From 526e875cec15761099438e17df3f56bc2bd5b761 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Wed, 8 Aug 2012 15:35:28 -0700 Subject: Check error returns from strupper_m() (in all reasonable places). --- source3/nmbd/nmbd_browserdb.c | 10 ++++++++-- source3/nmbd/nmbd_browsesync.c | 5 ++++- source3/nmbd/nmbd_elections.c | 5 ++++- source3/nmbd/nmbd_incomingdgrams.c | 5 ++++- source3/nmbd/nmbd_incomingrequests.c | 5 ++++- source3/nmbd/nmbd_namelistdb.c | 21 ++++++++++++++++----- source3/nmbd/nmbd_sendannounce.c | 10 ++++++++-- source3/nmbd/nmbd_serverlistdb.c | 6 +++++- source3/nmbd/nmbd_winsserver.c | 2 +- 9 files changed, 54 insertions(+), 15 deletions(-) (limited to 'source3/nmbd') diff --git a/source3/nmbd/nmbd_browserdb.c b/source3/nmbd/nmbd_browserdb.c index b7c99005bb..bd027239ec 100644 --- a/source3/nmbd/nmbd_browserdb.c +++ b/source3/nmbd/nmbd_browserdb.c @@ -109,8 +109,14 @@ struct browse_cache_record *create_browser_in_lmb_cache( const char *work_name, unstrcpy( browc->lmb_name, browser_name); unstrcpy( browc->work_group, work_name); - strupper_m( browc->lmb_name ); - strupper_m( browc->work_group ); + if (!strupper_m( browc->lmb_name )) { + SAFE_FREE(browc); + return NULL; + } + if (!strupper_m( browc->work_group )) { + SAFE_FREE(browc); + return NULL; + } browc->ip = ip; diff --git a/source3/nmbd/nmbd_browsesync.c b/source3/nmbd/nmbd_browsesync.c index e009cf9a61..b56baedf27 100644 --- a/source3/nmbd/nmbd_browsesync.c +++ b/source3/nmbd/nmbd_browsesync.c @@ -120,7 +120,10 @@ static void announce_local_master_browser_to_domain_master_browser( struct work_ p++; unstrcpy(myname, lp_netbios_name()); - strupper_m(myname); + if (!strupper_m(myname)) { + DEBUG(2,("strupper_m %s failed\n", myname)); + return; + } myname[15]='\0'; /* The call below does CH_UNIX -> CH_DOS conversion. JRA */ push_ascii(p, myname, sizeof(outbuf)-PTR_DIFF(p,outbuf)-1, STR_TERMINATE); diff --git a/source3/nmbd/nmbd_elections.c b/source3/nmbd/nmbd_elections.c index ac0d873512..1947e37e3a 100644 --- a/source3/nmbd/nmbd_elections.c +++ b/source3/nmbd/nmbd_elections.c @@ -51,7 +51,10 @@ static void send_election_dgram(struct subnet_record *subrec, const char *workgr SIVAL(p,5,timeup*1000); /* ms - Despite what the spec says. */ p += 13; unstrcpy(srv_name, server_name); - strupper_m(srv_name); + if (!strupper_m(srv_name)) { + DEBUG(2,("strupper_m failed for %s\n", srv_name)); + return; + } /* The following call does UNIX -> DOS charset conversion. */ push_ascii(p, srv_name, sizeof(outbuf)-PTR_DIFF(p,outbuf)-1, STR_TERMINATE); p = skip_string(outbuf,sizeof(outbuf),p); diff --git a/source3/nmbd/nmbd_incomingdgrams.c b/source3/nmbd/nmbd_incomingdgrams.c index 582848c1fc..153a86db55 100644 --- a/source3/nmbd/nmbd_incomingdgrams.c +++ b/source3/nmbd/nmbd_incomingdgrams.c @@ -572,7 +572,10 @@ static void send_backup_list_response(struct subnet_record *subrec, /* We always return at least one name - our own. */ count = 1; unstrcpy(myname, lp_netbios_name()); - strupper_m(myname); + if (!strupper_m(myname)) { + DEBUG(4,("strupper_m %s failed\n", myname)); + return; + } myname[15]='\0'; push_ascii(p, myname, sizeof(outbuf)-PTR_DIFF(p,outbuf)-1, STR_TERMINATE); diff --git a/source3/nmbd/nmbd_incomingrequests.c b/source3/nmbd/nmbd_incomingrequests.c index b2545f102f..562c388ee2 100644 --- a/source3/nmbd/nmbd_incomingrequests.c +++ b/source3/nmbd/nmbd_incomingrequests.c @@ -347,7 +347,10 @@ subnet %s - name not found.\n", nmb_namestr(&nmb->question.question_name), unstring name; pull_ascii_nstring(name, sizeof(name), namerec->name.name); - strupper_m(name); + if (!strupper_m(name)) { + DEBUG(2,("strupper_m %s failed\n", name)); + return; + } if (!strequal(name,"*") && !strequal(name,"__SAMBA__") && (name_type < 0x1b || name_type >= 0x20 || diff --git a/source3/nmbd/nmbd_namelistdb.c b/source3/nmbd/nmbd_namelistdb.c index 61c1d784f7..c06bddafbd 100644 --- a/source3/nmbd/nmbd_namelistdb.c +++ b/source3/nmbd/nmbd_namelistdb.c @@ -44,7 +44,7 @@ void set_samba_nb_type(void) Convert a NetBIOS name to upper case. ***************************************************************************/ -static void upcase_name( struct nmb_name *target, const struct nmb_name *source ) +static bool upcase_name( struct nmb_name *target, const struct nmb_name *source ) { int i; unstring targ; @@ -55,11 +55,15 @@ static void upcase_name( struct nmb_name *target, const struct nmb_name *source } pull_ascii_nstring(targ, sizeof(targ), target->name); - strupper_m( targ ); + if (!strupper_m( targ )) { + return false; + } push_ascii_nstring( target->name, targ); pull_ascii(scope, target->scope, 64, -1, STR_TERMINATE); - strupper_m( scope ); + if (!strupper_m( scope )) { + return false; + } push_ascii(target->scope, scope, 64, STR_TERMINATE); /* fudge... We're using a byte-by-byte compare, so we must be sure that @@ -72,6 +76,7 @@ static void upcase_name( struct nmb_name *target, const struct nmb_name *source for( i = strlen( target->scope ); i < sizeof( target->scope ); i++ ) { target->scope[i] = '\0'; } + return true; } /************************************************************************** @@ -104,7 +109,9 @@ struct name_record *find_name_on_subnet(struct subnet_record *subrec, struct nmb_name uc_name; struct name_record *name_ret; - upcase_name( &uc_name, nmbname ); + if (!upcase_name( &uc_name, nmbname )) { + return NULL; + } if (subrec == wins_server_subnet) { return find_name_on_wins_subnet(&uc_name, self_only); @@ -216,7 +223,11 @@ bool add_name_to_subnet( struct subnet_record *subrec, namerec->subnet = subrec; make_nmb_name(&namerec->name, name, type); - upcase_name(&namerec->name, NULL ); + if (!upcase_name(&namerec->name, NULL )) { + SAFE_FREE(namerec->data.ip); + SAFE_FREE(namerec); + return False; + } /* Enter the name as active. */ namerec->data.nb_flags = nb_flags | NB_ACTIVE; diff --git a/source3/nmbd/nmbd_sendannounce.c b/source3/nmbd/nmbd_sendannounce.c index 97bab9d25a..86012b834b 100644 --- a/source3/nmbd/nmbd_sendannounce.c +++ b/source3/nmbd/nmbd_sendannounce.c @@ -106,7 +106,10 @@ static void send_announcement(struct subnet_record *subrec, int announce_type, SIVAL(p,1,announce_interval*1000); /* Milliseconds - despite the spec. */ strlcpy(upper_server_name, server_name ? server_name : "", sizeof(upper_server_name)); - strupper_m(upper_server_name); + if (!strupper_m(upper_server_name)) { + DEBUG(2,("strupper_m %s failed\n", upper_server_name)); + return; + } push_string_check(p+5, upper_server_name, 16, STR_ASCII|STR_TERMINATE); SCVAL(p,21,SAMBA_MAJOR_NBT_ANNOUNCE_VERSION); /* Major version. */ @@ -568,7 +571,10 @@ for workgroup %s on subnet %s.\n", lp_workgroup(), FIRST_SUBNET->subnet_name )); p++; unstrcpy(myname, lp_netbios_name()); - strupper_m(myname); + if (!strupper_m(myname)) { + DEBUG(2,("strupper_m %s failed\n", myname)); + return; + } myname[15]='\0'; push_ascii(p, myname, sizeof(outbuf)-PTR_DIFF(p,outbuf)-1, STR_TERMINATE); diff --git a/source3/nmbd/nmbd_serverlistdb.c b/source3/nmbd/nmbd_serverlistdb.c index ac16b5a98c..05ca6e9367 100644 --- a/source3/nmbd/nmbd_serverlistdb.c +++ b/source3/nmbd/nmbd_serverlistdb.c @@ -119,7 +119,11 @@ workgroup %s. This is a bug.\n", name, work->work_group)); fstrcpy(servrec->serv.name,name); fstrcpy(servrec->serv.comment,comment); - strupper_m(servrec->serv.name); + if (!strupper_m(servrec->serv.name)) { + DEBUG(2,("strupper_m %s failed\n", servrec->serv.name)); + SAFE_FREE(servrec); + return NULL; + } servrec->serv.type = servertype; update_server_ttl(servrec, ttl); diff --git a/source3/nmbd/nmbd_winsserver.c b/source3/nmbd/nmbd_winsserver.c index 87b9990a63..d56d0f8aed 100644 --- a/source3/nmbd/nmbd_winsserver.c +++ b/source3/nmbd/nmbd_winsserver.c @@ -217,7 +217,7 @@ static TDB_DATA name_to_key(const struct nmb_name *nmbname) memset(keydata, '\0', sizeof(keydata)); pull_ascii_nstring(keydata, sizeof(unstring), nmbname->name); - strupper_m(keydata); + (void)strupper_m(keydata); keydata[sizeof(unstring)] = nmbname->name_type; key.dptr = (uint8 *)keydata; key.dsize = sizeof(keydata); -- cgit