From 989ad44d32c2e77972a966d91f1813b0b929f83b Mon Sep 17 00:00:00 2001 From: todd stecher Date: Mon, 19 Jan 2009 15:09:51 -0800 Subject: Memory leaks and other fixes found by Coverity --- source3/auth/pampass.c | 4 ++- source3/include/proto.h | 2 +- source3/lib/dprintf.c | 26 ++++++++------ source3/libsmb/clikrb5.c | 10 +++--- source3/nmbd/nmbd_incomingrequests.c | 4 +-- source3/nmbd/nmbd_serverlistdb.c | 2 +- source3/passdb/pdb_interface.c | 6 ++++ source3/passdb/pdb_ldap.c | 1 + source3/rpc_client/cli_spoolss.c | 66 ++++++++++++++++++++++++------------ source3/rpc_parse/parse_buffer.c | 11 +++--- source3/rpc_server/srv_pipe.c | 4 ++- source3/rpc_server/srv_spoolss_nt.c | 3 +- source3/rpc_server/srv_svcctl_nt.c | 2 -- source3/utils/net_rpc.c | 12 +++++-- source3/winbindd/winbindd_group.c | 8 ++++- source3/winbindd/winbindd_user.c | 8 ++++- source3/winbindd/winbindd_util.c | 12 +++++-- source3/winbindd/winbindd_wins.c | 10 ++++-- testsuite/printing/psec.c | 7 ++-- 19 files changed, 136 insertions(+), 62 deletions(-) diff --git a/source3/auth/pampass.c b/source3/auth/pampass.c index 9345eed27a..4312b771c9 100644 --- a/source3/auth/pampass.c +++ b/source3/auth/pampass.c @@ -462,7 +462,9 @@ static bool smb_pam_end(pam_handle_t *pamh, struct pam_conv *smb_pam_conv_ptr) static bool smb_pam_start(pam_handle_t **pamh, const char *user, const char *rhost, struct pam_conv *pconv) { int pam_error; +#ifdef PAM_RHOST const char *our_rhost; +#endif char addr[INET6_ADDRSTRLEN]; *pamh = (pam_handle_t *)NULL; @@ -475,6 +477,7 @@ static bool smb_pam_start(pam_handle_t **pamh, const char *user, const char *rho return False; } +#ifdef PAM_RHOST if (rhost == NULL) { our_rhost = client_name(get_client_fd()); if (strequal(our_rhost,"UNKNOWN")) @@ -483,7 +486,6 @@ static bool smb_pam_start(pam_handle_t **pamh, const char *user, const char *rho our_rhost = rhost; } -#ifdef PAM_RHOST DEBUG(4,("smb_pam_start: PAM: setting rhost to: %s\n", our_rhost)); pam_error = pam_set_item(*pamh, PAM_RHOST, our_rhost); if(!smb_pam_error_handler(*pamh, pam_error, "set rhost failed", 0)) { diff --git a/source3/include/proto.h b/source3/include/proto.h index 9ce6a9d7f1..1445b10914 100644 --- a/source3/include/proto.h +++ b/source3/include/proto.h @@ -5581,7 +5581,7 @@ NTSTATUS cli_do_rpc_ndr(struct rpc_pipe_client *cli, /* The following definitions come from rpc_parse/parse_buffer.c */ -void rpcbuf_init(RPC_BUFFER *buffer, uint32 size, TALLOC_CTX *ctx); +bool rpcbuf_init(RPC_BUFFER *buffer, uint32 size, TALLOC_CTX *ctx); bool prs_rpcbuffer(const char *desc, prs_struct *ps, int depth, RPC_BUFFER *buffer); bool prs_rpcbuffer_p(const char *desc, prs_struct *ps, int depth, RPC_BUFFER **buffer); bool rpcbuf_alloc_size(RPC_BUFFER *buffer, uint32 buffer_size); diff --git a/source3/lib/dprintf.c b/source3/lib/dprintf.c index b3c830dd5b..631c45a807 100644 --- a/source3/lib/dprintf.c +++ b/source3/lib/dprintf.c @@ -32,24 +32,27 @@ int d_vfprintf(FILE *f, const char *format, va_list ap) { - char *p, *p2; + char *p = NULL, *p2 = NULL; int ret, maxlen, clen; const char *msgstr; va_list ap2; + va_copy(ap2, ap); + /* do any message translations */ msgstr = lang_msg(format); - if (!msgstr) return -1; - - va_copy(ap2, ap); + if (!msgstr) { + ret = -1; + goto out; + } ret = vasprintf(&p, msgstr, ap2); lang_msg_free(msgstr); if (ret <= 0) { - va_end(ap2); - return ret; + ret = -1; + goto out; } /* now we have the string in unix format, convert it to the display @@ -58,10 +61,10 @@ again: p2 = (char *)SMB_MALLOC(maxlen); if (!p2) { - SAFE_FREE(p); - va_end(ap2); - return -1; + ret = -1; + goto out; } + clen = convert_string(CH_UNIX, CH_DISPLAY, p, ret, p2, maxlen, True); if (clen >= maxlen) { @@ -72,10 +75,11 @@ again: } /* good, its converted OK */ - SAFE_FREE(p); ret = fwrite(p2, 1, clen, f); - SAFE_FREE(p2); +out: + SAFE_FREE(p); + SAFE_FREE(p2); va_end(ap2); return ret; diff --git a/source3/libsmb/clikrb5.c b/source3/libsmb/clikrb5.c index 9f86b8b2f8..a95a25c74a 100644 --- a/source3/libsmb/clikrb5.c +++ b/source3/libsmb/clikrb5.c @@ -1417,7 +1417,7 @@ done: addrs = (krb5_address **)SMB_MALLOC(sizeof(krb5_address *) * num_addr); if (addrs == NULL) { - SAFE_FREE(kerb_addr); + SAFE_FREE(*kerb_addr); return ENOMEM; } @@ -1426,7 +1426,7 @@ done: addrs[0] = (krb5_address *)SMB_MALLOC(sizeof(krb5_address)); if (addrs[0] == NULL) { SAFE_FREE(addrs); - SAFE_FREE(kerb_addr); + SAFE_FREE(*kerb_addr); return ENOMEM; } @@ -1437,7 +1437,7 @@ done: if (addrs[0]->contents == NULL) { SAFE_FREE(addrs[0]); SAFE_FREE(addrs); - SAFE_FREE(kerb_addr); + SAFE_FREE(*kerb_addr); return ENOMEM; } @@ -1449,7 +1449,7 @@ done: { addrs = (krb5_addresses *)SMB_MALLOC(sizeof(krb5_addresses)); if (addrs == NULL) { - SAFE_FREE(kerb_addr); + SAFE_FREE(*kerb_addr); return ENOMEM; } @@ -1469,7 +1469,7 @@ done: if (addrs->val[0].address.data == NULL) { SAFE_FREE(addrs->val); SAFE_FREE(addrs); - SAFE_FREE(kerb_addr); + SAFE_FREE(*kerb_addr); return ENOMEM; } diff --git a/source3/nmbd/nmbd_incomingrequests.c b/source3/nmbd/nmbd_incomingrequests.c index ebe1948141..63f9a3a45c 100644 --- a/source3/nmbd/nmbd_incomingrequests.c +++ b/source3/nmbd/nmbd_incomingrequests.c @@ -314,14 +314,14 @@ void process_node_status_request(struct subnet_record *subrec, struct packet_str char rdata[MAX_DGRAM_SIZE]; char *countptr, *buf, *bufend, *buf0; int names_added,i; - struct name_record *namerec; + struct name_record *namerec = NULL; pull_ascii_nstring(qname, sizeof(qname), nmb->question.question_name.name); DEBUG(3,("process_node_status_request: status request for name %s from IP %s on \ subnet %s.\n", nmb_namestr(&nmb->question.question_name), inet_ntoa(p->ip), subrec->subnet_name)); - if((namerec = find_name_on_subnet(subrec, &nmb->question.question_name, FIND_SELF_NAME)) == 0) { + if(find_name_on_subnet(subrec, &nmb->question.question_name, FIND_SELF_NAME) == 0) { DEBUG(1,("process_node_status_request: status request for name %s from IP %s on \ subnet %s - name not found.\n", nmb_namestr(&nmb->question.question_name), inet_ntoa(p->ip), subrec->subnet_name)); diff --git a/source3/nmbd/nmbd_serverlistdb.c b/source3/nmbd/nmbd_serverlistdb.c index 28c164fc14..0728f29c32 100644 --- a/source3/nmbd/nmbd_serverlistdb.c +++ b/source3/nmbd/nmbd_serverlistdb.c @@ -128,7 +128,7 @@ struct server_record *create_server_on_workgroup(struct work_record *work, return (NULL); } - if((servrec = find_server_in_workgroup(work, name)) != NULL) { + if(find_server_in_workgroup(work, name) != NULL) { DEBUG(0,("create_server_on_workgroup: Server %s already exists on \ workgroup %s. This is a bug.\n", name, work->work_group)); return NULL; diff --git a/source3/passdb/pdb_interface.c b/source3/passdb/pdb_interface.c index b13644bac3..486b5b1b80 100644 --- a/source3/passdb/pdb_interface.c +++ b/source3/passdb/pdb_interface.c @@ -605,6 +605,9 @@ static NTSTATUS pdb_default_delete_dom_group(struct pdb_methods *methods, struct group *grp; const char *grp_name; + /* coverity */ + map.gid = (gid_t) -1; + sid_compose(&group_sid, get_global_sam_sid(), rid); if (!get_domain_group_from_sid(group_sid, &map)) { @@ -780,6 +783,9 @@ static NTSTATUS pdb_default_add_groupmem(struct pdb_methods *methods, const char *group_name; uid_t uid; + /* coverity */ + map.gid = (gid_t) -1; + sid_compose(&group_sid, get_global_sam_sid(), group_rid); sid_compose(&member_sid, get_global_sam_sid(), member_rid); diff --git a/source3/passdb/pdb_ldap.c b/source3/passdb/pdb_ldap.c index f031483ea1..043b620756 100644 --- a/source3/passdb/pdb_ldap.c +++ b/source3/passdb/pdb_ldap.c @@ -4221,6 +4221,7 @@ const char **talloc_attrs(TALLOC_CTX *mem_ctx, ...) result[i] = talloc_strdup(result, va_arg(ap, const char*)); if (result[i] == NULL) { talloc_free(result); + va_end(ap); return NULL; } } diff --git a/source3/rpc_client/cli_spoolss.c b/source3/rpc_client/cli_spoolss.c index 69cee6c8e8..30a707f943 100644 --- a/source3/rpc_client/cli_spoolss.c +++ b/source3/rpc_client/cli_spoolss.c @@ -521,7 +521,8 @@ WERROR rpccli_spoolss_enum_printers(struct rpc_pipe_client *cli, TALLOC_CTX *mem ZERO_STRUCT(out); offered = 0; - rpcbuf_init(&buffer, offered, mem_ctx); + if (!rpcbuf_init(&buffer, offered, mem_ctx)) + return WERR_NOMEM; make_spoolss_q_enumprinters( &in, flags, name, level, &buffer, offered ); CLI_DO_RPC_WERR( cli, mem_ctx, &syntax_spoolss, SPOOLSS_ENUMPRINTERS, @@ -537,7 +538,8 @@ WERROR rpccli_spoolss_enum_printers(struct rpc_pipe_client *cli, TALLOC_CTX *mem ZERO_STRUCT(in); ZERO_STRUCT(out); - rpcbuf_init(&buffer, offered, mem_ctx); + if (!rpcbuf_init(&buffer, offered, mem_ctx)) + return WERR_NOMEM; make_spoolss_q_enumprinters( &in, flags, name, level, &buffer, offered ); CLI_DO_RPC_WERR( cli, mem_ctx, &syntax_spoolss, SPOOLSS_ENUMPRINTERS, @@ -601,7 +603,8 @@ WERROR rpccli_spoolss_enum_ports(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ct strupper_m(server); offered = 0; - rpcbuf_init(&buffer, offered, mem_ctx); + if (!rpcbuf_init(&buffer, offered, mem_ctx)) + return WERR_NOMEM; make_spoolss_q_enumports( &in, server, level, &buffer, offered ); CLI_DO_RPC_WERR( cli, mem_ctx, &syntax_spoolss, SPOOLSS_ENUMPORTS, @@ -617,7 +620,8 @@ WERROR rpccli_spoolss_enum_ports(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ct ZERO_STRUCT(in); ZERO_STRUCT(out); - rpcbuf_init(&buffer, offered, mem_ctx); + if (!rpcbuf_init(&buffer, offered, mem_ctx)) + return WERR_NOMEM; make_spoolss_q_enumports( &in, server, level, &buffer, offered ); CLI_DO_RPC_WERR( cli, mem_ctx, &syntax_spoolss, SPOOLSS_ENUMPORTS, @@ -670,7 +674,8 @@ WERROR rpccli_spoolss_getprinter(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ct /* Initialise input parameters */ offered = 0; - rpcbuf_init(&buffer, offered, mem_ctx); + if (!rpcbuf_init(&buffer, offered, mem_ctx)) + return WERR_NOMEM; make_spoolss_q_getprinter( mem_ctx, &in, pol, level, &buffer, offered ); CLI_DO_RPC_WERR( cli, mem_ctx, &syntax_spoolss, SPOOLSS_GETPRINTER, @@ -686,7 +691,8 @@ WERROR rpccli_spoolss_getprinter(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ct ZERO_STRUCT(in); ZERO_STRUCT(out); - rpcbuf_init(&buffer, offered, mem_ctx); + if (!rpcbuf_init(&buffer, offered, mem_ctx)) + return WERR_NOMEM; make_spoolss_q_getprinter( mem_ctx, &in, pol, level, &buffer, offered ); CLI_DO_RPC_WERR( cli, mem_ctx, &syntax_spoolss, SPOOLSS_GETPRINTER, @@ -781,7 +787,8 @@ WERROR rpccli_spoolss_getprinterdriver(struct rpc_pipe_client *cli, strupper_m(server); offered = 0; - rpcbuf_init(&buffer, offered, mem_ctx); + if (!rpcbuf_init(&buffer, offered, mem_ctx)) + return WERR_NOMEM; make_spoolss_q_getprinterdriver2( &in, pol, env, level, version, 2, &buffer, offered); @@ -798,7 +805,8 @@ WERROR rpccli_spoolss_getprinterdriver(struct rpc_pipe_client *cli, ZERO_STRUCT(in); ZERO_STRUCT(out); - rpcbuf_init(&buffer, offered, mem_ctx); + if (!rpcbuf_init(&buffer, offered, mem_ctx)) + return WERR_NOMEM; make_spoolss_q_getprinterdriver2( &in, pol, env, level, version, 2, &buffer, offered); @@ -859,7 +867,8 @@ WERROR rpccli_spoolss_enumprinterdrivers (struct rpc_pipe_client *cli, strupper_m(server); offered = 0; - rpcbuf_init(&buffer, offered, mem_ctx); + if (!rpcbuf_init(&buffer, offered, mem_ctx)) + return WERR_NOMEM; make_spoolss_q_enumprinterdrivers( &in, server, env, level, &buffer, offered); @@ -876,7 +885,8 @@ WERROR rpccli_spoolss_enumprinterdrivers (struct rpc_pipe_client *cli, ZERO_STRUCT(in); ZERO_STRUCT(out); - rpcbuf_init(&buffer, offered, mem_ctx); + if (!rpcbuf_init(&buffer, offered, mem_ctx)) + return WERR_NOMEM; make_spoolss_q_enumprinterdrivers( &in, server, env, level, &buffer, offered); @@ -942,7 +952,8 @@ WERROR rpccli_spoolss_getprinterdriverdir (struct rpc_pipe_client *cli, strupper_m(server); offered = 0; - rpcbuf_init(&buffer, offered, mem_ctx); + if (!rpcbuf_init(&buffer, offered, mem_ctx)) + return WERR_NOMEM; make_spoolss_q_getprinterdriverdir( &in, server, env, level, &buffer, offered ); @@ -959,7 +970,8 @@ WERROR rpccli_spoolss_getprinterdriverdir (struct rpc_pipe_client *cli, ZERO_STRUCT(in); ZERO_STRUCT(out); - rpcbuf_init(&buffer, offered, mem_ctx); + if (!rpcbuf_init(&buffer, offered, mem_ctx)) + return WERR_NOMEM; make_spoolss_q_getprinterdriverdir( &in, server, env, level, &buffer, offered ); @@ -1125,7 +1137,8 @@ WERROR rpccli_spoolss_getprintprocessordirectory(struct rpc_pipe_client *cli, ZERO_STRUCT(out); offered = 0; - rpcbuf_init(&buffer, offered, mem_ctx); + if (!rpcbuf_init(&buffer, offered, mem_ctx)) + return WERR_NOMEM; make_spoolss_q_getprintprocessordirectory( &in, name, environment, level, &buffer, offered ); @@ -1142,7 +1155,8 @@ WERROR rpccli_spoolss_getprintprocessordirectory(struct rpc_pipe_client *cli, ZERO_STRUCT(in); ZERO_STRUCT(out); - rpcbuf_init(&buffer, offered, mem_ctx); + if (!rpcbuf_init(&buffer, offered, mem_ctx)) + return WERR_NOMEM; make_spoolss_q_getprintprocessordirectory( &in, name, environment, level, &buffer, offered ); @@ -1230,7 +1244,8 @@ WERROR rpccli_spoolss_getform(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx, ZERO_STRUCT(out); offered = 0; - rpcbuf_init(&buffer, offered, mem_ctx); + if (!rpcbuf_init(&buffer, offered, mem_ctx)) + return WERR_NOMEM; make_spoolss_q_getform( &in, handle, formname, level, &buffer, offered ); CLI_DO_RPC_WERR( cli, mem_ctx, &syntax_spoolss, SPOOLSS_GETFORM, @@ -1246,7 +1261,8 @@ WERROR rpccli_spoolss_getform(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx, ZERO_STRUCT(in); ZERO_STRUCT(out); - rpcbuf_init(&buffer, offered, mem_ctx); + if (!rpcbuf_init(&buffer, offered, mem_ctx)) + return WERR_NOMEM; make_spoolss_q_getform( &in, handle, formname, level, &buffer, offered ); CLI_DO_RPC_WERR( cli, mem_ctx, &syntax_spoolss, SPOOLSS_GETFORM, @@ -1309,7 +1325,8 @@ WERROR rpccli_spoolss_enumforms(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx ZERO_STRUCT(out); offered = 0; - rpcbuf_init(&buffer, offered, mem_ctx); + if (!rpcbuf_init(&buffer, offered, mem_ctx)) + return WERR_NOMEM; make_spoolss_q_enumforms( &in, handle, level, &buffer, offered ); CLI_DO_RPC_WERR( cli, mem_ctx, &syntax_spoolss, SPOOLSS_ENUMFORMS, @@ -1325,7 +1342,8 @@ WERROR rpccli_spoolss_enumforms(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx ZERO_STRUCT(in); ZERO_STRUCT(out); - rpcbuf_init(&buffer, offered, mem_ctx); + if (!rpcbuf_init(&buffer, offered, mem_ctx)) + return WERR_NOMEM; make_spoolss_q_enumforms( &in, handle, level, &buffer, offered ); CLI_DO_RPC_WERR( cli, mem_ctx, &syntax_spoolss, SPOOLSS_ENUMFORMS, @@ -1365,7 +1383,8 @@ WERROR rpccli_spoolss_enumjobs(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx, ZERO_STRUCT(out); offered = 0; - rpcbuf_init(&buffer, offered, mem_ctx); + if (!rpcbuf_init(&buffer, offered, mem_ctx)) + return WERR_NOMEM; make_spoolss_q_enumjobs( &in, hnd, firstjob, num_jobs, level, &buffer, offered ); @@ -1382,7 +1401,8 @@ WERROR rpccli_spoolss_enumjobs(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx, ZERO_STRUCT(in); ZERO_STRUCT(out); - rpcbuf_init(&buffer, offered, mem_ctx); + if (!rpcbuf_init(&buffer, offered, mem_ctx)) + return WERR_NOMEM; make_spoolss_q_enumjobs( &in, hnd, firstjob, num_jobs, level, &buffer, offered ); @@ -1461,7 +1481,8 @@ WERROR rpccli_spoolss_getjob(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx, ZERO_STRUCT(out); offered = 0; - rpcbuf_init(&buffer, offered, mem_ctx); + if (!rpcbuf_init(&buffer, offered, mem_ctx)) + return WERR_NOMEM; make_spoolss_q_getjob( &in, hnd, jobid, level, &buffer, offered ); CLI_DO_RPC_WERR( cli, mem_ctx, &syntax_spoolss, SPOOLSS_GETJOB, @@ -1477,7 +1498,8 @@ WERROR rpccli_spoolss_getjob(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx, ZERO_STRUCT(in); ZERO_STRUCT(out); - rpcbuf_init(&buffer, offered, mem_ctx); + if (!rpcbuf_init(&buffer, offered, mem_ctx)) + return WERR_NOMEM; make_spoolss_q_getjob( &in, hnd, jobid, level, &buffer, offered ); CLI_DO_RPC_WERR( cli, mem_ctx, &syntax_spoolss, SPOOLSS_GETJOB, diff --git a/source3/rpc_parse/parse_buffer.c b/source3/rpc_parse/parse_buffer.c index b5177cc634..99546ef3fb 100644 --- a/source3/rpc_parse/parse_buffer.c +++ b/source3/rpc_parse/parse_buffer.c @@ -30,14 +30,15 @@ /********************************************************************** Initialize a new spoolss buff for use by a client rpc **********************************************************************/ -void rpcbuf_init(RPC_BUFFER *buffer, uint32 size, TALLOC_CTX *ctx) +bool rpcbuf_init(RPC_BUFFER *buffer, uint32 size, TALLOC_CTX *ctx) { buffer->size = size; buffer->string_at_end = size; - if (prs_init(&buffer->prs, size, ctx, MARSHALL)) - buffer->struct_start = prs_offset(&buffer->prs); - else - buffer->struct_start = 0; + if (!prs_init(&buffer->prs, size, ctx, MARSHALL)) + return false; + + buffer->struct_start = prs_offset(&buffer->prs); + return true; } /******************************************************************* diff --git a/source3/rpc_server/srv_pipe.c b/source3/rpc_server/srv_pipe.c index 4f78d69bcc..343342a06c 100644 --- a/source3/rpc_server/srv_pipe.c +++ b/source3/rpc_server/srv_pipe.c @@ -706,7 +706,7 @@ static int rpc_lookup_size; bool api_pipe_bind_auth3(pipes_struct *p, prs_struct *rpc_in_p) { RPC_HDR_AUTH auth_info; - uint32 pad; + uint32 pad = 0; DATA_BLOB blob; ZERO_STRUCT(blob); @@ -1839,6 +1839,8 @@ bool api_pipe_alter_context(pipes_struct *p, prs_struct *rpc_in_p) return False; } + ZERO_STRUCT(hdr_rb); + DEBUG(5,("api_pipe_alter_context: decode request. %d\n", __LINE__)); /* decode the alter context request */ diff --git a/source3/rpc_server/srv_spoolss_nt.c b/source3/rpc_server/srv_spoolss_nt.c index 123cbf9335..ba2fe774b8 100644 --- a/source3/rpc_server/srv_spoolss_nt.c +++ b/source3/rpc_server/srv_spoolss_nt.c @@ -9927,7 +9927,8 @@ WERROR _spoolss_xcvdataport(pipes_struct *p, SPOOL_Q_XCVDATAPORT *q_u, SPOOL_R_X /* Allocate the outgoing buffer */ - rpcbuf_init( &r_u->outdata, q_u->offered, p->mem_ctx ); + if (!rpcbuf_init( &r_u->outdata, q_u->offered, p->mem_ctx )) + return WERR_NOMEM; switch ( Printer->printer_type ) { case SPLHND_PORTMON_TCP: diff --git a/source3/rpc_server/srv_svcctl_nt.c b/source3/rpc_server/srv_svcctl_nt.c index 3b044944d9..33bf3d0098 100644 --- a/source3/rpc_server/srv_svcctl_nt.c +++ b/source3/rpc_server/srv_svcctl_nt.c @@ -580,7 +580,6 @@ WERROR _svcctl_QueryServiceStatusEx(pipes_struct *p, /* we have to set the outgoing buffer size to the same as the incoming buffer size (even in the case of failure) */ - *r->out.bytes_needed = r->in.buf_size; switch ( r->in.info_level ) { @@ -736,7 +735,6 @@ WERROR _svcctl_QueryServiceConfig2W(pipes_struct *p, /* we have to set the outgoing buffer size to the same as the incoming buffer size (even in the case of failure */ - *r->out.bytes_needed = r->in.buf_size; switch ( r->in.info_level ) { diff --git a/source3/utils/net_rpc.c b/source3/utils/net_rpc.c index 652f0b531b..c000b58098 100644 --- a/source3/utils/net_rpc.c +++ b/source3/utils/net_rpc.c @@ -4064,7 +4064,11 @@ static bool get_user_sids(const char *domain, const char *user, NT_USER_TOKEN *t return false; } - string_to_sid(&user_sid, sid_str); + if (!string_to_sid(&user_sid, sid_str)) { + DEBUG(1,("Could not convert sid %s from string\n", sid_str)); + return false; + } + wbcFreeMemory(sid_str); sid_str = NULL; @@ -4200,7 +4204,11 @@ static bool get_user_tokens_from_file(FILE *f, /* We have a SID */ DOM_SID sid; - string_to_sid(&sid, &line[1]); + if(!string_to_sid(&sid, &line[1])) { + DEBUG(1,("get_user_tokens_from_file: Could " + "not convert sid %s \n",&line[1])); + return false; + } if (token == NULL) { DEBUG(0, ("File does not begin with username")); diff --git a/source3/winbindd/winbindd_group.c b/source3/winbindd/winbindd_group.c index 7432bda451..bc532bbce7 100644 --- a/source3/winbindd/winbindd_group.c +++ b/source3/winbindd/winbindd_group.c @@ -991,7 +991,13 @@ static void getgrgid_recv(void *private_data, bool success, const char *sid) DEBUG(10,("getgrgid_recv: gid %lu has sid %s\n", (unsigned long)(state->request.data.gid), sid)); - string_to_sid(&group_sid, sid); + if (!string_to_sid(&group_sid, sid)) { + DEBUG(1,("getgrgid_recv: Could not convert sid %s " + "from string\n", sid)); + request_error(state); + return; + } + winbindd_getgrsid(state, group_sid); return; } diff --git a/source3/winbindd/winbindd_user.c b/source3/winbindd/winbindd_user.c index fd1fdd3699..5356e16a74 100644 --- a/source3/winbindd/winbindd_user.c +++ b/source3/winbindd/winbindd_user.c @@ -527,7 +527,13 @@ static void getpwuid_recv(void *private_data, bool success, const char *sid) DEBUG(10,("uid2sid_recv: uid %lu has sid %s\n", (unsigned long)(state->request.data.uid), sid)); - string_to_sid(&user_sid, sid); + if (!string_to_sid(&user_sid, sid)) { + DEBUG(1,("uid2sid_recv: Could not convert sid %s " + "from string\n,", sid)); + request_error(state); + return; + } + winbindd_getpwsid(state, &user_sid); } diff --git a/source3/winbindd/winbindd_util.c b/source3/winbindd/winbindd_util.c index 748099a32e..2d87015fec 100644 --- a/source3/winbindd/winbindd_util.c +++ b/source3/winbindd/winbindd_util.c @@ -682,8 +682,16 @@ static void init_child_recv(void *private_data, bool success) state->response->data.domain_info.name); fstrcpy(state->domain->alt_name, state->response->data.domain_info.alt_name); - string_to_sid(&state->domain->sid, - state->response->data.domain_info.sid); + if (!string_to_sid(&state->domain->sid, + state->response->data.domain_info.sid)) { + DEBUG(1,("init_child_recv: Could not convert sid %s " + "from string\n", + state->response->data.domain_info.sid)); + state->continuation(state->private_data, False); + talloc_destroy(state->mem_ctx); + return; + } + state->domain->native_mode = state->response->data.domain_info.native_mode; state->domain->active_directory = diff --git a/source3/winbindd/winbindd_wins.c b/source3/winbindd/winbindd_wins.c index 4a3d2682b6..f9ba13ffda 100644 --- a/source3/winbindd/winbindd_wins.c +++ b/source3/winbindd/winbindd_wins.c @@ -46,9 +46,15 @@ static int wins_lookup_open_socket_in(void) if (res == -1) return -1; - setsockopt(res,SOL_SOCKET,SO_REUSEADDR,(char *)&val,sizeof(val)); + if (setsockopt(res,SOL_SOCKET,SO_REUSEADDR,(char *)&val,sizeof(val))) { + close(res); + return -1; + } #ifdef SO_REUSEPORT - setsockopt(res,SOL_SOCKET,SO_REUSEPORT,(char *)&val,sizeof(val)); + if (setsockopt(res,SOL_SOCKET,SO_REUSEPORT,(char *)&val,sizeof(val))) { + close(res); + return -1; + } #endif /* SO_REUSEPORT */ /* now we've got a socket - we need to bind it */ diff --git a/testsuite/printing/psec.c b/testsuite/printing/psec.c index 33a45e89d0..051837cec9 100644 --- a/testsuite/printing/psec.c +++ b/testsuite/printing/psec.c @@ -352,8 +352,11 @@ int psec_setsec(char *printer) goto done; } - prs_init(&ps, (uint32)sec_desc_size(sdb->sec) + - sizeof(SEC_DESC_BUF), 4, mem_ctx, MARSHALL); + if (!prs_init(&ps, (uint32)sec_desc_size(sdb->sec) + + sizeof(SEC_DESC_BUF), 4, mem_ctx, MARSHALL)) { + printf("prs_init() failed\n"); + goto done; + } if (!sec_io_desc_buf("nt_printing_setsec", &sdb, &ps, 1)) { printf("sec_io_desc_buf failed\n"); -- cgit