diff options
-rw-r--r-- | source3/client/clientutil.c | 21 | ||||
-rw-r--r-- | source3/lib/kanji.c | 2 | ||||
-rw-r--r-- | source3/lib/util.c | 11 | ||||
-rw-r--r-- | source3/smbd/ipc.c | 54 | ||||
-rw-r--r-- | source3/smbd/trans2.c | 4 | ||||
-rw-r--r-- | source3/utils/make_printerdef.c | 28 |
6 files changed, 100 insertions, 20 deletions
diff --git a/source3/client/clientutil.c b/source3/client/clientutil.c index 2afbde85b5..7f5943cb01 100644 --- a/source3/client/clientutil.c +++ b/source3/client/clientutil.c @@ -105,6 +105,11 @@ BOOL cli_call_api(char *pipe_name, int pipe_name_len, if (!inbuf) inbuf = (char *)malloc(BUFFER_SIZE + SAFETY_MARGIN); if (!outbuf) outbuf = (char *)malloc(BUFFER_SIZE + SAFETY_MARGIN); + if(!inbuf || !outbuf) { + DEBUG(0,("cli_call_api: malloc fail.\n")); + return False; + } + if (pipe_name_len == 0) pipe_name_len = strlen(pipe_name); cli_send_trans_request(outbuf,SMBtrans,pipe_name, pipe_name_len, 0,0, @@ -152,6 +157,11 @@ BOOL cli_receive_trans_response(char *inbuf,int trans, *data = Realloc(*data,total_data); *param = Realloc(*param,total_param); + if((total_data && !data) || (total_param && !param)) { + DEBUG(0,("cli_receive_trans_response: Realloc fail !\n")); + return(False); + } + while (1) { this_data = SVAL(inbuf,smb_drcnt); @@ -458,10 +468,15 @@ BOOL cli_send_login(char *inbuf,char *outbuf,BOOL start_session,BOOL use_setup, bzero(&opt, sizeof(opt)); if (was_null) - { - inbuf = (char *)malloc(BUFFER_SIZE + SAFETY_MARGIN); - outbuf = (char *)malloc(BUFFER_SIZE + SAFETY_MARGIN); + { + inbuf = (char *)malloc(BUFFER_SIZE + SAFETY_MARGIN); + outbuf = (char *)malloc(BUFFER_SIZE + SAFETY_MARGIN); + + if(!inbuf || !outbuf) { + DEBUG(0,("cli_send_login: malloc fail !\n")); + return False; } + } if (strstr(service,"IPC$")) connect_as_ipc = True; diff --git a/source3/lib/kanji.c b/source3/lib/kanji.c index 4ca5984d80..04eecb5437 100644 --- a/source3/lib/kanji.c +++ b/source3/lib/kanji.c @@ -1173,6 +1173,7 @@ void initialize_multibyte_vectors( int client_codepage) multibyte_strtok = (char *(*)(char *, char *)) generic_multibyte_strtok; _skip_multibyte_char = skip_generic_multibyte_char; is_multibyte_char_1 = hangul_is_multibyte_char_1; + break; case BIG5_CODEPAGE: multibyte_strchr = (char *(*)(char *, int )) generic_multibyte_strchr; multibyte_strrchr = (char *(*)(char *, int )) generic_multibyte_strrchr; @@ -1180,6 +1181,7 @@ void initialize_multibyte_vectors( int client_codepage) multibyte_strtok = (char *(*)(char *, char *)) generic_multibyte_strtok; _skip_multibyte_char = skip_generic_multibyte_char; is_multibyte_char_1 = big5_is_multibyte_char_1; + break; case SIMPLIFIED_CHINESE_CODEPAGE: multibyte_strchr = (char *(*)(char *, int )) generic_multibyte_strchr; multibyte_strrchr = (char *(*)(char *, int )) generic_multibyte_strrchr; diff --git a/source3/lib/util.c b/source3/lib/util.c index e82abf8c7c..8561c4f3f4 100644 --- a/source3/lib/util.c +++ b/source3/lib/util.c @@ -2454,10 +2454,13 @@ BOOL string_init(char **dest,char *src) if (l == 0) { - if (!null_string) - null_string = (char *)malloc(1); - - *null_string = 0; + if (!null_string) { + if((null_string = (char *)malloc(1)) == NULL) { + DEBUG(0,("string_init: malloc fail for null_string.\n")); + return False; + } + *null_string = 0; + } *dest = null_string; } else diff --git a/source3/smbd/ipc.c b/source3/smbd/ipc.c index 22fd318f63..ec126c89ff 100644 --- a/source3/smbd/ipc.c +++ b/source3/smbd/ipc.c @@ -642,7 +642,13 @@ static void fill_printq_info(connection_struct *conn, int snum, int uLevel, return; } - p=(char *)malloc(8192*sizeof(char)); + if((p=(char *)malloc(8192*sizeof(char))) == NULL) { + DEBUG(0,("fill_printq_info: malloc fail !\n")); + desc->errcode=NERR_notsupported; + fclose(f); + return; + } + bzero(p, 8192*sizeof(char)); q=p; @@ -741,7 +747,12 @@ static int get_printerdrivernumber(int snum) return(0); } - p=(char *)malloc(8192*sizeof(char)); + if((p=(char *)malloc(8192*sizeof(char))) == NULL) { + DEBUG(3,("get_printerdrivernumber: malloc fail !\n")); + fclose(f); + return 0; + } + q=p; /* need it to free memory because p change ! */ /* lookup the long printer driver name in the file description */ @@ -882,11 +893,20 @@ static BOOL api_DosPrintQEnum(connection_struct *conn, uint16 vuid, char* param, if (lp_snum_ok(i) && lp_print_ok(i) && lp_browseable(i)) queuecnt++; if (uLevel > 0) { - queue = (print_queue_struct**)malloc(queuecnt*sizeof(print_queue_struct*)); + if((queue = (print_queue_struct**)malloc(queuecnt*sizeof(print_queue_struct*))) == NULL) { + DEBUG(0,("api_DosPrintQEnum: malloc fail !\n")); + return False; + } memset(queue,0,queuecnt*sizeof(print_queue_struct*)); - status = (print_status_struct*)malloc(queuecnt*sizeof(print_status_struct)); + if((status = (print_status_struct*)malloc(queuecnt*sizeof(print_status_struct))) == NULL) { + DEBUG(0,("api_DosPrintQEnum: malloc fail !\n")); + return False; + } memset(status,0,queuecnt*sizeof(print_status_struct)); - subcntarr = (int*)malloc(queuecnt*sizeof(int)); + if((subcntarr = (int*)malloc(queuecnt*sizeof(int))) == NULL) { + DEBUG(0,("api_DosPrintQEnum: malloc fail !\n")); + return False; + } subcnt = 0; n = 0; for (i = 0; i < services; i++) @@ -3525,13 +3545,18 @@ static int api_reply(connection_struct *conn,uint16 vuid,char *outbuf,char *data for (i=0;api_commands[i].name;i++) if (api_commands[i].id == api_command && api_commands[i].fn) { - DEBUG(3,("Doing %s\n",api_commands[i].name)); - break; + DEBUG(3,("Doing %s\n",api_commands[i].name)); + break; } rdata = (char *)malloc(1024); if (rdata) bzero(rdata,1024); rparam = (char *)malloc(1024); if (rparam) bzero(rparam,1024); + if(!rdata || !rparam) { + DEBUG(0,("api_reply: malloc fail !\n")); + return -1; + } + reply = api_commands[i].fn(conn,vuid,params,data,mdrcnt,mprcnt, &rdata,&rparam,&rdata_len,&rparam_len); @@ -3629,18 +3654,27 @@ int reply_trans(connection_struct *conn, char *inbuf,char *outbuf, int size, int } if (tdscnt) { - data = (char *)malloc(tdscnt); + if((data = (char *)malloc(tdscnt)) == NULL) { + DEBUG(0,("reply_trans: data malloc fail for %d bytes !\n", tdscnt)); + return(ERROR(ERRDOS,ERRnomem)); + } memcpy(data,smb_base(inbuf)+dsoff,dscnt); } if (tpscnt) { - params = (char *)malloc(tpscnt); + if((params = (char *)malloc(tpscnt)) == NULL) { + DEBUG(0,("reply_trans: param malloc fail for %d bytes !\n", tpscnt)); + return(ERROR(ERRDOS,ERRnomem)); + } memcpy(params,smb_base(inbuf)+psoff,pscnt); } if (suwcnt) { int i; - setup = (uint16 *)malloc(suwcnt*sizeof(setup[0])); + if((setup = (uint16 *)malloc(suwcnt*sizeof(uint16))) == NULL) { + DEBUG(0,("reply_trans: setup malloc fail for %d bytes !\n", suwcnt * sizeof(uint16))); + return(ERROR(ERRDOS,ERRnomem)); + } for (i=0;i<suwcnt;i++) setup[i] = SVAL(inbuf,smb_vwv14+i*SIZEOFWORD); } diff --git a/source3/smbd/trans2.c b/source3/smbd/trans2.c index 70f834af8a..6fd0272a0a 100644 --- a/source3/smbd/trans2.c +++ b/source3/smbd/trans2.c @@ -1895,6 +1895,10 @@ int reply_trans2(connection_struct *conn, if ((total_params && !params) || (total_data && !data)) { DEBUG(2,("Out of memory in reply_trans2\n")); + if(params) + free(params); + if(data) + free(data); return(ERROR(ERRDOS,ERRnomem)); } diff --git a/source3/utils/make_printerdef.c b/source3/utils/make_printerdef.c index aad5bc56f4..c64ce64bbf 100644 --- a/source3/utils/make_printerdef.c +++ b/source3/utils/make_printerdef.c @@ -84,6 +84,12 @@ static char *scan(char *chaine,char **entry) *entry=(char *)malloc(sizeof(pstring)); value=(char *)malloc(sizeof(pstring)); + + if(*entry == NULL || value == NULL) { + fprintf(stderr,"scan: malloc fail !\n"); + exit(1); + } + pstrcpy(*entry,chaine); temp=chaine; while( temp[i]!='=' && temp[i]!='\0') { @@ -134,6 +140,11 @@ static void lookup_strings(FILE *fichier) temp=(char *)malloc(sizeof(pstring)); temp2=(char *)malloc(sizeof(pstring)); + if(temp == NULL || temp2 == NULL) { + fprintf(stderr,"lookup_strings: malloc fail !\n"); + exit(1); + } + *sbuffer[0]='\0'; pstrcpy(temp2,"[Strings]"); @@ -184,6 +195,11 @@ static void lookup_entry(FILE *fichier,char *chaine) temp=(char *)malloc(sizeof(pstring)); temp2=(char *)malloc(sizeof(pstring)); + if(temp == NULL || temp2 == NULL) { + fprintf(stderr,"lookup_entry: malloc fail !\n"); + exit(1); + } + *buffer[0]='\0'; pstrcpy(temp2,"["); @@ -236,7 +252,7 @@ static char *find_desc(FILE *fichier,char *text) long_desc=(char *)malloc(sizeof(pstring)); short_desc=(char *)malloc(sizeof(pstring)); if (!chaine || !long_desc || !short_desc) { - fprintf(stderr,"Unable to malloc memory\n"); + fprintf(stderr,"find_desc: Unable to malloc memory\n"); exit(1); } @@ -363,7 +379,10 @@ static void scan_short_desc(FILE *fichier, char *short_desc) helpfile=0; languagemonitor=0; datatype="RAW"; - temp=(char *)malloc(sizeof(pstring)); + if((temp=(char *)malloc(sizeof(pstring))) == NULL) { + fprintf(stderr, "scan_short_desc: malloc fail !\n"); + exit(1); + } driverfile=short_desc; datafile=short_desc; @@ -472,7 +491,10 @@ int main(int argc, char *argv[]) lookup_entry(inf_file,"DestinationDirs"); build_subdir(); - files_to_copy=(char *)malloc(2048*sizeof(char)); + if((files_to_copy=(char *)malloc(2048*sizeof(char))) == NULL) { + fprintf(stderr, "%s: malloc fail.\n", argv[0] ); + exit(1); + } *files_to_copy='\0'; scan_short_desc(inf_file,short_desc); fprintf(stdout,"%s:%s:%s:", |