small bug in nttrans.c: reply_nttrans()
Kenichi Okuyama
okuyamak at dd.iij4u.or.jp
Thu Dec 28 04:49:46 GMT 2000
Dear all,
I've found small bug on nttrans.c:reply_nttrans().
Here, there's possibility of memory leak.
As long as malloc succeed in reply_nttrans(), we need no worry.
But if we failed, we should cleanup ourself correctly before
returning to anywhere.
I'll add patch at the end.
best regards,
----
Kenichi Okuyama at Tokyo Research Lab. IBM-Japan, Co.
Index: nttrans.c
===================================================================
RCS file: /cvsroot/samba/source/smbd/nttrans.c,v
retrieving revision 1.111
diff -u -r1.111 nttrans.c
--- nttrans.c 2000/11/24 19:53:38 1.111
+++ nttrans.c 2000/12/28 04:45:46
@@ -1757,18 +1757,32 @@
/* Allocate the space for the setup, the maximum needed parameters and data */
- if(setup_count > 0)
+ if(setup_count > 0) {
setup = (char *)malloc(setup_count);
- if (total_parameter_count > 0)
+ if ( setup == NULL ) {
+ DEBUG(0,("reply_nttrans : Out of memory\n"));
+ END_PROFILE(SMBnttrans);
+ return(ERROR(ERRDOS,ERRnomem));
+ }
+ }
+ if (total_parameter_count > 0) {
params = (char *)malloc(total_parameter_count);
- if (total_data_count > 0)
+ if ( params == NULL ) {
+ free( setup );
+ DEBUG(0,("reply_nttrans : Out of memory\n"));
+ END_PROFILE(SMBnttrans);
+ return(ERROR(ERRDOS,ERRnomem));
+ }
+ }
+ if (total_data_count > 0) {
data = (char *)malloc(total_data_count);
-
- if ((total_parameter_count && !params) || (total_data_count && !data) ||
- (setup_count && !setup)) {
- DEBUG(0,("reply_nttrans : Out of memory\n"));
- END_PROFILE(SMBnttrans);
- return(ERROR(ERRDOS,ERRnomem));
+ if ( data == NULL ) {
+ free( setup );
+ free( params );
+ DEBUG(0,("reply_nttrans : Out of memory\n"));
+ END_PROFILE(SMBnttrans);
+ return(ERROR(ERRDOS,ERRnomem));
+ }
}
/* Copy the param and data bytes sent with this request into
More information about the samba-technical
mailing list