Possibility of Memory Leak in smbd/trans2.c

Jeremy Allison jeremy at valinux.com
Tue Jan 23 20:29:33 GMT 2001


Kenichi Okuyama wrote:

> I've found possibility of memory leak in smbd/trans2.c.
> 
> The point exists where Realloc() is being called.
> 
> 1) There were several points that Realloc() is being called
>    without checking possibility of NULL being returned from
>    Realloc().
> 
> 2) This was the tipical Realloc calling patterns:
> 
>    params = *pparams = Realloc(*pparams, 28);
>    if(params == NULL)
>      return(ERROR(ERRDOS,ERRnomem));
> 
>    The problem is, that if Realloc() returned NULL, original
>    memory chunk will not be freed. They will be kept with
>    any data left unchanged.
> 
>    But because we overwrite both 'params' and '*pparams', we no
>    longer have pointer to original chunk. These should be changed
>    to pattern like follows:
> 
>    params = Realloc(*pparams, 28);
>    if(params == NULL)
>      return(ERROR(ERRDOS,ERRnomem));
>    *pparams     = params;
> 
> I've looked over smbd/trans2.c for this bug. I don't know about
> others.
> 
> The patch follows after this message.

Thanks - this patch looks good. I've committed it to 2.2 and
HEAD.

Thanks,

	Jeremy.

-- 
--------------------------------------------------------
Buying an operating system without source is like buying
a self-assembly Space Shuttle with no instructions.
--------------------------------------------------------




More information about the samba-technical mailing list