diff options
27 files changed, 162 insertions, 82 deletions
diff --git a/source3/client/client.c b/source3/client/client.c index a285bccfe7..0b4438d6b2 100644 --- a/source3/client/client.c +++ b/source3/client/client.c @@ -4899,7 +4899,10 @@ static int do_message_op(void) } smb_encrypt = get_cmdline_auth_info_smb_encrypt(); - init_names(); + if (!init_names()) { + fprintf(stderr, "init_names() failed\n"); + exit(1); + } if(new_name_resolve_order) lp_set_name_resolve_order(new_name_resolve_order); diff --git a/source3/include/rpc_client.h b/source3/include/rpc_client.h index e1ebb2509d..c552271ee7 100644 --- a/source3/include/rpc_client.h +++ b/source3/include/rpc_client.h @@ -36,6 +36,8 @@ #include "librpc/gen_ndr/cli_dssetup.h" #include "librpc/gen_ndr/cli_ntsvcs.h" +#define prs_init_empty( _ps_, _ctx_, _io_ ) (void) prs_init((_ps_), 0, (_ctx_), (_io_)) + /* macro to expand cookie-cutter code in cli_xxx() using rpc_api_pipe_req() */ #define CLI_DO_RPC_INTERNAL( pcli, ctx, p_idx, opnum, q_in, r_out, \ @@ -45,10 +47,7 @@ if (!prs_init( &q_ps, RPC_MAX_PDU_FRAG_LEN, ctx, MARSHALL )) { \ return NT_STATUS_NO_MEMORY;\ }\ - if (!prs_init( &r_ps, 0, ctx, UNMARSHALL )) {\ - prs_mem_free( &q_ps );\ - return NT_STATUS_NO_MEMORY;\ - }\ + prs_init_empty( &r_ps, ctx, UNMARSHALL );\ if ( copy_sess_key) prs_set_session_key(&q_ps, (const char *)pcli->dc->sess_key);\ if ( q_io_fn("", &q_in, &q_ps, 0) ) {\ NTSTATUS _smb_pipe_stat_ = rpc_api_pipe_req(pcli, opnum, &q_ps, &r_ps); \ @@ -96,10 +95,7 @@ if (!prs_init( &q_ps, RPC_MAX_PDU_FRAG_LEN, ctx, MARSHALL )) { \ return WERR_NOMEM;\ }\ - if (!prs_init( &r_ps, 0, ctx, UNMARSHALL )) {\ - prs_mem_free( &q_ps );\ - return WERR_NOMEM;\ - }\ + prs_init_empty( &r_ps, ctx, UNMARSHALL );\ if ( q_io_fn("", &q_in, &q_ps, 0) ) {\ NTSTATUS _smb_pipe_stat_ = rpc_api_pipe_req(pcli, opnum, &q_ps, &r_ps); \ if (!NT_STATUS_IS_OK(_smb_pipe_stat_)) {\ diff --git a/source3/lib/sock_exec.c b/source3/lib/sock_exec.c index 278a174663..2333d7c739 100644 --- a/source3/lib/sock_exec.c +++ b/source3/lib/sock_exec.c @@ -48,7 +48,7 @@ static int socketpair_tcp(int fd[2]) #endif sock2.sin_family = PF_INET; - bind(listener, (struct sockaddr *)&sock2, sizeof(sock2)); + if (bind(listener, (struct sockaddr *)&sock2, sizeof(sock2)) != 0) goto failed; if (listen(listener, 1) != 0) goto failed; diff --git a/source3/libads/kerberos.c b/source3/libads/kerberos.c index ee25fb5551..66f203b12d 100644 --- a/source3/libads/kerberos.c +++ b/source3/libads/kerberos.c @@ -606,9 +606,11 @@ bool kerberos_secrets_store_salting_principal(const char *service, krb5_principal princ = NULL; char *princ_s = NULL; char *unparsed_name = NULL; + krb5_error_code code; - krb5_init_context(&context); - if (!context) { + if (((code = krb5_init_context(&context)) != 0) || (context == NULL)) { + DEBUG(5, ("kerberos_secrets_store_salting_pricipal: kdb5_init_context failed: %s\n", + error_message(code))); return False; } if (strchr_m(service, '@')) { diff --git a/source3/libads/krb5_setpw.c b/source3/libads/krb5_setpw.c index 852251a476..719f3bd3ec 100644 --- a/source3/libads/krb5_setpw.c +++ b/source3/libads/krb5_setpw.c @@ -438,10 +438,21 @@ static ADS_STATUS do_krb5_kpasswd_request(krb5_context context, return ADS_ERROR_SYSTEM(rc); } addr_len = sizeof(remote_addr); - getpeername(sock, (struct sockaddr *)&remote_addr, &addr_len); + if (getpeername(sock, (struct sockaddr *)&remote_addr, &addr_len) != 0) { + close(sock); + SAFE_FREE(ap_req.data); + krb5_auth_con_free(context, auth_context); + DEBUG(1,("getpeername() failed (%s)\n", error_message(errno))); + return ADS_ERROR_SYSTEM(errno); + } addr_len = sizeof(local_addr); - getsockname(sock, (struct sockaddr *)&local_addr, &addr_len); - + if (getsockname(sock, (struct sockaddr *)&local_addr, &addr_len) != 0) { + close(sock); + SAFE_FREE(ap_req.data); + krb5_auth_con_free(context, auth_context); + DEBUG(1,("getsockname() failed (%s)\n", error_message(errno))); + return ADS_ERROR_SYSTEM(errno); + } if (!setup_kaddr(&remote_kaddr, &remote_addr) || !setup_kaddr(&local_kaddr, &local_addr)) { DEBUG(1,("do_krb5_kpasswd_request: " diff --git a/source3/libads/ldap.c b/source3/libads/ldap.c index d6b9ba622b..9ec06e5a1d 100644 --- a/source3/libads/ldap.c +++ b/source3/libads/ldap.c @@ -588,7 +588,10 @@ static char **ads_push_strvals(TALLOC_CTX *ctx, const char **in_vals) if (!values) return NULL; for (i=0; in_vals[i]; i++) { - push_utf8_talloc(ctx, &values[i], in_vals[i]); + if (push_utf8_talloc(ctx, &values[i], in_vals[i]) == (size_t) -1) { + TALLOC_FREE(values); + return NULL; + } } return values; } diff --git a/source3/nsswitch/wins.c b/source3/nsswitch/wins.c index e74cfaf69f..36415c42b5 100644 --- a/source3/nsswitch/wins.c +++ b/source3/nsswitch/wins.c @@ -58,9 +58,15 @@ static int wins_lookup_open_socket_in(void) if (res == -1) return -1; - setsockopt(res,SOL_SOCKET,SO_REUSEADDR,(char *)&val,sizeof(val)); + if (setsockopt(res,SOL_SOCKET,SO_REUSEADDR,(char *)&val,sizeof(val)) != 0) { + close(res); + return -1; + } #ifdef SO_REUSEPORT - setsockopt(res,SOL_SOCKET,SO_REUSEPORT,(char *)&val,sizeof(val)); + if (setsockopt(res,SOL_SOCKET,SO_REUSEPORT,(char *)&val,sizeof(val)) != 0) { + close(res); + return -1; + } #endif /* SO_REUSEPORT */ /* now we've got a socket - we need to bind it */ diff --git a/source3/passdb/pdb_ldap.c b/source3/passdb/pdb_ldap.c index d941abb00e..cf5b72bc7c 100644 --- a/source3/passdb/pdb_ldap.c +++ b/source3/passdb/pdb_ldap.c @@ -1726,10 +1726,16 @@ static NTSTATUS ldapsam_modify_entry(struct pdb_methods *my_methods, return NT_STATUS_UNSUCCESSFUL; } - ber_printf (ber, "{"); - ber_printf (ber, "ts", LDAP_TAG_EXOP_MODIFY_PASSWD_ID, utf8_dn); - ber_printf (ber, "ts", LDAP_TAG_EXOP_MODIFY_PASSWD_NEW, utf8_password); - ber_printf (ber, "n}"); + if ((ber_printf (ber, "{") < 0) || + (ber_printf (ber, "ts", LDAP_TAG_EXOP_MODIFY_PASSWD_ID, utf8_dn) < 0) || + (ber_printf (ber, "ts", LDAP_TAG_EXOP_MODIFY_PASSWD_NEW, utf8_password) < 0) || + (ber_printf (ber, "n}") < 0)) { + DEBUG(0,("ldapsam_modify_entry: ber_printf returns a value <0\n")); + ber_free(ber,1); + SAFE_FREE(utf8_dn); + SAFE_FREE(utf8_password); + return NT_STATUS_UNSUCCESSFUL; + } if ((rc = ber_flatten (ber, &bv))<0) { DEBUG(0,("ldapsam_modify_entry: ber_flatten returns a value <0\n")); diff --git a/source3/passdb/pdb_smbpasswd.c b/source3/passdb/pdb_smbpasswd.c index 70944a9596..f72638bed5 100644 --- a/source3/passdb/pdb_smbpasswd.c +++ b/source3/passdb/pdb_smbpasswd.c @@ -1251,8 +1251,10 @@ static bool build_sam_account(struct smbpasswd_privates *smbpasswd_state, /* set remaining fields */ - pdb_set_nt_passwd (sam_pass, pw_buf->smb_nt_passwd, PDB_SET); - pdb_set_lanman_passwd (sam_pass, pw_buf->smb_passwd, PDB_SET); + if (!pdb_set_nt_passwd (sam_pass, pw_buf->smb_nt_passwd, PDB_SET)) + return False; + if (!pdb_set_lanman_passwd (sam_pass, pw_buf->smb_passwd, PDB_SET)) + return False; pdb_set_acct_ctrl (sam_pass, pw_buf->acct_ctrl, PDB_SET); pdb_set_pass_last_set_time (sam_pass, pw_buf->pass_last_set_time, PDB_SET); pdb_set_pass_can_change_time (sam_pass, pw_buf->pass_last_set_time, PDB_SET); diff --git a/source3/printing/nt_printing.c b/source3/printing/nt_printing.c index d5803b711b..04dde0e8a0 100644 --- a/source3/printing/nt_printing.c +++ b/source3/printing/nt_printing.c @@ -358,7 +358,7 @@ static int sec_desc_upg_fn( TDB_CONTEXT *the_tdb, TDB_DATA key, ZERO_STRUCT( ps ); - prs_init( &ps, 0, ctx, UNMARSHALL ); + prs_init_empty( &ps, ctx, UNMARSHALL ); prs_give_memory( &ps, (char *)data.dptr, data.dsize, False ); if ( !sec_io_desc_buf( "sec_desc_upg_fn", &sd_orig, &ps, 1 ) ) { @@ -405,7 +405,10 @@ static int sec_desc_upg_fn( TDB_CONTEXT *the_tdb, TDB_DATA key, /* create a new SEC_DESC with the appropriate owner and group SIDs */ - string_to_sid(&sid, "S-1-5-32-544" ); + if (!string_to_sid(&sid, "S-1-5-32-544" )) { + prs_mem_free( &ps ); + return 0; + } new_sec = make_sec_desc( ctx, SEC_DESC_REVISION, SEC_DESC_SELF_RELATIVE, &sid, &sid, NULL, NULL, &size_new_sec ); @@ -431,7 +434,10 @@ static int sec_desc_upg_fn( TDB_CONTEXT *the_tdb, TDB_DATA key, sd_size = ndr_size_security_descriptor(sd_store->sd, 0) + sizeof(SEC_DESC_BUF); - prs_init(&ps, sd_size, ctx, MARSHALL); + if ( !prs_init(&ps, sd_size, ctx, MARSHALL) ) { + DEBUG(0,("sec_desc_upg_fn: Failed to allocate prs memory for %s\n", key.dptr )); + return 0; + } if ( !sec_io_desc_buf( "sec_desc_upg_fn", &sd_store, &ps, 1 ) ) { DEBUG(0,("sec_desc_upg_fn: Failed to parse new sec_desc for %s\n", key.dptr )); @@ -4551,7 +4557,7 @@ static bool convert_driver_init( TALLOC_CTX *ctx, NT_DEVICEMODE *nt_devmode, uin ZERO_STRUCT(devmode); - prs_init(&ps, 0, ctx, UNMARSHALL); + prs_init_empty(&ps, ctx, UNMARSHALL); ps.data_p = (char *)data; ps.buffer_size = data_len; @@ -5396,9 +5402,13 @@ WERROR nt_printing_setsec(const char *sharename, SEC_DESC_BUF *secdesc_ctr) /* Store the security descriptor in a tdb */ - prs_init(&ps, - (uint32)ndr_size_security_descriptor(new_secdesc_ctr->sd, 0) - + sizeof(SEC_DESC_BUF), mem_ctx, MARSHALL); + if (!prs_init(&ps, + (uint32)ndr_size_security_descriptor(new_secdesc_ctr->sd, 0) + + sizeof(SEC_DESC_BUF), mem_ctx, MARSHALL) ) { + status = WERR_NOMEM; + goto out; + } + prs_init_done = true; @@ -5546,8 +5556,9 @@ bool nt_printing_getsec(TALLOC_CTX *ctx, const char *sharename, SEC_DESC_BUF **s /* Save default security descriptor for later */ - prs_init(&ps, (uint32)ndr_size_security_descriptor((*secdesc_ctr)->sd, 0) + - sizeof(SEC_DESC_BUF), ctx, MARSHALL); + if (!prs_init(&ps, (uint32)ndr_size_security_descriptor((*secdesc_ctr)->sd, 0) + + sizeof(SEC_DESC_BUF), ctx, MARSHALL)) + return False; if (sec_io_desc_buf("nt_printing_getsec", secdesc_ctr, &ps, 1)) { tdb_prs_store(tdb_printers, kbuf, &ps); diff --git a/source3/registry/reg_backend_printing.c b/source3/registry/reg_backend_printing.c index a4da103d40..582989d8d1 100644 --- a/source3/registry/reg_backend_printing.c +++ b/source3/registry/reg_backend_printing.c @@ -443,7 +443,8 @@ static void fill_in_printer_values( NT_PRINTER_INFO_LEVEL_2 *info2, REGVAL_CTR * /* use a prs_struct for converting the devmode and security descriptor to REG_BINARY */ - prs_init( &prs, RPC_MAX_PDU_FRAG_LEN, values, MARSHALL); + if (!prs_init( &prs, RPC_MAX_PDU_FRAG_LEN, values, MARSHALL)) + return; /* stream the device mode */ diff --git a/source3/registry/regfio.c b/source3/registry/regfio.c index 1c3aad7a25..9eb2c58298 100644 --- a/source3/registry/regfio.c +++ b/source3/registry/regfio.c @@ -123,7 +123,10 @@ static int read_block( REGF_FILE *file, prs_struct *ps, uint32 file_offset, uint return -1; } - prs_init( ps, block_size, file->mem_ctx, UNMARSHALL ); + if (!prs_init( ps, block_size, file->mem_ctx, UNMARSHALL )) { + DEBUG(0,("read_block: prs_init() failed! (%s)\n", strerror(errno) )); + return -1; + } buffer = prs_data_p( ps ); bytes_read = returned = 0; diff --git a/source3/rpc_client/cli_pipe.c b/source3/rpc_client/cli_pipe.c index c89c5531d7..1fd06f868e 100644 --- a/source3/rpc_client/cli_pipe.c +++ b/source3/rpc_client/cli_pipe.c @@ -683,7 +683,7 @@ static NTSTATUS cli_pipe_reset_current_pdu(struct rpc_pipe_client *cli, RPC_HDR /* Common case. */ if (current_pdu_len == (uint32)prhdr->frag_len) { prs_mem_free(current_pdu); - prs_init(current_pdu, 0, prs_get_mem_context(current_pdu), UNMARSHALL); + prs_init_empty(current_pdu, prs_get_mem_context(current_pdu), UNMARSHALL); /* Make current_pdu dynamic with no memory. */ prs_give_memory(current_pdu, 0, 0, True); return NT_STATUS_OK; @@ -757,7 +757,7 @@ static NTSTATUS rpc_api_pipe(struct rpc_pipe_client *cli, #endif /* Set up the current pdu parse struct. */ - prs_init(¤t_pdu, 0, prs_get_mem_context(rbuf), UNMARSHALL); + prs_init_empty(¤t_pdu, prs_get_mem_context(rbuf), UNMARSHALL); /* Create setup parameters - must be in native byte order. */ setup[0] = TRANSACT_DCERPCCMD; @@ -1183,7 +1183,8 @@ static NTSTATUS create_rpc_bind_req(struct rpc_pipe_client *cli, NTSTATUS ret = NT_STATUS_OK; ZERO_STRUCT(hdr_auth); - prs_init(&auth_info, RPC_HDR_AUTH_LEN, prs_get_mem_context(rpc_out), MARSHALL); + if (!prs_init(&auth_info, RPC_HDR_AUTH_LEN, prs_get_mem_context(rpc_out), MARSHALL)) + return NT_STATUS_NO_MEMORY; switch (auth_type) { case PIPE_AUTH_TYPE_SCHANNEL: @@ -1468,7 +1469,8 @@ NTSTATUS rpc_api_pipe_req(struct rpc_pipe_client *cli, return NT_STATUS_INVALID_PARAMETER; } - prs_init(&outgoing_pdu, cli->max_xmit_frag, prs_get_mem_context(in_data), MARSHALL); + if (!prs_init(&outgoing_pdu, cli->max_xmit_frag, prs_get_mem_context(in_data), MARSHALL)) + return NT_STATUS_NO_MEMORY; while (1) { RPC_HDR hdr; @@ -1811,7 +1813,7 @@ static NTSTATUS rpc_finish_auth3_bind(struct rpc_pipe_client *cli, return nt_status; } - prs_init(&rpc_out, 0, prs_get_mem_context(rbuf), MARSHALL); + prs_init_empty(&rpc_out, prs_get_mem_context(rbuf), MARSHALL); nt_status = create_rpc_bind_auth3(cli, rpc_call_id, auth_type, auth_level, @@ -1865,7 +1867,8 @@ static NTSTATUS create_rpc_alter_context(uint32 rpc_call_id, NTSTATUS ret = NT_STATUS_OK; ZERO_STRUCT(hdr_auth); - prs_init(&auth_info, RPC_HDR_AUTH_LEN, prs_get_mem_context(rpc_out), MARSHALL); + if (!prs_init(&auth_info, RPC_HDR_AUTH_LEN, prs_get_mem_context(rpc_out), MARSHALL)) + return NT_STATUS_NO_MEMORY; /* We may change the pad length before marshalling. */ init_rpc_hdr_auth(&hdr_auth, RPC_SPNEGO_AUTH_TYPE, (int)auth_level, 0, 1); @@ -1958,7 +1961,7 @@ static NTSTATUS rpc_finish_spnego_ntlmssp_bind(struct rpc_pipe_client *cli, tmp_blob = data_blob_null; /* Ensure it's safe to free this just in case. */ /* Now prepare the alter context pdu. */ - prs_init(&rpc_out, 0, prs_get_mem_context(rbuf), MARSHALL); + prs_init_empty(&rpc_out, prs_get_mem_context(rbuf), MARSHALL); nt_status = create_rpc_alter_context(rpc_call_id, abstract, @@ -1976,7 +1979,7 @@ static NTSTATUS rpc_finish_spnego_ntlmssp_bind(struct rpc_pipe_client *cli, /* Initialize the returning data struct. */ prs_mem_free(rbuf); - prs_init(rbuf, 0, cli->mem_ctx, UNMARSHALL); + prs_init_empty(rbuf, cli->mem_ctx, UNMARSHALL); nt_status = rpc_api_pipe(cli, &rpc_out, rbuf, RPC_ALTCONTRESP); if (!NT_STATUS_IS_OK(nt_status)) { @@ -2049,7 +2052,7 @@ static NTSTATUS rpc_pipe_bind(struct rpc_pipe_client *cli, return NT_STATUS_INVALID_PARAMETER; } - prs_init(&rpc_out, 0, cli->mem_ctx, MARSHALL); + prs_init_empty(&rpc_out, cli->mem_ctx, MARSHALL); rpc_call_id = get_rpc_call_id(); @@ -2065,7 +2068,7 @@ static NTSTATUS rpc_pipe_bind(struct rpc_pipe_client *cli, } /* Initialize the incoming data struct. */ - prs_init(&rbuf, 0, cli->mem_ctx, UNMARSHALL); + prs_init_empty(&rbuf, cli->mem_ctx, UNMARSHALL); /* send data on \PIPE\. receive a response */ status = rpc_api_pipe(cli, &rpc_out, &rbuf, RPC_BINDACK); diff --git a/source3/rpc_client/ndr.c b/source3/rpc_client/ndr.c index a64ead809a..ae705b313b 100644 --- a/source3/rpc_client/ndr.c +++ b/source3/rpc_client/ndr.c @@ -58,10 +58,7 @@ NTSTATUS cli_do_rpc_ndr(struct rpc_pipe_client *cli, talloc_free(push); - if (!prs_init( &r_ps, 0, mem_ctx, UNMARSHALL )) { - prs_mem_free( &q_ps ); - return NT_STATUS_NO_MEMORY; - } + prs_init_empty( &r_ps, mem_ctx, UNMARSHALL ); status = rpc_api_pipe_req(cli, opnum, &q_ps, &r_ps); diff --git a/source3/rpc_parse/parse_buffer.c b/source3/rpc_parse/parse_buffer.c index e98822d46e..9a68e547a0 100644 --- a/source3/rpc_parse/parse_buffer.c +++ b/source3/rpc_parse/parse_buffer.c @@ -34,8 +34,10 @@ void rpcbuf_init(RPC_BUFFER *buffer, uint32 size, TALLOC_CTX *ctx) { buffer->size = size; buffer->string_at_end = size; - prs_init(&buffer->prs, size, ctx, MARSHALL); - buffer->struct_start = prs_offset(&buffer->prs); + if (prs_init(&buffer->prs, size, ctx, MARSHALL)) + buffer->struct_start = prs_offset(&buffer->prs); + else + buffer->struct_start = NULL; } /******************************************************************* diff --git a/source3/rpc_parse/parse_misc.c b/source3/rpc_parse/parse_misc.c index 418f857df8..3850c440af 100644 --- a/source3/rpc_parse/parse_misc.c +++ b/source3/rpc_parse/parse_misc.c @@ -285,7 +285,8 @@ bool smb_io_strhdr(const char *desc, STRHDR *hdr, prs_struct *ps, int depth) prs_debug(ps, depth, desc, "smb_io_strhdr"); depth++; - prs_align(ps); + if(!prs_align(ps)) + return False; if(!prs_uint16("str_str_len", ps, depth, &hdr->str_str_len)) return False; @@ -1761,10 +1762,14 @@ bool smb_io_bufhdr2(const char *desc, BUFHDR2 *hdr, prs_struct *ps, int depth) prs_debug(ps, depth, desc, "smb_io_bufhdr2"); depth++; - prs_align(ps); - prs_uint32("info_level", ps, depth, &(hdr->info_level)); - prs_uint32("length ", ps, depth, &(hdr->length )); - prs_uint32("buffer ", ps, depth, &(hdr->buffer )); + if (!prs_align(ps)) + return False; + if (!prs_uint32("info_level", ps, depth, &(hdr->info_level))) + return False; + if (!prs_uint32("length ", ps, depth, &(hdr->length ))) + return False; + if (!prs_uint32("buffer ", ps, depth, &(hdr->buffer ))) + return False; return True; } @@ -1777,9 +1782,12 @@ bool smb_io_bufhdr4(const char *desc, BUFHDR4 *hdr, prs_struct *ps, int depth) prs_debug(ps, depth, desc, "smb_io_bufhdr4"); depth++; - prs_align(ps); - prs_uint32("size", ps, depth, &hdr->size); - prs_uint32("buffer", ps, depth, &hdr->buffer); + if (!prs_align(ps)) + return False; + if (!prs_uint32("size", ps, depth, &hdr->size)) + return False; + if (!prs_uint32("buffer", ps, depth, &hdr->buffer)) + return False; return True; } @@ -1793,7 +1801,8 @@ bool smb_io_rpc_blob(const char *desc, RPC_DATA_BLOB *blob, prs_struct *ps, int prs_debug(ps, depth, desc, "smb_io_rpc_blob"); depth++; - prs_align(ps); + if (!prs_align(ps)) + return False; if ( !prs_uint32("buf_len", ps, depth, &blob->buf_len) ) return False; diff --git a/source3/rpc_parse/parse_prs.c b/source3/rpc_parse/parse_prs.c index 638d71a73e..072132f5ac 100644 --- a/source3/rpc_parse/parse_prs.c +++ b/source3/rpc_parse/parse_prs.c @@ -1496,7 +1496,7 @@ int tdb_prs_fetch(TDB_CONTEXT *tdb, TDB_DATA kbuf, prs_struct *ps, TALLOC_CTX *m { TDB_DATA dbuf; - prs_init(ps, 0, mem_ctx, UNMARSHALL); + prs_init_empty(ps, mem_ctx, UNMARSHALL); dbuf = tdb_fetch(tdb, kbuf); if (!dbuf.dptr) diff --git a/source3/rpc_server/srv_pipe.c b/source3/rpc_server/srv_pipe.c index 19c8db0533..6c1b65b858 100644 --- a/source3/rpc_server/srv_pipe.c +++ b/source3/rpc_server/srv_pipe.c @@ -151,7 +151,7 @@ static bool create_next_pdu_ntlmssp(pipes_struct *p) * data. */ - prs_init( &outgoing_pdu, 0, p->mem_ctx, MARSHALL); + prs_init_empty( &outgoing_pdu, p->mem_ctx, MARSHALL); prs_give_memory( &outgoing_pdu, (char *)p->out_data.current_pdu, sizeof(p->out_data.current_pdu), False); /* Store the header in the data stream. */ @@ -358,7 +358,7 @@ static bool create_next_pdu_schannel(pipes_struct *p) * data. */ - prs_init( &outgoing_pdu, 0, p->mem_ctx, MARSHALL); + prs_init_empty( &outgoing_pdu, p->mem_ctx, MARSHALL); prs_give_memory( &outgoing_pdu, (char *)p->out_data.current_pdu, sizeof(p->out_data.current_pdu), False); /* Store the header in the data stream. */ @@ -531,7 +531,7 @@ static bool create_next_pdu_noauth(pipes_struct *p) * data. */ - prs_init( &outgoing_pdu, 0, p->mem_ctx, MARSHALL); + prs_init_empty( &outgoing_pdu, p->mem_ctx, MARSHALL); prs_give_memory( &outgoing_pdu, (char *)p->out_data.current_pdu, sizeof(p->out_data.current_pdu), False); /* Store the header in the data stream. */ @@ -812,7 +812,7 @@ static bool setup_bind_nak(pipes_struct *p) * header and are never sending more than one PDU here. */ - prs_init( &outgoing_rpc, 0, p->mem_ctx, MARSHALL); + prs_init_empty( &outgoing_rpc, p->mem_ctx, MARSHALL); prs_give_memory( &outgoing_rpc, (char *)p->out_data.current_pdu, sizeof(p->out_data.current_pdu), False); /* @@ -875,7 +875,7 @@ bool setup_fault_pdu(pipes_struct *p, NTSTATUS status) * header and are never sending more than one PDU here. */ - prs_init( &outgoing_pdu, 0, p->mem_ctx, MARSHALL); + prs_init_empty( &outgoing_pdu, p->mem_ctx, MARSHALL); prs_give_memory( &outgoing_pdu, (char *)p->out_data.current_pdu, sizeof(p->out_data.current_pdu), False); /* @@ -944,7 +944,7 @@ bool setup_cancel_ack_reply(pipes_struct *p, prs_struct *rpc_in_p) * header and are never sending more than one PDU here. */ - prs_init( &outgoing_pdu, 0, p->mem_ctx, MARSHALL); + prs_init_empty( &outgoing_pdu, p->mem_ctx, MARSHALL); prs_give_memory( &outgoing_pdu, (char *)p->out_data.current_pdu, sizeof(p->out_data.current_pdu), False); /* @@ -1522,7 +1522,7 @@ bool api_pipe_bind_req(pipes_struct *p, prs_struct *rpc_in_p) return setup_bind_nak(p); } - prs_init( &outgoing_rpc, 0, p->mem_ctx, MARSHALL); + prs_init_empty( &outgoing_rpc, p->mem_ctx, MARSHALL); /* * Marshall directly into the outgoing PDU space. We @@ -1794,7 +1794,7 @@ bool api_pipe_alter_context(pipes_struct *p, prs_struct *rpc_in_p) prs_struct outgoing_rpc; int auth_len = 0; - prs_init( &outgoing_rpc, 0, p->mem_ctx, MARSHALL); + prs_init_empty( &outgoing_rpc, p->mem_ctx, MARSHALL); /* * Marshall directly into the outgoing PDU space. We diff --git a/source3/rpc_server/srv_pipe_hnd.c b/source3/rpc_server/srv_pipe_hnd.c index 95ce496ba6..45f649d0ce 100644 --- a/source3/rpc_server/srv_pipe_hnd.c +++ b/source3/rpc_server/srv_pipe_hnd.c @@ -348,7 +348,7 @@ static void *make_internal_rpc_pipe_p(const char *pipe_name, /* * Initialize the outgoing RPC data buffer with no memory. */ - prs_init(&p->out_data.rdata, 0, p->mem_ctx, MARSHALL); + prs_init_empty(&p->out_data.rdata, p->mem_ctx, MARSHALL); fstrcpy(p->name, pipe_name); @@ -408,7 +408,7 @@ static ssize_t unmarshall_rpc_header(pipes_struct *p) return -1; } - prs_init( &rpc_in, 0, p->mem_ctx, UNMARSHALL); + prs_init_empty( &rpc_in, p->mem_ctx, UNMARSHALL); prs_set_endian_data( &rpc_in, p->endian); prs_give_memory( &rpc_in, (char *)&p->in_data.current_in_pdu[0], @@ -693,7 +693,7 @@ static void process_complete_pdu(pipes_struct *p) return; } - prs_init( &rpc_in, 0, p->mem_ctx, UNMARSHALL); + prs_init_empty( &rpc_in, p->mem_ctx, UNMARSHALL); /* * Ensure we're using the corrent endianness for both the diff --git a/source3/rpc_server/srv_spoolss_nt.c b/source3/rpc_server/srv_spoolss_nt.c index 3758c8fd63..403beb6782 100644 --- a/source3/rpc_server/srv_spoolss_nt.c +++ b/source3/rpc_server/srv_spoolss_nt.c @@ -6033,7 +6033,11 @@ static WERROR update_printer_sec(POLICY_HND *handle, uint32 level, /* NT seems to like setting the security descriptor even though nothing may have actually changed. */ - nt_printing_getsec(p->mem_ctx, Printer->sharename, &old_secdesc_ctr); + if ( !nt_printing_getsec(p->mem_ctx, Printer->sharename, &old_secdesc_ctr)) { + DEBUG(2,("update_printer_sec: nt_printing_getsec() failed\n")); + result = WERR_BADFID; + goto done; + } if (DEBUGLEVEL >= 10) { SEC_ACL *the_acl; diff --git a/source3/rpc_server/srv_winreg_nt.c b/source3/rpc_server/srv_winreg_nt.c index c76bc19d9c..6e076ea372 100644 --- a/source3/rpc_server/srv_winreg_nt.c +++ b/source3/rpc_server/srv_winreg_nt.c @@ -239,7 +239,8 @@ WERROR _winreg_QueryValue(pipes_struct *p, struct winreg_QueryValue *r) if(regkey->key->type == REG_KEY_HKPD) { if(strequal(r->in.value_name.name, "Global")) { - prs_init(&prs_hkpd, *r->in.data_size, p->mem_ctx, MARSHALL); + if (!prs_init(&prs_hkpd, *r->in.data_size, p->mem_ctx, MARSHALL)) + return WERR_NOMEM; status = reg_perfcount_get_hkpd( &prs_hkpd, *r->in.data_size, &outbuf_size, NULL); outbuf = (uint8_t *)prs_hkpd.data_p; @@ -260,7 +261,8 @@ WERROR _winreg_QueryValue(pipes_struct *p, struct winreg_QueryValue *r) else if(isdigit(r->in.value_name.name[0])) { /* we probably have a request for a specific object * here */ - prs_init(&prs_hkpd, *r->in.data_size, p->mem_ctx, MARSHALL); + if (!prs_init(&prs_hkpd, *r->in.data_size, p->mem_ctx, MARSHALL)) + return WERR_NOMEM; status = reg_perfcount_get_hkpd( &prs_hkpd, *r->in.data_size, &outbuf_size, r->in.value_name.name); diff --git a/source3/services/services_db.c b/source3/services/services_db.c index ae83e72697..620b036932 100644 --- a/source3/services/services_db.c +++ b/source3/services/services_db.c @@ -592,7 +592,12 @@ bool svcctl_set_secdesc( TALLOC_CTX *ctx, const char *name, SEC_DESC *sec_desc, } /* stream the printer security descriptor */ - prs_init( &ps, RPC_MAX_PDU_FRAG_LEN, key, MARSHALL); + + if (!prs_init( &ps, RPC_MAX_PDU_FRAG_LEN, key, MARSHALL)) { + DEBUG(0,("svcctl_set_secdesc: prs_init() failed!\n")); + TALLOC_FREE( key ); + return False; + } if ( sec_io_desc("sec_desc", &sec_desc, &ps, 0 ) ) { uint32 offset = prs_offset( &ps ); diff --git a/source3/smbd/notify.c b/source3/smbd/notify.c index 55009ce0b1..ffdf1c22e7 100644 --- a/source3/smbd/notify.c +++ b/source3/smbd/notify.c @@ -169,7 +169,7 @@ void change_notify_reply(connection_struct *conn, return; } - prs_init(&ps, 0, NULL, MARSHALL); + prs_init_empty(&ps, NULL, MARSHALL); if (!notify_marshall_changes(notify_buf->num_changes, max_param, notify_buf->changes, &ps)) { diff --git a/source3/smbd/uid.c b/source3/smbd/uid.c index dceea450e6..1a3b7383c9 100644 --- a/source3/smbd/uid.c +++ b/source3/smbd/uid.c @@ -387,7 +387,12 @@ static void pop_conn_ctx(void) void become_root(void) { - push_sec_ctx(); + /* + * no good way to handle push_sec_ctx() failing without changing + * the prototype of become_root() + */ + if (!push_sec_ctx()) + return; push_conn_ctx(); set_root_sec_ctx(); } diff --git a/source3/utils/net_rpc.c b/source3/utils/net_rpc.c index 31cc63845e..50465da9b9 100644 --- a/source3/utils/net_rpc.c +++ b/source3/utils/net_rpc.c @@ -3048,7 +3048,7 @@ static NTSTATUS rpc_group_members_internals(const DOM_SID *domain_sid, rpccli_samr_Close(pipe_hnd, mem_ctx, &domain_pol); - string_to_sid(&sid_Builtin, "S-1-5-32"); + (void) string_to_sid(&sid_Builtin, "S-1-5-32"); result = rpccli_samr_OpenDomain(pipe_hnd, mem_ctx, &connect_pol, @@ -4501,7 +4501,10 @@ static bool get_user_sids(const char *domain, const char *user, NT_USER_TOKEN *t return False; } - string_to_sid(&user_sid, response.data.sid.sid); + if (!string_to_sid(&user_sid, response.data.sid.sid)) { + DEBUG(1, ("Could not convert string '%s' to SID\n", response.data.sid.sid)); + return False; + } init_user_token(token, &user_sid); diff --git a/source3/utils/rpccheck.c b/source3/utils/rpccheck.c index 63c2f14601..87632db16d 100644 --- a/source3/utils/rpccheck.c +++ b/source3/utils/rpccheck.c @@ -40,7 +40,8 @@ main() ctx=talloc_init("main"); if (!ctx) exit(1); - prs_init(&ps, 1600, 4, ctx, MARSHALL); + if (!prs_init(&ps, 1600, 4, ctx, MARSHALL)) + exit(1); while (scanf("%s", s)!=-1) { if (strlen(s)==2 && strchr_m(filter, *s)!=NULL && strchr_m(filter, *(s+1))!=NULL) { diff --git a/source3/utils/smbget.c b/source3/utils/smbget.c index 1b284c1725..3d4a71b71d 100644 --- a/source3/utils/smbget.c +++ b/source3/utils/smbget.c @@ -330,7 +330,12 @@ static int smb_download_file(const char *base, const char *name, int recursive, return 0; } - fstat(localhandle, &localstat); + if (fstat(localhandle, &localstat) != 0) { + fprintf(stderr, "Can't fstat %s: %s\n", newpath, strerror(errno)); + smbc_close(remotehandle); + close(localhandle); + return 0; + } start_offset = localstat.st_size; |