summaryrefslogtreecommitdiff
path: root/source3/smbd
diff options
context:
space:
mode:
Diffstat (limited to 'source3/smbd')
-rw-r--r--source3/smbd/lanman.c176
-rw-r--r--source3/smbd/msdfs.c6
-rw-r--r--source3/smbd/nttrans.c13
-rw-r--r--source3/smbd/password.c2
-rw-r--r--source3/smbd/session.c4
-rw-r--r--source3/smbd/trans2.c79
6 files changed, 216 insertions, 64 deletions
diff --git a/source3/smbd/lanman.c b/source3/smbd/lanman.c
index ca6cc57cc3..a78681bad8 100644
--- a/source3/smbd/lanman.c
+++ b/source3/smbd/lanman.c
@@ -798,6 +798,9 @@ static BOOL api_DosPrintQGetInfo(connection_struct *conn,
*rdata_len = 0;
*rparam_len = 6;
*rparam = SMB_REALLOC_LIMIT(*rparam,*rparam_len);
+ if (!*rparam) {
+ return False;
+ }
SSVALS(*rparam,0,ERRunknownlevel);
SSVAL(*rparam,2,0);
SSVAL(*rparam,4,0);
@@ -817,6 +820,9 @@ static BOOL api_DosPrintQGetInfo(connection_struct *conn,
if (mdrcnt > 0) {
*rdata = SMB_REALLOC_LIMIT(*rdata,mdrcnt);
+ if (!*rdata) {
+ return False;
+ }
desc.base = *rdata;
desc.buflen = mdrcnt;
} else {
@@ -846,6 +852,9 @@ static BOOL api_DosPrintQGetInfo(connection_struct *conn,
*rdata_len = desc.usedlen;
*rparam_len = 6;
*rparam = SMB_REALLOC_LIMIT(*rparam,*rparam_len);
+ if (!*rparam) {
+ return False;
+ }
SSVALS(*rparam,0,desc.errcode);
SSVAL(*rparam,2,0);
SSVAL(*rparam,4,desc.neededlen);
@@ -896,6 +905,9 @@ static BOOL api_DosPrintQEnum(connection_struct *conn, uint16 vuid, char* param,
*rdata_len = 0;
*rparam_len = 6;
*rparam = SMB_REALLOC_LIMIT(*rparam,*rparam_len);
+ if (!*rparam) {
+ return False;
+ }
SSVALS(*rparam,0,ERRunknownlevel);
SSVAL(*rparam,2,0);
SSVAL(*rparam,4,0);
@@ -1066,15 +1078,11 @@ static int get_server_info(uint32 servertype,
}
if (count == alloced) {
- struct srv_info_struct *ts;
-
alloced += 10;
- ts = SMB_REALLOC_ARRAY(*servers,struct srv_info_struct, alloced);
- if (!ts) {
+ *servers = SMB_REALLOC_ARRAY(*servers,struct srv_info_struct, alloced);
+ if (!*servers) {
DEBUG(0,("get_server_info: failed to enlarge servers info struct!\n"));
return 0;
- } else {
- *servers = ts;
}
memset((char *)((*servers)+count),'\0',sizeof(**servers)*(alloced-count));
}
@@ -1332,6 +1340,9 @@ static BOOL api_RNetServerEnum(connection_struct *conn, uint16 vuid, char *param
*rdata_len = fixed_len + string_len;
*rdata = SMB_REALLOC_LIMIT(*rdata,*rdata_len);
+ if (!*rdata) {
+ return False;
+ }
memset(*rdata,'\0',*rdata_len);
p2 = (*rdata) + fixed_len; /* auxilliary data (strings) will go here */
@@ -1359,6 +1370,9 @@ static BOOL api_RNetServerEnum(connection_struct *conn, uint16 vuid, char *param
*rparam_len = 8;
*rparam = SMB_REALLOC_LIMIT(*rparam,*rparam_len);
+ if (!*rparam) {
+ return False;
+ }
SSVAL(*rparam,0,(missed == 0 ? NERR_Success : ERRmoredata));
SSVAL(*rparam,2,0);
SSVAL(*rparam,4,counted);
@@ -1399,6 +1413,9 @@ static BOOL api_RNetGroupGetUsers(connection_struct *conn, uint16 vuid, char *pa
*rparam_len = 8;
*rparam = SMB_REALLOC_LIMIT(*rparam,*rparam_len);
+ if (!*rparam) {
+ return False;
+ }
SSVAL(*rparam,0,0x08AC); /* informational warning message */
SSVAL(*rparam,2,0);
@@ -1581,6 +1598,9 @@ static BOOL api_RNetShareGetInfo(connection_struct *conn,uint16 vuid, char *para
}
*rdata = SMB_REALLOC_LIMIT(*rdata,mdrcnt);
+ if (!*rdata) {
+ return False;
+ }
p = *rdata;
*rdata_len = fill_share_info(conn,snum,uLevel,&p,&mdrcnt,0,0,0);
if (*rdata_len < 0) {
@@ -1589,6 +1609,9 @@ static BOOL api_RNetShareGetInfo(connection_struct *conn,uint16 vuid, char *para
*rparam_len = 6;
*rparam = SMB_REALLOC_LIMIT(*rparam,*rparam_len);
+ if (!*rparam) {
+ return False;
+ }
SSVAL(*rparam,0,NERR_Success);
SSVAL(*rparam,2,0); /* converter word */
SSVAL(*rparam,4,*rdata_len);
@@ -1665,6 +1688,9 @@ static BOOL api_RNetShareEnum( connection_struct *conn,
*rdata_len = fixed_len + string_len;
*rdata = SMB_REALLOC_LIMIT(*rdata,*rdata_len);
+ if (!*rdata) {
+ return False;
+ }
memset(*rdata,0,*rdata_len);
p2 = (*rdata) + fixed_len; /* auxiliary data (strings) will go here */
@@ -1688,6 +1714,9 @@ static BOOL api_RNetShareEnum( connection_struct *conn,
*rparam_len = 8;
*rparam = SMB_REALLOC_LIMIT(*rparam,*rparam_len);
+ if (!*rparam) {
+ return False;
+ }
SSVAL(*rparam,0,missed ? ERRmoredata : NERR_Success);
SSVAL(*rparam,2,0);
SSVAL(*rparam,4,counted);
@@ -1792,6 +1821,9 @@ static BOOL api_RNetShareAdd(connection_struct *conn,uint16 vuid, char *param,ch
*rparam_len = 6;
*rparam = SMB_REALLOC_LIMIT(*rparam,*rparam_len);
+ if (!*rparam) {
+ return False;
+ }
SSVAL(*rparam,0,NERR_Success);
SSVAL(*rparam,2,0); /* converter word */
SSVAL(*rparam,4,*rdata_len);
@@ -1803,6 +1835,9 @@ static BOOL api_RNetShareAdd(connection_struct *conn,uint16 vuid, char *param,ch
*rparam_len = 4;
*rparam = SMB_REALLOC_LIMIT(*rparam,*rparam_len);
+ if (!*rparam) {
+ return False;
+ }
*rdata_len = 0;
SSVAL(*rparam,0,res);
SSVAL(*rparam,2,0);
@@ -1868,6 +1903,9 @@ static BOOL api_RNetGroupEnum(connection_struct *conn,uint16 vuid, char *param,c
*rdata_len = cli_buf_size;
*rdata = SMB_REALLOC_LIMIT(*rdata,*rdata_len);
+ if (!*rdata) {
+ return False;
+ }
p = *rdata;
@@ -1895,7 +1933,9 @@ static BOOL api_RNetGroupEnum(connection_struct *conn,uint16 vuid, char *param,c
*rparam_len = 8;
*rparam = SMB_REALLOC_LIMIT(*rparam,*rparam_len);
-
+ if (!*rparam) {
+ return False;
+ }
SSVAL(*rparam, 0, errflags);
SSVAL(*rparam, 2, 0); /* converter word */
SSVAL(*rparam, 4, i); /* is this right?? */
@@ -1933,6 +1973,9 @@ static BOOL api_NetUserGetGroups(connection_struct *conn,uint16 vuid, char *para
*rparam_len = 8;
*rparam = SMB_REALLOC_LIMIT(*rparam,*rparam_len);
+ if (!*rparam) {
+ return False;
+ }
/* check it's a supported varient */
@@ -1952,7 +1995,9 @@ static BOOL api_NetUserGetGroups(connection_struct *conn,uint16 vuid, char *para
*rdata_len = mdrcnt + 1024;
*rdata = SMB_REALLOC_LIMIT(*rdata,*rdata_len);
-
+ if (!*rdata) {
+ return False;
+ }
SSVAL(*rparam,0,NERR_Success);
SSVAL(*rparam,2,0); /* converter word */
@@ -2068,6 +2113,9 @@ static BOOL api_RNetUserEnum(connection_struct *conn,uint16 vuid, char *param,ch
*rparam_len = 8;
*rparam = SMB_REALLOC_LIMIT(*rparam,*rparam_len);
+ if (!*rparam) {
+ return False;
+ }
/* check it's a supported varient */
if (strcmp("B21",str2) != 0)
@@ -2075,6 +2123,9 @@ static BOOL api_RNetUserEnum(connection_struct *conn,uint16 vuid, char *param,ch
*rdata_len = cli_buf_size;
*rdata = SMB_REALLOC_LIMIT(*rdata,*rdata_len);
+ if (!*rdata) {
+ return False;
+ }
p = *rdata;
@@ -2138,9 +2189,15 @@ static BOOL api_NetRemoteTOD(connection_struct *conn,uint16 vuid, char *param,ch
*rparam_len = 4;
*rparam = SMB_REALLOC_LIMIT(*rparam,*rparam_len);
+ if (!*rparam) {
+ return False;
+ }
*rdata_len = 21;
*rdata = SMB_REALLOC_LIMIT(*rdata,*rdata_len);
+ if (!*rdata) {
+ return False;
+ }
SSVAL(*rparam,0,NERR_Success);
SSVAL(*rparam,2,0); /* converter word */
@@ -2194,6 +2251,9 @@ static BOOL api_SetUserPassword(connection_struct *conn,uint16 vuid, char *param
*rparam_len = 4;
*rparam = SMB_REALLOC_LIMIT(*rparam,*rparam_len);
+ if (!*rparam) {
+ return False;
+ }
*rdata_len = 0;
@@ -2266,6 +2326,9 @@ static BOOL api_SamOEMChangePassword(connection_struct *conn,uint16 vuid, char *
char *p = param + 2;
*rparam_len = 2;
*rparam = SMB_REALLOC_LIMIT(*rparam,*rparam_len);
+ if (!*rparam) {
+ return False;
+ }
*rdata_len = 0;
@@ -2333,6 +2396,9 @@ static BOOL api_RDosPrintJobDel(connection_struct *conn,uint16 vuid, char *param
*rparam_len = 4;
*rparam = SMB_REALLOC_LIMIT(*rparam,*rparam_len);
+ if (!*rparam) {
+ return False;
+ }
*rdata_len = 0;
if (!print_job_exists(sharename, jobid)) {
@@ -2396,6 +2462,9 @@ static BOOL api_WPrintQueueCtrl(connection_struct *conn,uint16 vuid, char *param
*rparam_len = 4;
*rparam = SMB_REALLOC_LIMIT(*rparam,*rparam_len);
+ if (!*rparam) {
+ return False;
+ }
*rdata_len = 0;
snum = print_queue_snum(QueueName);
@@ -2470,6 +2539,9 @@ static BOOL api_PrintJobInfo(connection_struct *conn,uint16 vuid,char *param,cha
return False;
*rparam_len = 4;
*rparam = SMB_REALLOC_LIMIT(*rparam,*rparam_len);
+ if (!*rparam) {
+ return False;
+ }
if ( (snum = lp_servicenumber(sharename)) == -1 ) {
DEBUG(0,("api_PrintJobInfo: unable to get service number from sharename [%s]\n",
@@ -2586,6 +2658,9 @@ static BOOL api_RNetServerGetInfo(connection_struct *conn,uint16 vuid, char *par
*rdata_len = mdrcnt;
*rdata = SMB_REALLOC_LIMIT(*rdata,*rdata_len);
+ if (!*rdata) {
+ return False;
+ }
p = *rdata;
p2 = p + struct_len;
@@ -2635,6 +2710,9 @@ static BOOL api_RNetServerGetInfo(connection_struct *conn,uint16 vuid, char *par
*rparam_len = 6;
*rparam = SMB_REALLOC_LIMIT(*rparam,*rparam_len);
+ if (!*rparam) {
+ return False;
+ }
SSVAL(*rparam,0,NERR_Success);
SSVAL(*rparam,2,0); /* converter word */
SSVAL(*rparam,4,*rdata_len);
@@ -2661,6 +2739,9 @@ static BOOL api_NetWkstaGetInfo(connection_struct *conn,uint16 vuid, char *param
*rparam_len = 6;
*rparam = SMB_REALLOC_LIMIT(*rparam,*rparam_len);
+ if (!*rparam) {
+ return False;
+ }
/* check it's a supported varient */
if (!(level==10 && strcsequal(str1,"WrLh") && strcsequal(str2,"zzzBBzz"))) {
@@ -2669,6 +2750,9 @@ static BOOL api_NetWkstaGetInfo(connection_struct *conn,uint16 vuid, char *param
*rdata_len = mdrcnt + 1024;
*rdata = SMB_REALLOC_LIMIT(*rdata,*rdata_len);
+ if (!*rdata) {
+ return False;
+ }
SSVAL(*rparam,0,NERR_Success);
SSVAL(*rparam,2,0); /* converter word */
@@ -2908,6 +2992,9 @@ static BOOL api_RNetUserGetInfo(connection_struct *conn,uint16 vuid, char *param
*rparam_len = 6;
*rparam = SMB_REALLOC_LIMIT(*rparam,*rparam_len);
+ if (!*rparam) {
+ return False;
+ }
DEBUG(4,("RNetUserGetInfo level=%d\n", uLevel));
@@ -2930,6 +3017,9 @@ static BOOL api_RNetUserGetInfo(connection_struct *conn,uint16 vuid, char *param
*rdata_len = mdrcnt + 1024;
*rdata = SMB_REALLOC_LIMIT(*rdata,*rdata_len);
+ if (!*rdata) {
+ return False;
+ }
SSVAL(*rparam,0,NERR_Success);
SSVAL(*rparam,2,0); /* converter word */
@@ -3082,6 +3172,9 @@ static BOOL api_WWkstaUserLogon(connection_struct *conn,uint16 vuid, char *param
}
if (mdrcnt > 0) {
*rdata = SMB_REALLOC_LIMIT(*rdata,mdrcnt);
+ if (!*rdata) {
+ return False;
+ }
}
desc.base = *rdata;
@@ -3121,6 +3214,9 @@ static BOOL api_WWkstaUserLogon(connection_struct *conn,uint16 vuid, char *param
*rdata_len = desc.usedlen;
*rparam_len = 6;
*rparam = SMB_REALLOC_LIMIT(*rparam,*rparam_len);
+ if (!*rparam) {
+ return False;
+ }
SSVALS(*rparam,0,desc.errcode);
SSVAL(*rparam,2,0);
SSVAL(*rparam,4,desc.neededlen);
@@ -3156,6 +3252,9 @@ static BOOL api_WAccessGetUserPerms(connection_struct *conn,uint16 vuid, char *p
*rparam_len = 6;
*rparam = SMB_REALLOC_LIMIT(*rparam,*rparam_len);
+ if (!*rparam) {
+ return False;
+ }
SSVALS(*rparam,0,0); /* errorcode */
SSVAL(*rparam,2,0); /* converter word */
SSVAL(*rparam,4,0x7f); /* permission flags */
@@ -3219,6 +3318,9 @@ static BOOL api_WPrintJobGetInfo(connection_struct *conn,uint16 vuid, char *para
if (mdrcnt > 0) {
*rdata = SMB_REALLOC_LIMIT(*rdata,mdrcnt);
+ if (!*rdata) {
+ return False;
+ }
desc.base = *rdata;
desc.buflen = mdrcnt;
} else {
@@ -3242,6 +3344,9 @@ static BOOL api_WPrintJobGetInfo(connection_struct *conn,uint16 vuid, char *para
*rparam_len = 6;
*rparam = SMB_REALLOC_LIMIT(*rparam,*rparam_len);
+ if (!*rparam) {
+ return False;
+ }
SSVALS(*rparam,0,desc.errcode);
SSVAL(*rparam,2,0);
SSVAL(*rparam,4,desc.neededlen);
@@ -3300,6 +3405,9 @@ static BOOL api_WPrintJobEnumerate(connection_struct *conn,uint16 vuid, char *pa
count = print_queue_status(snum,&queue,&status);
if (mdrcnt > 0) {
*rdata = SMB_REALLOC_LIMIT(*rdata,mdrcnt);
+ if (!*rdata) {
+ return False;
+ }
}
desc.base = *rdata;
desc.buflen = mdrcnt;
@@ -3318,6 +3426,9 @@ static BOOL api_WPrintJobEnumerate(connection_struct *conn,uint16 vuid, char *pa
*rparam_len = 8;
*rparam = SMB_REALLOC_LIMIT(*rparam,*rparam_len);
+ if (!*rparam) {
+ return False;
+ }
SSVALS(*rparam,0,desc.errcode);
SSVAL(*rparam,2,0);
SSVAL(*rparam,4,succnt);
@@ -3429,6 +3540,9 @@ static BOOL api_WPrintDestGetInfo(connection_struct *conn,uint16 vuid, char *par
} else {
if (mdrcnt > 0) {
*rdata = SMB_REALLOC_LIMIT(*rdata,mdrcnt);
+ if (!*rdata) {
+ return False;
+ }
desc.base = *rdata;
desc.buflen = mdrcnt;
} else {
@@ -3447,6 +3561,9 @@ static BOOL api_WPrintDestGetInfo(connection_struct *conn,uint16 vuid, char *par
*rparam_len = 6;
*rparam = SMB_REALLOC_LIMIT(*rparam,*rparam_len);
+ if (!*rparam) {
+ return False;
+ }
SSVALS(*rparam,0,desc.errcode);
SSVAL(*rparam,2,0);
SSVAL(*rparam,4,desc.neededlen);
@@ -3494,6 +3611,9 @@ static BOOL api_WPrintDestEnum(connection_struct *conn,uint16 vuid, char *param,
if (mdrcnt > 0) {
*rdata = SMB_REALLOC_LIMIT(*rdata,mdrcnt);
+ if (!*rdata) {
+ return False;
+ }
}
desc.base = *rdata;
@@ -3516,6 +3636,9 @@ static BOOL api_WPrintDestEnum(connection_struct *conn,uint16 vuid, char *param,
*rparam_len = 8;
*rparam = SMB_REALLOC_LIMIT(*rparam,*rparam_len);
+ if (!*rparam) {
+ return False;
+ }
SSVALS(*rparam,0,desc.errcode);
SSVAL(*rparam,2,0);
SSVAL(*rparam,4,succnt);
@@ -3554,6 +3677,9 @@ static BOOL api_WPrintDriverEnum(connection_struct *conn,uint16 vuid, char *para
if (mdrcnt > 0) {
*rdata = SMB_REALLOC_LIMIT(*rdata,mdrcnt);
+ if (!*rdata) {
+ return False;
+ }
}
desc.base = *rdata;
desc.buflen = mdrcnt;
@@ -3567,6 +3693,9 @@ static BOOL api_WPrintDriverEnum(connection_struct *conn,uint16 vuid, char *para
*rparam_len = 8;
*rparam = SMB_REALLOC_LIMIT(*rparam,*rparam_len);
+ if (!*rparam) {
+ return False;
+ }
SSVALS(*rparam,0,desc.errcode);
SSVAL(*rparam,2,0);
SSVAL(*rparam,4,succnt);
@@ -3605,6 +3734,9 @@ static BOOL api_WPrintQProcEnum(connection_struct *conn,uint16 vuid, char *param
if (mdrcnt > 0) {
*rdata = SMB_REALLOC_LIMIT(*rdata,mdrcnt);
+ if (!*rdata) {
+ return False;
+ }
}
desc.base = *rdata;
desc.buflen = mdrcnt;
@@ -3619,6 +3751,9 @@ static BOOL api_WPrintQProcEnum(connection_struct *conn,uint16 vuid, char *param
*rparam_len = 8;
*rparam = SMB_REALLOC_LIMIT(*rparam,*rparam_len);
+ if (!*rparam) {
+ return False;
+ }
SSVALS(*rparam,0,desc.errcode);
SSVAL(*rparam,2,0);
SSVAL(*rparam,4,succnt);
@@ -3657,6 +3792,9 @@ static BOOL api_WPrintPortEnum(connection_struct *conn,uint16 vuid, char *param,
if (mdrcnt > 0) {
*rdata = SMB_REALLOC_LIMIT(*rdata,mdrcnt);
+ if (!*rdata) {
+ return False;
+ }
}
memset((char *)&desc,'\0',sizeof(desc));
desc.base = *rdata;
@@ -3672,6 +3810,9 @@ static BOOL api_WPrintPortEnum(connection_struct *conn,uint16 vuid, char *param,
*rparam_len = 8;
*rparam = SMB_REALLOC_LIMIT(*rparam,*rparam_len);
+ if (!*rparam) {
+ return False;
+ }
SSVALS(*rparam,0,desc.errcode);
SSVAL(*rparam,2,0);
SSVAL(*rparam,4,succnt);
@@ -3720,6 +3861,9 @@ static BOOL api_RNetSessionEnum(connection_struct *conn,uint16 vuid, char *param
if (mdrcnt > 0) {
*rdata = SMB_REALLOC_LIMIT(*rdata,mdrcnt);
+ if (!*rdata) {
+ return False;
+ }
}
memset((char *)&desc,'\0',sizeof(desc));
desc.base = *rdata;
@@ -3745,6 +3889,9 @@ static BOOL api_RNetSessionEnum(connection_struct *conn,uint16 vuid, char *param
*rparam_len = 8;
*rparam = SMB_REALLOC_LIMIT(*rparam,*rparam_len);
+ if (!*rparam) {
+ return False;
+ }
SSVALS(*rparam,0,desc.errcode);
SSVAL(*rparam,2,0); /* converter */
SSVAL(*rparam,4,num_sessions); /* count */
@@ -3766,6 +3913,9 @@ static BOOL api_TooSmall(connection_struct *conn,uint16 vuid, char *param, char
{
*rparam_len = MIN(*rparam_len,mprcnt);
*rparam = SMB_REALLOC_LIMIT(*rparam,*rparam_len);
+ if (!*rparam) {
+ return False;
+ }
*rdata_len = 0;
@@ -3787,6 +3937,9 @@ static BOOL api_Unsupported(connection_struct *conn, uint16 vuid, char *param, c
{
*rparam_len = 4;
*rparam = SMB_REALLOC_LIMIT(*rparam,*rparam_len);
+ if (!*rparam) {
+ return False;
+ }
*rdata_len = 0;
@@ -3919,11 +4072,14 @@ int api_reply(connection_struct *conn,uint16 vuid,char *outbuf,char *data,char *
/* if we get False back then it's actually unsupported */
if (!reply) {
- api_Unsupported(conn,vuid,params,data,mdrcnt,mprcnt,
+ reply = api_Unsupported(conn,vuid,params,data,mdrcnt,mprcnt,
&rdata,&rparam,&rdata_len,&rparam_len);
}
- send_trans_reply(outbuf, rparam, rparam_len, rdata, rdata_len, False);
+ /* If api_Unsupported returns false we can't return anything. */
+ if (reply) {
+ send_trans_reply(outbuf, rparam, rparam_len, rdata, rdata_len, False);
+ }
SAFE_FREE(rdata);
SAFE_FREE(rparam);
diff --git a/source3/smbd/msdfs.c b/source3/smbd/msdfs.c
index 4f7858d985..955197a425 100644
--- a/source3/smbd/msdfs.c
+++ b/source3/smbd/msdfs.c
@@ -643,9 +643,8 @@ static int setup_ver2_dfs_referral(char *pathname, char **ppdata,
if(pdata == NULL) {
DEBUG(0,("malloc failed for Realloc!\n"));
return -1;
- } else {
- *ppdata = pdata;
}
+ *ppdata = pdata;
/* copy in the dfs requested paths.. required for offset calculations */
memcpy(pdata+uni_reqpathoffset1,uni_requestedpath,requestedpathlen);
@@ -729,9 +728,8 @@ static int setup_ver3_dfs_referral(char *pathname, char **ppdata,
if(pdata == NULL) {
DEBUG(0,("version3 referral setup: malloc failed for Realloc!\n"));
return -1;
- } else {
- *ppdata = pdata;
}
+ *ppdata = pdata;
/* create the header */
SSVAL(pdata,0,consumedcnt * 2); /* path consumed */
diff --git a/source3/smbd/nttrans.c b/source3/smbd/nttrans.c
index 417e3421cb..796eb44332 100644
--- a/source3/smbd/nttrans.c
+++ b/source3/smbd/nttrans.c
@@ -48,21 +48,16 @@ static const char *known_nt_pipes[] = {
static char *nttrans_realloc(char **ptr, size_t size)
{
- char *tptr = NULL;
if (ptr==NULL) {
smb_panic("nttrans_realloc() called with NULL ptr\n");
}
- tptr = SMB_REALLOC(*ptr, size);
- if(tptr == NULL) {
- *ptr = NULL;
+ *ptr = SMB_REALLOC(*ptr, size);
+ if(*ptr == NULL) {
return NULL;
}
- memset(tptr,'\0',size);
-
- *ptr = tptr;
-
- return tptr;
+ memset(*ptr,'\0',size);
+ return *ptr;
}
/****************************************************************************
diff --git a/source3/smbd/password.c b/source3/smbd/password.c
index 782a8c2b89..8b88990e2f 100644
--- a/source3/smbd/password.c
+++ b/source3/smbd/password.c
@@ -383,7 +383,7 @@ void add_session_user(const char *user)
"too large.\n"));
return;
}
- newlist = (char *)SMB_REALLOC(
+ newlist = (char *)SMB_REALLOC_KEEP_OLD_ON_ERROR(
session_userlist,
len_session_userlist + PSTRING_LEN );
if( newlist == NULL ) {
diff --git a/source3/smbd/session.c b/source3/smbd/session.c
index 27f760a088..41f8fd0ed4 100644
--- a/source3/smbd/session.c
+++ b/source3/smbd/session.c
@@ -224,6 +224,10 @@ static int gather_sessioninfo(TDB_CONTEXT *stdb, TDB_DATA kbuf, TDB_DATA dbuf,
sesslist->count += 1;
sesslist->sessions = SMB_REALLOC_ARRAY(sesslist->sessions, struct sessionid,
sesslist->count);
+ if (!sesslist->sessions) {
+ sesslist->count = 0;
+ return -1;
+ }
memcpy(&sesslist->sessions[sesslist->count - 1], current,
sizeof(struct sessionid));
diff --git a/source3/smbd/trans2.c b/source3/smbd/trans2.c
index 6da71039f0..9cd2d44de5 100644
--- a/source3/smbd/trans2.c
+++ b/source3/smbd/trans2.c
@@ -870,11 +870,11 @@ static int call_trans2open(connection_struct *conn, char *inbuf, char *outbuf, i
}
/* Realloc the size of parameters and data we will return */
- params = SMB_REALLOC(*pparams, 30);
- if( params == NULL ) {
+ *pparams = SMB_REALLOC(*pparams, 30);
+ if(*pparams == NULL ) {
return ERROR_NT(NT_STATUS_NO_MEMORY);
}
- *pparams = params;
+ params = *pparams;
SSVAL(params,0,fsp->fnum);
SSVAL(params,2,open_attr);
@@ -1711,21 +1711,20 @@ total_data=%u (should be %u)\n", (unsigned int)total_data, (unsigned int)IVAL(pd
}
}
- pdata = SMB_REALLOC(*ppdata, max_data_bytes + DIR_ENTRY_SAFETY_MARGIN);
- if( pdata == NULL ) {
+ *ppdata = SMB_REALLOC(*ppdata, max_data_bytes + DIR_ENTRY_SAFETY_MARGIN);
+ if(*ppdata == NULL ) {
talloc_destroy(ea_ctx);
return ERROR_NT(NT_STATUS_NO_MEMORY);
}
-
- *ppdata = pdata;
+ pdata = *ppdata;
/* Realloc the params space */
- params = SMB_REALLOC(*pparams, 10);
- if (params == NULL) {
+ *pparams = SMB_REALLOC(*pparams, 10);
+ if (*pparams == NULL) {
talloc_destroy(ea_ctx);
return ERROR_NT(NT_STATUS_NO_MEMORY);
}
- *pparams = params;
+ params = *pparams;
/* Save the wildcard match and attribs we are using on this directory -
needed as lanman2 assumes these are being saved between calls */
@@ -1962,22 +1961,22 @@ total_data=%u (should be %u)\n", (unsigned int)total_data, (unsigned int)IVAL(pd
}
}
- pdata = SMB_REALLOC( *ppdata, max_data_bytes + DIR_ENTRY_SAFETY_MARGIN);
- if(pdata == NULL) {
+ *ppdata = SMB_REALLOC( *ppdata, max_data_bytes + DIR_ENTRY_SAFETY_MARGIN);
+ if(*ppdata == NULL) {
talloc_destroy(ea_ctx);
return ERROR_NT(NT_STATUS_NO_MEMORY);
}
- *ppdata = pdata;
+ pdata = *ppdata;
/* Realloc the params space */
- params = SMB_REALLOC(*pparams, 6*SIZEOFWORD);
- if( params == NULL ) {
+ *pparams = SMB_REALLOC(*pparams, 6*SIZEOFWORD);
+ if(*pparams == NULL ) {
talloc_destroy(ea_ctx);
return ERROR_NT(NT_STATUS_NO_MEMORY);
}
- *pparams = params;
+ params = *pparams;
/* Check that the dptr is valid */
if(!(conn->dirptr = dptr_fetch_lanman2(dptr_num))) {
@@ -2134,12 +2133,12 @@ static int call_trans2qfsinfo(connection_struct *conn, char *inbuf, char *outbuf
return ERROR_DOS(ERRSRV,ERRinvdevice);
}
- pdata = SMB_REALLOC(*ppdata, max_data_bytes + DIR_ENTRY_SAFETY_MARGIN);
- if ( pdata == NULL ) {
+ *ppdata = SMB_REALLOC(*ppdata, max_data_bytes + DIR_ENTRY_SAFETY_MARGIN);
+ if (*ppdata == NULL ) {
return ERROR_NT(NT_STATUS_NO_MEMORY);
}
- *ppdata = pdata;
+ pdata = *ppdata;
memset((char *)pdata,'\0',max_data_bytes + DIR_ENTRY_SAFETY_MARGIN);
switch (info_level) {
@@ -2943,20 +2942,20 @@ total_data=%u (should be %u)\n", (unsigned int)total_data, (unsigned int)IVAL(pd
}
}
- params = SMB_REALLOC(*pparams,2);
- if (params == NULL) {
+ *pparams = SMB_REALLOC(*pparams,2);
+ if (*pparams == NULL) {
talloc_destroy(ea_ctx);
return ERROR_NT(NT_STATUS_NO_MEMORY);
}
- *pparams = params;
+ params = *pparams;
SSVAL(params,0,0);
data_size = max_data_bytes + DIR_ENTRY_SAFETY_MARGIN;
- pdata = SMB_REALLOC(*ppdata, data_size);
- if ( pdata == NULL ) {
+ *ppdata = SMB_REALLOC(*ppdata, data_size);
+ if (*ppdata == NULL ) {
talloc_destroy(ea_ctx);
return ERROR_NT(NT_STATUS_NO_MEMORY);
}
- *ppdata = pdata;
+ pdata = *ppdata;
c_time = get_create_time(&sbuf,lp_fake_dir_create_times(SNUM(conn)));
@@ -3683,11 +3682,11 @@ static int call_trans2setfilepathinfo(connection_struct *conn, char *inbuf, char
tran_call,fname, fsp ? fsp->fnum : -1, info_level,total_data));
/* Realloc the parameter size */
- params = SMB_REALLOC(*pparams,2);
- if(params == NULL) {
+ *pparams = SMB_REALLOC(*pparams,2);
+ if (*pparams == NULL) {
return ERROR_NT(NT_STATUS_NO_MEMORY);
}
- *pparams = params;
+ params = *pparams;
SSVAL(params,0,0);
@@ -4543,11 +4542,11 @@ static int call_trans2mkdir(connection_struct *conn, char *inbuf, char *outbuf,
}
/* Realloc the parameter and data sizes */
- params = SMB_REALLOC(*pparams,2);
- if(params == NULL) {
+ *pparams = SMB_REALLOC(*pparams,2);
+ if(*pparams == NULL) {
return ERROR_NT(NT_STATUS_NO_MEMORY);
}
- *pparams = params;
+ params = *pparams;
SSVAL(params,0,0);
@@ -4585,11 +4584,11 @@ static int call_trans2findnotifyfirst(connection_struct *conn, char *inbuf, char
}
/* Realloc the parameter and data sizes */
- params = SMB_REALLOC(*pparams,6);
- if(params == NULL) {
+ *pparams = SMB_REALLOC(*pparams,6);
+ if (*pparams == NULL) {
return ERROR_NT(NT_STATUS_NO_MEMORY);
}
- *pparams = params;
+ params = *pparams;
SSVAL(params,0,fnf_handle);
SSVAL(params,2,0); /* No changes */
@@ -4619,11 +4618,11 @@ static int call_trans2findnotifynext(connection_struct *conn, char *inbuf, char
DEBUG(3,("call_trans2findnotifynext\n"));
/* Realloc the parameter and data sizes */
- params = SMB_REALLOC(*pparams,4);
- if(params == NULL) {
+ *pparams = SMB_REALLOC(*pparams,4);
+ if (*pparams == NULL) {
return ERROR_NT(NT_STATUS_NO_MEMORY);
}
- *pparams = params;
+ params = *pparams;
SSVAL(params,0,0); /* No changes */
SSVAL(params,2,0); /* No EA errors */
@@ -4688,11 +4687,11 @@ static int call_trans2ioctl(connection_struct *conn, char* inbuf, char* outbuf,
if ((SVAL(inbuf,(smb_setup+4)) == LMCAT_SPL) &&
(SVAL(inbuf,(smb_setup+6)) == LMFUNC_GETJOBID)) {
- pdata = SMB_REALLOC(*ppdata, 32);
- if(pdata == NULL) {
+ *ppdata = SMB_REALLOC(*ppdata, 32);
+ if (*ppdata == NULL) {
return ERROR_NT(NT_STATUS_NO_MEMORY);
}
- *ppdata = pdata;
+ pdata = *ppdata;
/* NOTE - THIS IS ASCII ONLY AT THE MOMENT - NOT SURE IF OS/2
CAN ACCEPT THIS IN UNICODE. JRA. */
generated by cgit (git 2.34.1) at 2024-07-08 03:37:21 +0000