diff options
Diffstat (limited to 'source3/smbd')
| -rw-r--r-- | source3/smbd/fileio.c | 9 | ||||
| -rw-r--r-- | source3/smbd/seal.c | 3 | ||||
| -rw-r--r-- | source3/smbd/trans2.c | 11 |
3 files changed, 8 insertions, 15 deletions
diff --git a/source3/smbd/fileio.c b/source3/smbd/fileio.c index 60aeeef1e2..e67f926a04 100644 --- a/source3/smbd/fileio.c +++ b/source3/smbd/fileio.c @@ -867,11 +867,14 @@ void set_filelen_write_cache(files_struct *fsp, SMB_OFF_T file_size) /* The cache *must* have been flushed before we do this. */ if (fsp->wcp->data_size != 0) { char *msg; - asprintf(&msg, "set_filelen_write_cache: size change " + if (asprintf(&msg, "set_filelen_write_cache: size change " "on file %s with write cache size = %lu\n", fsp->fsp_name, - (unsigned long)fsp->wcp->data_size); - smb_panic(msg); + (unsigned long)fsp->wcp->data_size) != -1) { + smb_panic(msg); + } else { + smb_panic("set_filelen_write_cache"); + } } fsp->wcp->file_size = file_size; } diff --git a/source3/smbd/seal.c b/source3/smbd/seal.c index 3822ee191e..bd4d853885 100644 --- a/source3/smbd/seal.c +++ b/source3/smbd/seal.c @@ -128,8 +128,7 @@ static NTSTATUS get_srv_gss_creds(const char *service, gss_OID_desc nt_hostbased_service = {10, CONST_DISCARD(char *,"\x2a\x86\x48\x86\xf7\x12\x01\x02\x01\x04")}; - asprintf(&host_princ_s, "%s@%s", service, name); - if (host_princ_s == NULL) { + if (asprintf(&host_princ_s, "%s@%s", service, name) == -1) { return NT_STATUS_NO_MEMORY; } diff --git a/source3/smbd/trans2.c b/source3/smbd/trans2.c index 27e29515e4..1d724bafd8 100644 --- a/source3/smbd/trans2.c +++ b/source3/smbd/trans2.c @@ -3687,7 +3687,7 @@ static NTSTATUS marshall_stream_info(unsigned int num_streams, unsigned int i; unsigned int ofs = 0; - for (i=0; i<num_streams; i++) { + for (i = 0; i < num_streams && ofs <= max_data_bytes; i++) { unsigned int next_offset; size_t namelen; smb_ucs2_t *namebuf; @@ -3706,11 +3706,6 @@ static NTSTATUS marshall_stream_info(unsigned int num_streams, namelen -= 2; - if (ofs + 24 + namelen > max_data_bytes) { - TALLOC_FREE(namebuf); - return NT_STATUS_BUFFER_TOO_SMALL; - } - SIVAL(data, ofs+4, namelen); SOFF_T(data, ofs+8, streams[i].size); SOFF_T(data, ofs+16, streams[i].alloc_size); @@ -3725,10 +3720,6 @@ static NTSTATUS marshall_stream_info(unsigned int num_streams, else { unsigned int align = ndr_align_size(next_offset, 8); - if (next_offset + align > max_data_bytes) { - return NT_STATUS_BUFFER_TOO_SMALL; - } - memset(data+next_offset, 0, align); next_offset += align; |