malloc without check in HEAD
Simo Sorce
idra at samba.org
Wed Oct 3 14:10:11 GMT 2001
thank you andreas, I've committed some patches.
On Wed, Oct 03, 2001 at 10:18:55PM +0200, andreas moroder wrote:
> Hello,
>
> I found more alloc/realloc problems in head from
> 3.10.2001 20:30 CEST
>
> in winbindd_group.c
>
> name_list = Realloc(name_list,
> sizeof(struct acct_info) *
> (ent->num_sam_entries +
> num_entries));
>
> THERE IS NO CHECK HERE IF name_list != NULL
> name_list ist also lvalue and parameter, so if Realloc fails, there is a
> memory leak ( see man realloc )
>
> memcpy(&name_list[ent->num_sam_entries],
> sam_grp_entries,
> num_entries * sizeof(struct acct_info));
>
>
>
> in utils/rpccheck.c
>
> at line 44
>
> ctx=talloc_init();
>
> CTC IS NOT CHECKED AGAINST NULL AND PASSED AS PARAMETER
> prs_init(&ps, 1600, 4, ctx, MARSHALL);
>
>
> in rpc_server/rpc_samr_nt.c
>
> at line 889
>
> *d_grp=talloc_realloc(ctx,*d_grp, (num_entries+1)*sizeof(DOMAIN_GRP));
> *d_grp is lvalue and parameter. Same problem as with all the Reallocs.
>
>
> in rpc_server/rpc_lsa_nt.c
>
> at line 725
>
> set=(LUID_ATTR *)talloc_realloc(p->mem_ctx, set, (count+1)*sizeof(LUID_ATTR));
>
> set[count].luid.low=privs[i].se_priv;
>
> set is used and never checked, the leak problem exists too.
>
>
> Bye
>
> Andreas Moroder
>
>
>
--
Simo Sorce idra at samba.org
-------------------------------
Samba Team http://www.samba.org
More information about the samba-technical
mailing list