summaryrefslogtreecommitdiff
path: root/source3
diff options
context:
space:
mode:
authorShirish Kalele <kalele@samba.org>2000-05-26 22:37:08 +0000
committerShirish Kalele <kalele@samba.org>2000-05-26 22:37:08 +0000
commitf3c44fba111392a7680e489330f3f69aedbff13d (patch)
treeb080bdb73077897348c598cbe38ae82260e0de76 /source3
parent9646e6e1ba5e44b3c4349e85e08ab9f73372a4d5 (diff)
downloadsamba-f3c44fba111392a7680e489330f3f69aedbff13d.tar.gz
samba-f3c44fba111392a7680e489330f3f69aedbff13d.tar.bz2
samba-f3c44fba111392a7680e489330f3f69aedbff13d.zip
Fixed memory leak in RPC parsing code.
Problem in prs_set_buffer_size() was Realloc returns a NULL when newsize is zero (equivalent to a free()). We were returning a failure here without resetting the buffer_size or the data_p pointer in the prs_struct. And we weren't checking for a failure from prs_set_buffer_size(). So realloc's to zero size were not reflected in the prs_struct: memory leak. (This used to be commit 590d9ece8449b1feecfe1aa13e61bcd8fea4e5bf)
Diffstat (limited to 'source3')
-rw-r--r--source3/rpc_parse/parse_prs.c4
-rw-r--r--source3/rpc_server/srv_pipe_hnd.c7
2 files changed, 9 insertions, 2 deletions
diff --git a/source3/rpc_parse/parse_prs.c b/source3/rpc_parse/parse_prs.c
index dafff63ad9..422b420a3c 100644
--- a/source3/rpc_parse/parse_prs.c
+++ b/source3/rpc_parse/parse_prs.c
@@ -164,9 +164,11 @@ BOOL prs_set_buffer_size(prs_struct *ps, uint32 newsize)
if (newsize < ps->buffer_size) {
char *new_data_p = Realloc(ps->data_p, newsize);
- if (new_data_p == NULL) {
+ /* if newsize is zero, Realloc acts like free() & returns NULL*/
+ if (new_data_p == NULL && newsize != 0) {
DEBUG(0,("prs_set_buffer_size: Realloc failure for size %u.\n",
(unsigned int)newsize));
+ DEBUG(0,("prs_set_buffer_size: Reason %s\n",strerror(errno)));
return False;
}
ps->data_p = new_data_p;
diff --git a/source3/rpc_server/srv_pipe_hnd.c b/source3/rpc_server/srv_pipe_hnd.c
index a349da839a..e01ecf82a2 100644
--- a/source3/rpc_server/srv_pipe_hnd.c
+++ b/source3/rpc_server/srv_pipe_hnd.c
@@ -480,7 +480,12 @@ authentication failed. Denying the request.\n", p->name));
* size as the current offset.
*/
- prs_set_buffer_size(&p->in_data.data, prs_offset(&p->in_data.data));
+ if(!prs_set_buffer_size(&p->in_data.data, prs_offset(&p->in_data.data)))
+ {
+ DEBUG(0,("process_request_pdu: Call to prs_set_buffer_size failed!\n"));
+ set_incoming_fault(p);
+ return False;
+ }
/*
* Set the parse offset to the start of the data and set the