From e7fc37cf0f4bd2c0f25865fb07d1bff27b239130 Mon Sep 17 00:00:00 2001
From: Volker Lendecke <vlendec@samba.org>
Date: Mon, 19 Jun 2006 19:07:39 +0000
Subject: r16360: Fix Klocwork ID 136 520 521 522 523 542 574 575 576 607

in net_rpc.c: 715 716 732 734 735 736 737 738 739 749

in net_rpc_audit.c: 754 755 756

in net_rpc_join.c: 757

in net_rpc_registry: 766 767

in net_rpc_samsync.c: 771 773

in net_sam.c: 797 798

Volker
(This used to be commit 3df0bf7d6050fd7c9ace72487d4f74d92e30a584)
---
 source3/client/mount.cifs.c      |  5 +++++
 source3/libsmb/clidfs.c          |  9 ++++++---
 source3/libsmb/libsmb_compat.c   | 16 ++++++++++++++++
 source3/libsmb/libsmbclient.c    |  4 +++-
 source3/passdb/login_cache.c     | 12 ++++++++++++
 source3/utils/net_rpc.c          | 32 ++++++++++++++++++++++++++++----
 source3/utils/net_rpc_audit.c    |  7 +++++++
 source3/utils/net_rpc_join.c     |  5 ++++-
 source3/utils/net_rpc_registry.c | 10 ++++++++--
 source3/utils/net_rpc_samsync.c  | 10 +++++++++-
 source3/utils/net_sam.c          | 11 +++++++++--
 source3/utils/net_usershare.c    | 12 ++++++++++--
 12 files changed, 117 insertions(+), 16 deletions(-)

diff --git a/source3/client/mount.cifs.c b/source3/client/mount.cifs.c
index 23a74d34fa..ac98b992bb 100755
--- a/source3/client/mount.cifs.c
+++ b/source3/client/mount.cifs.c
@@ -259,6 +259,11 @@ static int get_password_from_file(int file_descript, char * filename)
 	else 
 		memset(mountpassword, 0, 64);
 
+	if (mountpassword == NULL) {
+		printf("malloc failed\n");
+		exit(1);
+	}
+
 	if(filename != NULL) {
 		file_descript = open(filename, O_RDONLY);
 		if(file_descript < 0) {
diff --git a/source3/libsmb/clidfs.c b/source3/libsmb/clidfs.c
index 298f4d1b54..e564bc4295 100644
--- a/source3/libsmb/clidfs.c
+++ b/source3/libsmb/clidfs.c
@@ -652,9 +652,12 @@ BOOL cli_resolve_path( const char *mountpt, struct cli_state *rootcli, const cha
 
 	fullpath[consumed/2] = '\0';
 	dos_clean_name( fullpath );
-	ppath = strchr_m( fullpath, '\\' );
-	ppath = strchr_m( ppath+1, '\\' );
-	ppath = strchr_m( ppath+1, '\\' );
+	if ((ppath = strchr_m( fullpath, '\\' )) == NULL)
+		return False;
+	if ((ppath = strchr_m( ppath+1, '\\' )) == NULL)
+		return False;
+	if ((ppath = strchr_m( ppath+1, '\\' )) == NULL)
+		return False;
 	ppath++;
 	
 	pstr_sprintf( newmount, "%s\\%s", mountpt, ppath );
diff --git a/source3/libsmb/libsmb_compat.c b/source3/libsmb/libsmb_compat.c
index 5699e153bb..cfd5948e26 100644
--- a/source3/libsmb/libsmb_compat.c
+++ b/source3/libsmb/libsmb_compat.c
@@ -341,6 +341,10 @@ int smbc_fsetxattr(int fd,
                    int flags)
 {
 	SMBCFILE * file = find_fd(fd);
+	if (file == NULL) {
+		errno = EBADF;
+		return -1;
+	}
         return statcont->setxattr(statcont, file->fname,
                                   name, value, size, flags);
 }
@@ -367,6 +371,10 @@ int smbc_fgetxattr(int fd,
                    size_t size)
 {
 	SMBCFILE * file = find_fd(fd);
+	if (file == NULL) {
+		errno = EBADF;
+		return -1;
+	}
         return statcont->getxattr(statcont, file->fname, name, value, size);
 }
 
@@ -386,6 +394,10 @@ int smbc_fremovexattr(int fd,
                       const char *name)
 {
 	SMBCFILE * file = find_fd(fd);
+	if (file == NULL) {
+		errno = EBADF;
+		return -1;
+	}
         return statcont->removexattr(statcont, file->fname, name);
 }
 
@@ -408,6 +420,10 @@ int smbc_flistxattr(int fd,
                     size_t size)
 {
 	SMBCFILE * file = find_fd(fd);
+	if (file == NULL) {
+		errno = EBADF;
+		return -1;
+	}
         return statcont->listxattr(statcont, file->fname, list, size);
 }
 
diff --git a/source3/libsmb/libsmbclient.c b/source3/libsmb/libsmbclient.c
index 4ea0ab6eb6..98264dfa86 100644
--- a/source3/libsmb/libsmbclient.c
+++ b/source3/libsmb/libsmbclient.c
@@ -3932,7 +3932,9 @@ add_ace(SEC_ACL **the_acl,
 		return True;
 	}
 
-	aces = SMB_CALLOC_ARRAY(SEC_ACE, 1+(*the_acl)->num_aces);
+	if ((aces = SMB_CALLOC_ARRAY(SEC_ACE, 1+(*the_acl)->num_aces)) == NULL) {
+		return False;
+	}
 	memcpy(aces, (*the_acl)->ace, (*the_acl)->num_aces * sizeof(SEC_ACE));
 	memcpy(aces+(*the_acl)->num_aces, ace, sizeof(SEC_ACE));
 	newacl = make_sec_acl(ctx, (*the_acl)->revision,
diff --git a/source3/passdb/login_cache.c b/source3/passdb/login_cache.c
index fba5990d81..9a19dcf437 100644
--- a/source3/passdb/login_cache.c
+++ b/source3/passdb/login_cache.c
@@ -72,6 +72,10 @@ LOGIN_CACHE * login_cache_read(struct samu *sampass)
 	if (!login_cache_init())
 		return NULL;
 
+	if (pdb_get_nt_username(sampass) == NULL) {
+		return NULL;
+	}
+
 	keybuf.dptr = SMB_STRDUP(pdb_get_nt_username(sampass));
 	if (!keybuf.dptr || !strlen(keybuf.dptr)) {
 		SAFE_FREE(keybuf.dptr);
@@ -117,6 +121,10 @@ BOOL login_cache_write(const struct samu *sampass, LOGIN_CACHE entry)
 	if (!login_cache_init())
 		return False;
 
+	if (pdb_get_nt_username(sampass) == NULL) {
+		return False;
+	}
+
 	keybuf.dptr = SMB_STRDUP(pdb_get_nt_username(sampass));
 	if (!keybuf.dptr || !strlen(keybuf.dptr)) {
 		SAFE_FREE(keybuf.dptr);
@@ -163,6 +171,10 @@ BOOL login_cache_delentry(const struct samu *sampass)
 	if (!login_cache_init()) 
 		return False;	
 
+	if (pdb_get_nt_username(sampass) == NULL) {
+		return False;
+	}
+
 	keybuf.dptr = SMB_STRDUP(pdb_get_nt_username(sampass));
 	if (!keybuf.dptr || !strlen(keybuf.dptr)) {
 		SAFE_FREE(keybuf.dptr);
diff --git a/source3/utils/net_rpc.c b/source3/utils/net_rpc.c
index 30d7b7be20..f29398c822 100644
--- a/source3/utils/net_rpc.c
+++ b/source3/utils/net_rpc.c
@@ -858,7 +858,10 @@ static NTSTATUS rpc_user_rename_internals(const DOM_SID *domain_sid,
 		goto done;
 	}
 
-	names = TALLOC_ARRAY(mem_ctx, const char *, num_names);
+	if ((names = TALLOC_ARRAY(mem_ctx, const char *, num_names)) == NULL) {
+		result = NT_STATUS_NO_MEMORY;
+		goto done;
+	}
 	names[0] = old_name;
 	result = rpccli_samr_lookup_names(pipe_hnd, mem_ctx, &domain_pol,
 				       flags, num_names, names,
@@ -1141,7 +1144,10 @@ static NTSTATUS rpc_user_info_internals(const DOM_SID *domain_sid,
 	/* Look up rids */
 
 	if (num_rids) {
-		rids = TALLOC_ARRAY(mem_ctx, uint32, num_rids);
+		if ((rids = TALLOC_ARRAY(mem_ctx, uint32, num_rids)) == NULL) {
+			result = NT_STATUS_NO_MEMORY;
+			goto done;
+		}
 
 		for (i = 0; i < num_rids; i++)
                 	rids[i] = user_gids[i].g_rid;
@@ -3008,13 +3014,17 @@ static NTSTATUS rpc_share_add_internals(const DOM_SID *domain_sid,
 					const char **argv)
 {
 	WERROR result;
-	char *sharename=talloc_strdup(mem_ctx, argv[0]);
+	char *sharename;
 	char *path;
 	uint32 type = STYPE_DISKTREE; /* only allow disk shares to be added */
 	uint32 num_users=0, perms=0;
 	char *password=NULL; /* don't allow a share password */
 	uint32 level = 2;
 
+	if ((sharename = talloc_strdup(mem_ctx, argv[0])) == NULL) {
+		return NT_STATUS_NO_MEMORY;
+	}
+
 	path = strchr(sharename, '=');
 	if (!path)
 		return NT_STATUS_UNSUCCESSFUL;
@@ -3152,6 +3162,10 @@ static WERROR get_share_info(struct rpc_pipe_client *pipe_hnd,
 		SRV_SHARE_INFO_1 *info1;
 		
 		ctr->share.info1 = TALLOC_ARRAY(mem_ctx, SRV_SHARE_INFO_1, 1);
+		if (ctr->share.info1 == NULL) {
+			result = WERR_NOMEM;
+			goto done;
+		}
 		info1 = ctr->share.info1;
 				
 		memset(ctr->share.info1, 0, sizeof(SRV_SHARE_INFO_1));
@@ -3176,6 +3190,10 @@ static WERROR get_share_info(struct rpc_pipe_client *pipe_hnd,
 		SRV_SHARE_INFO_2 *info2;
 		
 		ctr->share.info2 = TALLOC_ARRAY(mem_ctx, SRV_SHARE_INFO_2, 1);
+		if (ctr->share.info2 == NULL) {
+			result = WERR_NOMEM;
+			goto done;
+		}
 		info2 = ctr->share.info2;
 				
 		memset(ctr->share.info2, 0, sizeof(SRV_SHARE_INFO_2));
@@ -3208,6 +3226,10 @@ static WERROR get_share_info(struct rpc_pipe_client *pipe_hnd,
 		SRV_SHARE_INFO_502 *info502;
 
 		ctr->share.info502 = TALLOC_ARRAY(mem_ctx, SRV_SHARE_INFO_502, 1);
+		if (ctr->share.info502 == NULL) {
+			result = WERR_NOMEM;
+			goto done;
+		}
 		info502 = ctr->share.info502;
 
 		memset(ctr->share.info502, 0, sizeof(SRV_SHARE_INFO_502));
@@ -5461,7 +5483,9 @@ static NTSTATUS rpc_trustdom_del_internals(const DOM_SID *domain_sid,
 
 	strupper_m(acct_name);
 
-	names = TALLOC_ARRAY(mem_ctx, const char *, 1);
+	if ((names = TALLOC_ARRAY(mem_ctx, const char *, 1)) == NULL) {
+		return NT_STATUS_NO_MEMORY;
+	}
 	names[0] = acct_name;
 
 
diff --git a/source3/utils/net_rpc_audit.c b/source3/utils/net_rpc_audit.c
index 5c81fe24d0..981dc93fdd 100644
--- a/source3/utils/net_rpc_audit.c
+++ b/source3/utils/net_rpc_audit.c
@@ -44,6 +44,13 @@ static void print_auditing_category(const char *policy, const char *value)
 	fstring padding;
 	int pad_len, col_len = 30;
 
+	if (policy == NULL) {
+		policy = "Unknown";
+	}
+	if (value == NULL) {
+		value = "Invalid";
+	}
+
 	/* calculate padding space for d_printf to look nicer */
 	pad_len = col_len - strlen(policy);
 	padding[pad_len] = 0;
diff --git a/source3/utils/net_rpc_join.c b/source3/utils/net_rpc_join.c
index 2c55b0e946..d23bd76751 100644
--- a/source3/utils/net_rpc_join.c
+++ b/source3/utils/net_rpc_join.c
@@ -222,7 +222,10 @@ int net_rpc_join_newstyle(int argc, const char **argv)
 		      "could not open domain");
 
 	/* Create domain user */
-	acct_name = talloc_asprintf(mem_ctx, "%s$", global_myname()); 
+	if ((acct_name = talloc_asprintf(mem_ctx, "%s$", global_myname())) == NULL) {
+		result = NT_STATUS_NO_MEMORY;
+		goto done;
+	}
 	strlower_m(acct_name);
 	const_acct_name = acct_name;
 
diff --git a/source3/utils/net_rpc_registry.c b/source3/utils/net_rpc_registry.c
index 33d5310698..10ba28e023 100644
--- a/source3/utils/net_rpc_registry.c
+++ b/source3/utils/net_rpc_registry.c
@@ -408,7 +408,10 @@ static int rpc_registry_dump( int argc, const char **argv )
 	
 	/* get the root of the registry file */
 	
-	nk = regfio_rootkey( registry );
+	if ((nk = regfio_rootkey( registry )) == NULL) {
+		d_fprintf(stderr, "Could not get rootkey\n");
+		return 1;
+	}
 	d_printf("[%s]\n", nk->keyname);
 	dump_values( nk );
 	d_printf("\n");
@@ -455,7 +458,10 @@ static int rpc_registry_copy( int argc, const char **argv )
 	
 	/* get the root of the registry file */
 	
-	nk = regfio_rootkey( infile );
+	if ((nk = regfio_rootkey( infile )) == NULL) {
+		d_fprintf(stderr, "Could not get rootkey\n");
+		goto out_close_infile;
+	}
 	d_printf("RootKey: [%s]\n", nk->keyname);
 
 	write_registry_tree( infile, nk, NULL, outfile, "" );
diff --git a/source3/utils/net_rpc_samsync.c b/source3/utils/net_rpc_samsync.c
index ef9a0627b5..85b086a02f 100644
--- a/source3/utils/net_rpc_samsync.c
+++ b/source3/utils/net_rpc_samsync.c
@@ -574,6 +574,10 @@ static NTSTATUS fetch_account_info(uint32 rid, SAM_ACCOUNT_INFO *delta)
 		}
 	}
 
+	if (pdb_get_group_sid(sam_account) == NULL) {
+		return NT_STATUS_UNSUCCESSFUL;
+	}
+
 	group_sid = *pdb_get_group_sid(sam_account);
 
 	if (!pdb_getgrsid(&map, group_sid)) {
@@ -694,7 +698,11 @@ static NTSTATUS fetch_group_mem_info(uint32 rid, SAM_GROUP_MEM_INFO *delta)
 		return NT_STATUS_NO_MEMORY;
 	}
 
-	nt_members = TALLOC_ZERO_ARRAY(t, char *, delta->num_members);
+	if ((nt_members = TALLOC_ZERO_ARRAY(t, char *, delta->num_members)) == NULL) {
+		DEBUG(0, ("talloc failed\n"));
+		talloc_free(t);
+		return NT_STATUS_NO_MEMORY;
+	}
 
 	for (i=0; i<delta->num_members; i++) {
 		struct samu *member = NULL;
diff --git a/source3/utils/net_sam.c b/source3/utils/net_sam.c
index 605d4bbc6b..654c9ec5b2 100644
--- a/source3/utils/net_sam.c
+++ b/source3/utils/net_sam.c
@@ -840,7 +840,11 @@ static int net_sam_provision(int argc, const char **argv)
 		return -1;
 	}
 
-	ldap_bk = talloc_strdup(tc, lp_passdb_backend());
+	if ((ldap_bk = talloc_strdup(tc, lp_passdb_backend())) == NULL) {
+		d_fprintf(stderr, "talloc failed\n");
+		talloc_free(tc);
+		return -1;
+	}
 	p = strchr(ldap_bk, ':');
 	if (p) {
 		*p = 0;
@@ -1081,7 +1085,10 @@ doma_done:
 				d_fprintf(stderr, "Can't create Guest user, Domain Users group not available!\n");
 				goto done;
 			}
-			pwd = talloc(tc, struct passwd);
+			if ((pwd = talloc(tc, struct passwd)) == NULL) {
+				d_fprintf(stderr, "talloc failed\n");
+				goto done;
+			}
 			pwd->pw_name = talloc_strdup(pwd, lp_guestaccount());
 			if (!winbind_allocate_uid(&(pwd->pw_uid))) {
 				d_fprintf(stderr, "Unable to allocate a new uid to create the Guest user!\n");
diff --git a/source3/utils/net_usershare.c b/source3/utils/net_usershare.c
index 253416c5cb..09ef8bd97f 100644
--- a/source3/utils/net_usershare.c
+++ b/source3/utils/net_usershare.c
@@ -147,7 +147,10 @@ static int net_usershare_delete(int argc, const char **argv)
 		return net_usershare_delete_usage(argc, argv);
 	}
 
-	sharename = strdup_lower(argv[0]);
+	if ((sharename = strdup_lower(argv[0])) == NULL) {
+		d_fprintf(stderr, "strdup failed\n");
+		return -1;
+	}
 
 	if (!validate_net_name(sharename, INVALID_SHARENAME_CHARS, strlen(sharename))) {
 		d_fprintf(stderr, "net usershare delete: share name %s contains "
@@ -641,7 +644,12 @@ static int net_usershare_add(int argc, const char **argv)
 		}
 
 		/* Get the name */
-		name = talloc_strndup(ctx, pacl, pcolon - pacl);
+		if ((name = talloc_strndup(ctx, pacl, pcolon - pacl)) == NULL) {
+			d_fprintf(stderr, "talloc_strndup failed\n");
+			talloc_destroy(ctx);
+			SAFE_FREE(sharename);
+			return -1;
+		}
 		if (!string_to_sid(&sid, name)) {
 			/* Convert to a SID */
 			NTSTATUS ntstatus = net_lookup_sid_from_name(ctx, name, &sid);
-- 
cgit