From f6a1f717197afe8e69c4f5c7bd552540b9d35267 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Wed, 29 Mar 2006 23:13:27 +0000 Subject: r14776: Fix coverity #263 - #267. No one was checking talloc returns. Doh ! Jeremy. (This used to be commit 68097e0fbb8f232573a2f7eae3da3a0c9873fbc5) --- source3/rpc_parse/parse_reg.c | 95 +++++++++++++++++++++++++++++++++++++++---- 1 file changed, 88 insertions(+), 7 deletions(-) (limited to 'source3') diff --git a/source3/rpc_parse/parse_reg.c b/source3/rpc_parse/parse_reg.c index 295fead103..a226bbb1d7 100644 --- a/source3/rpc_parse/parse_reg.c +++ b/source3/rpc_parse/parse_reg.c @@ -54,6 +54,10 @@ void init_reg_q_open_hive( REG_Q_OPEN_HIVE *q_o, uint32 access_desired ) { q_o->server = TALLOC_P( get_talloc_ctx(), uint16); + if (!q_o->server) { + smb_panic("init_reg_q_open_hive: talloc fail.\n"); + return; + } *q_o->server = 0x1; q_o->access = access_desired; @@ -221,6 +225,10 @@ void init_reg_q_create_key_ex(REG_Q_CREATE_KEY_EX *q_c, POLICY_HND *hnd, q_c->access = access_desired; q_c->sec_info = TALLOC_P( get_talloc_ctx(), uint32 ); + if (!q_c->sec_info) { + smb_panic("init_reg_q_create_key_ex: talloc fail\n"); + return; + } *q_c->sec_info = DACL_SECURITY_INFORMATION | SACL_SECURITY_INFORMATION; q_c->data = sec_buf; @@ -228,6 +236,10 @@ void init_reg_q_create_key_ex(REG_Q_CREATE_KEY_EX *q_c, POLICY_HND *hnd, init_buf_hdr(&q_c->hdr_sec, sec_buf->len, sec_buf->len); q_c->ptr3 = 1; q_c->disposition = TALLOC_P( get_talloc_ctx(), uint32 ); + if (!q_c->disposition) { + smb_panic("init_reg_q_create_key_ex: talloc fail\n"); + return; + } } /******************************************************************* @@ -997,14 +1009,23 @@ BOOL init_reg_r_query_value(uint32 include_keyval, REG_R_QUERY_VALUE *r_u, return False; r_u->type = TALLOC_P( get_talloc_ctx(), uint32 ); + if (!r_u->type) { + return False; + } *r_u->type = val->type; buf_len = reg_init_regval_buffer( &buf2, val ); r_u->buf_max_len = TALLOC_P( get_talloc_ctx(), uint32 ); + if (!r_u->buf_max_len) { + return False; + } *r_u->buf_max_len = buf_len; r_u->buf_len = TALLOC_P( get_talloc_ctx(), uint32 ); + if (!r_u->buf_len) { + return False; + } *r_u->buf_len = buf_len; /* if include_keyval is not set, don't send the key value, just @@ -1012,6 +1033,9 @@ BOOL init_reg_r_query_value(uint32 include_keyval, REG_R_QUERY_VALUE *r_u, if ( include_keyval ) { r_u->value = TALLOC_P( get_talloc_ctx(), REGVAL_BUFFER ); + if (!r_u->value) { + return False; + } /* steal the memory */ *r_u->value = buf2; } @@ -1071,18 +1095,39 @@ void init_reg_q_enum_val(REG_Q_ENUM_VALUE *q_u, POLICY_HND *pol, q_u->name.size = max_name_len*2; q_u->name.string = TALLOC_ZERO_P( get_talloc_ctx(), UNISTR2 ); + if (!q_u->name.string) { + smb_panic("init_reg_q_enum_val: talloc fail\n"); + return; + } q_u->name.string->uni_max_len = max_name_len; q_u->type = TALLOC_P( get_talloc_ctx(), uint32 ); + if (!q_u->type) { + smb_panic("init_reg_q_enum_val: talloc fail\n"); + return; + } *q_u->type = 0x0; q_u->value = TALLOC_ZERO_P( get_talloc_ctx(), REGVAL_BUFFER ); + if (!q_u->value) { + smb_panic("init_reg_q_enum_val: talloc fail\n"); + return; + } + q_u->value->buf_max_len = max_buf_len; - q_u->buffer_len = TALLOC_P( get_talloc_ctx(), uint32 ); + q_u->buffer_len = TALLOC_P( get_talloc_ctx(), uint32 ); + if (q_u->buffer_len) { + smb_panic("init_reg_q_enum_val: talloc fail\n"); + return; + } *q_u->buffer_len = max_buf_len; - q_u->name_len = TALLOC_P( get_talloc_ctx(), uint32 ); + q_u->name_len = TALLOC_P( get_talloc_ctx(), uint32 ); + if (!q_u->name_len) { + smb_panic("init_reg_q_enum_val: talloc fail\n"); + return; + } *q_u->name_len = 0x0; } @@ -1105,18 +1150,34 @@ void init_reg_r_enum_val(REG_R_ENUM_VALUE *r_u, REGISTRY_VALUE *val ) /* type */ r_u->type = TALLOC_P( get_talloc_ctx(), uint32 ); + if (!r_u->type) { + smb_panic("init_reg_r_enum_val: talloc fail\n"); + return; + } *r_u->type = val->type; /* REG_SZ & REG_MULTI_SZ must be converted to UNICODE */ r_u->value = TALLOC_P( get_talloc_ctx(), REGVAL_BUFFER ); + if (!r_u->value) { + smb_panic("init_reg_r_enum_val: talloc fail\n"); + return; + } real_size = reg_init_regval_buffer( r_u->value, val ); /* lengths */ - r_u->buffer_len1 = TALLOC_P( get_talloc_ctx(), uint32 ); + r_u->buffer_len1 = TALLOC_P( get_talloc_ctx(), uint32 ); + if (!r_u->buffer_len1) { + smb_panic("init_reg_r_enum_val: talloc fail\n"); + return; + } *r_u->buffer_len1 = real_size; - r_u->buffer_len2 = TALLOC_P( get_talloc_ctx(), uint32 ); + r_u->buffer_len2 = TALLOC_P( get_talloc_ctx(), uint32 ); + if (!r_u->buffer_len2) { + smb_panic("init_reg_r_enum_val: talloc fail\n"); + return; + } *r_u->buffer_len2 = real_size; } @@ -1312,7 +1373,15 @@ void init_reg_r_enum_key(REG_R_ENUM_KEY *r_u, char *subkey ) init_unistr4( &r_u->keyname, subkey, UNI_STR_TERMINATE ); r_u->classname = TALLOC_ZERO_P( get_talloc_ctx(), UNISTR4 ); - r_u->time = TALLOC_ZERO_P( get_talloc_ctx(), NTTIME ); + if (!r_u->classname) { + smb_panic("init_reg_r_enum_key: talloc fail\n"); + return; + } + r_u->time = TALLOC_ZERO_P( get_talloc_ctx(), NTTIME ); + if (!r_u->time) { + smb_panic("init_reg_r_enum_key: talloc fail\n"); + return; + } } /******************************************************************* @@ -1482,9 +1551,17 @@ void init_reg_q_shutdown(REG_Q_SHUTDOWN *q_u, const char *msg, uint32 timeout, BOOL do_reboot, BOOL force) { q_u->server = TALLOC_P( get_talloc_ctx(), uint16 ); + if (!q_u->server) { + smb_panic("init_reg_q_shutdown: talloc fail\n"); + return; + } *q_u->server = 0x1; q_u->message = TALLOC_ZERO_P( get_talloc_ctx(), UNISTR4 ); + if (!q_u->message) { + smb_panic("init_reg_q_shutdown: talloc fail\n"); + return; + } if ( msg && *msg ) { init_unistr4( q_u->message, msg, UNI_FLAGS_NONE ); @@ -1652,20 +1729,24 @@ BOOL reg_io_r_shutdown_ex(const char *desc, REG_R_SHUTDOWN_EX *r_u, prs_struct * return True; } - - /******************************************************************* Inits a structure. ********************************************************************/ + void init_reg_q_abort_shutdown(REG_Q_ABORT_SHUTDOWN *q_u) { q_u->server = TALLOC_P( get_talloc_ctx(), uint16 ); + if (!q_u->server) { + smb_panic("init_reg_q_abort_shutdown: talloc fail\n"); + return; + } *q_u->server = 0x1; } /******************************************************************* reads or writes a structure. ********************************************************************/ + BOOL reg_io_q_abort_shutdown(const char *desc, REG_Q_ABORT_SHUTDOWN *q_u, prs_struct *ps, int depth) { -- cgit