malloc without check in HEAD
andreas moroder
claudiamoroder at st-ulrich.suedtirol.net
Wed Oct 3 13:14:03 GMT 2001
Hello,
I found more alloc/realloc problems in head from
3.10.2001 20:30 CEST
in winbindd_group.c
name_list = Realloc(name_list,
sizeof(struct acct_info) *
(ent->num_sam_entries +
num_entries));
THERE IS NO CHECK HERE IF name_list != NULL
name_list ist also lvalue and parameter, so if Realloc fails, there is a
memory leak ( see man realloc )
memcpy(&name_list[ent->num_sam_entries],
sam_grp_entries,
num_entries * sizeof(struct acct_info));
in utils/rpccheck.c
at line 44
ctx=talloc_init();
CTC IS NOT CHECKED AGAINST NULL AND PASSED AS PARAMETER
prs_init(&ps, 1600, 4, ctx, MARSHALL);
in rpc_server/rpc_samr_nt.c
at line 889
*d_grp=talloc_realloc(ctx,*d_grp, (num_entries+1)*sizeof(DOMAIN_GRP));
*d_grp is lvalue and parameter. Same problem as with all the Reallocs.
in rpc_server/rpc_lsa_nt.c
at line 725
set=(LUID_ATTR *)talloc_realloc(p->mem_ctx, set, (count+1)*sizeof(LUID_ATTR));
set[count].luid.low=privs[i].se_priv;
set is used and never checked, the leak problem exists too.
Bye
Andreas Moroder
More information about the samba-technical
mailing list