summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--source3/client/client.c6
-rw-r--r--source3/client/clitar.c7
-rw-r--r--source3/client/smbctool.c6
-rw-r--r--source3/groupdb/mapping.c9
-rw-r--r--source3/include/smb_macros.h6
-rw-r--r--source3/lib/charcnv.c25
-rw-r--r--source3/lib/ldap_escape.c7
-rw-r--r--source3/lib/sysacls.c11
-rw-r--r--source3/lib/system_smbd.c9
-rw-r--r--source3/lib/util.c99
-rw-r--r--source3/lib/util_file.c23
-rw-r--r--source3/lib/util_sid.c8
-rw-r--r--source3/lib/util_str.c34
-rw-r--r--source3/lib/wins_srv.c3
-rw-r--r--source3/libsmb/asn1.c7
-rw-r--r--source3/libsmb/clilist.c17
-rw-r--r--source3/libsmb/clireadwrite.c7
-rw-r--r--source3/libsmb/clitrans.c28
-rw-r--r--source3/libsmb/namequery.c22
-rw-r--r--source3/libsmb/spnego.c4
-rw-r--r--source3/locking/brlock.c7
-rw-r--r--source3/locking/posix.c17
-rw-r--r--source3/modules/vfs_shadow_copy.c7
-rw-r--r--source3/nsswitch/wb_client.c8
-rw-r--r--source3/nsswitch/winbindd_cache.c6
-rw-r--r--source3/nsswitch/winbindd_group.c34
-rw-r--r--source3/nsswitch/winbindd_user.c22
-rw-r--r--source3/param/loadparm.c4
-rw-r--r--source3/param/params.c14
-rw-r--r--source3/passdb/pdb_ldap.c10
-rw-r--r--source3/printing/nt_printing.c57
-rw-r--r--source3/printing/print_cups.c7
-rw-r--r--source3/printing/print_iprint.c7
-rw-r--r--source3/printing/printing.c8
-rw-r--r--source3/registry/reg_db.c5
-rw-r--r--source3/registry/reg_perfcount.c42
-rw-r--r--source3/registry/reg_printing.c13
-rw-r--r--source3/rpc_parse/parse_buffer.c9
-rw-r--r--source3/rpc_parse/parse_prs.c39
-rw-r--r--source3/rpc_parse/parse_spoolss.c8
-rw-r--r--source3/rpc_server/srv_pipe.c5
-rw-r--r--source3/rpc_server/srv_spoolss_nt.c55
-rw-r--r--source3/sam/idmap_rid.c6
-rw-r--r--source3/smbd/lanman.c176
-rw-r--r--source3/smbd/msdfs.c6
-rw-r--r--source3/smbd/nttrans.c13
-rw-r--r--source3/smbd/password.c2
-rw-r--r--source3/smbd/session.c4
-rw-r--r--source3/smbd/trans2.c79
-rw-r--r--source3/tdb/tdbutil.c11
-rw-r--r--source3/torture/nsstest.c9
-rw-r--r--source3/utils/net_rpc.c7
-rw-r--r--source3/utils/net_rpc_samsync.c2
-rw-r--r--source3/utils/net_status.c4
-rw-r--r--source3/web/cgi.c2
55 files changed, 562 insertions, 481 deletions
diff --git a/source3/client/client.c b/source3/client/client.c
index 403074b22b..0126e17c5b 100644
--- a/source3/client/client.c
+++ b/source3/client/client.c
@@ -463,19 +463,17 @@ static void adjust_do_list_queue(void)
static void add_to_do_list_queue(const char* entry)
{
- char *dlq;
long new_end = do_list_queue_end + ((long)strlen(entry)) + 1;
while (new_end > do_list_queue_size) {
do_list_queue_size *= 2;
DEBUG(4,("enlarging do_list_queue to %d\n",
(int)do_list_queue_size));
- dlq = SMB_REALLOC(do_list_queue, do_list_queue_size);
- if (! dlq) {
+ do_list_queue = SMB_REALLOC(do_list_queue, do_list_queue_size);
+ if (! do_list_queue) {
d_printf("failure enlarging do_list_queue to %d bytes\n",
(int)do_list_queue_size);
reset_do_list_queue();
} else {
- do_list_queue = dlq;
memset(do_list_queue + do_list_queue_size / 2,
0, do_list_queue_size / 2);
}
diff --git a/source3/client/clitar.c b/source3/client/clitar.c
index cd0ce27eb5..ff9bc1f0fb 100644
--- a/source3/client/clitar.c
+++ b/source3/client/clitar.c
@@ -1510,16 +1510,13 @@ static int read_inclusion_file(char *filename)
}
if ((strlen(buf) + 1 + inclusion_buffer_sofar) >= inclusion_buffer_size) {
- char *ib;
inclusion_buffer_size *= 2;
- ib = SMB_REALLOC(inclusion_buffer,inclusion_buffer_size);
- if (! ib) {
+ inclusion_buffer = SMB_REALLOC(inclusion_buffer,inclusion_buffer_size);
+ if (!inclusion_buffer) {
DEBUG(0,("failure enlarging inclusion buffer to %d bytes\n",
inclusion_buffer_size));
error = 1;
break;
- } else {
- inclusion_buffer = ib;
}
}
diff --git a/source3/client/smbctool.c b/source3/client/smbctool.c
index c368f7a193..6c89f5ea82 100644
--- a/source3/client/smbctool.c
+++ b/source3/client/smbctool.c
@@ -544,19 +544,17 @@ static void adjust_do_list_queue(void)
static void add_to_do_list_queue(const char* entry)
{
- char *dlq;
long new_end = do_list_queue_end + ((long)strlen(entry)) + 1;
while (new_end > do_list_queue_size) {
do_list_queue_size *= 2;
DEBUG(4,("enlarging do_list_queue to %d\n",
(int)do_list_queue_size));
- dlq = SMB_REALLOC(do_list_queue, do_list_queue_size);
- if (! dlq) {
+ do_list_queue = SMB_REALLOC(do_list_queue, do_list_queue_size);
+ if (!do_list_queue) {
d_printf("failure enlarging do_list_queue to %d bytes\n",
(int)do_list_queue_size);
reset_do_list_queue();
} else {
- do_list_queue = dlq;
memset(do_list_queue + do_list_queue_size / 2,
0, do_list_queue_size / 2);
}
diff --git a/source3/groupdb/mapping.c b/source3/groupdb/mapping.c
index 4aa1c627b7..5ebc9eb4f5 100644
--- a/source3/groupdb/mapping.c
+++ b/source3/groupdb/mapping.c
@@ -477,14 +477,13 @@ static BOOL enum_group_mapping(enum SID_NAME_USE sid_name_use, GROUP_MAP **pp_rm
"type %s\n", map.nt_name,
sid_type_lookup(map.sid_name_use)));
- mapt= SMB_REALLOC_ARRAY((*pp_rmap), GROUP_MAP, entries+1);
- if (!mapt) {
+ (*pp_rmap) = SMB_REALLOC_ARRAY((*pp_rmap), GROUP_MAP, entries+1);
+ if (!(*pp_rmap)) {
DEBUG(0,("enum_group_mapping: Unable to enlarge group map!\n"));
- SAFE_FREE(*pp_rmap);
return False;
}
- else
- (*pp_rmap) = mapt;
+
+ mapt = (*pp_rmap);
mapt[entries].gid = map.gid;
sid_copy( &mapt[entries].sid, &map.sid);
diff --git a/source3/include/smb_macros.h b/source3/include/smb_macros.h
index 41eac7e994..6c9ab017ba 100644
--- a/source3/include/smb_macros.h
+++ b/source3/include/smb_macros.h
@@ -271,8 +271,10 @@ copy an IP address from one buffer to another
*****************************************************************************/
#define SMB_MALLOC_ARRAY(type,count) (type *)malloc_array(sizeof(type),(count))
-#define SMB_REALLOC(p,s) Realloc((p),(s))
-#define SMB_REALLOC_ARRAY(p,type,count) (type *)realloc_array((p),sizeof(type),(count))
+#define SMB_REALLOC(p,s) Realloc((p),(s),True) /* Always frees p on error or s == 0 */
+#define SMB_REALLOC_KEEP_OLD_ON_ERROR(p,s) Realloc((p),(s),False) /* Never frees p on error or s == 0 */
+#define SMB_REALLOC_ARRAY(p,type,count) (type *)realloc_array((p),sizeof(type),(count),True) /* Always frees p on error or s == 0 */
+#define SMB_REALLOC_ARRAY_KEEP_OLD_ON_ERROR(p,type,count) (type *)realloc_array((p),sizeof(type),(count),False) /* Always frees p on error or s == 0 */
#define SMB_CALLOC_ARRAY(type,count) (type *)calloc_array(sizeof(type),(count))
#define SMB_XMALLOC_P(type) (type *)smb_xmalloc_array(sizeof(type),1)
#define SMB_XMALLOC_ARRAY(type,count) (type *)smb_xmalloc_array(sizeof(type),(count))
diff --git a/source3/lib/charcnv.c b/source3/lib/charcnv.c
index c4eeab135e..ae04fd9ffb 100644
--- a/source3/lib/charcnv.c
+++ b/source3/lib/charcnv.c
@@ -537,19 +537,17 @@ size_t convert_string_allocate(TALLOC_CTX *ctx, charset_t from, charset_t to,
destlen = destlen * 2;
}
- if (ctx)
+ if (ctx) {
ob = (char *)TALLOC_REALLOC(ctx, ob, destlen);
- else
+ } else {
ob = (char *)SMB_REALLOC(ob, destlen);
+ }
if (!ob) {
DEBUG(0, ("convert_string_allocate: realloc failed!\n"));
- if (!ctx)
- SAFE_FREE(outbuf);
return (size_t)-1;
- } else {
- outbuf = ob;
}
+ outbuf = ob;
i_len = srclen;
o_len = destlen;
@@ -587,17 +585,18 @@ size_t convert_string_allocate(TALLOC_CTX *ctx, charset_t from, charset_t to,
out:
destlen = destlen - o_len;
- if (ctx)
- *dest = (char *)TALLOC_REALLOC(ctx,ob,destlen);
- else
- *dest = (char *)SMB_REALLOC(ob,destlen);
- if (destlen && !*dest) {
+ if (ctx) {
+ ob = (char *)TALLOC_REALLOC(ctx,ob,destlen);
+ } else {
+ ob = (char *)SMB_REALLOC(ob,destlen);
+ }
+
+ if (destlen && !ob) {
DEBUG(0, ("convert_string_allocate: out of memory!\n"));
- if (!ctx)
- SAFE_FREE(ob);
return (size_t)-1;
}
+ *dest = ob;
return destlen;
use_as_is:
diff --git a/source3/lib/ldap_escape.c b/source3/lib/ldap_escape.c
index 6c4e8b8c83..3feb0e0c44 100644
--- a/source3/lib/ldap_escape.c
+++ b/source3/lib/ldap_escape.c
@@ -37,7 +37,6 @@ char *escape_ldap_string_alloc(const char *s)
{
size_t len = strlen(s)+1;
char *output = SMB_MALLOC(len);
- char *output_tmp;
const char *sub;
int i = 0;
char *p = output;
@@ -65,12 +64,10 @@ char *escape_ldap_string_alloc(const char *s)
if (sub) {
len = len + 3;
- output_tmp = SMB_REALLOC(output, len);
- if (!output_tmp) {
- SAFE_FREE(output);
+ output = SMB_REALLOC(output, len);
+ if (!output) {
return NULL;
}
- output = output_tmp;
p = &output[i];
strncpy (p, sub, 3);
diff --git a/source3/lib/sysacls.c b/source3/lib/sysacls.c
index e7bd288f6e..61975264fd 100644
--- a/source3/lib/sysacls.c
+++ b/source3/lib/sysacls.c
@@ -689,12 +689,8 @@ char *sys_acl_to_text(SMB_ACL_T acl_d, ssize_t *len_p)
* for each entry still to be processed
*/
if ((len + nbytes) > maxlen) {
- char *oldtext = text;
-
maxlen += nbytes + 20 * (acl_d->count - i);
-
- if ((text = SMB_REALLOC(oldtext, maxlen)) == NULL) {
- SAFE_FREE(oldtext);
+ if ((text = SMB_REALLOC(text, maxlen)) == NULL) {
errno = ENOMEM;
return NULL;
}
@@ -1320,11 +1316,8 @@ char *sys_acl_to_text(SMB_ACL_T acl_d, ssize_t *len_p)
* for each entry still to be processed
*/
if ((len + nbytes) > maxlen) {
- char *oldtext = text;
-
maxlen += nbytes + 20 * (acl_d->count - i);
-
- if ((text = SMB_REALLOC(oldtext, maxlen)) == NULL) {
+ if ((text = SMB_REALLOC(text, maxlen)) == NULL) {
free(oldtext);
errno = ENOMEM;
return NULL;
diff --git a/source3/lib/system_smbd.c b/source3/lib/system_smbd.c
index 081a07c019..c627ae6270 100644
--- a/source3/lib/system_smbd.c
+++ b/source3/lib/system_smbd.c
@@ -166,15 +166,10 @@ BOOL getgroups_unix_user(TALLOC_CTX *mem_ctx, const char *user,
}
if (sys_getgrouplist(user, primary_gid, temp_groups, &max_grp) == -1) {
- gid_t *groups_tmp;
-
- groups_tmp = SMB_REALLOC_ARRAY(temp_groups, gid_t, max_grp);
-
- if (!groups_tmp) {
- SAFE_FREE(temp_groups);
+ temp_groups = SMB_REALLOC_ARRAY(temp_groups, gid_t, max_grp);
+ if (!temp_groups) {
return False;
}
- temp_groups = groups_tmp;
if (sys_getgrouplist(user, primary_gid,
temp_groups, &max_grp) == -1) {
diff --git a/source3/lib/util.c b/source3/lib/util.c
index d4443a6480..758ebfd27d 100644
--- a/source3/lib/util.c
+++ b/source3/lib/util.c
@@ -291,13 +291,15 @@ void add_gid_to_array_unique(TALLOC_CTX *mem_ctx, gid_t gid,
return;
}
- if (mem_ctx != NULL)
+ if (mem_ctx != NULL) {
*gids = TALLOC_REALLOC_ARRAY(mem_ctx, *gids, gid_t, *num_gids+1);
- else
+ } else {
*gids = SMB_REALLOC_ARRAY(*gids, gid_t, *num_gids+1);
+ }
- if (*gids == NULL)
+ if (*gids == NULL) {
return;
+ }
(*gids)[*num_gids] = gid;
*num_gids += 1;
@@ -342,14 +344,10 @@ const char *get_numlist(const char *p, uint32 **num, int *count)
(*num ) = NULL;
while ((p = Atoic(p, &val, ":,")) != NULL && (*p) != ':') {
- uint32 *tn;
-
- tn = SMB_REALLOC_ARRAY((*num), uint32, (*count)+1);
- if (tn == NULL) {
- SAFE_FREE(*num);
+ *num = SMB_REALLOC_ARRAY((*num), uint32, (*count)+1);
+ if (!(*num)) {
return NULL;
- } else
- (*num) = tn;
+ }
(*num)[(*count)] = val;
(*count)++;
p++;
@@ -941,32 +939,68 @@ void *calloc_array(size_t size, size_t nmemb)
/****************************************************************************
Expand a pointer to be a particular size.
+ Note that this version of Realloc has an extra parameter that decides
+ whether to free the passed in storage on allocation failure or if the
+ new size is zero.
+
+ This is designed for use in the typical idiom of :
+
+ p = SMB_REALLOC(p, size)
+ if (!p) {
+ return error;
+ }
+
+ and not to have to keep track of the old 'p' contents to free later, nor
+ to worry if the size parameter was zero. In the case where NULL is returned
+ we guarentee that p has been freed.
+
+ If free later semantics are desired, then pass 'free_old_on_error' as False which
+ guarentees that the old contents are not freed on error, even if size == 0. To use
+ this idiom use :
+
+ tmp = SMB_REALLOC_KEEP_OLD_ON_ERROR(p, size);
+ if (!tmp) {
+ SAFE_FREE(p);
+ return error;
+ } else {
+ p = tmp;
+ }
+
+ Changes were instigated by Coverity error checking. JRA.
****************************************************************************/
-void *Realloc(void *p,size_t size)
+void *Realloc(void *p, size_t size, BOOL free_old_on_error)
{
void *ret=NULL;
if (size == 0) {
- SAFE_FREE(p);
- DEBUG(5,("Realloc asked for 0 bytes\n"));
+ if (free_old_on_error) {
+ SAFE_FREE(p);
+ }
+ DEBUG(2,("Realloc asked for 0 bytes\n"));
return NULL;
}
#if defined(PARANOID_MALLOC_CHECKER)
- if (!p)
+ if (!p) {
ret = (void *)malloc_(size);
- else
+ } else {
ret = (void *)realloc_(p,size);
+ }
#else
- if (!p)
+ if (!p) {
ret = (void *)malloc(size);
- else
+ } else {
ret = (void *)realloc(p,size);
+ }
#endif
- if (!ret)
+ if (!ret) {
+ if (free_old_on_error && p) {
+ SAFE_FREE(p);
+ }
DEBUG(0,("Memory allocation error: failed to expand to %d bytes\n",(int)size));
+ }
return(ret);
}
@@ -975,23 +1009,28 @@ void *Realloc(void *p,size_t size)
Type-safe realloc.
****************************************************************************/
-void *realloc_array(void *p,size_t el_size, unsigned int count)
+void *realloc_array(void *p, size_t el_size, unsigned int count, BOOL keep_old_on_error)
{
if (count >= MAX_ALLOC_SIZE/el_size) {
+ if (!keep_old_on_error) {
+ SAFE_FREE(p);
+ }
return NULL;
}
- return Realloc(p,el_size*count);
+ return Realloc(p, el_size*count, keep_old_on_error);
}
/****************************************************************************
- (Hopefully) efficient array append
+ (Hopefully) efficient array append.
****************************************************************************/
+
void add_to_large_array(TALLOC_CTX *mem_ctx, size_t element_size,
void *element, void **array, uint32 *num_elements,
ssize_t *array_size)
{
- if (*array_size < 0)
+ if (*array_size < 0) {
return;
+ }
if (*array == NULL) {
if (*array_size == 0) {
@@ -1002,13 +1041,15 @@ void add_to_large_array(TALLOC_CTX *mem_ctx, size_t element_size,
goto error;
}
- if (mem_ctx != NULL)
+ if (mem_ctx != NULL) {
*array = TALLOC(mem_ctx, element_size * (*array_size));
- else
+ } else {
*array = SMB_MALLOC(element_size * (*array_size));
+ }
- if (*array == NULL)
+ if (*array == NULL) {
goto error;
+ }
}
if (*num_elements == *array_size) {
@@ -1018,15 +1059,17 @@ void add_to_large_array(TALLOC_CTX *mem_ctx, size_t element_size,
goto error;
}
- if (mem_ctx != NULL)
+ if (mem_ctx != NULL) {
*array = TALLOC_REALLOC(mem_ctx, *array,
element_size * (*array_size));
- else
+ } else {
*array = SMB_REALLOC(*array,
element_size * (*array_size));
+ }
- if (*array == NULL)
+ if (*array == NULL) {
goto error;
+ }
}
memcpy((char *)(*array) + element_size*(*num_elements),
diff --git a/source3/lib/util_file.c b/source3/lib/util_file.c
index 53a9bc9b41..06008886c0 100644
--- a/source3/lib/util_file.c
+++ b/source3/lib/util_file.c
@@ -322,16 +322,11 @@ char *fgets_slash(char *s2,int maxlen,XFILE *f)
}
if (!s2 && len > maxlen-3) {
- char *t;
-
maxlen *= 2;
- t = (char *)SMB_REALLOC(s,maxlen);
- if (!t) {
+ s = (char *)SMB_REALLOC(s,maxlen);
+ if (!s) {
DEBUG(0,("fgets_slash: failed to expand buffer!\n"));
- SAFE_FREE(s);
return(NULL);
- } else {
- s = t;
}
}
}
@@ -345,7 +340,7 @@ char *fgets_slash(char *s2,int maxlen,XFILE *f)
char *file_pload(char *syscmd, size_t *size)
{
int fd, n;
- char *p, *tp;
+ char *p;
pstring buf;
size_t total;
@@ -358,19 +353,19 @@ char *file_pload(char *syscmd, size_t *size)
total = 0;
while ((n = read(fd, buf, sizeof(buf))) > 0) {
- tp = SMB_REALLOC(p, total + n + 1);
- if (!tp) {
+ p = SMB_REALLOC(p, total + n + 1);
+ if (!p) {
DEBUG(0,("file_pload: failed to expand buffer!\n"));
close(fd);
- SAFE_FREE(p);
return NULL;
- } else {
- p = tp;
}
memcpy(p+total, buf, n);
total += n;
}
- if (p) p[total] = 0;
+
+ if (p) {
+ p[total] = 0;
+ }
/* FIXME: Perhaps ought to check that the command completed
* successfully (returned 0); if not the data may be
diff --git a/source3/lib/util_sid.c b/source3/lib/util_sid.c
index c7f9dc2fdb..3be52dd9f7 100644
--- a/source3/lib/util_sid.c
+++ b/source3/lib/util_sid.c
@@ -563,14 +563,16 @@ DOM_SID *sid_dup_talloc(TALLOC_CTX *ctx, const DOM_SID *src)
void add_sid_to_array(TALLOC_CTX *mem_ctx, const DOM_SID *sid,
DOM_SID **sids, size_t *num)
{
- if (mem_ctx != NULL)
+ if (mem_ctx != NULL) {
*sids = TALLOC_REALLOC_ARRAY(mem_ctx, *sids, DOM_SID,
(*num)+1);
- else
+ } else {
*sids = SMB_REALLOC_ARRAY(*sids, DOM_SID, (*num)+1);
+ }
- if (*sids == NULL)
+ if (*sids == NULL) {
return;
+ }
sid_copy(&((*sids)[*num]), sid);
*num += 1;
diff --git a/source3/lib/util_str.c b/source3/lib/util_str.c
index e799556cd1..f1ae9a472a 100644
--- a/source3/lib/util_str.c
+++ b/source3/lib/util_str.c
@@ -1049,14 +1049,13 @@ char *realloc_string_sub(char *string, const char *pattern,
while ((p = strstr_m(s,pattern))) {
if (ld > 0) {
int offset = PTR_DIFF(s,string);
- char *t = SMB_REALLOC(string, ls + ld + 1);
- if (!t) {
+ string = SMB_REALLOC(string, ls + ld + 1);
+ if (!string) {
DEBUG(0, ("realloc_string_sub: out of memory!\n"));
SAFE_FREE(in);
return NULL;
}
- string = t;
- p = t + offset + (p - s);
+ p = string + offset + (p - s);
}
if (li != lp) {
memmove(p+li,p+lp,strlen(p+lp)+1);
@@ -1119,15 +1118,14 @@ char *talloc_string_sub(TALLOC_CTX *mem_ctx, const char *src,
while ((p = strstr_m(s,pattern))) {
if (ld > 0) {
int offset = PTR_DIFF(s,string);
- char *t = TALLOC_REALLOC(mem_ctx, string, ls + ld + 1);
- if (!t) {
+ string = TALLOC_REALLOC(mem_ctx, string, ls + ld + 1);
+ if (!string) {
DEBUG(0, ("talloc_string_sub: out of "
"memory!\n"));
SAFE_FREE(in);
return NULL;
}
- string = t;
- p = t + offset + (p - s);
+ p = string + offset + (p - s);
}
if (li != lp) {
memmove(p+li,p+lp,strlen(p+lp)+1);
@@ -1703,7 +1701,9 @@ static char **str_list_make_internal(TALLOC_CTX *mem_ctx, const char *string, co
if (mem_ctx) {
rlist = TALLOC_REALLOC_ARRAY(mem_ctx, list, char *, lsize +1);
} else {
- rlist = SMB_REALLOC_ARRAY(list, char *, lsize +1);
+ /* We need to keep the old list on error so we can free the elements
+ if the realloc fails. */
+ rlist = SMB_REALLOC_ARRAY_KEEP_OLD_ON_ERROR(list, char *, lsize +1);
}
if (!rlist) {
DEBUG(0,("str_list_make: Unable to allocate memory"));
@@ -1714,8 +1714,9 @@ static char **str_list_make_internal(TALLOC_CTX *mem_ctx, const char *string, co
SAFE_FREE(s);
}
return NULL;
- } else
+ } else {
list = rlist;
+ }
memset (&list[num], 0, ((sizeof(char**)) * (S_LIST_ABS +1)));
}
@@ -1773,7 +1774,7 @@ BOOL str_list_copy(char ***dest, const char **src)
while (src[num]) {
if (num == lsize) {
lsize += S_LIST_ABS;
- rlist = SMB_REALLOC_ARRAY(list, char *, lsize +1);
+ rlist = SMB_REALLOC_ARRAY_KEEP_OLD_ON_ERROR(list, char *, lsize +1);
if (!rlist) {
DEBUG(0,("str_list_copy: Unable to re-allocate memory"));
str_list_free(&list);
@@ -2266,8 +2267,9 @@ void string_append(char **left, const char *right)
*left = SMB_REALLOC(*left, new_len);
}
- if (*left == NULL)
+ if (*left == NULL) {
return;
+ }
safe_strcat(*left, right, new_len-1);
}
@@ -2334,14 +2336,16 @@ void sprintf_append(TALLOC_CTX *mem_ctx, char **string, ssize_t *len,
}
if (increased) {
- if (mem_ctx != NULL)
+ if (mem_ctx != NULL) {
*string = TALLOC_REALLOC_ARRAY(mem_ctx, *string, char,
*bufsize);
- else
+ } else {
*string = SMB_REALLOC_ARRAY(*string, char, *bufsize);
+ }
- if (*string == NULL)
+ if (*string == NULL) {
goto error;
+ }
}
StrnCpy((*string)+(*len), newstr, ret);
diff --git a/source3/lib/wins_srv.c b/source3/lib/wins_srv.c
index c139f427ca..dbe4fceacc 100644
--- a/source3/lib/wins_srv.c
+++ b/source3/lib/wins_srv.c
@@ -245,6 +245,9 @@ char **wins_srv_tags(void)
/* add it to the list */
ret = SMB_REALLOC_ARRAY(ret, char *, count+2);
+ if (!ret) {
+ return NULL;
+ }
ret[count] = SMB_STRDUP(t_ip.tag);
if (!ret[count]) break;
count++;
diff --git a/source3/libsmb/asn1.c b/source3/libsmb/asn1.c
index 0999840794..072fd30283 100644
--- a/source3/libsmb/asn1.c
+++ b/source3/libsmb/asn1.c
@@ -31,14 +31,11 @@ BOOL asn1_write(ASN1_DATA *data, const void *p, int len)
{
if (data->has_error) return False;
if (data->length < data->ofs+len) {
- uint8 *newp;
- newp = SMB_REALLOC(data->data, data->ofs+len);
- if (!newp) {
- SAFE_FREE(data->data);
+ data->data = SMB_REALLOC(data->data, data->ofs+len);
+ if (!data->data) {
data->has_error = True;
return False;
}
- data->data = newp;
data->length = data->ofs+len;
}
memcpy(data->data + data->ofs, p, len);
diff --git a/source3/libsmb/clilist.c b/source3/libsmb/clilist.c
index 252dafcfa8..1bd30c36e3 100644
--- a/source3/libsmb/clilist.c
+++ b/source3/libsmb/clilist.c
@@ -179,7 +179,7 @@ int cli_list_new(struct cli_state *cli,const char *Mask,uint16 attribute,
pstring mask;
file_info finfo;
int i;
- char *tdl, *dirlist = NULL;
+ char *dirlist = NULL;
int dirlist_len = 0;
int total_received = -1;
BOOL First = True;
@@ -338,15 +338,13 @@ int cli_list_new(struct cli_state *cli,const char *Mask,uint16 attribute,
/* grab the data for later use */
/* and add them to the dirlist pool */
- tdl = SMB_REALLOC(dirlist,dirlist_len + data_len);
+ dirlist = SMB_REALLOC(dirlist,dirlist_len + data_len);
- if (!tdl) {
+ if (!dirlist) {
DEBUG(0,("cli_list_new: Failed to expand dirlist\n"));
SAFE_FREE(rdata);
SAFE_FREE(rparam);
break;
- } else {
- dirlist = tdl;
}
memcpy(dirlist+dirlist_len,p,data_len);
@@ -421,7 +419,7 @@ int cli_list_old(struct cli_state *cli,const char *Mask,uint16 attribute,
int num_asked = (cli->max_xmit - 100)/DIR_STRUCT_SIZE;
int num_received = 0;
int i;
- char *tdl, *dirlist = NULL;
+ char *dirlist = NULL;
pstring mask;
ZERO_ARRAY(status);
@@ -466,14 +464,11 @@ int cli_list_old(struct cli_state *cli,const char *Mask,uint16 attribute,
first = False;
- tdl = SMB_REALLOC(dirlist,(num_received + received)*DIR_STRUCT_SIZE);
-
- if (!tdl) {
+ dirlist = SMB_REALLOC(dirlist,(num_received + received)*DIR_STRUCT_SIZE);
+ if (!dirlist) {
DEBUG(0,("cli_list_old: failed to expand dirlist"));
- SAFE_FREE(dirlist);
return 0;
}
- else dirlist = tdl;
p = smb_buf(cli->inbuf) + 3;
diff --git a/source3/libsmb/clireadwrite.c b/source3/libsmb/clireadwrite.c
index a080bd3c64..650822bf8e 100644
--- a/source3/libsmb/clireadwrite.c
+++ b/source3/libsmb/clireadwrite.c
@@ -262,9 +262,14 @@ static BOOL cli_issue_write(struct cli_state *cli, int fnum, off_t offset,
if (size > cli->bufsize) {
cli->outbuf = SMB_REALLOC(cli->outbuf, size + 1024);
+ if (!cli->outbuf) {
+ return False;
+ }
cli->inbuf = SMB_REALLOC(cli->inbuf, size + 1024);
- if (cli->outbuf == NULL || cli->inbuf == NULL)
+ if (cli->inbuf == NULL) {
+ SAFE_FREE(cli->outbuf);
return False;
+ }
cli->bufsize = size + 1024;
}
diff --git a/source3/libsmb/clitrans.c b/source3/libsmb/clitrans.c
index 5d3710b92e..8296f7e94c 100644
--- a/source3/libsmb/clitrans.c
+++ b/source3/libsmb/clitrans.c
@@ -169,8 +169,6 @@ BOOL cli_receive_trans(struct cli_state *cli,int trans,
unsigned int total_param=0;
unsigned int this_data,this_param;
NTSTATUS status;
- char *tdata;
- char *tparam;
*data_len = *param_len = 0;
@@ -209,25 +207,21 @@ BOOL cli_receive_trans(struct cli_state *cli,int trans,
/* allocate it */
if (total_data!=0) {
- tdata = SMB_REALLOC(*data,total_data);
- if (!tdata) {
+ *data = SMB_REALLOC(*data,total_data);
+ if (!(*data)) {
DEBUG(0,("cli_receive_trans: failed to enlarge data buffer\n"));
cli_signing_trans_stop(cli);
return False;
}
- else
- *data = tdata;
}
if (total_param!=0) {
- tparam = SMB_REALLOC(*param,total_param);
- if (!tparam) {
+ *param = SMB_REALLOC(*param,total_param);
+ if (!(*param)) {
DEBUG(0,("cli_receive_trans: failed to enlarge param buffer\n"));
cli_signing_trans_stop(cli);
return False;
}
- else
- *param = tparam;
}
for (;;) {
@@ -476,8 +470,6 @@ BOOL cli_receive_nt_trans(struct cli_state *cli,
unsigned int this_data,this_param;
uint8 eclass;
uint32 ecode;
- char *tdata;
- char *tparam;
*data_len = *param_len = 0;
@@ -526,24 +518,20 @@ BOOL cli_receive_nt_trans(struct cli_state *cli,
/* allocate it */
if (total_data) {
- tdata = SMB_REALLOC(*data,total_data);
- if (!tdata) {
+ *data = SMB_REALLOC(*data,total_data);
+ if (!(*data)) {
DEBUG(0,("cli_receive_nt_trans: failed to enlarge data buffer to %d\n",total_data));
cli_signing_trans_stop(cli);
return False;
- } else {
- *data = tdata;
}
}
if (total_param) {
- tparam = SMB_REALLOC(*param,total_param);
- if (!tparam) {
+ *param = SMB_REALLOC(*param,total_param);
+ if (!(*param)) {
DEBUG(0,("cli_receive_nt_trans: failed to enlarge param buffer to %d\n", total_param));
cli_signing_trans_stop(cli);
return False;
- } else {
- *param = tparam;
}
}
diff --git a/source3/libsmb/namequery.c b/source3/libsmb/namequery.c
index f78c368eb8..c721a9deff 100644
--- a/source3/libsmb/namequery.c
+++ b/source3/libsmb/namequery.c
@@ -501,7 +501,6 @@ struct in_addr *name_query(int fd,const char *name,int name_type,
while (1) {
struct timeval tval2;
- struct in_addr *tmp_ip_list;
GetTimeOfDay(&tval2);
if (TvalDiff(&tval,&tval2) > retry_time) {
@@ -566,27 +565,22 @@ struct in_addr *name_query(int fd,const char *name,int name_type,
continue;
}
- tmp_ip_list = SMB_REALLOC_ARRAY( ip_list, struct in_addr,
+ ip_list = SMB_REALLOC_ARRAY( ip_list, struct in_addr,
(*count) + nmb2->answers->rdlength/6 );
- if (!tmp_ip_list) {
+ if (!ip_list) {
DEBUG(0,("name_query: Realloc failed.\n"));
- SAFE_FREE(ip_list);
free_packet(p2);
return( NULL );
}
- ip_list = tmp_ip_list;
-
- if (ip_list) {
- DEBUG(2,("Got a positive name query response from %s ( ", inet_ntoa(p2->ip)));
- for (i=0;i<nmb2->answers->rdlength/6;i++) {
- putip((char *)&ip_list[(*count)],&nmb2->answers->rdata[2+i*6]);
- DEBUGADD(2,("%s ",inet_ntoa(ip_list[(*count)])));
- (*count)++;
- }
- DEBUGADD(2,(")\n"));
+ DEBUG(2,("Got a positive name query response from %s ( ", inet_ntoa(p2->ip)));
+ for (i=0;i<nmb2->answers->rdlength/6;i++) {
+ putip((char *)&ip_list[(*count)],&nmb2->answers->rdata[2+i*6]);
+ DEBUGADD(2,("%s ",inet_ntoa(ip_list[(*count)])));
+ (*count)++;
}
+ DEBUGADD(2,(")\n"));
found=True;
retries=0;
diff --git a/source3/libsmb/spnego.c b/source3/libsmb/spnego.c
index f6a66200ba..a2839578ae 100644
--- a/source3/libsmb/spnego.c
+++ b/source3/libsmb/spnego.c
@@ -48,6 +48,10 @@ static BOOL read_negTokenInit(ASN1_DATA *asn1, negTokenInit_t *token)
char *p_oid = NULL;
token->mechTypes =
SMB_REALLOC_ARRAY(token->mechTypes, const char *, i + 2);
+ if (!token->mechTypes) {
+ asn1->has_error = True;
+ return False;
+ }
asn1_read_OID(asn1, &p_oid);
token->mechTypes[i] = p_oid;
}
diff --git a/source3/locking/brlock.c b/source3/locking/brlock.c
index 25a1ed5e2f..8af6effb19 100644
--- a/source3/locking/brlock.c
+++ b/source3/locking/brlock.c
@@ -354,7 +354,6 @@ NTSTATUS brl_lock(SMB_DEV_T dev, SMB_INO_T ino, int fnum,
TDB_DATA kbuf, dbuf;
int count, i;
struct lock_struct lock, *locks;
- char *tp;
NTSTATUS status = NT_STATUS_OK;
*my_lock_ctx = False;
@@ -401,12 +400,10 @@ NTSTATUS brl_lock(SMB_DEV_T dev, SMB_INO_T ino, int fnum,
}
/* no conflicts - add it to the list of locks */
- tp = SMB_REALLOC(dbuf.dptr, dbuf.dsize + sizeof(*locks));
- if (!tp) {
+ dbuf.dptr = SMB_REALLOC(dbuf.dptr, dbuf.dsize + sizeof(*locks));
+ if (!dbuf.dptr) {
status = NT_STATUS_NO_MEMORY;
goto fail;
- } else {
- dbuf.dptr = tp;
}
memcpy(dbuf.dptr + dbuf.dsize, &lock, sizeof(lock));
dbuf.dsize += sizeof(lock);
diff --git a/source3/locking/posix.c b/source3/locking/posix.c
index c63992adc5..4b69047a3c 100644
--- a/source3/locking/posix.c
+++ b/source3/locking/posix.c
@@ -99,20 +99,17 @@ static BOOL add_fd_to_close_entry(files_struct *fsp)
{
TDB_DATA kbuf = locking_key_fsp(fsp);
TDB_DATA dbuf;
- char *tp;
dbuf.dptr = NULL;
dbuf.dsize = 0;
dbuf = tdb_fetch(posix_pending_close_tdb, kbuf);
- tp = SMB_REALLOC(dbuf.dptr, dbuf.dsize + sizeof(int));
- if (!tp) {
+ dbuf.dptr = SMB_REALLOC(dbuf.dptr, dbuf.dsize + sizeof(int));
+ if (!dbuf.dptr) {
DEBUG(0,("add_fd_to_close_entry: Realloc fail !\n"));
- SAFE_FREE(dbuf.dptr);
return False;
- } else
- dbuf.dptr = tp;
+ }
memcpy(dbuf.dptr + dbuf.dsize, &fsp->fh->fd, sizeof(int));
dbuf.dsize += sizeof(int);
@@ -358,7 +355,6 @@ static BOOL add_posix_lock_entry(files_struct *fsp, SMB_OFF_T start, SMB_OFF_T s
TDB_DATA kbuf = locking_key_fsp(fsp);
TDB_DATA dbuf;
struct posix_lock pl;
- char *tp;
dbuf.dptr = NULL;
dbuf.dsize = 0;
@@ -376,12 +372,11 @@ static BOOL add_posix_lock_entry(files_struct *fsp, SMB_OFF_T start, SMB_OFF_T s
pl.size = size;
pl.lock_type = lock_type;
- tp = SMB_REALLOC(dbuf.dptr, dbuf.dsize + sizeof(struct posix_lock));
- if (!tp) {
+ dbuf.dptr = SMB_REALLOC(dbuf.dptr, dbuf.dsize + sizeof(struct posix_lock));
+ if (!dbuf.dptr) {
DEBUG(0,("add_posix_lock_entry: Realloc fail !\n"));
goto fail;
- } else
- dbuf.dptr = tp;
+ }
memcpy(dbuf.dptr + dbuf.dsize, &pl, sizeof(struct posix_lock));
dbuf.dsize += sizeof(struct posix_lock);
diff --git a/source3/modules/vfs_shadow_copy.c b/source3/modules/vfs_shadow_copy.c
index 8bb4598ea3..db1c8d007d 100644
--- a/source3/modules/vfs_shadow_copy.c
+++ b/source3/modules/vfs_shadow_copy.c
@@ -93,8 +93,6 @@ static SMB_STRUCT_DIR *shadow_copy_opendir(vfs_handle_struct *handle, connection
while (True) {
SMB_STRUCT_DIRENT *d;
- SMB_STRUCT_DIRENT *r;
-
d = SMB_VFS_NEXT_READDIR(handle, conn, p);
if (d == NULL) {
@@ -108,13 +106,12 @@ static SMB_STRUCT_DIR *shadow_copy_opendir(vfs_handle_struct *handle, connection
DEBUG(10,("shadow_copy_opendir: not hide [%s]\n",d->d_name));
- r = SMB_REALLOC_ARRAY(dirp->dirs,SMB_STRUCT_DIRENT, dirp->num+1);
- if (!r) {
+ dirp->dirs = SMB_REALLOC_ARRAY(dirp->dirs,SMB_STRUCT_DIRENT, dirp->num+1);
+ if (!dirp->dirs) {
DEBUG(0,("shadow_copy_opendir: Out of memory\n"));
break;
}
- dirp->dirs = r;
dirp->dirs[dirp->num++] = *d;
}
diff --git a/source3/nsswitch/wb_client.c b/source3/nsswitch/wb_client.c
index ff0f15a122..b2db25c31b 100644
--- a/source3/nsswitch/wb_client.c
+++ b/source3/nsswitch/wb_client.c
@@ -335,7 +335,7 @@ static int wb_getgroups(const char *user, gid_t **groups)
int winbind_initgroups(char *user, gid_t gid)
{
- gid_t *tgr, *groups = NULL;
+ gid_t *groups = NULL;
int result;
/* Call normal initgroups if we are a local user */
@@ -364,14 +364,12 @@ int winbind_initgroups(char *user, gid_t gid)
/* Add group to list if necessary */
if (!is_member) {
- tgr = SMB_REALLOC_ARRAY(groups, gid_t, ngroups + 1);
-
- if (!tgr) {
+ groups = SMB_REALLOC_ARRAY(groups, gid_t, ngroups + 1);
+ if (!groups) {
errno = ENOMEM;
result = -1;
goto done;
}
- else groups = tgr;
groups[ngroups] = gid;
ngroups++;
diff --git a/source3/nsswitch/winbindd_cache.c b/source3/nsswitch/winbindd_cache.c
index 799818198c..7f14f359da 100644
--- a/source3/nsswitch/winbindd_cache.c
+++ b/source3/nsswitch/winbindd_cache.c
@@ -560,16 +560,14 @@ static struct cache_entry *wcache_fetch(struct winbind_cache *cache,
*/
static void centry_expand(struct cache_entry *centry, uint32 len)
{
- uint8 *p;
if (centry->len - centry->ofs >= len)
return;
centry->len *= 2;
- p = SMB_REALLOC(centry->data, centry->len);
- if (!p) {
+ centry->data = SMB_REALLOC(centry->data, centry->len);
+ if (!centry->data) {
DEBUG(0,("out of memory: needed %d bytes in centry_expand\n", centry->len));
smb_panic("out of memory in centry_expand");
}
- centry->data = p;
}
/*
diff --git a/source3/nsswitch/winbindd_group.c b/source3/nsswitch/winbindd_group.c
index 1ddc734703..6e125c4330 100644
--- a/source3/nsswitch/winbindd_group.c
+++ b/source3/nsswitch/winbindd_group.c
@@ -494,7 +494,7 @@ static BOOL get_sam_group_entries(struct getent_state *ent)
{
NTSTATUS status;
uint32 num_entries;
- struct acct_info *name_list = NULL, *tmp_name_list = NULL;
+ struct acct_info *name_list = NULL;
TALLOC_CTX *mem_ctx;
BOOL result = False;
struct acct_info *sam_grp_entries = NULL;
@@ -569,17 +569,14 @@ static BOOL get_sam_group_entries(struct getent_state *ent)
/* Copy entries into return buffer */
if ( num_entries ) {
- if ( !(tmp_name_list = SMB_REALLOC_ARRAY( name_list, struct acct_info, ent->num_sam_entries+num_entries)) )
+ if ( !(name_list = SMB_REALLOC_ARRAY( name_list, struct acct_info, ent->num_sam_entries+num_entries)) )
{
DEBUG(0,("get_sam_group_entries: Failed to realloc more memory for %d local groups!\n",
num_entries));
result = False;
- SAFE_FREE( name_list );
goto done;
}
- name_list = tmp_name_list;
-
memcpy( &name_list[ent->num_sam_entries], sam_grp_entries,
num_entries * sizeof(struct acct_info) );
}
@@ -610,7 +607,7 @@ void winbindd_getgrent(struct winbindd_cli_state *state)
struct getent_state *ent;
struct winbindd_gr *group_list = NULL;
int num_groups, group_list_ndx = 0, i, gr_mem_list_len = 0;
- char *new_extra_data, *gr_mem_list = NULL;
+ char *gr_mem_list = NULL;
DEBUG(3, ("[%5lu]: getgrent\n", (unsigned long)state->pid));
@@ -651,7 +648,7 @@ void winbindd_getgrent(struct winbindd_cli_state *state)
uint32 result;
gid_t group_gid;
size_t gr_mem_len;
- char *gr_mem, *new_gr_mem_list;
+ char *gr_mem;
DOM_SID group_sid;
struct winbindd_domain *domain;
@@ -766,11 +763,10 @@ void winbindd_getgrent(struct winbindd_cli_state *state)
if (result) {
/* Append to group membership list */
- new_gr_mem_list = SMB_REALLOC( gr_mem_list, gr_mem_list_len + gr_mem_len);
+ gr_mem_list = SMB_REALLOC( gr_mem_list, gr_mem_list_len + gr_mem_len);
- if (!new_gr_mem_list && (group_list[group_list_ndx].num_gr_mem != 0)) {
+ if (!gr_mem_list) {
DEBUG(0, ("out of memory\n"));
- SAFE_FREE(gr_mem_list);
gr_mem_list_len = 0;
break;
}
@@ -778,8 +774,6 @@ void winbindd_getgrent(struct winbindd_cli_state *state)
DEBUG(10, ("list_len = %d, mem_len = %d\n",
gr_mem_list_len, gr_mem_len));
- gr_mem_list = new_gr_mem_list;
-
memcpy(&gr_mem_list[gr_mem_list_len], gr_mem,
gr_mem_len);
@@ -817,21 +811,18 @@ void winbindd_getgrent(struct winbindd_cli_state *state)
if (group_list_ndx == 0)
goto done;
- new_extra_data = SMB_REALLOC(
+ state->response.extra_data = SMB_REALLOC(
state->response.extra_data,
group_list_ndx * sizeof(struct winbindd_gr) + gr_mem_list_len);
- if (!new_extra_data) {
+ if (!state->response.extra_data) {
DEBUG(0, ("out of memory\n"));
group_list_ndx = 0;
- SAFE_FREE(state->response.extra_data);
SAFE_FREE(gr_mem_list);
request_error(state);
return;
}
- state->response.extra_data = new_extra_data;
-
memcpy(&((char *)state->response.extra_data)
[group_list_ndx * sizeof(struct winbindd_gr)],
gr_mem_list, gr_mem_list_len);
@@ -861,7 +852,6 @@ void winbindd_list_groups(struct winbindd_cli_state *state)
struct winbindd_domain *domain;
const char *which_domain;
char *extra_data = NULL;
- char *ted = NULL;
unsigned int extra_data_len = 0, i;
DEBUG(3, ("[%5lu]: list groups\n", (unsigned long)state->pid));
@@ -901,15 +891,13 @@ void winbindd_list_groups(struct winbindd_cli_state *state)
/* Allocate some memory for extra data. Note that we limit
account names to sizeof(fstring) = 128 characters. */
- ted = SMB_REALLOC(extra_data, sizeof(fstring) * total_entries);
+ extra_data = SMB_REALLOC(extra_data, sizeof(fstring) * total_entries);
- if (!ted) {
+ if (!extra_data) {
DEBUG(0,("failed to enlarge buffer!\n"));
- SAFE_FREE(extra_data);
request_error(state);
return;
- } else
- extra_data = ted;
+ }
/* Pack group list into extra data fields */
for (i = 0; i < groups.num_sam_entries; i++) {
diff --git a/source3/nsswitch/winbindd_user.c b/source3/nsswitch/winbindd_user.c
index 227163b447..b48284a031 100644
--- a/source3/nsswitch/winbindd_user.c
+++ b/source3/nsswitch/winbindd_user.c
@@ -553,16 +553,12 @@ static BOOL get_sam_user_entries(struct getent_state *ent, TALLOC_CTX *mem_ctx)
&info);
if (num_entries) {
- struct getpwent_user *tnl;
+ name_list = SMB_REALLOC_ARRAY(name_list, struct getpwent_user, ent->num_sam_entries + num_entries);
- tnl = SMB_REALLOC_ARRAY(name_list, struct getpwent_user, ent->num_sam_entries + num_entries);
-
- if (!tnl) {
+ if (!name_list) {
DEBUG(0,("get_sam_user_entries realloc failed.\n"));
- SAFE_FREE(name_list);
goto done;
- } else
- name_list = tnl;
+ }
}
for (i = 0; i < num_entries; i++) {
@@ -731,7 +727,7 @@ void winbindd_list_users(struct winbindd_cli_state *state)
WINBIND_USERINFO *info;
const char *which_domain;
uint32 num_entries = 0, total_entries = 0;
- char *ted, *extra_data = NULL;
+ char *extra_data = NULL;
int extra_data_len = 0;
enum winbindd_result rv = WINBINDD_ERROR;
@@ -767,15 +763,13 @@ void winbindd_list_users(struct winbindd_cli_state *state)
/* Allocate some memory for extra data */
total_entries += num_entries;
- ted = SMB_REALLOC(extra_data, sizeof(fstring) * total_entries);
+ extra_data = SMB_REALLOC(extra_data, sizeof(fstring) * total_entries);
- if (!ted) {
+ if (!extra_data) {
DEBUG(0,("failed to enlarge buffer!\n"));
- SAFE_FREE(extra_data);
goto done;
- } else
- extra_data = ted;
-
+ }
+
/* Pack user list into extra data fields */
for (i = 0; i < num_entries; i++) {
diff --git a/source3/param/loadparm.c b/source3/param/loadparm.c
index 64b3ecd81b..8b79ec37d7 100644
--- a/source3/param/loadparm.c
+++ b/source3/param/loadparm.c
@@ -2470,7 +2470,7 @@ static int add_a_service(const service *pservice, const char *name)
service **tsp;
int *tinvalid;
- tsp = SMB_REALLOC_ARRAY(ServicePtrs, service *, num_to_alloc);
+ tsp = SMB_REALLOC_ARRAY_KEEP_OLD_ON_ERROR(ServicePtrs, service *, num_to_alloc);
if (tsp == NULL) {
DEBUG(0,("add_a_service: failed to enlarge ServicePtrs!\n"));
return (-1);
@@ -2484,7 +2484,7 @@ static int add_a_service(const service *pservice, const char *name)
iNumServices++;
/* enlarge invalid_services here for now... */
- tinvalid = SMB_REALLOC_ARRAY(invalid_services, int,
+ tinvalid = SMB_REALLOC_ARRAY_KEEP_OLD_ON_ERROR(invalid_services, int,
num_to_alloc);
if (tinvalid == NULL) {
DEBUG(0,("add_a_service: failed to enlarge "
diff --git a/source3/param/params.c b/source3/param/params.c
index f5ce6bdb64..6669e80191 100644
--- a/source3/param/params.c
+++ b/source3/param/params.c
@@ -262,10 +262,8 @@ static BOOL Section( myFILE *InFile, BOOL (*sfunc)(const char *) )
while( (EOF != c) && (c > 0) ) {
/* Check that the buffer is big enough for the next character. */
if( i > (bSize - 2) ) {
- char *tb;
-
- tb = (char *)SMB_REALLOC( bufr, bSize +BUFR_INC );
- if( NULL == tb ) {
+ char *tb = (char *)SMB_REALLOC_KEEP_OLD_ON_ERROR( bufr, bSize +BUFR_INC );
+ if(!tb) {
DEBUG(0, ("%s Memory re-allocation failure.", func) );
return False;
}
@@ -356,8 +354,8 @@ static BOOL Parameter( myFILE *InFile, BOOL (*pfunc)(const char *, const char *)
/* Loop until we've found the start of the value. */
if( i > (bSize - 2) ) {
/* Ensure there's space for next char. */
- char *tb = (char *)SMB_REALLOC( bufr, bSize + BUFR_INC );
- if( NULL == tb ) {
+ char *tb = (char *)SMB_REALLOC_KEEP_OLD_ON_ERROR( bufr, bSize + BUFR_INC );
+ if (!tb) {
DEBUG(0, ("%s Memory re-allocation failure.", func) );
return False;
}
@@ -414,8 +412,8 @@ static BOOL Parameter( myFILE *InFile, BOOL (*pfunc)(const char *, const char *)
while( (EOF !=c) && (c > 0) ) {
if( i > (bSize - 2) ) {
/* Make sure there's enough room. */
- char *tb = (char *)SMB_REALLOC( bufr, bSize + BUFR_INC );
- if( NULL == tb ) {
+ char *tb = (char *)SMB_REALLOC_KEEP_OLD_ON_ERROR( bufr, bSize + BUFR_INC );
+ if (!tb) {
DEBUG(0, ("%s Memory re-allocation failure.", func));
return False;
}
diff --git a/source3/passdb/pdb_ldap.c b/source3/passdb/pdb_ldap.c
index 1fe5212d57..8429d50b38 100644
--- a/source3/passdb/pdb_ldap.c
+++ b/source3/passdb/pdb_ldap.c
@@ -3076,7 +3076,6 @@ static NTSTATUS ldapsam_enum_group_mapping(struct pdb_methods *methods,
BOOL unix_only)
{
GROUP_MAP map;
- GROUP_MAP *mapt;
size_t entries = 0;
*p_num_entries = 0;
@@ -3101,17 +3100,14 @@ static NTSTATUS ldapsam_enum_group_mapping(struct pdb_methods *methods,
continue;
}
- mapt=SMB_REALLOC_ARRAY((*pp_rmap), GROUP_MAP, entries+1);
- if (!mapt) {
+ (*pp_rmap)=SMB_REALLOC_ARRAY((*pp_rmap), GROUP_MAP, entries+1);
+ if (!(*pp_rmap)) {
DEBUG(0,("ldapsam_enum_group_mapping: Unable to "
"enlarge group map!\n"));
- SAFE_FREE(*pp_rmap);
return NT_STATUS_UNSUCCESSFUL;
}
- else
- (*pp_rmap) = mapt;
- mapt[entries] = map;
+ (*pp_rmap)[entries] = map;
entries += 1;
diff --git a/source3/printing/nt_printing.c b/source3/printing/nt_printing.c
index becd51cd7e..1ce0b5e9e3 100644
--- a/source3/printing/nt_printing.c
+++ b/source3/printing/nt_printing.c
@@ -743,12 +743,12 @@ BOOL get_a_builtin_ntform(UNISTR2 *uni_formname,nt_forms_struct *form)
}
/****************************************************************************
-get a form struct list
+ get a form struct list.
****************************************************************************/
+
int get_ntforms(nt_forms_struct **list)
{
TDB_DATA kbuf, newkey, dbuf;
- nt_forms_struct *tl;
nt_forms_struct form;
int ret;
int i;
@@ -773,12 +773,11 @@ int get_ntforms(nt_forms_struct **list)
if (ret != dbuf.dsize)
continue;
- tl = SMB_REALLOC_ARRAY(*list, nt_forms_struct, n+1);
- if (!tl) {
+ *list = SMB_REALLOC_ARRAY(*list, nt_forms_struct, n+1);
+ if (!*list) {
DEBUG(0,("get_ntforms: Realloc fail.\n"));
return 0;
}
- *list = tl;
(*list)[n] = form;
n++;
}
@@ -823,7 +822,6 @@ BOOL add_a_form(nt_forms_struct **list, const FORM *form, int *count)
int n=0;
BOOL update;
fstring form_name;
- nt_forms_struct *tl;
/*
* NT tries to add forms even when
@@ -842,11 +840,10 @@ BOOL add_a_form(nt_forms_struct **list, const FORM *form, int *count)
}
if (update==False) {
- if((tl=SMB_REALLOC_ARRAY(*list, nt_forms_struct, n+1)) == NULL) {
+ if((*list=SMB_REALLOC_ARRAY(*list, nt_forms_struct, n+1)) == NULL) {
DEBUG(0,("add_a_form: failed to enlarge forms list!\n"));
return False;
}
- *list = tl;
unistr2_to_ascii((*list)[n].name, &form->name, sizeof((*list)[n].name)-1);
(*count)++;
}
@@ -940,7 +937,6 @@ int get_ntdrivers(fstring **list, const char *architecture, uint32 version)
{
int total=0;
const char *short_archi;
- fstring *fl;
pstring key;
TDB_DATA kbuf, newkey;
@@ -954,11 +950,10 @@ int get_ntdrivers(fstring **list, const char *architecture, uint32 version)
if (strncmp(kbuf.dptr, key, strlen(key)) != 0)
continue;
- if((fl = SMB_REALLOC_ARRAY(*list, fstring, total+1)) == NULL) {
+ if((*list = SMB_REALLOC_ARRAY(*list, fstring, total+1)) == NULL) {
DEBUG(0,("get_ntdrivers: failed to enlarge list!\n"));
return -1;
}
- else *list = fl;
fstrcpy((*list)[total], kbuf.dptr+strlen(key));
total++;
@@ -1973,15 +1968,12 @@ static uint32 add_a_printer_driver_3(NT_PRINTER_DRIVER_INFO_LEVEL_3 *driver)
}
if (len != buflen) {
- char *tb;
-
- tb = (char *)SMB_REALLOC(buf, len);
- if (!tb) {
+ buf = (char *)SMB_REALLOC(buf, len);
+ if (!buf) {
DEBUG(0,("add_a_printer_driver_3: failed to enlarge buffer\n!"));
ret = -1;
goto done;
}
- else buf = tb;
buflen = len;
goto again;
}
@@ -2098,15 +2090,11 @@ static WERROR get_a_printer_driver_3(NT_PRINTER_DRIVER_INFO_LEVEL_3 **info_ptr,
i=0;
while (len < dbuf.dsize) {
- fstring *tddfs;
-
- tddfs = SMB_REALLOC_ARRAY(driver.dependentfiles, fstring, i+2);
- if ( !tddfs ) {
+ driver.dependentfiles = SMB_REALLOC_ARRAY(driver.dependentfiles, fstring, i+2);
+ if ( !driver.dependentfiles ) {
DEBUG(0,("get_a_printer_driver_3: failed to enlarge buffer!\n"));
break;
}
- else
- driver.dependentfiles = tddfs;
len += tdb_unpack(dbuf.dptr+len, dbuf.dsize-len, "f",
&driver.dependentfiles[i]);
@@ -2406,15 +2394,12 @@ static WERROR update_a_printer_2(NT_PRINTER_INFO_LEVEL_2 *info)
len += pack_values( info->data, buf+len, buflen-len );
if (buflen != len) {
- char *tb;
-
- tb = (char *)SMB_REALLOC(buf, len);
- if (!tb) {
+ buf = (char *)SMB_REALLOC(buf, len);
+ if (!buf) {
DEBUG(0,("update_a_printer_2: failed to enlarge buffer!\n"));
ret = WERR_NOMEM;
goto done;
}
- else buf = tb;
buflen = len;
goto again;
}
@@ -2744,7 +2729,7 @@ int get_printer_subkeys( NT_PRINTER_DATA *data, const char* key, fstring **subke
int key_len;
int num_subkeys = 0;
char *p;
- fstring *ptr, *subkeys_ptr = NULL;
+ fstring *subkeys_ptr = NULL;
fstring subkeyname;
if ( !data )
@@ -2760,14 +2745,12 @@ int get_printer_subkeys( NT_PRINTER_DATA *data, const char* key, fstring **subke
/* found a match, so allocate space and copy the name */
- if ( !(ptr = SMB_REALLOC_ARRAY( subkeys_ptr, fstring, num_subkeys+2)) ) {
+ if ( !(subkeys_ptr = SMB_REALLOC_ARRAY( subkeys_ptr, fstring, num_subkeys+2)) ) {
DEBUG(0,("get_printer_subkeys: Realloc failed for [%d] entries!\n",
num_subkeys+1));
- SAFE_FREE( subkeys );
return -1;
}
- subkeys_ptr = ptr;
fstrcpy( subkeys_ptr[num_subkeys], data->keys[i].name );
num_subkeys++;
}
@@ -2807,14 +2790,12 @@ int get_printer_subkeys( NT_PRINTER_DATA *data, const char* key, fstring **subke
/* found a match, so allocate space and copy the name */
- if ( !(ptr = SMB_REALLOC_ARRAY( subkeys_ptr, fstring, num_subkeys+2)) ) {
+ if ( !(subkeys_ptr = SMB_REALLOC_ARRAY( subkeys_ptr, fstring, num_subkeys+2)) ) {
DEBUG(0,("get_printer_subkeys: Realloc failed for [%d] entries!\n",
num_subkeys+1));
- SAFE_FREE( subkeys );
return 0;
}
- subkeys_ptr = ptr;
fstrcpy( subkeys_ptr[num_subkeys], subkeyname );
num_subkeys++;
}
@@ -4080,16 +4061,12 @@ static uint32 update_driver_init_2(NT_PRINTER_INFO_LEVEL_2 *info)
len += pack_values( info->data, buf+len, buflen-len );
if (buflen < len) {
- char *tb;
-
- tb = (char *)SMB_REALLOC(buf, len);
- if (!tb) {
+ buf = (char *)SMB_REALLOC(buf, len);
+ if (!buf) {
DEBUG(0, ("update_driver_init_2: failed to enlarge buffer!\n"));
ret = -1;
goto done;
}
- else
- buf = tb;
buflen = len;
goto again;
}
diff --git a/source3/printing/print_cups.c b/source3/printing/print_cups.c
index 8ae896fddf..afa301bbea 100644
--- a/source3/printing/print_cups.c
+++ b/source3/printing/print_cups.c
@@ -816,16 +816,13 @@ static int cups_queue_get(const char *sharename,
if (qcount >= qalloc) {
qalloc += 16;
- temp = SMB_REALLOC_ARRAY(queue, print_queue_struct, qalloc);
+ queue = SMB_REALLOC_ARRAY(queue, print_queue_struct, qalloc);
- if (temp == NULL) {
+ if (queue == NULL) {
DEBUG(0,("cups_queue_get: Not enough memory!"));
qcount = 0;
- SAFE_FREE(queue);
goto out;
}
-
- queue = temp;
}
temp = queue + qcount;
diff --git a/source3/printing/print_iprint.c b/source3/printing/print_iprint.c
index fc60667628..04b096a8a5 100644
--- a/source3/printing/print_iprint.c
+++ b/source3/printing/print_iprint.c
@@ -1074,16 +1074,13 @@ static int iprint_queue_get(const char *sharename,
if (qcount >= qalloc) {
qalloc += 16;
- temp = SMB_REALLOC_ARRAY(queue, print_queue_struct, qalloc);
+ queue = SMB_REALLOC_ARRAY(queue, print_queue_struct, qalloc);
- if (temp == NULL) {
+ if (queue == NULL) {
DEBUG(0,("iprint_queue_get: Not enough memory!"));
qcount = 0;
- SAFE_FREE(queue);
goto out;
}
-
- queue = temp;
}
temp = queue + qcount;
diff --git a/source3/printing/printing.c b/source3/printing/printing.c
index 315034879e..452031368d 100644
--- a/source3/printing/printing.c
+++ b/source3/printing/printing.c
@@ -541,15 +541,11 @@ static BOOL pjob_store(const char* sharename, uint32 jobid, struct printjob *pjo
len += pack_devicemode(pjob->nt_devmode, buf+len, buflen-len);
if (buflen != len) {
- char *tb;
-
- tb = (char *)SMB_REALLOC(buf, len);
- if (!tb) {
+ buf = (char *)SMB_REALLOC(buf, len);
+ if (!buf) {
DEBUG(0,("pjob_store: failed to enlarge buffer!\n"));
goto done;
}
- else
- buf = tb;
newlen = len;
}
} while ( buflen != len );
diff --git a/source3/registry/reg_db.c b/source3/registry/reg_db.c
index ddc08cf2ce..e26b9a723b 100644
--- a/source3/registry/reg_db.c
+++ b/source3/registry/reg_db.c
@@ -298,7 +298,7 @@ int regdb_close( void )
static BOOL regdb_store_keys_internal( const char *key, REGSUBKEY_CTR *ctr )
{
TDB_DATA kbuf, dbuf;
- char *buffer, *tmpbuf;
+ char *buffer;
int i = 0;
uint32 len, buflen;
BOOL ret = True;
@@ -327,12 +327,11 @@ static BOOL regdb_store_keys_internal( const char *key, REGSUBKEY_CTR *ctr )
len += tdb_pack( buffer+len, buflen-len, "f", regsubkey_ctr_specific_key(ctr, i) );
if ( len > buflen ) {
/* allocate some extra space */
- if ((tmpbuf = SMB_REALLOC( buffer, len*2 )) == NULL) {
+ if ((buffer = SMB_REALLOC( buffer, len*2 )) == NULL) {
DEBUG(0,("regdb_store_keys: Failed to realloc memory of size [%d]\n", len*2));
ret = False;
goto done;
}
- buffer = tmpbuf;
buflen = len*2;
len = tdb_pack( buffer+len, buflen-len, "f", regsubkey_ctr_specific_key(ctr, i) );
diff --git a/source3/registry/reg_perfcount.c b/source3/registry/reg_perfcount.c
index a31154fc33..9b631736d6 100644
--- a/source3/registry/reg_perfcount.c
+++ b/source3/registry/reg_perfcount.c
@@ -158,7 +158,7 @@ static uint32 _reg_perfcount_multi_sz_from_tdb(TDB_CONTEXT *tdb,
{
TDB_DATA kbuf, dbuf;
char temp[256];
- char *buf1 = *retbuf, *buf2 = NULL;
+ char *buf1 = *retbuf;
uint32 working_size = 0;
UNISTR2 name_index, name;
@@ -177,27 +177,21 @@ static uint32 _reg_perfcount_multi_sz_from_tdb(TDB_CONTEXT *tdb,
}
/* First encode the name_index */
working_size = (kbuf.dsize + 1)*sizeof(uint16);
- buf2 = SMB_REALLOC(buf1, buffer_size + working_size);
- if(!buf2)
- {
- SAFE_FREE(buf1);
+ buf1 = SMB_REALLOC(buf1, buffer_size + working_size);
+ if(!buf1) {
buffer_size = 0;
return buffer_size;
}
- buf1 = buf2;
init_unistr2(&name_index, kbuf.dptr, UNI_STR_TERMINATE);
memcpy(buf1+buffer_size, (char *)name_index.buffer, working_size);
buffer_size += working_size;
/* Now encode the actual name */
working_size = (dbuf.dsize + 1)*sizeof(uint16);
- buf2 = SMB_REALLOC(buf1, buffer_size + working_size);
- if(!buf2)
- {
- SAFE_FREE(buf1);
+ buf1 = SMB_REALLOC(buf1, buffer_size + working_size);
+ if(!buf1) {
buffer_size = 0;
return buffer_size;
}
- buf1 = buf2;
memset(temp, 0, sizeof(temp));
memcpy(temp, dbuf.dptr, dbuf.dsize);
SAFE_FREE(dbuf.dptr);
@@ -215,7 +209,7 @@ static uint32 _reg_perfcount_multi_sz_from_tdb(TDB_CONTEXT *tdb,
uint32 reg_perfcount_get_counter_help(uint32 base_index, char **retbuf)
{
- char *buf1 = NULL, *buf2 = NULL;
+ char *buf1 = NULL;
uint32 buffer_size = 0;
TDB_CONTEXT *names;
const char *fname = counters_directory( NAMES_DB );
@@ -240,15 +234,10 @@ uint32 reg_perfcount_get_counter_help(uint32 base_index, char **retbuf)
/* Now terminate the MULTI_SZ with a double unicode NULL */
buf1 = *retbuf;
- buf2 = SMB_REALLOC(buf1, buffer_size + 2);
- if(!buf2)
- {
- SAFE_FREE(buf1);
+ buf1 = SMB_REALLOC(buf1, buffer_size + 2);
+ if(!buf1) {
buffer_size = 0;
- }
- else
- {
- buf1 = buf2;
+ } else {
buf1[buffer_size++] = '\0';
buf1[buffer_size++] = '\0';
}
@@ -263,7 +252,7 @@ uint32 reg_perfcount_get_counter_help(uint32 base_index, char **retbuf)
uint32 reg_perfcount_get_counter_names(uint32 base_index, char **retbuf)
{
- char *buf1 = NULL, *buf2 = NULL;
+ char *buf1 = NULL;
uint32 buffer_size = 0;
TDB_CONTEXT *names;
const char *fname = counters_directory( NAMES_DB );
@@ -290,15 +279,10 @@ uint32 reg_perfcount_get_counter_names(uint32 base_index, char **retbuf)
/* Now terminate the MULTI_SZ with a double unicode NULL */
buf1 = *retbuf;
- buf2 = SMB_REALLOC(buf1, buffer_size + 2);
- if(!buf2)
- {
- SAFE_FREE(buf1);
+ buf1 = SMB_REALLOC(buf1, buffer_size + 2);
+ if(!buf1) {
buffer_size = 0;
- }
- else
- {
- buf1 = buf2;
+ } else {
buf1[buffer_size++] = '\0';
buf1[buffer_size++] = '\0';
}
diff --git a/source3/registry/reg_printing.c b/source3/registry/reg_printing.c
index 592069052f..f001fdad24 100644
--- a/source3/registry/reg_printing.c
+++ b/source3/registry/reg_printing.c
@@ -858,7 +858,6 @@ static int key_driver_fetch_keys( const char *key, REGSUBKEY_CTR *subkeys )
static void fill_in_driver_values( NT_PRINTER_DRIVER_INFO_LEVEL_3 *info3, REGVAL_CTR *values )
{
char *buffer = NULL;
- char *buffer2 = NULL;
int buffer_size = 0;
int i, length;
char *filename;
@@ -903,10 +902,10 @@ static void fill_in_driver_values( NT_PRINTER_DRIVER_INFO_LEVEL_3 *info3, REGVAL
length = strlen(filename);
- buffer2 = SMB_REALLOC( buffer, buffer_size + (length + 1)*sizeof(uint16) );
- if ( !buffer2 )
+ buffer = SMB_REALLOC( buffer, buffer_size + (length + 1)*sizeof(uint16) );
+ if ( !buffer ) {
break;
- buffer = buffer2;
+ }
init_unistr2( &data, filename, UNI_STR_TERMINATE);
memcpy( buffer+buffer_size, (char*)data.buffer, data.uni_str_len*sizeof(uint16) );
@@ -916,12 +915,10 @@ static void fill_in_driver_values( NT_PRINTER_DRIVER_INFO_LEVEL_3 *info3, REGVAL
/* terminated by double NULL. Add the final one here */
- buffer2 = SMB_REALLOC( buffer, buffer_size + 2 );
- if ( !buffer2 ) {
- SAFE_FREE( buffer );
+ buffer = SMB_REALLOC( buffer, buffer_size + 2 );
+ if ( !buffer ) {
buffer_size = 0;
} else {
- buffer = buffer2;
buffer[buffer_size++] = '\0';
buffer[buffer_size++] = '\0';
}
diff --git a/source3/rpc_parse/parse_buffer.c b/source3/rpc_parse/parse_buffer.c
index 36d8eda847..b220809654 100644
--- a/source3/rpc_parse/parse_buffer.c
+++ b/source3/rpc_parse/parse_buffer.c
@@ -371,19 +371,14 @@ BOOL smb_io_relarraystr(const char *desc, RPC_BUFFER *buffer, int depth, uint16
/* we're going to add two more bytes here in case this
is the last string in the array and we need to add
an extra NULL for termination */
- if (l_chaine > 0)
- {
- uint16 *tc2;
-
+ if (l_chaine > 0) {
realloc_size = (l_chaine2+l_chaine+2)*sizeof(uint16);
/* Yes this should be realloc - it's freed below. JRA */
- if((tc2=(uint16 *)SMB_REALLOC(chaine2, realloc_size)) == NULL) {
- SAFE_FREE(chaine2);
+ if((chaine2=(uint16 *)SMB_REALLOC(chaine2, realloc_size)) == NULL) {
return False;
}
- else chaine2 = tc2;
memcpy(chaine2+l_chaine2, chaine.buffer, (l_chaine+1)*sizeof(uint16));
l_chaine2+=l_chaine+1;
}
diff --git a/source3/rpc_parse/parse_prs.c b/source3/rpc_parse/parse_prs.c
index c4f9f512ab..4683f1dbd0 100644
--- a/source3/rpc_parse/parse_prs.c
+++ b/source3/rpc_parse/parse_prs.c
@@ -207,16 +207,21 @@ BOOL prs_set_buffer_size(prs_struct *ps, uint32 newsize)
return prs_force_grow(ps, newsize - ps->buffer_size);
if (newsize < ps->buffer_size) {
- char *new_data_p = SMB_REALLOC(ps->data_p, newsize);
- /* if newsize is zero, Realloc acts like free() & returns NULL*/
- if (new_data_p == NULL && newsize != 0) {
- DEBUG(0,("prs_set_buffer_size: Realloc failure for size %u.\n",
- (unsigned int)newsize));
- DEBUG(0,("prs_set_buffer_size: Reason %s\n",strerror(errno)));
- return False;
- }
- ps->data_p = new_data_p;
ps->buffer_size = newsize;
+
+ /* newsize == 0 acts as a free and set pointer to NULL */
+ if (newsize == 0) {
+ SAFE_FREE(ps->data_p);
+ } else {
+ ps->data_p = SMB_REALLOC(ps->data_p, newsize);
+
+ if (ps->data_p == NULL) {
+ DEBUG(0,("prs_set_buffer_size: Realloc failure for size %u.\n",
+ (unsigned int)newsize));
+ DEBUG(0,("prs_set_buffer_size: Reason %s\n",strerror(errno)));
+ return False;
+ }
+ }
}
return True;
@@ -230,7 +235,6 @@ BOOL prs_set_buffer_size(prs_struct *ps, uint32 newsize)
BOOL prs_grow(prs_struct *ps, uint32 extra_space)
{
uint32 new_size;
- char *new_data;
ps->grow_size = MAX(ps->grow_size, ps->data_offset + extra_space);
@@ -261,11 +265,11 @@ BOOL prs_grow(prs_struct *ps, uint32 extra_space)
new_size = MAX(RPC_MAX_PDU_FRAG_LEN,extra_space);
- if((new_data = SMB_MALLOC(new_size)) == NULL) {
+ if((ps->data_p = SMB_MALLOC(new_size)) == NULL) {
DEBUG(0,("prs_grow: Malloc failure for size %u.\n", (unsigned int)new_size));
return False;
}
- memset(new_data, '\0', (size_t)new_size );
+ memset(ps->data_p, '\0', (size_t)new_size );
} else {
/*
* If the current buffer size is bigger than the space needed, just
@@ -273,16 +277,15 @@ BOOL prs_grow(prs_struct *ps, uint32 extra_space)
*/
new_size = MAX(ps->buffer_size*2, ps->buffer_size + extra_space);
- if ((new_data = SMB_REALLOC(ps->data_p, new_size)) == NULL) {
+ if ((ps->data_p = SMB_REALLOC(ps->data_p, new_size)) == NULL) {
DEBUG(0,("prs_grow: Realloc failure for size %u.\n",
(unsigned int)new_size));
return False;
}
- memset(&new_data[ps->buffer_size], '\0', (size_t)(new_size - ps->buffer_size));
+ memset(&ps->data_p[ps->buffer_size], '\0', (size_t)(new_size - ps->buffer_size));
}
ps->buffer_size = new_size;
- ps->data_p = new_data;
return True;
}
@@ -296,7 +299,6 @@ BOOL prs_grow(prs_struct *ps, uint32 extra_space)
BOOL prs_force_grow(prs_struct *ps, uint32 extra_space)
{
uint32 new_size = ps->buffer_size + extra_space;
- char *new_data;
if(!UNMARSHALLING(ps) || !ps->is_dynamic) {
DEBUG(0,("prs_force_grow: Buffer overflow - unable to expand buffer by %u bytes.\n",
@@ -304,16 +306,15 @@ BOOL prs_force_grow(prs_struct *ps, uint32 extra_space)
return False;
}
- if((new_data = SMB_REALLOC(ps->data_p, new_size)) == NULL) {
+ if((ps->data_p = SMB_REALLOC(ps->data_p, new_size)) == NULL) {
DEBUG(0,("prs_force_grow: Realloc failure for size %u.\n",
(unsigned int)new_size));
return False;
}
- memset(&new_data[ps->buffer_size], '\0', (size_t)(new_size - ps->buffer_size));
+ memset(&ps->data_p[ps->buffer_size], '\0', (size_t)(new_size - ps->buffer_size));
ps->buffer_size = new_size;
- ps->data_p = new_data;
return True;
}
diff --git a/source3/rpc_parse/parse_spoolss.c b/source3/rpc_parse/parse_spoolss.c
index 5a17860814..5a308bc77d 100644
--- a/source3/rpc_parse/parse_spoolss.c
+++ b/source3/rpc_parse/parse_spoolss.c
@@ -4968,7 +4968,7 @@ BOOL spool_io_printer_driver_info_level_6(const char *desc, SPOOL_PRINTER_DRIVER
********************************************************************/
static BOOL uniarray_2_dosarray(BUFFER5 *buf5, fstring **ar)
{
- fstring f, *tar;
+ fstring f;
int n = 0;
char *src;
@@ -4981,11 +4981,9 @@ static BOOL uniarray_2_dosarray(BUFFER5 *buf5, fstring **ar)
while (src < ((char *)buf5->buffer) + buf5->buf_len*2) {
rpcstr_pull(f, src, sizeof(f)-1, -1, STR_TERMINATE);
src = skip_unibuf(src, 2*buf5->buf_len - PTR_DIFF(src,buf5->buffer));
- tar = SMB_REALLOC_ARRAY(*ar, fstring, n+2);
- if (!tar)
+ *ar = SMB_REALLOC_ARRAY(*ar, fstring, n+2);
+ if (!*ar)
return False;
- else
- *ar = tar;
fstrcpy((*ar)[n], f);
n++;
}
diff --git a/source3/rpc_server/srv_pipe.c b/source3/rpc_server/srv_pipe.c
index 67fb89ef79..eb7fd25daa 100644
--- a/source3/rpc_server/srv_pipe.c
+++ b/source3/rpc_server/srv_pipe.c
@@ -1032,7 +1032,7 @@ NTSTATUS rpc_pipe_register_commands(int version, const char *clnt, const char *s
rpc_lookup will still be valid afterwards. It could then succeed if
called again later */
rpc_lookup_size++;
- rpc_entry = SMB_REALLOC_ARRAY(rpc_lookup, struct rpc_table, rpc_lookup_size);
+ rpc_entry = SMB_REALLOC_ARRAY_KEEP_OLD_ON_ERROR(rpc_lookup, struct rpc_table, rpc_lookup_size);
if (NULL == rpc_entry) {
rpc_lookup_size--;
DEBUG(0, ("rpc_pipe_register_commands: memory allocation failed\n"));
@@ -1046,6 +1046,9 @@ NTSTATUS rpc_pipe_register_commands(int version, const char *clnt, const char *s
rpc_entry->pipe.clnt = SMB_STRDUP(clnt);
rpc_entry->pipe.srv = SMB_STRDUP(srv);
rpc_entry->cmds = SMB_REALLOC_ARRAY(rpc_entry->cmds, struct api_struct, rpc_entry->n_cmds + size);
+ if (!rpc_entry->cmds) {
+ return NT_STATUS_NO_MEMORY;
+ }
memcpy(rpc_entry->cmds + rpc_entry->n_cmds, cmds, size * sizeof(struct api_struct));
rpc_entry->n_cmds += size;
diff --git a/source3/rpc_server/srv_spoolss_nt.c b/source3/rpc_server/srv_spoolss_nt.c
index 938658c479..cc51df98c1 100644
--- a/source3/rpc_server/srv_spoolss_nt.c
+++ b/source3/rpc_server/srv_spoolss_nt.c
@@ -3540,7 +3540,7 @@ static BOOL construct_notify_printer_info(Printer_entry *print_hnd, SPOOL_NOTIFY
uint16 type;
uint16 field;
- SPOOL_NOTIFY_INFO_DATA *current_data, *tid;
+ SPOOL_NOTIFY_INFO_DATA *current_data;
NT_PRINTER_INFO_LEVEL *printer = NULL;
print_queue_struct *queue=NULL;
@@ -3561,11 +3561,10 @@ static BOOL construct_notify_printer_info(Printer_entry *print_hnd, SPOOL_NOTIFY
if (!search_notify(type, field, &j) )
continue;
- if((tid=SMB_REALLOC_ARRAY(info->data, SPOOL_NOTIFY_INFO_DATA, info->count+1)) == NULL) {
+ if((info->data=SMB_REALLOC_ARRAY(info->data, SPOOL_NOTIFY_INFO_DATA, info->count+1)) == NULL) {
DEBUG(2,("construct_notify_printer_info: failed to enlarge buffer info->data!\n"));
return False;
- } else
- info->data = tid;
+ }
current_data = &info->data[info->count];
@@ -3601,7 +3600,7 @@ static BOOL construct_notify_jobs_info(print_queue_struct *queue,
uint16 type;
uint16 field;
- SPOOL_NOTIFY_INFO_DATA *current_data, *tid;
+ SPOOL_NOTIFY_INFO_DATA *current_data;
DEBUG(4,("construct_notify_jobs_info\n"));
@@ -3617,11 +3616,10 @@ static BOOL construct_notify_jobs_info(print_queue_struct *queue,
if (!search_notify(type, field, &j) )
continue;
- if((tid=SMB_REALLOC_ARRAY(info->data, SPOOL_NOTIFY_INFO_DATA, info->count+1)) == NULL) {
+ if((info->data=SMB_REALLOC_ARRAY(info->data, SPOOL_NOTIFY_INFO_DATA, info->count+1)) == NULL) {
DEBUG(2,("construct_notify_jobs_info: failed to enlarg buffer info->data!\n"));
return False;
}
- else info->data = tid;
current_data=&(info->data[info->count]);
@@ -4296,7 +4294,7 @@ static WERROR enum_all_printers_info_1(uint32 flags, RPC_BUFFER *buffer, uint32
int snum;
int i;
int n_services=lp_numservices();
- PRINTER_INFO_1 *tp, *printers=NULL;
+ PRINTER_INFO_1 *printers=NULL;
PRINTER_INFO_1 current_prt;
WERROR result = WERR_OK;
@@ -4307,13 +4305,11 @@ static WERROR enum_all_printers_info_1(uint32 flags, RPC_BUFFER *buffer, uint32
DEBUG(4,("Found a printer in smb.conf: %s[%x]\n", lp_servicename(snum), snum));
if (construct_printer_info_1(NULL, flags, &current_prt, snum)) {
- if((tp=SMB_REALLOC_ARRAY(printers, PRINTER_INFO_1, *returned +1)) == NULL) {
+ if((printers=SMB_REALLOC_ARRAY(printers, PRINTER_INFO_1, *returned +1)) == NULL) {
DEBUG(2,("enum_all_printers_info_1: failed to enlarge printers buffer!\n"));
- SAFE_FREE(printers);
*returned=0;
return WERR_NOMEM;
}
- else printers = tp;
DEBUG(4,("ReAlloced memory for [%d] PRINTER_INFO_1\n", *returned));
memcpy(&printers[*returned], &current_prt, sizeof(PRINTER_INFO_1));
@@ -4484,7 +4480,7 @@ static WERROR enum_all_printers_info_2(RPC_BUFFER *buffer, uint32 offered, uint3
int snum;
int i;
int n_services=lp_numservices();
- PRINTER_INFO_2 *tp, *printers=NULL;
+ PRINTER_INFO_2 *printers=NULL;
PRINTER_INFO_2 current_prt;
WERROR result = WERR_OK;
@@ -4492,18 +4488,15 @@ static WERROR enum_all_printers_info_2(RPC_BUFFER *buffer, uint32 offered, uint3
if (lp_browseable(snum) && lp_snum_ok(snum) && lp_print_ok(snum) ) {
DEBUG(4,("Found a printer in smb.conf: %s[%x]\n", lp_servicename(snum), snum));
- if (construct_printer_info_2(NULL, &current_prt, snum))
- {
- if ( !(tp=SMB_REALLOC_ARRAY(printers, PRINTER_INFO_2, *returned +1)) ) {
+ if (construct_printer_info_2(NULL, &current_prt, snum)) {
+ if ( !(printers=SMB_REALLOC_ARRAY(printers, PRINTER_INFO_2, *returned +1)) ) {
DEBUG(2,("enum_all_printers_info_2: failed to enlarge printers buffer!\n"));
- SAFE_FREE(printers);
*returned = 0;
return WERR_NOMEM;
}
- DEBUG(4,("ReAlloced memory for [%d] PRINTER_INFO_2\n", *returned));
+ DEBUG(4,("ReAlloced memory for [%d] PRINTER_INFO_2\n", *returned + 1));
- printers = tp;
memcpy(&printers[*returned], &current_prt, sizeof(PRINTER_INFO_2));
(*returned)++;
@@ -5074,7 +5067,6 @@ static uint32 init_unistr_array(uint16 **uni_array, fstring *char_array, const c
int j=0;
const char *v;
pstring line;
- uint16 *tuary;
DEBUG(6,("init_unistr_array\n"));
*uni_array=NULL;
@@ -5102,12 +5094,11 @@ static uint32 init_unistr_array(uint16 **uni_array, fstring *char_array, const c
/* add one extra unit16 for the second terminating NULL */
- if ( (tuary=SMB_REALLOC_ARRAY(*uni_array, uint16, j+1+strlen(line)+2)) == NULL ) {
+ if ( (*uni_array=SMB_REALLOC_ARRAY(*uni_array, uint16, j+1+strlen(line)+2)) == NULL ) {
DEBUG(2,("init_unistr_array: Realloc error\n" ));
return 0;
- } else
- *uni_array = tuary;
-
+ }
+
if ( !strlen(v) )
break;
@@ -6699,7 +6690,7 @@ static WERROR enumprinterdrivers_level1(fstring servername, fstring architecture
uint32 version;
fstring *list = NULL;
NT_PRINTER_DRIVER_INFO_LEVEL driver;
- DRIVER_INFO_1 *tdi1, *driver_info_1=NULL;
+ DRIVER_INFO_1 *driver_info_1=NULL;
WERROR result = WERR_OK;
*returned=0;
@@ -6713,13 +6704,11 @@ static WERROR enumprinterdrivers_level1(fstring servername, fstring architecture
return WERR_NOMEM;
if(ndrivers != 0) {
- if((tdi1=SMB_REALLOC_ARRAY(driver_info_1, DRIVER_INFO_1, *returned+ndrivers )) == NULL) {
+ if((driver_info_1=SMB_REALLOC_ARRAY(driver_info_1, DRIVER_INFO_1, *returned+ndrivers )) == NULL) {
DEBUG(0,("enumprinterdrivers_level1: failed to enlarge driver info buffer!\n"));
- SAFE_FREE(driver_info_1);
SAFE_FREE(list);
return WERR_NOMEM;
}
- else driver_info_1 = tdi1;
}
for (i=0; i<ndrivers; i++) {
@@ -6782,7 +6771,7 @@ static WERROR enumprinterdrivers_level2(fstring servername, fstring architecture
uint32 version;
fstring *list = NULL;
NT_PRINTER_DRIVER_INFO_LEVEL driver;
- DRIVER_INFO_2 *tdi2, *driver_info_2=NULL;
+ DRIVER_INFO_2 *driver_info_2=NULL;
WERROR result = WERR_OK;
*returned=0;
@@ -6796,13 +6785,11 @@ static WERROR enumprinterdrivers_level2(fstring servername, fstring architecture
return WERR_NOMEM;
if(ndrivers != 0) {
- if((tdi2=SMB_REALLOC_ARRAY(driver_info_2, DRIVER_INFO_2, *returned+ndrivers )) == NULL) {
+ if((driver_info_2=SMB_REALLOC_ARRAY(driver_info_2, DRIVER_INFO_2, *returned+ndrivers )) == NULL) {
DEBUG(0,("enumprinterdrivers_level2: failed to enlarge driver info buffer!\n"));
- SAFE_FREE(driver_info_2);
SAFE_FREE(list);
return WERR_NOMEM;
}
- else driver_info_2 = tdi2;
}
for (i=0; i<ndrivers; i++) {
@@ -6866,7 +6853,7 @@ static WERROR enumprinterdrivers_level3(fstring servername, fstring architecture
uint32 version;
fstring *list = NULL;
NT_PRINTER_DRIVER_INFO_LEVEL driver;
- DRIVER_INFO_3 *tdi3, *driver_info_3=NULL;
+ DRIVER_INFO_3 *driver_info_3=NULL;
WERROR result = WERR_OK;
*returned=0;
@@ -6880,13 +6867,11 @@ static WERROR enumprinterdrivers_level3(fstring servername, fstring architecture
return WERR_NOMEM;
if(ndrivers != 0) {
- if((tdi3=SMB_REALLOC_ARRAY(driver_info_3, DRIVER_INFO_3, *returned+ndrivers )) == NULL) {
+ if((driver_info_3=SMB_REALLOC_ARRAY(driver_info_3, DRIVER_INFO_3, *returned+ndrivers )) == NULL) {
DEBUG(0,("enumprinterdrivers_level3: failed to enlarge driver info buffer!\n"));
- SAFE_FREE(driver_info_3);
SAFE_FREE(list);
return WERR_NOMEM;
}
- else driver_info_3 = tdi3;
}
for (i=0; i<ndrivers; i++) {
diff --git a/source3/sam/idmap_rid.c b/source3/sam/idmap_rid.c
index 0922000fa1..58838512a6 100644
--- a/source3/sam/idmap_rid.c
+++ b/source3/sam/idmap_rid.c
@@ -287,7 +287,13 @@ static NTSTATUS rid_idmap_get_domains(uint32 *num_domains, fstring **domain_name
*num_domains = trusted_num_domains + own_domains;
*domain_names = SMB_REALLOC_ARRAY(*domain_names, fstring,
*num_domains);
+ if (!*domain_names) {
+ goto out;
+ }
*domain_sids = SMB_REALLOC_ARRAY(*domain_sids, DOM_SID, *num_domains);
+ if (!*domain_sids) {
+ goto out;
+ }
/* first add mydomain */
fstrcpy((*domain_names)[0], domain_name);
diff --git a/source3/smbd/lanman.c b/source3/smbd/lanman.c
index ca6cc57cc3..a78681bad8 100644
--- a/source3/smbd/lanman.c
+++ b/source3/smbd/lanman.c
@@ -798,6 +798,9 @@ static BOOL api_DosPrintQGetInfo(connection_struct *conn,
*rdata_len = 0;
*rparam_len = 6;
*rparam = SMB_REALLOC_LIMIT(*rparam,*rparam_len);
+ if (!*rparam) {
+ return False;
+ }
SSVALS(*rparam,0,ERRunknownlevel);
SSVAL(*rparam,2,0);
SSVAL(*rparam,4,0);
@@ -817,6 +820,9 @@ static BOOL api_DosPrintQGetInfo(connection_struct *conn,
if (mdrcnt > 0) {
*rdata = SMB_REALLOC_LIMIT(*rdata,mdrcnt);
+ if (!*rdata) {
+ return False;
+ }
desc.base = *rdata;
desc.buflen = mdrcnt;
} else {
@@ -846,6 +852,9 @@ static BOOL api_DosPrintQGetInfo(connection_struct *conn,
*rdata_len = desc.usedlen;
*rparam_len = 6;
*rparam = SMB_REALLOC_LIMIT(*rparam,*rparam_len);
+ if (!*rparam) {
+ return False;
+ }
SSVALS(*rparam,0,desc.errcode);
SSVAL(*rparam,2,0);
SSVAL(*rparam,4,desc.neededlen);
@@ -896,6 +905,9 @@ static BOOL api_DosPrintQEnum(connection_struct *conn, uint16 vuid, char* param,
*rdata_len = 0;
*rparam_len = 6;
*rparam = SMB_REALLOC_LIMIT(*rparam,*rparam_len);
+ if (!*rparam) {
+ return False;
+ }
SSVALS(*rparam,0,ERRunknownlevel);
SSVAL(*rparam,2,0);
SSVAL(*rparam,4,0);
@@ -1066,15 +1078,11 @@ static int get_server_info(uint32 servertype,
}
if (count == alloced) {
- struct srv_info_struct *ts;
-
alloced += 10;
- ts = SMB_REALLOC_ARRAY(*servers,struct srv_info_struct, alloced);
- if (!ts) {
+ *servers = SMB_REALLOC_ARRAY(*servers,struct srv_info_struct, alloced);
+ if (!*servers) {
DEBUG(0,("get_server_info: failed to enlarge servers info struct!\n"));
return 0;
- } else {
- *servers = ts;
}
memset((char *)((*servers)+count),'\0',sizeof(**servers)*(alloced-count));
}
@@ -1332,6 +1340,9 @@ static BOOL api_RNetServerEnum(connection_struct *conn, uint16 vuid, char *param
*rdata_len = fixed_len + string_len;
*rdata = SMB_REALLOC_LIMIT(*rdata,*rdata_len);
+ if (!*rdata) {
+ return False;
+ }
memset(*rdata,'\0',*rdata_len);
p2 = (*rdata) + fixed_len; /* auxilliary data (strings) will go here */
@@ -1359,6 +1370,9 @@ static BOOL api_RNetServerEnum(connection_struct *conn, uint16 vuid, char *param
*rparam_len = 8;
*rparam = SMB_REALLOC_LIMIT(*rparam,*rparam_len);
+ if (!*rparam) {
+ return False;
+ }
SSVAL(*rparam,0,(missed == 0 ? NERR_Success : ERRmoredata));
SSVAL(*rparam,2,0);
SSVAL(*rparam,4,counted);
@@ -1399,6 +1413,9 @@ static BOOL api_RNetGroupGetUsers(connection_struct *conn, uint16 vuid, char *pa
*rparam_len = 8;
*rparam = SMB_REALLOC_LIMIT(*rparam,*rparam_len);
+ if (!*rparam) {
+ return False;
+ }
SSVAL(*rparam,0,0x08AC); /* informational warning message */
SSVAL(*rparam,2,0);
@@ -1581,6 +1598,9 @@ static BOOL api_RNetShareGetInfo(connection_struct *conn,uint16 vuid, char *para
}
*rdata = SMB_REALLOC_LIMIT(*rdata,mdrcnt);
+ if (!*rdata) {
+ return False;
+ }
p = *rdata;
*rdata_len = fill_share_info(conn,snum,uLevel,&p,&mdrcnt,0,0,0);
if (*rdata_len < 0) {
@@ -1589,6 +1609,9 @@ static BOOL api_RNetShareGetInfo(connection_struct *conn,uint16 vuid, char *para
*rparam_len = 6;
*rparam = SMB_REALLOC_LIMIT(*rparam,*rparam_len);
+ if (!*rparam) {
+ return False;
+ }
SSVAL(*rparam,0,NERR_Success);
SSVAL(*rparam,2,0); /* converter word */
SSVAL(*rparam,4,*rdata_len);
@@ -1665,6 +1688,9 @@ static BOOL api_RNetShareEnum( connection_struct *conn,
*rdata_len = fixed_len + string_len;
*rdata = SMB_REALLOC_LIMIT(*rdata,*rdata_len);
+ if (!*rdata) {
+ return False;
+ }
memset(*rdata,0,*rdata_len);
p2 = (*rdata) + fixed_len; /* auxiliary data (strings) will go here */
@@ -1688,6 +1714,9 @@ static BOOL api_RNetShareEnum( connection_struct *conn,
*rparam_len = 8;
*rparam = SMB_REALLOC_LIMIT(*rparam,*rparam_len);
+ if (!*rparam) {
+ return False;
+ }
SSVAL(*rparam,0,missed ? ERRmoredata : NERR_Success);
SSVAL(*rparam,2,0);
SSVAL(*rparam,4,counted);
@@ -1792,6 +1821,9 @@ static BOOL api_RNetShareAdd(connection_struct *conn,uint16 vuid, char *param,ch
*rparam_len = 6;
*rparam = SMB_REALLOC_LIMIT(*rparam,*rparam_len);
+ if (!*rparam) {
+ return False;
+ }
SSVAL(*rparam,0,NERR_Success);
SSVAL(*rparam,2,0); /* converter word */
SSVAL(*rparam,4,*rdata_len);
@@ -1803,6 +1835,9 @@ static BOOL api_RNetShareAdd(connection_struct *conn,uint16 vuid, char *param,ch
*rparam_len = 4;
*rparam = SMB_REALLOC_LIMIT(*rparam,*rparam_len);
+ if (!*rparam) {
+ return False;
+ }
*rdata_len = 0;
SSVAL(*rparam,0,res);
SSVAL(*rparam,2,0);
@@ -1868,6 +1903,9 @@ static BOOL api_RNetGroupEnum(connection_struct *conn,uint16 vuid, char *param,c
*rdata_len = cli_buf_size;
*rdata = SMB_REALLOC_LIMIT(*rdata,*rdata_len);
+ if (!*rdata) {
+ return False;
+ }
p = *rdata;
@@ -1895,7 +1933,9 @@ static BOOL api_RNetGroupEnum(connection_struct *conn,uint16 vuid, char *param,c
*rparam_len = 8;
*rparam = SMB_REALLOC_LIMIT(*rparam,*rparam_len);
-
+ if (!*rparam) {
+ return False;
+ }
SSVAL(*rparam, 0, errflags);
SSVAL(*rparam, 2, 0); /* converter word */
SSVAL(*rparam, 4, i); /* is this right?? */
@@ -1933,6 +1973,9 @@ static BOOL api_NetUserGetGroups(connection_struct *conn,uint16 vuid, char *para
*rparam_len = 8;
*rparam = SMB_REALLOC_LIMIT(*rparam,*rparam_len);
+ if (!*rparam) {
+ return False;
+ }
/* check it's a supported varient */
@@ -1952,7 +1995,9 @@ static BOOL api_NetUserGetGroups(connection_struct *conn,uint16 vuid, char *para
*rdata_len = mdrcnt + 1024;
*rdata = SMB_REALLOC_LIMIT(*rdata,*rdata_len);
-
+ if (!*rdata) {
+ return False;
+ }
SSVAL(*rparam,0,NERR_Success);
SSVAL(*rparam,2,0); /* converter word */
@@ -2068,6 +2113,9 @@ static BOOL api_RNetUserEnum(connection_struct *conn,uint16 vuid, char *param,ch
*rparam_len = 8;
*rparam = SMB_REALLOC_LIMIT(*rparam,*rparam_len);
+ if (!*rparam) {
+ return False;
+ }
/* check it's a supported varient */
if (strcmp("B21",str2) != 0)
@@ -2075,6 +2123,9 @@ static BOOL api_RNetUserEnum(connection_struct *conn,uint16 vuid, char *param,ch
*rdata_len = cli_buf_size;
*rdata = SMB_REALLOC_LIMIT(*rdata,*rdata_len);
+ if (!*rdata) {
+ return False;
+ }
p = *rdata;
@@ -2138,9 +2189,15 @@ static BOOL api_NetRemoteTOD(connection_struct *conn,uint16 vuid, char *param,ch
*rparam_len = 4;
*rparam = SMB_REALLOC_LIMIT(*rparam,*rparam_len);
+ if (!*rparam) {
+ return False;
+ }
*rdata_len = 21;
*rdata = SMB_REALLOC_LIMIT(*rdata,*rdata_len);
+ if (!*rdata) {
+ return False;
+ }
SSVAL(*rparam,0,NERR_Success);
SSVAL(*rparam,2,0); /* converter word */
@@ -2194,6 +2251,9 @@ static BOOL api_SetUserPassword(connection_struct *conn,uint16 vuid, char *param
*rparam_len = 4;
*rparam = SMB_REALLOC_LIMIT(*rparam,*rparam_len);
+ if (!*rparam) {
+ return False;
+ }
*rdata_len = 0;
@@ -2266,6 +2326,9 @@ static BOOL api_SamOEMChangePassword(connection_struct *conn,uint16 vuid, char *
char *p = param + 2;
*rparam_len = 2;
*rparam = SMB_REALLOC_LIMIT(*rparam,*rparam_len);
+ if (!*rparam) {
+ return False;
+ }
*rdata_len = 0;
@@ -2333,6 +2396,9 @@ static BOOL api_RDosPrintJobDel(connection_struct *conn,uint16 vuid, char *param
*rparam_len = 4;
*rparam = SMB_REALLOC_LIMIT(*rparam,*rparam_len);
+ if (!*rparam) {
+ return False;
+ }
*rdata_len = 0;
if (!print_job_exists(sharename, jobid)) {
@@ -2396,6 +2462,9 @@ static BOOL api_WPrintQueueCtrl(connection_struct *conn,uint16 vuid, char *param
*rparam_len = 4;
*rparam = SMB_REALLOC_LIMIT(*rparam,*rparam_len);
+ if (!*rparam) {
+ return False;
+ }
*rdata_len = 0;
snum = print_queue_snum(QueueName);
@@ -2470,6 +2539,9 @@ static BOOL api_PrintJobInfo(connection_struct *conn,uint16 vuid,char *param,cha
return False;
*rparam_len = 4;
*rparam = SMB_REALLOC_LIMIT(*rparam,*rparam_len);
+ if (!*rparam) {
+ return False;
+ }
if ( (snum = lp_servicenumber(sharename)) == -1 ) {
DEBUG(0,("api_PrintJobInfo: unable to get service number from sharename [%s]\n",
@@ -2586,6 +2658,9 @@ static BOOL api_RNetServerGetInfo(connection_struct *conn,uint16 vuid, char *par
*rdata_len = mdrcnt;
*rdata = SMB_REALLOC_LIMIT(*rdata,*rdata_len);
+ if (!*rdata) {
+ return False;
+ }
p = *rdata;
p2 = p + struct_len;
@@ -2635,6 +2710,9 @@ static BOOL api_RNetServerGetInfo(connection_struct *conn,uint16 vuid, char *par
*rparam_len = 6;
*rparam = SMB_REALLOC_LIMIT(*rparam,*rparam_len);
+ if (!*rparam) {
+ return False;
+ }
SSVAL(*rparam,0,NERR_Success);
SSVAL(*rparam,2,0); /* converter word */
SSVAL(*rparam,4,*rdata_len);
@@ -2661,6 +2739,9 @@ static BOOL api_NetWkstaGetInfo(connection_struct *conn,uint16 vuid, char *param
*rparam_len = 6;
*rparam = SMB_REALLOC_LIMIT(*rparam,*rparam_len);
+ if (!*rparam) {
+ return False;
+ }
/* check it's a supported varient */
if (!(level==10 && strcsequal(str1,"WrLh") && strcsequal(str2,"zzzBBzz"))) {
@@ -2669,6 +2750,9 @@ static BOOL api_NetWkstaGetInfo(connection_struct *conn,uint16 vuid, char *param
*rdata_len = mdrcnt + 1024;
*rdata = SMB_REALLOC_LIMIT(*rdata,*rdata_len);
+ if (!*rdata) {
+ return False;
+ }
SSVAL(*rparam,0,NERR_Success);
SSVAL(*rparam,2,0); /* converter word */
@@ -2908,6 +2992,9 @@ static BOOL api_RNetUserGetInfo(connection_struct *conn,uint16 vuid, char *param
*rparam_len = 6;
*rparam = SMB_REALLOC_LIMIT(*rparam,*rparam_len);
+ if (!*rparam) {
+ return False;
+ }
DEBUG(4,("RNetUserGetInfo level=%d\n", uLevel));
@@ -2930,6 +3017,9 @@ static BOOL api_RNetUserGetInfo(connection_struct *conn,uint16 vuid, char *param
*rdata_len = mdrcnt + 1024;
*rdata = SMB_REALLOC_LIMIT(*rdata,*rdata_len);
+ if (!*rdata) {
+ return False;
+ }
SSVAL(*rparam,0,NERR_Success);
SSVAL(*rparam,2,0); /* converter word */
@@ -3082,6 +3172,9 @@ static BOOL api_WWkstaUserLogon(connection_struct *conn,uint16 vuid, char *param
}
if (mdrcnt > 0) {
*rdata = SMB_REALLOC_LIMIT(*rdata,mdrcnt);
+ if (!*rdata) {
+ return False;
+ }
}
desc.base = *rdata;
@@ -3121,6 +3214,9 @@ static BOOL api_WWkstaUserLogon(connection_struct *conn,uint16 vuid, char *param
*rdata_len = desc.usedlen;
*rparam_len = 6;
*rparam = SMB_REALLOC_LIMIT(*rparam,*rparam_len);
+ if (!*rparam) {
+ return False;
+ }
SSVALS(*rparam,0,desc.errcode);
SSVAL(*rparam,2,0);
SSVAL(*rparam,4,desc.neededlen);
@@ -3156,6 +3252,9 @@ static BOOL api_WAccessGetUserPerms(connection_struct *conn,uint16 vuid, char *p
*rparam_len = 6;
*rparam = SMB_REALLOC_LIMIT(*rparam,*rparam_len);
+ if (!*rparam) {
+ return False;
+ }
SSVALS(*rparam,0,0); /* errorcode */
SSVAL(*rparam,2,0); /* converter word */
SSVAL(*rparam,4,0x7f); /* permission flags */
@@ -3219,6 +3318,9 @@ static BOOL api_WPrintJobGetInfo(connection_struct *conn,uint16 vuid, char *para
if (mdrcnt > 0) {
*rdata = SMB_REALLOC_LIMIT(*rdata,mdrcnt);
+ if (!*rdata) {
+ return False;
+ }
desc.base = *rdata;
desc.buflen = mdrcnt;
} else {
@@ -3242,6 +3344,9 @@ static BOOL api_WPrintJobGetInfo(connection_struct *conn,uint16 vuid, char *para
*rparam_len = 6;
*rparam = SMB_REALLOC_LIMIT(*rparam,*rparam_len);
+ if (!*rparam) {
+ return False;
+ }
SSVALS(*rparam,0,desc.errcode);
SSVAL(*rparam,2,0);
SSVAL(*rparam,4,desc.neededlen);
@@ -3300,6 +3405,9 @@ static BOOL api_WPrintJobEnumerate(connection_struct *conn,uint16 vuid, char *pa
count = print_queue_status(snum,&queue,&status);
if (mdrcnt > 0) {
*rdata = SMB_REALLOC_LIMIT(*rdata,mdrcnt);
+ if (!*rdata) {
+ return False;
+ }
}
desc.base = *rdata;
desc.buflen = mdrcnt;
@@ -3318,6 +3426,9 @@ static BOOL api_WPrintJobEnumerate(connection_struct *conn,uint16 vuid, char *pa
*rparam_len = 8;
*rparam = SMB_REALLOC_LIMIT(*rparam,*rparam_len);
+ if (!*rparam) {
+ return False;
+ }
SSVALS(*rparam,0,desc.errcode);
SSVAL(*rparam,2,0);
SSVAL(*rparam,4,succnt);
@@ -3429,6 +3540,9 @@ static BOOL api_WPrintDestGetInfo(connection_struct *conn,uint16 vuid, char *par
} else {
if (mdrcnt > 0) {
*rdata = SMB_REALLOC_LIMIT(*rdata,mdrcnt);
+ if (!*rdata) {
+ return False;
+ }
desc.base = *rdata;
desc.buflen = mdrcnt;
} else {
@@ -3447,6 +3561,9 @@ static BOOL api_WPrintDestGetInfo(connection_struct *conn,uint16 vuid, char *par
*rparam_len = 6;
*rparam = SMB_REALLOC_LIMIT(*rparam,*rparam_len);
+ if (!*rparam) {
+ return False;
+ }
SSVALS(*rparam,0,desc.errcode);
SSVAL(*rparam,2,0);
SSVAL(*rparam,4,desc.neededlen);
@@ -3494,6 +3611,9 @@ static BOOL api_WPrintDestEnum(connection_struct *conn,uint16 vuid, char *param,
if (mdrcnt > 0) {
*rdata = SMB_REALLOC_LIMIT(*rdata,mdrcnt);
+ if (!*rdata) {
+ return False;
+ }
}
desc.base = *rdata;
@@ -3516,6 +3636,9 @@ static BOOL api_WPrintDestEnum(connection_struct *conn,uint16 vuid, char *param,
*rparam_len = 8;
*rparam = SMB_REALLOC_LIMIT(*rparam,*rparam_len);
+ if (!*rparam) {
+ return False;
+ }
SSVALS(*rparam,0,desc.errcode);
SSVAL(*rparam,2,0);
SSVAL(*rparam,4,succnt);
@@ -3554,6 +3677,9 @@ static BOOL api_WPrintDriverEnum(connection_struct *conn,uint16 vuid, char *para
if (mdrcnt > 0) {
*rdata = SMB_REALLOC_LIMIT(*rdata,mdrcnt);
+ if (!*rdata) {
+ return False;
+ }
}
desc.base = *rdata;
desc.buflen = mdrcnt;
@@ -3567,6 +3693,9 @@ static BOOL api_WPrintDriverEnum(connection_struct *conn,uint16 vuid, char *para
*rparam_len = 8;
*rparam = SMB_REALLOC_LIMIT(*rparam,*rparam_len);
+ if (!*rparam) {
+ return False;
+ }
SSVALS(*rparam,0,desc.errcode);
SSVAL(*rparam,2,0);
SSVAL(*rparam,4,succnt);
@@ -3605,6 +3734,9 @@ static BOOL api_WPrintQProcEnum(connection_struct *conn,uint16 vuid, char *param
if (mdrcnt > 0) {
*rdata = SMB_REALLOC_LIMIT(*rdata,mdrcnt);
+ if (!*rdata) {
+ return False;
+ }
}
desc.base = *rdata;
desc.buflen = mdrcnt;
@@ -3619,6 +3751,9 @@ static BOOL api_WPrintQProcEnum(connection_struct *conn,uint16 vuid, char *param
*rparam_len = 8;
*rparam = SMB_REALLOC_LIMIT(*rparam,*rparam_len);
+ if (!*rparam) {
+ return False;
+ }
SSVALS(*rparam,0,desc.errcode);
SSVAL(*rparam,2,0);
SSVAL(*rparam,4,succnt);
@@ -3657,6 +3792,9 @@ static BOOL api_WPrintPortEnum(connection_struct *conn,uint16 vuid, char *param,
if (mdrcnt > 0) {
*rdata = SMB_REALLOC_LIMIT(*rdata,mdrcnt);
+ if (!*rdata) {
+ return False;
+ }
}
memset((char *)&desc,'\0',sizeof(desc));
desc.base = *rdata;
@@ -3672,6 +3810,9 @@ static BOOL api_WPrintPortEnum(connection_struct *conn,uint16 vuid, char *param,
*rparam_len = 8;
*rparam = SMB_REALLOC_LIMIT(*rparam,*rparam_len);
+ if (!*rparam) {
+ return False;
+ }
SSVALS(*rparam,0,desc.errcode);
SSVAL(*rparam,2,0);
SSVAL(*rparam,4,succnt);
@@ -3720,6 +3861,9 @@ static BOOL api_RNetSessionEnum(connection_struct *conn,uint16 vuid, char *param
if (mdrcnt > 0) {
*rdata = SMB_REALLOC_LIMIT(*rdata,mdrcnt);
+ if (!*rdata) {
+ return False;
+ }
}
memset((char *)&desc,'\0',sizeof(desc));
desc.base = *rdata;
@@ -3745,6 +3889,9 @@ static BOOL api_RNetSessionEnum(connection_struct *conn,uint16 vuid, char *param
*rparam_len = 8;
*rparam = SMB_REALLOC_LIMIT(*rparam,*rparam_len);
+ if (!*rparam) {
+ return False;
+ }
SSVALS(*rparam,0,desc.errcode);
SSVAL(*rparam,2,0); /* converter */
SSVAL(*rparam,4,num_sessions); /* count */
@@ -3766,6 +3913,9 @@ static BOOL api_TooSmall(connection_struct *conn,uint16 vuid, char *param, char
{
*rparam_len = MIN(*rparam_len,mprcnt);
*rparam = SMB_REALLOC_LIMIT(*rparam,*rparam_len);
+ if (!*rparam) {
+ return False;
+ }
*rdata_len = 0;
@@ -3787,6 +3937,9 @@ static BOOL api_Unsupported(connection_struct *conn, uint16 vuid, char *param, c
{
*rparam_len = 4;
*rparam = SMB_REALLOC_LIMIT(*rparam,*rparam_len);
+ if (!*rparam) {
+ return False;
+ }
*rdata_len = 0;
@@ -3919,11 +4072,14 @@ int api_reply(connection_struct *conn,uint16 vuid,char *outbuf,char *data,char *
/* if we get False back then it's actually unsupported */
if (!reply) {
- api_Unsupported(conn,vuid,params,data,mdrcnt,mprcnt,
+ reply = api_Unsupported(conn,vuid,params,data,mdrcnt,mprcnt,
&rdata,&rparam,&rdata_len,&rparam_len);
}
- send_trans_reply(outbuf, rparam, rparam_len, rdata, rdata_len, False);
+ /* If api_Unsupported returns false we can't return anything. */
+ if (reply) {
+ send_trans_reply(outbuf, rparam, rparam_len, rdata, rdata_len, False);
+ }
SAFE_FREE(rdata);
SAFE_FREE(rparam);
diff --git a/source3/smbd/msdfs.c b/source3/smbd/msdfs.c
index 4f7858d985..955197a425 100644
--- a/source3/smbd/msdfs.c
+++ b/source3/smbd/msdfs.c
@@ -643,9 +643,8 @@ static int setup_ver2_dfs_referral(char *pathname, char **ppdata,
if(pdata == NULL) {
DEBUG(0,("malloc failed for Realloc!\n"));
return -1;
- } else {
- *ppdata = pdata;
}
+ *ppdata = pdata;
/* copy in the dfs requested paths.. required for offset calculations */
memcpy(pdata+uni_reqpathoffset1,uni_requestedpath,requestedpathlen);
@@ -729,9 +728,8 @@ static int setup_ver3_dfs_referral(char *pathname, char **ppdata,
if(pdata == NULL) {
DEBUG(0,("version3 referral setup: malloc failed for Realloc!\n"));
return -1;
- } else {
- *ppdata = pdata;
}
+ *ppdata = pdata;
/* create the header */
SSVAL(pdata,0,consumedcnt * 2); /* path consumed */
diff --git a/source3/smbd/nttrans.c b/source3/smbd/nttrans.c
index 417e3421cb..796eb44332 100644
--- a/source3/smbd/nttrans.c
+++ b/source3/smbd/nttrans.c
@@ -48,21 +48,16 @@ static const char *known_nt_pipes[] = {
static char *nttrans_realloc(char **ptr, size_t size)
{
- char *tptr = NULL;
if (ptr==NULL) {
smb_panic("nttrans_realloc() called with NULL ptr\n");
}
- tptr = SMB_REALLOC(*ptr, size);
- if(tptr == NULL) {
- *ptr = NULL;
+ *ptr = SMB_REALLOC(*ptr, size);
+ if(*ptr == NULL) {
return NULL;
}
- memset(tptr,'\0',size);
-
- *ptr = tptr;
-
- return tptr;
+ memset(*ptr,'\0',size);
+ return *ptr;
}
/****************************************************************************
diff --git a/source3/smbd/password.c b/source3/smbd/password.c
index 782a8c2b89..8b88990e2f 100644
--- a/source3/smbd/password.c
+++ b/source3/smbd/password.c
@@ -383,7 +383,7 @@ void add_session_user(const char *user)
"too large.\n"));
return;
}
- newlist = (char *)SMB_REALLOC(
+ newlist = (char *)SMB_REALLOC_KEEP_OLD_ON_ERROR(
session_userlist,
len_session_userlist + PSTRING_LEN );
if( newlist == NULL ) {
diff --git a/source3/smbd/session.c b/source3/smbd/session.c
index 27f760a088..41f8fd0ed4 100644
--- a/source3/smbd/session.c
+++ b/source3/smbd/session.c
@@ -224,6 +224,10 @@ static int gather_sessioninfo(TDB_CONTEXT *stdb, TDB_DATA kbuf, TDB_DATA dbuf,
sesslist->count += 1;
sesslist->sessions = SMB_REALLOC_ARRAY(sesslist->sessions, struct sessionid,
sesslist->count);
+ if (!sesslist->sessions) {
+ sesslist->count = 0;
+ return -1;
+ }
memcpy(&sesslist->sessions[sesslist->count - 1], current,
sizeof(struct sessionid));
diff --git a/source3/smbd/trans2.c b/source3/smbd/trans2.c
index 6da71039f0..9cd2d44de5 100644
--- a/source3/smbd/trans2.c
+++ b/source3/smbd/trans2.c
@@ -870,11 +870,11 @@ static int call_trans2open(connection_struct *conn, char *inbuf, char *outbuf, i
}
/* Realloc the size of parameters and data we will return */
- params = SMB_REALLOC(*pparams, 30);
- if( params == NULL ) {
+ *pparams = SMB_REALLOC(*pparams, 30);
+ if(*pparams == NULL ) {
return ERROR_NT(NT_STATUS_NO_MEMORY);
}
- *pparams = params;
+ params = *pparams;
SSVAL(params,0,fsp->fnum);
SSVAL(params,2,open_attr);
@@ -1711,21 +1711,20 @@ total_data=%u (should be %u)\n", (unsigned int)total_data, (unsigned int)IVAL(pd
}
}
- pdata = SMB_REALLOC(*ppdata, max_data_bytes + DIR_ENTRY_SAFETY_MARGIN);
- if( pdata == NULL ) {
+ *ppdata = SMB_REALLOC(*ppdata, max_data_bytes + DIR_ENTRY_SAFETY_MARGIN);
+ if(*ppdata == NULL ) {
talloc_destroy(ea_ctx);
return ERROR_NT(NT_STATUS_NO_MEMORY);
}
-
- *ppdata = pdata;
+ pdata = *ppdata;
/* Realloc the params space */
- params = SMB_REALLOC(*pparams, 10);
- if (params == NULL) {
+ *pparams = SMB_REALLOC(*pparams, 10);
+ if (*pparams == NULL) {
talloc_destroy(ea_ctx);
return ERROR_NT(NT_STATUS_NO_MEMORY);
}
- *pparams = params;
+ params = *pparams;
/* Save the wildcard match and attribs we are using on this directory -
needed as lanman2 assumes these are being saved between calls */
@@ -1962,22 +1961,22 @@ total_data=%u (should be %u)\n", (unsigned int)total_data, (unsigned int)IVAL(pd
}
}
- pdata = SMB_REALLOC( *ppdata, max_data_bytes + DIR_ENTRY_SAFETY_MARGIN);
- if(pdata == NULL) {
+ *ppdata = SMB_REALLOC( *ppdata, max_data_bytes + DIR_ENTRY_SAFETY_MARGIN);
+ if(*ppdata == NULL) {
talloc_destroy(ea_ctx);
return ERROR_NT(NT_STATUS_NO_MEMORY);
}
- *ppdata = pdata;
+ pdata = *ppdata;
/* Realloc the params space */
- params = SMB_REALLOC(*pparams, 6*SIZEOFWORD);
- if( params == NULL ) {
+ *pparams = SMB_REALLOC(*pparams, 6*SIZEOFWORD);
+ if(*pparams == NULL ) {
talloc_destroy(ea_ctx);
return ERROR_NT(NT_STATUS_NO_MEMORY);
}
- *pparams = params;
+ params = *pparams;
/* Check that the dptr is valid */
if(!(conn->dirptr = dptr_fetch_lanman2(dptr_num))) {
@@ -2134,12 +2133,12 @@ static int call_trans2qfsinfo(connection_struct *conn, char *inbuf, char *outbuf
return ERROR_DOS(ERRSRV,ERRinvdevice);
}
- pdata = SMB_REALLOC(*ppdata, max_data_bytes + DIR_ENTRY_SAFETY_MARGIN);
- if ( pdata == NULL ) {
+ *ppdata = SMB_REALLOC(*ppdata, max_data_bytes + DIR_ENTRY_SAFETY_MARGIN);
+ if (*ppdata == NULL ) {
return ERROR_NT(NT_STATUS_NO_MEMORY);
}
- *ppdata = pdata;
+ pdata = *ppdata;
memset((char *)pdata,'\0',max_data_bytes + DIR_ENTRY_SAFETY_MARGIN);
switch (info_level) {
@@ -2943,20 +2942,20 @@ total_data=%u (should be %u)\n", (unsigned int)total_data, (unsigned int)IVAL(pd
}
}
- params = SMB_REALLOC(*pparams,2);
- if (params == NULL) {
+ *pparams = SMB_REALLOC(*pparams,2);
+ if (*pparams == NULL) {
talloc_destroy(ea_ctx);
return ERROR_NT(NT_STATUS_NO_MEMORY);
}
- *pparams = params;
+ params = *pparams;
SSVAL(params,0,0);
data_size = max_data_bytes + DIR_ENTRY_SAFETY_MARGIN;
- pdata = SMB_REALLOC(*ppdata, data_size);
- if ( pdata == NULL ) {
+ *ppdata = SMB_REALLOC(*ppdata, data_size);
+ if (*ppdata == NULL ) {
talloc_destroy(ea_ctx);
return ERROR_NT(NT_STATUS_NO_MEMORY);
}
- *ppdata = pdata;
+ pdata = *ppdata;
c_time = get_create_time(&sbuf,lp_fake_dir_create_times(SNUM(conn)));
@@ -3683,11 +3682,11 @@ static int call_trans2setfilepathinfo(connection_struct *conn, char *inbuf, char
tran_call,fname, fsp ? fsp->fnum : -1, info_level,total_data));
/* Realloc the parameter size */
- params = SMB_REALLOC(*pparams,2);
- if(params == NULL) {
+ *pparams = SMB_REALLOC(*pparams,2);
+ if (*pparams == NULL) {
return ERROR_NT(NT_STATUS_NO_MEMORY);
}
- *pparams = params;
+ params = *pparams;
SSVAL(params,0,0);
@@ -4543,11 +4542,11 @@ static int call_trans2mkdir(connection_struct *conn, char *inbuf, char *outbuf,
}
/* Realloc the parameter and data sizes */
- params = SMB_REALLOC(*pparams,2);
- if(params == NULL) {
+ *pparams = SMB_REALLOC(*pparams,2);
+ if(*pparams == NULL) {
return ERROR_NT(NT_STATUS_NO_MEMORY);
}
- *pparams = params;
+ params = *pparams;
SSVAL(params,0,0);
@@ -4585,11 +4584,11 @@ static int call_trans2findnotifyfirst(connection_struct *conn, char *inbuf, char
}
/* Realloc the parameter and data sizes */
- params = SMB_REALLOC(*pparams,6);
- if(params == NULL) {
+ *pparams = SMB_REALLOC(*pparams,6);
+ if (*pparams == NULL) {
return ERROR_NT(NT_STATUS_NO_MEMORY);
}
- *pparams = params;
+ params = *pparams;
SSVAL(params,0,fnf_handle);
SSVAL(params,2,0); /* No changes */
@@ -4619,11 +4618,11 @@ static int call_trans2findnotifynext(connection_struct *conn, char *inbuf, char
DEBUG(3,("call_trans2findnotifynext\n"));
/* Realloc the parameter and data sizes */
- params = SMB_REALLOC(*pparams,4);
- if(params == NULL) {
+ *pparams = SMB_REALLOC(*pparams,4);
+ if (*pparams == NULL) {
return ERROR_NT(NT_STATUS_NO_MEMORY);
}
- *pparams = params;
+ params = *pparams;
SSVAL(params,0,0); /* No changes */
SSVAL(params,2,0); /* No EA errors */
@@ -4688,11 +4687,11 @@ static int call_trans2ioctl(connection_struct *conn, char* inbuf, char* outbuf,
if ((SVAL(inbuf,(smb_setup+4)) == LMCAT_SPL) &&
(SVAL(inbuf,(smb_setup+6)) == LMFUNC_GETJOBID)) {
- pdata = SMB_REALLOC(*ppdata, 32);
- if(pdata == NULL) {
+ *ppdata = SMB_REALLOC(*ppdata, 32);
+ if (*ppdata == NULL) {
return ERROR_NT(NT_STATUS_NO_MEMORY);
}
- *ppdata = pdata;
+ pdata = *ppdata;
/* NOTE - THIS IS ASCII ONLY AT THE MOMENT - NOT SURE IF OS/2
CAN ACCEPT THIS IN UNICODE. JRA. */
diff --git a/source3/tdb/tdbutil.c b/source3/tdb/tdbutil.c
index 5301100632..09baff072f 100644
--- a/source3/tdb/tdbutil.c
+++ b/source3/tdb/tdbutil.c
@@ -495,21 +495,24 @@ BOOL tdb_pack_append(TALLOC_CTX *mem_ctx, uint8 **buf, size_t *len,
len1 = tdb_pack_va(NULL, 0, fmt, ap);
va_end(ap);
- if (mem_ctx != NULL)
+ if (mem_ctx != NULL) {
*buf = TALLOC_REALLOC_ARRAY(mem_ctx, *buf, uint8,
(*len) + len1);
- else
+ } else {
*buf = SMB_REALLOC_ARRAY(*buf, uint8, (*len) + len1);
+ }
- if (*buf == NULL)
+ if (*buf == NULL) {
return False;
+ }
va_start(ap, fmt);
len2 = tdb_pack_va((char *)(*buf)+(*len), len1, fmt, ap);
va_end(ap);
- if (len1 != len2)
+ if (len1 != len2) {
return False;
+ }
*len += len2;
diff --git a/source3/torture/nsstest.c b/source3/torture/nsstest.c
index 585a592bdc..d2b17f0f63 100644
--- a/source3/torture/nsstest.c
+++ b/source3/torture/nsstest.c
@@ -174,6 +174,9 @@ again:
if (status == NSS_STATUS_TRYAGAIN) {
buflen *= 2;
buf = SMB_REALLOC(buf, buflen);
+ if (!buf) {
+ return NULL;
+ }
goto again;
}
if (status == NSS_STATUS_NOTFOUND) {
@@ -205,6 +208,9 @@ again:
if (status == NSS_STATUS_TRYAGAIN) {
buflen *= 2;
buf = SMB_REALLOC(buf, buflen);
+ if (!buf) {
+ return NULL;
+ }
goto again;
}
if (status == NSS_STATUS_NOTFOUND) {
@@ -237,6 +243,9 @@ again:
if (status == NSS_STATUS_TRYAGAIN) {
buflen *= 2;
buf = SMB_REALLOC(buf, buflen);
+ if (!buf) {
+ return NULL;
+ }
goto again;
}
if (status == NSS_STATUS_NOTFOUND) {
diff --git a/source3/utils/net_rpc.c b/source3/utils/net_rpc.c
index 0cedbd78ab..ada246e117 100644
--- a/source3/utils/net_rpc.c
+++ b/source3/utils/net_rpc.c
@@ -4094,6 +4094,9 @@ static void add_sid_to_token(NT_USER_TOKEN *token, DOM_SID *sid)
return;
token->user_sids = SMB_REALLOC_ARRAY(token->user_sids, DOM_SID, token->num_sids+1);
+ if (!token->user_sids) {
+ return;
+ }
sid_copy(&token->user_sids[token->num_sids], sid);
@@ -4477,6 +4480,10 @@ static void collect_share(const char *name, uint32 m,
share_list->num_shares += 1;
share_list->shares = SMB_REALLOC_ARRAY(share_list->shares, char *, share_list->num_shares);
+ if (!share_list->shares) {
+ share_list->num_shares = 0;
+ return;
+ }
share_list->shares[share_list->num_shares-1] = SMB_STRDUP(name);
}
diff --git a/source3/utils/net_rpc_samsync.c b/source3/utils/net_rpc_samsync.c
index 05ff28ad65..d5fc4b5c58 100644
--- a/source3/utils/net_rpc_samsync.c
+++ b/source3/utils/net_rpc_samsync.c
@@ -1820,6 +1820,8 @@ static NTSTATUS fetch_database_to_ldif(struct rpc_pipe_client *pipe_hnd,
num_deltas+num_alloced);
if (groupmap == NULL || accountmap == NULL) {
DEBUG(1,("GROUPMAP malloc failed\n"));
+ SAFE_FREE(groupmap);
+ SAFE_FREE(accountmap);
return NT_STATUS_NO_MEMORY;
}
diff --git a/source3/utils/net_status.c b/source3/utils/net_status.c
index d3b1bae276..d85bd27b16 100644
--- a/source3/utils/net_status.c
+++ b/source3/utils/net_status.c
@@ -130,6 +130,10 @@ static int collect_pid(TDB_CONTEXT *tdb, TDB_DATA kbuf, TDB_DATA dbuf,
ids->num_entries += 1;
ids->entries = SMB_REALLOC_ARRAY(ids->entries, struct sessionid, ids->num_entries);
+ if (!ids->entries) {
+ ids->num_entries = 0;
+ return 0;
+ }
ids->entries[ids->num_entries-1] = sessionid;
return 0;
diff --git a/source3/web/cgi.c b/source3/web/cgi.c
index d1cd38eb51..b764b6d628 100644
--- a/source3/web/cgi.c
+++ b/source3/web/cgi.c
@@ -59,7 +59,7 @@ static char *grab_line(FILE *f, int *cl)
char *ret2;
if (len == 0) len = 1024;
else len *= 2;
- ret2 = (char *)SMB_REALLOC(ret, len);
+ ret2 = (char *)SMB_REALLOC_KEEP_OLD_ON_ERROR(ret, len);
if (!ret2) return ret;
ret = ret2;
}