diff options
55 files changed, 562 insertions, 481 deletions
diff --git a/source3/client/client.c b/source3/client/client.c index 403074b22b..0126e17c5b 100644 --- a/source3/client/client.c +++ b/source3/client/client.c @@ -463,19 +463,17 @@ static void adjust_do_list_queue(void) static void add_to_do_list_queue(const char* entry) { - char *dlq; long new_end = do_list_queue_end + ((long)strlen(entry)) + 1; while (new_end > do_list_queue_size) { do_list_queue_size *= 2; DEBUG(4,("enlarging do_list_queue to %d\n", (int)do_list_queue_size)); - dlq = SMB_REALLOC(do_list_queue, do_list_queue_size); - if (! dlq) { + do_list_queue = SMB_REALLOC(do_list_queue, do_list_queue_size); + if (! do_list_queue) { d_printf("failure enlarging do_list_queue to %d bytes\n", (int)do_list_queue_size); reset_do_list_queue(); } else { - do_list_queue = dlq; memset(do_list_queue + do_list_queue_size / 2, 0, do_list_queue_size / 2); } diff --git a/source3/client/clitar.c b/source3/client/clitar.c index cd0ce27eb5..ff9bc1f0fb 100644 --- a/source3/client/clitar.c +++ b/source3/client/clitar.c @@ -1510,16 +1510,13 @@ static int read_inclusion_file(char *filename) } if ((strlen(buf) + 1 + inclusion_buffer_sofar) >= inclusion_buffer_size) { - char *ib; inclusion_buffer_size *= 2; - ib = SMB_REALLOC(inclusion_buffer,inclusion_buffer_size); - if (! ib) { + inclusion_buffer = SMB_REALLOC(inclusion_buffer,inclusion_buffer_size); + if (!inclusion_buffer) { DEBUG(0,("failure enlarging inclusion buffer to %d bytes\n", inclusion_buffer_size)); error = 1; break; - } else { - inclusion_buffer = ib; } } diff --git a/source3/client/smbctool.c b/source3/client/smbctool.c index c368f7a193..6c89f5ea82 100644 --- a/source3/client/smbctool.c +++ b/source3/client/smbctool.c @@ -544,19 +544,17 @@ static void adjust_do_list_queue(void) static void add_to_do_list_queue(const char* entry) { - char *dlq; long new_end = do_list_queue_end + ((long)strlen(entry)) + 1; while (new_end > do_list_queue_size) { do_list_queue_size *= 2; DEBUG(4,("enlarging do_list_queue to %d\n", (int)do_list_queue_size)); - dlq = SMB_REALLOC(do_list_queue, do_list_queue_size); - if (! dlq) { + do_list_queue = SMB_REALLOC(do_list_queue, do_list_queue_size); + if (!do_list_queue) { d_printf("failure enlarging do_list_queue to %d bytes\n", (int)do_list_queue_size); reset_do_list_queue(); } else { - do_list_queue = dlq; memset(do_list_queue + do_list_queue_size / 2, 0, do_list_queue_size / 2); } diff --git a/source3/groupdb/mapping.c b/source3/groupdb/mapping.c index 4aa1c627b7..5ebc9eb4f5 100644 --- a/source3/groupdb/mapping.c +++ b/source3/groupdb/mapping.c @@ -477,14 +477,13 @@ static BOOL enum_group_mapping(enum SID_NAME_USE sid_name_use, GROUP_MAP **pp_rm "type %s\n", map.nt_name, sid_type_lookup(map.sid_name_use))); - mapt= SMB_REALLOC_ARRAY((*pp_rmap), GROUP_MAP, entries+1); - if (!mapt) { + (*pp_rmap) = SMB_REALLOC_ARRAY((*pp_rmap), GROUP_MAP, entries+1); + if (!(*pp_rmap)) { DEBUG(0,("enum_group_mapping: Unable to enlarge group map!\n")); - SAFE_FREE(*pp_rmap); return False; } - else - (*pp_rmap) = mapt; + + mapt = (*pp_rmap); mapt[entries].gid = map.gid; sid_copy( &mapt[entries].sid, &map.sid); diff --git a/source3/include/smb_macros.h b/source3/include/smb_macros.h index 41eac7e994..6c9ab017ba 100644 --- a/source3/include/smb_macros.h +++ b/source3/include/smb_macros.h @@ -271,8 +271,10 @@ copy an IP address from one buffer to another *****************************************************************************/ #define SMB_MALLOC_ARRAY(type,count) (type *)malloc_array(sizeof(type),(count)) -#define SMB_REALLOC(p,s) Realloc((p),(s)) -#define SMB_REALLOC_ARRAY(p,type,count) (type *)realloc_array((p),sizeof(type),(count)) +#define SMB_REALLOC(p,s) Realloc((p),(s),True) /* Always frees p on error or s == 0 */ +#define SMB_REALLOC_KEEP_OLD_ON_ERROR(p,s) Realloc((p),(s),False) /* Never frees p on error or s == 0 */ +#define SMB_REALLOC_ARRAY(p,type,count) (type *)realloc_array((p),sizeof(type),(count),True) /* Always frees p on error or s == 0 */ +#define SMB_REALLOC_ARRAY_KEEP_OLD_ON_ERROR(p,type,count) (type *)realloc_array((p),sizeof(type),(count),False) /* Always frees p on error or s == 0 */ #define SMB_CALLOC_ARRAY(type,count) (type *)calloc_array(sizeof(type),(count)) #define SMB_XMALLOC_P(type) (type *)smb_xmalloc_array(sizeof(type),1) #define SMB_XMALLOC_ARRAY(type,count) (type *)smb_xmalloc_array(sizeof(type),(count)) diff --git a/source3/lib/charcnv.c b/source3/lib/charcnv.c index c4eeab135e..ae04fd9ffb 100644 --- a/source3/lib/charcnv.c +++ b/source3/lib/charcnv.c @@ -537,19 +537,17 @@ size_t convert_string_allocate(TALLOC_CTX *ctx, charset_t from, charset_t to, destlen = destlen * 2; } - if (ctx) + if (ctx) { ob = (char *)TALLOC_REALLOC(ctx, ob, destlen); - else + } else { ob = (char *)SMB_REALLOC(ob, destlen); + } if (!ob) { DEBUG(0, ("convert_string_allocate: realloc failed!\n")); - if (!ctx) - SAFE_FREE(outbuf); return (size_t)-1; - } else { - outbuf = ob; } + outbuf = ob; i_len = srclen; o_len = destlen; @@ -587,17 +585,18 @@ size_t convert_string_allocate(TALLOC_CTX *ctx, charset_t from, charset_t to, out: destlen = destlen - o_len; - if (ctx) - *dest = (char *)TALLOC_REALLOC(ctx,ob,destlen); - else - *dest = (char *)SMB_REALLOC(ob,destlen); - if (destlen && !*dest) { + if (ctx) { + ob = (char *)TALLOC_REALLOC(ctx,ob,destlen); + } else { + ob = (char *)SMB_REALLOC(ob,destlen); + } + + if (destlen && !ob) { DEBUG(0, ("convert_string_allocate: out of memory!\n")); - if (!ctx) - SAFE_FREE(ob); return (size_t)-1; } + *dest = ob; return destlen; use_as_is: diff --git a/source3/lib/ldap_escape.c b/source3/lib/ldap_escape.c index 6c4e8b8c83..3feb0e0c44 100644 --- a/source3/lib/ldap_escape.c +++ b/source3/lib/ldap_escape.c @@ -37,7 +37,6 @@ char *escape_ldap_string_alloc(const char *s) { size_t len = strlen(s)+1; char *output = SMB_MALLOC(len); - char *output_tmp; const char *sub; int i = 0; char *p = output; @@ -65,12 +64,10 @@ char *escape_ldap_string_alloc(const char *s) if (sub) { len = len + 3; - output_tmp = SMB_REALLOC(output, len); - if (!output_tmp) { - SAFE_FREE(output); + output = SMB_REALLOC(output, len); + if (!output) { return NULL; } - output = output_tmp; p = &output[i]; strncpy (p, sub, 3); diff --git a/source3/lib/sysacls.c b/source3/lib/sysacls.c index e7bd288f6e..61975264fd 100644 --- a/source3/lib/sysacls.c +++ b/source3/lib/sysacls.c @@ -689,12 +689,8 @@ char *sys_acl_to_text(SMB_ACL_T acl_d, ssize_t *len_p) * for each entry still to be processed */ if ((len + nbytes) > maxlen) { - char *oldtext = text; - maxlen += nbytes + 20 * (acl_d->count - i); - - if ((text = SMB_REALLOC(oldtext, maxlen)) == NULL) { - SAFE_FREE(oldtext); + if ((text = SMB_REALLOC(text, maxlen)) == NULL) { errno = ENOMEM; return NULL; } @@ -1320,11 +1316,8 @@ char *sys_acl_to_text(SMB_ACL_T acl_d, ssize_t *len_p) * for each entry still to be processed */ if ((len + nbytes) > maxlen) { - char *oldtext = text; - maxlen += nbytes + 20 * (acl_d->count - i); - - if ((text = SMB_REALLOC(oldtext, maxlen)) == NULL) { + if ((text = SMB_REALLOC(text, maxlen)) == NULL) { free(oldtext); errno = ENOMEM; return NULL; diff --git a/source3/lib/system_smbd.c b/source3/lib/system_smbd.c index 081a07c019..c627ae6270 100644 --- a/source3/lib/system_smbd.c +++ b/source3/lib/system_smbd.c @@ -166,15 +166,10 @@ BOOL getgroups_unix_user(TALLOC_CTX *mem_ctx, const char *user, } if (sys_getgrouplist(user, primary_gid, temp_groups, &max_grp) == -1) { - gid_t *groups_tmp; - - groups_tmp = SMB_REALLOC_ARRAY(temp_groups, gid_t, max_grp); - - if (!groups_tmp) { - SAFE_FREE(temp_groups); + temp_groups = SMB_REALLOC_ARRAY(temp_groups, gid_t, max_grp); + if (!temp_groups) { return False; } - temp_groups = groups_tmp; if (sys_getgrouplist(user, primary_gid, temp_groups, &max_grp) == -1) { diff --git a/source3/lib/util.c b/source3/lib/util.c index d4443a6480..758ebfd27d 100644 --- a/source3/lib/util.c +++ b/source3/lib/util.c @@ -291,13 +291,15 @@ void add_gid_to_array_unique(TALLOC_CTX *mem_ctx, gid_t gid, return; } - if (mem_ctx != NULL) + if (mem_ctx != NULL) { *gids = TALLOC_REALLOC_ARRAY(mem_ctx, *gids, gid_t, *num_gids+1); - else + } else { *gids = SMB_REALLOC_ARRAY(*gids, gid_t, *num_gids+1); + } - if (*gids == NULL) + if (*gids == NULL) { return; + } (*gids)[*num_gids] = gid; *num_gids += 1; @@ -342,14 +344,10 @@ const char *get_numlist(const char *p, uint32 **num, int *count) (*num ) = NULL; while ((p = Atoic(p, &val, ":,")) != NULL && (*p) != ':') { - uint32 *tn; - - tn = SMB_REALLOC_ARRAY((*num), uint32, (*count)+1); - if (tn == NULL) { - SAFE_FREE(*num); + *num = SMB_REALLOC_ARRAY((*num), uint32, (*count)+1); + if (!(*num)) { return NULL; - } else - (*num) = tn; + } (*num)[(*count)] = val; (*count)++; p++; @@ -941,32 +939,68 @@ void *calloc_array(size_t size, size_t nmemb) /**************************************************************************** Expand a pointer to be a particular size. + Note that this version of Realloc has an extra parameter that decides + whether to free the passed in storage on allocation failure or if the + new size is zero. + + This is designed for use in the typical idiom of : + + p = SMB_REALLOC(p, size) + if (!p) { + return error; + } + + and not to have to keep track of the old 'p' contents to free later, nor + to worry if the size parameter was zero. In the case where NULL is returned + we guarentee that p has been freed. + + If free later semantics are desired, then pass 'free_old_on_error' as False which + guarentees that the old contents are not freed on error, even if size == 0. To use + this idiom use : + + tmp = SMB_REALLOC_KEEP_OLD_ON_ERROR(p, size); + if (!tmp) { + SAFE_FREE(p); + return error; + } else { + p = tmp; + } + + Changes were instigated by Coverity error checking. JRA. ****************************************************************************/ -void *Realloc(void *p,size_t size) +void *Realloc(void *p, size_t size, BOOL free_old_on_error) { void *ret=NULL; if (size == 0) { - SAFE_FREE(p); - DEBUG(5,("Realloc asked for 0 bytes\n")); + if (free_old_on_error) { + SAFE_FREE(p); + } + DEBUG(2,("Realloc asked for 0 bytes\n")); return NULL; } #if defined(PARANOID_MALLOC_CHECKER) - if (!p) + if (!p) { ret = (void *)malloc_(size); - else + } else { ret = (void *)realloc_(p,size); + } #else - if (!p) + if (!p) { ret = (void *)malloc(size); - else + } else { ret = (void *)realloc(p,size); + } #endif - if (!ret) + if (!ret) { + if (free_old_on_error && p) { + SAFE_FREE(p); + } DEBUG(0,("Memory allocation error: failed to expand to %d bytes\n",(int)size)); + } return(ret); } @@ -975,23 +1009,28 @@ void *Realloc(void *p,size_t size) Type-safe realloc. ****************************************************************************/ -void *realloc_array(void *p,size_t el_size, unsigned int count) +void *realloc_array(void *p, size_t el_size, unsigned int count, BOOL keep_old_on_error) { if (count >= MAX_ALLOC_SIZE/el_size) { + if (!keep_old_on_error) { + SAFE_FREE(p); + } return NULL; } - return Realloc(p,el_size*count); + return Realloc(p, el_size*count, keep_old_on_error); } /**************************************************************************** - (Hopefully) efficient array append + (Hopefully) efficient array append. ****************************************************************************/ + void add_to_large_array(TALLOC_CTX *mem_ctx, size_t element_size, void *element, void **array, uint32 *num_elements, ssize_t *array_size) { - if (*array_size < 0) + if (*array_size < 0) { return; + } if (*array == NULL) { if (*array_size == 0) { @@ -1002,13 +1041,15 @@ void add_to_large_array(TALLOC_CTX *mem_ctx, size_t element_size, goto error; } - if (mem_ctx != NULL) + if (mem_ctx != NULL) { *array = TALLOC(mem_ctx, element_size * (*array_size)); - else + } else { *array = SMB_MALLOC(element_size * (*array_size)); + } - if (*array == NULL) + if (*array == NULL) { goto error; + } } if (*num_elements == *array_size) { @@ -1018,15 +1059,17 @@ void add_to_large_array(TALLOC_CTX *mem_ctx, size_t element_size, goto error; } - if (mem_ctx != NULL) + if (mem_ctx != NULL) { *array = TALLOC_REALLOC(mem_ctx, *array, element_size * (*array_size)); - else + } else { *array = SMB_REALLOC(*array, element_size * (*array_size)); + } - if (*array == NULL) + if (*array == NULL) { goto error; + } } memcpy((char *)(*array) + element_size*(*num_elements), diff --git a/source3/lib/util_file.c b/source3/lib/util_file.c index 53a9bc9b41..06008886c0 100644 --- a/source3/lib/util_file.c +++ b/source3/lib/util_file.c @@ -322,16 +322,11 @@ char *fgets_slash(char *s2,int maxlen,XFILE *f) } if (!s2 && len > maxlen-3) { - char *t; - maxlen *= 2; - t = (char *)SMB_REALLOC(s,maxlen); - if (!t) { + s = (char *)SMB_REALLOC(s,maxlen); + if (!s) { DEBUG(0,("fgets_slash: failed to expand buffer!\n")); - SAFE_FREE(s); return(NULL); - } else { - s = t; } } } @@ -345,7 +340,7 @@ char *fgets_slash(char *s2,int maxlen,XFILE *f) char *file_pload(char *syscmd, size_t *size) { int fd, n; - char *p, *tp; + char *p; pstring buf; size_t total; @@ -358,19 +353,19 @@ char *file_pload(char *syscmd, size_t *size) total = 0; while ((n = read(fd, buf, sizeof(buf))) > 0) { - tp = SMB_REALLOC(p, total + n + 1); - if (!tp) { + p = SMB_REALLOC(p, total + n + 1); + if (!p) { DEBUG(0,("file_pload: failed to expand buffer!\n")); close(fd); - SAFE_FREE(p); return NULL; - } else { - p = tp; } memcpy(p+total, buf, n); total += n; } - if (p) p[total] = 0; + + if (p) { + p[total] = 0; + } /* FIXME: Perhaps ought to check that the command completed * successfully (returned 0); if not the data may be diff --git a/source3/lib/util_sid.c b/source3/lib/util_sid.c index c7f9dc2fdb..3be52dd9f7 100644 --- a/source3/lib/util_sid.c +++ b/source3/lib/util_sid.c @@ -563,14 +563,16 @@ DOM_SID *sid_dup_talloc(TALLOC_CTX *ctx, const DOM_SID *src) void add_sid_to_array(TALLOC_CTX *mem_ctx, const DOM_SID *sid, DOM_SID **sids, size_t *num) { - if (mem_ctx != NULL) + if (mem_ctx != NULL) { *sids = TALLOC_REALLOC_ARRAY(mem_ctx, *sids, DOM_SID, (*num)+1); - else + } else { *sids = SMB_REALLOC_ARRAY(*sids, DOM_SID, (*num)+1); + } - if (*sids == NULL) + if (*sids == NULL) { return; + } sid_copy(&((*sids)[*num]), sid); *num += 1; diff --git a/source3/lib/util_str.c b/source3/lib/util_str.c index e799556cd1..f1ae9a472a 100644 --- a/source3/lib/util_str.c +++ b/source3/lib/util_str.c @@ -1049,14 +1049,13 @@ char *realloc_string_sub(char *string, const char *pattern, while ((p = strstr_m(s,pattern))) { if (ld > 0) { int offset = PTR_DIFF(s,string); - char *t = SMB_REALLOC(string, ls + ld + 1); - if (!t) { + string = SMB_REALLOC(string, ls + ld + 1); + if (!string) { DEBUG(0, ("realloc_string_sub: out of memory!\n")); SAFE_FREE(in); return NULL; } - string = t; - p = t + offset + (p - s); + p = string + offset + (p - s); } if (li != lp) { memmove(p+li,p+lp,strlen(p+lp)+1); @@ -1119,15 +1118,14 @@ char *talloc_string_sub(TALLOC_CTX *mem_ctx, const char *src, while ((p = strstr_m(s,pattern))) { if (ld > 0) { int offset = PTR_DIFF(s,string); - char *t = TALLOC_REALLOC(mem_ctx, string, ls + ld + 1); - if (!t) { + string = TALLOC_REALLOC(mem_ctx, string, ls + ld + 1); + if (!string) { DEBUG(0, ("talloc_string_sub: out of " "memory!\n")); SAFE_FREE(in); return NULL; } - string = t; - p = t + offset + (p - s); + p = string + offset + (p - s); } if (li != lp) { memmove(p+li,p+lp,strlen(p+lp)+1); @@ -1703,7 +1701,9 @@ static char **str_list_make_internal(TALLOC_CTX *mem_ctx, const char *string, co if (mem_ctx) { rlist = TALLOC_REALLOC_ARRAY(mem_ctx, list, char *, lsize +1); } else { - rlist = SMB_REALLOC_ARRAY(list, char *, lsize +1); + /* We need to keep the old list on error so we can free the elements + if the realloc fails. */ + rlist = SMB_REALLOC_ARRAY_KEEP_OLD_ON_ERROR(list, char *, lsize +1); } if (!rlist) { DEBUG(0,("str_list_make: Unable to allocate memory")); @@ -1714,8 +1714,9 @@ static char **str_list_make_internal(TALLOC_CTX *mem_ctx, const char *string, co SAFE_FREE(s); } return NULL; - } else + } else { list = rlist; + } memset (&list[num], 0, ((sizeof(char**)) * (S_LIST_ABS +1))); } @@ -1773,7 +1774,7 @@ BOOL str_list_copy(char ***dest, const char **src) while (src[num]) { if (num == lsize) { lsize += S_LIST_ABS; - rlist = SMB_REALLOC_ARRAY(list, char *, lsize +1); + rlist = SMB_REALLOC_ARRAY_KEEP_OLD_ON_ERROR(list, char *, lsize +1); if (!rlist) { DEBUG(0,("str_list_copy: Unable to re-allocate memory")); str_list_free(&list); @@ -2266,8 +2267,9 @@ void string_append(char **left, const char *right) *left = SMB_REALLOC(*left, new_len); } - if (*left == NULL) + if (*left == NULL) { return; + } safe_strcat(*left, right, new_len-1); } @@ -2334,14 +2336,16 @@ void sprintf_append(TALLOC_CTX *mem_ctx, char **string, ssize_t *len, } if (increased) { - if (mem_ctx != NULL) + if (mem_ctx != NULL) { *string = TALLOC_REALLOC_ARRAY(mem_ctx, *string, char, *bufsize); - else + } else { *string = SMB_REALLOC_ARRAY(*string, char, *bufsize); + } - if (*string == NULL) + if (*string == NULL) { goto error; + } } StrnCpy((*string)+(*len), newstr, ret); diff --git a/source3/lib/wins_srv.c b/source3/lib/wins_srv.c index c139f427ca..dbe4fceacc 100644 --- a/source3/lib/wins_srv.c +++ b/source3/lib/wins_srv.c @@ -245,6 +245,9 @@ char **wins_srv_tags(void) /* add it to the list */ ret = SMB_REALLOC_ARRAY(ret, char *, count+2); + if (!ret) { + return NULL; + } ret[count] = SMB_STRDUP(t_ip.tag); if (!ret[count]) break; count++; diff --git a/source3/libsmb/asn1.c b/source3/libsmb/asn1.c index 0999840794..072fd30283 100644 --- a/source3/libsmb/asn1.c +++ b/source3/libsmb/asn1.c @@ -31,14 +31,11 @@ BOOL asn1_write(ASN1_DATA *data, const void *p, int len) { if (data->has_error) return False; if (data->length < data->ofs+len) { - uint8 *newp; - newp = SMB_REALLOC(data->data, data->ofs+len); - if (!newp) { - SAFE_FREE(data->data); + data->data = SMB_REALLOC(data->data, data->ofs+len); + if (!data->data) { data->has_error = True; return False; } - data->data = newp; data->length = data->ofs+len; } memcpy(data->data + data->ofs, p, len); diff --git a/source3/libsmb/clilist.c b/source3/libsmb/clilist.c index 252dafcfa8..1bd30c36e3 100644 --- a/source3/libsmb/clilist.c +++ b/source3/libsmb/clilist.c @@ -179,7 +179,7 @@ int cli_list_new(struct cli_state *cli,const char *Mask,uint16 attribute, pstring mask; file_info finfo; int i; - char *tdl, *dirlist = NULL; + char *dirlist = NULL; int dirlist_len = 0; int total_received = -1; BOOL First = True; @@ -338,15 +338,13 @@ int cli_list_new(struct cli_state *cli,const char *Mask,uint16 attribute, /* grab the data for later use */ /* and add them to the dirlist pool */ - tdl = SMB_REALLOC(dirlist,dirlist_len + data_len); + dirlist = SMB_REALLOC(dirlist,dirlist_len + data_len); - if (!tdl) { + if (!dirlist) { DEBUG(0,("cli_list_new: Failed to expand dirlist\n")); SAFE_FREE(rdata); SAFE_FREE(rparam); break; - } else { - dirlist = tdl; } memcpy(dirlist+dirlist_len,p,data_len); @@ -421,7 +419,7 @@ int cli_list_old(struct cli_state *cli,const char *Mask,uint16 attribute, int num_asked = (cli->max_xmit - 100)/DIR_STRUCT_SIZE; int num_received = 0; int i; - char *tdl, *dirlist = NULL; + char *dirlist = NULL; pstring mask; ZERO_ARRAY(status); @@ -466,14 +464,11 @@ int cli_list_old(struct cli_state *cli,const char *Mask,uint16 attribute, first = False; - tdl = SMB_REALLOC(dirlist,(num_received + received)*DIR_STRUCT_SIZE); - - if (!tdl) { + dirlist = SMB_REALLOC(dirlist,(num_received + received)*DIR_STRUCT_SIZE); + if (!dirlist) { DEBUG(0,("cli_list_old: failed to expand dirlist")); - SAFE_FREE(dirlist); return 0; } - else dirlist = tdl; p = smb_buf(cli->inbuf) + 3; diff --git a/source3/libsmb/clireadwrite.c b/source3/libsmb/clireadwrite.c index a080bd3c64..650822bf8e 100644 --- a/source3/libsmb/clireadwrite.c +++ b/source3/libsmb/clireadwrite.c @@ -262,9 +262,14 @@ static BOOL cli_issue_write(struct cli_state *cli, int fnum, off_t offset, if (size > cli->bufsize) { cli->outbuf = SMB_REALLOC(cli->outbuf, size + 1024); + if (!cli->outbuf) { + return False; + } cli->inbuf = SMB_REALLOC(cli->inbuf, size + 1024); - if (cli->outbuf == NULL || cli->inbuf == NULL) + if (cli->inbuf == NULL) { + SAFE_FREE(cli->outbuf); return False; + } cli->bufsize = size + 1024; } diff --git a/source3/libsmb/clitrans.c b/source3/libsmb/clitrans.c index 5d3710b92e..8296f7e94c 100644 --- a/source3/libsmb/clitrans.c +++ b/source3/libsmb/clitrans.c @@ -169,8 +169,6 @@ BOOL cli_receive_trans(struct cli_state *cli,int trans, unsigned int total_param=0; unsigned int this_data,this_param; NTSTATUS status; - char *tdata; - char *tparam; *data_len = *param_len = 0; @@ -209,25 +207,21 @@ BOOL cli_receive_trans(struct cli_state *cli,int trans, /* allocate it */ if (total_data!=0) { - tdata = SMB_REALLOC(*data,total_data); - if (!tdata) { + *data = SMB_REALLOC(*data,total_data); + if (!(*data)) { DEBUG(0,("cli_receive_trans: failed to enlarge data buffer\n")); cli_signing_trans_stop(cli); return False; } - else - *data = tdata; } if (total_param!=0) { - tparam = SMB_REALLOC(*param,total_param); - if (!tparam) { + *param = SMB_REALLOC(*param,total_param); + if (!(*param)) { DEBUG(0,("cli_receive_trans: failed to enlarge param buffer\n")); cli_signing_trans_stop(cli); return False; } - else - *param = tparam; } for (;;) { @@ -476,8 +470,6 @@ BOOL cli_receive_nt_trans(struct cli_state *cli, unsigned int this_data,this_param; uint8 eclass; uint32 ecode; - char *tdata; - char *tparam; *data_len = *param_len = 0; @@ -526,24 +518,20 @@ BOOL cli_receive_nt_trans(struct cli_state *cli, /* allocate it */ if (total_data) { - tdata = SMB_REALLOC(*data,total_data); - if (!tdata) { + *data = SMB_REALLOC(*data,total_data); + if (!(*data)) { DEBUG(0,("cli_receive_nt_trans: failed to enlarge data buffer to %d\n",total_data)); cli_signing_trans_stop(cli); return False; - } else { - *data = tdata; } } if (total_param) { - tparam = SMB_REALLOC(*param,total_param); - if (!tparam) { + *param = SMB_REALLOC(*param,total_param); + if (!(*param)) { DEBUG(0,("cli_receive_nt_trans: failed to enlarge param buffer to %d\n", total_param)); cli_signing_trans_stop(cli); return False; - } else { - *param = tparam; } } diff --git a/source3/libsmb/namequery.c b/source3/libsmb/namequery.c index f78c368eb8..c721a9deff 100644 --- a/source3/libsmb/namequery.c +++ b/source3/libsmb/namequery.c @@ -501,7 +501,6 @@ struct in_addr *name_query(int fd,const char *name,int name_type, while (1) { struct timeval tval2; - struct in_addr *tmp_ip_list; GetTimeOfDay(&tval2); if (TvalDiff(&tval,&tval2) > retry_time) { @@ -566,27 +565,22 @@ struct in_addr *name_query(int fd,const char *name,int name_type, continue; } - tmp_ip_list = SMB_REALLOC_ARRAY( ip_list, struct in_addr, + ip_list = SMB_REALLOC_ARRAY( ip_list, struct in_addr, (*count) + nmb2->answers->rdlength/6 ); - if (!tmp_ip_list) { + if (!ip_list) { DEBUG(0,("name_query: Realloc failed.\n")); - SAFE_FREE(ip_list); free_packet(p2); return( NULL ); } - ip_list = tmp_ip_list; - - if (ip_list) { - DEBUG(2,("Got a positive name query response from %s ( ", inet_ntoa(p2->ip))); - for (i=0;i<nmb2->answers->rdlength/6;i++) { - putip((char *)&ip_list[(*count)],&nmb2->answers->rdata[2+i*6]); - DEBUGADD(2,("%s ",inet_ntoa(ip_list[(*count)]))); - (*count)++; - } - DEBUGADD(2,(")\n")); + DEBUG(2,("Got a positive name query response from %s ( ", inet_ntoa(p2->ip))); + for (i=0;i<nmb2->answers->rdlength/6;i++) { + putip((char *)&ip_list[(*count)],&nmb2->answers->rdata[2+i*6]); + DEBUGADD(2,("%s ",inet_ntoa(ip_list[(*count)]))); + (*count)++; } + DEBUGADD(2,(")\n")); found=True; retries=0; diff --git a/source3/libsmb/spnego.c b/source3/libsmb/spnego.c index f6a66200ba..a2839578ae 100644 --- a/source3/libsmb/spnego.c +++ b/source3/libsmb/spnego.c @@ -48,6 +48,10 @@ static BOOL read_negTokenInit(ASN1_DATA *asn1, negTokenInit_t *token) char *p_oid = NULL; token->mechTypes = SMB_REALLOC_ARRAY(token->mechTypes, const char *, i + 2); + if (!token->mechTypes) { + asn1->has_error = True; + return False; + } asn1_read_OID(asn1, &p_oid); token->mechTypes[i] = p_oid; } diff --git a/source3/locking/brlock.c b/source3/locking/brlock.c index 25a1ed5e2f..8af6effb19 100644 --- a/source3/locking/brlock.c +++ b/source3/locking/brlock.c @@ -354,7 +354,6 @@ NTSTATUS brl_lock(SMB_DEV_T dev, SMB_INO_T ino, int fnum, TDB_DATA kbuf, dbuf; int count, i; struct lock_struct lock, *locks; - char *tp; NTSTATUS status = NT_STATUS_OK; *my_lock_ctx = False; @@ -401,12 +400,10 @@ NTSTATUS brl_lock(SMB_DEV_T dev, SMB_INO_T ino, int fnum, } /* no conflicts - add it to the list of locks */ - tp = SMB_REALLOC(dbuf.dptr, dbuf.dsize + sizeof(*locks)); - if (!tp) { + dbuf.dptr = SMB_REALLOC(dbuf.dptr, dbuf.dsize + sizeof(*locks)); + if (!dbuf.dptr) { status = NT_STATUS_NO_MEMORY; goto fail; - } else { - dbuf.dptr = tp; } memcpy(dbuf.dptr + dbuf.dsize, &lock, sizeof(lock)); dbuf.dsize += sizeof(lock); diff --git a/source3/locking/posix.c b/source3/locking/posix.c index c63992adc5..4b69047a3c 100644 --- a/source3/locking/posix.c +++ b/source3/locking/posix.c @@ -99,20 +99,17 @@ static BOOL add_fd_to_close_entry(files_struct *fsp) { TDB_DATA kbuf = locking_key_fsp(fsp); TDB_DATA dbuf; - char *tp; dbuf.dptr = NULL; dbuf.dsize = 0; dbuf = tdb_fetch(posix_pending_close_tdb, kbuf); - tp = SMB_REALLOC(dbuf.dptr, dbuf.dsize + sizeof(int)); - if (!tp) { + dbuf.dptr = SMB_REALLOC(dbuf.dptr, dbuf.dsize + sizeof(int)); + if (!dbuf.dptr) { DEBUG(0,("add_fd_to_close_entry: Realloc fail !\n")); - SAFE_FREE(dbuf.dptr); return False; - } else - dbuf.dptr = tp; + } memcpy(dbuf.dptr + dbuf.dsize, &fsp->fh->fd, sizeof(int)); dbuf.dsize += sizeof(int); @@ -358,7 +355,6 @@ static BOOL add_posix_lock_entry(files_struct *fsp, SMB_OFF_T start, SMB_OFF_T s TDB_DATA kbuf = locking_key_fsp(fsp); TDB_DATA dbuf; struct posix_lock pl; - char *tp; dbuf.dptr = NULL; dbuf.dsize = 0; @@ -376,12 +372,11 @@ static BOOL add_posix_lock_entry(files_struct *fsp, SMB_OFF_T start, SMB_OFF_T s pl.size = size; pl.lock_type = lock_type; - tp = SMB_REALLOC(dbuf.dptr, dbuf.dsize + sizeof(struct posix_lock)); - if (!tp) { + dbuf.dptr = SMB_REALLOC(dbuf.dptr, dbuf.dsize + sizeof(struct posix_lock)); + if (!dbuf.dptr) { DEBUG(0,("add_posix_lock_entry: Realloc fail !\n")); goto fail; - } else - dbuf.dptr = tp; + } memcpy(dbuf.dptr + dbuf.dsize, &pl, sizeof(struct posix_lock)); dbuf.dsize += sizeof(struct posix_lock); diff --git a/source3/modules/vfs_shadow_copy.c b/source3/modules/vfs_shadow_copy.c index 8bb4598ea3..db1c8d007d 100644 --- a/source3/modules/vfs_shadow_copy.c +++ b/source3/modules/vfs_shadow_copy.c @@ -93,8 +93,6 @@ static SMB_STRUCT_DIR *shadow_copy_opendir(vfs_handle_struct *handle, connection while (True) { SMB_STRUCT_DIRENT *d; - SMB_STRUCT_DIRENT *r; - d = SMB_VFS_NEXT_READDIR(handle, conn, p); if (d == NULL) { @@ -108,13 +106,12 @@ static SMB_STRUCT_DIR *shadow_copy_opendir(vfs_handle_struct *handle, connection DEBUG(10,("shadow_copy_opendir: not hide [%s]\n",d->d_name)); - r = SMB_REALLOC_ARRAY(dirp->dirs,SMB_STRUCT_DIRENT, dirp->num+1); - if (!r) { + dirp->dirs = SMB_REALLOC_ARRAY(dirp->dirs,SMB_STRUCT_DIRENT, dirp->num+1); + if (!dirp->dirs) { DEBUG(0,("shadow_copy_opendir: Out of memory\n")); break; } - dirp->dirs = r; dirp->dirs[dirp->num++] = *d; } diff --git a/source3/nsswitch/wb_client.c b/source3/nsswitch/wb_client.c index ff0f15a122..b2db25c31b 100644 --- a/source3/nsswitch/wb_client.c +++ b/source3/nsswitch/wb_client.c @@ -335,7 +335,7 @@ static int wb_getgroups(const char *user, gid_t **groups) int winbind_initgroups(char *user, gid_t gid) { - gid_t *tgr, *groups = NULL; + gid_t *groups = NULL; int result; /* Call normal initgroups if we are a local user */ @@ -364,14 +364,12 @@ int winbind_initgroups(char *user, gid_t gid) /* Add group to list if necessary */ if (!is_member) { - tgr = SMB_REALLOC_ARRAY(groups, gid_t, ngroups + 1); - - if (!tgr) { + groups = SMB_REALLOC_ARRAY(groups, gid_t, ngroups + 1); + if (!groups) { errno = ENOMEM; result = -1; goto done; } - else groups = tgr; groups[ngroups] = gid; ngroups++; diff --git a/source3/nsswitch/winbindd_cache.c b/source3/nsswitch/winbindd_cache.c index 799818198c..7f14f359da 100644 --- a/source3/nsswitch/winbindd_cache.c +++ b/source3/nsswitch/winbindd_cache.c @@ -560,16 +560,14 @@ static struct cache_entry *wcache_fetch(struct winbind_cache *cache, */ static void centry_expand(struct cache_entry *centry, uint32 len) { - uint8 *p; if (centry->len - centry->ofs >= len) return; centry->len *= 2; - p = SMB_REALLOC(centry->data, centry->len); - if (!p) { + centry->data = SMB_REALLOC(centry->data, centry->len); + if (!centry->data) { DEBUG(0,("out of memory: needed %d bytes in centry_expand\n", centry->len)); smb_panic("out of memory in centry_expand"); } - centry->data = p; } /* diff --git a/source3/nsswitch/winbindd_group.c b/source3/nsswitch/winbindd_group.c index 1ddc734703..6e125c4330 100644 --- a/source3/nsswitch/winbindd_group.c +++ b/source3/nsswitch/winbindd_group.c @@ -494,7 +494,7 @@ static BOOL get_sam_group_entries(struct getent_state *ent) { NTSTATUS status; uint32 num_entries; - struct acct_info *name_list = NULL, *tmp_name_list = NULL; + struct acct_info *name_list = NULL; TALLOC_CTX *mem_ctx; BOOL result = False; struct acct_info *sam_grp_entries = NULL; @@ -569,17 +569,14 @@ static BOOL get_sam_group_entries(struct getent_state *ent) /* Copy entries into return buffer */ if ( num_entries ) { - if ( !(tmp_name_list = SMB_REALLOC_ARRAY( name_list, struct acct_info, ent->num_sam_entries+num_entries)) ) + if ( !(name_list = SMB_REALLOC_ARRAY( name_list, struct acct_info, ent->num_sam_entries+num_entries)) ) { DEBUG(0,("get_sam_group_entries: Failed to realloc more memory for %d local groups!\n", num_entries)); result = False; - SAFE_FREE( name_list ); goto done; } - name_list = tmp_name_list; - memcpy( &name_list[ent->num_sam_entries], sam_grp_entries, num_entries * sizeof(struct acct_info) ); } @@ -610,7 +607,7 @@ void winbindd_getgrent(struct winbindd_cli_state *state) struct getent_state *ent; struct winbindd_gr *group_list = NULL; int num_groups, group_list_ndx = 0, i, gr_mem_list_len = 0; - char *new_extra_data, *gr_mem_list = NULL; + char *gr_mem_list = NULL; DEBUG(3, ("[%5lu]: getgrent\n", (unsigned long)state->pid)); @@ -651,7 +648,7 @@ void winbindd_getgrent(struct winbindd_cli_state *state) uint32 result; gid_t group_gid; size_t gr_mem_len; - char *gr_mem, *new_gr_mem_list; + char *gr_mem; DOM_SID group_sid; struct winbindd_domain *domain; @@ -766,11 +763,10 @@ void winbindd_getgrent(struct winbindd_cli_state *state) if (result) { /* Append to group membership list */ - new_gr_mem_list = SMB_REALLOC( gr_mem_list, gr_mem_list_len + gr_mem_len); + gr_mem_list = SMB_REALLOC( gr_mem_list, gr_mem_list_len + gr_mem_len); - if (!new_gr_mem_list && (group_list[group_list_ndx].num_gr_mem != 0)) { + if (!gr_mem_list) { DEBUG(0, ("out of memory\n")); - SAFE_FREE(gr_mem_list); gr_mem_list_len = 0; break; } @@ -778,8 +774,6 @@ void winbindd_getgrent(struct winbindd_cli_state *state) DEBUG(10, ("list_len = %d, mem_len = %d\n", gr_mem_list_len, gr_mem_len)); - gr_mem_list = new_gr_mem_list; - memcpy(&gr_mem_list[gr_mem_list_len], gr_mem, gr_mem_len); @@ -817,21 +811,18 @@ void winbindd_getgrent(struct winbindd_cli_state *state) if (group_list_ndx == 0) goto done; - new_extra_data = SMB_REALLOC( + state->response.extra_data = SMB_REALLOC( state->response.extra_data, group_list_ndx * sizeof(struct winbindd_gr) + gr_mem_list_len); - if (!new_extra_data) { + if (!state->response.extra_data) { DEBUG(0, ("out of memory\n")); group_list_ndx = 0; - SAFE_FREE(state->response.extra_data); SAFE_FREE(gr_mem_list); request_error(state); return; } - state->response.extra_data = new_extra_data; - memcpy(&((char *)state->response.extra_data) [group_list_ndx * sizeof(struct winbindd_gr)], gr_mem_list, gr_mem_list_len); @@ -861,7 +852,6 @@ void winbindd_list_groups(struct winbindd_cli_state *state) struct winbindd_domain *domain; const char *which_domain; char *extra_data = NULL; - char *ted = NULL; unsigned int extra_data_len = 0, i; DEBUG(3, ("[%5lu]: list groups\n", (unsigned long)state->pid)); @@ -901,15 +891,13 @@ void winbindd_list_groups(struct winbindd_cli_state *state) /* Allocate some memory for extra data. Note that we limit account names to sizeof(fstring) = 128 characters. */ - ted = SMB_REALLOC(extra_data, sizeof(fstring) * total_entries); + extra_data = SMB_REALLOC(extra_data, sizeof(fstring) * total_entries); - if (!ted) { + if (!extra_data) { DEBUG(0,("failed to enlarge buffer!\n")); - SAFE_FREE(extra_data); request_error(state); return; - } else - extra_data = ted; + } /* Pack group list into extra data fields */ for (i = 0; i < groups.num_sam_entries; i++) { diff --git a/source3/nsswitch/winbindd_user.c b/source3/nsswitch/winbindd_user.c index 227163b447..b48284a031 100644 --- a/source3/nsswitch/winbindd_user.c +++ b/source3/nsswitch/winbindd_user.c @@ -553,16 +553,12 @@ static BOOL get_sam_user_entries(struct getent_state *ent, TALLOC_CTX *mem_ctx) &info); if (num_entries) { - struct getpwent_user *tnl; + name_list = SMB_REALLOC_ARRAY(name_list, struct getpwent_user, ent->num_sam_entries + num_entries); - tnl = SMB_REALLOC_ARRAY(name_list, struct getpwent_user, ent->num_sam_entries + num_entries); - - if (!tnl) { + if (!name_list) { DEBUG(0,("get_sam_user_entries realloc failed.\n")); - SAFE_FREE(name_list); goto done; - } else - name_list = tnl; + } } for (i = 0; i < num_entries; i++) { @@ -731,7 +727,7 @@ void winbindd_list_users(struct winbindd_cli_state *state) WINBIND_USERINFO *info; const char *which_domain; uint32 num_entries = 0, total_entries = 0; - char *ted, *extra_data = NULL; + char *extra_data = NULL; int extra_data_len = 0; enum winbindd_result rv = WINBINDD_ERROR; @@ -767,15 +763,13 @@ void winbindd_list_users(struct winbindd_cli_state *state) /* Allocate some memory for extra data */ total_entries += num_entries; - ted = SMB_REALLOC(extra_data, sizeof(fstring) * total_entries); + extra_data = SMB_REALLOC(extra_data, sizeof(fstring) * total_entries); - if (!ted) { + if (!extra_data) { DEBUG(0,("failed to enlarge buffer!\n")); - SAFE_FREE(extra_data); goto done; - } else - extra_data = ted; - + } + /* Pack user list into extra data fields */ for (i = 0; i < num_entries; i++) { diff --git a/source3/param/loadparm.c b/source3/param/loadparm.c index 64b3ecd81b..8b79ec37d7 100644 --- a/source3/param/loadparm.c +++ b/source3/param/loadparm.c @@ -2470,7 +2470,7 @@ static int add_a_service(const service *pservice, const char *name) service **tsp; int *tinvalid; - tsp = SMB_REALLOC_ARRAY(ServicePtrs, service *, num_to_alloc); + tsp = SMB_REALLOC_ARRAY_KEEP_OLD_ON_ERROR(ServicePtrs, service *, num_to_alloc); if (tsp == NULL) { DEBUG(0,("add_a_service: failed to enlarge ServicePtrs!\n")); return (-1); @@ -2484,7 +2484,7 @@ static int add_a_service(const service *pservice, const char *name) iNumServices++; /* enlarge invalid_services here for now... */ - tinvalid = SMB_REALLOC_ARRAY(invalid_services, int, + tinvalid = SMB_REALLOC_ARRAY_KEEP_OLD_ON_ERROR(invalid_services, int, num_to_alloc); if (tinvalid == NULL) { DEBUG(0,("add_a_service: failed to enlarge " diff --git a/source3/param/params.c b/source3/param/params.c index f5ce6bdb64..6669e80191 100644 --- a/source3/param/params.c +++ b/source3/param/params.c @@ -262,10 +262,8 @@ static BOOL Section( myFILE *InFile, BOOL (*sfunc)(const char *) ) while( (EOF != c) && (c > 0) ) { /* Check that the buffer is big enough for the next character. */ if( i > (bSize - 2) ) { - char *tb; - - tb = (char *)SMB_REALLOC( bufr, bSize +BUFR_INC ); - if( NULL == tb ) { + char *tb = (char *)SMB_REALLOC_KEEP_OLD_ON_ERROR( bufr, bSize +BUFR_INC ); + if(!tb) { DEBUG(0, ("%s Memory re-allocation failure.", func) ); return False; } @@ -356,8 +354,8 @@ static BOOL Parameter( myFILE *InFile, BOOL (*pfunc)(const char *, const char *) /* Loop until we've found the start of the value. */ if( i > (bSize - 2) ) { /* Ensure there's space for next char. */ - char *tb = (char *)SMB_REALLOC( bufr, bSize + BUFR_INC ); - if( NULL == tb ) { + char *tb = (char *)SMB_REALLOC_KEEP_OLD_ON_ERROR( bufr, bSize + BUFR_INC ); + if (!tb) { DEBUG(0, ("%s Memory re-allocation failure.", func) ); return False; } @@ -414,8 +412,8 @@ static BOOL Parameter( myFILE *InFile, BOOL (*pfunc)(const char *, const char *) while( (EOF !=c) && (c > 0) ) { if( i > (bSize - 2) ) { /* Make sure there's enough room. */ - char *tb = (char *)SMB_REALLOC( bufr, bSize + BUFR_INC ); - if( NULL == tb ) { + char *tb = (char *)SMB_REALLOC_KEEP_OLD_ON_ERROR( bufr, bSize + BUFR_INC ); + if (!tb) { DEBUG(0, ("%s Memory re-allocation failure.", func)); return False; } diff --git a/source3/passdb/pdb_ldap.c b/source3/passdb/pdb_ldap.c index 1fe5212d57..8429d50b38 100644 --- a/source3/passdb/pdb_ldap.c +++ b/source3/passdb/pdb_ldap.c @@ -3076,7 +3076,6 @@ static NTSTATUS ldapsam_enum_group_mapping(struct pdb_methods *methods, BOOL unix_only) { GROUP_MAP map; - GROUP_MAP *mapt; size_t entries = 0; *p_num_entries = 0; @@ -3101,17 +3100,14 @@ static NTSTATUS ldapsam_enum_group_mapping(struct pdb_methods *methods, continue; } - mapt=SMB_REALLOC_ARRAY((*pp_rmap), GROUP_MAP, entries+1); - if (!mapt) { + (*pp_rmap)=SMB_REALLOC_ARRAY((*pp_rmap), GROUP_MAP, entries+1); + if (!(*pp_rmap)) { DEBUG(0,("ldapsam_enum_group_mapping: Unable to " "enlarge group map!\n")); - SAFE_FREE(*pp_rmap); return NT_STATUS_UNSUCCESSFUL; } - else - (*pp_rmap) = mapt; - mapt[entries] = map; + (*pp_rmap)[entries] = map; entries += 1; diff --git a/source3/printing/nt_printing.c b/source3/printing/nt_printing.c index becd51cd7e..1ce0b5e9e3 100644 --- a/source3/printing/nt_printing.c +++ b/source3/printing/nt_printing.c @@ -743,12 +743,12 @@ BOOL get_a_builtin_ntform(UNISTR2 *uni_formname,nt_forms_struct *form) } /**************************************************************************** -get a form struct list + get a form struct list. ****************************************************************************/ + int get_ntforms(nt_forms_struct **list) { TDB_DATA kbuf, newkey, dbuf; - nt_forms_struct *tl; nt_forms_struct form; int ret; int i; @@ -773,12 +773,11 @@ int get_ntforms(nt_forms_struct **list) if (ret != dbuf.dsize) continue; - tl = SMB_REALLOC_ARRAY(*list, nt_forms_struct, n+1); - if (!tl) { + *list = SMB_REALLOC_ARRAY(*list, nt_forms_struct, n+1); + if (!*list) { DEBUG(0,("get_ntforms: Realloc fail.\n")); return 0; } - *list = tl; (*list)[n] = form; n++; } @@ -823,7 +822,6 @@ BOOL add_a_form(nt_forms_struct **list, const FORM *form, int *count) int n=0; BOOL update; fstring form_name; - nt_forms_struct *tl; /* * NT tries to add forms even when @@ -842,11 +840,10 @@ BOOL add_a_form(nt_forms_struct **list, const FORM *form, int *count) } if (update==False) { - if((tl=SMB_REALLOC_ARRAY(*list, nt_forms_struct, n+1)) == NULL) { + if((*list=SMB_REALLOC_ARRAY(*list, nt_forms_struct, n+1)) == NULL) { DEBUG(0,("add_a_form: failed to enlarge forms list!\n")); return False; } - *list = tl; unistr2_to_ascii((*list)[n].name, &form->name, sizeof((*list)[n].name)-1); (*count)++; } @@ -940,7 +937,6 @@ int get_ntdrivers(fstring **list, const char *architecture, uint32 version) { int total=0; const char *short_archi; - fstring *fl; pstring key; TDB_DATA kbuf, newkey; @@ -954,11 +950,10 @@ int get_ntdrivers(fstring **list, const char *architecture, uint32 version) if (strncmp(kbuf.dptr, key, strlen(key)) != 0) continue; - if((fl = SMB_REALLOC_ARRAY(*list, fstring, total+1)) == NULL) { + if((*list = SMB_REALLOC_ARRAY(*list, fstring, total+1)) == NULL) { DEBUG(0,("get_ntdrivers: failed to enlarge list!\n")); return -1; } - else *list = fl; fstrcpy((*list)[total], kbuf.dptr+strlen(key)); total++; @@ -1973,15 +1968,12 @@ static uint32 add_a_printer_driver_3(NT_PRINTER_DRIVER_INFO_LEVEL_3 *driver) } if (len != buflen) { - char *tb; - - tb = (char *)SMB_REALLOC(buf, len); - if (!tb) { + buf = (char *)SMB_REALLOC(buf, len); + if (!buf) { DEBUG(0,("add_a_printer_driver_3: failed to enlarge buffer\n!")); ret = -1; goto done; } - else buf = tb; buflen = len; goto again; } @@ -2098,15 +2090,11 @@ static WERROR get_a_printer_driver_3(NT_PRINTER_DRIVER_INFO_LEVEL_3 **info_ptr, i=0; while (len < dbuf.dsize) { - fstring *tddfs; - - tddfs = SMB_REALLOC_ARRAY(driver.dependentfiles, fstring, i+2); - if ( !tddfs ) { + driver.dependentfiles = SMB_REALLOC_ARRAY(driver.dependentfiles, fstring, i+2); + if ( !driver.dependentfiles ) { DEBUG(0,("get_a_printer_driver_3: failed to enlarge buffer!\n")); break; } - else - driver.dependentfiles = tddfs; len += tdb_unpack(dbuf.dptr+len, dbuf.dsize-len, "f", &driver.dependentfiles[i]); @@ -2406,15 +2394,12 @@ static WERROR update_a_printer_2(NT_PRINTER_INFO_LEVEL_2 *info) len += pack_values( info->data, buf+len, buflen-len ); if (buflen != len) { - char *tb; - - tb = (char *)SMB_REALLOC(buf, len); - if (!tb) { + buf = (char *)SMB_REALLOC(buf, len); + if (!buf) { DEBUG(0,("update_a_printer_2: failed to enlarge buffer!\n")); ret = WERR_NOMEM; goto done; } - else buf = tb; buflen = len; goto again; } @@ -2744,7 +2729,7 @@ int get_printer_subkeys( NT_PRINTER_DATA *data, const char* key, fstring **subke int key_len; int num_subkeys = 0; char *p; - fstring *ptr, *subkeys_ptr = NULL; + fstring *subkeys_ptr = NULL; fstring subkeyname; if ( !data ) @@ -2760,14 +2745,12 @@ int get_printer_subkeys( NT_PRINTER_DATA *data, const char* key, fstring **subke /* found a match, so allocate space and copy the name */ - if ( !(ptr = SMB_REALLOC_ARRAY( subkeys_ptr, fstring, num_subkeys+2)) ) { + if ( !(subkeys_ptr = SMB_REALLOC_ARRAY( subkeys_ptr, fstring, num_subkeys+2)) ) { DEBUG(0,("get_printer_subkeys: Realloc failed for [%d] entries!\n", num_subkeys+1)); - SAFE_FREE( subkeys ); return -1; } - subkeys_ptr = ptr; fstrcpy( subkeys_ptr[num_subkeys], data->keys[i].name ); num_subkeys++; } @@ -2807,14 +2790,12 @@ int get_printer_subkeys( NT_PRINTER_DATA *data, const char* key, fstring **subke /* found a match, so allocate space and copy the name */ - if ( !(ptr = SMB_REALLOC_ARRAY( subkeys_ptr, fstring, num_subkeys+2)) ) { + if ( !(subkeys_ptr = SMB_REALLOC_ARRAY( subkeys_ptr, fstring, num_subkeys+2)) ) { DEBUG(0,("get_printer_subkeys: Realloc failed for [%d] entries!\n", num_subkeys+1)); - SAFE_FREE( subkeys ); return 0; } - subkeys_ptr = ptr; fstrcpy( subkeys_ptr[num_subkeys], subkeyname ); num_subkeys++; } @@ -4080,16 +4061,12 @@ static uint32 update_driver_init_2(NT_PRINTER_INFO_LEVEL_2 *info) len += pack_values( info->data, buf+len, buflen-len ); if (buflen < len) { - char *tb; - - tb = (char *)SMB_REALLOC(buf, len); - if (!tb) { + buf = (char *)SMB_REALLOC(buf, len); + if (!buf) { DEBUG(0, ("update_driver_init_2: failed to enlarge buffer!\n")); ret = -1; goto done; } - else - buf = tb; buflen = len; goto again; } diff --git a/source3/printing/print_cups.c b/source3/printing/print_cups.c index 8ae896fddf..afa301bbea 100644 --- a/source3/printing/print_cups.c +++ b/source3/printing/print_cups.c @@ -816,16 +816,13 @@ static int cups_queue_get(const char *sharename, if (qcount >= qalloc) { qalloc += 16; - temp = SMB_REALLOC_ARRAY(queue, print_queue_struct, qalloc); + queue = SMB_REALLOC_ARRAY(queue, print_queue_struct, qalloc); - if (temp == NULL) { + if (queue == NULL) { DEBUG(0,("cups_queue_get: Not enough memory!")); qcount = 0; - SAFE_FREE(queue); goto out; } - - queue = temp; } temp = queue + qcount; diff --git a/source3/printing/print_iprint.c b/source3/printing/print_iprint.c index fc60667628..04b096a8a5 100644 --- a/source3/printing/print_iprint.c +++ b/source3/printing/print_iprint.c @@ -1074,16 +1074,13 @@ static int iprint_queue_get(const char *sharename, if (qcount >= qalloc) { qalloc += 16; - temp = SMB_REALLOC_ARRAY(queue, print_queue_struct, qalloc); + queue = SMB_REALLOC_ARRAY(queue, print_queue_struct, qalloc); - if (temp == NULL) { + if (queue == NULL) { DEBUG(0,("iprint_queue_get: Not enough memory!")); qcount = 0; - SAFE_FREE(queue); goto out; } - - queue = temp; } temp = queue + qcount; diff --git a/source3/printing/printing.c b/source3/printing/printing.c index 315034879e..452031368d 100644 --- a/source3/printing/printing.c +++ b/source3/printing/printing.c @@ -541,15 +541,11 @@ static BOOL pjob_store(const char* sharename, uint32 jobid, struct printjob *pjo len += pack_devicemode(pjob->nt_devmode, buf+len, buflen-len); if (buflen != len) { - char *tb; - - tb = (char *)SMB_REALLOC(buf, len); - if (!tb) { + buf = (char *)SMB_REALLOC(buf, len); + if (!buf) { DEBUG(0,("pjob_store: failed to enlarge buffer!\n")); goto done; } - else - buf = tb; newlen = len; } } while ( buflen != len ); diff --git a/source3/registry/reg_db.c b/source3/registry/reg_db.c index ddc08cf2ce..e26b9a723b 100644 --- a/source3/registry/reg_db.c +++ b/source3/registry/reg_db.c @@ -298,7 +298,7 @@ int regdb_close( void ) static BOOL regdb_store_keys_internal( const char *key, REGSUBKEY_CTR *ctr ) { TDB_DATA kbuf, dbuf; - char *buffer, *tmpbuf; + char *buffer; int i = 0; uint32 len, buflen; BOOL ret = True; @@ -327,12 +327,11 @@ static BOOL regdb_store_keys_internal( const char *key, REGSUBKEY_CTR *ctr ) len += tdb_pack( buffer+len, buflen-len, "f", regsubkey_ctr_specific_key(ctr, i) ); if ( len > buflen ) { /* allocate some extra space */ - if ((tmpbuf = SMB_REALLOC( buffer, len*2 )) == NULL) { + if ((buffer = SMB_REALLOC( buffer, len*2 )) == NULL) { DEBUG(0,("regdb_store_keys: Failed to realloc memory of size [%d]\n", len*2)); ret = False; goto done; } - buffer = tmpbuf; buflen = len*2; len = tdb_pack( buffer+len, buflen-len, "f", regsubkey_ctr_specific_key(ctr, i) ); diff --git a/source3/registry/reg_perfcount.c b/source3/registry/reg_perfcount.c index a31154fc33..9b631736d6 100644 --- a/source3/registry/reg_perfcount.c +++ b/source3/registry/reg_perfcount.c @@ -158,7 +158,7 @@ static uint32 _reg_perfcount_multi_sz_from_tdb(TDB_CONTEXT *tdb, { TDB_DATA kbuf, dbuf; char temp[256]; - char *buf1 = *retbuf, *buf2 = NULL; + char *buf1 = *retbuf; uint32 working_size = 0; UNISTR2 name_index, name; @@ -177,27 +177,21 @@ static uint32 _reg_perfcount_multi_sz_from_tdb(TDB_CONTEXT *tdb, } /* First encode the name_index */ working_size = (kbuf.dsize + 1)*sizeof(uint16); - buf2 = SMB_REALLOC(buf1, buffer_size + working_size); - if(!buf2) - { - SAFE_FREE(buf1); + buf1 = SMB_REALLOC(buf1, buffer_size + working_size); + if(!buf1) { buffer_size = 0; return buffer_size; } - buf1 = buf2; init_unistr2(&name_index, kbuf.dptr, UNI_STR_TERMINATE); memcpy(buf1+buffer_size, (char *)name_index.buffer, working_size); buffer_size += working_size; /* Now encode the actual name */ working_size = (dbuf.dsize + 1)*sizeof(uint16); - buf2 = SMB_REALLOC(buf1, buffer_size + working_size); - if(!buf2) - { - SAFE_FREE(buf1); + buf1 = SMB_REALLOC(buf1, buffer_size + working_size); + if(!buf1) { buffer_size = 0; return buffer_size; } - buf1 = buf2; memset(temp, 0, sizeof(temp)); memcpy(temp, dbuf.dptr, dbuf.dsize); SAFE_FREE(dbuf.dptr); @@ -215,7 +209,7 @@ static uint32 _reg_perfcount_multi_sz_from_tdb(TDB_CONTEXT *tdb, uint32 reg_perfcount_get_counter_help(uint32 base_index, char **retbuf) { - char *buf1 = NULL, *buf2 = NULL; + char *buf1 = NULL; uint32 buffer_size = 0; TDB_CONTEXT *names; const char *fname = counters_directory( NAMES_DB ); @@ -240,15 +234,10 @@ uint32 reg_perfcount_get_counter_help(uint32 base_index, char **retbuf) /* Now terminate the MULTI_SZ with a double unicode NULL */ buf1 = *retbuf; - buf2 = SMB_REALLOC(buf1, buffer_size + 2); - if(!buf2) - { - SAFE_FREE(buf1); + buf1 = SMB_REALLOC(buf1, buffer_size + 2); + if(!buf1) { buffer_size = 0; - } - else - { - buf1 = buf2; + } else { buf1[buffer_size++] = '\0'; buf1[buffer_size++] = '\0'; } @@ -263,7 +252,7 @@ uint32 reg_perfcount_get_counter_help(uint32 base_index, char **retbuf) uint32 reg_perfcount_get_counter_names(uint32 base_index, char **retbuf) { - char *buf1 = NULL, *buf2 = NULL; + char *buf1 = NULL; uint32 buffer_size = 0; TDB_CONTEXT *names; const char *fname = counters_directory( NAMES_DB ); @@ -290,15 +279,10 @@ uint32 reg_perfcount_get_counter_names(uint32 base_index, char **retbuf) /* Now terminate the MULTI_SZ with a double unicode NULL */ buf1 = *retbuf; - buf2 = SMB_REALLOC(buf1, buffer_size + 2); - if(!buf2) - { - SAFE_FREE(buf1); + buf1 = SMB_REALLOC(buf1, buffer_size + 2); + if(!buf1) { buffer_size = 0; - } - else - { - buf1 = buf2; + } else { buf1[buffer_size++] = '\0'; buf1[buffer_size++] = '\0'; } diff --git a/source3/registry/reg_printing.c b/source3/registry/reg_printing.c index 592069052f..f001fdad24 100644 --- a/source3/registry/reg_printing.c +++ b/source3/registry/reg_printing.c @@ -858,7 +858,6 @@ static int key_driver_fetch_keys( const char *key, REGSUBKEY_CTR *subkeys ) static void fill_in_driver_values( NT_PRINTER_DRIVER_INFO_LEVEL_3 *info3, REGVAL_CTR *values ) { char *buffer = NULL; - char *buffer2 = NULL; int buffer_size = 0; int i, length; char *filename; @@ -903,10 +902,10 @@ static void fill_in_driver_values( NT_PRINTER_DRIVER_INFO_LEVEL_3 *info3, REGVAL length = strlen(filename); - buffer2 = SMB_REALLOC( buffer, buffer_size + (length + 1)*sizeof(uint16) ); - if ( !buffer2 ) + buffer = SMB_REALLOC( buffer, buffer_size + (length + 1)*sizeof(uint16) ); + if ( !buffer ) { break; - buffer = buffer2; + } init_unistr2( &data, filename, UNI_STR_TERMINATE); memcpy( buffer+buffer_size, (char*)data.buffer, data.uni_str_len*sizeof(uint16) ); @@ -916,12 +915,10 @@ static void fill_in_driver_values( NT_PRINTER_DRIVER_INFO_LEVEL_3 *info3, REGVAL /* terminated by double NULL. Add the final one here */ - buffer2 = SMB_REALLOC( buffer, buffer_size + 2 ); - if ( !buffer2 ) { - SAFE_FREE( buffer ); + buffer = SMB_REALLOC( buffer, buffer_size + 2 ); + if ( !buffer ) { buffer_size = 0; } else { - buffer = buffer2; buffer[buffer_size++] = '\0'; buffer[buffer_size++] = '\0'; } diff --git a/source3/rpc_parse/parse_buffer.c b/source3/rpc_parse/parse_buffer.c index 36d8eda847..b220809654 100644 --- a/source3/rpc_parse/parse_buffer.c +++ b/source3/rpc_parse/parse_buffer.c @@ -371,19 +371,14 @@ BOOL smb_io_relarraystr(const char *desc, RPC_BUFFER *buffer, int depth, uint16 /* we're going to add two more bytes here in case this is the last string in the array and we need to add an extra NULL for termination */ - if (l_chaine > 0) - { - uint16 *tc2; - + if (l_chaine > 0) { realloc_size = (l_chaine2+l_chaine+2)*sizeof(uint16); /* Yes this should be realloc - it's freed below. JRA */ - if((tc2=(uint16 *)SMB_REALLOC(chaine2, realloc_size)) == NULL) { - SAFE_FREE(chaine2); + if((chaine2=(uint16 *)SMB_REALLOC(chaine2, realloc_size)) == NULL) { return False; } - else chaine2 = tc2; memcpy(chaine2+l_chaine2, chaine.buffer, (l_chaine+1)*sizeof(uint16)); l_chaine2+=l_chaine+1; } diff --git a/source3/rpc_parse/parse_prs.c b/source3/rpc_parse/parse_prs.c index c4f9f512ab..4683f1dbd0 100644 --- a/source3/rpc_parse/parse_prs.c +++ b/source3/rpc_parse/parse_prs.c @@ -207,16 +207,21 @@ BOOL prs_set_buffer_size(prs_struct *ps, uint32 newsize) return prs_force_grow(ps, newsize - ps->buffer_size); if (newsize < ps->buffer_size) { - char *new_data_p = SMB_REALLOC(ps->data_p, newsize); - /* if newsize is zero, Realloc acts like free() & returns NULL*/ - if (new_data_p == NULL && newsize != 0) { - DEBUG(0,("prs_set_buffer_size: Realloc failure for size %u.\n", - (unsigned int)newsize)); - DEBUG(0,("prs_set_buffer_size: Reason %s\n",strerror(errno))); - return False; - } - ps->data_p = new_data_p; ps->buffer_size = newsize; + + /* newsize == 0 acts as a free and set pointer to NULL */ + if (newsize == 0) { + SAFE_FREE(ps->data_p); + } else { + ps->data_p = SMB_REALLOC(ps->data_p, newsize); + + if (ps->data_p == NULL) { + DEBUG(0,("prs_set_buffer_size: Realloc failure for size %u.\n", + (unsigned int)newsize)); + DEBUG(0,("prs_set_buffer_size: Reason %s\n",strerror(errno))); + return False; + } + } } return True; @@ -230,7 +235,6 @@ BOOL prs_set_buffer_size(prs_struct *ps, uint32 newsize) BOOL prs_grow(prs_struct *ps, uint32 extra_space) { uint32 new_size; - char *new_data; ps->grow_size = MAX(ps->grow_size, ps->data_offset + extra_space); @@ -261,11 +265,11 @@ BOOL prs_grow(prs_struct *ps, uint32 extra_space) new_size = MAX(RPC_MAX_PDU_FRAG_LEN,extra_space); - if((new_data = SMB_MALLOC(new_size)) == NULL) { + if((ps->data_p = SMB_MALLOC(new_size)) == NULL) { DEBUG(0,("prs_grow: Malloc failure for size %u.\n", (unsigned int)new_size)); return False; } - memset(new_data, '\0', (size_t)new_size ); + memset(ps->data_p, '\0', (size_t)new_size ); } else { /* * If the current buffer size is bigger than the space needed, just @@ -273,16 +277,15 @@ BOOL prs_grow(prs_struct *ps, uint32 extra_space) */ new_size = MAX(ps->buffer_size*2, ps->buffer_size + extra_space); - if ((new_data = SMB_REALLOC(ps->data_p, new_size)) == NULL) { + if ((ps->data_p = SMB_REALLOC(ps->data_p, new_size)) == NULL) { DEBUG(0,("prs_grow: Realloc failure for size %u.\n", (unsigned int)new_size)); return False; } - memset(&new_data[ps->buffer_size], '\0', (size_t)(new_size - ps->buffer_size)); + memset(&ps->data_p[ps->buffer_size], '\0', (size_t)(new_size - ps->buffer_size)); } ps->buffer_size = new_size; - ps->data_p = new_data; return True; } @@ -296,7 +299,6 @@ BOOL prs_grow(prs_struct *ps, uint32 extra_space) BOOL prs_force_grow(prs_struct *ps, uint32 extra_space) { uint32 new_size = ps->buffer_size + extra_space; - char *new_data; if(!UNMARSHALLING(ps) || !ps->is_dynamic) { DEBUG(0,("prs_force_grow: Buffer overflow - unable to expand buffer by %u bytes.\n", @@ -304,16 +306,15 @@ BOOL prs_force_grow(prs_struct *ps, uint32 extra_space) return False; } - if((new_data = SMB_REALLOC(ps->data_p, new_size)) == NULL) { + if((ps->data_p = SMB_REALLOC(ps->data_p, new_size)) == NULL) { DEBUG(0,("prs_force_grow: Realloc failure for size %u.\n", (unsigned int)new_size)); return False; } - memset(&new_data[ps->buffer_size], '\0', (size_t)(new_size - ps->buffer_size)); + memset(&ps->data_p[ps->buffer_size], '\0', (size_t)(new_size - ps->buffer_size)); ps->buffer_size = new_size; - ps->data_p = new_data; return True; } diff --git a/source3/rpc_parse/parse_spoolss.c b/source3/rpc_parse/parse_spoolss.c index 5a17860814..5a308bc77d 100644 --- a/source3/rpc_parse/parse_spoolss.c +++ b/source3/rpc_parse/parse_spoolss.c @@ -4968,7 +4968,7 @@ BOOL spool_io_printer_driver_info_level_6(const char *desc, SPOOL_PRINTER_DRIVER ********************************************************************/ static BOOL uniarray_2_dosarray(BUFFER5 *buf5, fstring **ar) { - fstring f, *tar; + fstring f; int n = 0; char *src; @@ -4981,11 +4981,9 @@ static BOOL uniarray_2_dosarray(BUFFER5 *buf5, fstring **ar) while (src < ((char *)buf5->buffer) + buf5->buf_len*2) { rpcstr_pull(f, src, sizeof(f)-1, -1, STR_TERMINATE); src = skip_unibuf(src, 2*buf5->buf_len - PTR_DIFF(src,buf5->buffer)); - tar = SMB_REALLOC_ARRAY(*ar, fstring, n+2); - if (!tar) + *ar = SMB_REALLOC_ARRAY(*ar, fstring, n+2); + if (!*ar) return False; - else - *ar = tar; fstrcpy((*ar)[n], f); n++; } diff --git a/source3/rpc_server/srv_pipe.c b/source3/rpc_server/srv_pipe.c index 67fb89ef79..eb7fd25daa 100644 --- a/source3/rpc_server/srv_pipe.c +++ b/source3/rpc_server/srv_pipe.c @@ -1032,7 +1032,7 @@ NTSTATUS rpc_pipe_register_commands(int version, const char *clnt, const char *s rpc_lookup will still be valid afterwards. It could then succeed if called again later */ rpc_lookup_size++; - rpc_entry = SMB_REALLOC_ARRAY(rpc_lookup, struct rpc_table, rpc_lookup_size); + rpc_entry = SMB_REALLOC_ARRAY_KEEP_OLD_ON_ERROR(rpc_lookup, struct rpc_table, rpc_lookup_size); if (NULL == rpc_entry) { rpc_lookup_size--; DEBUG(0, ("rpc_pipe_register_commands: memory allocation failed\n")); @@ -1046,6 +1046,9 @@ NTSTATUS rpc_pipe_register_commands(int version, const char *clnt, const char *s rpc_entry->pipe.clnt = SMB_STRDUP(clnt); rpc_entry->pipe.srv = SMB_STRDUP(srv); rpc_entry->cmds = SMB_REALLOC_ARRAY(rpc_entry->cmds, struct api_struct, rpc_entry->n_cmds + size); + if (!rpc_entry->cmds) { + return NT_STATUS_NO_MEMORY; + } memcpy(rpc_entry->cmds + rpc_entry->n_cmds, cmds, size * sizeof(struct api_struct)); rpc_entry->n_cmds += size; diff --git a/source3/rpc_server/srv_spoolss_nt.c b/source3/rpc_server/srv_spoolss_nt.c index 938658c479..cc51df98c1 100644 --- a/source3/rpc_server/srv_spoolss_nt.c +++ b/source3/rpc_server/srv_spoolss_nt.c @@ -3540,7 +3540,7 @@ static BOOL construct_notify_printer_info(Printer_entry *print_hnd, SPOOL_NOTIFY uint16 type; uint16 field; - SPOOL_NOTIFY_INFO_DATA *current_data, *tid; + SPOOL_NOTIFY_INFO_DATA *current_data; NT_PRINTER_INFO_LEVEL *printer = NULL; print_queue_struct *queue=NULL; @@ -3561,11 +3561,10 @@ static BOOL construct_notify_printer_info(Printer_entry *print_hnd, SPOOL_NOTIFY if (!search_notify(type, field, &j) ) continue; - if((tid=SMB_REALLOC_ARRAY(info->data, SPOOL_NOTIFY_INFO_DATA, info->count+1)) == NULL) { + if((info->data=SMB_REALLOC_ARRAY(info->data, SPOOL_NOTIFY_INFO_DATA, info->count+1)) == NULL) { DEBUG(2,("construct_notify_printer_info: failed to enlarge buffer info->data!\n")); return False; - } else - info->data = tid; + } current_data = &info->data[info->count]; @@ -3601,7 +3600,7 @@ static BOOL construct_notify_jobs_info(print_queue_struct *queue, uint16 type; uint16 field; - SPOOL_NOTIFY_INFO_DATA *current_data, *tid; + SPOOL_NOTIFY_INFO_DATA *current_data; DEBUG(4,("construct_notify_jobs_info\n")); @@ -3617,11 +3616,10 @@ static BOOL construct_notify_jobs_info(print_queue_struct *queue, if (!search_notify(type, field, &j) ) continue; - if((tid=SMB_REALLOC_ARRAY(info->data, SPOOL_NOTIFY_INFO_DATA, info->count+1)) == NULL) { + if((info->data=SMB_REALLOC_ARRAY(info->data, SPOOL_NOTIFY_INFO_DATA, info->count+1)) == NULL) { DEBUG(2,("construct_notify_jobs_info: failed to enlarg buffer info->data!\n")); return False; } - else info->data = tid; current_data=&(info->data[info->count]); @@ -4296,7 +4294,7 @@ static WERROR enum_all_printers_info_1(uint32 flags, RPC_BUFFER *buffer, uint32 int snum; int i; int n_services=lp_numservices(); - PRINTER_INFO_1 *tp, *printers=NULL; + PRINTER_INFO_1 *printers=NULL; PRINTER_INFO_1 current_prt; WERROR result = WERR_OK; @@ -4307,13 +4305,11 @@ static WERROR enum_all_printers_info_1(uint32 flags, RPC_BUFFER *buffer, uint32 DEBUG(4,("Found a printer in smb.conf: %s[%x]\n", lp_servicename(snum), snum)); if (construct_printer_info_1(NULL, flags, ¤t_prt, snum)) { - if((tp=SMB_REALLOC_ARRAY(printers, PRINTER_INFO_1, *returned +1)) == NULL) { + if((printers=SMB_REALLOC_ARRAY(printers, PRINTER_INFO_1, *returned +1)) == NULL) { DEBUG(2,("enum_all_printers_info_1: failed to enlarge printers buffer!\n")); - SAFE_FREE(printers); *returned=0; return WERR_NOMEM; } - else printers = tp; DEBUG(4,("ReAlloced memory for [%d] PRINTER_INFO_1\n", *returned)); memcpy(&printers[*returned], ¤t_prt, sizeof(PRINTER_INFO_1)); @@ -4484,7 +4480,7 @@ static WERROR enum_all_printers_info_2(RPC_BUFFER *buffer, uint32 offered, uint3 int snum; int i; int n_services=lp_numservices(); - PRINTER_INFO_2 *tp, *printers=NULL; + PRINTER_INFO_2 *printers=NULL; PRINTER_INFO_2 current_prt; WERROR result = WERR_OK; @@ -4492,18 +4488,15 @@ static WERROR enum_all_printers_info_2(RPC_BUFFER *buffer, uint32 offered, uint3 if (lp_browseable(snum) && lp_snum_ok(snum) && lp_print_ok(snum) ) { DEBUG(4,("Found a printer in smb.conf: %s[%x]\n", lp_servicename(snum), snum)); - if (construct_printer_info_2(NULL, ¤t_prt, snum)) - { - if ( !(tp=SMB_REALLOC_ARRAY(printers, PRINTER_INFO_2, *returned +1)) ) { + if (construct_printer_info_2(NULL, ¤t_prt, snum)) { + if ( !(printers=SMB_REALLOC_ARRAY(printers, PRINTER_INFO_2, *returned +1)) ) { DEBUG(2,("enum_all_printers_info_2: failed to enlarge printers buffer!\n")); - SAFE_FREE(printers); *returned = 0; return WERR_NOMEM; } - DEBUG(4,("ReAlloced memory for [%d] PRINTER_INFO_2\n", *returned)); + DEBUG(4,("ReAlloced memory for [%d] PRINTER_INFO_2\n", *returned + 1)); - printers = tp; memcpy(&printers[*returned], ¤t_prt, sizeof(PRINTER_INFO_2)); (*returned)++; @@ -5074,7 +5067,6 @@ static uint32 init_unistr_array(uint16 **uni_array, fstring *char_array, const c int j=0; const char *v; pstring line; - uint16 *tuary; DEBUG(6,("init_unistr_array\n")); *uni_array=NULL; @@ -5102,12 +5094,11 @@ static uint32 init_unistr_array(uint16 **uni_array, fstring *char_array, const c /* add one extra unit16 for the second terminating NULL */ - if ( (tuary=SMB_REALLOC_ARRAY(*uni_array, uint16, j+1+strlen(line)+2)) == NULL ) { + if ( (*uni_array=SMB_REALLOC_ARRAY(*uni_array, uint16, j+1+strlen(line)+2)) == NULL ) { DEBUG(2,("init_unistr_array: Realloc error\n" )); return 0; - } else - *uni_array = tuary; - + } + if ( !strlen(v) ) break; @@ -6699,7 +6690,7 @@ static WERROR enumprinterdrivers_level1(fstring servername, fstring architecture uint32 version; fstring *list = NULL; NT_PRINTER_DRIVER_INFO_LEVEL driver; - DRIVER_INFO_1 *tdi1, *driver_info_1=NULL; + DRIVER_INFO_1 *driver_info_1=NULL; WERROR result = WERR_OK; *returned=0; @@ -6713,13 +6704,11 @@ static WERROR enumprinterdrivers_level1(fstring servername, fstring architecture return WERR_NOMEM; if(ndrivers != 0) { - if((tdi1=SMB_REALLOC_ARRAY(driver_info_1, DRIVER_INFO_1, *returned+ndrivers )) == NULL) { + if((driver_info_1=SMB_REALLOC_ARRAY(driver_info_1, DRIVER_INFO_1, *returned+ndrivers )) == NULL) { DEBUG(0,("enumprinterdrivers_level1: failed to enlarge driver info buffer!\n")); - SAFE_FREE(driver_info_1); SAFE_FREE(list); return WERR_NOMEM; } - else driver_info_1 = tdi1; } for (i=0; i<ndrivers; i++) { @@ -6782,7 +6771,7 @@ static WERROR enumprinterdrivers_level2(fstring servername, fstring architecture uint32 version; fstring *list = NULL; NT_PRINTER_DRIVER_INFO_LEVEL driver; - DRIVER_INFO_2 *tdi2, *driver_info_2=NULL; + DRIVER_INFO_2 *driver_info_2=NULL; WERROR result = WERR_OK; *returned=0; @@ -6796,13 +6785,11 @@ static WERROR enumprinterdrivers_level2(fstring servername, fstring architecture return WERR_NOMEM; if(ndrivers != 0) { - if((tdi2=SMB_REALLOC_ARRAY(driver_info_2, DRIVER_INFO_2, *returned+ndrivers )) == NULL) { + if((driver_info_2=SMB_REALLOC_ARRAY(driver_info_2, DRIVER_INFO_2, *returned+ndrivers )) == NULL) { DEBUG(0,("enumprinterdrivers_level2: failed to enlarge driver info buffer!\n")); - SAFE_FREE(driver_info_2); SAFE_FREE(list); return WERR_NOMEM; } - else driver_info_2 = tdi2; } for (i=0; i<ndrivers; i++) { @@ -6866,7 +6853,7 @@ static WERROR enumprinterdrivers_level3(fstring servername, fstring architecture uint32 version; fstring *list = NULL; NT_PRINTER_DRIVER_INFO_LEVEL driver; - DRIVER_INFO_3 *tdi3, *driver_info_3=NULL; + DRIVER_INFO_3 *driver_info_3=NULL; WERROR result = WERR_OK; *returned=0; @@ -6880,13 +6867,11 @@ static WERROR enumprinterdrivers_level3(fstring servername, fstring architecture return WERR_NOMEM; if(ndrivers != 0) { - if((tdi3=SMB_REALLOC_ARRAY(driver_info_3, DRIVER_INFO_3, *returned+ndrivers )) == NULL) { + if((driver_info_3=SMB_REALLOC_ARRAY(driver_info_3, DRIVER_INFO_3, *returned+ndrivers )) == NULL) { DEBUG(0,("enumprinterdrivers_level3: failed to enlarge driver info buffer!\n")); - SAFE_FREE(driver_info_3); SAFE_FREE(list); return WERR_NOMEM; } - else driver_info_3 = tdi3; } for (i=0; i<ndrivers; i++) { diff --git a/source3/sam/idmap_rid.c b/source3/sam/idmap_rid.c index 0922000fa1..58838512a6 100644 --- a/source3/sam/idmap_rid.c +++ b/source3/sam/idmap_rid.c @@ -287,7 +287,13 @@ static NTSTATUS rid_idmap_get_domains(uint32 *num_domains, fstring **domain_name *num_domains = trusted_num_domains + own_domains; *domain_names = SMB_REALLOC_ARRAY(*domain_names, fstring, *num_domains); + if (!*domain_names) { + goto out; + } *domain_sids = SMB_REALLOC_ARRAY(*domain_sids, DOM_SID, *num_domains); + if (!*domain_sids) { + goto out; + } /* first add mydomain */ fstrcpy((*domain_names)[0], domain_name); diff --git a/source3/smbd/lanman.c b/source3/smbd/lanman.c index ca6cc57cc3..a78681bad8 100644 --- a/source3/smbd/lanman.c +++ b/source3/smbd/lanman.c @@ -798,6 +798,9 @@ static BOOL api_DosPrintQGetInfo(connection_struct *conn, *rdata_len = 0; *rparam_len = 6; *rparam = SMB_REALLOC_LIMIT(*rparam,*rparam_len); + if (!*rparam) { + return False; + } SSVALS(*rparam,0,ERRunknownlevel); SSVAL(*rparam,2,0); SSVAL(*rparam,4,0); @@ -817,6 +820,9 @@ static BOOL api_DosPrintQGetInfo(connection_struct *conn, if (mdrcnt > 0) { *rdata = SMB_REALLOC_LIMIT(*rdata,mdrcnt); + if (!*rdata) { + return False; + } desc.base = *rdata; desc.buflen = mdrcnt; } else { @@ -846,6 +852,9 @@ static BOOL api_DosPrintQGetInfo(connection_struct *conn, *rdata_len = desc.usedlen; *rparam_len = 6; *rparam = SMB_REALLOC_LIMIT(*rparam,*rparam_len); + if (!*rparam) { + return False; + } SSVALS(*rparam,0,desc.errcode); SSVAL(*rparam,2,0); SSVAL(*rparam,4,desc.neededlen); @@ -896,6 +905,9 @@ static BOOL api_DosPrintQEnum(connection_struct *conn, uint16 vuid, char* param, *rdata_len = 0; *rparam_len = 6; *rparam = SMB_REALLOC_LIMIT(*rparam,*rparam_len); + if (!*rparam) { + return False; + } SSVALS(*rparam,0,ERRunknownlevel); SSVAL(*rparam,2,0); SSVAL(*rparam,4,0); @@ -1066,15 +1078,11 @@ static int get_server_info(uint32 servertype, } if (count == alloced) { - struct srv_info_struct *ts; - alloced += 10; - ts = SMB_REALLOC_ARRAY(*servers,struct srv_info_struct, alloced); - if (!ts) { + *servers = SMB_REALLOC_ARRAY(*servers,struct srv_info_struct, alloced); + if (!*servers) { DEBUG(0,("get_server_info: failed to enlarge servers info struct!\n")); return 0; - } else { - *servers = ts; } memset((char *)((*servers)+count),'\0',sizeof(**servers)*(alloced-count)); } @@ -1332,6 +1340,9 @@ static BOOL api_RNetServerEnum(connection_struct *conn, uint16 vuid, char *param *rdata_len = fixed_len + string_len; *rdata = SMB_REALLOC_LIMIT(*rdata,*rdata_len); + if (!*rdata) { + return False; + } memset(*rdata,'\0',*rdata_len); p2 = (*rdata) + fixed_len; /* auxilliary data (strings) will go here */ @@ -1359,6 +1370,9 @@ static BOOL api_RNetServerEnum(connection_struct *conn, uint16 vuid, char *param *rparam_len = 8; *rparam = SMB_REALLOC_LIMIT(*rparam,*rparam_len); + if (!*rparam) { + return False; + } SSVAL(*rparam,0,(missed == 0 ? NERR_Success : ERRmoredata)); SSVAL(*rparam,2,0); SSVAL(*rparam,4,counted); @@ -1399,6 +1413,9 @@ static BOOL api_RNetGroupGetUsers(connection_struct *conn, uint16 vuid, char *pa *rparam_len = 8; *rparam = SMB_REALLOC_LIMIT(*rparam,*rparam_len); + if (!*rparam) { + return False; + } SSVAL(*rparam,0,0x08AC); /* informational warning message */ SSVAL(*rparam,2,0); @@ -1581,6 +1598,9 @@ static BOOL api_RNetShareGetInfo(connection_struct *conn,uint16 vuid, char *para } *rdata = SMB_REALLOC_LIMIT(*rdata,mdrcnt); + if (!*rdata) { + return False; + } p = *rdata; *rdata_len = fill_share_info(conn,snum,uLevel,&p,&mdrcnt,0,0,0); if (*rdata_len < 0) { @@ -1589,6 +1609,9 @@ static BOOL api_RNetShareGetInfo(connection_struct *conn,uint16 vuid, char *para *rparam_len = 6; *rparam = SMB_REALLOC_LIMIT(*rparam,*rparam_len); + if (!*rparam) { + return False; + } SSVAL(*rparam,0,NERR_Success); SSVAL(*rparam,2,0); /* converter word */ SSVAL(*rparam,4,*rdata_len); @@ -1665,6 +1688,9 @@ static BOOL api_RNetShareEnum( connection_struct *conn, *rdata_len = fixed_len + string_len; *rdata = SMB_REALLOC_LIMIT(*rdata,*rdata_len); + if (!*rdata) { + return False; + } memset(*rdata,0,*rdata_len); p2 = (*rdata) + fixed_len; /* auxiliary data (strings) will go here */ @@ -1688,6 +1714,9 @@ static BOOL api_RNetShareEnum( connection_struct *conn, *rparam_len = 8; *rparam = SMB_REALLOC_LIMIT(*rparam,*rparam_len); + if (!*rparam) { + return False; + } SSVAL(*rparam,0,missed ? ERRmoredata : NERR_Success); SSVAL(*rparam,2,0); SSVAL(*rparam,4,counted); @@ -1792,6 +1821,9 @@ static BOOL api_RNetShareAdd(connection_struct *conn,uint16 vuid, char *param,ch *rparam_len = 6; *rparam = SMB_REALLOC_LIMIT(*rparam,*rparam_len); + if (!*rparam) { + return False; + } SSVAL(*rparam,0,NERR_Success); SSVAL(*rparam,2,0); /* converter word */ SSVAL(*rparam,4,*rdata_len); @@ -1803,6 +1835,9 @@ static BOOL api_RNetShareAdd(connection_struct *conn,uint16 vuid, char *param,ch *rparam_len = 4; *rparam = SMB_REALLOC_LIMIT(*rparam,*rparam_len); + if (!*rparam) { + return False; + } *rdata_len = 0; SSVAL(*rparam,0,res); SSVAL(*rparam,2,0); @@ -1868,6 +1903,9 @@ static BOOL api_RNetGroupEnum(connection_struct *conn,uint16 vuid, char *param,c *rdata_len = cli_buf_size; *rdata = SMB_REALLOC_LIMIT(*rdata,*rdata_len); + if (!*rdata) { + return False; + } p = *rdata; @@ -1895,7 +1933,9 @@ static BOOL api_RNetGroupEnum(connection_struct *conn,uint16 vuid, char *param,c *rparam_len = 8; *rparam = SMB_REALLOC_LIMIT(*rparam,*rparam_len); - + if (!*rparam) { + return False; + } SSVAL(*rparam, 0, errflags); SSVAL(*rparam, 2, 0); /* converter word */ SSVAL(*rparam, 4, i); /* is this right?? */ @@ -1933,6 +1973,9 @@ static BOOL api_NetUserGetGroups(connection_struct *conn,uint16 vuid, char *para *rparam_len = 8; *rparam = SMB_REALLOC_LIMIT(*rparam,*rparam_len); + if (!*rparam) { + return False; + } /* check it's a supported varient */ @@ -1952,7 +1995,9 @@ static BOOL api_NetUserGetGroups(connection_struct *conn,uint16 vuid, char *para *rdata_len = mdrcnt + 1024; *rdata = SMB_REALLOC_LIMIT(*rdata,*rdata_len); - + if (!*rdata) { + return False; + } SSVAL(*rparam,0,NERR_Success); SSVAL(*rparam,2,0); /* converter word */ @@ -2068,6 +2113,9 @@ static BOOL api_RNetUserEnum(connection_struct *conn,uint16 vuid, char *param,ch *rparam_len = 8; *rparam = SMB_REALLOC_LIMIT(*rparam,*rparam_len); + if (!*rparam) { + return False; + } /* check it's a supported varient */ if (strcmp("B21",str2) != 0) @@ -2075,6 +2123,9 @@ static BOOL api_RNetUserEnum(connection_struct *conn,uint16 vuid, char *param,ch *rdata_len = cli_buf_size; *rdata = SMB_REALLOC_LIMIT(*rdata,*rdata_len); + if (!*rdata) { + return False; + } p = *rdata; @@ -2138,9 +2189,15 @@ static BOOL api_NetRemoteTOD(connection_struct *conn,uint16 vuid, char *param,ch *rparam_len = 4; *rparam = SMB_REALLOC_LIMIT(*rparam,*rparam_len); + if (!*rparam) { + return False; + } *rdata_len = 21; *rdata = SMB_REALLOC_LIMIT(*rdata,*rdata_len); + if (!*rdata) { + return False; + } SSVAL(*rparam,0,NERR_Success); SSVAL(*rparam,2,0); /* converter word */ @@ -2194,6 +2251,9 @@ static BOOL api_SetUserPassword(connection_struct *conn,uint16 vuid, char *param *rparam_len = 4; *rparam = SMB_REALLOC_LIMIT(*rparam,*rparam_len); + if (!*rparam) { + return False; + } *rdata_len = 0; @@ -2266,6 +2326,9 @@ static BOOL api_SamOEMChangePassword(connection_struct *conn,uint16 vuid, char * char *p = param + 2; *rparam_len = 2; *rparam = SMB_REALLOC_LIMIT(*rparam,*rparam_len); + if (!*rparam) { + return False; + } *rdata_len = 0; @@ -2333,6 +2396,9 @@ static BOOL api_RDosPrintJobDel(connection_struct *conn,uint16 vuid, char *param *rparam_len = 4; *rparam = SMB_REALLOC_LIMIT(*rparam,*rparam_len); + if (!*rparam) { + return False; + } *rdata_len = 0; if (!print_job_exists(sharename, jobid)) { @@ -2396,6 +2462,9 @@ static BOOL api_WPrintQueueCtrl(connection_struct *conn,uint16 vuid, char *param *rparam_len = 4; *rparam = SMB_REALLOC_LIMIT(*rparam,*rparam_len); + if (!*rparam) { + return False; + } *rdata_len = 0; snum = print_queue_snum(QueueName); @@ -2470,6 +2539,9 @@ static BOOL api_PrintJobInfo(connection_struct *conn,uint16 vuid,char *param,cha return False; *rparam_len = 4; *rparam = SMB_REALLOC_LIMIT(*rparam,*rparam_len); + if (!*rparam) { + return False; + } if ( (snum = lp_servicenumber(sharename)) == -1 ) { DEBUG(0,("api_PrintJobInfo: unable to get service number from sharename [%s]\n", @@ -2586,6 +2658,9 @@ static BOOL api_RNetServerGetInfo(connection_struct *conn,uint16 vuid, char *par *rdata_len = mdrcnt; *rdata = SMB_REALLOC_LIMIT(*rdata,*rdata_len); + if (!*rdata) { + return False; + } p = *rdata; p2 = p + struct_len; @@ -2635,6 +2710,9 @@ static BOOL api_RNetServerGetInfo(connection_struct *conn,uint16 vuid, char *par *rparam_len = 6; *rparam = SMB_REALLOC_LIMIT(*rparam,*rparam_len); + if (!*rparam) { + return False; + } SSVAL(*rparam,0,NERR_Success); SSVAL(*rparam,2,0); /* converter word */ SSVAL(*rparam,4,*rdata_len); @@ -2661,6 +2739,9 @@ static BOOL api_NetWkstaGetInfo(connection_struct *conn,uint16 vuid, char *param *rparam_len = 6; *rparam = SMB_REALLOC_LIMIT(*rparam,*rparam_len); + if (!*rparam) { + return False; + } /* check it's a supported varient */ if (!(level==10 && strcsequal(str1,"WrLh") && strcsequal(str2,"zzzBBzz"))) { @@ -2669,6 +2750,9 @@ static BOOL api_NetWkstaGetInfo(connection_struct *conn,uint16 vuid, char *param *rdata_len = mdrcnt + 1024; *rdata = SMB_REALLOC_LIMIT(*rdata,*rdata_len); + if (!*rdata) { + return False; + } SSVAL(*rparam,0,NERR_Success); SSVAL(*rparam,2,0); /* converter word */ @@ -2908,6 +2992,9 @@ static BOOL api_RNetUserGetInfo(connection_struct *conn,uint16 vuid, char *param *rparam_len = 6; *rparam = SMB_REALLOC_LIMIT(*rparam,*rparam_len); + if (!*rparam) { + return False; + } DEBUG(4,("RNetUserGetInfo level=%d\n", uLevel)); @@ -2930,6 +3017,9 @@ static BOOL api_RNetUserGetInfo(connection_struct *conn,uint16 vuid, char *param *rdata_len = mdrcnt + 1024; *rdata = SMB_REALLOC_LIMIT(*rdata,*rdata_len); + if (!*rdata) { + return False; + } SSVAL(*rparam,0,NERR_Success); SSVAL(*rparam,2,0); /* converter word */ @@ -3082,6 +3172,9 @@ static BOOL api_WWkstaUserLogon(connection_struct *conn,uint16 vuid, char *param } if (mdrcnt > 0) { *rdata = SMB_REALLOC_LIMIT(*rdata,mdrcnt); + if (!*rdata) { + return False; + } } desc.base = *rdata; @@ -3121,6 +3214,9 @@ static BOOL api_WWkstaUserLogon(connection_struct *conn,uint16 vuid, char *param *rdata_len = desc.usedlen; *rparam_len = 6; *rparam = SMB_REALLOC_LIMIT(*rparam,*rparam_len); + if (!*rparam) { + return False; + } SSVALS(*rparam,0,desc.errcode); SSVAL(*rparam,2,0); SSVAL(*rparam,4,desc.neededlen); @@ -3156,6 +3252,9 @@ static BOOL api_WAccessGetUserPerms(connection_struct *conn,uint16 vuid, char *p *rparam_len = 6; *rparam = SMB_REALLOC_LIMIT(*rparam,*rparam_len); + if (!*rparam) { + return False; + } SSVALS(*rparam,0,0); /* errorcode */ SSVAL(*rparam,2,0); /* converter word */ SSVAL(*rparam,4,0x7f); /* permission flags */ @@ -3219,6 +3318,9 @@ static BOOL api_WPrintJobGetInfo(connection_struct *conn,uint16 vuid, char *para if (mdrcnt > 0) { *rdata = SMB_REALLOC_LIMIT(*rdata,mdrcnt); + if (!*rdata) { + return False; + } desc.base = *rdata; desc.buflen = mdrcnt; } else { @@ -3242,6 +3344,9 @@ static BOOL api_WPrintJobGetInfo(connection_struct *conn,uint16 vuid, char *para *rparam_len = 6; *rparam = SMB_REALLOC_LIMIT(*rparam,*rparam_len); + if (!*rparam) { + return False; + } SSVALS(*rparam,0,desc.errcode); SSVAL(*rparam,2,0); SSVAL(*rparam,4,desc.neededlen); @@ -3300,6 +3405,9 @@ static BOOL api_WPrintJobEnumerate(connection_struct *conn,uint16 vuid, char *pa count = print_queue_status(snum,&queue,&status); if (mdrcnt > 0) { *rdata = SMB_REALLOC_LIMIT(*rdata,mdrcnt); + if (!*rdata) { + return False; + } } desc.base = *rdata; desc.buflen = mdrcnt; @@ -3318,6 +3426,9 @@ static BOOL api_WPrintJobEnumerate(connection_struct *conn,uint16 vuid, char *pa *rparam_len = 8; *rparam = SMB_REALLOC_LIMIT(*rparam,*rparam_len); + if (!*rparam) { + return False; + } SSVALS(*rparam,0,desc.errcode); SSVAL(*rparam,2,0); SSVAL(*rparam,4,succnt); @@ -3429,6 +3540,9 @@ static BOOL api_WPrintDestGetInfo(connection_struct *conn,uint16 vuid, char *par } else { if (mdrcnt > 0) { *rdata = SMB_REALLOC_LIMIT(*rdata,mdrcnt); + if (!*rdata) { + return False; + } desc.base = *rdata; desc.buflen = mdrcnt; } else { @@ -3447,6 +3561,9 @@ static BOOL api_WPrintDestGetInfo(connection_struct *conn,uint16 vuid, char *par *rparam_len = 6; *rparam = SMB_REALLOC_LIMIT(*rparam,*rparam_len); + if (!*rparam) { + return False; + } SSVALS(*rparam,0,desc.errcode); SSVAL(*rparam,2,0); SSVAL(*rparam,4,desc.neededlen); @@ -3494,6 +3611,9 @@ static BOOL api_WPrintDestEnum(connection_struct *conn,uint16 vuid, char *param, if (mdrcnt > 0) { *rdata = SMB_REALLOC_LIMIT(*rdata,mdrcnt); + if (!*rdata) { + return False; + } } desc.base = *rdata; @@ -3516,6 +3636,9 @@ static BOOL api_WPrintDestEnum(connection_struct *conn,uint16 vuid, char *param, *rparam_len = 8; *rparam = SMB_REALLOC_LIMIT(*rparam,*rparam_len); + if (!*rparam) { + return False; + } SSVALS(*rparam,0,desc.errcode); SSVAL(*rparam,2,0); SSVAL(*rparam,4,succnt); @@ -3554,6 +3677,9 @@ static BOOL api_WPrintDriverEnum(connection_struct *conn,uint16 vuid, char *para if (mdrcnt > 0) { *rdata = SMB_REALLOC_LIMIT(*rdata,mdrcnt); + if (!*rdata) { + return False; + } } desc.base = *rdata; desc.buflen = mdrcnt; @@ -3567,6 +3693,9 @@ static BOOL api_WPrintDriverEnum(connection_struct *conn,uint16 vuid, char *para *rparam_len = 8; *rparam = SMB_REALLOC_LIMIT(*rparam,*rparam_len); + if (!*rparam) { + return False; + } SSVALS(*rparam,0,desc.errcode); SSVAL(*rparam,2,0); SSVAL(*rparam,4,succnt); @@ -3605,6 +3734,9 @@ static BOOL api_WPrintQProcEnum(connection_struct *conn,uint16 vuid, char *param if (mdrcnt > 0) { *rdata = SMB_REALLOC_LIMIT(*rdata,mdrcnt); + if (!*rdata) { + return False; + } } desc.base = *rdata; desc.buflen = mdrcnt; @@ -3619,6 +3751,9 @@ static BOOL api_WPrintQProcEnum(connection_struct *conn,uint16 vuid, char *param *rparam_len = 8; *rparam = SMB_REALLOC_LIMIT(*rparam,*rparam_len); + if (!*rparam) { + return False; + } SSVALS(*rparam,0,desc.errcode); SSVAL(*rparam,2,0); SSVAL(*rparam,4,succnt); @@ -3657,6 +3792,9 @@ static BOOL api_WPrintPortEnum(connection_struct *conn,uint16 vuid, char *param, if (mdrcnt > 0) { *rdata = SMB_REALLOC_LIMIT(*rdata,mdrcnt); + if (!*rdata) { + return False; + } } memset((char *)&desc,'\0',sizeof(desc)); desc.base = *rdata; @@ -3672,6 +3810,9 @@ static BOOL api_WPrintPortEnum(connection_struct *conn,uint16 vuid, char *param, *rparam_len = 8; *rparam = SMB_REALLOC_LIMIT(*rparam,*rparam_len); + if (!*rparam) { + return False; + } SSVALS(*rparam,0,desc.errcode); SSVAL(*rparam,2,0); SSVAL(*rparam,4,succnt); @@ -3720,6 +3861,9 @@ static BOOL api_RNetSessionEnum(connection_struct *conn,uint16 vuid, char *param if (mdrcnt > 0) { *rdata = SMB_REALLOC_LIMIT(*rdata,mdrcnt); + if (!*rdata) { + return False; + } } memset((char *)&desc,'\0',sizeof(desc)); desc.base = *rdata; @@ -3745,6 +3889,9 @@ static BOOL api_RNetSessionEnum(connection_struct *conn,uint16 vuid, char *param *rparam_len = 8; *rparam = SMB_REALLOC_LIMIT(*rparam,*rparam_len); + if (!*rparam) { + return False; + } SSVALS(*rparam,0,desc.errcode); SSVAL(*rparam,2,0); /* converter */ SSVAL(*rparam,4,num_sessions); /* count */ @@ -3766,6 +3913,9 @@ static BOOL api_TooSmall(connection_struct *conn,uint16 vuid, char *param, char { *rparam_len = MIN(*rparam_len,mprcnt); *rparam = SMB_REALLOC_LIMIT(*rparam,*rparam_len); + if (!*rparam) { + return False; + } *rdata_len = 0; @@ -3787,6 +3937,9 @@ static BOOL api_Unsupported(connection_struct *conn, uint16 vuid, char *param, c { *rparam_len = 4; *rparam = SMB_REALLOC_LIMIT(*rparam,*rparam_len); + if (!*rparam) { + return False; + } *rdata_len = 0; @@ -3919,11 +4072,14 @@ int api_reply(connection_struct *conn,uint16 vuid,char *outbuf,char *data,char * /* if we get False back then it's actually unsupported */ if (!reply) { - api_Unsupported(conn,vuid,params,data,mdrcnt,mprcnt, + reply = api_Unsupported(conn,vuid,params,data,mdrcnt,mprcnt, &rdata,&rparam,&rdata_len,&rparam_len); } - send_trans_reply(outbuf, rparam, rparam_len, rdata, rdata_len, False); + /* If api_Unsupported returns false we can't return anything. */ + if (reply) { + send_trans_reply(outbuf, rparam, rparam_len, rdata, rdata_len, False); + } SAFE_FREE(rdata); SAFE_FREE(rparam); diff --git a/source3/smbd/msdfs.c b/source3/smbd/msdfs.c index 4f7858d985..955197a425 100644 --- a/source3/smbd/msdfs.c +++ b/source3/smbd/msdfs.c @@ -643,9 +643,8 @@ static int setup_ver2_dfs_referral(char *pathname, char **ppdata, if(pdata == NULL) { DEBUG(0,("malloc failed for Realloc!\n")); return -1; - } else { - *ppdata = pdata; } + *ppdata = pdata; /* copy in the dfs requested paths.. required for offset calculations */ memcpy(pdata+uni_reqpathoffset1,uni_requestedpath,requestedpathlen); @@ -729,9 +728,8 @@ static int setup_ver3_dfs_referral(char *pathname, char **ppdata, if(pdata == NULL) { DEBUG(0,("version3 referral setup: malloc failed for Realloc!\n")); return -1; - } else { - *ppdata = pdata; } + *ppdata = pdata; /* create the header */ SSVAL(pdata,0,consumedcnt * 2); /* path consumed */ diff --git a/source3/smbd/nttrans.c b/source3/smbd/nttrans.c index 417e3421cb..796eb44332 100644 --- a/source3/smbd/nttrans.c +++ b/source3/smbd/nttrans.c @@ -48,21 +48,16 @@ static const char *known_nt_pipes[] = { static char *nttrans_realloc(char **ptr, size_t size) { - char *tptr = NULL; if (ptr==NULL) { smb_panic("nttrans_realloc() called with NULL ptr\n"); } - tptr = SMB_REALLOC(*ptr, size); - if(tptr == NULL) { - *ptr = NULL; + *ptr = SMB_REALLOC(*ptr, size); + if(*ptr == NULL) { return NULL; } - memset(tptr,'\0',size); - - *ptr = tptr; - - return tptr; + memset(*ptr,'\0',size); + return *ptr; } /**************************************************************************** diff --git a/source3/smbd/password.c b/source3/smbd/password.c index 782a8c2b89..8b88990e2f 100644 --- a/source3/smbd/password.c +++ b/source3/smbd/password.c @@ -383,7 +383,7 @@ void add_session_user(const char *user) "too large.\n")); return; } - newlist = (char *)SMB_REALLOC( + newlist = (char *)SMB_REALLOC_KEEP_OLD_ON_ERROR( session_userlist, len_session_userlist + PSTRING_LEN ); if( newlist == NULL ) { diff --git a/source3/smbd/session.c b/source3/smbd/session.c index 27f760a088..41f8fd0ed4 100644 --- a/source3/smbd/session.c +++ b/source3/smbd/session.c @@ -224,6 +224,10 @@ static int gather_sessioninfo(TDB_CONTEXT *stdb, TDB_DATA kbuf, TDB_DATA dbuf, sesslist->count += 1; sesslist->sessions = SMB_REALLOC_ARRAY(sesslist->sessions, struct sessionid, sesslist->count); + if (!sesslist->sessions) { + sesslist->count = 0; + return -1; + } memcpy(&sesslist->sessions[sesslist->count - 1], current, sizeof(struct sessionid)); diff --git a/source3/smbd/trans2.c b/source3/smbd/trans2.c index 6da71039f0..9cd2d44de5 100644 --- a/source3/smbd/trans2.c +++ b/source3/smbd/trans2.c @@ -870,11 +870,11 @@ static int call_trans2open(connection_struct *conn, char *inbuf, char *outbuf, i } /* Realloc the size of parameters and data we will return */ - params = SMB_REALLOC(*pparams, 30); - if( params == NULL ) { + *pparams = SMB_REALLOC(*pparams, 30); + if(*pparams == NULL ) { return ERROR_NT(NT_STATUS_NO_MEMORY); } - *pparams = params; + params = *pparams; SSVAL(params,0,fsp->fnum); SSVAL(params,2,open_attr); @@ -1711,21 +1711,20 @@ total_data=%u (should be %u)\n", (unsigned int)total_data, (unsigned int)IVAL(pd } } - pdata = SMB_REALLOC(*ppdata, max_data_bytes + DIR_ENTRY_SAFETY_MARGIN); - if( pdata == NULL ) { + *ppdata = SMB_REALLOC(*ppdata, max_data_bytes + DIR_ENTRY_SAFETY_MARGIN); + if(*ppdata == NULL ) { talloc_destroy(ea_ctx); return ERROR_NT(NT_STATUS_NO_MEMORY); } - - *ppdata = pdata; + pdata = *ppdata; /* Realloc the params space */ - params = SMB_REALLOC(*pparams, 10); - if (params == NULL) { + *pparams = SMB_REALLOC(*pparams, 10); + if (*pparams == NULL) { talloc_destroy(ea_ctx); return ERROR_NT(NT_STATUS_NO_MEMORY); } - *pparams = params; + params = *pparams; /* Save the wildcard match and attribs we are using on this directory - needed as lanman2 assumes these are being saved between calls */ @@ -1962,22 +1961,22 @@ total_data=%u (should be %u)\n", (unsigned int)total_data, (unsigned int)IVAL(pd } } - pdata = SMB_REALLOC( *ppdata, max_data_bytes + DIR_ENTRY_SAFETY_MARGIN); - if(pdata == NULL) { + *ppdata = SMB_REALLOC( *ppdata, max_data_bytes + DIR_ENTRY_SAFETY_MARGIN); + if(*ppdata == NULL) { talloc_destroy(ea_ctx); return ERROR_NT(NT_STATUS_NO_MEMORY); } - *ppdata = pdata; + pdata = *ppdata; /* Realloc the params space */ - params = SMB_REALLOC(*pparams, 6*SIZEOFWORD); - if( params == NULL ) { + *pparams = SMB_REALLOC(*pparams, 6*SIZEOFWORD); + if(*pparams == NULL ) { talloc_destroy(ea_ctx); return ERROR_NT(NT_STATUS_NO_MEMORY); } - *pparams = params; + params = *pparams; /* Check that the dptr is valid */ if(!(conn->dirptr = dptr_fetch_lanman2(dptr_num))) { @@ -2134,12 +2133,12 @@ static int call_trans2qfsinfo(connection_struct *conn, char *inbuf, char *outbuf return ERROR_DOS(ERRSRV,ERRinvdevice); } - pdata = SMB_REALLOC(*ppdata, max_data_bytes + DIR_ENTRY_SAFETY_MARGIN); - if ( pdata == NULL ) { + *ppdata = SMB_REALLOC(*ppdata, max_data_bytes + DIR_ENTRY_SAFETY_MARGIN); + if (*ppdata == NULL ) { return ERROR_NT(NT_STATUS_NO_MEMORY); } - *ppdata = pdata; + pdata = *ppdata; memset((char *)pdata,'\0',max_data_bytes + DIR_ENTRY_SAFETY_MARGIN); switch (info_level) { @@ -2943,20 +2942,20 @@ total_data=%u (should be %u)\n", (unsigned int)total_data, (unsigned int)IVAL(pd } } - params = SMB_REALLOC(*pparams,2); - if (params == NULL) { + *pparams = SMB_REALLOC(*pparams,2); + if (*pparams == NULL) { talloc_destroy(ea_ctx); return ERROR_NT(NT_STATUS_NO_MEMORY); } - *pparams = params; + params = *pparams; SSVAL(params,0,0); data_size = max_data_bytes + DIR_ENTRY_SAFETY_MARGIN; - pdata = SMB_REALLOC(*ppdata, data_size); - if ( pdata == NULL ) { + *ppdata = SMB_REALLOC(*ppdata, data_size); + if (*ppdata == NULL ) { talloc_destroy(ea_ctx); return ERROR_NT(NT_STATUS_NO_MEMORY); } - *ppdata = pdata; + pdata = *ppdata; c_time = get_create_time(&sbuf,lp_fake_dir_create_times(SNUM(conn))); @@ -3683,11 +3682,11 @@ static int call_trans2setfilepathinfo(connection_struct *conn, char *inbuf, char tran_call,fname, fsp ? fsp->fnum : -1, info_level,total_data)); /* Realloc the parameter size */ - params = SMB_REALLOC(*pparams,2); - if(params == NULL) { + *pparams = SMB_REALLOC(*pparams,2); + if (*pparams == NULL) { return ERROR_NT(NT_STATUS_NO_MEMORY); } - *pparams = params; + params = *pparams; SSVAL(params,0,0); @@ -4543,11 +4542,11 @@ static int call_trans2mkdir(connection_struct *conn, char *inbuf, char *outbuf, } /* Realloc the parameter and data sizes */ - params = SMB_REALLOC(*pparams,2); - if(params == NULL) { + *pparams = SMB_REALLOC(*pparams,2); + if(*pparams == NULL) { return ERROR_NT(NT_STATUS_NO_MEMORY); } - *pparams = params; + params = *pparams; SSVAL(params,0,0); @@ -4585,11 +4584,11 @@ static int call_trans2findnotifyfirst(connection_struct *conn, char *inbuf, char } /* Realloc the parameter and data sizes */ - params = SMB_REALLOC(*pparams,6); - if(params == NULL) { + *pparams = SMB_REALLOC(*pparams,6); + if (*pparams == NULL) { return ERROR_NT(NT_STATUS_NO_MEMORY); } - *pparams = params; + params = *pparams; SSVAL(params,0,fnf_handle); SSVAL(params,2,0); /* No changes */ @@ -4619,11 +4618,11 @@ static int call_trans2findnotifynext(connection_struct *conn, char *inbuf, char DEBUG(3,("call_trans2findnotifynext\n")); /* Realloc the parameter and data sizes */ - params = SMB_REALLOC(*pparams,4); - if(params == NULL) { + *pparams = SMB_REALLOC(*pparams,4); + if (*pparams == NULL) { return ERROR_NT(NT_STATUS_NO_MEMORY); } - *pparams = params; + params = *pparams; SSVAL(params,0,0); /* No changes */ SSVAL(params,2,0); /* No EA errors */ @@ -4688,11 +4687,11 @@ static int call_trans2ioctl(connection_struct *conn, char* inbuf, char* outbuf, if ((SVAL(inbuf,(smb_setup+4)) == LMCAT_SPL) && (SVAL(inbuf,(smb_setup+6)) == LMFUNC_GETJOBID)) { - pdata = SMB_REALLOC(*ppdata, 32); - if(pdata == NULL) { + *ppdata = SMB_REALLOC(*ppdata, 32); + if (*ppdata == NULL) { return ERROR_NT(NT_STATUS_NO_MEMORY); } - *ppdata = pdata; + pdata = *ppdata; /* NOTE - THIS IS ASCII ONLY AT THE MOMENT - NOT SURE IF OS/2 CAN ACCEPT THIS IN UNICODE. JRA. */ diff --git a/source3/tdb/tdbutil.c b/source3/tdb/tdbutil.c index 5301100632..09baff072f 100644 --- a/source3/tdb/tdbutil.c +++ b/source3/tdb/tdbutil.c @@ -495,21 +495,24 @@ BOOL tdb_pack_append(TALLOC_CTX *mem_ctx, uint8 **buf, size_t *len, len1 = tdb_pack_va(NULL, 0, fmt, ap); va_end(ap); - if (mem_ctx != NULL) + if (mem_ctx != NULL) { *buf = TALLOC_REALLOC_ARRAY(mem_ctx, *buf, uint8, (*len) + len1); - else + } else { *buf = SMB_REALLOC_ARRAY(*buf, uint8, (*len) + len1); + } - if (*buf == NULL) + if (*buf == NULL) { return False; + } va_start(ap, fmt); len2 = tdb_pack_va((char *)(*buf)+(*len), len1, fmt, ap); va_end(ap); - if (len1 != len2) + if (len1 != len2) { return False; + } *len += len2; diff --git a/source3/torture/nsstest.c b/source3/torture/nsstest.c index 585a592bdc..d2b17f0f63 100644 --- a/source3/torture/nsstest.c +++ b/source3/torture/nsstest.c @@ -174,6 +174,9 @@ again: if (status == NSS_STATUS_TRYAGAIN) { buflen *= 2; buf = SMB_REALLOC(buf, buflen); + if (!buf) { + return NULL; + } goto again; } if (status == NSS_STATUS_NOTFOUND) { @@ -205,6 +208,9 @@ again: if (status == NSS_STATUS_TRYAGAIN) { buflen *= 2; buf = SMB_REALLOC(buf, buflen); + if (!buf) { + return NULL; + } goto again; } if (status == NSS_STATUS_NOTFOUND) { @@ -237,6 +243,9 @@ again: if (status == NSS_STATUS_TRYAGAIN) { buflen *= 2; buf = SMB_REALLOC(buf, buflen); + if (!buf) { + return NULL; + } goto again; } if (status == NSS_STATUS_NOTFOUND) { diff --git a/source3/utils/net_rpc.c b/source3/utils/net_rpc.c index 0cedbd78ab..ada246e117 100644 --- a/source3/utils/net_rpc.c +++ b/source3/utils/net_rpc.c @@ -4094,6 +4094,9 @@ static void add_sid_to_token(NT_USER_TOKEN *token, DOM_SID *sid) return; token->user_sids = SMB_REALLOC_ARRAY(token->user_sids, DOM_SID, token->num_sids+1); + if (!token->user_sids) { + return; + } sid_copy(&token->user_sids[token->num_sids], sid); @@ -4477,6 +4480,10 @@ static void collect_share(const char *name, uint32 m, share_list->num_shares += 1; share_list->shares = SMB_REALLOC_ARRAY(share_list->shares, char *, share_list->num_shares); + if (!share_list->shares) { + share_list->num_shares = 0; + return; + } share_list->shares[share_list->num_shares-1] = SMB_STRDUP(name); } diff --git a/source3/utils/net_rpc_samsync.c b/source3/utils/net_rpc_samsync.c index 05ff28ad65..d5fc4b5c58 100644 --- a/source3/utils/net_rpc_samsync.c +++ b/source3/utils/net_rpc_samsync.c @@ -1820,6 +1820,8 @@ static NTSTATUS fetch_database_to_ldif(struct rpc_pipe_client *pipe_hnd, num_deltas+num_alloced); if (groupmap == NULL || accountmap == NULL) { DEBUG(1,("GROUPMAP malloc failed\n")); + SAFE_FREE(groupmap); + SAFE_FREE(accountmap); return NT_STATUS_NO_MEMORY; } diff --git a/source3/utils/net_status.c b/source3/utils/net_status.c index d3b1bae276..d85bd27b16 100644 --- a/source3/utils/net_status.c +++ b/source3/utils/net_status.c @@ -130,6 +130,10 @@ static int collect_pid(TDB_CONTEXT *tdb, TDB_DATA kbuf, TDB_DATA dbuf, ids->num_entries += 1; ids->entries = SMB_REALLOC_ARRAY(ids->entries, struct sessionid, ids->num_entries); + if (!ids->entries) { + ids->num_entries = 0; + return 0; + } ids->entries[ids->num_entries-1] = sessionid; return 0; diff --git a/source3/web/cgi.c b/source3/web/cgi.c index d1cd38eb51..b764b6d628 100644 --- a/source3/web/cgi.c +++ b/source3/web/cgi.c @@ -59,7 +59,7 @@ static char *grab_line(FILE *f, int *cl) char *ret2; if (len == 0) len = 1024; else len *= 2; - ret2 = (char *)SMB_REALLOC(ret, len); + ret2 = (char *)SMB_REALLOC_KEEP_OLD_ON_ERROR(ret, len); if (!ret2) return ret; ret = ret2; } |