[SCM] Samba Shared Repository - branch master updated
Jeremy Allison
jra at samba.org
Wed Jul 17 19:23:05 MDT 2013
The branch, master has been updated
via 7420574 Fix memory leak in error code path.
via 9b58da9 Fix bug 10025 - Lack of Sanity Checking in calls to malloc()/calloc().
from 9b2aa35 s3: Remove old mode special substitution.
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 7420574c74be1f5ea308c8ebfc572683d1e755d4
Author: Richard Sharpe <realrichardsharpe at gmail.com>
Date: Wed Jul 17 16:29:39 2013 -0700
Fix memory leak in error code path.
Reviewed-by: Volker Lendecke <Volker.Lendecke at SerNet.DE>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Thu Jul 18 03:22:37 CEST 2013 on sn-devel-104
commit 9b58da986680a92b350f02cd31ff64f30fecd07c
Author: Bill Parker <wp02855 at gmail.com>
Date: Wed Jul 17 15:30:35 2013 -0700
Fix bug 10025 - Lack of Sanity Checking in calls to malloc()/calloc().
In reviewing various files in Samba-4.0.7, I found a number
of instances where malloc()/calloc() were called without the
checking the return value for a value of NULL, which would
indicate failure.
(NB. The changes needed to ccan, iniparser, popt and heimdal
will be reported upstream, not patched inside Samba).
Reviewed-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Simo Source <idra at samba.org>
-----------------------------------------------------------------------
Summary of changes:
lib/ntdb/tools/growtdb-bench.c | 16 ++++++++++++++++
lib/ntdb/tools/ntdbtorture.c | 4 ++++
lib/replace/getifaddrs.c | 29 +++++++++++++++++++++++++++++
lib/tdb/test/run-transaction-expand.c | 5 +++++
lib/tdb/tools/tdbtorture.c | 8 ++++++++
nsswitch/nsstest.c | 4 ++++
source3/smbd/notify_inotify.c | 1 +
source4/librpc/rpc/pyrpc_util.c | 3 +++
source4/torture/gentest.c | 8 ++++++++
9 files changed, 78 insertions(+), 0 deletions(-)
Changeset truncated at 500 lines:
diff --git a/lib/ntdb/tools/growtdb-bench.c b/lib/ntdb/tools/growtdb-bench.c
index 640f87a..aa5a406 100644
--- a/lib/ntdb/tools/growtdb-bench.c
+++ b/lib/ntdb/tools/growtdb-bench.c
@@ -48,12 +48,24 @@ int main(int argc, char *argv[])
idxkey.dsize = strlen("User index");
idxdata.dsize = 51;
idxdata.dptr = calloc(idxdata.dsize, 1);
+ if (idxdata.dptr == NULL) {
+ fprintf(stderr, "Unable to allocate memory for idxdata.dptr\n");
+ return -1;
+ }
/* Create users. */
k.dsize = 48;
k.dptr = calloc(k.dsize, 1);
+ if (k.dptr == NULL) {
+ fprintf(stderr, "Unable to allocate memory for k.dptr\n");
+ return -1;
+ }
d.dsize = 64;
d.dptr = calloc(d.dsize, 1);
+ if (d.dptr == NULL) {
+ fprintf(stderr, "Unable to allocate memory for d.dptr\n");
+ return -1;
+ }
ntdb_transaction_start(ntdb);
for (i = 0; i < users; i++) {
@@ -79,6 +91,10 @@ int main(int argc, char *argv[])
* a group. */
gk.dsize = 48;
gk.dptr = calloc(k.dsize, 1);
+ if (gk.dptr == NULL) {
+ fprintf(stderr, "Unable to allocate memory for gk.dptr\n");
+ return -1;
+ }
gk.dptr[gk.dsize-1] = 1;
d.dsize = 32;
diff --git a/lib/ntdb/tools/ntdbtorture.c b/lib/ntdb/tools/ntdbtorture.c
index 3bcf320..7ddb5c3 100644
--- a/lib/ntdb/tools/ntdbtorture.c
+++ b/lib/ntdb/tools/ntdbtorture.c
@@ -96,6 +96,10 @@ static char *randbuf(int len)
char *buf;
int i;
buf = (char *)malloc(len+1);
+ if (buf == NULL) {
+ perror("randbuf: unable to allocate memory for buffer.\n");
+ exit(1);
+ }
for (i=0;i<len;i++) {
buf[i] = 'a' + (rand() % 26);
diff --git a/lib/replace/getifaddrs.c b/lib/replace/getifaddrs.c
index 8da022f..f07d700 100644
--- a/lib/replace/getifaddrs.c
+++ b/lib/replace/getifaddrs.c
@@ -113,11 +113,23 @@ int rep_getifaddrs(struct ifaddrs **ifap)
for (i=n-1; i>=0; i--) {
if (ioctl(fd, SIOCGIFFLAGS, &ifr[i]) == -1) {
freeifaddrs(*ifap);
+ close(fd);
return -1;
}
curif = calloc(1, sizeof(struct ifaddrs));
+ if (curif == NULL) {
+ freeifaddrs(*ifap);
+ close(fd);
+ return -1;
+ }
curif->ifa_name = strdup(ifr[i].ifr_name);
+ if (curif->ifa_name == NULL) {
+ free(curif);
+ freeifaddrs(*ifap);
+ close(fd);
+ return -1;
+ }
curif->ifa_flags = ifr[i].ifr_flags;
curif->ifa_dstaddr = NULL;
curif->ifa_data = NULL;
@@ -126,11 +138,28 @@ int rep_getifaddrs(struct ifaddrs **ifap)
curif->ifa_addr = NULL;
if (ioctl(fd, SIOCGIFADDR, &ifr[i]) != -1) {
curif->ifa_addr = sockaddr_dup(&ifr[i].ifr_addr);
+ if (curif->ifa_addr == NULL) {
+ free(curif->ifa_name);
+ free(curif);
+ freeifaddrs(*ifap);
+ close(fd);
+ return -1;
+ }
}
curif->ifa_netmask = NULL;
if (ioctl(fd, SIOCGIFNETMASK, &ifr[i]) != -1) {
curif->ifa_netmask = sockaddr_dup(&ifr[i].ifr_addr);
+ if (curif->ifa_netmask == NULL) {
+ if (curif->ifa_addr != NULL) {
+ free(curif->ifa_addr);
+ }
+ free(curif->ifa_name);
+ free(curif);
+ freeifaddrs(*ifap);
+ close(fd);
+ return -1;
+ }
}
if (lastif == NULL) {
diff --git a/lib/tdb/test/run-transaction-expand.c b/lib/tdb/test/run-transaction-expand.c
index 1271d92..d62c76a 100644
--- a/lib/tdb/test/run-transaction-expand.c
+++ b/lib/tdb/test/run-transaction-expand.c
@@ -73,6 +73,11 @@ int main(int argc, char *argv[])
data.dsize = 0;
data.dptr = calloc(1000, getpagesize());
+ if (data.dptr == NULL) {
+ diag("Unable to allocate memory for data.dptr");
+ tdb_close(tdb);
+ exit(1);
+ }
/* Simulate a slowly growing record. */
for (i = 0; i < 1000; i++)
diff --git a/lib/tdb/tools/tdbtorture.c b/lib/tdb/tools/tdbtorture.c
index a23d154..5ae08f6 100644
--- a/lib/tdb/tools/tdbtorture.c
+++ b/lib/tdb/tools/tdbtorture.c
@@ -342,7 +342,15 @@ int main(int argc, char * const *argv)
}
pids = (pid_t *)calloc(sizeof(pid_t), num_procs);
+ if (pids == NULL) {
+ perror("Unable to allocate memory for pids");
+ exit(1);
+ }
done = (int *)calloc(sizeof(int), num_procs);
+ if (done == NULL) {
+ perror("Unable to allocate memory for done");
+ exit(1);
+ }
if (pipe(pfds) != 0) {
perror("Creating pipe");
diff --git a/nsswitch/nsstest.c b/nsswitch/nsstest.c
index 39d0342..4b3d0a4 100644
--- a/nsswitch/nsstest.c
+++ b/nsswitch/nsstest.c
@@ -371,6 +371,10 @@ static void nss_test_initgroups(char *name, gid_t gid)
NSS_STATUS status;
groups = (gid_t *)malloc(sizeof(gid_t) * size);
+ if (groups == NULL) {
+ printf("Unable to allocate memory for groups\n");
+ return;
+ }
groups[0] = gid;
status = nss_initgroups(name, gid, &groups, &start, &size);
diff --git a/source3/smbd/notify_inotify.c b/source3/smbd/notify_inotify.c
index 4e9a87e..efb659f 100644
--- a/source3/smbd/notify_inotify.c
+++ b/source3/smbd/notify_inotify.c
@@ -398,6 +398,7 @@ NTSTATUS inotify_watch(struct sys_notify_context *ctx,
if (w->path == NULL) {
inotify_rm_watch(in->fd, wd);
*filter = orig_filter;
+ TALLOC_FREE(w);
return NT_STATUS_NO_MEMORY;
}
diff --git a/source4/librpc/rpc/pyrpc_util.c b/source4/librpc/rpc/pyrpc_util.c
index a000c76..ab6caac 100644
--- a/source4/librpc/rpc/pyrpc_util.c
+++ b/source4/librpc/rpc/pyrpc_util.c
@@ -246,6 +246,9 @@ bool PyInterface_AddNdrRpcMethods(PyTypeObject *ifacetype, const struct PyNdrRpc
PyObject *ret;
struct wrapperbase *wb = (struct wrapperbase *)calloc(sizeof(struct wrapperbase), 1);
+ if (wb == NULL) {
+ return false;
+ }
wb->name = discard_const_p(char, mds[i].name);
wb->flags = PyWrapperFlag_KEYWORDS;
wb->wrapper = (wrapperfunc)py_dcerpc_call_wrapper;
diff --git a/source4/torture/gentest.c b/source4/torture/gentest.c
index 91b60e2..f3c4c20 100644
--- a/source4/torture/gentest.c
+++ b/source4/torture/gentest.c
@@ -3068,9 +3068,17 @@ static bool start_gentest(struct tevent_context *ev,
/* allocate the open_handles array */
open_handles = calloc(options.max_open_handles, sizeof(open_handles[0]));
+ if (open_handles == NULL) {
+ printf("Unable to allocate memory for open_handles array.\n");
+ exit(1);
+ }
srandom(options.seed);
op_parms = calloc(options.numops, sizeof(op_parms[0]));
+ if (op_parms == NULL) {
+ printf("Unable to allocate memory for op_parms.\n");
+ exit(1);
+ }
/* generate the seeds - after this everything is deterministic */
if (options.use_preset_seeds) {
--
Samba Shared Repository
More information about the samba-cvs
mailing list