diff options
Diffstat (limited to 'source3')
-rw-r--r-- | source3/lib/dprintf.c | 8 | ||||
-rw-r--r-- | source3/lib/util.c | 1 | ||||
-rw-r--r-- | source3/lib/util_tdb.c | 1 | ||||
-rw-r--r-- | source3/lib/xfile.c | 8 | ||||
-rw-r--r-- | source3/libsmb/ntlmssp_parse.c | 23 | ||||
-rw-r--r-- | source3/printing/print_generic.c | 4 |
6 files changed, 39 insertions, 6 deletions
diff --git a/source3/lib/dprintf.c b/source3/lib/dprintf.c index 18b261623e..a3bb5be43a 100644 --- a/source3/lib/dprintf.c +++ b/source3/lib/dprintf.c @@ -47,7 +47,10 @@ lang_msg_free(msgstr); - if (ret <= 0) return ret; + if (ret <= 0) { + va_end(ap2); + return ret; + } /* now we have the string in unix format, convert it to the display charset, but beware of it growing */ @@ -56,6 +59,7 @@ again: p2 = (char *)SMB_MALLOC(maxlen); if (!p2) { SAFE_FREE(p); + va_end(ap2); return -1; } clen = convert_string(CH_UNIX, CH_DISPLAY, p, ret, p2, maxlen, True); @@ -72,6 +76,8 @@ again: ret = fwrite(p2, 1, clen, f); SAFE_FREE(p2); + va_end(ap2); + return ret; } diff --git a/source3/lib/util.c b/source3/lib/util.c index e5ac3752f5..dba7142bad 100644 --- a/source3/lib/util.c +++ b/source3/lib/util.c @@ -2431,6 +2431,7 @@ char *smb_xstrndup(const char *s, size_t n) if (n == -1 || ! *ptr) { smb_panic("smb_xvasprintf: out of memory"); } + va_end(ap2); return n; } diff --git a/source3/lib/util_tdb.c b/source3/lib/util_tdb.c index ce2cb427d1..dd5ebcd7ab 100644 --- a/source3/lib/util_tdb.c +++ b/source3/lib/util_tdb.c @@ -656,6 +656,7 @@ int tdb_unpack(const uint8 *buf, int bufsize, const char *fmt, ...) return PTR_DIFF(buf, buf0); no_space: + va_end(ap); return -1; } diff --git a/source3/lib/xfile.c b/source3/lib/xfile.c index c98522200b..ee6e581332 100644 --- a/source3/lib/xfile.c +++ b/source3/lib/xfile.c @@ -223,9 +223,15 @@ size_t x_fwrite(const void *p, size_t size, size_t nmemb, XFILE *f) VA_COPY(ap2, ap); len = vasprintf(&p, format, ap2); - if (len <= 0) return len; + if (len <= 0) { + va_end(ap2); + return len; + } ret = x_fwrite(p, 1, len, f); SAFE_FREE(p); + + va_end(ap2); + return ret; } diff --git a/source3/libsmb/ntlmssp_parse.c b/source3/libsmb/ntlmssp_parse.c index ac8846ad1e..70377cba7d 100644 --- a/source3/libsmb/ntlmssp_parse.c +++ b/source3/libsmb/ntlmssp_parse.c @@ -170,6 +170,7 @@ bool msrpc_gen(DATA_BLOB *blob, /* a helpful macro to avoid running over the end of our blob */ #define NEED_DATA(amount) \ if ((head_ofs + amount) > blob->length) { \ + va_end(ap); \ return False; \ } @@ -216,16 +217,20 @@ bool msrpc_parse(const DATA_BLOB *blob, if ((len1 != len2) || (ptr + len1 < ptr) || (ptr + len1 < len1) || (ptr + len1 > blob->length)) { + va_end(ap); return false; } if (len1 & 1) { /* if odd length and unicode */ + va_end(ap); return false; } if (blob->data + ptr < (uint8 *)(unsigned long)ptr || - blob->data + ptr < blob->data) + blob->data + ptr < blob->data) { + va_end(ap); return false; + } if (0 < len1) { char *p = NULL; @@ -261,13 +266,16 @@ bool msrpc_parse(const DATA_BLOB *blob, if ((len1 != len2) || (ptr + len1 < ptr) || (ptr + len1 < len1) || (ptr + len1 > blob->length)) { + va_end(ap); return false; } if (blob->data + ptr < (uint8 *)(unsigned long)ptr || - blob->data + ptr < blob->data) + blob->data + ptr < blob->data) { + va_end(ap); return false; + } if (0 < len1) { char *p = NULL; @@ -304,13 +312,16 @@ bool msrpc_parse(const DATA_BLOB *blob, if ((len1 != len2) || (ptr + len1 < ptr) || (ptr + len1 < len1) || (ptr + len1 > blob->length)) { + va_end(ap); return false; } if (blob->data + ptr < (uint8 *)(unsigned long)ptr || - blob->data + ptr < blob->data) + blob->data + ptr < blob->data) { + va_end(ap); return false; + } *b = data_blob(blob->data + ptr, len1); } @@ -322,6 +333,7 @@ bool msrpc_parse(const DATA_BLOB *blob, NEED_DATA(len1); if (blob->data + head_ofs < (uint8 *)head_ofs || blob->data + head_ofs < blob->data) { + va_end(ap); return false; } @@ -337,7 +349,8 @@ bool msrpc_parse(const DATA_BLOB *blob, s = va_arg(ap, char *); if (blob->data + head_ofs < (uint8 *)head_ofs || - blob->data + head_ofs < blob->data) { + blob->data + head_ofs < blob->data) { + va_end(ap); return false; } @@ -351,11 +364,13 @@ bool msrpc_parse(const DATA_BLOB *blob, blob->length - head_ofs, STR_ASCII|STR_TERMINATE); if (ret == (size_t)-1 || p == NULL) { + va_end(ap); return false; } head_ofs += ret; if (strcmp(s, p) != 0) { TALLOC_FREE(p); + va_end(ap); return false; } TALLOC_FREE(p); diff --git a/source3/printing/print_generic.c b/source3/printing/print_generic.c index cc4b744a11..2a324fdd5c 100644 --- a/source3/printing/print_generic.c +++ b/source3/printing/print_generic.c @@ -41,15 +41,18 @@ static int print_run_command(int snum, const char* printername, bool do_sub, /* check for a valid system printername and valid command to run */ if ( !printername || !*printername ) { + va_end(ap); return -1; } if (!command || !*command) { + va_end(ap); return -1; } syscmd = talloc_strdup(ctx, command); if (!syscmd) { + va_end(ap); return -1; } @@ -57,6 +60,7 @@ static int print_run_command(int snum, const char* printername, bool do_sub, char *value = va_arg(ap,char *); syscmd = talloc_string_sub(ctx, syscmd, arg, value); if (!syscmd) { + va_end(ap); return -1; } } |