svn commit: samba r14044 - in trunk/source: rpc_parse smbd

Wed Mar 8 17:50:58 GMT 2006

Author: jra
Date: 2006-03-08 17:50:57 +0000 (Wed, 08 Mar 2006)
New Revision: 14044

WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=14044

Log:
After discussion with Jerry revert part of the
Coverity null-ref patch - put prs_rpcbuffer_p
back to the way it was (with an additional
coverity paranoia check) - move the real test
into rpcbuf_alloc_size instead.
Jeremy.

Modified:
   trunk/source/rpc_parse/parse_buffer.c
   trunk/source/smbd/trans2.c


Changeset:
Modified: trunk/source/rpc_parse/parse_buffer.c
===================================================================

--- trunk/source/rpc_parse/parse_buffer.c	2006-03-08 17:50:44 UTC (rev 14043)
+++ trunk/source/rpc_parse/parse_buffer.c	2006-03-08 17:50:57 UTC (rev 14044)
@@ -108,37 +108,22 @@
 
 	data_p = *buffer ? 0xf000baaa : 0;
 
-	if ( !prs_uint32("ptr", ps, depth, &data_p )) {
+	if ( !prs_uint32("ptr", ps, depth, &data_p ))
 		return False;
-	}
 
-	/* We must always return a valid buffer pointer even if the
-	   client didn't send one - just leave it initialized to null. */
-	if ( UNMARSHALLING(ps) ) {
-		if ( !(*buffer = PRS_ALLOC_MEM(ps, RPC_BUFFER, 1)) ) {
-			return False;
-		}
-	}
-
 	/* we're done if there is no data */
 
-	if (!data_p) {
-		if (UNMARSHALLING(ps)) {
-			RPC_BUFFER *pbuffer = *buffer;
-			/* On unmarshalling we must return a valid,
-			   but zero size value RPC_BUFFER. */
-			pbuffer->size = 0;
-			pbuffer->string_at_end = 0;
-			if (!prs_init(&pbuffer->prs, 0, prs_get_mem_context(ps), UNMARSHALL)) {
-				return False;
-			}
-		}
+	if ( !data_p )
 		return True;
-	}
 
-	/* Coverity paranoia. Buffer must be valid. */
-	if (!*buffer) {
-		return False;
+	if ( UNMARSHALLING(ps) ) {
+		if ( !(*buffer = PRS_ALLOC_MEM(ps, RPC_BUFFER, 1)) )
+			return False;
+	} else {
+		/* Marshalling case. - coverity paranoia - should already be ok if data_p != 0 */
+		if (!*buffer) {
+			return True;
+		}
 	}
 
 	return prs_rpcbuffer( desc, ps, depth, *buffer);
@@ -158,7 +143,11 @@
 	
 	if ( buffer_size == 0x0 )
 		return True;
-	
+
+	if (!buffer) {
+		return False;
+	}
+
 	ps= &buffer->prs;
 
 	/* damn, I'm doing the reverse operation of prs_grow() :) */

Modified: trunk/source/smbd/trans2.c
===================================================================
--- trunk/source/smbd/trans2.c	2006-03-08 17:50:44 UTC (rev 14043)
+++ trunk/source/smbd/trans2.c	2006-03-08 17:50:57 UTC (rev 14044)
@@ -2778,7 +2778,7 @@
 	char *fullpathname;
 	char *base_name;
 	char *p;
-	char *lock_data;
+	char *lock_data = NULL;
 	SMB_OFF_T pos = 0;
 	BOOL bad_path = False;
 	BOOL delete_pending = False;

