diff options
Diffstat (limited to 'source3/libsmb')
-rw-r--r-- | source3/libsmb/cli_lsarpc.c | 28 | ||||
-rw-r--r-- | source3/libsmb/clientgen.c | 4 | ||||
-rw-r--r-- | source3/libsmb/clisecdesc.c | 39 | ||||
-rw-r--r-- | source3/libsmb/clitrans.c | 7 |
4 files changed, 59 insertions, 19 deletions
diff --git a/source3/libsmb/cli_lsarpc.c b/source3/libsmb/cli_lsarpc.c index 4199ab2648..60fab75cca 100644 --- a/source3/libsmb/cli_lsarpc.c +++ b/source3/libsmb/cli_lsarpc.c @@ -109,12 +109,16 @@ uint32 cli_lsa_open_policy(struct cli_state *cli, BOOL sec_qos, if (!lsa_io_q_open_pol("", &q, &qbuf, 0) || !rpc_api_pipe_req(cli, LSA_OPENPOLICY, &qbuf, &rbuf)) { + prs_mem_free(&qbuf); + prs_mem_free(&rbuf); return NT_STATUS_UNSUCCESSFUL; } /* Unmarshall response */ if (!lsa_io_r_open_pol("", &r, &rbuf, 0)) { + prs_mem_free(&qbuf); + prs_mem_free(&rbuf); return NT_STATUS_UNSUCCESSFUL; } @@ -126,6 +130,8 @@ uint32 cli_lsa_open_policy(struct cli_state *cli, BOOL sec_qos, *hnd = r.pol; } + prs_mem_free(&qbuf); + prs_mem_free(&rbuf); return result; } @@ -152,12 +158,16 @@ uint32 cli_lsa_close(struct cli_state *cli, POLICY_HND *hnd) if (!lsa_io_q_close("", &q, &qbuf, 0) || !rpc_api_pipe_req(cli, LSA_CLOSE, &qbuf, &rbuf)) { + prs_mem_free(&qbuf); + prs_mem_free(&rbuf); return NT_STATUS_UNSUCCESSFUL; } /* Unmarshall response */ if (!lsa_io_r_close("", &r, &rbuf, 0)) { + prs_mem_free(&qbuf); + prs_mem_free(&rbuf); return NT_STATUS_UNSUCCESSFUL; } @@ -169,6 +179,8 @@ uint32 cli_lsa_close(struct cli_state *cli, POLICY_HND *hnd) *hnd = r.pol; } + prs_mem_free(&qbuf); + prs_mem_free(&rbuf); return result; } @@ -200,6 +212,8 @@ uint32 cli_lsa_lookup_sids(struct cli_state *cli, POLICY_HND *hnd, if (!lsa_io_q_lookup_sids("", &q, &qbuf, 0) || !rpc_api_pipe_req(cli, LSA_LOOKUPSIDS, &qbuf, &rbuf)) { + prs_mem_free(&qbuf); + prs_mem_free(&rbuf); return NT_STATUS_UNSUCCESSFUL; } @@ -212,6 +226,8 @@ uint32 cli_lsa_lookup_sids(struct cli_state *cli, POLICY_HND *hnd, r.names = &t_names; if (!lsa_io_r_lookup_sids("", &r, &rbuf, 0)) { + prs_mem_free(&qbuf); + prs_mem_free(&rbuf); return NT_STATUS_UNSUCCESSFUL; } @@ -271,6 +287,9 @@ uint32 cli_lsa_lookup_sids(struct cli_state *cli, POLICY_HND *hnd, } done: + prs_mem_free(&qbuf); + prs_mem_free(&rbuf); + return result; } @@ -301,6 +320,8 @@ uint32 cli_lsa_lookup_names(struct cli_state *cli, POLICY_HND *hnd, if (!lsa_io_q_lookup_names("", &q, &qbuf, 0) || !rpc_api_pipe_req(cli, LSA_LOOKUPNAMES, &qbuf, &rbuf)) { + prs_mem_free(&qbuf); + prs_mem_free(&rbuf); return NT_STATUS_UNSUCCESSFUL; } @@ -309,7 +330,9 @@ uint32 cli_lsa_lookup_names(struct cli_state *cli, POLICY_HND *hnd, ZERO_STRUCT(ref); r.dom_ref = &ref; - if (!lsa_io_r_lookup_names(cli->mem_ctx, "", &r, &rbuf, 0)) { + if (!lsa_io_r_lookup_names("", &r, &rbuf, 0)) { + prs_mem_free(&qbuf); + prs_mem_free(&rbuf); return NT_STATUS_UNSUCCESSFUL; } @@ -366,5 +389,8 @@ uint32 cli_lsa_lookup_names(struct cli_state *cli, POLICY_HND *hnd, } done: + prs_mem_free(&qbuf); + prs_mem_free(&rbuf); + return result; } diff --git a/source3/libsmb/clientgen.c b/source3/libsmb/clientgen.c index 8d9e2f034f..1938049806 100644 --- a/source3/libsmb/clientgen.c +++ b/source3/libsmb/clientgen.c @@ -209,13 +209,13 @@ struct cli_state *cli_initialise(struct cli_state *cli) cli->inbuf = (char *)malloc(cli->bufsize); if (!cli->outbuf || !cli->inbuf) { - return False; + return NULL; } if ((cli->mem_ctx = talloc_init()) == NULL) { free(cli->outbuf); free(cli->inbuf); - return False; + return NULL; } memset(cli->outbuf, '\0', cli->bufsize); diff --git a/source3/libsmb/clisecdesc.c b/source3/libsmb/clisecdesc.c index b56e1ea688..d53b3073b2 100644 --- a/source3/libsmb/clisecdesc.c +++ b/source3/libsmb/clisecdesc.c @@ -36,7 +36,6 @@ SEC_DESC *cli_query_secdesc(struct cli_state *cli,int fd) TALLOC_CTX *mem_ctx; prs_struct pd; SEC_DESC *psd = NULL; - SEC_DESC *ret; SIVAL(param, 0, fd); SSVAL(param, 4, 0x7); @@ -48,7 +47,7 @@ SEC_DESC *cli_query_secdesc(struct cli_state *cli,int fd) param, 8, 4, NULL, 0, 0x10000)) { DEBUG(1,("Failed to send NT_TRANSACT_QUERY_SECURITY_DESC\n")); - return NULL; + goto cleanup; } @@ -56,12 +55,12 @@ SEC_DESC *cli_query_secdesc(struct cli_state *cli,int fd) &rparam, &rparam_count, &rdata, &rdata_count)) { DEBUG(1,("Failed to recv NT_TRANSACT_QUERY_SECURITY_DESC\n")); - return NULL; + goto cleanup; } if ((mem_ctx = talloc_init()) == NULL) { DEBUG(0,("talloc_init failed.\n")); - return NULL; + goto cleanup; } prs_init(&pd, rdata_count, 4, mem_ctx, UNMARSHALL); @@ -70,13 +69,17 @@ SEC_DESC *cli_query_secdesc(struct cli_state *cli,int fd) if (!sec_io_desc("sd data", &psd, &pd, 1)) { DEBUG(1,("Failed to parse secdesc\n")); - talloc_destroy(mem_ctx); - return NULL; + goto cleanup; } - ret = dup_sec_desc(psd); + cleanup: + talloc_destroy(mem_ctx); - return ret; + safe_free(rparam); + safe_free(rdata); + + prs_mem_free(&pd); + return psd; } @@ -92,10 +95,11 @@ BOOL cli_set_secdesc(struct cli_state *cli,int fd, SEC_DESC *sd) int rparam_count=0, rdata_count=0; TALLOC_CTX *mem_ctx; prs_struct pd; + BOOL ret = False; if ((mem_ctx = talloc_init()) == NULL) { DEBUG(0,("talloc_init failed.\n")); - return False; + goto cleanup; } prs_init(&pd, 0, 4, mem_ctx, MARSHALL); @@ -103,7 +107,7 @@ BOOL cli_set_secdesc(struct cli_state *cli,int fd, SEC_DESC *sd) if (!sec_io_desc("sd data", &sd, &pd, 1)) { DEBUG(1,("Failed to marshall secdesc\n")); - return False; + goto cleanup; } SIVAL(param, 0, fd); @@ -116,7 +120,7 @@ BOOL cli_set_secdesc(struct cli_state *cli,int fd, SEC_DESC *sd) param, 8, 0, pd.data_p, pd.data_offset, 0)) { DEBUG(1,("Failed to send NT_TRANSACT_SET_SECURITY_DESC\n")); - return False; + goto cleanup; } @@ -124,14 +128,19 @@ BOOL cli_set_secdesc(struct cli_state *cli,int fd, SEC_DESC *sd) &rparam, &rparam_count, &rdata, &rdata_count)) { DEBUG(1,("NT_TRANSACT_SET_SECURITY_DESC failed\n")); - return False; + goto cleanup; } - if (rparam) free(rparam); - if (rdata) free(rdata); + ret = True; + + cleanup: + + safe_free(rparam); + safe_free(rdata); talloc_destroy(mem_ctx); - return True; + prs_mem_free(&pd); + return ret; } diff --git a/source3/libsmb/clitrans.c b/source3/libsmb/clitrans.c index 50ed68ee16..5cd6ae30ce 100644 --- a/source3/libsmb/clitrans.c +++ b/source3/libsmb/clitrans.c @@ -170,8 +170,13 @@ BOOL cli_receive_trans(struct cli_state *cli,int trans, if (cli_error(cli, &eclass, &ecode, NULL)) { - if(cli->nt_pipe_fnum == 0 || !(eclass == ERRDOS && ecode == ERRmoredata)) + if(cli->nt_pipe_fnum == 0) return(False); + + if(!(eclass == ERRDOS && ecode == ERRmoredata)) { + if (eclass != 0 && (ecode != (0x80000000 | STATUS_BUFFER_OVERFLOW))) + return(False); + } } /* parse out the lengths */ |