From aac823aca154c46264dd29510c89b8eafac361c8 Mon Sep 17 00:00:00 2001
From: Jeremy Allison <jra@samba.org>
Date: Thu, 6 Apr 2000 22:48:53 +0000
Subject: Modified interfaces and added checks around *all* *alloc calls so
 that errors are returned on memory allocation failure. Jeremy. (This used to
 be commit 9a118cd4a2b03146b341eeffb62144a2d29b574c)

---
 source3/rpc_parse/parse_spoolss.c | 26 ++++++++++++++++++--------
 1 file changed, 18 insertions(+), 8 deletions(-)

(limited to 'source3/rpc_parse')

diff --git a/source3/rpc_parse/parse_spoolss.c b/source3/rpc_parse/parse_spoolss.c
index fd053dbf45..6c62b66277 100644
--- a/source3/rpc_parse/parse_spoolss.c
+++ b/source3/rpc_parse/parse_spoolss.c
@@ -264,7 +264,8 @@ static BOOL smb_io_notify_option_type_ctr(char *desc, SPOOL_NOTIFY_OPTION_TYPE_C
 
 	/* reading */
 	if (UNMARSHALLING(ps))
-		ctr->type=(SPOOL_NOTIFY_OPTION_TYPE *)malloc(ctr->count*sizeof(SPOOL_NOTIFY_OPTION_TYPE));
+		if((ctr->type=(SPOOL_NOTIFY_OPTION_TYPE *)malloc(ctr->count*sizeof(SPOOL_NOTIFY_OPTION_TYPE))) == NULL)
+			return False;
 		
 	/* the option type struct */
 	for(i=0;i<ctr->count;i++)
@@ -1133,7 +1134,8 @@ BOOL spoolss_io_q_rffpcnex(char *desc, SPOOL_Q_RFFPCNEX *q_u, prs_struct *ps, in
 	if (q_u->option_ptr!=0) {
 	
 		if (UNMARSHALLING(ps))
-			q_u->option=(SPOOL_NOTIFY_OPTION *)malloc(sizeof(SPOOL_NOTIFY_OPTION));
+			if((q_u->option=(SPOOL_NOTIFY_OPTION *)malloc(sizeof(SPOOL_NOTIFY_OPTION))) == NULL)
+				return False;
 	
 		if(!smb_io_notify_option("notify option", q_u->option, ps, depth))
 			return False;
@@ -1181,7 +1183,8 @@ BOOL spoolss_io_q_rfnpcnex(char *desc, SPOOL_Q_RFNPCNEX *q_u, prs_struct *ps, in
 	if (q_u->option_ptr!=0) {
 	
 		if (UNMARSHALLING(ps))
-			q_u->option=(SPOOL_NOTIFY_OPTION *)malloc(sizeof(SPOOL_NOTIFY_OPTION));
+			if((q_u->option=(SPOOL_NOTIFY_OPTION *)malloc(sizeof(SPOOL_NOTIFY_OPTION))) == NULL)
+				return False;
 	
 		if(!smb_io_notify_option("notify option", q_u->option, ps, depth))
 			return False;
@@ -1421,7 +1424,8 @@ static BOOL new_smb_io_relarraystr(char *desc, NEW_BUFFER *buffer, int depth, ui
 				return False;
 			
 			l_chaine=str_len_uni(&chaine);
-			chaine2=(uint16 *)Realloc(chaine2, (l_chaine2+l_chaine+1)*sizeof(uint16));
+			if((chaine2=(uint16 *)Realloc(chaine2, (l_chaine2+l_chaine+1)*sizeof(uint16))) == NULL)
+				return False;
 			memcpy(chaine2+l_chaine2, chaine.buffer, (l_chaine+1)*sizeof(uint16));
 			l_chaine2+=l_chaine+1;
 		
@@ -1475,7 +1479,8 @@ static BOOL new_smb_io_reldevmode(char *desc, NEW_BUFFER *buffer, int depth, DEV
 		prs_set_offset(ps, buffer->string_at_end + buffer->struct_start);
 
 		/* read the string */
-		*devmode=(DEVICEMODE *)malloc(sizeof(DEVICEMODE));
+		if((*devmode=(DEVICEMODE *)malloc(sizeof(DEVICEMODE))) == NULL)
+			return False;
 		if (!spoolss_io_devmode(desc, ps, depth, *devmode))
 			return False;
 
@@ -1976,16 +1981,21 @@ void new_spoolss_move_buffer(NEW_BUFFER *src, NEW_BUFFER **dest)
 /*******************************************************************
  create a BUFFER struct.
 ********************************************************************/  
-void new_spoolss_allocate_buffer(NEW_BUFFER **buffer)
+BOOL new_spoolss_allocate_buffer(NEW_BUFFER **buffer)
 {
 	if (buffer==NULL)
-		return;
+		return False;
 		
-	*buffer=(NEW_BUFFER *)malloc(sizeof(NEW_BUFFER));
+	if((*buffer=(NEW_BUFFER *)malloc(sizeof(NEW_BUFFER))) == NULL) {
+		DEBUG(0,("new_spoolss_allocate_buffer: malloc fail for size %u.\n",
+				(unsigned int)sizeof(NEW_BUFFER) ));
+		return False;
+	}
 	
 	(*buffer)->ptr=0x0;
 	(*buffer)->size=0;
 	(*buffer)->string_at_end=0;	
+	return True;
 }
 
 /*******************************************************************
-- 
cgit