From 3c34f6085af1e168a1fe7602ae01ba643a7781bd Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Tue, 20 Jun 2006 09:16:53 +0000 Subject: r16409: Fix Klocwork ID's. 1177 In reg_perfcount.c: 1200 1202 1203 1204 In regfio.c: 1243 1245 1246 1247 1251 Jerry, the reg_perfcount and regfio.c ones, can you take a look please? This is really your code, and I'm not sure I did the right thing to return an error. smbcacls.c: 1377 srv_eventlog_nt.c: 1415 1416 1417 srv_lsa_nt.c: 1420 1421 srv_netlog_nt.c: 1429 srv_samr_nt: 1458 1459 1460 Volker Volker (This used to be commit d6547d12b1c9f9454876665a5bdb010f46b9f5ff) --- source3/registry/reg_perfcount.c | 24 +++++++++++++++++++++--- source3/registry/regfio.c | 23 ++++++++++++++++++----- source3/rpc_server/srv_eventlog_nt.c | 12 ++++++++++++ source3/rpc_server/srv_lsa_nt.c | 5 +++++ source3/rpc_server/srv_netlog_nt.c | 5 +++++ source3/rpc_server/srv_samr_nt.c | 23 ++++++++++++++++++----- source3/utils/profiles.c | 5 ++++- source3/utils/smbcacls.c | 7 ++++--- 8 files changed, 87 insertions(+), 17 deletions(-) (limited to 'source3') diff --git a/source3/registry/reg_perfcount.c b/source3/registry/reg_perfcount.c index 385128e7b5..c69e7b7e14 100644 --- a/source3/registry/reg_perfcount.c +++ b/source3/registry/reg_perfcount.c @@ -718,6 +718,10 @@ BOOL _reg_perfcount_get_instance_info(PERF_INSTANCE_DEFINITION *inst, inst->data, uint8, inst->NameLength); + if (inst->data == NULL) { + SAFE_FREE(data.dptr); + return False; + } memcpy(inst->data, name, inst->NameLength); SAFE_FREE(data.dptr); } @@ -894,7 +898,8 @@ static BOOL _reg_perfcount_init_data_block_perf(PERF_DATA_BLOCK *block, /********************************************************************* *********************************************************************/ -static void _reg_perfcount_init_data_block(PERF_DATA_BLOCK *block, prs_struct *ps, TDB_CONTEXT *names) +static BOOL _reg_perfcount_init_data_block(PERF_DATA_BLOCK *block, + prs_struct *ps, TDB_CONTEXT *names) { wpstring temp; time_t tm; @@ -920,6 +925,9 @@ static void _reg_perfcount_init_data_block(PERF_DATA_BLOCK *block, prs_struct *p rpcstr_push((void *)temp, global_myname(), sizeof(temp), STR_TERMINATE); block->SystemNameLength = (strlen_w(temp) * 2) + 2; block->data = TALLOC_ZERO_ARRAY(ps->mem_ctx, uint8, block->SystemNameLength + (8 - (block->SystemNameLength % 8))); + if (block->data == NULL) { + return False; + } memcpy(block->data, temp, block->SystemNameLength); block->SystemNameOffset = sizeof(PERF_DATA_BLOCK) - sizeof(block->objects) - sizeof(block->data); block->HeaderLength = block->SystemNameOffset + block->SystemNameLength; @@ -927,7 +935,7 @@ static void _reg_perfcount_init_data_block(PERF_DATA_BLOCK *block, prs_struct *p so that the PERF_OBJECT_TYPE struct comes out 64-bit aligned */ block->HeaderLength += 8 - (block->HeaderLength % 8); - return; + return True; } /********************************************************************* @@ -968,6 +976,9 @@ static uint32 _reg_perfcount_perf_data_block_fixup(PERF_DATA_BLOCK *block, prs_s temp, char, counter_data->ByteLength- sizeof(counter_data->ByteLength)); + if (temp == NULL) { + return 0; + } memset(temp, 0, counter_data->ByteLength - sizeof(counter_data->ByteLength)); src_addr = (char *)counter_data->data; for(i = 0; i < object[obj].NumCounters; i++) @@ -986,6 +997,9 @@ static uint32 _reg_perfcount_perf_data_block_fixup(PERF_DATA_BLOCK *block, prs_s counter_data->data, uint8, counter_data->ByteLength - sizeof(counter_data->ByteLength) + pad); + if (counter_data->data == NULL) { + return 0; + } memset(counter_data->data, 0, counter_data->ByteLength - sizeof(counter_data->ByteLength) + pad); memcpy(counter_data->data, temp, counter_data->ByteLength - sizeof(counter_data->ByteLength)); counter_data->ByteLength += pad; @@ -1039,7 +1053,11 @@ uint32 reg_perfcount_get_perf_data_block(uint32 base_index, return 0; } - _reg_perfcount_init_data_block(block, ps, names); + if (!_reg_perfcount_init_data_block(block, ps, names)) { + DEBUG(0, ("_reg_perfcount_init_data_block failed\n")); + tdb_close(names); + return 0; + } last_counter = reg_perfcount_get_last_counter(base_index); diff --git a/source3/registry/regfio.c b/source3/registry/regfio.c index 954f4ae7bd..f164d4e19d 100644 --- a/source3/registry/regfio.c +++ b/source3/registry/regfio.c @@ -1647,11 +1647,16 @@ static BOOL create_vk_record( REGF_FILE *file, REGF_VK_REC *vk, REGISTRY_VALUE * uint32 data_size = ( (vk->data_size+sizeof(uint32)) & 0xfffffff8 ) + 8; vk->data = TALLOC_MEMDUP( file->mem_ctx, regval_data_p(value), vk->data_size ); + if (vk->data == NULL) { + return False; + } /* go ahead and store the offset....we'll pick this hbin block back up when we stream the data */ - data_hbin = find_free_space(file, data_size ); + if ((data_hbin = find_free_space(file, data_size )) == NULL) { + return False; + } vk->data_off = prs_offset( &data_hbin->ps ) + data_hbin->first_hbin_off - HBIN_HDR_SIZE; } else { @@ -1712,7 +1717,9 @@ static int hashrec_cmp( REGF_HASH_REC *h1, REGF_HASH_REC *h2 ) size = nk_record_data_size( nk ); nk->rec_size = ( size - 1 ) ^ 0XFFFFFFFF; - nk->hbin = find_free_space( file, size ); + if ((nk->hbin = find_free_space( file, size )) == NULL) { + return NULL; + } nk->hbin_off = prs_offset( &nk->hbin->ps ); /* Update the hash record in the parent */ @@ -1746,7 +1753,9 @@ static int hashrec_cmp( REGF_HASH_REC *h1, REGF_HASH_REC *h2 ) if ( (nk->sec_desc = find_sk_record_by_sec_desc( file, sec_desc )) == NULL ) { /* not found so add it to the list */ - sk_hbin = find_free_space( file, sk_size ); + if (!(sk_hbin = find_free_space( file, sk_size ))) { + return NULL; + } if ( !(nk->sec_desc = TALLOC_ZERO_P( file->mem_ctx, REGF_SK_REC )) ) return NULL; @@ -1803,7 +1812,9 @@ static int hashrec_cmp( REGF_HASH_REC *h1, REGF_HASH_REC *h2 ) uint32 namelen; int i; - nk->subkeys.hbin = find_free_space( file, lf_size ); + if (!(nk->subkeys.hbin = find_free_space( file, lf_size ))) { + return NULL; + } nk->subkeys.hbin_off = prs_offset( &nk->subkeys.hbin->ps ); nk->subkeys.rec_size = (lf_size-1) ^ 0xFFFFFFFF; nk->subkeys_off = prs_offset( &nk->subkeys.hbin->ps ) + nk->subkeys.hbin->first_hbin_off - HBIN_HDR_SIZE; @@ -1830,7 +1841,9 @@ static int hashrec_cmp( REGF_HASH_REC *h1, REGF_HASH_REC *h2 ) uint32 vlist_size = ( ( nk->num_values * sizeof(uint32) ) & 0xfffffff8 ) + 8; int i; - vlist_hbin = find_free_space( file, vlist_size ); + if (!(vlist_hbin = find_free_space( file, vlist_size ))) { + return NULL; + } nk->values_off = prs_offset( &vlist_hbin->ps ) + vlist_hbin->first_hbin_off - HBIN_HDR_SIZE; if ( !(nk->values = TALLOC_ARRAY( file->mem_ctx, REGF_VK_REC, nk->num_values )) ) diff --git a/source3/rpc_server/srv_eventlog_nt.c b/source3/rpc_server/srv_eventlog_nt.c index 284ee37348..c1c0b6a0e2 100644 --- a/source3/rpc_server/srv_eventlog_nt.c +++ b/source3/rpc_server/srv_eventlog_nt.c @@ -682,6 +682,10 @@ NTSTATUS _eventlog_read_eventlog( pipes_struct * p, int bytes_left, record_number; uint32 elog_read_type, elog_read_dir; + if (info == NULL) { + return NT_STATUS_INVALID_HANDLE; + } + info->flags = q_u->flags; ps = &p->out_data.rdata; @@ -768,6 +772,10 @@ NTSTATUS _eventlog_get_oldest_entry( pipes_struct * p, { EVENTLOG_INFO *info = find_eventlog_info_by_hnd( p, &q_u->handle ); + if (info == NULL) { + return NT_STATUS_INVALID_HANDLE; + } + if ( !( get_oldest_entry_hook( info ) ) ) return NT_STATUS_ACCESS_DENIED; @@ -785,6 +793,10 @@ NTSTATUS _eventlog_get_num_records( pipes_struct * p, { EVENTLOG_INFO *info = find_eventlog_info_by_hnd( p, &q_u->handle ); + if (info == NULL) { + return NT_STATUS_INVALID_HANDLE; + } + if ( !( get_num_records_hook( info ) ) ) return NT_STATUS_ACCESS_DENIED; diff --git a/source3/rpc_server/srv_lsa_nt.c b/source3/rpc_server/srv_lsa_nt.c index d5222bbcb9..ae9795952c 100644 --- a/source3/rpc_server/srv_lsa_nt.c +++ b/source3/rpc_server/srv_lsa_nt.c @@ -1133,6 +1133,11 @@ NTSTATUS _lsa_lookup_names2(pipes_struct *p, LSA_Q_LOOKUP_NAMES2 *q_u, LSA_R_LOO rids = TALLOC_ZERO_ARRAY(p->mem_ctx, DOM_RID, num_entries); rids2 = TALLOC_ZERO_ARRAY(p->mem_ctx, DOM_RID2, num_entries); + if ((ref == NULL) || (rids == NULL) || (rids2 == NULL)) { + r_u->status = NT_STATUS_NO_MEMORY; + goto done; + } + if (!find_policy_by_hnd(p, &q_u->pol, (void **)(void *)&handle)) { r_u->status = NT_STATUS_INVALID_HANDLE; goto done; diff --git a/source3/rpc_server/srv_netlog_nt.c b/source3/rpc_server/srv_netlog_nt.c index 10cd5c82ba..6603d2f1d4 100644 --- a/source3/rpc_server/srv_netlog_nt.c +++ b/source3/rpc_server/srv_netlog_nt.c @@ -985,6 +985,11 @@ static NTSTATUS _net_sam_logon_internal(pipes_struct *p, user_sid = pdb_get_user_sid(sampw); group_sid = pdb_get_group_sid(sampw); + if ((user_sid == NULL) || (group_sid == NULL)) { + DEBUG(1, ("_net_sam_logon: User without group or user SID\n")); + return NT_STATUS_UNSUCCESSFUL; + } + sid_copy(&domain_sid, user_sid); sid_split_rid(&domain_sid, &user_rid); diff --git a/source3/rpc_server/srv_samr_nt.c b/source3/rpc_server/srv_samr_nt.c index 5e82ecd0ca..bfae47ef25 100644 --- a/source3/rpc_server/srv_samr_nt.c +++ b/source3/rpc_server/srv_samr_nt.c @@ -3207,8 +3207,14 @@ static NTSTATUS set_user_info_23(TALLOC_CTX *mem_ctx, SAM_USER_INFO_23 *id23, } else { /* update the UNIX password */ if (lp_unix_password_sync() ) { - struct passwd *passwd = Get_Pwnam(pdb_get_username(pwd)); - if (!passwd) { + struct passwd *passwd; + if (pdb_get_username(pwd) == NULL) { + DEBUG(1, ("chgpasswd: User without name???\n")); + TALLOC_FREE(pwd); + return NT_STATUS_ACCESS_DENIED; + } + + if ((passwd = Get_Pwnam(pdb_get_username(pwd))) == NULL) { DEBUG(1, ("chgpasswd: Username does not exist in system !?!\n")); } @@ -3273,8 +3279,15 @@ static BOOL set_user_info_pw(uint8 *pass, struct samu *pwd) } else { /* update the UNIX password */ if (lp_unix_password_sync()) { - struct passwd *passwd = Get_Pwnam(pdb_get_username(pwd)); - if (!passwd) { + struct passwd *passwd; + + if (pdb_get_username(pwd) == NULL) { + DEBUG(1, ("chgpasswd: User without name???\n")); + TALLOC_FREE(pwd); + return False; + } + + if ((passwd = Get_Pwnam(pdb_get_username(pwd))) == NULL) { DEBUG(1, ("chgpasswd: Username does not exist in system !?!\n")); } @@ -3800,7 +3813,7 @@ NTSTATUS _samr_query_groupmem(pipes_struct *p, SAMR_Q_QUERY_GROUPMEM *q_u, SAMR_ attr=TALLOC_ZERO_ARRAY(p->mem_ctx, uint32, num_members); - if ((num_members!=0) && (rid==NULL)) + if ((num_members!=0) && (attr==NULL)) return NT_STATUS_NO_MEMORY; for (i=0; inum_aces); + if (!(aces = SMB_CALLOC_ARRAY(SEC_ACE, 1+(*the_acl)->num_aces))) { + return False; + } memcpy(aces, (*the_acl)->ace, (*the_acl)->num_aces * sizeof(SEC_ACE)); memcpy(aces+(*the_acl)->num_aces, ace, sizeof(SEC_ACE)); new_ace = make_sec_acl(ctx,(*the_acl)->revision,1+(*the_acl)->num_aces, aces); -- cgit