svn commit: samba r16583 - in trunk/source: lib libsmb passdb
printing rpc_server smbd
jra at samba.org
jra at samba.org
Wed Jun 28 00:51:22 GMT 2006
Author: jra
Date: 2006-06-28 00:51:21 +0000 (Wed, 28 Jun 2006)
New Revision: 16583
WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=16583
Log:
Fix Klocwork #1997 and all generic class of problems
where we don't correctly check the return from memdup.
Jeremy.
Modified:
trunk/source/lib/interface.c
trunk/source/libsmb/clirap.c
trunk/source/passdb/pdb_tdb.c
trunk/source/printing/nt_printing.c
trunk/source/rpc_server/srv_pipe.c
trunk/source/smbd/sec_ctx.c
Changeset:
Modified: trunk/source/lib/interface.c
===================================================================
--- trunk/source/lib/interface.c 2006-06-28 00:50:14 UTC (rev 16582)
+++ trunk/source/lib/interface.c 2006-06-28 00:51:21 UTC (rev 16583)
@@ -188,6 +188,10 @@
if (total_probed > 0) {
probed_ifaces = memdup(ifaces, sizeof(ifaces[0])*total_probed);
+ if (!probed_ifaces) {
+ DEBUG(0,("ERROR: memdup failed\n"));
+ exit(1);
+ }
}
/* if we don't have a interfaces line then use all broadcast capable
Modified: trunk/source/libsmb/clirap.c
===================================================================
--- trunk/source/libsmb/clirap.c 2006-06-28 00:50:14 UTC (rev 16582)
+++ trunk/source/libsmb/clirap.c 2006-06-28 00:51:21 UTC (rev 16583)
@@ -848,6 +848,12 @@
}
*poutdata = memdup(rdata, data_len);
+ if (!*poutdata) {
+ SAFE_FREE(rdata);
+ SAFE_FREE(rparam);
+ return False;
+ }
+
*poutlen = data_len;
SAFE_FREE(rdata);
Modified: trunk/source/passdb/pdb_tdb.c
===================================================================
--- trunk/source/passdb/pdb_tdb.c 2006-06-28 00:50:14 UTC (rev 16582)
+++ trunk/source/passdb/pdb_tdb.c 2006-06-28 00:51:21 UTC (rev 16583)
@@ -913,6 +913,12 @@
/* save a copy of the key */
ptr->key.dptr = memdup( key.dptr, key.dsize );
+ if (!ptr->key.dptr) {
+ DEBUG(0,("tdbsam_traverse_setpwent: memdup failed\n"));
+ /* just return 0 and let the traversal continue */
+ return 0;
+ }
+
ptr->key.dsize = key.dsize;
DLIST_ADD( tdbsam_pwent_list, ptr );
Modified: trunk/source/printing/nt_printing.c
===================================================================
--- trunk/source/printing/nt_printing.c 2006-06-28 00:50:14 UTC (rev 16582)
+++ trunk/source/printing/nt_printing.c 2006-06-28 00:51:21 UTC (rev 16583)
@@ -738,6 +738,9 @@
int get_builtin_ntforms(nt_forms_struct **list)
{
*list = (nt_forms_struct *)memdup(&default_forms[0], sizeof(default_forms));
+ if (!*list) {
+ return 0;
+ }
return sizeof(default_forms) / sizeof(default_forms[0]);
}
@@ -2081,6 +2084,10 @@
fstrcpy(info.dependentfiles[0], "");
*info_ptr = memdup(&info, sizeof(info));
+ if (!*info_ptr) {
+ SAFE_FREE(info.dependentfiles);
+ return WERR_NOMEM;
+ }
return WERR_OK;
}
@@ -2155,6 +2162,10 @@
}
*info_ptr = (NT_PRINTER_DRIVER_INFO_LEVEL_3 *)memdup(&driver, sizeof(driver));
+ if (!*info_ptr) {
+ SAFE_FREE(driver.dependentfiles);
+ return WERR_NOMEM;
+ }
return WERR_OK;
}
@@ -2655,6 +2666,10 @@
}
*nt_devmode = (NT_DEVICEMODE *)memdup(&devmode, sizeof(devmode));
+ if (!*nt_devmode) {
+ SAFE_FREE(devmode.nt_dev_private);
+ return -1;
+ }
DEBUG(8,("Unpacked devicemode [%s](%s)\n", devmode.devicename, devmode.formname));
if (devmode.nt_dev_private)
Modified: trunk/source/rpc_server/srv_pipe.c
===================================================================
--- trunk/source/rpc_server/srv_pipe.c 2006-06-28 00:50:14 UTC (rev 16582)
+++ trunk/source/rpc_server/srv_pipe.c 2006-06-28 00:51:21 UTC (rev 16583)
@@ -678,12 +678,26 @@
if (p->pipe_user.ut.ngroups) {
if (!(p->pipe_user.ut.groups = memdup(a->server_info->groups,
sizeof(gid_t) * p->pipe_user.ut.ngroups))) {
- DEBUG(0,("failed to memdup group list to p->pipe_user.groups\n"));
+ DEBUG(0,("pipe_ntlmssp_verify_final: failed to memdup group list to p->pipe_user.groups\n"));
+ data_blob_free(&p->session_key);
return False;
}
}
+ if (!a->server_info->ptok) {
+ DEBUG(1,("pipe_ntlmssp_verify_final: Error: Authmodule failed to provide nt_user_token\n"));
+ data_blob_free(&p->session_key);
+ SAFE_FREE(p->pipe_user.ut.groups);
+ return False;
+ }
+
p->pipe_user.nt_user_token = dup_nt_token(NULL, a->server_info->ptok);
+ if (!p->pipe_user.nt_user_token) {
+ DEBUG(1,("pipe_ntlmssp_verify_final: dup_nt_token failed.\n"));
+ data_blob_free(&p->session_key);
+ SAFE_FREE(p->pipe_user.ut.groups);
+ return False;
+ }
return True;
}
Modified: trunk/source/smbd/sec_ctx.c
===================================================================
--- trunk/source/smbd/sec_ctx.c 2006-06-28 00:50:14 UTC (rev 16582)
+++ trunk/source/smbd/sec_ctx.c 2006-06-28 00:51:21 UTC (rev 16583)
@@ -252,14 +252,30 @@
ctx_p->ut.ngroups = ngroups;
SAFE_FREE(ctx_p->ut.groups);
- if (token && (token == ctx_p->token))
+ if (token && (token == ctx_p->token)) {
smb_panic("DUPLICATE_TOKEN");
+ }
TALLOC_FREE(ctx_p->token);
- ctx_p->ut.groups = memdup(groups, sizeof(gid_t) * ngroups);
- ctx_p->token = dup_nt_token(NULL, token);
+ if (ngroups) {
+ ctx_p->ut.groups = memdup(groups, sizeof(gid_t) * ngroups);
+ if (!ctx_p->ut.groups) {
+ smb_panic("memdup failed");
+ }
+ } else {
+ ctx_p->ut.groups = NULL;
+ }
+ if (token) {
+ ctx_p->token = dup_nt_token(NULL, token);
+ if (!ctx_p->token) {
+ smb_panic("dup_nt_token failed");
+ }
+ } else {
+ ctx_p->token = NULL;
+ }
+
become_id(uid, gid);
ctx_p->ut.uid = uid;
More information about the samba-cvs
mailing list