[SCM] Samba Shared Repository - branch master updated
Stefan Metzmacher
metze at samba.org
Thu Jun 16 06:16:02 MDT 2011
The branch, master has been updated
via 6751215 s3:rpc_server/svcctl: fix valgrind bug in _svcctl_QueryServiceObjectSecurity()
via 11683cc s3:rpc_server/svcctl: fix valgrind bugs in _svcctl_QueryServiceConfig2W()
from 48de3e5 s3:rpc_server/svcctl: don't allocate return values on a temporary stackframe
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 67512152c007bb186e4fd8dac5d1aab89bce0689
Author: Stefan Metzmacher <metze at samba.org>
Date: Thu Jun 16 12:47:22 2011 +0200
s3:rpc_server/svcctl: fix valgrind bug in _svcctl_QueryServiceObjectSecurity()
r->out.buffer needs to stay in its size, as it will be marshalled completely.
As it's preallocated and initialized with zeros, we just need to copy
the payload into it, even if it's smaller than the offered buffer size.
metze
Autobuild-User: Stefan Metzmacher <metze at samba.org>
Autobuild-Date: Thu Jun 16 14:15:47 CEST 2011 on sn-devel-104
commit 11683ccf3e68606ecb1cdfa455f7921b119803c6
Author: Stefan Metzmacher <metze at samba.org>
Date: Thu Jun 16 12:34:42 2011 +0200
s3:rpc_server/svcctl: fix valgrind bugs in _svcctl_QueryServiceConfig2W()
r->out.buffer needs to stay in its size, as it will be marshalled completely.
As it's preallocated and initialized with zeros, we just need to copy
the payload into it.
If we always marshall the return buffer, we already have the needed
buffer size and don't need to call ndr_size_* functions.
metze
-----------------------------------------------------------------------
Summary of changes:
source3/rpc_server/svcctl/srv_svcctl_nt.c | 16 ++++++----------
1 files changed, 6 insertions(+), 10 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source3/rpc_server/svcctl/srv_svcctl_nt.c b/source3/rpc_server/svcctl/srv_svcctl_nt.c
index 4f8a2c1..f515906 100644
--- a/source3/rpc_server/svcctl/srv_svcctl_nt.c
+++ b/source3/rpc_server/svcctl/srv_svcctl_nt.c
@@ -775,7 +775,8 @@ WERROR _svcctl_QueryServiceConfig2W(struct pipes_struct *p,
struct svcctl_QueryServiceConfig2W *r)
{
SERVICE_INFO *info = find_service_info_by_hnd( p, r->in.handle );
- uint32 buffer_size;
+ uint32_t buffer_size;
+ DATA_BLOB blob = data_blob_null;
/* perform access checks */
@@ -795,7 +796,6 @@ WERROR _svcctl_QueryServiceConfig2W(struct pipes_struct *p,
struct SERVICE_DESCRIPTION desc_buf;
const char *description;
enum ndr_err_code ndr_err;
- DATA_BLOB blob;
description = svcctl_lookup_description(p->mem_ctx,
p->msg_ctx,
@@ -810,9 +810,6 @@ WERROR _svcctl_QueryServiceConfig2W(struct pipes_struct *p,
return WERR_INVALID_PARAM;
}
- buffer_size = ndr_size_SERVICE_DESCRIPTION(&desc_buf, 0);
- r->out.buffer = blob.data;
-
break;
}
break;
@@ -820,7 +817,6 @@ WERROR _svcctl_QueryServiceConfig2W(struct pipes_struct *p,
{
struct SERVICE_FAILURE_ACTIONS actions;
enum ndr_err_code ndr_err;
- DATA_BLOB blob;
/* nothing to say...just service the request */
@@ -832,9 +828,6 @@ WERROR _svcctl_QueryServiceConfig2W(struct pipes_struct *p,
return WERR_INVALID_PARAM;
}
- buffer_size = ndr_size_SERVICE_FAILURE_ACTIONS(&actions, 0);
- r->out.buffer = blob.data;
-
break;
}
break;
@@ -843,12 +836,15 @@ WERROR _svcctl_QueryServiceConfig2W(struct pipes_struct *p,
return WERR_UNKNOWN_LEVEL;
}
+ buffer_size = blob.length;
buffer_size += buffer_size % 4;
*r->out.needed = (buffer_size > r->in.offered) ? buffer_size : r->in.offered;
if (buffer_size > r->in.offered)
return WERR_INSUFFICIENT_BUFFER;
+ memcpy(r->out.buffer, blob.data, blob.length);
+
return WERR_OK;
}
@@ -940,7 +936,7 @@ WERROR _svcctl_QueryServiceObjectSecurity(struct pipes_struct *p,
}
*r->out.needed = len;
- r->out.buffer = buffer;
+ memcpy(r->out.buffer, buffer, len);
return WERR_OK;
}
--
Samba Shared Repository
More information about the samba-cvs
mailing list