summaryrefslogtreecommitdiff
path: root/source3
diff options
context:
space:
mode:
authortodd stecher <todd.stecher@gmail.com>2009-01-19 15:09:51 -0800
committerSteven Danneman <steven.danneman@isilon.com>2009-01-21 17:13:03 -0800
commit989ad44d32c2e77972a966d91f1813b0b929f83b (patch)
treebb7a41c961fe974f464f7ce2a27ca3bf055187bf /source3
parente9615b43b4dc7037da7bc274d720b8e54c7f85bc (diff)
downloadsamba-989ad44d32c2e77972a966d91f1813b0b929f83b.tar.gz
samba-989ad44d32c2e77972a966d91f1813b0b929f83b.tar.bz2
samba-989ad44d32c2e77972a966d91f1813b0b929f83b.zip
Memory leaks and other fixes found by Coverity
Diffstat (limited to 'source3')
-rw-r--r--source3/auth/pampass.c4
-rw-r--r--source3/include/proto.h2
-rw-r--r--source3/lib/dprintf.c26
-rw-r--r--source3/libsmb/clikrb5.c10
-rw-r--r--source3/nmbd/nmbd_incomingrequests.c4
-rw-r--r--source3/nmbd/nmbd_serverlistdb.c2
-rw-r--r--source3/passdb/pdb_interface.c6
-rw-r--r--source3/passdb/pdb_ldap.c1
-rw-r--r--source3/rpc_client/cli_spoolss.c66
-rw-r--r--source3/rpc_parse/parse_buffer.c11
-rw-r--r--source3/rpc_server/srv_pipe.c4
-rw-r--r--source3/rpc_server/srv_spoolss_nt.c3
-rw-r--r--source3/rpc_server/srv_svcctl_nt.c2
-rw-r--r--source3/utils/net_rpc.c12
-rw-r--r--source3/winbindd/winbindd_group.c8
-rw-r--r--source3/winbindd/winbindd_user.c8
-rw-r--r--source3/winbindd/winbindd_util.c12
-rw-r--r--source3/winbindd/winbindd_wins.c10
18 files changed, 131 insertions, 60 deletions
diff --git a/source3/auth/pampass.c b/source3/auth/pampass.c
index 9345eed27a..4312b771c9 100644
--- a/source3/auth/pampass.c
+++ b/source3/auth/pampass.c
@@ -462,7 +462,9 @@ static bool smb_pam_end(pam_handle_t *pamh, struct pam_conv *smb_pam_conv_ptr)
static bool smb_pam_start(pam_handle_t **pamh, const char *user, const char *rhost, struct pam_conv *pconv)
{
int pam_error;
+#ifdef PAM_RHOST
const char *our_rhost;
+#endif
char addr[INET6_ADDRSTRLEN];
*pamh = (pam_handle_t *)NULL;
@@ -475,6 +477,7 @@ static bool smb_pam_start(pam_handle_t **pamh, const char *user, const char *rho
return False;
}
+#ifdef PAM_RHOST
if (rhost == NULL) {
our_rhost = client_name(get_client_fd());
if (strequal(our_rhost,"UNKNOWN"))
@@ -483,7 +486,6 @@ static bool smb_pam_start(pam_handle_t **pamh, const char *user, const char *rho
our_rhost = rhost;
}
-#ifdef PAM_RHOST
DEBUG(4,("smb_pam_start: PAM: setting rhost to: %s\n", our_rhost));
pam_error = pam_set_item(*pamh, PAM_RHOST, our_rhost);
if(!smb_pam_error_handler(*pamh, pam_error, "set rhost failed", 0)) {
diff --git a/source3/include/proto.h b/source3/include/proto.h
index 9ce6a9d7f1..1445b10914 100644
--- a/source3/include/proto.h
+++ b/source3/include/proto.h
@@ -5581,7 +5581,7 @@ NTSTATUS cli_do_rpc_ndr(struct rpc_pipe_client *cli,
/* The following definitions come from rpc_parse/parse_buffer.c */
-void rpcbuf_init(RPC_BUFFER *buffer, uint32 size, TALLOC_CTX *ctx);
+bool rpcbuf_init(RPC_BUFFER *buffer, uint32 size, TALLOC_CTX *ctx);
bool prs_rpcbuffer(const char *desc, prs_struct *ps, int depth, RPC_BUFFER *buffer);
bool prs_rpcbuffer_p(const char *desc, prs_struct *ps, int depth, RPC_BUFFER **buffer);
bool rpcbuf_alloc_size(RPC_BUFFER *buffer, uint32 buffer_size);
diff --git a/source3/lib/dprintf.c b/source3/lib/dprintf.c
index b3c830dd5b..631c45a807 100644
--- a/source3/lib/dprintf.c
+++ b/source3/lib/dprintf.c
@@ -32,24 +32,27 @@
int d_vfprintf(FILE *f, const char *format, va_list ap)
{
- char *p, *p2;
+ char *p = NULL, *p2 = NULL;
int ret, maxlen, clen;
const char *msgstr;
va_list ap2;
+ va_copy(ap2, ap);
+
/* do any message translations */
msgstr = lang_msg(format);
- if (!msgstr) return -1;
-
- va_copy(ap2, ap);
+ if (!msgstr) {
+ ret = -1;
+ goto out;
+ }
ret = vasprintf(&p, msgstr, ap2);
lang_msg_free(msgstr);
if (ret <= 0) {
- va_end(ap2);
- return ret;
+ ret = -1;
+ goto out;
}
/* now we have the string in unix format, convert it to the display
@@ -58,10 +61,10 @@
again:
p2 = (char *)SMB_MALLOC(maxlen);
if (!p2) {
- SAFE_FREE(p);
- va_end(ap2);
- return -1;
+ ret = -1;
+ goto out;
}
+
clen = convert_string(CH_UNIX, CH_DISPLAY, p, ret, p2, maxlen, True);
if (clen >= maxlen) {
@@ -72,10 +75,11 @@ again:
}
/* good, its converted OK */
- SAFE_FREE(p);
ret = fwrite(p2, 1, clen, f);
- SAFE_FREE(p2);
+out:
+ SAFE_FREE(p);
+ SAFE_FREE(p2);
va_end(ap2);
return ret;
diff --git a/source3/libsmb/clikrb5.c b/source3/libsmb/clikrb5.c
index 9f86b8b2f8..a95a25c74a 100644
--- a/source3/libsmb/clikrb5.c
+++ b/source3/libsmb/clikrb5.c
@@ -1417,7 +1417,7 @@ done:
addrs = (krb5_address **)SMB_MALLOC(sizeof(krb5_address *) * num_addr);
if (addrs == NULL) {
- SAFE_FREE(kerb_addr);
+ SAFE_FREE(*kerb_addr);
return ENOMEM;
}
@@ -1426,7 +1426,7 @@ done:
addrs[0] = (krb5_address *)SMB_MALLOC(sizeof(krb5_address));
if (addrs[0] == NULL) {
SAFE_FREE(addrs);
- SAFE_FREE(kerb_addr);
+ SAFE_FREE(*kerb_addr);
return ENOMEM;
}
@@ -1437,7 +1437,7 @@ done:
if (addrs[0]->contents == NULL) {
SAFE_FREE(addrs[0]);
SAFE_FREE(addrs);
- SAFE_FREE(kerb_addr);
+ SAFE_FREE(*kerb_addr);
return ENOMEM;
}
@@ -1449,7 +1449,7 @@ done:
{
addrs = (krb5_addresses *)SMB_MALLOC(sizeof(krb5_addresses));
if (addrs == NULL) {
- SAFE_FREE(kerb_addr);
+ SAFE_FREE(*kerb_addr);
return ENOMEM;
}
@@ -1469,7 +1469,7 @@ done:
if (addrs->val[0].address.data == NULL) {
SAFE_FREE(addrs->val);
SAFE_FREE(addrs);
- SAFE_FREE(kerb_addr);
+ SAFE_FREE(*kerb_addr);
return ENOMEM;
}
diff --git a/source3/nmbd/nmbd_incomingrequests.c b/source3/nmbd/nmbd_incomingrequests.c
index ebe1948141..63f9a3a45c 100644
--- a/source3/nmbd/nmbd_incomingrequests.c
+++ b/source3/nmbd/nmbd_incomingrequests.c
@@ -314,14 +314,14 @@ void process_node_status_request(struct subnet_record *subrec, struct packet_str
char rdata[MAX_DGRAM_SIZE];
char *countptr, *buf, *bufend, *buf0;
int names_added,i;
- struct name_record *namerec;
+ struct name_record *namerec = NULL;
pull_ascii_nstring(qname, sizeof(qname), nmb->question.question_name.name);
DEBUG(3,("process_node_status_request: status request for name %s from IP %s on \
subnet %s.\n", nmb_namestr(&nmb->question.question_name), inet_ntoa(p->ip), subrec->subnet_name));
- if((namerec = find_name_on_subnet(subrec, &nmb->question.question_name, FIND_SELF_NAME)) == 0) {
+ if(find_name_on_subnet(subrec, &nmb->question.question_name, FIND_SELF_NAME) == 0) {
DEBUG(1,("process_node_status_request: status request for name %s from IP %s on \
subnet %s - name not found.\n", nmb_namestr(&nmb->question.question_name),
inet_ntoa(p->ip), subrec->subnet_name));
diff --git a/source3/nmbd/nmbd_serverlistdb.c b/source3/nmbd/nmbd_serverlistdb.c
index 28c164fc14..0728f29c32 100644
--- a/source3/nmbd/nmbd_serverlistdb.c
+++ b/source3/nmbd/nmbd_serverlistdb.c
@@ -128,7 +128,7 @@ struct server_record *create_server_on_workgroup(struct work_record *work,
return (NULL);
}
- if((servrec = find_server_in_workgroup(work, name)) != NULL) {
+ if(find_server_in_workgroup(work, name) != NULL) {
DEBUG(0,("create_server_on_workgroup: Server %s already exists on \
workgroup %s. This is a bug.\n", name, work->work_group));
return NULL;
diff --git a/source3/passdb/pdb_interface.c b/source3/passdb/pdb_interface.c
index b13644bac3..486b5b1b80 100644
--- a/source3/passdb/pdb_interface.c
+++ b/source3/passdb/pdb_interface.c
@@ -605,6 +605,9 @@ static NTSTATUS pdb_default_delete_dom_group(struct pdb_methods *methods,
struct group *grp;
const char *grp_name;
+ /* coverity */
+ map.gid = (gid_t) -1;
+
sid_compose(&group_sid, get_global_sam_sid(), rid);
if (!get_domain_group_from_sid(group_sid, &map)) {
@@ -780,6 +783,9 @@ static NTSTATUS pdb_default_add_groupmem(struct pdb_methods *methods,
const char *group_name;
uid_t uid;
+ /* coverity */
+ map.gid = (gid_t) -1;
+
sid_compose(&group_sid, get_global_sam_sid(), group_rid);
sid_compose(&member_sid, get_global_sam_sid(), member_rid);
diff --git a/source3/passdb/pdb_ldap.c b/source3/passdb/pdb_ldap.c
index f031483ea1..043b620756 100644
--- a/source3/passdb/pdb_ldap.c
+++ b/source3/passdb/pdb_ldap.c
@@ -4221,6 +4221,7 @@ const char **talloc_attrs(TALLOC_CTX *mem_ctx, ...)
result[i] = talloc_strdup(result, va_arg(ap, const char*));
if (result[i] == NULL) {
talloc_free(result);
+ va_end(ap);
return NULL;
}
}
diff --git a/source3/rpc_client/cli_spoolss.c b/source3/rpc_client/cli_spoolss.c
index 69cee6c8e8..30a707f943 100644
--- a/source3/rpc_client/cli_spoolss.c
+++ b/source3/rpc_client/cli_spoolss.c
@@ -521,7 +521,8 @@ WERROR rpccli_spoolss_enum_printers(struct rpc_pipe_client *cli, TALLOC_CTX *mem
ZERO_STRUCT(out);
offered = 0;
- rpcbuf_init(&buffer, offered, mem_ctx);
+ if (!rpcbuf_init(&buffer, offered, mem_ctx))
+ return WERR_NOMEM;
make_spoolss_q_enumprinters( &in, flags, name, level, &buffer, offered );
CLI_DO_RPC_WERR( cli, mem_ctx, &syntax_spoolss, SPOOLSS_ENUMPRINTERS,
@@ -537,7 +538,8 @@ WERROR rpccli_spoolss_enum_printers(struct rpc_pipe_client *cli, TALLOC_CTX *mem
ZERO_STRUCT(in);
ZERO_STRUCT(out);
- rpcbuf_init(&buffer, offered, mem_ctx);
+ if (!rpcbuf_init(&buffer, offered, mem_ctx))
+ return WERR_NOMEM;
make_spoolss_q_enumprinters( &in, flags, name, level, &buffer, offered );
CLI_DO_RPC_WERR( cli, mem_ctx, &syntax_spoolss, SPOOLSS_ENUMPRINTERS,
@@ -601,7 +603,8 @@ WERROR rpccli_spoolss_enum_ports(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ct
strupper_m(server);
offered = 0;
- rpcbuf_init(&buffer, offered, mem_ctx);
+ if (!rpcbuf_init(&buffer, offered, mem_ctx))
+ return WERR_NOMEM;
make_spoolss_q_enumports( &in, server, level, &buffer, offered );
CLI_DO_RPC_WERR( cli, mem_ctx, &syntax_spoolss, SPOOLSS_ENUMPORTS,
@@ -617,7 +620,8 @@ WERROR rpccli_spoolss_enum_ports(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ct
ZERO_STRUCT(in);
ZERO_STRUCT(out);
- rpcbuf_init(&buffer, offered, mem_ctx);
+ if (!rpcbuf_init(&buffer, offered, mem_ctx))
+ return WERR_NOMEM;
make_spoolss_q_enumports( &in, server, level, &buffer, offered );
CLI_DO_RPC_WERR( cli, mem_ctx, &syntax_spoolss, SPOOLSS_ENUMPORTS,
@@ -670,7 +674,8 @@ WERROR rpccli_spoolss_getprinter(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ct
/* Initialise input parameters */
offered = 0;
- rpcbuf_init(&buffer, offered, mem_ctx);
+ if (!rpcbuf_init(&buffer, offered, mem_ctx))
+ return WERR_NOMEM;
make_spoolss_q_getprinter( mem_ctx, &in, pol, level, &buffer, offered );
CLI_DO_RPC_WERR( cli, mem_ctx, &syntax_spoolss, SPOOLSS_GETPRINTER,
@@ -686,7 +691,8 @@ WERROR rpccli_spoolss_getprinter(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ct
ZERO_STRUCT(in);
ZERO_STRUCT(out);
- rpcbuf_init(&buffer, offered, mem_ctx);
+ if (!rpcbuf_init(&buffer, offered, mem_ctx))
+ return WERR_NOMEM;
make_spoolss_q_getprinter( mem_ctx, &in, pol, level, &buffer, offered );
CLI_DO_RPC_WERR( cli, mem_ctx, &syntax_spoolss, SPOOLSS_GETPRINTER,
@@ -781,7 +787,8 @@ WERROR rpccli_spoolss_getprinterdriver(struct rpc_pipe_client *cli,
strupper_m(server);
offered = 0;
- rpcbuf_init(&buffer, offered, mem_ctx);
+ if (!rpcbuf_init(&buffer, offered, mem_ctx))
+ return WERR_NOMEM;
make_spoolss_q_getprinterdriver2( &in, pol, env, level,
version, 2, &buffer, offered);
@@ -798,7 +805,8 @@ WERROR rpccli_spoolss_getprinterdriver(struct rpc_pipe_client *cli,
ZERO_STRUCT(in);
ZERO_STRUCT(out);
- rpcbuf_init(&buffer, offered, mem_ctx);
+ if (!rpcbuf_init(&buffer, offered, mem_ctx))
+ return WERR_NOMEM;
make_spoolss_q_getprinterdriver2( &in, pol, env, level,
version, 2, &buffer, offered);
@@ -859,7 +867,8 @@ WERROR rpccli_spoolss_enumprinterdrivers (struct rpc_pipe_client *cli,
strupper_m(server);
offered = 0;
- rpcbuf_init(&buffer, offered, mem_ctx);
+ if (!rpcbuf_init(&buffer, offered, mem_ctx))
+ return WERR_NOMEM;
make_spoolss_q_enumprinterdrivers( &in, server, env, level,
&buffer, offered);
@@ -876,7 +885,8 @@ WERROR rpccli_spoolss_enumprinterdrivers (struct rpc_pipe_client *cli,
ZERO_STRUCT(in);
ZERO_STRUCT(out);
- rpcbuf_init(&buffer, offered, mem_ctx);
+ if (!rpcbuf_init(&buffer, offered, mem_ctx))
+ return WERR_NOMEM;
make_spoolss_q_enumprinterdrivers( &in, server, env, level,
&buffer, offered);
@@ -942,7 +952,8 @@ WERROR rpccli_spoolss_getprinterdriverdir (struct rpc_pipe_client *cli,
strupper_m(server);
offered = 0;
- rpcbuf_init(&buffer, offered, mem_ctx);
+ if (!rpcbuf_init(&buffer, offered, mem_ctx))
+ return WERR_NOMEM;
make_spoolss_q_getprinterdriverdir( &in, server, env, level,
&buffer, offered );
@@ -959,7 +970,8 @@ WERROR rpccli_spoolss_getprinterdriverdir (struct rpc_pipe_client *cli,
ZERO_STRUCT(in);
ZERO_STRUCT(out);
- rpcbuf_init(&buffer, offered, mem_ctx);
+ if (!rpcbuf_init(&buffer, offered, mem_ctx))
+ return WERR_NOMEM;
make_spoolss_q_getprinterdriverdir( &in, server, env, level,
&buffer, offered );
@@ -1125,7 +1137,8 @@ WERROR rpccli_spoolss_getprintprocessordirectory(struct rpc_pipe_client *cli,
ZERO_STRUCT(out);
offered = 0;
- rpcbuf_init(&buffer, offered, mem_ctx);
+ if (!rpcbuf_init(&buffer, offered, mem_ctx))
+ return WERR_NOMEM;
make_spoolss_q_getprintprocessordirectory( &in, name,
environment, level, &buffer, offered );
@@ -1142,7 +1155,8 @@ WERROR rpccli_spoolss_getprintprocessordirectory(struct rpc_pipe_client *cli,
ZERO_STRUCT(in);
ZERO_STRUCT(out);
- rpcbuf_init(&buffer, offered, mem_ctx);
+ if (!rpcbuf_init(&buffer, offered, mem_ctx))
+ return WERR_NOMEM;
make_spoolss_q_getprintprocessordirectory( &in, name,
environment, level, &buffer, offered );
@@ -1230,7 +1244,8 @@ WERROR rpccli_spoolss_getform(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx,
ZERO_STRUCT(out);
offered = 0;
- rpcbuf_init(&buffer, offered, mem_ctx);
+ if (!rpcbuf_init(&buffer, offered, mem_ctx))
+ return WERR_NOMEM;
make_spoolss_q_getform( &in, handle, formname, level, &buffer, offered );
CLI_DO_RPC_WERR( cli, mem_ctx, &syntax_spoolss, SPOOLSS_GETFORM,
@@ -1246,7 +1261,8 @@ WERROR rpccli_spoolss_getform(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx,
ZERO_STRUCT(in);
ZERO_STRUCT(out);
- rpcbuf_init(&buffer, offered, mem_ctx);
+ if (!rpcbuf_init(&buffer, offered, mem_ctx))
+ return WERR_NOMEM;
make_spoolss_q_getform( &in, handle, formname, level, &buffer, offered );
CLI_DO_RPC_WERR( cli, mem_ctx, &syntax_spoolss, SPOOLSS_GETFORM,
@@ -1309,7 +1325,8 @@ WERROR rpccli_spoolss_enumforms(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx
ZERO_STRUCT(out);
offered = 0;
- rpcbuf_init(&buffer, offered, mem_ctx);
+ if (!rpcbuf_init(&buffer, offered, mem_ctx))
+ return WERR_NOMEM;
make_spoolss_q_enumforms( &in, handle, level, &buffer, offered );
CLI_DO_RPC_WERR( cli, mem_ctx, &syntax_spoolss, SPOOLSS_ENUMFORMS,
@@ -1325,7 +1342,8 @@ WERROR rpccli_spoolss_enumforms(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx
ZERO_STRUCT(in);
ZERO_STRUCT(out);
- rpcbuf_init(&buffer, offered, mem_ctx);
+ if (!rpcbuf_init(&buffer, offered, mem_ctx))
+ return WERR_NOMEM;
make_spoolss_q_enumforms( &in, handle, level, &buffer, offered );
CLI_DO_RPC_WERR( cli, mem_ctx, &syntax_spoolss, SPOOLSS_ENUMFORMS,
@@ -1365,7 +1383,8 @@ WERROR rpccli_spoolss_enumjobs(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx,
ZERO_STRUCT(out);
offered = 0;
- rpcbuf_init(&buffer, offered, mem_ctx);
+ if (!rpcbuf_init(&buffer, offered, mem_ctx))
+ return WERR_NOMEM;
make_spoolss_q_enumjobs( &in, hnd, firstjob, num_jobs, level,
&buffer, offered );
@@ -1382,7 +1401,8 @@ WERROR rpccli_spoolss_enumjobs(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx,
ZERO_STRUCT(in);
ZERO_STRUCT(out);
- rpcbuf_init(&buffer, offered, mem_ctx);
+ if (!rpcbuf_init(&buffer, offered, mem_ctx))
+ return WERR_NOMEM;
make_spoolss_q_enumjobs( &in, hnd, firstjob, num_jobs, level,
&buffer, offered );
@@ -1461,7 +1481,8 @@ WERROR rpccli_spoolss_getjob(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx,
ZERO_STRUCT(out);
offered = 0;
- rpcbuf_init(&buffer, offered, mem_ctx);
+ if (!rpcbuf_init(&buffer, offered, mem_ctx))
+ return WERR_NOMEM;
make_spoolss_q_getjob( &in, hnd, jobid, level, &buffer, offered );
CLI_DO_RPC_WERR( cli, mem_ctx, &syntax_spoolss, SPOOLSS_GETJOB,
@@ -1477,7 +1498,8 @@ WERROR rpccli_spoolss_getjob(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx,
ZERO_STRUCT(in);
ZERO_STRUCT(out);
- rpcbuf_init(&buffer, offered, mem_ctx);
+ if (!rpcbuf_init(&buffer, offered, mem_ctx))
+ return WERR_NOMEM;
make_spoolss_q_getjob( &in, hnd, jobid, level, &buffer, offered );
CLI_DO_RPC_WERR( cli, mem_ctx, &syntax_spoolss, SPOOLSS_GETJOB,
diff --git a/source3/rpc_parse/parse_buffer.c b/source3/rpc_parse/parse_buffer.c
index b5177cc634..99546ef3fb 100644
--- a/source3/rpc_parse/parse_buffer.c
+++ b/source3/rpc_parse/parse_buffer.c
@@ -30,14 +30,15 @@
/**********************************************************************
Initialize a new spoolss buff for use by a client rpc
**********************************************************************/
-void rpcbuf_init(RPC_BUFFER *buffer, uint32 size, TALLOC_CTX *ctx)
+bool rpcbuf_init(RPC_BUFFER *buffer, uint32 size, TALLOC_CTX *ctx)
{
buffer->size = size;
buffer->string_at_end = size;
- if (prs_init(&buffer->prs, size, ctx, MARSHALL))
- buffer->struct_start = prs_offset(&buffer->prs);
- else
- buffer->struct_start = 0;
+ if (!prs_init(&buffer->prs, size, ctx, MARSHALL))
+ return false;
+
+ buffer->struct_start = prs_offset(&buffer->prs);
+ return true;
}
/*******************************************************************
diff --git a/source3/rpc_server/srv_pipe.c b/source3/rpc_server/srv_pipe.c
index 4f78d69bcc..343342a06c 100644
--- a/source3/rpc_server/srv_pipe.c
+++ b/source3/rpc_server/srv_pipe.c
@@ -706,7 +706,7 @@ static int rpc_lookup_size;
bool api_pipe_bind_auth3(pipes_struct *p, prs_struct *rpc_in_p)
{
RPC_HDR_AUTH auth_info;
- uint32 pad;
+ uint32 pad = 0;
DATA_BLOB blob;
ZERO_STRUCT(blob);
@@ -1839,6 +1839,8 @@ bool api_pipe_alter_context(pipes_struct *p, prs_struct *rpc_in_p)
return False;
}
+ ZERO_STRUCT(hdr_rb);
+
DEBUG(5,("api_pipe_alter_context: decode request. %d\n", __LINE__));
/* decode the alter context request */
diff --git a/source3/rpc_server/srv_spoolss_nt.c b/source3/rpc_server/srv_spoolss_nt.c
index 123cbf9335..ba2fe774b8 100644
--- a/source3/rpc_server/srv_spoolss_nt.c
+++ b/source3/rpc_server/srv_spoolss_nt.c
@@ -9927,7 +9927,8 @@ WERROR _spoolss_xcvdataport(pipes_struct *p, SPOOL_Q_XCVDATAPORT *q_u, SPOOL_R_X
/* Allocate the outgoing buffer */
- rpcbuf_init( &r_u->outdata, q_u->offered, p->mem_ctx );
+ if (!rpcbuf_init( &r_u->outdata, q_u->offered, p->mem_ctx ))
+ return WERR_NOMEM;
switch ( Printer->printer_type ) {
case SPLHND_PORTMON_TCP:
diff --git a/source3/rpc_server/srv_svcctl_nt.c b/source3/rpc_server/srv_svcctl_nt.c
index 3b044944d9..33bf3d0098 100644
--- a/source3/rpc_server/srv_svcctl_nt.c
+++ b/source3/rpc_server/srv_svcctl_nt.c
@@ -580,7 +580,6 @@ WERROR _svcctl_QueryServiceStatusEx(pipes_struct *p,
/* we have to set the outgoing buffer size to the same as the
incoming buffer size (even in the case of failure) */
-
*r->out.bytes_needed = r->in.buf_size;
switch ( r->in.info_level ) {
@@ -736,7 +735,6 @@ WERROR _svcctl_QueryServiceConfig2W(pipes_struct *p,
/* we have to set the outgoing buffer size to the same as the
incoming buffer size (even in the case of failure */
-
*r->out.bytes_needed = r->in.buf_size;
switch ( r->in.info_level ) {
diff --git a/source3/utils/net_rpc.c b/source3/utils/net_rpc.c
index 652f0b531b..c000b58098 100644
--- a/source3/utils/net_rpc.c
+++ b/source3/utils/net_rpc.c
@@ -4064,7 +4064,11 @@ static bool get_user_sids(const char *domain, const char *user, NT_USER_TOKEN *t
return false;
}
- string_to_sid(&user_sid, sid_str);
+ if (!string_to_sid(&user_sid, sid_str)) {
+ DEBUG(1,("Could not convert sid %s from string\n", sid_str));
+ return false;
+ }
+
wbcFreeMemory(sid_str);
sid_str = NULL;
@@ -4200,7 +4204,11 @@ static bool get_user_tokens_from_file(FILE *f,
/* We have a SID */
DOM_SID sid;
- string_to_sid(&sid, &line[1]);
+ if(!string_to_sid(&sid, &line[1])) {
+ DEBUG(1,("get_user_tokens_from_file: Could "
+ "not convert sid %s \n",&line[1]));
+ return false;
+ }
if (token == NULL) {
DEBUG(0, ("File does not begin with username"));
diff --git a/source3/winbindd/winbindd_group.c b/source3/winbindd/winbindd_group.c
index 7432bda451..bc532bbce7 100644
--- a/source3/winbindd/winbindd_group.c
+++ b/source3/winbindd/winbindd_group.c
@@ -991,7 +991,13 @@ static void getgrgid_recv(void *private_data, bool success, const char *sid)
DEBUG(10,("getgrgid_recv: gid %lu has sid %s\n",
(unsigned long)(state->request.data.gid), sid));
- string_to_sid(&group_sid, sid);
+ if (!string_to_sid(&group_sid, sid)) {
+ DEBUG(1,("getgrgid_recv: Could not convert sid %s "
+ "from string\n", sid));
+ request_error(state);
+ return;
+ }
+
winbindd_getgrsid(state, group_sid);
return;
}
diff --git a/source3/winbindd/winbindd_user.c b/source3/winbindd/winbindd_user.c
index fd1fdd3699..5356e16a74 100644
--- a/source3/winbindd/winbindd_user.c
+++ b/source3/winbindd/winbindd_user.c
@@ -527,7 +527,13 @@ static void getpwuid_recv(void *private_data, bool success, const char *sid)
DEBUG(10,("uid2sid_recv: uid %lu has sid %s\n",
(unsigned long)(state->request.data.uid), sid));
- string_to_sid(&user_sid, sid);
+ if (!string_to_sid(&user_sid, sid)) {
+ DEBUG(1,("uid2sid_recv: Could not convert sid %s "
+ "from string\n,", sid));
+ request_error(state);
+ return;
+ }
+
winbindd_getpwsid(state, &user_sid);
}
diff --git a/source3/winbindd/winbindd_util.c b/source3/winbindd/winbindd_util.c
index 748099a32e..2d87015fec 100644
--- a/source3/winbindd/winbindd_util.c
+++ b/source3/winbindd/winbindd_util.c
@@ -682,8 +682,16 @@ static void init_child_recv(void *private_data, bool success)
state->response->data.domain_info.name);
fstrcpy(state->domain->alt_name,
state->response->data.domain_info.alt_name);
- string_to_sid(&state->domain->sid,
- state->response->data.domain_info.sid);
+ if (!string_to_sid(&state->domain->sid,
+ state->response->data.domain_info.sid)) {
+ DEBUG(1,("init_child_recv: Could not convert sid %s "
+ "from string\n",
+ state->response->data.domain_info.sid));
+ state->continuation(state->private_data, False);
+ talloc_destroy(state->mem_ctx);
+ return;
+ }
+
state->domain->native_mode =
state->response->data.domain_info.native_mode;
state->domain->active_directory =
diff --git a/source3/winbindd/winbindd_wins.c b/source3/winbindd/winbindd_wins.c
index 4a3d2682b6..f9ba13ffda 100644
--- a/source3/winbindd/winbindd_wins.c
+++ b/source3/winbindd/winbindd_wins.c
@@ -46,9 +46,15 @@ static int wins_lookup_open_socket_in(void)
if (res == -1)
return -1;
- setsockopt(res,SOL_SOCKET,SO_REUSEADDR,(char *)&val,sizeof(val));
+ if (setsockopt(res,SOL_SOCKET,SO_REUSEADDR,(char *)&val,sizeof(val))) {
+ close(res);
+ return -1;
+ }
#ifdef SO_REUSEPORT
- setsockopt(res,SOL_SOCKET,SO_REUSEPORT,(char *)&val,sizeof(val));
+ if (setsockopt(res,SOL_SOCKET,SO_REUSEPORT,(char *)&val,sizeof(val))) {
+ close(res);
+ return -1;
+ }
#endif /* SO_REUSEPORT */
/* now we've got a socket - we need to bind it */