)
struct passwd *pwd;
int i=0;
char *gr;
+ uid_t *u;
*num_uids = 0;
*uid=NULL;
@@ -672,7 +679,12 @@ BOOL get_uid_list_of_group(gid_t gid, uid_t **uid, int *num_uids)
DEBUG(10, ("getting members\n"));
while (gr && (*gr != (char)'\0')) {
- (*uid)=Realloc((*uid), sizeof(uid_t)*(*num_uids+1));
+ u = Realloc((*uid), sizeof(uid_t)*(*num_uids+1));
+ if (!u) {
+ DEBUG(0,("get_uid_list_of_group: unable to enlarge uid list!\n"));
+ return False;
+ }
+ else (*uid) = u;
if( (pwd=getpwnam(gr)) !=NULL) {
(*uid)[*num_uids]=pwd->pw_uid;
@@ -685,7 +697,12 @@ BOOL get_uid_list_of_group(gid_t gid, uid_t **uid, int *num_uids)
setpwent();
while ((pwd=getpwent()) != NULL) {
if (pwd->pw_gid==gid) {
- (*uid)=Realloc((*uid), sizeof(uid_t)*(*num_uids+1));
+ u = Realloc((*uid), sizeof(uid_t)*(*num_uids+1));
+ if (!u) {
+ DEBUG(0,("get_uid_list_of_group: unable to enlarge uid list!\n"));
+ return False;
+ }
+ else (*uid) = u;
(*uid)[*num_uids]=pwd->pw_uid;
(*num_uids)++;
diff --git a/source3/lib/time.c b/source3/lib/time.c
index 9714d4b9f8..12643b0522 100644
--- a/source3/lib/time.c
+++ b/source3/lib/time.c
@@ -121,7 +121,7 @@ Updated by Paul Eggert <eggert@twinsun.com>
********************************************************************/
static int TimeZoneFaster(time_t t)
{
- static struct dst_table {time_t start,end; int zone;} *dst_table = NULL;
+ static struct dst_table {time_t start,end; int zone;} *tdt, *dst_table = NULL;
static int table_size = 0;
int i;
int zone = 0;
@@ -141,11 +141,14 @@ static int TimeZoneFaster(time_t t)
time_t low,high;
zone = TimeZone(t);
- dst_table = (struct dst_table *)Realloc(dst_table,
+ tdt = (struct dst_table *)Realloc(dst_table,
sizeof(dst_table[0])*(i+1));
- if (!dst_table) {
+ if (!tdt) {
+ DEBUG(0,("TimeZoneFaster: out of memory!\n"));
+ if (dst_table) free (dst_table);
table_size = 0;
} else {
+ dst_table = tdt;
table_size++;
dst_table[i].zone = zone;
diff --git a/source3/lib/util.c b/source3/lib/util.c
index ac0a004a26..33d604e85f 100644
--- a/source3/lib/util.c
+++ b/source3/lib/util.c
@@ -166,11 +166,15 @@ char *get_numlist(char *p, uint32 **num, int *count)
while ((p = Atoic(p, &val, ":,")) != NULL && (*p) != ':')
{
- (*num) = Realloc((*num), ((*count)+1) * sizeof(uint32));
- if ((*num) == NULL)
+ uint32 *tn;
+
+ tn = Realloc((*num), ((*count)+1) * sizeof(uint32));
+ if (tn == NULL)
{
+ if (*num) free(*num);
return NULL;
}
+ else (*num) = tn;
(*num)[(*count)] = val;
(*count)++;
p++;
diff --git a/source3/lib/util_array.c b/source3/lib/util_array.c
index 567c170834..dcb08d9ce7 100644
--- a/source3/lib/util_array.c
+++ b/source3/lib/util_array.c
@@ -58,15 +58,18 @@ void* add_copy_to_array(uint32 *len, void ***array, const void *item,
void* add_item_to_array(uint32 *len, void ***array, void *item)
{
+ void **tary;
+
if (len == NULL || array == NULL)
{
return NULL;
}
- (*array) = (void**)Realloc((*array), ((*len)+1)*sizeof((*array)[0]));
+ tary = (void**)Realloc((*array), ((*len)+1)*sizeof((*array)[0]));
- if ((*array) != NULL)
+ if (tary != NULL)
{
+ (*array) = tary;
(*array)[(*len)] = item;
(*len)++;
return item;
diff --git a/source3/lib/util_file.c b/source3/lib/util_file.c
index a92eb15333..d80c09666b 100644
--- a/source3/lib/util_file.c
+++ b/source3/lib/util_file.c
@@ -287,7 +287,7 @@ char *fgets_slash(char *s2,int maxlen,FILE *f)
if (!s2)
{
maxlen = MIN(maxlen,8);
- s = (char *)Realloc(s,maxlen);
+ s = (char *)malloc(maxlen);
}
if (!s) return(NULL);
@@ -327,9 +327,15 @@ char *fgets_slash(char *s2,int maxlen,FILE *f)
}
if (!s2 && len > maxlen-3)
{
+ char *t;
+
maxlen *= 2;
- s = (char *)Realloc(s,maxlen);
- if (!s) return(NULL);
+ t = (char *)Realloc(s,maxlen);
+ if (!t) {
+ DEBUG(0,("fgets_slash: failed to expand buffer!\n"));
+ if (s) free(s);
+ return(NULL);
+ } else s = t;
}
}
return(s);
@@ -342,7 +348,7 @@ load from a pipe into memory
char *file_pload(char *syscmd, size_t *size)
{
int fd, n;
- char *p;
+ char *p, *tp;
pstring buf;
size_t total;
@@ -353,11 +359,13 @@ char *file_pload(char *syscmd, size_t *size)
total = 0;
while ((n = read(fd, buf, sizeof(buf))) > 0) {
- p = Realloc(p, total + n + 1);
- if (!p) {
+ tp = Realloc(p, total + n + 1);
+ if (!tp) {
+ DEBUG(0,("file_pload: failed to exand buffer!\n"));
close(fd);
+ if (p) free(p);
return NULL;
- }
+ } else p = tp;
memcpy(p+total, buf, n);
total += n;
}
diff --git a/source3/libsmb/clilist.c b/source3/libsmb/clilist.c
index b7624486d6..609f5f2331 100644
--- a/source3/libsmb/clilist.c
+++ b/source3/libsmb/clilist.c
@@ -141,7 +141,7 @@ int cli_list_new(struct cli_state *cli,const char *Mask,uint16 attribute,
pstring mask;
file_info finfo;
int i;
- char *dirlist = NULL;
+ char *tdl, *dirlist = NULL;
int dirlist_len = 0;
int total_received = -1;
BOOL First = True;
@@ -259,12 +259,13 @@ int cli_list_new(struct cli_state *cli,const char *Mask,uint16 attribute,
}
/* and add them to the dirlist pool */
- dirlist = Realloc(dirlist,dirlist_len + data_len);
+ tdl = Realloc(dirlist,dirlist_len + data_len);
- if (!dirlist) {
- DEBUG(0,("Failed to expand dirlist\n"));
+ if (!tdl) {
+ DEBUG(0,("cli_list_new: Failed to expand dirlist\n"));
break;
}
+ else dirlist = tdl;
/* put in a length for the last entry, to ensure we can chain entries
into the next packet */
@@ -340,7 +341,7 @@ int cli_list_old(struct cli_state *cli,const char *Mask,uint16 attribute,
int num_asked = (cli->max_xmit - 100)/DIR_STRUCT_SIZE;
int num_received = 0;
int i;
- char *dirlist = NULL;
+ char *tdl, *dirlist = NULL;
pstring mask;
ZERO_ARRAY(status);
@@ -385,10 +386,14 @@ int cli_list_old(struct cli_state *cli,const char *Mask,uint16 attribute,
first = False;
- dirlist = Realloc(dirlist,(num_received + received)*DIR_STRUCT_SIZE);
+ tdl = Realloc(dirlist,(num_received + received)*DIR_STRUCT_SIZE);
- if (!dirlist)
+ if (!tdl) {
+ DEBUG(0,("cli_list_old: failed to expand dirlist"));
+ if (dirlist) free(dirlist);
return 0;
+ }
+ else dirlist = tdl;
p = smb_buf(cli->inbuf) + 3;
diff --git a/source3/libsmb/clitrans.c b/source3/libsmb/clitrans.c
index ac50c7bf6d..c4e19b9375 100644
--- a/source3/libsmb/clitrans.c
+++ b/source3/libsmb/clitrans.c
@@ -147,6 +147,7 @@ BOOL cli_receive_trans(struct cli_state *cli,int trans,
int this_data,this_param;
uint8 eclass;
uint32 ecode;
+ char *tdata;
*data_len = *param_len = 0;
@@ -187,8 +188,18 @@ BOOL cli_receive_trans(struct cli_state *cli,int trans,
total_param = SVAL(cli->inbuf,smb_tprcnt);
/* allocate it */
- *data = Realloc(*data,total_data);
- *param = Realloc(*param,total_param);
+ tdata = Realloc(*data,total_data);
+ if (!tdata) {
+ DEBUG(0,("cli_receive_trans: failed to enlarge buffer"));
+ return False;
+ }
+ else *data = tdata;
+ tdata = Realloc(*param,total_param);
+ if (!tdata) {
+ DEBUG(0,("cli_receive_trans: failed to enlarge buffer"));
+ return False;
+ }
+ else *param = tdata;
while (1) {
this_data = SVAL(cli->inbuf,smb_drcnt);
@@ -358,6 +369,7 @@ BOOL cli_receive_nt_trans(struct cli_state *cli,
int this_data,this_param;
uint8 eclass;
uint32 ecode;
+ char *tdata;
*data_len = *param_len = 0;
@@ -389,8 +401,18 @@ BOOL cli_receive_nt_trans(struct cli_state *cli,
total_param = SVAL(cli->inbuf,smb_ntr_TotalParameterCount);
/* allocate it */
- *data = Realloc(*data,total_data);
- *param = Realloc(*param,total_param);
+ tdata = Realloc(*data,total_data);
+ if (!tdata) {
+ DEBUG(0,("cli_receive_nt_trans: failed to enlarge buffer"));
+ return False;
+ }
+ else *data = tdata;
+ tdata = Realloc(*param,total_param);
+ if (!tdata) {
+ DEBUG(0,("cli_receive_nt_trans: failed to enlarge buffer"));
+ return False;
+ }
+ else *param = tdata;
while (1) {
this_data = SVAL(cli->inbuf,smb_ntr_DataCount);
diff --git a/source3/locking/brlock.c b/source3/locking/brlock.c
index 1982d9982c..d22297a948 100644
--- a/source3/locking/brlock.c
+++ b/source3/locking/brlock.c
@@ -218,6 +218,7 @@ BOOL brl_lock(SMB_DEV_T dev, SMB_INO_T ino, int fnum,
TDB_DATA kbuf, dbuf;
int count, i;
struct lock_struct lock, *locks;
+ char *tp;
kbuf = locking_key(dev,ino);
@@ -246,8 +247,9 @@ BOOL brl_lock(SMB_DEV_T dev, SMB_INO_T ino, int fnum,
}
/* no conflicts - add it to the list of locks */
- dbuf.dptr = Realloc(dbuf.dptr, dbuf.dsize + sizeof(*locks));
- if (!dbuf.dptr) goto fail;
+ tp = Realloc(dbuf.dptr, dbuf.dsize + sizeof(*locks));
+ if (!tp) goto fail;
+ else dbuf.dptr = tp;
memcpy(dbuf.dptr + dbuf.dsize, &lock, sizeof(lock));
dbuf.dsize += sizeof(lock);
tdb_store(tdb, kbuf, dbuf, TDB_REPLACE);
diff --git a/source3/locking/posix.c b/source3/locking/posix.c
index 2a8a7aacd7..833914c7aa 100644
--- a/source3/locking/posix.c
+++ b/source3/locking/posix.c
@@ -98,16 +98,19 @@ static BOOL add_fd_to_close_entry(files_struct *fsp)
{
TDB_DATA kbuf = locking_key_fsp(fsp);
TDB_DATA dbuf;
+ char *tp;
dbuf.dptr = NULL;
dbuf = tdb_fetch(posix_pending_close_tdb, kbuf);
- dbuf.dptr = Realloc(dbuf.dptr, dbuf.dsize + sizeof(int));
- if (!dbuf.dptr) {
+ tp = Realloc(dbuf.dptr, dbuf.dsize + sizeof(int));
+ if (!tp) {
DEBUG(0,("add_fd_to_close_entry: Realloc fail !\n"));
+ if (dbuf.dptr) free(dbuf.dptr);
return False;
}
+ else dbuf.dptr = tp;
memcpy(dbuf.dptr + dbuf.dsize, &fsp->fd, sizeof(int));
dbuf.dsize += sizeof(int);
@@ -354,6 +357,7 @@ static BOOL add_posix_lock_entry(files_struct *fsp, SMB_OFF_T start, SMB_OFF_T s
TDB_DATA kbuf = locking_key_fsp(fsp);
TDB_DATA dbuf;
struct posix_lock pl;
+ char *tp;
dbuf.dptr = NULL;
@@ -370,11 +374,12 @@ static BOOL add_posix_lock_entry(files_struct *fsp, SMB_OFF_T start, SMB_OFF_T s
pl.size = size;
pl.lock_type = lock_type;
- dbuf.dptr = Realloc(dbuf.dptr, dbuf.dsize + sizeof(pl));
- if (!dbuf.dptr) {
+ tp = Realloc(dbuf.dptr, dbuf.dsize + sizeof(pl));
+ if (!tp) {
DEBUG(0,("add_posix_lock_entry: Realloc fail !\n"));
goto fail;
}
+ else dbuf.dptr = tp;
memcpy(dbuf.dptr + dbuf.dsize, &pl, sizeof(pl));
dbuf.dsize += sizeof(pl);
diff --git a/source3/msdfs/msdfs.c b/source3/msdfs/msdfs.c
index 2890b05b52..1fa16d4006 100644
--- a/source3/msdfs/msdfs.c
+++ b/source3/msdfs/msdfs.c
@@ -398,11 +398,12 @@ static int setup_ver2_dfs_referral(char* pathname, char** ppdata,
/* add the unexplained 0x16 bytes */
reply_size += 0x16;
- pdata = *ppdata = Realloc(pdata,reply_size);
+ pdata = Realloc(pdata,reply_size);
if(pdata == NULL) {
DEBUG(0,("malloc failed for Realloc!\n"));
return -1;
}
+ else *ppdata = pdata;
/* copy in the dfs requested paths.. required for offset calculations */
memcpy(pdata+uni_reqpathoffset1,uni_requestedpath,requestedpathlen);
@@ -476,11 +477,12 @@ static int setup_ver3_dfs_referral(char* pathname, char** ppdata,
reply_size += (strlen(junction->referral_list[i].alternate_path)+1)*2;
}
- pdata = *ppdata = Realloc(pdata,reply_size);
+ pdata = Realloc(pdata,reply_size);
if(pdata == NULL) {
DEBUG(0,("version3 referral setup: malloc failed for Realloc!\n"));
return -1;
}
+ else *ppdata = pdata;
/* create the header */
SSVAL(pdata,0,reqpathlen-2); /* path consumed */
diff --git a/source3/nsswitch/wb_client.c b/source3/nsswitch/wb_client.c
index 2a29773b9e..f5585557fb 100644
--- a/source3/nsswitch/wb_client.c
+++ b/source3/nsswitch/wb_client.c
@@ -278,7 +278,7 @@ static int wb_getgroups(char *user, gid_t **groups)
int winbind_initgroups(char *user, gid_t gid)
{
- gid_t *groups = NULL;
+ gid_t *tgr, *groups = NULL;
int result;
char *sep;
@@ -310,13 +310,14 @@ int winbind_initgroups(char *user, gid_t gid)
/* Add group to list if necessary */
if (!is_member) {
- groups = Realloc(groups, sizeof(gid_t) * ngroups + 1);
+ tgr = Realloc(groups, sizeof(gid_t) * ngroups + 1);
- if (!groups) {
+ if (!tgr) {
errno = ENOMEM;
result = -1;
goto done;
}
+ else groups = tgr;
groups[ngroups] = gid;
ngroups++;
diff --git a/source3/nsswitch/winbindd_group.c b/source3/nsswitch/winbindd_group.c
index ed4db07dda..ff357dc098 100644
--- a/source3/nsswitch/winbindd_group.c
+++ b/source3/nsswitch/winbindd_group.c
@@ -764,7 +764,7 @@ enum winbindd_result winbindd_list_groups(struct winbindd_cli_state *state)
uint32 total_entries = 0;
struct winbindd_domain *domain;
struct getent_state groups;
- char *extra_data = NULL;
+ char *ted, *extra_data = NULL;
int extra_data_len = 0, i;
DEBUG(3, ("[%5d]: list groups\n", state->pid));
@@ -794,12 +794,15 @@ enum winbindd_result winbindd_list_groups(struct winbindd_cli_state *state)
account names to sizeof(fstring) = 128 characters. */
total_entries += groups.num_sam_entries;
- extra_data = Realloc(extra_data,
+ ted = Realloc(extra_data,
sizeof(fstring) * total_entries);
- if (!extra_data) {
+ if (!ted) {
+ DEBUG(0,("winbindd_list_groups: failed to enlarge buffer!\n"));
+ if (extra_data) free(extra_data);
return WINBINDD_ERROR;
}
+ else extra_data = ted;
/* Pack group list into extra data fields */
diff --git a/source3/nsswitch/winbindd_misc.c b/source3/nsswitch/winbindd_misc.c
index 9520fc218b..21f1afa6a7 100644
--- a/source3/nsswitch/winbindd_misc.c
+++ b/source3/nsswitch/winbindd_misc.c
@@ -136,7 +136,7 @@ enum winbindd_result winbindd_list_trusted_domains(struct winbindd_cli_state
{
struct winbindd_domain *domain;
int total_entries = 0, extra_data_len = 0;
- char *extra_data = NULL;
+ char *ted, *extra_data = NULL;
DEBUG(3, ("[%5d]: list trusted domains\n", state->pid));
@@ -149,10 +149,15 @@ enum winbindd_result winbindd_list_trusted_domains(struct winbindd_cli_state
/* Add domain to list */
total_entries++;
- extra_data = Realloc(extra_data, sizeof(fstring) *
+ ted = Realloc(extra_data, sizeof(fstring) *
total_entries);
- if (!extra_data) return WINBINDD_ERROR;
+ if (!ted) {
+ DEBUG(0,("winbindd_list_trusted_domains: failed to enlarge buffer!\n"));
+ if (extra_data) free(extra_data);
+ return WINBINDD_ERROR;
+ }
+ else extra_data = ted;
memcpy(&extra_data[extra_data_len], domain->name,
strlen(domain->name));
diff --git a/source3/nsswitch/winbindd_user.c b/source3/nsswitch/winbindd_user.c
index 30416e76d7..804d3deebb 100644
--- a/source3/nsswitch/winbindd_user.c
+++ b/source3/nsswitch/winbindd_user.c
@@ -594,7 +594,7 @@ enum winbindd_result winbindd_list_users(struct winbindd_cli_state *state)
SAM_DISPINFO_CTR ctr;
SAM_DISPINFO_1 info1;
uint32 num_entries = 0, total_entries = 0;
- char *extra_data = NULL;
+ char *ted, *extra_data = NULL;
int extra_data_len = 0;
DEBUG(3, ("[%5d]: list users\n", state->pid));
@@ -635,12 +635,15 @@ enum winbindd_result winbindd_list_users(struct winbindd_cli_state *state)
total_entries += num_entries;
- extra_data = Realloc(extra_data, sizeof(fstring) *
+ ted = Realloc(extra_data, sizeof(fstring) *
total_entries);
- if (!extra_data) {
+ if (!ted) {
+ DEBUG(0,("winbindd_list_users: failed to enlarge buffer!\n"));
+ if (extra_data) free(extra_data);
return WINBINDD_ERROR;
}
+ else extra_data = ted;
/* Pack user list into extra data fields */
diff --git a/source3/param/loadparm.c b/source3/param/loadparm.c
index cb7f9f35c3..b004265261 100644
--- a/source3/param/loadparm.c
+++ b/source3/param/loadparm.c
@@ -1782,16 +1782,25 @@ static int add_a_service(service * pservice, char *name)
/* if not, then create one */
if (i == iNumServices)
{
- ServicePtrs =
- (service **) Realloc(ServicePtrs,
- sizeof(service *) *
- num_to_alloc);
- if (ServicePtrs)
+ service **tsp;
+
+ tsp = (service **) Realloc(ServicePtrs,
+ sizeof(service *) *
+ num_to_alloc);
+
+ if (!tsp) {
+ DEBUG(0,("add_a_service: failed to enlarge ServicePtrs!\n"));
+ return (-1);
+ }
+ else {
+ ServicePtrs = tsp;
ServicePtrs[iNumServices] =
(service *) malloc(sizeof(service));
-
- if (!ServicePtrs || !ServicePtrs[iNumServices])
+ }
+ if (!ServicePtrs[iNumServices]) {
+ DEBUG(0,("add_a_service: out of memory!\n"));
return (-1);
+ }
iNumServices++;
}
diff --git a/source3/param/params.c b/source3/param/params.c
index 61baf9517c..9416965919 100644
--- a/source3/param/params.c
+++ b/source3/param/params.c
@@ -238,13 +238,16 @@ static BOOL Section( myFILE *InFile, BOOL (*sfunc)(char *) )
/* Check that the buffer is big enough for the next character. */
if( i > (bSize - 2) )
{
- bSize += BUFR_INC;
- bufr = Realloc( bufr, bSize );
- if( NULL == bufr )
+ char *tb;
+
+ tb = Realloc( bufr, bSize +BUFR_INC );
+ if( NULL == tb )
{
DEBUG(0, ("%s Memory re-allocation failure.", func) );
return( False );
}
+ bufr = tb;
+ bSize += BUFR_INC;
}
/* Handle a single character. */
@@ -332,13 +335,16 @@ static BOOL Parameter( myFILE *InFile, BOOL (*pfunc)(char *, char *), int c )
if( i > (bSize - 2) ) /* Ensure there's space for next char. */
{
- bSize += BUFR_INC;
- bufr = Realloc( bufr, bSize );
- if( NULL == bufr )
+ char *tb;
+
+ tb = Realloc( bufr, bSize + BUFR_INC );
+ if( NULL == tb )
{
DEBUG(0, ("%s Memory re-allocation failure.", func) );
return( False );
}
+ bufr = tb;
+ bSize += BUFR_INC;
}
switch( c )
@@ -397,13 +403,16 @@ static BOOL Parameter( myFILE *InFile, BOOL (*pfunc)(char *, char *), int c )
if( i > (bSize - 2) ) /* Make sure there's enough room. */
{
- bSize += BUFR_INC;
- bufr = Realloc( bufr, bSize );
- if( NULL == bufr )
+ char *tb;
+
+ tb = Realloc( bufr, bSize + BUFR_INC );
+ if( NULL == tb )
{
DEBUG(0, ("%s Memory re-allocation failure.", func) );
return( False );
}
+ bufr = tb;
+ bSize += BUFR_INC;
}
switch( c )
diff --git a/source3/passdb/ldap.c b/source3/passdb/ldap.c
index 9987990cc2..ee99664af4 100644
--- a/source3/passdb/ldap.c
+++ b/source3/passdb/ldap.c
@@ -378,7 +378,7 @@ static void ldap_get_sam_passwd(LDAP *ldap_struct, LDAPMessage *entry,
************************************************************************/
static void make_a_mod(LDAPMod ***modlist,int modop, char *attribute, char *value)
{
- LDAPMod **mods;
+ LDAPMod **mods, **tmods;
int i;
int j;
@@ -386,12 +386,13 @@ static void make_a_mod(LDAPMod ***modlist,int modop, char *attribute, char *valu
if (mods == NULL)
{
- mods = (LDAPMod **)malloc( sizeof(LDAPMod *) );
- if (mods == NULL)
+ tmods = (LDAPMod **)malloc( sizeof(LDAPMod *) );
+ if (tmods == NULL)
{
DEBUG(0,("make_a_mod: out of memory!\n"));
return;
}
+ mods = tmods;
mods[0] = NULL;
}
@@ -406,12 +407,13 @@ static void make_a_mod(LDAPMod ***modlist,int modop, char *attribute, char *valu
if (mods[i] == NULL)
{
- mods = (LDAPMod **)Realloc( mods, (i+2) * sizeof( LDAPMod * ) );
- if (mods == NULL)
+ tmods = (LDAPMod **)Realloc( mods, (i+2) * sizeof( LDAPMod * ) );
+ if (tmods == NULL)
{
DEBUG(0,("make_a_mod: out of memory!\n"));
return;
}
+ mods = tmods;
mods[i] = (LDAPMod *)malloc( sizeof( LDAPMod ) );
if (mods[i] == NULL)
{
@@ -426,18 +428,21 @@ static void make_a_mod(LDAPMod ***modlist,int modop, char *attribute, char *valu
if (value ! = NULL )
{
+ char **tmval;
+
j = 0;
if ( mods[ i ]->mod_values ! = NULL )
{
for ( ; mods[ i ]->mod_values[ j ] ! = NULL; j++ );
}
- mods[ i ]->mod_values = (char **)Realloc(mods[ i ]->mod_values,
+ tmval = (char **)Realloc(mods[ i ]->mod_values,
(j+2) * sizeof( char * ));
- if ( mods[ i ]->mod_values == NULL)
+ if ( tmval == NULL)
{
DEBUG(0, "make_a_mod: Memory allocation failure!\n");
return;
}
+ mods[ i ]->mod_values = tmval;
mods[ i ]->mod_values[ j ] = strdup(value);
mods[ i ]->mod_values[ j + 1 ] = NULL;
}
diff --git a/source3/printing/nt_printing.c b/source3/printing/nt_printing.c
index 5482d1608a..20bdcda5ec 100644
--- a/source3/printing/nt_printing.c
+++ b/source3/printing/nt_printing.c
@@ -316,6 +316,7 @@ get a form struct list
int get_ntforms(nt_forms_struct **list)
{
TDB_DATA kbuf, newkey, dbuf;
+ nt_forms_struct *tl;
nt_forms_struct form;
int ret;
int i;
@@ -336,11 +337,12 @@ int get_ntforms(nt_forms_struct **list)
safe_free(dbuf.dptr);
if (ret != dbuf.dsize) continue;
- *list = Realloc(*list, sizeof(nt_forms_struct)*(n+1));
- if (!*list) {
+ tl = Realloc(*list, sizeof(nt_forms_struct)*(n+1));
+ if (!tl) {
DEBUG(0,("get_ntforms: Realloc fail.\n"));
return 0;
}
+ *list = tl;
(*list)[n] = form;
n++;
}
@@ -385,6 +387,7 @@ BOOL add_a_form(nt_forms_struct **list, const FORM *form, int *count)
int n=0;
BOOL update;
fstring form_name;
+ nt_forms_struct *tl;
/*
* NT tries to add forms even when
@@ -404,8 +407,11 @@ BOOL add_a_form(nt_forms_struct **list, const FORM *form, int *count)
}
if (update==False) {
- if((*list=Realloc(*list, (n+1)*sizeof(nt_forms_struct))) == NULL)
+ if((tl=Realloc(*list, (n+1)*sizeof(nt_forms_struct))) == NULL) {
+ DEBUG(0,("add_a_form: failed to enlarge forms list!\n"));
return False;
+ }
+ *list = tl;
unistr2_to_ascii((*list)[n].name, &form->name, sizeof((*list)[n].name)-1);
(*count)++;
}
@@ -496,6 +502,7 @@ int get_ntdrivers(fstring **list, char *architecture, uint32 version)
{
int total=0;
fstring short_archi;
+ fstring *fl;
pstring key;
TDB_DATA kbuf, newkey;
@@ -507,8 +514,11 @@ int get_ntdrivers(fstring **list, char *architecture, uint32 version)
newkey = tdb_nextkey(tdb_drivers, kbuf), safe_free(kbuf.dptr), kbuf=newkey) {
if (strncmp(kbuf.dptr, key, strlen(key)) != 0) continue;
- if((*list = Realloc(*list, sizeof(fstring)*(total+1))) == NULL)
+ if((fl = Realloc(*list, sizeof(fstring)*(total+1))) == NULL) {
+ DEBUG(0,("get_ntdrivers: failed to enlarge list!\n"));
return -1;
+ }
+ else *list = fl;
fstrcpy((*list)[total], kbuf.dptr+strlen(key));
total++;
@@ -1520,7 +1530,15 @@ static uint32 add_a_printer_driver_3(NT_PRINTER_DRIVER_INFO_LEVEL_3 *driver)
}
if (len != buflen) {
- buf = (char *)Realloc(buf, len);
+ char *tb;
+
+ tb = (char *)Realloc(buf, len);
+ if (!tb) {
+ DEBUG(0,("add_a_printer_driver_3: failed to enlarge buffer\n!"));
+ ret = -1;
+ goto done;
+ }
+ else buf = tb;
buflen = len;
goto again;
}
@@ -1533,6 +1551,7 @@ static uint32 add_a_printer_driver_3(NT_PRINTER_DRIVER_INFO_LEVEL_3 *driver)
ret = tdb_store(tdb_drivers, kbuf, dbuf, TDB_REPLACE);
+done:
if (ret)
DEBUG(0,("add_a_printer_driver_3: Adding driver with key %s failed.\n", key ));
@@ -1630,10 +1649,15 @@ static uint32 get_a_printer_driver_3(NT_PRINTER_DRIVER_INFO_LEVEL_3 **info_ptr,
i=0;
while (len < dbuf.dsize) {
- driver.dependentfiles = (fstring *)Realloc(driver.dependentfiles,
+ fstring *tddfs;
+
+ tddfs = (fstring *)Realloc(driver.dependentfiles,
sizeof(fstring)*(i+2));
- if (driver.dependentfiles == NULL)
+ if (tddfs == NULL) {
+ DEBUG(0,("get_a_printer_driver_3: failed to enlarge buffer!\n"));
break;
+ }
+ else driver.dependentfiles = tddfs;
len += tdb_unpack(dbuf.dptr+len, dbuf.dsize-len, "f",
&driver.dependentfiles[i]);
@@ -1936,7 +1960,15 @@ static uint32 update_a_printer_2(NT_PRINTER_INFO_LEVEL_2 *info)
len += pack_specifics(info->specific, buf+len, buflen-len);
if (buflen != len) {
- buf = (char *)Realloc(buf, len);
+ char *tb;
+
+ tb = (char *)Realloc(buf, len);
+ if (!tb) {
+ DEBUG(0,("update_a_printer_2: failed to enlarge buffer!\n"));
+ ret = -1;
+ goto done;
+ }
+ else buf = tb;
buflen = len;
goto again;
}
@@ -1951,6 +1983,7 @@ static uint32 update_a_printer_2(NT_PRINTER_INFO_LEVEL_2 *info)
ret = tdb_store(tdb_printers, kbuf, dbuf, TDB_REPLACE);
+done:
if (ret == -1)
DEBUG(8, ("error updating printer to tdb on disk\n"));
@@ -2793,7 +2826,15 @@ static uint32 update_driver_init_2(NT_PRINTER_INFO_LEVEL_2 *info)
len += pack_specifics(info->specific, buf+len, buflen-len);
if (buflen != len) {
- buf = (char *)Realloc(buf, len);
+ char *tb;
+
+ tb = (char *)Realloc(buf, len);
+ if (!tb) {
+ DEBUG(0, ("update_driver_init_2: failed to enlarge buffer!\n"));
+ ret = -1;
+ goto done;
+ }
+ else buf = tb;
buflen = len;
goto again;
}
@@ -2807,6 +2848,7 @@ static uint32 update_driver_init_2(NT_PRINTER_INFO_LEVEL_2 *info)
ret = tdb_store(tdb_drivers, kbuf, dbuf, TDB_REPLACE);
+done:
if (ret == -1)
DEBUG(8, ("update_driver_init_2: error updating printer init to tdb on disk\n"));
diff --git a/source3/rpc_parse/parse_creds.c b/source3/rpc_parse/parse_creds.c
index 7bdbe65880..ae8ba23a56 100644
--- a/source3/rpc_parse/parse_creds.c
+++ b/source3/rpc_parse/parse_creds.c
@@ -90,8 +90,7 @@ BOOL make_creds_unix_sec(CREDS_UNIX_SEC *r_u,
r_u->uid = uid;
r_u->gid = gid;
r_u->num_grps = num_grps;
- r_u->grps = (uint32*)Realloc(NULL, sizeof(r_u->grps[0]) *
- r_u->num_grps);
+ r_u->grps = (uint32*)malloc(sizeof(r_u->grps[0]) * r_u->num_grps);
if (r_u->grps == NULL && num_grps != 0)
{
return False;
@@ -123,14 +122,17 @@ BOOL creds_io_unix_sec(char *desc, CREDS_UNIX_SEC *r_u, prs_struct *ps, int dept
prs_uint32("num_grps", ps, depth, (uint32 *)&(r_u->num_grps));
if (r_u->num_grps != 0)
{
- r_u->grps = (uint32*)Realloc(r_u->grps,
+ uint32 *tgr;
+
+ tgr = (uint32*)Realloc(r_u->grps,
sizeof(r_u->grps[0]) *
r_u->num_grps);
- if (r_u->grps == NULL)
+ if (tgr == NULL)
{
creds_free_unix_sec(r_u);
return False;
}
+ else r_u->grps = tgr;
}
for (i = 0; i < r_u->num_grps; i++)
{
@@ -165,8 +167,7 @@ BOOL make_creds_nt_sec(CREDS_NT_SEC *r_u,
sid_copy(&r_u->sid, sid);
r_u->num_grps = num_grps;
- r_u->grp_rids = (uint32*)Realloc(NULL, sizeof(r_u->grp_rids[0]) *
- r_u->num_grps);
+ r_u->grp_rids = (uint32*)malloc(sizeof(r_u->grp_rids[0]) * r_u->num_grps);
if (r_u->grp_rids == NULL && num_grps != 0)
{
@@ -199,14 +200,17 @@ BOOL creds_io_nt_sec(char *desc, CREDS_NT_SEC *r_u, prs_struct *ps, int depth)
prs_uint32("num_grps", ps, depth, &(r_u->num_grps));
if (r_u->num_grps != 0)
{
- r_u->grp_rids = (uint32*)Realloc(r_u->grp_rids,
+ uint32 *tgrid;
+
+ tgrid = (uint32*)Realloc(r_u->grp_rids,
sizeof(r_u->grp_rids[0]) *
r_u->num_grps);
- if (r_u->grp_rids == NULL)
+ if (tgrid == NULL)
{
creds_free_nt_sec(r_u);
return False;
}
+ else r_u->grp_rids = tgrid;
}
for (i = 0; i < r_u->num_grps; i++)
{
diff --git a/source3/rpc_parse/parse_spoolss.c b/source3/rpc_parse/parse_spoolss.c
index b568995752..dd2c4a541a 100644
--- a/source3/rpc_parse/parse_spoolss.c
+++ b/source3/rpc_parse/parse_spoolss.c
@@ -1861,12 +1861,17 @@ static BOOL smb_io_relarraystr(char *desc, NEW_BUFFER *buffer, int depth, uint16
an extra NULL for termination */
if (l_chaine > 0)
{
+ uint16 *tc2;
+
realloc_size = (l_chaine2+l_chaine+2)*sizeof(uint16);
/* Yes this should be realloc - it's freed below. JRA */
- if((chaine2=(uint16 *)Realloc(chaine2, realloc_size)) == NULL)
+ if((tc2=(uint16 *)Realloc(chaine2, realloc_size)) == NULL) {
+ if (chaine2) free(chaine2);
return False;
+ }
+ else chaine2 = tc2;
memcpy(chaine2+l_chaine2, chaine.buffer, (l_chaine+1)*sizeof(uint16));
l_chaine2+=l_chaine+1;
}
@@ -4703,7 +4708,7 @@ BOOL spool_io_printer_driver_info_level_6(char *desc, SPOOL_PRINTER_DRIVER_INFO_
********************************************************************/
static BOOL uniarray_2_dosarray(BUFFER5 *buf5, fstring **ar)
{
- fstring f;
+ fstring f, *tar;
int n = 0;
char *src;
@@ -4715,7 +4720,9 @@ static BOOL uniarray_2_dosarray(BUFFER5 *buf5, fstring **ar)
while (src < ((char *)buf5->buffer) + buf5->buf_len*2) {
rpcstr_pull(f, src, sizeof(f)-1, -1, 0);
src = skip_unibuf(src, 2*buf5->buf_len - PTR_DIFF(src,buf5->buffer));
- *ar = (fstring *)Realloc(*ar, sizeof(fstring)*(n+2));
+ tar = (fstring *)Realloc(*ar, sizeof(fstring)*(n+2));
+ if (!tar) return False;
+ else *ar = tar;
fstrcpy((*ar)[n], f);
n++;
}
@@ -4993,9 +5000,11 @@ BOOL uni_2_asc_printer_driver_3(SPOOL_PRINTER_DRIVER_INFO_LEVEL_3 *uni,
DEBUGADD(8,( "monitorname: %s\n", d->monitorname));
DEBUGADD(8,( "defaultdatatype: %s\n", d->defaultdatatype));
- uniarray_2_dosarray(&uni->dependentfiles, &d->dependentfiles );
-
- return True;
+ if (uniarray_2_dosarray(&uni->dependentfiles, &d->dependentfiles ))
+ return True;
+
+ free(*asc);
+ return False;
}
/*******************************************************************
@@ -5038,10 +5047,16 @@ BOOL uni_2_asc_printer_driver_6(SPOOL_PRINTER_DRIVER_INFO_LEVEL_6 *uni,
DEBUGADD(8,( "monitorname: %s\n", d->monitorname));
DEBUGADD(8,( "defaultdatatype: %s\n", d->defaultdatatype));
- uniarray_2_dosarray(&uni->dependentfiles, &d->dependentfiles );
- uniarray_2_dosarray(&uni->previousnames, &d->previousnames );
-
+ if (!uniarray_2_dosarray(&uni->dependentfiles, &d->dependentfiles ))
+ goto error;
+ if (!uniarray_2_dosarray(&uni->previousnames, &d->previousnames ))
+ goto error;
+
return True;
+
+error:
+ free(*asc);
+ return False;
}
BOOL uni_2_asc_printer_info_2(const SPOOL_PRINTER_INFO_LEVEL_2 *uni,
diff --git a/source3/rpc_server/srv_spoolss_nt.c b/source3/rpc_server/srv_spoolss_nt.c
index f002ceabd2..023c9a1203 100644
--- a/source3/rpc_server/srv_spoolss_nt.c
+++ b/source3/rpc_server/srv_spoolss_nt.c
@@ -915,20 +915,24 @@ static BOOL convert_printer_info(const SPOOL_PRINTER_INFO_LEVEL *uni,
static BOOL convert_printer_driver_info(const SPOOL_PRINTER_DRIVER_INFO_LEVEL *uni,
NT_PRINTER_DRIVER_INFO_LEVEL *printer, uint32 level)
{
+ BOOL result = True;
+
switch (level) {
case 3:
printer->info_3=NULL;
- uni_2_asc_printer_driver_3(uni->info_3, &printer->info_3);
+ if (!uni_2_asc_printer_driver_3(uni->info_3, &printer->info_3))
+ result = False;
break;
case 6:
printer->info_6=NULL;
- uni_2_asc_printer_driver_6(uni->info_6, &printer->info_6);
+ if (!uni_2_asc_printer_driver_6(uni->info_6, &printer->info_6))
+ result = False;
break;
default:
break;
}
- return True;
+ return result;
}
BOOL convert_devicemode(char *printername, const DEVICEMODE *devmode,
@@ -2200,7 +2204,7 @@ static BOOL construct_notify_printer_info(SPOOL_NOTIFY_INFO *info, int
uint16 type;
uint16 field;
- SPOOL_NOTIFY_INFO_DATA *current_data;
+ SPOOL_NOTIFY_INFO_DATA *current_data, *tid;
NT_PRINTER_INFO_LEVEL *printer = NULL;
print_queue_struct *queue=NULL;
@@ -2220,9 +2224,12 @@ static BOOL construct_notify_printer_info(SPOOL_NOTIFY_INFO *info, int
if (!search_notify(type, field, &j) )
continue;
- if((info->data=(SPOOL_NOTIFY_INFO_DATA *)Realloc(info->data, (info->count+1)*sizeof(SPOOL_NOTIFY_INFO_DATA))) == NULL) {
+ if((tid=(SPOOL_NOTIFY_INFO_DATA *)Realloc(info->data, (info->count+1)*sizeof(SPOOL_NOTIFY_INFO_DATA))) == NULL) {
+ DEBUG(0,("construct_notify_printer_info: failed to enlarge buffer info->data!\n"));
return False;
}
+ else info->data = tid;
+
current_data=&info->data[info->count];
construct_info_data(current_data, type, field, id);
@@ -2256,7 +2263,7 @@ static BOOL construct_notify_jobs_info(print_queue_struct *queue,
uint16 type;
uint16 field;
- SPOOL_NOTIFY_INFO_DATA *current_data;
+ SPOOL_NOTIFY_INFO_DATA *current_data, *tid;
DEBUG(4,("construct_notify_jobs_info\n"));
@@ -2272,9 +2279,11 @@ static BOOL construct_notify_jobs_info(print_queue_struct *queue,
if (!search_notify(type, field, &j) )
continue;
- if((info->data=Realloc(info->data, (info->count+1)*sizeof(SPOOL_NOTIFY_INFO_DATA))) == NULL) {
+ if((tid=Realloc(info->data, (info->count+1)*sizeof(SPOOL_NOTIFY_INFO_DATA))) == NULL) {
+ DEBUG(0,("construct_notify_jobs_info: failed to enlarg buffer info->data!\n"));
return False;
}
+ else info->data = tid;
current_data=&(info->data[info->count]);
@@ -2877,7 +2886,7 @@ static BOOL enum_all_printers_info_1(uint32 flags, NEW_BUFFER *buffer, uint32 of
int snum;
int i;
int n_services=lp_numservices();
- PRINTER_INFO_1 *printers=NULL;
+ PRINTER_INFO_1 *tp, *printers=NULL;
PRINTER_INFO_1 current_prt;
DEBUG(4,("enum_all_printers_info_1\n"));
@@ -2887,10 +2896,13 @@ static BOOL enum_all_printers_info_1(uint32 flags, NEW_BUFFER *buffer, uint32 of
DEBUG(4,("Found a printer in smb.conf: %s[%x]\n", lp_servicename(snum), snum));
if (construct_printer_info_1(flags, &current_prt, snum)) {
- if((printers=Realloc(printers, (*returned +1)*sizeof(PRINTER_INFO_1))) == NULL) {
+ if((tp=Realloc(printers, (*returned +1)*sizeof(PRINTER_INFO_1))) == NULL) {
+ DEBUG(0,("enum_all_printers_info_1: failed to enlarge printers buffer!\n"));
+ safe_free(printers);
*returned=0;
return ERRnomem;
}
+ else printers = tp;
DEBUG(4,("ReAlloced memory for [%d] PRINTER_INFO_1\n", *returned));
memcpy(&printers[*returned], &current_prt, sizeof(PRINTER_INFO_1));
(*returned)++;
@@ -3024,7 +3036,7 @@ static BOOL enum_all_printers_info_2(NEW_BUFFER *buffer, uint32 offered, uint32
int snum;
int i;
int n_services=lp_numservices();
- PRINTER_INFO_2 *printers=NULL;
+ PRINTER_INFO_2 *tp, *printers=NULL;
PRINTER_INFO_2 current_prt;
for (snum=0; snum<n_services; snum++) {
@@ -3032,8 +3044,13 @@ static BOOL enum_all_printers_info_2(NEW_BUFFER *buffer, uint32 offered, uint32
DEBUG(4,("Found a printer in smb.conf: %s[%x]\n", lp_servicename(snum), snum));
if (construct_printer_info_2(&current_prt, snum)) {
- if((printers=Realloc(printers, (*returned +1)*sizeof(PRINTER_INFO_2))) == NULL)
+ if((tp=Realloc(printers, (*returned +1)*sizeof(PRINTER_INFO_2))) == NULL) {
+ DEBUG(0,("enum_all_printers_info_2: failed to enlarge printers buffer!\n"));
+ safe_free(printers);
+ *returned = 0;
return ERRnomem;
+ }
+ else printers = tp;
DEBUG(4,("ReAlloced memory for [%d] PRINTER_INFO_2\n", *returned));
memcpy(&printers[*returned], &current_prt, sizeof(PRINTER_INFO_2));
(*returned)++;
@@ -3460,6 +3477,7 @@ static void init_unistr_array(uint16 **uni_array, fstring *char_array, char *ser
int j=0;
char *v;
pstring line;
+ uint16 *tuary;
DEBUG(6,("init_unistr_array\n"));
*uni_array=NULL;
@@ -3474,10 +3492,11 @@ static void init_unistr_array(uint16 **uni_array, fstring *char_array, char *ser
if (strlen(v) == 0) break;
slprintf(line, sizeof(line)-1, "\\\\%s%s", servername, v);
DEBUGADD(6,("%d:%s:%d\n", i, line, strlen(line)));
- if((*uni_array=Realloc(*uni_array, (j+strlen(line)+2)*sizeof(uint16))) == NULL) {
+ if((tuary=Realloc(*uni_array, (j+strlen(line)+2)*sizeof(uint16))) == NULL) {
DEBUG(0,("init_unistr_array: Realloc error\n" ));
return;
}
+ else *uni_array = tuary;
j += (rpcstr_push((*uni_array+j), line, sizeof(uint16)*strlen(line)+2, 0)/ sizeof(uint16));
i++;
}
@@ -4984,7 +5003,7 @@ static uint32 enumprinterdrivers_level1(fstring servername, fstring architecture
fstring *list = NULL;
NT_PRINTER_DRIVER_INFO_LEVEL driver;
- DRIVER_INFO_1 *driver_info_1=NULL;
+ DRIVER_INFO_1 *tdi1, *driver_info_1=NULL;
*returned=0;
@@ -4999,10 +5018,13 @@ static uint32 enumprinterdrivers_level1(fstring servername, fstring architecture
return ERRnomem;
if(ndrivers != 0) {
- if((driver_info_1=(DRIVER_INFO_1 *)Realloc(driver_info_1, (*returned+ndrivers) * sizeof(DRIVER_INFO_1))) == NULL) {
+ if((tdi1=(DRIVER_INFO_1 *)Realloc(driver_info_1, (*returned+ndrivers) * sizeof(DRIVER_INFO_1))) == NULL) {
+ DEBUG(0,("enumprinterdrivers_level1: failed to enlarge driver info buffer!\n"));
+ safe_free(driver_info_1);
safe_free(list);
return ERRnomem;
}
+ else driver_info_1 = tdi1;
}
for (i=0; i<ndrivers; i++) {
@@ -5059,7 +5081,7 @@ static uint32 enumprinterdrivers_level2(fstring servername, fstring architecture
fstring *list = NULL;
NT_PRINTER_DRIVER_INFO_LEVEL driver;
- DRIVER_INFO_2 *driver_info_2=NULL;
+ DRIVER_INFO_2 *tdi2, *driver_info_2=NULL;
*returned=0;
@@ -5074,10 +5096,13 @@ static uint32 enumprinterdrivers_level2(fstring servername, fstring architecture
return ERRnomem;
if(ndrivers != 0) {
- if((driver_info_2=(DRIVER_INFO_2 *)Realloc(driver_info_2, (*returned+ndrivers) * sizeof(DRIVER_INFO_2))) == NULL) {
+ if((tdi2=(DRIVER_INFO_2 *)Realloc(driver_info_2, (*returned+ndrivers) * sizeof(DRIVER_INFO_2))) == NULL) {
+ DEBUG(0,("enumprinterdrivers_level2: failed to enlarge driver info buffer!\n"));
+ safe_free(driver_info_2);
safe_free(list);
return ERRnomem;
}
+ else driver_info_2 = tdi2;
}
for (i=0; i<ndrivers; i++) {
@@ -5135,7 +5160,7 @@ static uint32 enumprinterdrivers_level3(fstring servername, fstring architecture
fstring *list = NULL;
NT_PRINTER_DRIVER_INFO_LEVEL driver;
- DRIVER_INFO_3 *driver_info_3=NULL;
+ DRIVER_INFO_3 *tdi3, *driver_info_3=NULL;
*returned=0;
@@ -5150,10 +5175,13 @@ static uint32 enumprinterdrivers_level3(fstring servername, fstring architecture
return ERRnomem;
if(ndrivers != 0) {
- if((driver_info_3=(DRIVER_INFO_3 *)Realloc(driver_info_3, (*returned+ndrivers) * sizeof(DRIVER_INFO_3))) == NULL) {
+ if((tdi3=(DRIVER_INFO_3 *)Realloc(driver_info_3, (*returned+ndrivers) * sizeof(DRIVER_INFO_3))) == NULL) {
+ DEBUG(0,("enumprinterdrivers_level3: failed to enlarge driver info buffer!\n"));
+ safe_free(driver_info_3);
safe_free(list);
return ERRnomem;
}
+ else driver_info_3 = tdi3;
}
for (i=0; i<ndrivers; i++) {
@@ -5811,7 +5839,10 @@ uint32 _spoolss_addprinterdriver(pipes_struct *p, SPOOL_Q_ADDPRINTERDRIVER *q_u,
get_current_user(&user, p);
- convert_printer_driver_info(info, &driver, level);
+ if (!convert_printer_driver_info(info, &driver, level)) {
+ err = ERRnomem;
+ goto done;
+ }
DEBUG(5,("Cleaning driver's information\n"));
if ((err = clean_up_driver_struct(driver, level, &user)) != ERRsuccess )
diff --git a/source3/smbd/lanman.c b/source3/smbd/lanman.c
index ad7e8aac86..6408bbff9e 100644
--- a/source3/smbd/lanman.c
+++ b/source3/smbd/lanman.c
@@ -1123,10 +1123,16 @@ static int get_server_info(uint32 servertype,
if (!*ptr) continue;
if (count == alloced) {
+ struct srv_info_struct *ts;
+
alloced += 10;
- (*servers) = (struct srv_info_struct *)
+ ts = (struct srv_info_struct *)
Realloc(*servers,sizeof(**servers)*alloced);
- if (!(*servers)) return(0);
+ if (!ts) {
+ DEBUG(0,("get_server_info: failed to enlarge servers info struct!\n"));
+ return(0);
+ }
+ else *servers = ts;
memset((char *)((*servers)+count),'\0',sizeof(**servers)*(alloced-count));
}
s = &(*servers)[count];
diff --git a/source3/smbwrapper/smbw_dir.c b/source3/smbwrapper/smbw_dir.c
index 4f6c18eb7f..d9dae454bb 100644
--- a/source3/smbwrapper/smbw_dir.c
+++ b/source3/smbwrapper/smbw_dir.c
@@ -80,16 +80,19 @@ add a entry to a directory listing
static void smbw_dir_add(struct file_info *finfo, const char *mask,
void *state)
{
+ struct file_info *cdl;
+
DEBUG(5,("%s\n", finfo->name));
if (cur_dir->malloced == cur_dir->count) {
- cur_dir->list = (struct file_info *)Realloc(cur_dir->list,
+ cdl = (struct file_info *)Realloc(cur_dir->list,
sizeof(cur_dir->list[0])*
(cur_dir->count+100));
if (!cur_dir->list) {
/* oops */
return;
}
+ cur_dir->list = cdl;
cur_dir->malloced += 100;
}