From 025041eba44452849f2d25f667b4c1fb6888c485 Mon Sep 17 00:00:00 2001 From: Jim McDonough Date: Mon, 13 Mar 2006 01:42:40 +0000 Subject: r14279: Fix coverity #86, 87, 88, 89: Free grp_sid and owner_sid before returning. Also, only allow one group or owner. (This used to be commit 1043e0d90ccb3493417f7bf05b70bdf5513bb1a3) --- source3/libsmb/libsmbclient.c | 37 +++++++++++++++++++++++++++---------- 1 file changed, 27 insertions(+), 10 deletions(-) (limited to 'source3') diff --git a/source3/libsmb/libsmbclient.c b/source3/libsmb/libsmbclient.c index 15355016d0..4c013c4ed2 100644 --- a/source3/libsmb/libsmbclient.c +++ b/source3/libsmb/libsmbclient.c @@ -3922,7 +3922,7 @@ sec_desc_parse(TALLOC_CTX *ctx, { const char *p = str; fstring tok; - SEC_DESC *ret; + SEC_DESC *ret = NULL; size_t sd_size; DOM_SID *grp_sid=NULL; DOM_SID *owner_sid=NULL; @@ -3937,49 +3937,65 @@ sec_desc_parse(TALLOC_CTX *ctx, } if (StrnCaseCmp(tok,"OWNER:", 6) == 0) { + if (owner_sid) { + DEBUG(5, ("OWNER specified more than once!\n")); + goto done; + } owner_sid = SMB_CALLOC_ARRAY(DOM_SID, 1); if (!owner_sid || !convert_string_to_sid(ipc_cli, pol, numeric, owner_sid, tok+6)) { DEBUG(5, ("Failed to parse owner sid\n")); - return NULL; + goto done; } continue; } if (StrnCaseCmp(tok,"OWNER+:", 7) == 0) { + if (owner_sid) { + DEBUG(5, ("OWNER specified more than once!\n")); + goto done; + } owner_sid = SMB_CALLOC_ARRAY(DOM_SID, 1); if (!owner_sid || !convert_string_to_sid(ipc_cli, pol, False, owner_sid, tok+7)) { DEBUG(5, ("Failed to parse owner sid\n")); - return NULL; + goto done; } continue; } if (StrnCaseCmp(tok,"GROUP:", 6) == 0) { + if (grp_sid) { + DEBUG(5, ("GROUP specified more than once!\n")); + goto done; + } grp_sid = SMB_CALLOC_ARRAY(DOM_SID, 1); if (!grp_sid || !convert_string_to_sid(ipc_cli, pol, numeric, grp_sid, tok+6)) { DEBUG(5, ("Failed to parse group sid\n")); - return NULL; + goto done; } continue; } if (StrnCaseCmp(tok,"GROUP+:", 7) == 0) { + if (grp_sid) { + DEBUG(5, ("GROUP specified more than once!\n")); + goto done; + } grp_sid = SMB_CALLOC_ARRAY(DOM_SID, 1); if (!grp_sid || !convert_string_to_sid(ipc_cli, pol, False, grp_sid, tok+6)) { DEBUG(5, ("Failed to parse group sid\n")); - return NULL; + goto done; } continue; } @@ -3988,11 +4004,11 @@ sec_desc_parse(TALLOC_CTX *ctx, SEC_ACE ace; if (!parse_ace(ipc_cli, pol, &ace, numeric, tok+4)) { DEBUG(5, ("Failed to parse ACL %s\n", tok)); - return NULL; + goto done; } if(!add_ace(&dacl, &ace, ctx)) { DEBUG(5, ("Failed to add ACL %s\n", tok)); - return NULL; + goto done; } continue; } @@ -4001,22 +4017,23 @@ sec_desc_parse(TALLOC_CTX *ctx, SEC_ACE ace; if (!parse_ace(ipc_cli, pol, &ace, False, tok+5)) { DEBUG(5, ("Failed to parse ACL %s\n", tok)); - return NULL; + goto done; } if(!add_ace(&dacl, &ace, ctx)) { DEBUG(5, ("Failed to add ACL %s\n", tok)); - return NULL; + goto done; } continue; } DEBUG(5, ("Failed to parse security descriptor\n")); - return NULL; + goto done; } ret = make_sec_desc(ctx, revision, SEC_DESC_SELF_RELATIVE, owner_sid, grp_sid, NULL, dacl, &sd_size); + done: SAFE_FREE(grp_sid); SAFE_FREE(owner_sid); -- cgit