CAN-2004-1154 and 3.0.10
Albert Chin
samba-technical at mlists.thewrittenword.com
Mon Dec 20 18:26:38 GMT 2004
On Mon, Dec 20, 2004 at 10:11:50AM -0800, Jeremy Allison wrote:
> On Mon, Dec 20, 2004 at 12:06:59PM -0600, Albert Chin wrote:
> > The patch against 3.0.9 for CAN-2004-1154 replaced a number of calls:
> > Realloc() -> SMB_REALLOC()
> > malloc() -> SMB_MALLOC()
> > strdup() -> SMB_STRDUP()
> > ...
> >
> > However, calls to Realloc(), malloc(), and strdup() remain in 3.0.10.
> > Is this a problem?
>
> Can you point them out. I've been tracking them down in the SVN codebase
> and tidying them up.
Attached patch against SAMBA_3_0 for Realloc(). I'll look for the
remainders now.
--
albert chin (china at thewrittenword.com)
-- snip snip
Index: source/aparser/parser.c
===================================================================
--- source/aparser/parser.c (revision 4288)
+++ source/aparser/parser.c (working copy)
@@ -46,7 +46,7 @@
*/
new_size = MAX(ps->buffer_size*2, ps->buffer_size + extra_space);
- if ((new_data = Realloc(ps->data_p, new_size)) == NULL) {
+ if ((new_data = SMB_REALLOC(ps->data_p, new_size)) == NULL) {
DEBUG(0,("io_grow: Realloc failure for size %u.\n",
(unsigned int)new_size));
return False;
@@ -463,7 +463,7 @@
BOOL ret = True;
void *tp;
- tp = (void *)Realloc(*ptr, size);
+ tp = (void *)SMB_REALLOC(*ptr, size);
if (tp) *ptr = tp;
else ret = False;
return ret;
Index: source/lib/util_smbd.c
===================================================================
--- source/lib/util_smbd.c (revision 4288)
+++ source/lib/util_smbd.c (working copy)
@@ -54,7 +54,7 @@
gid_t *groups_tmp;
- groups_tmp = Realloc(temp_groups, sizeof(gid_t) * max_grp);
+ groups_tmp = SMB_REALLOC_ARRAY(temp_groups, gid_t, max_grp);
if (!groups_tmp) {
SAFE_FREE(temp_groups);
Index: source/lib/sysacls.c
===================================================================
--- source/lib/sysacls.c (revision 4288)
+++ source/lib/sysacls.c (working copy)
@@ -690,7 +690,7 @@
maxlen += nbytes + 20 * (acl_d->count - i);
- if ((text = Realloc(oldtext, maxlen)) == NULL) {
+ if ((text = SMB_REALLOC(oldtext, maxlen)) == NULL) {
SAFE_FREE(oldtext);
errno = ENOMEM;
return NULL;
@@ -1321,7 +1321,7 @@
maxlen += nbytes + 20 * (acl_d->count - i);
- if ((text = Realloc(oldtext, maxlen)) == NULL) {
+ if ((text = SMB_REALLOC(oldtext, maxlen)) == NULL) {
free(oldtext);
errno = ENOMEM;
return NULL;
Index: testsuite/smbd/se_access_check_utils.c
===================================================================
--- testsuite/smbd/se_access_check_utils.c (revision 4288)
+++ testsuite/smbd/se_access_check_utils.c (working copy)
@@ -70,8 +70,7 @@
/* Create memory for new ACE */
- if (!(aces = Realloc(aces,
- sizeof(SEC_ACE) * (num_aces + 1)))) {
+ if (!(aces = SMB_REALLOC_ARRAY(aces, SEC_ACE, num_aces + 1))) {
return NULL;
}
Index: testsuite/printing/psec.c
===================================================================
--- testsuite/printing/psec.c (revision 4288)
+++ testsuite/printing/psec.c (working copy)
@@ -315,8 +315,7 @@
string_to_sid(&sid, sidstr);
- ace_list = Realloc(ace_list, sizeof(SEC_ACE) *
- (num_aces + 1));
+ ace_list = SMB_REALLOC_ARRAY(ace_list, SEC_ACE, num_aces + 1);
init_sec_access(&sa, ace_mask);
init_sec_ace(&ace_list[num_aces], &sid, ace_type, sa,
More information about the samba-technical
mailing list