small bug in nttrans.c: reply_nttrans()

Kenichi Okuyama okuyamak at dd.iij4u.or.jp
Thu Dec 28 04:49:46 GMT 2000


Dear all,

I've found small bug on nttrans.c:reply_nttrans().
Here, there's possibility of memory leak.

As long as malloc succeed in reply_nttrans(), we need no worry.
But if we failed, we should cleanup ourself correctly before
returning to anywhere.


I'll add patch at the end.
best regards,
---- 
Kenichi Okuyama at Tokyo Research Lab. IBM-Japan, Co.


Index: nttrans.c
===================================================================
RCS file: /cvsroot/samba/source/smbd/nttrans.c,v
retrieving revision 1.111
diff -u -r1.111 nttrans.c
--- nttrans.c	2000/11/24 19:53:38	1.111
+++ nttrans.c	2000/12/28 04:45:46
@@ -1757,18 +1757,32 @@
     
   /* Allocate the space for the setup, the maximum needed parameters and data */
 
-  if(setup_count > 0)
+  if(setup_count > 0) {
     setup = (char *)malloc(setup_count);
-  if (total_parameter_count > 0)
+    if ( setup == NULL ) {
+        DEBUG(0,("reply_nttrans : Out of memory\n"));
+        END_PROFILE(SMBnttrans);
+        return(ERROR(ERRDOS,ERRnomem));
+    }
+  }
+  if (total_parameter_count > 0) {
     params = (char *)malloc(total_parameter_count);
-  if (total_data_count > 0)
+    if ( params == NULL ) {
+        free( setup );
+        DEBUG(0,("reply_nttrans : Out of memory\n"));
+        END_PROFILE(SMBnttrans);
+        return(ERROR(ERRDOS,ERRnomem));
+    }
+  }
+  if (total_data_count > 0) {
     data = (char *)malloc(total_data_count);
- 
-  if ((total_parameter_count && !params)  || (total_data_count && !data) ||
-      (setup_count && !setup)) {
-    DEBUG(0,("reply_nttrans : Out of memory\n"));
-    END_PROFILE(SMBnttrans);
-    return(ERROR(ERRDOS,ERRnomem));
+    if ( data == NULL ) {
+        free( setup );
+        free( params );
+        DEBUG(0,("reply_nttrans : Out of memory\n"));
+        END_PROFILE(SMBnttrans);
+        return(ERROR(ERRDOS,ERRnomem));
+    }
   }
 
   /* Copy the param and data bytes sent with this request into




More information about the samba-technical mailing list