summaryrefslogtreecommitdiff
path: root/source3/rpc_parse/parse_buffer.c
AgeCommit message (Collapse)AuthorFilesLines
2007-10-10r14043: After discussion with Jerry revert part of theJeremy Allison1-26/+15
Coverity null-ref patch - put prs_rpcbuffer_p back to the way it was (with an additional coverity paranoia check) - move the real test into rpcbuf_alloc_size instead. Jeremy. (This used to be commit f74993e65c01bc0ef73d3e8710bb2f840910161a)
2007-10-10r14014: Coverity paranoia. Shut it up by making the guarenteeJeremy Allison1-2/+7
in the code explicit - but this was a false positive (CID #16). Jeremy. (This used to be commit 43a0e869f2aee9b4e22d0d7fc92051e82f7536ad)
2007-10-10r13989: Fix for Coverity bug #45 and associated spoolss RPC_BUFFERJeremy Allison1-7/+22
problems. Ensure that if the parse succeeds on UNMARSHALL we have a valid (although possibly empty) RPC_BUFFER returned. Jeremy. (This used to be commit d319cc9c08bfa865a6431a8631a9c609f589be1f)
2007-10-10r13915: Fixed a very interesting class of realloc() bugs found by Coverity.Jeremy Allison1-7/+2
realloc can return NULL in one of two cases - (1) the realloc failed, (2) realloc succeeded but the new size requested was zero, in which case this is identical to a free() call. The error paths dealing with these two cases should be different, but mostly weren't. Secondly the standard idiom for dealing with realloc when you know the new size is non-zero is the following : tmp = realloc(p, size); if (!tmp) { SAFE_FREE(p); return error; } else { p = tmp; } However, there were *many* *many* places in Samba where we were using the old (broken) idiom of : p = realloc(p, size) if (!p) { return error; } which will leak the memory pointed to by p on realloc fail. This commit (hopefully) fixes all these cases by moving to a standard idiom of : p = SMB_REALLOC(p, size) if (!p) { return error; } Where if the realloc returns null due to the realloc failing or size == 0 we *guarentee* that the storage pointed to by p has been freed. This allows me to remove a lot of code that was dealing with the standard (more verbose) method that required a tmp pointer. This is almost always what you want. When a realloc fails you never usually want the old memory, you want to free it and get into your error processing asap. For the 11 remaining cases where we really do need to keep the old pointer I have invented the new macro SMB_REALLOC_KEEP_OLD_ON_ERROR, which can be used as follows : tmp = SMB_REALLOC_KEEP_OLD_ON_ERROR(p, size); if (!tmp) { SAFE_FREE(p); return error; } else { p = tmp; } SMB_REALLOC_KEEP_OLD_ON_ERROR guarentees never to free the pointer p, even on size == 0 or realloc fail. All this is done by a hidden extra argument to Realloc(), BOOL free_old_on_error which is set appropriately by the SMB_REALLOC and SMB_REALLOC_KEEP_OLD_ON_ERROR macros (and their array counterparts). It remains to be seen what this will do to our Coverity bug count :-). Jeremy. (This used to be commit 1d710d06a214f3f1740e80e0bffd6aab44aac2b0)
2007-10-10r10656: BIG merge from trunk. Features not copied overGerald Carter1-1/+1
* \PIPE\unixinfo * winbindd's {group,alias}membership new functions * winbindd's lookupsids() functionality * swat (trunk changes to be reverted as per discussion with Deryck) (This used to be commit 939c3cb5d78e3a2236209b296aa8aba8bdce32d3)
2007-10-10r7789: fix overparanoid assert() call when checking spolss buffer pointersGerald Carter1-6/+12
(This used to be commit e81e6e653aecdd0e4cfd2ea7ced16070bc376292)
2007-10-10r6218: * fix a segv in EnumPrinters():rpc_buffer_alloc when the caller does ↵Gerald Carter1-0/+5
not provide an RPC_BUFFER in the request * add initial (but wire untested) support for RegRestoreKey() (This used to be commit 22855c7aae940cc4082c231a470f612b8fc6fa0d)
2007-10-10r5809: try to catch NULL pointers during developerment for rpcbuf_move()Gerald Carter1-2/+1
(This used to be commit f9e9a42c0734129100e1cdd4a9ad1539b65ab5bc)
2007-10-10r5808: removing unneeded structure field from RPC_BUFFERGerald Carter1-25/+0
(This used to be commit 9b0bfd7e6fd1acc85ec53d2fa32d61cd34aa2345)
2007-10-10r5805: merging spoolss parsing changes from trunk and cleaning up resulting ↵Gerald Carter1-0/+512
segvs (This used to be commit 25121547caaaed0d60f4db7458570c14e7d21b2a)