summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--source3/client/clientutil.c21
-rw-r--r--source3/lib/kanji.c2
-rw-r--r--source3/lib/util.c11
-rw-r--r--source3/smbd/ipc.c54
-rw-r--r--source3/smbd/trans2.c4
-rw-r--r--source3/utils/make_printerdef.c28
6 files changed, 100 insertions, 20 deletions
diff --git a/source3/client/clientutil.c b/source3/client/clientutil.c
index 2afbde85b5..7f5943cb01 100644
--- a/source3/client/clientutil.c
+++ b/source3/client/clientutil.c
@@ -105,6 +105,11 @@ BOOL cli_call_api(char *pipe_name, int pipe_name_len,
if (!inbuf) inbuf = (char *)malloc(BUFFER_SIZE + SAFETY_MARGIN);
if (!outbuf) outbuf = (char *)malloc(BUFFER_SIZE + SAFETY_MARGIN);
+ if(!inbuf || !outbuf) {
+ DEBUG(0,("cli_call_api: malloc fail.\n"));
+ return False;
+ }
+
if (pipe_name_len == 0) pipe_name_len = strlen(pipe_name);
cli_send_trans_request(outbuf,SMBtrans,pipe_name, pipe_name_len, 0,0,
@@ -152,6 +157,11 @@ BOOL cli_receive_trans_response(char *inbuf,int trans,
*data = Realloc(*data,total_data);
*param = Realloc(*param,total_param);
+ if((total_data && !data) || (total_param && !param)) {
+ DEBUG(0,("cli_receive_trans_response: Realloc fail !\n"));
+ return(False);
+ }
+
while (1)
{
this_data = SVAL(inbuf,smb_drcnt);
@@ -458,10 +468,15 @@ BOOL cli_send_login(char *inbuf,char *outbuf,BOOL start_session,BOOL use_setup,
bzero(&opt, sizeof(opt));
if (was_null)
- {
- inbuf = (char *)malloc(BUFFER_SIZE + SAFETY_MARGIN);
- outbuf = (char *)malloc(BUFFER_SIZE + SAFETY_MARGIN);
+ {
+ inbuf = (char *)malloc(BUFFER_SIZE + SAFETY_MARGIN);
+ outbuf = (char *)malloc(BUFFER_SIZE + SAFETY_MARGIN);
+
+ if(!inbuf || !outbuf) {
+ DEBUG(0,("cli_send_login: malloc fail !\n"));
+ return False;
}
+ }
if (strstr(service,"IPC$")) connect_as_ipc = True;
diff --git a/source3/lib/kanji.c b/source3/lib/kanji.c
index 4ca5984d80..04eecb5437 100644
--- a/source3/lib/kanji.c
+++ b/source3/lib/kanji.c
@@ -1173,6 +1173,7 @@ void initialize_multibyte_vectors( int client_codepage)
multibyte_strtok = (char *(*)(char *, char *)) generic_multibyte_strtok;
_skip_multibyte_char = skip_generic_multibyte_char;
is_multibyte_char_1 = hangul_is_multibyte_char_1;
+ break;
case BIG5_CODEPAGE:
multibyte_strchr = (char *(*)(char *, int )) generic_multibyte_strchr;
multibyte_strrchr = (char *(*)(char *, int )) generic_multibyte_strrchr;
@@ -1180,6 +1181,7 @@ void initialize_multibyte_vectors( int client_codepage)
multibyte_strtok = (char *(*)(char *, char *)) generic_multibyte_strtok;
_skip_multibyte_char = skip_generic_multibyte_char;
is_multibyte_char_1 = big5_is_multibyte_char_1;
+ break;
case SIMPLIFIED_CHINESE_CODEPAGE:
multibyte_strchr = (char *(*)(char *, int )) generic_multibyte_strchr;
multibyte_strrchr = (char *(*)(char *, int )) generic_multibyte_strrchr;
diff --git a/source3/lib/util.c b/source3/lib/util.c
index e82abf8c7c..8561c4f3f4 100644
--- a/source3/lib/util.c
+++ b/source3/lib/util.c
@@ -2454,10 +2454,13 @@ BOOL string_init(char **dest,char *src)
if (l == 0)
{
- if (!null_string)
- null_string = (char *)malloc(1);
-
- *null_string = 0;
+ if (!null_string) {
+ if((null_string = (char *)malloc(1)) == NULL) {
+ DEBUG(0,("string_init: malloc fail for null_string.\n"));
+ return False;
+ }
+ *null_string = 0;
+ }
*dest = null_string;
}
else
diff --git a/source3/smbd/ipc.c b/source3/smbd/ipc.c
index 22fd318f63..ec126c89ff 100644
--- a/source3/smbd/ipc.c
+++ b/source3/smbd/ipc.c
@@ -642,7 +642,13 @@ static void fill_printq_info(connection_struct *conn, int snum, int uLevel,
return;
}
- p=(char *)malloc(8192*sizeof(char));
+ if((p=(char *)malloc(8192*sizeof(char))) == NULL) {
+ DEBUG(0,("fill_printq_info: malloc fail !\n"));
+ desc->errcode=NERR_notsupported;
+ fclose(f);
+ return;
+ }
+
bzero(p, 8192*sizeof(char));
q=p;
@@ -741,7 +747,12 @@ static int get_printerdrivernumber(int snum)
return(0);
}
- p=(char *)malloc(8192*sizeof(char));
+ if((p=(char *)malloc(8192*sizeof(char))) == NULL) {
+ DEBUG(3,("get_printerdrivernumber: malloc fail !\n"));
+ fclose(f);
+ return 0;
+ }
+
q=p; /* need it to free memory because p change ! */
/* lookup the long printer driver name in the file description */
@@ -882,11 +893,20 @@ static BOOL api_DosPrintQEnum(connection_struct *conn, uint16 vuid, char* param,
if (lp_snum_ok(i) && lp_print_ok(i) && lp_browseable(i))
queuecnt++;
if (uLevel > 0) {
- queue = (print_queue_struct**)malloc(queuecnt*sizeof(print_queue_struct*));
+ if((queue = (print_queue_struct**)malloc(queuecnt*sizeof(print_queue_struct*))) == NULL) {
+ DEBUG(0,("api_DosPrintQEnum: malloc fail !\n"));
+ return False;
+ }
memset(queue,0,queuecnt*sizeof(print_queue_struct*));
- status = (print_status_struct*)malloc(queuecnt*sizeof(print_status_struct));
+ if((status = (print_status_struct*)malloc(queuecnt*sizeof(print_status_struct))) == NULL) {
+ DEBUG(0,("api_DosPrintQEnum: malloc fail !\n"));
+ return False;
+ }
memset(status,0,queuecnt*sizeof(print_status_struct));
- subcntarr = (int*)malloc(queuecnt*sizeof(int));
+ if((subcntarr = (int*)malloc(queuecnt*sizeof(int))) == NULL) {
+ DEBUG(0,("api_DosPrintQEnum: malloc fail !\n"));
+ return False;
+ }
subcnt = 0;
n = 0;
for (i = 0; i < services; i++)
@@ -3525,13 +3545,18 @@ static int api_reply(connection_struct *conn,uint16 vuid,char *outbuf,char *data
for (i=0;api_commands[i].name;i++)
if (api_commands[i].id == api_command && api_commands[i].fn)
{
- DEBUG(3,("Doing %s\n",api_commands[i].name));
- break;
+ DEBUG(3,("Doing %s\n",api_commands[i].name));
+ break;
}
rdata = (char *)malloc(1024); if (rdata) bzero(rdata,1024);
rparam = (char *)malloc(1024); if (rparam) bzero(rparam,1024);
+ if(!rdata || !rparam) {
+ DEBUG(0,("api_reply: malloc fail !\n"));
+ return -1;
+ }
+
reply = api_commands[i].fn(conn,vuid,params,data,mdrcnt,mprcnt,
&rdata,&rparam,&rdata_len,&rparam_len);
@@ -3629,18 +3654,27 @@ int reply_trans(connection_struct *conn, char *inbuf,char *outbuf, int size, int
}
if (tdscnt) {
- data = (char *)malloc(tdscnt);
+ if((data = (char *)malloc(tdscnt)) == NULL) {
+ DEBUG(0,("reply_trans: data malloc fail for %d bytes !\n", tdscnt));
+ return(ERROR(ERRDOS,ERRnomem));
+ }
memcpy(data,smb_base(inbuf)+dsoff,dscnt);
}
if (tpscnt) {
- params = (char *)malloc(tpscnt);
+ if((params = (char *)malloc(tpscnt)) == NULL) {
+ DEBUG(0,("reply_trans: param malloc fail for %d bytes !\n", tpscnt));
+ return(ERROR(ERRDOS,ERRnomem));
+ }
memcpy(params,smb_base(inbuf)+psoff,pscnt);
}
if (suwcnt) {
int i;
- setup = (uint16 *)malloc(suwcnt*sizeof(setup[0]));
+ if((setup = (uint16 *)malloc(suwcnt*sizeof(uint16))) == NULL) {
+ DEBUG(0,("reply_trans: setup malloc fail for %d bytes !\n", suwcnt * sizeof(uint16)));
+ return(ERROR(ERRDOS,ERRnomem));
+ }
for (i=0;i<suwcnt;i++)
setup[i] = SVAL(inbuf,smb_vwv14+i*SIZEOFWORD);
}
diff --git a/source3/smbd/trans2.c b/source3/smbd/trans2.c
index 70f834af8a..6fd0272a0a 100644
--- a/source3/smbd/trans2.c
+++ b/source3/smbd/trans2.c
@@ -1895,6 +1895,10 @@ int reply_trans2(connection_struct *conn,
if ((total_params && !params) || (total_data && !data)) {
DEBUG(2,("Out of memory in reply_trans2\n"));
+ if(params)
+ free(params);
+ if(data)
+ free(data);
return(ERROR(ERRDOS,ERRnomem));
}
diff --git a/source3/utils/make_printerdef.c b/source3/utils/make_printerdef.c
index aad5bc56f4..c64ce64bbf 100644
--- a/source3/utils/make_printerdef.c
+++ b/source3/utils/make_printerdef.c
@@ -84,6 +84,12 @@ static char *scan(char *chaine,char **entry)
*entry=(char *)malloc(sizeof(pstring));
value=(char *)malloc(sizeof(pstring));
+
+ if(*entry == NULL || value == NULL) {
+ fprintf(stderr,"scan: malloc fail !\n");
+ exit(1);
+ }
+
pstrcpy(*entry,chaine);
temp=chaine;
while( temp[i]!='=' && temp[i]!='\0') {
@@ -134,6 +140,11 @@ static void lookup_strings(FILE *fichier)
temp=(char *)malloc(sizeof(pstring));
temp2=(char *)malloc(sizeof(pstring));
+ if(temp == NULL || temp2 == NULL) {
+ fprintf(stderr,"lookup_strings: malloc fail !\n");
+ exit(1);
+ }
+
*sbuffer[0]='\0';
pstrcpy(temp2,"[Strings]");
@@ -184,6 +195,11 @@ static void lookup_entry(FILE *fichier,char *chaine)
temp=(char *)malloc(sizeof(pstring));
temp2=(char *)malloc(sizeof(pstring));
+ if(temp == NULL || temp2 == NULL) {
+ fprintf(stderr,"lookup_entry: malloc fail !\n");
+ exit(1);
+ }
+
*buffer[0]='\0';
pstrcpy(temp2,"[");
@@ -236,7 +252,7 @@ static char *find_desc(FILE *fichier,char *text)
long_desc=(char *)malloc(sizeof(pstring));
short_desc=(char *)malloc(sizeof(pstring));
if (!chaine || !long_desc || !short_desc) {
- fprintf(stderr,"Unable to malloc memory\n");
+ fprintf(stderr,"find_desc: Unable to malloc memory\n");
exit(1);
}
@@ -363,7 +379,10 @@ static void scan_short_desc(FILE *fichier, char *short_desc)
helpfile=0;
languagemonitor=0;
datatype="RAW";
- temp=(char *)malloc(sizeof(pstring));
+ if((temp=(char *)malloc(sizeof(pstring))) == NULL) {
+ fprintf(stderr, "scan_short_desc: malloc fail !\n");
+ exit(1);
+ }
driverfile=short_desc;
datafile=short_desc;
@@ -472,7 +491,10 @@ int main(int argc, char *argv[])
lookup_entry(inf_file,"DestinationDirs");
build_subdir();
- files_to_copy=(char *)malloc(2048*sizeof(char));
+ if((files_to_copy=(char *)malloc(2048*sizeof(char))) == NULL) {
+ fprintf(stderr, "%s: malloc fail.\n", argv[0] );
+ exit(1);
+ }
*files_to_copy='\0';
scan_short_desc(inf_file,short_desc);
fprintf(stdout,"%s:%s:%s:",