From 9b58da986680a92b350f02cd31ff64f30fecd07c Mon Sep 17 00:00:00 2001 From: Bill Parker Date: Wed, 17 Jul 2013 15:30:35 -0700 Subject: Fix bug 10025 - Lack of Sanity Checking in calls to malloc()/calloc(). In reviewing various files in Samba-4.0.7, I found a number of instances where malloc()/calloc() were called without the checking the return value for a value of NULL, which would indicate failure. (NB. The changes needed to ccan, iniparser, popt and heimdal will be reported upstream, not patched inside Samba). Reviewed-by: Jeremy Allison Reviewed-by: Simo Source --- source4/librpc/rpc/pyrpc_util.c | 3 +++ source4/torture/gentest.c | 8 ++++++++ 2 files changed, 11 insertions(+) (limited to 'source4') diff --git a/source4/librpc/rpc/pyrpc_util.c b/source4/librpc/rpc/pyrpc_util.c index a000c76907..ab6caac8ff 100644 --- a/source4/librpc/rpc/pyrpc_util.c +++ b/source4/librpc/rpc/pyrpc_util.c @@ -246,6 +246,9 @@ bool PyInterface_AddNdrRpcMethods(PyTypeObject *ifacetype, const struct PyNdrRpc PyObject *ret; struct wrapperbase *wb = (struct wrapperbase *)calloc(sizeof(struct wrapperbase), 1); + if (wb == NULL) { + return false; + } wb->name = discard_const_p(char, mds[i].name); wb->flags = PyWrapperFlag_KEYWORDS; wb->wrapper = (wrapperfunc)py_dcerpc_call_wrapper; diff --git a/source4/torture/gentest.c b/source4/torture/gentest.c index 91b60e2c4e..f3c4c20e53 100644 --- a/source4/torture/gentest.c +++ b/source4/torture/gentest.c @@ -3068,9 +3068,17 @@ static bool start_gentest(struct tevent_context *ev, /* allocate the open_handles array */ open_handles = calloc(options.max_open_handles, sizeof(open_handles[0])); + if (open_handles == NULL) { + printf("Unable to allocate memory for open_handles array.\n"); + exit(1); + } srandom(options.seed); op_parms = calloc(options.numops, sizeof(op_parms[0])); + if (op_parms == NULL) { + printf("Unable to allocate memory for op_parms.\n"); + exit(1); + } /* generate the seeds - after this everything is deterministic */ if (options.use_preset_seeds) { -- cgit