YMMC 3 memdup

[andreas moroder]

Hello,

two more missing alloc checks

LIB/INTERFACE.C


	at line  198 and following there is this code

	if (total_probed > 0) {
		probed_ifaces = memdup(ifaces, sizeof(ifaces[0])*total_probed);      <<<<< 
MEMORY ASSIGNED TO PROBED_INTERFACES
	}

	/* if we don't have a interfaces line then use all broadcast capable
	   interfaces except loopback */
	if (!ptr || !*ptr) {
		if (total_probed <= 0) {
			DEBUG(0,("ERROR: Could not determine network interfaces, you must use a 
interfaces config line\n"));
			exit(1);
		}
		for (i=0;i<total_probed;i++) {
			if (probed_ifaces[i].netmask.s_addr != allones_ip.s_addr &&    <<<< 
PROBED_INTERFACES USED BUT THERE WAS NO CHECK BEFORE
			    probed_ifaces[i].ip.s_addr != loopback_ip.s_addr) {



LOCKING/LOCKING.C

	at line 453   *ppse = memdup( ...

	ppse is passed as **ppse to the function and the function del_share_mode is 
only called in smbd/close.c

	share_entry_count = del_share_mode(fsp, &share_entry);

	/*
	 * We delete on close if it's the last open, and the
	 * delete on close flag was set in the entry we just deleted.
	 */

	if ((share_entry_count == 0) && share_entry &&
			GET_DELETE_ON_CLOSE_FLAG(share_entry->share_mode) )
		delete_on_close = True;

	safe_free(share_entry);

	and the pointer is checked, but the 
GET_DELETE_ON_CLOSE_FLAG(share_entry->share_mode) )   test is never made and 
the delete_on_close = True never set even if it should be, only because there 
is no more memory.
Because the parameter share_entry is passed only to get back the value of 
share_entry->share_mode, it would be better to pass as parameter a pointer to 
a local variable and assign the share_mode to this variable. 


Bye

Andreas Moroder


	code are never called,