diff options
Diffstat (limited to 'source3/smbd')
-rw-r--r-- | source3/smbd/lanman.c | 176 | ||||
-rw-r--r-- | source3/smbd/msdfs.c | 6 | ||||
-rw-r--r-- | source3/smbd/nttrans.c | 13 | ||||
-rw-r--r-- | source3/smbd/password.c | 2 | ||||
-rw-r--r-- | source3/smbd/session.c | 4 | ||||
-rw-r--r-- | source3/smbd/trans2.c | 79 |
6 files changed, 216 insertions, 64 deletions
diff --git a/source3/smbd/lanman.c b/source3/smbd/lanman.c index ca6cc57cc3..a78681bad8 100644 --- a/source3/smbd/lanman.c +++ b/source3/smbd/lanman.c @@ -798,6 +798,9 @@ static BOOL api_DosPrintQGetInfo(connection_struct *conn, *rdata_len = 0; *rparam_len = 6; *rparam = SMB_REALLOC_LIMIT(*rparam,*rparam_len); + if (!*rparam) { + return False; + } SSVALS(*rparam,0,ERRunknownlevel); SSVAL(*rparam,2,0); SSVAL(*rparam,4,0); @@ -817,6 +820,9 @@ static BOOL api_DosPrintQGetInfo(connection_struct *conn, if (mdrcnt > 0) { *rdata = SMB_REALLOC_LIMIT(*rdata,mdrcnt); + if (!*rdata) { + return False; + } desc.base = *rdata; desc.buflen = mdrcnt; } else { @@ -846,6 +852,9 @@ static BOOL api_DosPrintQGetInfo(connection_struct *conn, *rdata_len = desc.usedlen; *rparam_len = 6; *rparam = SMB_REALLOC_LIMIT(*rparam,*rparam_len); + if (!*rparam) { + return False; + } SSVALS(*rparam,0,desc.errcode); SSVAL(*rparam,2,0); SSVAL(*rparam,4,desc.neededlen); @@ -896,6 +905,9 @@ static BOOL api_DosPrintQEnum(connection_struct *conn, uint16 vuid, char* param, *rdata_len = 0; *rparam_len = 6; *rparam = SMB_REALLOC_LIMIT(*rparam,*rparam_len); + if (!*rparam) { + return False; + } SSVALS(*rparam,0,ERRunknownlevel); SSVAL(*rparam,2,0); SSVAL(*rparam,4,0); @@ -1066,15 +1078,11 @@ static int get_server_info(uint32 servertype, } if (count == alloced) { - struct srv_info_struct *ts; - alloced += 10; - ts = SMB_REALLOC_ARRAY(*servers,struct srv_info_struct, alloced); - if (!ts) { + *servers = SMB_REALLOC_ARRAY(*servers,struct srv_info_struct, alloced); + if (!*servers) { DEBUG(0,("get_server_info: failed to enlarge servers info struct!\n")); return 0; - } else { - *servers = ts; } memset((char *)((*servers)+count),'\0',sizeof(**servers)*(alloced-count)); } @@ -1332,6 +1340,9 @@ static BOOL api_RNetServerEnum(connection_struct *conn, uint16 vuid, char *param *rdata_len = fixed_len + string_len; *rdata = SMB_REALLOC_LIMIT(*rdata,*rdata_len); + if (!*rdata) { + return False; + } memset(*rdata,'\0',*rdata_len); p2 = (*rdata) + fixed_len; /* auxilliary data (strings) will go here */ @@ -1359,6 +1370,9 @@ static BOOL api_RNetServerEnum(connection_struct *conn, uint16 vuid, char *param *rparam_len = 8; *rparam = SMB_REALLOC_LIMIT(*rparam,*rparam_len); + if (!*rparam) { + return False; + } SSVAL(*rparam,0,(missed == 0 ? NERR_Success : ERRmoredata)); SSVAL(*rparam,2,0); SSVAL(*rparam,4,counted); @@ -1399,6 +1413,9 @@ static BOOL api_RNetGroupGetUsers(connection_struct *conn, uint16 vuid, char *pa *rparam_len = 8; *rparam = SMB_REALLOC_LIMIT(*rparam,*rparam_len); + if (!*rparam) { + return False; + } SSVAL(*rparam,0,0x08AC); /* informational warning message */ SSVAL(*rparam,2,0); @@ -1581,6 +1598,9 @@ static BOOL api_RNetShareGetInfo(connection_struct *conn,uint16 vuid, char *para } *rdata = SMB_REALLOC_LIMIT(*rdata,mdrcnt); + if (!*rdata) { + return False; + } p = *rdata; *rdata_len = fill_share_info(conn,snum,uLevel,&p,&mdrcnt,0,0,0); if (*rdata_len < 0) { @@ -1589,6 +1609,9 @@ static BOOL api_RNetShareGetInfo(connection_struct *conn,uint16 vuid, char *para *rparam_len = 6; *rparam = SMB_REALLOC_LIMIT(*rparam,*rparam_len); + if (!*rparam) { + return False; + } SSVAL(*rparam,0,NERR_Success); SSVAL(*rparam,2,0); /* converter word */ SSVAL(*rparam,4,*rdata_len); @@ -1665,6 +1688,9 @@ static BOOL api_RNetShareEnum( connection_struct *conn, *rdata_len = fixed_len + string_len; *rdata = SMB_REALLOC_LIMIT(*rdata,*rdata_len); + if (!*rdata) { + return False; + } memset(*rdata,0,*rdata_len); p2 = (*rdata) + fixed_len; /* auxiliary data (strings) will go here */ @@ -1688,6 +1714,9 @@ static BOOL api_RNetShareEnum( connection_struct *conn, *rparam_len = 8; *rparam = SMB_REALLOC_LIMIT(*rparam,*rparam_len); + if (!*rparam) { + return False; + } SSVAL(*rparam,0,missed ? ERRmoredata : NERR_Success); SSVAL(*rparam,2,0); SSVAL(*rparam,4,counted); @@ -1792,6 +1821,9 @@ static BOOL api_RNetShareAdd(connection_struct *conn,uint16 vuid, char *param,ch *rparam_len = 6; *rparam = SMB_REALLOC_LIMIT(*rparam,*rparam_len); + if (!*rparam) { + return False; + } SSVAL(*rparam,0,NERR_Success); SSVAL(*rparam,2,0); /* converter word */ SSVAL(*rparam,4,*rdata_len); @@ -1803,6 +1835,9 @@ static BOOL api_RNetShareAdd(connection_struct *conn,uint16 vuid, char *param,ch *rparam_len = 4; *rparam = SMB_REALLOC_LIMIT(*rparam,*rparam_len); + if (!*rparam) { + return False; + } *rdata_len = 0; SSVAL(*rparam,0,res); SSVAL(*rparam,2,0); @@ -1868,6 +1903,9 @@ static BOOL api_RNetGroupEnum(connection_struct *conn,uint16 vuid, char *param,c *rdata_len = cli_buf_size; *rdata = SMB_REALLOC_LIMIT(*rdata,*rdata_len); + if (!*rdata) { + return False; + } p = *rdata; @@ -1895,7 +1933,9 @@ static BOOL api_RNetGroupEnum(connection_struct *conn,uint16 vuid, char *param,c *rparam_len = 8; *rparam = SMB_REALLOC_LIMIT(*rparam,*rparam_len); - + if (!*rparam) { + return False; + } SSVAL(*rparam, 0, errflags); SSVAL(*rparam, 2, 0); /* converter word */ SSVAL(*rparam, 4, i); /* is this right?? */ @@ -1933,6 +1973,9 @@ static BOOL api_NetUserGetGroups(connection_struct *conn,uint16 vuid, char *para *rparam_len = 8; *rparam = SMB_REALLOC_LIMIT(*rparam,*rparam_len); + if (!*rparam) { + return False; + } /* check it's a supported varient */ @@ -1952,7 +1995,9 @@ static BOOL api_NetUserGetGroups(connection_struct *conn,uint16 vuid, char *para *rdata_len = mdrcnt + 1024; *rdata = SMB_REALLOC_LIMIT(*rdata,*rdata_len); - + if (!*rdata) { + return False; + } SSVAL(*rparam,0,NERR_Success); SSVAL(*rparam,2,0); /* converter word */ @@ -2068,6 +2113,9 @@ static BOOL api_RNetUserEnum(connection_struct *conn,uint16 vuid, char *param,ch *rparam_len = 8; *rparam = SMB_REALLOC_LIMIT(*rparam,*rparam_len); + if (!*rparam) { + return False; + } /* check it's a supported varient */ if (strcmp("B21",str2) != 0) @@ -2075,6 +2123,9 @@ static BOOL api_RNetUserEnum(connection_struct *conn,uint16 vuid, char *param,ch *rdata_len = cli_buf_size; *rdata = SMB_REALLOC_LIMIT(*rdata,*rdata_len); + if (!*rdata) { + return False; + } p = *rdata; @@ -2138,9 +2189,15 @@ static BOOL api_NetRemoteTOD(connection_struct *conn,uint16 vuid, char *param,ch *rparam_len = 4; *rparam = SMB_REALLOC_LIMIT(*rparam,*rparam_len); + if (!*rparam) { + return False; + } *rdata_len = 21; *rdata = SMB_REALLOC_LIMIT(*rdata,*rdata_len); + if (!*rdata) { + return False; + } SSVAL(*rparam,0,NERR_Success); SSVAL(*rparam,2,0); /* converter word */ @@ -2194,6 +2251,9 @@ static BOOL api_SetUserPassword(connection_struct *conn,uint16 vuid, char *param *rparam_len = 4; *rparam = SMB_REALLOC_LIMIT(*rparam,*rparam_len); + if (!*rparam) { + return False; + } *rdata_len = 0; @@ -2266,6 +2326,9 @@ static BOOL api_SamOEMChangePassword(connection_struct *conn,uint16 vuid, char * char *p = param + 2; *rparam_len = 2; *rparam = SMB_REALLOC_LIMIT(*rparam,*rparam_len); + if (!*rparam) { + return False; + } *rdata_len = 0; @@ -2333,6 +2396,9 @@ static BOOL api_RDosPrintJobDel(connection_struct *conn,uint16 vuid, char *param *rparam_len = 4; *rparam = SMB_REALLOC_LIMIT(*rparam,*rparam_len); + if (!*rparam) { + return False; + } *rdata_len = 0; if (!print_job_exists(sharename, jobid)) { @@ -2396,6 +2462,9 @@ static BOOL api_WPrintQueueCtrl(connection_struct *conn,uint16 vuid, char *param *rparam_len = 4; *rparam = SMB_REALLOC_LIMIT(*rparam,*rparam_len); + if (!*rparam) { + return False; + } *rdata_len = 0; snum = print_queue_snum(QueueName); @@ -2470,6 +2539,9 @@ static BOOL api_PrintJobInfo(connection_struct *conn,uint16 vuid,char *param,cha return False; *rparam_len = 4; *rparam = SMB_REALLOC_LIMIT(*rparam,*rparam_len); + if (!*rparam) { + return False; + } if ( (snum = lp_servicenumber(sharename)) == -1 ) { DEBUG(0,("api_PrintJobInfo: unable to get service number from sharename [%s]\n", @@ -2586,6 +2658,9 @@ static BOOL api_RNetServerGetInfo(connection_struct *conn,uint16 vuid, char *par *rdata_len = mdrcnt; *rdata = SMB_REALLOC_LIMIT(*rdata,*rdata_len); + if (!*rdata) { + return False; + } p = *rdata; p2 = p + struct_len; @@ -2635,6 +2710,9 @@ static BOOL api_RNetServerGetInfo(connection_struct *conn,uint16 vuid, char *par *rparam_len = 6; *rparam = SMB_REALLOC_LIMIT(*rparam,*rparam_len); + if (!*rparam) { + return False; + } SSVAL(*rparam,0,NERR_Success); SSVAL(*rparam,2,0); /* converter word */ SSVAL(*rparam,4,*rdata_len); @@ -2661,6 +2739,9 @@ static BOOL api_NetWkstaGetInfo(connection_struct *conn,uint16 vuid, char *param *rparam_len = 6; *rparam = SMB_REALLOC_LIMIT(*rparam,*rparam_len); + if (!*rparam) { + return False; + } /* check it's a supported varient */ if (!(level==10 && strcsequal(str1,"WrLh") && strcsequal(str2,"zzzBBzz"))) { @@ -2669,6 +2750,9 @@ static BOOL api_NetWkstaGetInfo(connection_struct *conn,uint16 vuid, char *param *rdata_len = mdrcnt + 1024; *rdata = SMB_REALLOC_LIMIT(*rdata,*rdata_len); + if (!*rdata) { + return False; + } SSVAL(*rparam,0,NERR_Success); SSVAL(*rparam,2,0); /* converter word */ @@ -2908,6 +2992,9 @@ static BOOL api_RNetUserGetInfo(connection_struct *conn,uint16 vuid, char *param *rparam_len = 6; *rparam = SMB_REALLOC_LIMIT(*rparam,*rparam_len); + if (!*rparam) { + return False; + } DEBUG(4,("RNetUserGetInfo level=%d\n", uLevel)); @@ -2930,6 +3017,9 @@ static BOOL api_RNetUserGetInfo(connection_struct *conn,uint16 vuid, char *param *rdata_len = mdrcnt + 1024; *rdata = SMB_REALLOC_LIMIT(*rdata,*rdata_len); + if (!*rdata) { + return False; + } SSVAL(*rparam,0,NERR_Success); SSVAL(*rparam,2,0); /* converter word */ @@ -3082,6 +3172,9 @@ static BOOL api_WWkstaUserLogon(connection_struct *conn,uint16 vuid, char *param } if (mdrcnt > 0) { *rdata = SMB_REALLOC_LIMIT(*rdata,mdrcnt); + if (!*rdata) { + return False; + } } desc.base = *rdata; @@ -3121,6 +3214,9 @@ static BOOL api_WWkstaUserLogon(connection_struct *conn,uint16 vuid, char *param *rdata_len = desc.usedlen; *rparam_len = 6; *rparam = SMB_REALLOC_LIMIT(*rparam,*rparam_len); + if (!*rparam) { + return False; + } SSVALS(*rparam,0,desc.errcode); SSVAL(*rparam,2,0); SSVAL(*rparam,4,desc.neededlen); @@ -3156,6 +3252,9 @@ static BOOL api_WAccessGetUserPerms(connection_struct *conn,uint16 vuid, char *p *rparam_len = 6; *rparam = SMB_REALLOC_LIMIT(*rparam,*rparam_len); + if (!*rparam) { + return False; + } SSVALS(*rparam,0,0); /* errorcode */ SSVAL(*rparam,2,0); /* converter word */ SSVAL(*rparam,4,0x7f); /* permission flags */ @@ -3219,6 +3318,9 @@ static BOOL api_WPrintJobGetInfo(connection_struct *conn,uint16 vuid, char *para if (mdrcnt > 0) { *rdata = SMB_REALLOC_LIMIT(*rdata,mdrcnt); + if (!*rdata) { + return False; + } desc.base = *rdata; desc.buflen = mdrcnt; } else { @@ -3242,6 +3344,9 @@ static BOOL api_WPrintJobGetInfo(connection_struct *conn,uint16 vuid, char *para *rparam_len = 6; *rparam = SMB_REALLOC_LIMIT(*rparam,*rparam_len); + if (!*rparam) { + return False; + } SSVALS(*rparam,0,desc.errcode); SSVAL(*rparam,2,0); SSVAL(*rparam,4,desc.neededlen); @@ -3300,6 +3405,9 @@ static BOOL api_WPrintJobEnumerate(connection_struct *conn,uint16 vuid, char *pa count = print_queue_status(snum,&queue,&status); if (mdrcnt > 0) { *rdata = SMB_REALLOC_LIMIT(*rdata,mdrcnt); + if (!*rdata) { + return False; + } } desc.base = *rdata; desc.buflen = mdrcnt; @@ -3318,6 +3426,9 @@ static BOOL api_WPrintJobEnumerate(connection_struct *conn,uint16 vuid, char *pa *rparam_len = 8; *rparam = SMB_REALLOC_LIMIT(*rparam,*rparam_len); + if (!*rparam) { + return False; + } SSVALS(*rparam,0,desc.errcode); SSVAL(*rparam,2,0); SSVAL(*rparam,4,succnt); @@ -3429,6 +3540,9 @@ static BOOL api_WPrintDestGetInfo(connection_struct *conn,uint16 vuid, char *par } else { if (mdrcnt > 0) { *rdata = SMB_REALLOC_LIMIT(*rdata,mdrcnt); + if (!*rdata) { + return False; + } desc.base = *rdata; desc.buflen = mdrcnt; } else { @@ -3447,6 +3561,9 @@ static BOOL api_WPrintDestGetInfo(connection_struct *conn,uint16 vuid, char *par *rparam_len = 6; *rparam = SMB_REALLOC_LIMIT(*rparam,*rparam_len); + if (!*rparam) { + return False; + } SSVALS(*rparam,0,desc.errcode); SSVAL(*rparam,2,0); SSVAL(*rparam,4,desc.neededlen); @@ -3494,6 +3611,9 @@ static BOOL api_WPrintDestEnum(connection_struct *conn,uint16 vuid, char *param, if (mdrcnt > 0) { *rdata = SMB_REALLOC_LIMIT(*rdata,mdrcnt); + if (!*rdata) { + return False; + } } desc.base = *rdata; @@ -3516,6 +3636,9 @@ static BOOL api_WPrintDestEnum(connection_struct *conn,uint16 vuid, char *param, *rparam_len = 8; *rparam = SMB_REALLOC_LIMIT(*rparam,*rparam_len); + if (!*rparam) { + return False; + } SSVALS(*rparam,0,desc.errcode); SSVAL(*rparam,2,0); SSVAL(*rparam,4,succnt); @@ -3554,6 +3677,9 @@ static BOOL api_WPrintDriverEnum(connection_struct *conn,uint16 vuid, char *para if (mdrcnt > 0) { *rdata = SMB_REALLOC_LIMIT(*rdata,mdrcnt); + if (!*rdata) { + return False; + } } desc.base = *rdata; desc.buflen = mdrcnt; @@ -3567,6 +3693,9 @@ static BOOL api_WPrintDriverEnum(connection_struct *conn,uint16 vuid, char *para *rparam_len = 8; *rparam = SMB_REALLOC_LIMIT(*rparam,*rparam_len); + if (!*rparam) { + return False; + } SSVALS(*rparam,0,desc.errcode); SSVAL(*rparam,2,0); SSVAL(*rparam,4,succnt); @@ -3605,6 +3734,9 @@ static BOOL api_WPrintQProcEnum(connection_struct *conn,uint16 vuid, char *param if (mdrcnt > 0) { *rdata = SMB_REALLOC_LIMIT(*rdata,mdrcnt); + if (!*rdata) { + return False; + } } desc.base = *rdata; desc.buflen = mdrcnt; @@ -3619,6 +3751,9 @@ static BOOL api_WPrintQProcEnum(connection_struct *conn,uint16 vuid, char *param *rparam_len = 8; *rparam = SMB_REALLOC_LIMIT(*rparam,*rparam_len); + if (!*rparam) { + return False; + } SSVALS(*rparam,0,desc.errcode); SSVAL(*rparam,2,0); SSVAL(*rparam,4,succnt); @@ -3657,6 +3792,9 @@ static BOOL api_WPrintPortEnum(connection_struct *conn,uint16 vuid, char *param, if (mdrcnt > 0) { *rdata = SMB_REALLOC_LIMIT(*rdata,mdrcnt); + if (!*rdata) { + return False; + } } memset((char *)&desc,'\0',sizeof(desc)); desc.base = *rdata; @@ -3672,6 +3810,9 @@ static BOOL api_WPrintPortEnum(connection_struct *conn,uint16 vuid, char *param, *rparam_len = 8; *rparam = SMB_REALLOC_LIMIT(*rparam,*rparam_len); + if (!*rparam) { + return False; + } SSVALS(*rparam,0,desc.errcode); SSVAL(*rparam,2,0); SSVAL(*rparam,4,succnt); @@ -3720,6 +3861,9 @@ static BOOL api_RNetSessionEnum(connection_struct *conn,uint16 vuid, char *param if (mdrcnt > 0) { *rdata = SMB_REALLOC_LIMIT(*rdata,mdrcnt); + if (!*rdata) { + return False; + } } memset((char *)&desc,'\0',sizeof(desc)); desc.base = *rdata; @@ -3745,6 +3889,9 @@ static BOOL api_RNetSessionEnum(connection_struct *conn,uint16 vuid, char *param *rparam_len = 8; *rparam = SMB_REALLOC_LIMIT(*rparam,*rparam_len); + if (!*rparam) { + return False; + } SSVALS(*rparam,0,desc.errcode); SSVAL(*rparam,2,0); /* converter */ SSVAL(*rparam,4,num_sessions); /* count */ @@ -3766,6 +3913,9 @@ static BOOL api_TooSmall(connection_struct *conn,uint16 vuid, char *param, char { *rparam_len = MIN(*rparam_len,mprcnt); *rparam = SMB_REALLOC_LIMIT(*rparam,*rparam_len); + if (!*rparam) { + return False; + } *rdata_len = 0; @@ -3787,6 +3937,9 @@ static BOOL api_Unsupported(connection_struct *conn, uint16 vuid, char *param, c { *rparam_len = 4; *rparam = SMB_REALLOC_LIMIT(*rparam,*rparam_len); + if (!*rparam) { + return False; + } *rdata_len = 0; @@ -3919,11 +4072,14 @@ int api_reply(connection_struct *conn,uint16 vuid,char *outbuf,char *data,char * /* if we get False back then it's actually unsupported */ if (!reply) { - api_Unsupported(conn,vuid,params,data,mdrcnt,mprcnt, + reply = api_Unsupported(conn,vuid,params,data,mdrcnt,mprcnt, &rdata,&rparam,&rdata_len,&rparam_len); } - send_trans_reply(outbuf, rparam, rparam_len, rdata, rdata_len, False); + /* If api_Unsupported returns false we can't return anything. */ + if (reply) { + send_trans_reply(outbuf, rparam, rparam_len, rdata, rdata_len, False); + } SAFE_FREE(rdata); SAFE_FREE(rparam); diff --git a/source3/smbd/msdfs.c b/source3/smbd/msdfs.c index 4f7858d985..955197a425 100644 --- a/source3/smbd/msdfs.c +++ b/source3/smbd/msdfs.c @@ -643,9 +643,8 @@ static int setup_ver2_dfs_referral(char *pathname, char **ppdata, if(pdata == NULL) { DEBUG(0,("malloc failed for Realloc!\n")); return -1; - } else { - *ppdata = pdata; } + *ppdata = pdata; /* copy in the dfs requested paths.. required for offset calculations */ memcpy(pdata+uni_reqpathoffset1,uni_requestedpath,requestedpathlen); @@ -729,9 +728,8 @@ static int setup_ver3_dfs_referral(char *pathname, char **ppdata, if(pdata == NULL) { DEBUG(0,("version3 referral setup: malloc failed for Realloc!\n")); return -1; - } else { - *ppdata = pdata; } + *ppdata = pdata; /* create the header */ SSVAL(pdata,0,consumedcnt * 2); /* path consumed */ diff --git a/source3/smbd/nttrans.c b/source3/smbd/nttrans.c index 417e3421cb..796eb44332 100644 --- a/source3/smbd/nttrans.c +++ b/source3/smbd/nttrans.c @@ -48,21 +48,16 @@ static const char *known_nt_pipes[] = { static char *nttrans_realloc(char **ptr, size_t size) { - char *tptr = NULL; if (ptr==NULL) { smb_panic("nttrans_realloc() called with NULL ptr\n"); } - tptr = SMB_REALLOC(*ptr, size); - if(tptr == NULL) { - *ptr = NULL; + *ptr = SMB_REALLOC(*ptr, size); + if(*ptr == NULL) { return NULL; } - memset(tptr,'\0',size); - - *ptr = tptr; - - return tptr; + memset(*ptr,'\0',size); + return *ptr; } /**************************************************************************** diff --git a/source3/smbd/password.c b/source3/smbd/password.c index 782a8c2b89..8b88990e2f 100644 --- a/source3/smbd/password.c +++ b/source3/smbd/password.c @@ -383,7 +383,7 @@ void add_session_user(const char *user) "too large.\n")); return; } - newlist = (char *)SMB_REALLOC( + newlist = (char *)SMB_REALLOC_KEEP_OLD_ON_ERROR( session_userlist, len_session_userlist + PSTRING_LEN ); if( newlist == NULL ) { diff --git a/source3/smbd/session.c b/source3/smbd/session.c index 27f760a088..41f8fd0ed4 100644 --- a/source3/smbd/session.c +++ b/source3/smbd/session.c @@ -224,6 +224,10 @@ static int gather_sessioninfo(TDB_CONTEXT *stdb, TDB_DATA kbuf, TDB_DATA dbuf, sesslist->count += 1; sesslist->sessions = SMB_REALLOC_ARRAY(sesslist->sessions, struct sessionid, sesslist->count); + if (!sesslist->sessions) { + sesslist->count = 0; + return -1; + } memcpy(&sesslist->sessions[sesslist->count - 1], current, sizeof(struct sessionid)); diff --git a/source3/smbd/trans2.c b/source3/smbd/trans2.c index 6da71039f0..9cd2d44de5 100644 --- a/source3/smbd/trans2.c +++ b/source3/smbd/trans2.c @@ -870,11 +870,11 @@ static int call_trans2open(connection_struct *conn, char *inbuf, char *outbuf, i } /* Realloc the size of parameters and data we will return */ - params = SMB_REALLOC(*pparams, 30); - if( params == NULL ) { + *pparams = SMB_REALLOC(*pparams, 30); + if(*pparams == NULL ) { return ERROR_NT(NT_STATUS_NO_MEMORY); } - *pparams = params; + params = *pparams; SSVAL(params,0,fsp->fnum); SSVAL(params,2,open_attr); @@ -1711,21 +1711,20 @@ total_data=%u (should be %u)\n", (unsigned int)total_data, (unsigned int)IVAL(pd } } - pdata = SMB_REALLOC(*ppdata, max_data_bytes + DIR_ENTRY_SAFETY_MARGIN); - if( pdata == NULL ) { + *ppdata = SMB_REALLOC(*ppdata, max_data_bytes + DIR_ENTRY_SAFETY_MARGIN); + if(*ppdata == NULL ) { talloc_destroy(ea_ctx); return ERROR_NT(NT_STATUS_NO_MEMORY); } - - *ppdata = pdata; + pdata = *ppdata; /* Realloc the params space */ - params = SMB_REALLOC(*pparams, 10); - if (params == NULL) { + *pparams = SMB_REALLOC(*pparams, 10); + if (*pparams == NULL) { talloc_destroy(ea_ctx); return ERROR_NT(NT_STATUS_NO_MEMORY); } - *pparams = params; + params = *pparams; /* Save the wildcard match and attribs we are using on this directory - needed as lanman2 assumes these are being saved between calls */ @@ -1962,22 +1961,22 @@ total_data=%u (should be %u)\n", (unsigned int)total_data, (unsigned int)IVAL(pd } } - pdata = SMB_REALLOC( *ppdata, max_data_bytes + DIR_ENTRY_SAFETY_MARGIN); - if(pdata == NULL) { + *ppdata = SMB_REALLOC( *ppdata, max_data_bytes + DIR_ENTRY_SAFETY_MARGIN); + if(*ppdata == NULL) { talloc_destroy(ea_ctx); return ERROR_NT(NT_STATUS_NO_MEMORY); } - *ppdata = pdata; + pdata = *ppdata; /* Realloc the params space */ - params = SMB_REALLOC(*pparams, 6*SIZEOFWORD); - if( params == NULL ) { + *pparams = SMB_REALLOC(*pparams, 6*SIZEOFWORD); + if(*pparams == NULL ) { talloc_destroy(ea_ctx); return ERROR_NT(NT_STATUS_NO_MEMORY); } - *pparams = params; + params = *pparams; /* Check that the dptr is valid */ if(!(conn->dirptr = dptr_fetch_lanman2(dptr_num))) { @@ -2134,12 +2133,12 @@ static int call_trans2qfsinfo(connection_struct *conn, char *inbuf, char *outbuf return ERROR_DOS(ERRSRV,ERRinvdevice); } - pdata = SMB_REALLOC(*ppdata, max_data_bytes + DIR_ENTRY_SAFETY_MARGIN); - if ( pdata == NULL ) { + *ppdata = SMB_REALLOC(*ppdata, max_data_bytes + DIR_ENTRY_SAFETY_MARGIN); + if (*ppdata == NULL ) { return ERROR_NT(NT_STATUS_NO_MEMORY); } - *ppdata = pdata; + pdata = *ppdata; memset((char *)pdata,'\0',max_data_bytes + DIR_ENTRY_SAFETY_MARGIN); switch (info_level) { @@ -2943,20 +2942,20 @@ total_data=%u (should be %u)\n", (unsigned int)total_data, (unsigned int)IVAL(pd } } - params = SMB_REALLOC(*pparams,2); - if (params == NULL) { + *pparams = SMB_REALLOC(*pparams,2); + if (*pparams == NULL) { talloc_destroy(ea_ctx); return ERROR_NT(NT_STATUS_NO_MEMORY); } - *pparams = params; + params = *pparams; SSVAL(params,0,0); data_size = max_data_bytes + DIR_ENTRY_SAFETY_MARGIN; - pdata = SMB_REALLOC(*ppdata, data_size); - if ( pdata == NULL ) { + *ppdata = SMB_REALLOC(*ppdata, data_size); + if (*ppdata == NULL ) { talloc_destroy(ea_ctx); return ERROR_NT(NT_STATUS_NO_MEMORY); } - *ppdata = pdata; + pdata = *ppdata; c_time = get_create_time(&sbuf,lp_fake_dir_create_times(SNUM(conn))); @@ -3683,11 +3682,11 @@ static int call_trans2setfilepathinfo(connection_struct *conn, char *inbuf, char tran_call,fname, fsp ? fsp->fnum : -1, info_level,total_data)); /* Realloc the parameter size */ - params = SMB_REALLOC(*pparams,2); - if(params == NULL) { + *pparams = SMB_REALLOC(*pparams,2); + if (*pparams == NULL) { return ERROR_NT(NT_STATUS_NO_MEMORY); } - *pparams = params; + params = *pparams; SSVAL(params,0,0); @@ -4543,11 +4542,11 @@ static int call_trans2mkdir(connection_struct *conn, char *inbuf, char *outbuf, } /* Realloc the parameter and data sizes */ - params = SMB_REALLOC(*pparams,2); - if(params == NULL) { + *pparams = SMB_REALLOC(*pparams,2); + if(*pparams == NULL) { return ERROR_NT(NT_STATUS_NO_MEMORY); } - *pparams = params; + params = *pparams; SSVAL(params,0,0); @@ -4585,11 +4584,11 @@ static int call_trans2findnotifyfirst(connection_struct *conn, char *inbuf, char } /* Realloc the parameter and data sizes */ - params = SMB_REALLOC(*pparams,6); - if(params == NULL) { + *pparams = SMB_REALLOC(*pparams,6); + if (*pparams == NULL) { return ERROR_NT(NT_STATUS_NO_MEMORY); } - *pparams = params; + params = *pparams; SSVAL(params,0,fnf_handle); SSVAL(params,2,0); /* No changes */ @@ -4619,11 +4618,11 @@ static int call_trans2findnotifynext(connection_struct *conn, char *inbuf, char DEBUG(3,("call_trans2findnotifynext\n")); /* Realloc the parameter and data sizes */ - params = SMB_REALLOC(*pparams,4); - if(params == NULL) { + *pparams = SMB_REALLOC(*pparams,4); + if (*pparams == NULL) { return ERROR_NT(NT_STATUS_NO_MEMORY); } - *pparams = params; + params = *pparams; SSVAL(params,0,0); /* No changes */ SSVAL(params,2,0); /* No EA errors */ @@ -4688,11 +4687,11 @@ static int call_trans2ioctl(connection_struct *conn, char* inbuf, char* outbuf, if ((SVAL(inbuf,(smb_setup+4)) == LMCAT_SPL) && (SVAL(inbuf,(smb_setup+6)) == LMFUNC_GETJOBID)) { - pdata = SMB_REALLOC(*ppdata, 32); - if(pdata == NULL) { + *ppdata = SMB_REALLOC(*ppdata, 32); + if (*ppdata == NULL) { return ERROR_NT(NT_STATUS_NO_MEMORY); } - *ppdata = pdata; + pdata = *ppdata; /* NOTE - THIS IS ASCII ONLY AT THE MOMENT - NOT SURE IF OS/2 CAN ACCEPT THIS IN UNICODE. JRA. */ |