diff options
-rw-r--r-- | source3/include/rpc_samr.h | 16 | ||||
-rw-r--r-- | source3/rpc_parse/parse_samr.c | 120 | ||||
-rw-r--r-- | source3/rpc_server/srv_samr_nt.c | 44 |
3 files changed, 126 insertions, 54 deletions
diff --git a/source3/include/rpc_samr.h b/source3/include/rpc_samr.h index 20a4f5b8a0..18b0a8c143 100644 --- a/source3/include/rpc_samr.h +++ b/source3/include/rpc_samr.h @@ -816,8 +816,8 @@ typedef struct samr_str_entry_info2 typedef struct sam_entry_info_2 { - SAM_ENTRY2 sam[MAX_SAM_ENTRIES]; - SAM_STR2 str[MAX_SAM_ENTRIES]; + SAM_ENTRY2 *sam; + SAM_STR2 *str; } SAM_DISPINFO_2; @@ -845,8 +845,8 @@ typedef struct samr_str_entry_info3 typedef struct sam_entry_info_3 { - SAM_ENTRY3 sam[MAX_SAM_ENTRIES]; - SAM_STR3 str[MAX_SAM_ENTRIES]; + SAM_ENTRY3 *sam; + SAM_STR3 *str; } SAM_DISPINFO_3; @@ -868,8 +868,8 @@ typedef struct samr_str_entry_info4 typedef struct sam_entry_info_4 { - SAM_ENTRY4 sam[MAX_SAM_ENTRIES]; - SAM_STR4 str[MAX_SAM_ENTRIES]; + SAM_ENTRY4 *sam; + SAM_STR4 *str; } SAM_DISPINFO_4; @@ -891,8 +891,8 @@ typedef struct samr_str_entry_info5 typedef struct sam_entry_info_5 { - SAM_ENTRY5 sam[MAX_SAM_ENTRIES]; - SAM_STR5 str[MAX_SAM_ENTRIES]; + SAM_ENTRY5 *sam; + SAM_STR5 *str; } SAM_DISPINFO_5; diff --git a/source3/rpc_parse/parse_samr.c b/source3/rpc_parse/parse_samr.c index c4fd679003..b173b34403 100644 --- a/source3/rpc_parse/parse_samr.c +++ b/source3/rpc_parse/parse_samr.c @@ -1386,7 +1386,7 @@ BOOL samr_io_q_query_dispinfo(char *desc, SAMR_Q_QUERY_DISPINFO * q_e, inits a SAM_DISPINFO_1 structure. ********************************************************************/ -void init_sam_dispinfo_1(SAM_DISPINFO_1 * sam, uint32 *num_entries, +uint32 init_sam_dispinfo_1(TALLOC_CTX *ctx, SAM_DISPINFO_1 *sam, uint32 *num_entries, uint32 *data_size, uint32 start_idx, SAM_USER_INFO_21 pass[MAX_SAM_ENTRIES]) { @@ -1403,7 +1403,19 @@ void init_sam_dispinfo_1(SAM_DISPINFO_1 * sam, uint32 *num_entries, DEBUG(5, ("init_sam_dispinfo_1: max_entries: %d max_dsize: 0x%x\n", max_entries, max_data_size)); + sam->sam=(SAM_ENTRY1 *)talloc(ctx, max_entries*sizeof(SAM_ENTRY1)); + if (!sam->sam) + return NT_STATUS_NO_MEMORY; + + sam->str=(SAM_STR1 *)talloc(ctx, max_entries*sizeof(SAM_STR1)); + if (!sam->str) + return NT_STATUS_NO_MEMORY; + + ZERO_STRUCTP(sam->sam); + ZERO_STRUCTP(sam->str); + for (i = 0; (i < max_entries) && (dsize < max_data_size); i++) { + DEBUG(5, ("init_sam_dispinfo_1: entry: %d\n",i)); len_sam_name = pass[i].uni_user_name.uni_str_len; len_sam_full = pass[i].uni_full_name.uni_str_len; len_sam_desc = pass[i].uni_acct_desc.uni_str_len; @@ -1412,6 +1424,10 @@ void init_sam_dispinfo_1(SAM_DISPINFO_1 * sam, uint32 *num_entries, len_sam_name, len_sam_full, len_sam_desc, pass[i].user_rid, pass[i].acb_info); + ZERO_STRUCTP(&sam->str[i].uni_acct_name); + ZERO_STRUCTP(&sam->str[i].uni_full_name); + ZERO_STRUCTP(&sam->str[i].uni_acct_desc); + copy_unistr2(&sam->str[i].uni_acct_name, &pass[i].uni_user_name); copy_unistr2(&sam->str[i].uni_full_name, &pass[i].uni_full_name); copy_unistr2(&sam->str[i].uni_acct_desc, &pass[i].uni_acct_desc); @@ -1422,6 +1438,8 @@ void init_sam_dispinfo_1(SAM_DISPINFO_1 * sam, uint32 *num_entries, *num_entries = i; *data_size = dsize; + + return NT_STATUS_NO_PROBLEMO; } /******************************************************************* @@ -1477,7 +1495,7 @@ static BOOL sam_io_sam_dispinfo_1(char *desc, SAM_DISPINFO_1 * sam, inits a SAM_DISPINFO_2 structure. ********************************************************************/ -void init_sam_dispinfo_2(SAM_DISPINFO_2 * sam, uint32 *num_entries, +uint32 init_sam_dispinfo_2(TALLOC_CTX *ctx, SAM_DISPINFO_2 *sam, uint32 *num_entries, uint32 *data_size, uint32 start_idx, SAM_USER_INFO_21 pass[MAX_SAM_ENTRIES]) { @@ -1493,6 +1511,15 @@ void init_sam_dispinfo_2(SAM_DISPINFO_2 * sam, uint32 *num_entries, max_entries = *num_entries; max_data_size = *data_size; + if (!(sam->sam=(SAM_ENTRY2 *)talloc(ctx, max_entries*sizeof(SAM_ENTRY2)))) + return NT_STATUS_NO_MEMORY; + + if (!(sam->str=(SAM_STR2 *)talloc(ctx, max_entries*sizeof(SAM_STR2)))) + return NT_STATUS_NO_MEMORY; + + ZERO_STRUCTP(sam->sam); + ZERO_STRUCTP(sam->str); + for (i = 0; (i < max_entries) && (dsize < max_data_size); i++) { len_sam_name = pass[i].uni_user_name.uni_str_len; len_sam_desc = pass[i].uni_acct_desc.uni_str_len; @@ -1501,10 +1528,11 @@ void init_sam_dispinfo_2(SAM_DISPINFO_2 * sam, uint32 *num_entries, len_sam_name, len_sam_desc, pass[i].user_rid, pass[i].acb_info); - copy_unistr2(&sam->str[i].uni_srv_name, - &pass[i].uni_user_name); - copy_unistr2(&sam->str[i].uni_srv_desc, - &pass[i].uni_acct_desc); + ZERO_STRUCTP(&sam->str[i].uni_srv_name); + ZERO_STRUCTP(&sam->str[i].uni_srv_desc); + + copy_unistr2(&sam->str[i].uni_srv_name, &pass[i].uni_user_name); + copy_unistr2(&sam->str[i].uni_srv_desc, &pass[i].uni_acct_desc); dsize += sizeof(SAM_ENTRY2); dsize += len_sam_name + len_sam_desc; @@ -1512,6 +1540,8 @@ void init_sam_dispinfo_2(SAM_DISPINFO_2 * sam, uint32 *num_entries, *num_entries = i; *data_size = dsize; + + return NT_STATUS_NO_PROBLEMO; } /******************************************************************* @@ -1554,7 +1584,7 @@ static BOOL sam_io_sam_dispinfo_2(char *desc, SAM_DISPINFO_2 * sam, inits a SAM_DISPINFO_3 structure. ********************************************************************/ -void init_sam_dispinfo_3(SAM_DISPINFO_3 * sam, uint32 *num_entries, +uint32 init_sam_dispinfo_3(TALLOC_CTX *ctx, SAM_DISPINFO_3 *sam, uint32 *num_entries, uint32 *data_size, uint32 start_idx, DOMAIN_GRP * grp) { @@ -1570,6 +1600,15 @@ void init_sam_dispinfo_3(SAM_DISPINFO_3 * sam, uint32 *num_entries, max_entries = *num_entries; max_data_size = *data_size; + if (!(sam->sam=(SAM_ENTRY3 *)talloc(ctx, max_entries*sizeof(SAM_ENTRY3)))) + return NT_STATUS_NO_MEMORY; + + if (!(sam->str=(SAM_STR3 *)talloc(ctx, max_entries*sizeof(SAM_STR3)))) + return NT_STATUS_NO_MEMORY; + + ZERO_STRUCTP(sam->sam); + ZERO_STRUCTP(sam->str); + for (i = 0; (i < max_entries) && (dsize < max_data_size); i++) { len_sam_name = strlen(grp[i].name); len_sam_desc = strlen(grp[i].comment); @@ -1586,6 +1625,8 @@ void init_sam_dispinfo_3(SAM_DISPINFO_3 * sam, uint32 *num_entries, *num_entries = i; *data_size = dsize; + + return NT_STATUS_NO_PROBLEMO; } /******************************************************************* @@ -1628,7 +1669,7 @@ static BOOL sam_io_sam_dispinfo_3(char *desc, SAM_DISPINFO_3 * sam, inits a SAM_DISPINFO_4 structure. ********************************************************************/ -void init_sam_dispinfo_4(SAM_DISPINFO_4 * sam, uint32 *num_entries, +uint32 init_sam_dispinfo_4(TALLOC_CTX *ctx, SAM_DISPINFO_4 *sam, uint32 *num_entries, uint32 *data_size, uint32 start_idx, SAM_USER_INFO_21 pass[MAX_SAM_ENTRIES]) { @@ -1645,16 +1686,22 @@ void init_sam_dispinfo_4(SAM_DISPINFO_4 * sam, uint32 *num_entries, max_entries = *num_entries; max_data_size = *data_size; + if (!(sam->sam=(SAM_ENTRY4 *)talloc(ctx, max_entries*sizeof(SAM_ENTRY4)))) + return NT_STATUS_NO_MEMORY; + + if (!(sam->str=(SAM_STR4 *)talloc(ctx, max_entries*sizeof(SAM_STR4)))) + return NT_STATUS_NO_MEMORY; + + ZERO_STRUCTP(sam->sam); + ZERO_STRUCTP(sam->str); + for (i = 0; (i < max_entries) && (dsize < max_data_size); i++) { len_sam_name = pass[i].uni_user_name.uni_str_len; - init_sam_entry4(&sam->sam[i], start_idx + i + 1, - len_sam_name); - - unistr2_to_ascii(sam_name, &pass[i].uni_user_name, - sizeof(sam_name)); - init_string2(&sam->str[i].acct_name, sam_name, - len_sam_name); + init_sam_entry4(&sam->sam[i], start_idx + i + 1, len_sam_name); + + unistr2_to_ascii(sam_name, &pass[i].uni_user_name, sizeof(sam_name)); + init_string2(&sam->str[i].acct_name, sam_name, len_sam_name); dsize += sizeof(SAM_ENTRY4); dsize += len_sam_name; @@ -1662,6 +1709,8 @@ void init_sam_dispinfo_4(SAM_DISPINFO_4 * sam, uint32 *num_entries, *num_entries = i; *data_size = dsize; + + return NT_STATUS_NO_PROBLEMO; } /******************************************************************* @@ -1705,7 +1754,7 @@ static BOOL sam_io_sam_dispinfo_4(char *desc, SAM_DISPINFO_4 * sam, inits a SAM_DISPINFO_5 structure. ********************************************************************/ -void init_sam_dispinfo_5(SAM_DISPINFO_5 * sam, uint32 *num_entries, +uint32 init_sam_dispinfo_5(TALLOC_CTX *ctx, SAM_DISPINFO_5 *sam, uint32 *num_entries, uint32 *data_size, uint32 start_idx, DOMAIN_GRP * grp) { @@ -1721,14 +1770,20 @@ void init_sam_dispinfo_5(SAM_DISPINFO_5 * sam, uint32 *num_entries, max_entries = *num_entries; max_data_size = *data_size; + if (!(sam->sam=(SAM_ENTRY5 *)talloc(ctx, max_entries*sizeof(SAM_ENTRY5)))) + return NT_STATUS_NO_MEMORY; + + if (!(sam->str=(SAM_STR5 *)talloc(ctx, max_entries*sizeof(SAM_STR5)))) + return NT_STATUS_NO_MEMORY; + + ZERO_STRUCTP(sam->sam); + ZERO_STRUCTP(sam->str); + for (i = 0; (i < max_entries) && (dsize < max_data_size); i++) { len_sam_name = strlen(grp[i].name); - init_sam_entry5(&sam->sam[i], start_idx + i + 1, - len_sam_name); - - init_string2(&sam->str[i].grp_name, grp[i].name, - len_sam_name); + init_sam_entry5(&sam->sam[i], start_idx + i + 1, len_sam_name); + init_string2(&sam->str[i].grp_name, grp[i].name, len_sam_name); dsize += sizeof(SAM_ENTRY5); dsize += len_sam_name; @@ -1736,6 +1791,8 @@ void init_sam_dispinfo_5(SAM_DISPINFO_5 * sam, uint32 *num_entries, *num_entries = i; *data_size = dsize; + + return NT_STATUS_NO_PROBLEMO; } /******************************************************************* @@ -4302,7 +4359,7 @@ BOOL samr_io_r_query_aliasmem(char *desc, SAMR_R_QUERY_ALIASMEM * r_u, inits a SAMR_Q_LOOKUP_NAMES structure. ********************************************************************/ -void init_samr_q_lookup_names(TALLOC_CTX *ctx, SAMR_Q_LOOKUP_NAMES * q_u, +uint32 init_samr_q_lookup_names(TALLOC_CTX *ctx, SAMR_Q_LOOKUP_NAMES * q_u, POLICY_HND *pol, uint32 flags, uint32 num_names, char **name) { @@ -4317,14 +4374,19 @@ void init_samr_q_lookup_names(TALLOC_CTX *ctx, SAMR_Q_LOOKUP_NAMES * q_u, q_u->ptr = 0; q_u->num_names2 = num_names; - q_u->hdr_name = (UNIHDR *)talloc_zero(ctx, num_names * sizeof(UNIHDR)); - q_u->uni_name = (UNISTR2 *)talloc_zero(ctx, num_names * sizeof(UNISTR2)); + if (!(q_u->hdr_name = (UNIHDR *)talloc_zero(ctx, num_names * sizeof(UNIHDR)))) + return NT_STATUS_NO_MEMORY; + + if (!(q_u->uni_name = (UNISTR2 *)talloc_zero(ctx, num_names * sizeof(UNISTR2)))) + return NT_STATUS_NO_MEMORY; for (i = 0; i < num_names; i++) { int len_name = name[i] != NULL ? strlen(name[i]) : 0; init_uni_hdr(&q_u->hdr_name[i], len_name); /* unicode header for user_name */ init_unistr2(&q_u->uni_name[i], name[i], len_name); /* unicode string for machine account */ } + + return NT_STATUS_NO_PROBLEMO; } /******************************************************************* @@ -4386,7 +4448,7 @@ BOOL samr_io_q_lookup_names(char *desc, SAMR_Q_LOOKUP_NAMES * q_u, inits a SAMR_R_LOOKUP_NAMES structure. ********************************************************************/ -void init_samr_r_lookup_names(TALLOC_CTX *ctx, SAMR_R_LOOKUP_NAMES * r_u, +uint32 init_samr_r_lookup_names(TALLOC_CTX *ctx, SAMR_R_LOOKUP_NAMES * r_u, uint32 num_rids, uint32 *rid, uint32 *type, uint32 status) @@ -4404,8 +4466,10 @@ void init_samr_r_lookup_names(TALLOC_CTX *ctx, SAMR_R_LOOKUP_NAMES * r_u, r_u->ptr_rids = 1; r_u->num_rids2 = num_rids; - r_u->rids = (uint32 *)talloc_zero(ctx, sizeof(uint32)*num_rids); - r_u->types = (uint32 *)talloc_zero(ctx, sizeof(uint32)*num_rids); + if (!(r_u->rids = (uint32 *)talloc_zero(ctx, sizeof(uint32)*num_rids))) + return NT_STATUS_NO_MEMORY; + if (!(r_u->types = (uint32 *)talloc_zero(ctx, sizeof(uint32)*num_rids))) + return NT_STATUS_NO_MEMORY; if (!r_u->rids || !r_u->types) goto empty; @@ -4430,6 +4494,8 @@ void init_samr_r_lookup_names(TALLOC_CTX *ctx, SAMR_R_LOOKUP_NAMES * r_u, } r_u->status = status; + + return NT_STATUS_NO_PROBLEMO; } /******************************************************************* diff --git a/source3/rpc_server/srv_samr_nt.c b/source3/rpc_server/srv_samr_nt.c index 502774e986..5106271c60 100644 --- a/source3/rpc_server/srv_samr_nt.c +++ b/source3/rpc_server/srv_samr_nt.c @@ -770,7 +770,7 @@ static void make_group_sam_entry_list(TALLOC_CTX *ctx, SAM_ENTRY **sam_pp, UNIST Get the group entries - similar to get_sampwd_entries(). ********************************************************************/ -static BOOL get_group_alias_entries(DOMAIN_GRP **d_grp, DOM_SID *sid, uint32 start_idx, +static BOOL get_group_alias_entries(TALLOC_CTX *ctx, DOMAIN_GRP **d_grp, DOM_SID *sid, uint32 start_idx, uint32 *p_num_entries, uint32 max_entries) { fstring sid_str; @@ -789,7 +789,7 @@ static BOOL get_group_alias_entries(DOMAIN_GRP **d_grp, DOM_SID *sid, uint32 sta enum_group_mapping(SID_NAME_WKN_GRP, &map, &num_entries, ENUM_ONLY_MAPPED); - *d_grp=(DOMAIN_GRP *)malloc(num_entries*sizeof(DOMAIN_GRP)); + *d_grp=(DOMAIN_GRP *)talloc(ctx, num_entries*sizeof(DOMAIN_GRP)); if (*d_grp==NULL) return NT_STATUS_NO_MEMORY; @@ -862,7 +862,7 @@ static BOOL get_group_alias_entries(DOMAIN_GRP **d_grp, DOM_SID *sid, uint32 sta continue; } - *d_grp=Realloc(*d_grp, (num_entries+1)*sizeof(DOMAIN_GRP)); + *d_grp=talloc_realloc(ctx,*d_grp, (num_entries+1)*sizeof(DOMAIN_GRP)); if (*d_grp==NULL) { grent_free(glist); return NT_STATUS_NO_MEMORY; @@ -885,7 +885,7 @@ static BOOL get_group_alias_entries(DOMAIN_GRP **d_grp, DOM_SID *sid, uint32 sta Get the group entries - similar to get_sampwd_entries(). ********************************************************************/ -static BOOL get_group_domain_entries(DOMAIN_GRP **d_grp, DOM_SID *sid, uint32 start_idx, +static BOOL get_group_domain_entries(TALLOC_CTX *ctx, DOMAIN_GRP **d_grp, DOM_SID *sid, uint32 start_idx, uint32 *p_num_entries, uint32 max_entries) { GROUP_MAP *map=NULL; @@ -896,7 +896,7 @@ static BOOL get_group_domain_entries(DOMAIN_GRP **d_grp, DOM_SID *sid, uint32 st enum_group_mapping(SID_NAME_DOM_GRP, &map, &num_entries, ENUM_ONLY_MAPPED); - *d_grp=(DOMAIN_GRP *)malloc(num_entries*sizeof(DOMAIN_GRP)); + *d_grp=(DOMAIN_GRP *)talloc(ctx, num_entries*sizeof(DOMAIN_GRP)); if (*d_grp==NULL) return False; @@ -934,7 +934,7 @@ uint32 _samr_enum_dom_groups(pipes_struct *p, SAMR_Q_ENUM_DOM_GROUPS *q_u, SAMR_ DEBUG(5,("samr_reply_enum_dom_groups: %d\n", __LINE__)); /* the domain group array is being allocated in the function below */ - get_group_domain_entries(&grp, &sid, q_u->start_idx, &num_entries, MAX_SAM_ENTRIES); + get_group_domain_entries(p->mem_ctx, &grp, &sid, q_u->start_idx, &num_entries, MAX_SAM_ENTRIES); make_group_sam_entry_list(p->mem_ctx, &r_u->sam, &r_u->uni_grp_name, num_entries, grp); @@ -967,7 +967,7 @@ uint32 _samr_enum_dom_aliases(pipes_struct *p, SAMR_Q_ENUM_DOM_ALIASES *q_u, SAM sid_to_string(sid_str, &sid); DEBUG(5,("samr_reply_enum_dom_aliases: sid %s\n", sid_str)); - if (!get_group_alias_entries(&grp, &sid, q_u->start_idx, &num_entries, MAX_SAM_ENTRIES)) + if (!get_group_alias_entries(p->mem_ctx, &grp, &sid, q_u->start_idx, &num_entries, MAX_SAM_ENTRIES)) return NT_STATUS_ACCESS_DENIED; make_group_sam_entry_list(p->mem_ctx, &r_u->sam, &r_u->uni_grp_name, num_entries, grp); @@ -1042,7 +1042,7 @@ uint32 _samr_query_dispinfo(pipes_struct *p, SAMR_Q_QUERY_DISPINFO *q_u, SAMR_R_ break; case 0x3: case 0x5: - ret = get_group_domain_entries(&grps, &sid, q_u->start_idx, &num_entries, MAX_SAM_ENTRIES); + ret = get_group_domain_entries(p->mem_ctx, &grps, &sid, q_u->start_idx, &num_entries, MAX_SAM_ENTRIES); if (!ret) return NT_STATUS_ACCESS_DENIED; break; @@ -1066,30 +1066,36 @@ uint32 _samr_query_dispinfo(pipes_struct *p, SAMR_Q_QUERY_DISPINFO *q_u, SAMR_R_ data_size = q_u->max_size; orig_num_entries = num_entries; - ctr = (SAM_DISPINFO_CTR *)talloc(p->mem_ctx,sizeof(SAM_DISPINFO_CTR)); + if (!(ctr = (SAM_DISPINFO_CTR *)talloc(p->mem_ctx,sizeof(SAM_DISPINFO_CTR)))) + return NT_STATUS_NO_MEMORY; /* Now create reply structure */ switch (q_u->switch_level) { case 0x1: - ctr->sam.info1 = (SAM_DISPINFO_1 *)talloc(p->mem_ctx,num_entries*sizeof(SAM_DISPINFO_1)); - init_sam_dispinfo_1(ctr->sam.info1, &num_entries, &data_size, q_u->start_idx, pass); + if (!(ctr->sam.info1 = (SAM_DISPINFO_1 *)talloc(p->mem_ctx,sizeof(SAM_DISPINFO_1)))) + return NT_STATUS_NO_MEMORY; + init_sam_dispinfo_1(p->mem_ctx, ctr->sam.info1, &num_entries, &data_size, q_u->start_idx, pass); break; case 0x2: - ctr->sam.info2 = (SAM_DISPINFO_2 *)talloc(p->mem_ctx,num_entries*sizeof(SAM_DISPINFO_2)); - init_sam_dispinfo_2(ctr->sam.info2, &num_entries, &data_size, q_u->start_idx, pass); + if (!(ctr->sam.info2 = (SAM_DISPINFO_2 *)talloc(p->mem_ctx,sizeof(SAM_DISPINFO_2)))) + return NT_STATUS_NO_MEMORY; + init_sam_dispinfo_2(p->mem_ctx, ctr->sam.info2, &num_entries, &data_size, q_u->start_idx, pass); break; case 0x3: - ctr->sam.info3 = (SAM_DISPINFO_3 *)talloc(p->mem_ctx,num_entries*sizeof(SAM_DISPINFO_3)); - init_sam_dispinfo_3(ctr->sam.info3, &num_entries, &data_size, q_u->start_idx, grps); + if (!(ctr->sam.info3 = (SAM_DISPINFO_3 *)talloc(p->mem_ctx,sizeof(SAM_DISPINFO_3)))) + return NT_STATUS_NO_MEMORY; + init_sam_dispinfo_3(p->mem_ctx, ctr->sam.info3, &num_entries, &data_size, q_u->start_idx, grps); safe_free(grps); break; case 0x4: - ctr->sam.info4 = (SAM_DISPINFO_4 *)talloc(p->mem_ctx,num_entries*sizeof(SAM_DISPINFO_4)); - init_sam_dispinfo_4(ctr->sam.info4, &num_entries, &data_size, q_u->start_idx, pass); + if (!(ctr->sam.info4 = (SAM_DISPINFO_4 *)talloc(p->mem_ctx,sizeof(SAM_DISPINFO_4)))) + return NT_STATUS_NO_MEMORY; + init_sam_dispinfo_4(p->mem_ctx, ctr->sam.info4, &num_entries, &data_size, q_u->start_idx, pass); break; case 0x5: - ctr->sam.info5 = (SAM_DISPINFO_5 *)talloc(p->mem_ctx,num_entries*sizeof(SAM_DISPINFO_5)); - init_sam_dispinfo_5(ctr->sam.info5, &num_entries, &data_size, q_u->start_idx, grps); + if (!(ctr->sam.info5 = (SAM_DISPINFO_5 *)talloc(p->mem_ctx,sizeof(SAM_DISPINFO_5)))) + return NT_STATUS_NO_MEMORY; + init_sam_dispinfo_5(p->mem_ctx, ctr->sam.info5, &num_entries, &data_size, q_u->start_idx, grps); safe_free(grps); break; default: |