From f3c44fba111392a7680e489330f3f69aedbff13d Mon Sep 17 00:00:00 2001 From: Shirish Kalele Date: Fri, 26 May 2000 22:37:08 +0000 Subject: Fixed memory leak in RPC parsing code. Problem in prs_set_buffer_size() was Realloc returns a NULL when newsize is zero (equivalent to a free()). We were returning a failure here without resetting the buffer_size or the data_p pointer in the prs_struct. And we weren't checking for a failure from prs_set_buffer_size(). So realloc's to zero size were not reflected in the prs_struct: memory leak. (This used to be commit 590d9ece8449b1feecfe1aa13e61bcd8fea4e5bf) --- source3/rpc_parse/parse_prs.c | 4 +++- source3/rpc_server/srv_pipe_hnd.c | 7 ++++++- 2 files changed, 9 insertions(+), 2 deletions(-) (limited to 'source3') diff --git a/source3/rpc_parse/parse_prs.c b/source3/rpc_parse/parse_prs.c index dafff63ad9..422b420a3c 100644 --- a/source3/rpc_parse/parse_prs.c +++ b/source3/rpc_parse/parse_prs.c @@ -164,9 +164,11 @@ BOOL prs_set_buffer_size(prs_struct *ps, uint32 newsize) if (newsize < ps->buffer_size) { char *new_data_p = Realloc(ps->data_p, newsize); - if (new_data_p == NULL) { + /* if newsize is zero, Realloc acts like free() & returns NULL*/ + if (new_data_p == NULL && newsize != 0) { DEBUG(0,("prs_set_buffer_size: Realloc failure for size %u.\n", (unsigned int)newsize)); + DEBUG(0,("prs_set_buffer_size: Reason %s\n",strerror(errno))); return False; } ps->data_p = new_data_p; diff --git a/source3/rpc_server/srv_pipe_hnd.c b/source3/rpc_server/srv_pipe_hnd.c index a349da839a..e01ecf82a2 100644 --- a/source3/rpc_server/srv_pipe_hnd.c +++ b/source3/rpc_server/srv_pipe_hnd.c @@ -480,7 +480,12 @@ authentication failed. Denying the request.\n", p->name)); * size as the current offset. */ - prs_set_buffer_size(&p->in_data.data, prs_offset(&p->in_data.data)); + if(!prs_set_buffer_size(&p->in_data.data, prs_offset(&p->in_data.data))) + { + DEBUG(0,("process_request_pdu: Call to prs_set_buffer_size failed!\n")); + set_incoming_fault(p); + return False; + } /* * Set the parse offset to the start of the data and set the -- cgit