[SCM] Samba Shared Repository - branch v3-6-test updated

Tue Aug 10 11:58:18 MDT 2010

The branch, v3-6-test has been updated
       via  4acb48e... librpc/idl/mgmt.idl: add missing size_is()
       via  31bc9ad... pidl:NDR: correctly handle bracket arrays with 'string'
       via  7853a6d... s3:smbd: fix valgrind warning, sizeof(16) != 16...
       via  6af4ce4... s3:rpc_server: fix valgrind warning
       via  bc64c9a... s3:rpc_server: fix memory leaks in rpc_pipe_internal_dispatch()
      from  1b58b1e... s3-waf: fix the build.

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-6-test


- Log -----------------------------------------------------------------
commit 4acb48edc00c0b82d3c6e63128f147bf8188a5b5
Author: Stefan Metzmacher <metze at samba.org>
Date:   Thu Aug 5 17:19:16 2010 +0200

    librpc/idl/mgmt.idl: add missing size_is()
    
    metze
    (cherry picked from commit ad94ae980462dc4c581a2fa1d7e927c2ae625c19)

commit 31bc9ad0c08eba2b79b09ce0a9c0f2a2e98a9646
Author: Stefan Metzmacher <metze at samba.org>
Date:   Thu Aug 5 16:10:37 2010 +0200

    pidl:NDR: correctly handle bracket arrays with 'string'
    
    metze
    (cherry picked from commit 0a7f749bc80d9846b97cd22cd503473a205aaafd)

commit 7853a6d4bbb9c2f0dcacb950fe353ff77701d227
Author: Stefan Metzmacher <metze at samba.org>
Date:   Sun Aug 8 09:21:57 2010 +0200

    s3:smbd: fix valgrind warning, sizeof(16) != 16...
    
    metze
    (cherry picked from commit ac9f06c9b93ada5d0e8331a122e199a8f69049a3)

commit 6af4ce44d0c2d75652a8cad99eae9071595fe19f
Author: Stefan Metzmacher <metze at samba.org>
Date:   Sun Aug 8 09:23:00 2010 +0200

    s3:rpc_server: fix valgrind warning
    
    metze
    (cherry picked from commit cc6951243d5641e2185ed9dee3b6ee4de07d217b)

commit bc64c9ab1b4e58ad1475c82e8f97c9ad9f50a9c5
Author: Stefan Metzmacher <metze at samba.org>
Date:   Sat Aug 7 14:27:27 2010 +0200

    s3:rpc_server: fix memory leaks in rpc_pipe_internal_dispatch()
    
    metze
    (cherry picked from commit 66412bfc76dc8b7337f3690ec75b14542a3df11e)

-----------------------------------------------------------------------

Summary of changes:
 librpc/idl/mgmt.idl                        |    2 +-
 pidl/lib/Parse/Pidl/NDR.pm                 |    4 ++++
 source3/rpc_server/rpc_ncacn_np_internal.c |    7 +++++++
 source3/rpc_server/srv_pipe.c              |    1 +
 source3/smbd/negprot.c                     |    2 +-
 5 files changed, 14 insertions(+), 2 deletions(-)


Changeset truncated at 500 lines:

diff --git a/librpc/idl/mgmt.idl b/librpc/idl/mgmt.idl
index 35857f2..17c8cc4 100644
--- a/librpc/idl/mgmt.idl
+++ b/librpc/idl/mgmt.idl
@@ -70,6 +70,6 @@ interface mgmt
 	WERROR mgmt_inq_princ_name (
 		[in]        uint32                  authn_proto,
 		[in]        uint32                  princ_name_size,
-		[out]       [string,charset(DOS)] uint8 princ_name[]
+		[out]       [string,size_is(princ_name_size),charset(DOS)] uint8 princ_name[]
 		);
 }
diff --git a/pidl/lib/Parse/Pidl/NDR.pm b/pidl/lib/Parse/Pidl/NDR.pm
index a875ec8..1b45010 100644
--- a/pidl/lib/Parse/Pidl/NDR.pm
+++ b/pidl/lib/Parse/Pidl/NDR.pm
@@ -124,6 +124,10 @@ sub GetElementLevelTable($$)
 		if ($d eq "*") {
 			$is_conformant = 1;
 			if ($size = shift @size_is) {
+				if (has_property($e, "string")) {
+					$is_string = 1;
+					delete($e->{PROPERTIES}->{string});
+				}
 			} elsif ((scalar(@size_is) == 0) and has_property($e, "string")) {
 				$is_string = 1;
 				delete($e->{PROPERTIES}->{string});
diff --git a/source3/rpc_server/rpc_ncacn_np_internal.c b/source3/rpc_server/rpc_ncacn_np_internal.c
index 9bb5428..2393f94 100644
--- a/source3/rpc_server/rpc_ncacn_np_internal.c
+++ b/source3/rpc_server/rpc_ncacn_np_internal.c
@@ -291,16 +291,23 @@ static NTSTATUS rpc_pipe_internal_dispatch(struct rpc_pipe_client *cli,
 	}
 
 	if (!cmds[i].fn(cli->pipes_struct)) {
+		data_blob_free(&cli->pipes_struct->in_data.data);
+		data_blob_free(&cli->pipes_struct->out_data.rdata);
+		talloc_free_children(cli->pipes_struct->mem_ctx);
 		return NT_STATUS_UNSUCCESSFUL;
 	}
 
 	status = internal_ndr_pull(mem_ctx, cli, table, opnum, r);
 	if (!NT_STATUS_IS_OK(status)) {
+		data_blob_free(&cli->pipes_struct->in_data.data);
+		data_blob_free(&cli->pipes_struct->out_data.rdata);
+		talloc_free_children(cli->pipes_struct->mem_ctx);
 		return status;
 	}
 
 	data_blob_free(&cli->pipes_struct->in_data.data);
 	data_blob_free(&cli->pipes_struct->out_data.rdata);
+	talloc_free_children(cli->pipes_struct->mem_ctx);
 
 	return NT_STATUS_OK;
 }
diff --git a/source3/rpc_server/srv_pipe.c b/source3/rpc_server/srv_pipe.c
index 436e5be..e704d75 100644
--- a/source3/rpc_server/srv_pipe.c
+++ b/source3/rpc_server/srv_pipe.c
@@ -527,6 +527,7 @@ static bool check_bind_req(struct pipes_struct *p,
 		return False;
 	}
 
+	context_fns->next = context_fns->prev = NULL;
 	context_fns->n_cmds = rpc_srv_get_pipe_num_cmds(abstract);
 	context_fns->cmds = rpc_srv_get_pipe_cmds(abstract);
 	context_fns->context_id = context_id;
diff --git a/source3/smbd/negprot.c b/source3/smbd/negprot.c
index 4ff4eee..e61d519 100644
--- a/source3/smbd/negprot.c
+++ b/source3/smbd/negprot.c
@@ -242,7 +242,7 @@ DATA_BLOB negprot_spnego(TALLOC_CTX *ctx, struct smbd_server_connection *sconn)
 #ifdef DEVELOPER
 	/* Fix valgrind 'uninitialized bytes' issue. */
 	slen = strlen(dos_name);
-	if (slen < sizeof(16)) {
+	if (slen < 16) {
 		memset(blob_out.data+slen, '\0', 16 - slen);
 	}
 #endif


-- 
Samba Shared Repository
