diff options
| author | Jeremy Allison <jra@samba.org> | 2006-06-28 00:50:14 +0000 |
|---|---|---|
| committer | Gerald (Jerry) Carter <jerry@samba.org> | 2007-10-10 11:19:01 -0500 |
| commit | d1014c1cdfce116741ddd6eccd65b69530ce0b84 (patch) | |
| tree | 04ba00b02632484f2492f979229b76e06bc92141 /source3 | |
| parent | 5a1a08d4286b85252233517373cad75a355b05a7 (diff) | |
| download | samba-d1014c1cdfce116741ddd6eccd65b69530ce0b84.tar.gz samba-d1014c1cdfce116741ddd6eccd65b69530ce0b84.tar.bz2 samba-d1014c1cdfce116741ddd6eccd65b69530ce0b84.zip | |
r16582: Fix Klocwork #1997 and all generic class of problems
where we don't correctly check the return from memdup.
Jeremy.
(This used to be commit ce14daf51c7ee2f9c68c77f7f4674e6f0e35c9ca)
Diffstat (limited to 'source3')
| -rw-r--r-- | source3/lib/interface.c | 4 | ||||
| -rw-r--r-- | source3/libsmb/clirap.c | 6 | ||||
| -rw-r--r-- | source3/passdb/pdb_tdb.c | 6 | ||||
| -rw-r--r-- | source3/printing/nt_printing.c | 15 | ||||
| -rw-r--r-- | source3/rpc_server/srv_pipe.c | 15 | ||||
| -rw-r--r-- | source3/smbd/sec_ctx.c | 22 |
6 files changed, 62 insertions, 6 deletions
diff --git a/source3/lib/interface.c b/source3/lib/interface.c index 2bd7d6ddbe..dea01c6011 100644 --- a/source3/lib/interface.c +++ b/source3/lib/interface.c @@ -188,6 +188,10 @@ void load_interfaces(void) if (total_probed > 0) { probed_ifaces = memdup(ifaces, sizeof(ifaces[0])*total_probed); + if (!probed_ifaces) { + DEBUG(0,("ERROR: memdup failed\n")); + exit(1); + } } /* if we don't have a interfaces line then use all broadcast capable diff --git a/source3/libsmb/clirap.c b/source3/libsmb/clirap.c index 58fa9c8dff..26f22f2131 100644 --- a/source3/libsmb/clirap.c +++ b/source3/libsmb/clirap.c @@ -848,6 +848,12 @@ BOOL cli_qfileinfo_test(struct cli_state *cli, int fnum, int level, char **poutd } *poutdata = memdup(rdata, data_len); + if (!*poutdata) { + SAFE_FREE(rdata); + SAFE_FREE(rparam); + return False; + } + *poutlen = data_len; SAFE_FREE(rdata); diff --git a/source3/passdb/pdb_tdb.c b/source3/passdb/pdb_tdb.c index 0dc46bec2d..94be32162c 100644 --- a/source3/passdb/pdb_tdb.c +++ b/source3/passdb/pdb_tdb.c @@ -902,6 +902,12 @@ static int tdbsam_traverse_setpwent(TDB_CONTEXT *t, TDB_DATA key, TDB_DATA data, /* save a copy of the key */ ptr->key.dptr = memdup( key.dptr, key.dsize ); + if (!ptr->key.dptr) { + DEBUG(0,("tdbsam_traverse_setpwent: memdup failed\n")); + /* just return 0 and let the traversal continue */ + return 0; + } + ptr->key.dsize = key.dsize; DLIST_ADD( tdbsam_pwent_list, ptr ); diff --git a/source3/printing/nt_printing.c b/source3/printing/nt_printing.c index 5c4039722e..85b7513c62 100644 --- a/source3/printing/nt_printing.c +++ b/source3/printing/nt_printing.c @@ -738,6 +738,9 @@ uint32 get_c_setprinter(void) int get_builtin_ntforms(nt_forms_struct **list) { *list = (nt_forms_struct *)memdup(&default_forms[0], sizeof(default_forms)); + if (!*list) { + return 0; + } return sizeof(default_forms) / sizeof(default_forms[0]); } @@ -2078,6 +2081,10 @@ static WERROR get_a_printer_driver_3_default(NT_PRINTER_DRIVER_INFO_LEVEL_3 **in fstrcpy(info.dependentfiles[0], ""); *info_ptr = memdup(&info, sizeof(info)); + if (!*info_ptr) { + SAFE_FREE(info.dependentfiles); + return WERR_NOMEM; + } return WERR_OK; } @@ -2152,6 +2159,10 @@ static WERROR get_a_printer_driver_3(NT_PRINTER_DRIVER_INFO_LEVEL_3 **info_ptr, } *info_ptr = (NT_PRINTER_DRIVER_INFO_LEVEL_3 *)memdup(&driver, sizeof(driver)); + if (!*info_ptr) { + SAFE_FREE(driver.dependentfiles); + return WERR_NOMEM; + } return WERR_OK; } @@ -2652,6 +2663,10 @@ int unpack_devicemode(NT_DEVICEMODE **nt_devmode, char *buf, int buflen) } *nt_devmode = (NT_DEVICEMODE *)memdup(&devmode, sizeof(devmode)); + if (!*nt_devmode) { + SAFE_FREE(devmode.nt_dev_private); + return -1; + } DEBUG(8,("Unpacked devicemode [%s](%s)\n", devmode.devicename, devmode.formname)); if (devmode.nt_dev_private) diff --git a/source3/rpc_server/srv_pipe.c b/source3/rpc_server/srv_pipe.c index 72298520e3..1c91735756 100644 --- a/source3/rpc_server/srv_pipe.c +++ b/source3/rpc_server/srv_pipe.c @@ -679,7 +679,8 @@ static BOOL pipe_ntlmssp_verify_final(pipes_struct *p, DATA_BLOB *p_resp_blob) if (p->pipe_user.ut.ngroups) { if (!(p->pipe_user.ut.groups = memdup(a->server_info->groups, sizeof(gid_t) * p->pipe_user.ut.ngroups))) { - DEBUG(0,("failed to memdup group list to p->pipe_user.groups\n")); + DEBUG(0,("pipe_ntlmssp_verify_final: failed to memdup group list to p->pipe_user.groups\n")); + data_blob_free(&p->session_key); return False; } } @@ -687,9 +688,17 @@ static BOOL pipe_ntlmssp_verify_final(pipes_struct *p, DATA_BLOB *p_resp_blob) if (a->server_info->ptok) { p->pipe_user.nt_user_token = dup_nt_token(NULL, a->server_info->ptok); + if (!p->pipe_user.nt_user_token) { + DEBUG(1,("pipe_ntlmssp_verify_final: dup_nt_token failed.\n")); + data_blob_free(&p->session_key); + SAFE_FREE(p->pipe_user.ut.groups); + return False; + } + } else { - DEBUG(1,("Error: Authmodule failed to provide nt_user_token\n")); - p->pipe_user.nt_user_token = NULL; + DEBUG(1,("pipe_ntlmssp_verify_final: Error: Authmodule failed to provide nt_user_token\n")); + data_blob_free(&p->session_key); + SAFE_FREE(p->pipe_user.ut.groups); return False; } diff --git a/source3/smbd/sec_ctx.c b/source3/smbd/sec_ctx.c index a30123bfa7..51d1d6cc0a 100644 --- a/source3/smbd/sec_ctx.c +++ b/source3/smbd/sec_ctx.c @@ -252,13 +252,29 @@ void set_sec_ctx(uid_t uid, gid_t gid, int ngroups, gid_t *groups, NT_USER_TOKEN ctx_p->ut.ngroups = ngroups; SAFE_FREE(ctx_p->ut.groups); - if (token && (token == ctx_p->token)) + if (token && (token == ctx_p->token)) { smb_panic("DUPLICATE_TOKEN"); + } TALLOC_FREE(ctx_p->token); - ctx_p->ut.groups = memdup(groups, sizeof(gid_t) * ngroups); - ctx_p->token = dup_nt_token(NULL, token); + if (ngroups) { + ctx_p->ut.groups = memdup(groups, sizeof(gid_t) * ngroups); + if (!ctx_p->ut.groups) { + smb_panic("memdup failed"); + } + } else { + ctx_p->ut.groups = NULL; + } + + if (token) { + ctx_p->token = dup_nt_token(NULL, token); + if (!ctx_p->token) { + smb_panic("dup_nt_token failed"); + } + } else { + ctx_p->token = NULL; + } become_id(uid, gid); |