summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--source3/client/client.c5
-rw-r--r--source3/include/rpc_client.h12
-rw-r--r--source3/lib/sock_exec.c2
-rw-r--r--source3/libads/kerberos.c6
-rw-r--r--source3/libads/krb5_setpw.c17
-rw-r--r--source3/libads/ldap.c5
-rw-r--r--source3/nsswitch/wins.c10
-rw-r--r--source3/passdb/pdb_ldap.c14
-rw-r--r--source3/passdb/pdb_smbpasswd.c6
-rw-r--r--source3/printing/nt_printing.c29
-rw-r--r--source3/registry/reg_backend_printing.c3
-rw-r--r--source3/registry/regfio.c5
-rw-r--r--source3/rpc_client/cli_pipe.c23
-rw-r--r--source3/rpc_client/ndr.c5
-rw-r--r--source3/rpc_parse/parse_buffer.c6
-rw-r--r--source3/rpc_parse/parse_misc.c27
-rw-r--r--source3/rpc_parse/parse_prs.c2
-rw-r--r--source3/rpc_server/srv_pipe.c16
-rw-r--r--source3/rpc_server/srv_pipe_hnd.c6
-rw-r--r--source3/rpc_server/srv_spoolss_nt.c6
-rw-r--r--source3/rpc_server/srv_winreg_nt.c6
-rw-r--r--source3/services/services_db.c7
-rw-r--r--source3/smbd/notify.c2
-rw-r--r--source3/smbd/uid.c7
-rw-r--r--source3/utils/net_rpc.c7
-rw-r--r--source3/utils/rpccheck.c3
-rw-r--r--source3/utils/smbget.c7
27 files changed, 162 insertions, 82 deletions
diff --git a/source3/client/client.c b/source3/client/client.c
index a285bccfe7..0b4438d6b2 100644
--- a/source3/client/client.c
+++ b/source3/client/client.c
@@ -4899,7 +4899,10 @@ static int do_message_op(void)
}
smb_encrypt = get_cmdline_auth_info_smb_encrypt();
- init_names();
+ if (!init_names()) {
+ fprintf(stderr, "init_names() failed\n");
+ exit(1);
+ }
if(new_name_resolve_order)
lp_set_name_resolve_order(new_name_resolve_order);
diff --git a/source3/include/rpc_client.h b/source3/include/rpc_client.h
index e1ebb2509d..c552271ee7 100644
--- a/source3/include/rpc_client.h
+++ b/source3/include/rpc_client.h
@@ -36,6 +36,8 @@
#include "librpc/gen_ndr/cli_dssetup.h"
#include "librpc/gen_ndr/cli_ntsvcs.h"
+#define prs_init_empty( _ps_, _ctx_, _io_ ) (void) prs_init((_ps_), 0, (_ctx_), (_io_))
+
/* macro to expand cookie-cutter code in cli_xxx() using rpc_api_pipe_req() */
#define CLI_DO_RPC_INTERNAL( pcli, ctx, p_idx, opnum, q_in, r_out, \
@@ -45,10 +47,7 @@
if (!prs_init( &q_ps, RPC_MAX_PDU_FRAG_LEN, ctx, MARSHALL )) { \
return NT_STATUS_NO_MEMORY;\
}\
- if (!prs_init( &r_ps, 0, ctx, UNMARSHALL )) {\
- prs_mem_free( &q_ps );\
- return NT_STATUS_NO_MEMORY;\
- }\
+ prs_init_empty( &r_ps, ctx, UNMARSHALL );\
if ( copy_sess_key) prs_set_session_key(&q_ps, (const char *)pcli->dc->sess_key);\
if ( q_io_fn("", &q_in, &q_ps, 0) ) {\
NTSTATUS _smb_pipe_stat_ = rpc_api_pipe_req(pcli, opnum, &q_ps, &r_ps); \
@@ -96,10 +95,7 @@
if (!prs_init( &q_ps, RPC_MAX_PDU_FRAG_LEN, ctx, MARSHALL )) { \
return WERR_NOMEM;\
}\
- if (!prs_init( &r_ps, 0, ctx, UNMARSHALL )) {\
- prs_mem_free( &q_ps );\
- return WERR_NOMEM;\
- }\
+ prs_init_empty( &r_ps, ctx, UNMARSHALL );\
if ( q_io_fn("", &q_in, &q_ps, 0) ) {\
NTSTATUS _smb_pipe_stat_ = rpc_api_pipe_req(pcli, opnum, &q_ps, &r_ps); \
if (!NT_STATUS_IS_OK(_smb_pipe_stat_)) {\
diff --git a/source3/lib/sock_exec.c b/source3/lib/sock_exec.c
index 278a174663..2333d7c739 100644
--- a/source3/lib/sock_exec.c
+++ b/source3/lib/sock_exec.c
@@ -48,7 +48,7 @@ static int socketpair_tcp(int fd[2])
#endif
sock2.sin_family = PF_INET;
- bind(listener, (struct sockaddr *)&sock2, sizeof(sock2));
+ if (bind(listener, (struct sockaddr *)&sock2, sizeof(sock2)) != 0) goto failed;
if (listen(listener, 1) != 0) goto failed;
diff --git a/source3/libads/kerberos.c b/source3/libads/kerberos.c
index ee25fb5551..66f203b12d 100644
--- a/source3/libads/kerberos.c
+++ b/source3/libads/kerberos.c
@@ -606,9 +606,11 @@ bool kerberos_secrets_store_salting_principal(const char *service,
krb5_principal princ = NULL;
char *princ_s = NULL;
char *unparsed_name = NULL;
+ krb5_error_code code;
- krb5_init_context(&context);
- if (!context) {
+ if (((code = krb5_init_context(&context)) != 0) || (context == NULL)) {
+ DEBUG(5, ("kerberos_secrets_store_salting_pricipal: kdb5_init_context failed: %s\n",
+ error_message(code)));
return False;
}
if (strchr_m(service, '@')) {
diff --git a/source3/libads/krb5_setpw.c b/source3/libads/krb5_setpw.c
index 852251a476..719f3bd3ec 100644
--- a/source3/libads/krb5_setpw.c
+++ b/source3/libads/krb5_setpw.c
@@ -438,10 +438,21 @@ static ADS_STATUS do_krb5_kpasswd_request(krb5_context context,
return ADS_ERROR_SYSTEM(rc);
}
addr_len = sizeof(remote_addr);
- getpeername(sock, (struct sockaddr *)&remote_addr, &addr_len);
+ if (getpeername(sock, (struct sockaddr *)&remote_addr, &addr_len) != 0) {
+ close(sock);
+ SAFE_FREE(ap_req.data);
+ krb5_auth_con_free(context, auth_context);
+ DEBUG(1,("getpeername() failed (%s)\n", error_message(errno)));
+ return ADS_ERROR_SYSTEM(errno);
+ }
addr_len = sizeof(local_addr);
- getsockname(sock, (struct sockaddr *)&local_addr, &addr_len);
-
+ if (getsockname(sock, (struct sockaddr *)&local_addr, &addr_len) != 0) {
+ close(sock);
+ SAFE_FREE(ap_req.data);
+ krb5_auth_con_free(context, auth_context);
+ DEBUG(1,("getsockname() failed (%s)\n", error_message(errno)));
+ return ADS_ERROR_SYSTEM(errno);
+ }
if (!setup_kaddr(&remote_kaddr, &remote_addr) ||
!setup_kaddr(&local_kaddr, &local_addr)) {
DEBUG(1,("do_krb5_kpasswd_request: "
diff --git a/source3/libads/ldap.c b/source3/libads/ldap.c
index d6b9ba622b..9ec06e5a1d 100644
--- a/source3/libads/ldap.c
+++ b/source3/libads/ldap.c
@@ -588,7 +588,10 @@ static char **ads_push_strvals(TALLOC_CTX *ctx, const char **in_vals)
if (!values) return NULL;
for (i=0; in_vals[i]; i++) {
- push_utf8_talloc(ctx, &values[i], in_vals[i]);
+ if (push_utf8_talloc(ctx, &values[i], in_vals[i]) == (size_t) -1) {
+ TALLOC_FREE(values);
+ return NULL;
+ }
}
return values;
}
diff --git a/source3/nsswitch/wins.c b/source3/nsswitch/wins.c
index e74cfaf69f..36415c42b5 100644
--- a/source3/nsswitch/wins.c
+++ b/source3/nsswitch/wins.c
@@ -58,9 +58,15 @@ static int wins_lookup_open_socket_in(void)
if (res == -1)
return -1;
- setsockopt(res,SOL_SOCKET,SO_REUSEADDR,(char *)&val,sizeof(val));
+ if (setsockopt(res,SOL_SOCKET,SO_REUSEADDR,(char *)&val,sizeof(val)) != 0) {
+ close(res);
+ return -1;
+ }
#ifdef SO_REUSEPORT
- setsockopt(res,SOL_SOCKET,SO_REUSEPORT,(char *)&val,sizeof(val));
+ if (setsockopt(res,SOL_SOCKET,SO_REUSEPORT,(char *)&val,sizeof(val)) != 0) {
+ close(res);
+ return -1;
+ }
#endif /* SO_REUSEPORT */
/* now we've got a socket - we need to bind it */
diff --git a/source3/passdb/pdb_ldap.c b/source3/passdb/pdb_ldap.c
index d941abb00e..cf5b72bc7c 100644
--- a/source3/passdb/pdb_ldap.c
+++ b/source3/passdb/pdb_ldap.c
@@ -1726,10 +1726,16 @@ static NTSTATUS ldapsam_modify_entry(struct pdb_methods *my_methods,
return NT_STATUS_UNSUCCESSFUL;
}
- ber_printf (ber, "{");
- ber_printf (ber, "ts", LDAP_TAG_EXOP_MODIFY_PASSWD_ID, utf8_dn);
- ber_printf (ber, "ts", LDAP_TAG_EXOP_MODIFY_PASSWD_NEW, utf8_password);
- ber_printf (ber, "n}");
+ if ((ber_printf (ber, "{") < 0) ||
+ (ber_printf (ber, "ts", LDAP_TAG_EXOP_MODIFY_PASSWD_ID, utf8_dn) < 0) ||
+ (ber_printf (ber, "ts", LDAP_TAG_EXOP_MODIFY_PASSWD_NEW, utf8_password) < 0) ||
+ (ber_printf (ber, "n}") < 0)) {
+ DEBUG(0,("ldapsam_modify_entry: ber_printf returns a value <0\n"));
+ ber_free(ber,1);
+ SAFE_FREE(utf8_dn);
+ SAFE_FREE(utf8_password);
+ return NT_STATUS_UNSUCCESSFUL;
+ }
if ((rc = ber_flatten (ber, &bv))<0) {
DEBUG(0,("ldapsam_modify_entry: ber_flatten returns a value <0\n"));
diff --git a/source3/passdb/pdb_smbpasswd.c b/source3/passdb/pdb_smbpasswd.c
index 70944a9596..f72638bed5 100644
--- a/source3/passdb/pdb_smbpasswd.c
+++ b/source3/passdb/pdb_smbpasswd.c
@@ -1251,8 +1251,10 @@ static bool build_sam_account(struct smbpasswd_privates *smbpasswd_state,
/* set remaining fields */
- pdb_set_nt_passwd (sam_pass, pw_buf->smb_nt_passwd, PDB_SET);
- pdb_set_lanman_passwd (sam_pass, pw_buf->smb_passwd, PDB_SET);
+ if (!pdb_set_nt_passwd (sam_pass, pw_buf->smb_nt_passwd, PDB_SET))
+ return False;
+ if (!pdb_set_lanman_passwd (sam_pass, pw_buf->smb_passwd, PDB_SET))
+ return False;
pdb_set_acct_ctrl (sam_pass, pw_buf->acct_ctrl, PDB_SET);
pdb_set_pass_last_set_time (sam_pass, pw_buf->pass_last_set_time, PDB_SET);
pdb_set_pass_can_change_time (sam_pass, pw_buf->pass_last_set_time, PDB_SET);
diff --git a/source3/printing/nt_printing.c b/source3/printing/nt_printing.c
index d5803b711b..04dde0e8a0 100644
--- a/source3/printing/nt_printing.c
+++ b/source3/printing/nt_printing.c
@@ -358,7 +358,7 @@ static int sec_desc_upg_fn( TDB_CONTEXT *the_tdb, TDB_DATA key,
ZERO_STRUCT( ps );
- prs_init( &ps, 0, ctx, UNMARSHALL );
+ prs_init_empty( &ps, ctx, UNMARSHALL );
prs_give_memory( &ps, (char *)data.dptr, data.dsize, False );
if ( !sec_io_desc_buf( "sec_desc_upg_fn", &sd_orig, &ps, 1 ) ) {
@@ -405,7 +405,10 @@ static int sec_desc_upg_fn( TDB_CONTEXT *the_tdb, TDB_DATA key,
/* create a new SEC_DESC with the appropriate owner and group SIDs */
- string_to_sid(&sid, "S-1-5-32-544" );
+ if (!string_to_sid(&sid, "S-1-5-32-544" )) {
+ prs_mem_free( &ps );
+ return 0;
+ }
new_sec = make_sec_desc( ctx, SEC_DESC_REVISION, SEC_DESC_SELF_RELATIVE,
&sid, &sid,
NULL, NULL, &size_new_sec );
@@ -431,7 +434,10 @@ static int sec_desc_upg_fn( TDB_CONTEXT *the_tdb, TDB_DATA key,
sd_size = ndr_size_security_descriptor(sd_store->sd, 0)
+ sizeof(SEC_DESC_BUF);
- prs_init(&ps, sd_size, ctx, MARSHALL);
+ if ( !prs_init(&ps, sd_size, ctx, MARSHALL) ) {
+ DEBUG(0,("sec_desc_upg_fn: Failed to allocate prs memory for %s\n", key.dptr ));
+ return 0;
+ }
if ( !sec_io_desc_buf( "sec_desc_upg_fn", &sd_store, &ps, 1 ) ) {
DEBUG(0,("sec_desc_upg_fn: Failed to parse new sec_desc for %s\n", key.dptr ));
@@ -4551,7 +4557,7 @@ static bool convert_driver_init( TALLOC_CTX *ctx, NT_DEVICEMODE *nt_devmode, uin
ZERO_STRUCT(devmode);
- prs_init(&ps, 0, ctx, UNMARSHALL);
+ prs_init_empty(&ps, ctx, UNMARSHALL);
ps.data_p = (char *)data;
ps.buffer_size = data_len;
@@ -5396,9 +5402,13 @@ WERROR nt_printing_setsec(const char *sharename, SEC_DESC_BUF *secdesc_ctr)
/* Store the security descriptor in a tdb */
- prs_init(&ps,
- (uint32)ndr_size_security_descriptor(new_secdesc_ctr->sd, 0)
- + sizeof(SEC_DESC_BUF), mem_ctx, MARSHALL);
+ if (!prs_init(&ps,
+ (uint32)ndr_size_security_descriptor(new_secdesc_ctr->sd, 0)
+ + sizeof(SEC_DESC_BUF), mem_ctx, MARSHALL) ) {
+ status = WERR_NOMEM;
+ goto out;
+ }
+
prs_init_done = true;
@@ -5546,8 +5556,9 @@ bool nt_printing_getsec(TALLOC_CTX *ctx, const char *sharename, SEC_DESC_BUF **s
/* Save default security descriptor for later */
- prs_init(&ps, (uint32)ndr_size_security_descriptor((*secdesc_ctr)->sd, 0) +
- sizeof(SEC_DESC_BUF), ctx, MARSHALL);
+ if (!prs_init(&ps, (uint32)ndr_size_security_descriptor((*secdesc_ctr)->sd, 0) +
+ sizeof(SEC_DESC_BUF), ctx, MARSHALL))
+ return False;
if (sec_io_desc_buf("nt_printing_getsec", secdesc_ctr, &ps, 1)) {
tdb_prs_store(tdb_printers, kbuf, &ps);
diff --git a/source3/registry/reg_backend_printing.c b/source3/registry/reg_backend_printing.c
index a4da103d40..582989d8d1 100644
--- a/source3/registry/reg_backend_printing.c
+++ b/source3/registry/reg_backend_printing.c
@@ -443,7 +443,8 @@ static void fill_in_printer_values( NT_PRINTER_INFO_LEVEL_2 *info2, REGVAL_CTR *
/* use a prs_struct for converting the devmode and security
descriptor to REG_BINARY */
- prs_init( &prs, RPC_MAX_PDU_FRAG_LEN, values, MARSHALL);
+ if (!prs_init( &prs, RPC_MAX_PDU_FRAG_LEN, values, MARSHALL))
+ return;
/* stream the device mode */
diff --git a/source3/registry/regfio.c b/source3/registry/regfio.c
index 1c3aad7a25..9eb2c58298 100644
--- a/source3/registry/regfio.c
+++ b/source3/registry/regfio.c
@@ -123,7 +123,10 @@ static int read_block( REGF_FILE *file, prs_struct *ps, uint32 file_offset, uint
return -1;
}
- prs_init( ps, block_size, file->mem_ctx, UNMARSHALL );
+ if (!prs_init( ps, block_size, file->mem_ctx, UNMARSHALL )) {
+ DEBUG(0,("read_block: prs_init() failed! (%s)\n", strerror(errno) ));
+ return -1;
+ }
buffer = prs_data_p( ps );
bytes_read = returned = 0;
diff --git a/source3/rpc_client/cli_pipe.c b/source3/rpc_client/cli_pipe.c
index c89c5531d7..1fd06f868e 100644
--- a/source3/rpc_client/cli_pipe.c
+++ b/source3/rpc_client/cli_pipe.c
@@ -683,7 +683,7 @@ static NTSTATUS cli_pipe_reset_current_pdu(struct rpc_pipe_client *cli, RPC_HDR
/* Common case. */
if (current_pdu_len == (uint32)prhdr->frag_len) {
prs_mem_free(current_pdu);
- prs_init(current_pdu, 0, prs_get_mem_context(current_pdu), UNMARSHALL);
+ prs_init_empty(current_pdu, prs_get_mem_context(current_pdu), UNMARSHALL);
/* Make current_pdu dynamic with no memory. */
prs_give_memory(current_pdu, 0, 0, True);
return NT_STATUS_OK;
@@ -757,7 +757,7 @@ static NTSTATUS rpc_api_pipe(struct rpc_pipe_client *cli,
#endif
/* Set up the current pdu parse struct. */
- prs_init(&current_pdu, 0, prs_get_mem_context(rbuf), UNMARSHALL);
+ prs_init_empty(&current_pdu, prs_get_mem_context(rbuf), UNMARSHALL);
/* Create setup parameters - must be in native byte order. */
setup[0] = TRANSACT_DCERPCCMD;
@@ -1183,7 +1183,8 @@ static NTSTATUS create_rpc_bind_req(struct rpc_pipe_client *cli,
NTSTATUS ret = NT_STATUS_OK;
ZERO_STRUCT(hdr_auth);
- prs_init(&auth_info, RPC_HDR_AUTH_LEN, prs_get_mem_context(rpc_out), MARSHALL);
+ if (!prs_init(&auth_info, RPC_HDR_AUTH_LEN, prs_get_mem_context(rpc_out), MARSHALL))
+ return NT_STATUS_NO_MEMORY;
switch (auth_type) {
case PIPE_AUTH_TYPE_SCHANNEL:
@@ -1468,7 +1469,8 @@ NTSTATUS rpc_api_pipe_req(struct rpc_pipe_client *cli,
return NT_STATUS_INVALID_PARAMETER;
}
- prs_init(&outgoing_pdu, cli->max_xmit_frag, prs_get_mem_context(in_data), MARSHALL);
+ if (!prs_init(&outgoing_pdu, cli->max_xmit_frag, prs_get_mem_context(in_data), MARSHALL))
+ return NT_STATUS_NO_MEMORY;
while (1) {
RPC_HDR hdr;
@@ -1811,7 +1813,7 @@ static NTSTATUS rpc_finish_auth3_bind(struct rpc_pipe_client *cli,
return nt_status;
}
- prs_init(&rpc_out, 0, prs_get_mem_context(rbuf), MARSHALL);
+ prs_init_empty(&rpc_out, prs_get_mem_context(rbuf), MARSHALL);
nt_status = create_rpc_bind_auth3(cli, rpc_call_id,
auth_type, auth_level,
@@ -1865,7 +1867,8 @@ static NTSTATUS create_rpc_alter_context(uint32 rpc_call_id,
NTSTATUS ret = NT_STATUS_OK;
ZERO_STRUCT(hdr_auth);
- prs_init(&auth_info, RPC_HDR_AUTH_LEN, prs_get_mem_context(rpc_out), MARSHALL);
+ if (!prs_init(&auth_info, RPC_HDR_AUTH_LEN, prs_get_mem_context(rpc_out), MARSHALL))
+ return NT_STATUS_NO_MEMORY;
/* We may change the pad length before marshalling. */
init_rpc_hdr_auth(&hdr_auth, RPC_SPNEGO_AUTH_TYPE, (int)auth_level, 0, 1);
@@ -1958,7 +1961,7 @@ static NTSTATUS rpc_finish_spnego_ntlmssp_bind(struct rpc_pipe_client *cli,
tmp_blob = data_blob_null; /* Ensure it's safe to free this just in case. */
/* Now prepare the alter context pdu. */
- prs_init(&rpc_out, 0, prs_get_mem_context(rbuf), MARSHALL);
+ prs_init_empty(&rpc_out, prs_get_mem_context(rbuf), MARSHALL);
nt_status = create_rpc_alter_context(rpc_call_id,
abstract,
@@ -1976,7 +1979,7 @@ static NTSTATUS rpc_finish_spnego_ntlmssp_bind(struct rpc_pipe_client *cli,
/* Initialize the returning data struct. */
prs_mem_free(rbuf);
- prs_init(rbuf, 0, cli->mem_ctx, UNMARSHALL);
+ prs_init_empty(rbuf, cli->mem_ctx, UNMARSHALL);
nt_status = rpc_api_pipe(cli, &rpc_out, rbuf, RPC_ALTCONTRESP);
if (!NT_STATUS_IS_OK(nt_status)) {
@@ -2049,7 +2052,7 @@ static NTSTATUS rpc_pipe_bind(struct rpc_pipe_client *cli,
return NT_STATUS_INVALID_PARAMETER;
}
- prs_init(&rpc_out, 0, cli->mem_ctx, MARSHALL);
+ prs_init_empty(&rpc_out, cli->mem_ctx, MARSHALL);
rpc_call_id = get_rpc_call_id();
@@ -2065,7 +2068,7 @@ static NTSTATUS rpc_pipe_bind(struct rpc_pipe_client *cli,
}
/* Initialize the incoming data struct. */
- prs_init(&rbuf, 0, cli->mem_ctx, UNMARSHALL);
+ prs_init_empty(&rbuf, cli->mem_ctx, UNMARSHALL);
/* send data on \PIPE\. receive a response */
status = rpc_api_pipe(cli, &rpc_out, &rbuf, RPC_BINDACK);
diff --git a/source3/rpc_client/ndr.c b/source3/rpc_client/ndr.c
index a64ead809a..ae705b313b 100644
--- a/source3/rpc_client/ndr.c
+++ b/source3/rpc_client/ndr.c
@@ -58,10 +58,7 @@ NTSTATUS cli_do_rpc_ndr(struct rpc_pipe_client *cli,
talloc_free(push);
- if (!prs_init( &r_ps, 0, mem_ctx, UNMARSHALL )) {
- prs_mem_free( &q_ps );
- return NT_STATUS_NO_MEMORY;
- }
+ prs_init_empty( &r_ps, mem_ctx, UNMARSHALL );
status = rpc_api_pipe_req(cli, opnum, &q_ps, &r_ps);
diff --git a/source3/rpc_parse/parse_buffer.c b/source3/rpc_parse/parse_buffer.c
index e98822d46e..9a68e547a0 100644
--- a/source3/rpc_parse/parse_buffer.c
+++ b/source3/rpc_parse/parse_buffer.c
@@ -34,8 +34,10 @@ void rpcbuf_init(RPC_BUFFER *buffer, uint32 size, TALLOC_CTX *ctx)
{
buffer->size = size;
buffer->string_at_end = size;
- prs_init(&buffer->prs, size, ctx, MARSHALL);
- buffer->struct_start = prs_offset(&buffer->prs);
+ if (prs_init(&buffer->prs, size, ctx, MARSHALL))
+ buffer->struct_start = prs_offset(&buffer->prs);
+ else
+ buffer->struct_start = NULL;
}
/*******************************************************************
diff --git a/source3/rpc_parse/parse_misc.c b/source3/rpc_parse/parse_misc.c
index 418f857df8..3850c440af 100644
--- a/source3/rpc_parse/parse_misc.c
+++ b/source3/rpc_parse/parse_misc.c
@@ -285,7 +285,8 @@ bool smb_io_strhdr(const char *desc, STRHDR *hdr, prs_struct *ps, int depth)
prs_debug(ps, depth, desc, "smb_io_strhdr");
depth++;
- prs_align(ps);
+ if(!prs_align(ps))
+ return False;
if(!prs_uint16("str_str_len", ps, depth, &hdr->str_str_len))
return False;
@@ -1761,10 +1762,14 @@ bool smb_io_bufhdr2(const char *desc, BUFHDR2 *hdr, prs_struct *ps, int depth)
prs_debug(ps, depth, desc, "smb_io_bufhdr2");
depth++;
- prs_align(ps);
- prs_uint32("info_level", ps, depth, &(hdr->info_level));
- prs_uint32("length ", ps, depth, &(hdr->length ));
- prs_uint32("buffer ", ps, depth, &(hdr->buffer ));
+ if (!prs_align(ps))
+ return False;
+ if (!prs_uint32("info_level", ps, depth, &(hdr->info_level)))
+ return False;
+ if (!prs_uint32("length ", ps, depth, &(hdr->length )))
+ return False;
+ if (!prs_uint32("buffer ", ps, depth, &(hdr->buffer )))
+ return False;
return True;
}
@@ -1777,9 +1782,12 @@ bool smb_io_bufhdr4(const char *desc, BUFHDR4 *hdr, prs_struct *ps, int depth)
prs_debug(ps, depth, desc, "smb_io_bufhdr4");
depth++;
- prs_align(ps);
- prs_uint32("size", ps, depth, &hdr->size);
- prs_uint32("buffer", ps, depth, &hdr->buffer);
+ if (!prs_align(ps))
+ return False;
+ if (!prs_uint32("size", ps, depth, &hdr->size))
+ return False;
+ if (!prs_uint32("buffer", ps, depth, &hdr->buffer))
+ return False;
return True;
}
@@ -1793,7 +1801,8 @@ bool smb_io_rpc_blob(const char *desc, RPC_DATA_BLOB *blob, prs_struct *ps, int
prs_debug(ps, depth, desc, "smb_io_rpc_blob");
depth++;
- prs_align(ps);
+ if (!prs_align(ps))
+ return False;
if ( !prs_uint32("buf_len", ps, depth, &blob->buf_len) )
return False;
diff --git a/source3/rpc_parse/parse_prs.c b/source3/rpc_parse/parse_prs.c
index 638d71a73e..072132f5ac 100644
--- a/source3/rpc_parse/parse_prs.c
+++ b/source3/rpc_parse/parse_prs.c
@@ -1496,7 +1496,7 @@ int tdb_prs_fetch(TDB_CONTEXT *tdb, TDB_DATA kbuf, prs_struct *ps, TALLOC_CTX *m
{
TDB_DATA dbuf;
- prs_init(ps, 0, mem_ctx, UNMARSHALL);
+ prs_init_empty(ps, mem_ctx, UNMARSHALL);
dbuf = tdb_fetch(tdb, kbuf);
if (!dbuf.dptr)
diff --git a/source3/rpc_server/srv_pipe.c b/source3/rpc_server/srv_pipe.c
index 19c8db0533..6c1b65b858 100644
--- a/source3/rpc_server/srv_pipe.c
+++ b/source3/rpc_server/srv_pipe.c
@@ -151,7 +151,7 @@ static bool create_next_pdu_ntlmssp(pipes_struct *p)
* data.
*/
- prs_init( &outgoing_pdu, 0, p->mem_ctx, MARSHALL);
+ prs_init_empty( &outgoing_pdu, p->mem_ctx, MARSHALL);
prs_give_memory( &outgoing_pdu, (char *)p->out_data.current_pdu, sizeof(p->out_data.current_pdu), False);
/* Store the header in the data stream. */
@@ -358,7 +358,7 @@ static bool create_next_pdu_schannel(pipes_struct *p)
* data.
*/
- prs_init( &outgoing_pdu, 0, p->mem_ctx, MARSHALL);
+ prs_init_empty( &outgoing_pdu, p->mem_ctx, MARSHALL);
prs_give_memory( &outgoing_pdu, (char *)p->out_data.current_pdu, sizeof(p->out_data.current_pdu), False);
/* Store the header in the data stream. */
@@ -531,7 +531,7 @@ static bool create_next_pdu_noauth(pipes_struct *p)
* data.
*/
- prs_init( &outgoing_pdu, 0, p->mem_ctx, MARSHALL);
+ prs_init_empty( &outgoing_pdu, p->mem_ctx, MARSHALL);
prs_give_memory( &outgoing_pdu, (char *)p->out_data.current_pdu, sizeof(p->out_data.current_pdu), False);
/* Store the header in the data stream. */
@@ -812,7 +812,7 @@ static bool setup_bind_nak(pipes_struct *p)
* header and are never sending more than one PDU here.
*/
- prs_init( &outgoing_rpc, 0, p->mem_ctx, MARSHALL);
+ prs_init_empty( &outgoing_rpc, p->mem_ctx, MARSHALL);
prs_give_memory( &outgoing_rpc, (char *)p->out_data.current_pdu, sizeof(p->out_data.current_pdu), False);
/*
@@ -875,7 +875,7 @@ bool setup_fault_pdu(pipes_struct *p, NTSTATUS status)
* header and are never sending more than one PDU here.
*/
- prs_init( &outgoing_pdu, 0, p->mem_ctx, MARSHALL);
+ prs_init_empty( &outgoing_pdu, p->mem_ctx, MARSHALL);
prs_give_memory( &outgoing_pdu, (char *)p->out_data.current_pdu, sizeof(p->out_data.current_pdu), False);
/*
@@ -944,7 +944,7 @@ bool setup_cancel_ack_reply(pipes_struct *p, prs_struct *rpc_in_p)
* header and are never sending more than one PDU here.
*/
- prs_init( &outgoing_pdu, 0, p->mem_ctx, MARSHALL);
+ prs_init_empty( &outgoing_pdu, p->mem_ctx, MARSHALL);
prs_give_memory( &outgoing_pdu, (char *)p->out_data.current_pdu, sizeof(p->out_data.current_pdu), False);
/*
@@ -1522,7 +1522,7 @@ bool api_pipe_bind_req(pipes_struct *p, prs_struct *rpc_in_p)
return setup_bind_nak(p);
}
- prs_init( &outgoing_rpc, 0, p->mem_ctx, MARSHALL);
+ prs_init_empty( &outgoing_rpc, p->mem_ctx, MARSHALL);
/*
* Marshall directly into the outgoing PDU space. We
@@ -1794,7 +1794,7 @@ bool api_pipe_alter_context(pipes_struct *p, prs_struct *rpc_in_p)
prs_struct outgoing_rpc;
int auth_len = 0;
- prs_init( &outgoing_rpc, 0, p->mem_ctx, MARSHALL);
+ prs_init_empty( &outgoing_rpc, p->mem_ctx, MARSHALL);
/*
* Marshall directly into the outgoing PDU space. We
diff --git a/source3/rpc_server/srv_pipe_hnd.c b/source3/rpc_server/srv_pipe_hnd.c
index 95ce496ba6..45f649d0ce 100644
--- a/source3/rpc_server/srv_pipe_hnd.c
+++ b/source3/rpc_server/srv_pipe_hnd.c
@@ -348,7 +348,7 @@ static void *make_internal_rpc_pipe_p(const char *pipe_name,
/*
* Initialize the outgoing RPC data buffer with no memory.
*/
- prs_init(&p->out_data.rdata, 0, p->mem_ctx, MARSHALL);
+ prs_init_empty(&p->out_data.rdata, p->mem_ctx, MARSHALL);
fstrcpy(p->name, pipe_name);
@@ -408,7 +408,7 @@ static ssize_t unmarshall_rpc_header(pipes_struct *p)
return -1;
}
- prs_init( &rpc_in, 0, p->mem_ctx, UNMARSHALL);
+ prs_init_empty( &rpc_in, p->mem_ctx, UNMARSHALL);
prs_set_endian_data( &rpc_in, p->endian);
prs_give_memory( &rpc_in, (char *)&p->in_data.current_in_pdu[0],
@@ -693,7 +693,7 @@ static void process_complete_pdu(pipes_struct *p)
return;
}
- prs_init( &rpc_in, 0, p->mem_ctx, UNMARSHALL);
+ prs_init_empty( &rpc_in, p->mem_ctx, UNMARSHALL);
/*
* Ensure we're using the corrent endianness for both the
diff --git a/source3/rpc_server/srv_spoolss_nt.c b/source3/rpc_server/srv_spoolss_nt.c
index 3758c8fd63..403beb6782 100644
--- a/source3/rpc_server/srv_spoolss_nt.c
+++ b/source3/rpc_server/srv_spoolss_nt.c
@@ -6033,7 +6033,11 @@ static WERROR update_printer_sec(POLICY_HND *handle, uint32 level,
/* NT seems to like setting the security descriptor even though
nothing may have actually changed. */
- nt_printing_getsec(p->mem_ctx, Printer->sharename, &old_secdesc_ctr);
+ if ( !nt_printing_getsec(p->mem_ctx, Printer->sharename, &old_secdesc_ctr)) {
+ DEBUG(2,("update_printer_sec: nt_printing_getsec() failed\n"));
+ result = WERR_BADFID;
+ goto done;
+ }
if (DEBUGLEVEL >= 10) {
SEC_ACL *the_acl;
diff --git a/source3/rpc_server/srv_winreg_nt.c b/source3/rpc_server/srv_winreg_nt.c
index c76bc19d9c..6e076ea372 100644
--- a/source3/rpc_server/srv_winreg_nt.c
+++ b/source3/rpc_server/srv_winreg_nt.c
@@ -239,7 +239,8 @@ WERROR _winreg_QueryValue(pipes_struct *p, struct winreg_QueryValue *r)
if(regkey->key->type == REG_KEY_HKPD)
{
if(strequal(r->in.value_name.name, "Global")) {
- prs_init(&prs_hkpd, *r->in.data_size, p->mem_ctx, MARSHALL);
+ if (!prs_init(&prs_hkpd, *r->in.data_size, p->mem_ctx, MARSHALL))
+ return WERR_NOMEM;
status = reg_perfcount_get_hkpd(
&prs_hkpd, *r->in.data_size, &outbuf_size, NULL);
outbuf = (uint8_t *)prs_hkpd.data_p;
@@ -260,7 +261,8 @@ WERROR _winreg_QueryValue(pipes_struct *p, struct winreg_QueryValue *r)
else if(isdigit(r->in.value_name.name[0])) {
/* we probably have a request for a specific object
* here */
- prs_init(&prs_hkpd, *r->in.data_size, p->mem_ctx, MARSHALL);
+ if (!prs_init(&prs_hkpd, *r->in.data_size, p->mem_ctx, MARSHALL))
+ return WERR_NOMEM;
status = reg_perfcount_get_hkpd(
&prs_hkpd, *r->in.data_size, &outbuf_size,
r->in.value_name.name);
diff --git a/source3/services/services_db.c b/source3/services/services_db.c
index ae83e72697..620b036932 100644
--- a/source3/services/services_db.c
+++ b/source3/services/services_db.c
@@ -592,7 +592,12 @@ bool svcctl_set_secdesc( TALLOC_CTX *ctx, const char *name, SEC_DESC *sec_desc,
}
/* stream the printer security descriptor */
- prs_init( &ps, RPC_MAX_PDU_FRAG_LEN, key, MARSHALL);
+
+ if (!prs_init( &ps, RPC_MAX_PDU_FRAG_LEN, key, MARSHALL)) {
+ DEBUG(0,("svcctl_set_secdesc: prs_init() failed!\n"));
+ TALLOC_FREE( key );
+ return False;
+ }
if ( sec_io_desc("sec_desc", &sec_desc, &ps, 0 ) ) {
uint32 offset = prs_offset( &ps );
diff --git a/source3/smbd/notify.c b/source3/smbd/notify.c
index 55009ce0b1..ffdf1c22e7 100644
--- a/source3/smbd/notify.c
+++ b/source3/smbd/notify.c
@@ -169,7 +169,7 @@ void change_notify_reply(connection_struct *conn,
return;
}
- prs_init(&ps, 0, NULL, MARSHALL);
+ prs_init_empty(&ps, NULL, MARSHALL);
if (!notify_marshall_changes(notify_buf->num_changes, max_param,
notify_buf->changes, &ps)) {
diff --git a/source3/smbd/uid.c b/source3/smbd/uid.c
index dceea450e6..1a3b7383c9 100644
--- a/source3/smbd/uid.c
+++ b/source3/smbd/uid.c
@@ -387,7 +387,12 @@ static void pop_conn_ctx(void)
void become_root(void)
{
- push_sec_ctx();
+ /*
+ * no good way to handle push_sec_ctx() failing without changing
+ * the prototype of become_root()
+ */
+ if (!push_sec_ctx())
+ return;
push_conn_ctx();
set_root_sec_ctx();
}
diff --git a/source3/utils/net_rpc.c b/source3/utils/net_rpc.c
index 31cc63845e..50465da9b9 100644
--- a/source3/utils/net_rpc.c
+++ b/source3/utils/net_rpc.c
@@ -3048,7 +3048,7 @@ static NTSTATUS rpc_group_members_internals(const DOM_SID *domain_sid,
rpccli_samr_Close(pipe_hnd, mem_ctx, &domain_pol);
- string_to_sid(&sid_Builtin, "S-1-5-32");
+ (void) string_to_sid(&sid_Builtin, "S-1-5-32");
result = rpccli_samr_OpenDomain(pipe_hnd, mem_ctx,
&connect_pol,
@@ -4501,7 +4501,10 @@ static bool get_user_sids(const char *domain, const char *user, NT_USER_TOKEN *t
return False;
}
- string_to_sid(&user_sid, response.data.sid.sid);
+ if (!string_to_sid(&user_sid, response.data.sid.sid)) {
+ DEBUG(1, ("Could not convert string '%s' to SID\n", response.data.sid.sid));
+ return False;
+ }
init_user_token(token, &user_sid);
diff --git a/source3/utils/rpccheck.c b/source3/utils/rpccheck.c
index 63c2f14601..87632db16d 100644
--- a/source3/utils/rpccheck.c
+++ b/source3/utils/rpccheck.c
@@ -40,7 +40,8 @@ main()
ctx=talloc_init("main");
if (!ctx) exit(1);
- prs_init(&ps, 1600, 4, ctx, MARSHALL);
+ if (!prs_init(&ps, 1600, 4, ctx, MARSHALL))
+ exit(1);
while (scanf("%s", s)!=-1) {
if (strlen(s)==2 && strchr_m(filter, *s)!=NULL && strchr_m(filter, *(s+1))!=NULL) {
diff --git a/source3/utils/smbget.c b/source3/utils/smbget.c
index 1b284c1725..3d4a71b71d 100644
--- a/source3/utils/smbget.c
+++ b/source3/utils/smbget.c
@@ -330,7 +330,12 @@ static int smb_download_file(const char *base, const char *name, int recursive,
return 0;
}
- fstat(localhandle, &localstat);
+ if (fstat(localhandle, &localstat) != 0) {
+ fprintf(stderr, "Can't fstat %s: %s\n", newpath, strerror(errno));
+ smbc_close(remotehandle);
+ close(localhandle);
+ return 0;
+ }
start_offset = localstat.st_size;