CAN-2004-1154 and 3.0.10
Albert Chin
samba-technical at mlists.thewrittenword.com
Mon Dec 20 20:18:22 GMT 2004
On Mon, Dec 20, 2004 at 12:30:04PM -0600, Albert Chin wrote:
> On Mon, Dec 20, 2004 at 12:26:38PM -0600, Albert Chin wrote:
> > On Mon, Dec 20, 2004 at 10:11:50AM -0800, Jeremy Allison wrote:
> > > On Mon, Dec 20, 2004 at 12:06:59PM -0600, Albert Chin wrote:
> > > > The patch against 3.0.9 for CAN-2004-1154 replaced a number of calls:
> > > > Realloc() -> SMB_REALLOC()
> > > > malloc() -> SMB_MALLOC()
> > > > strdup() -> SMB_STRDUP()
> > > > ...
> > > >
> > > > However, calls to Realloc(), malloc(), and strdup() remain in 3.0.10.
> > > > Is this a problem?
> > >
> > > Can you point them out. I've been tracking them down in the SVN codebase
> > > and tidying them up.
> >
> > Attached patch against SAMBA_3_0 for Realloc(). I'll look for the
> > remainders now.
>
> Actually, I'll have to review this. I thought Realloc() was in a
> common util.c file but apparently not. So, hang on a bit.
Ok, how's the patch below? I ran a test build with 3.0.10 against the
patch below (though, oddly, the patch for source/lib/util_smbd.c is in
the 3.0.10.tar.gz file but not SAMBA_3_0) for the following platforms:
AIX 5.2
HP-UX 10.20, 11.00, 11i
IRIX 6.5
Redhat Linux 7.1, 9
RHEL 2.1, 3.0/x86, 3.0/amd64
Solaris 2.5.1, 2.6, 7, 8, 9
Tru64 UNIX 4.0D, 5.1
--
albert chin (china at thewrittenword.com)
-- snip snip
Index: source/printing/print_svid.c
===================================================================
--- source/printing/print_svid.c (revision 4289)
+++ source/printing/print_svid.c (working copy)
@@ -88,7 +88,7 @@
*tmp = '\0';
/* add it to the cache */
- if ((ptmp = malloc(sizeof (*ptmp))) != NULL) {
+ if ((ptmp = SMB_MALLOC_P(printer_t)) != NULL) {
ZERO_STRUCTP(ptmp);
if((ptmp->name = SMB_STRDUP(name)) == NULL)
DEBUG(0,("populate_printers: malloc fail in strdup !\n"));
Index: source/lib/util_smbd.c
===================================================================
--- source/lib/util_smbd.c (revision 4289)
+++ source/lib/util_smbd.c (working copy)
@@ -54,7 +54,7 @@
gid_t *groups_tmp;
- groups_tmp = Realloc(temp_groups, sizeof(gid_t) * max_grp);
+ groups_tmp = SMB_REALLOC_ARRAY(temp_groups, gid_t, max_grp);
if (!groups_tmp) {
SAFE_FREE(temp_groups);
Index: source/lib/sysacls.c
===================================================================
--- source/lib/sysacls.c (revision 4289)
+++ source/lib/sysacls.c (working copy)
@@ -612,7 +612,7 @@
*/
len = 0;
maxlen = 20 * acl_d->count;
- if ((text = malloc(maxlen)) == NULL) {
+ if ((text = SMB_MALLOC(maxlen)) == NULL) {
errno = ENOMEM;
return NULL;
}
@@ -690,7 +690,7 @@
maxlen += nbytes + 20 * (acl_d->count - i);
- if ((text = Realloc(oldtext, maxlen)) == NULL) {
+ if ((text = SMB_REALLOC(oldtext, maxlen)) == NULL) {
SAFE_FREE(oldtext);
errno = ENOMEM;
return NULL;
@@ -722,7 +722,7 @@
* acl[] array, this actually allocates an ACL with room
* for (count+1) entries
*/
- if ((a = malloc(sizeof(*a) + count * sizeof(struct acl))) == NULL) {
+ if ((a = SMB_MALLOC(sizeof(*a) + count * sizeof(struct acl))) == NULL) {
errno = ENOMEM;
return NULL;
}
@@ -886,7 +886,7 @@
* allocate a temporary buffer for the complete ACL
*/
acl_count = acc_acl->count + def_acl->count;
- acl_p = acl_buf = malloc(acl_count * sizeof(acl_buf[0]));
+ acl_p = acl_buf = SMB_MALLOC(acl_count * sizeof(acl_buf[0]));
if (acl_buf == NULL) {
sys_acl_free_acl(tmp_acl);
@@ -1243,7 +1243,7 @@
*/
len = 0;
maxlen = 20 * acl_d->count;
- if ((text = malloc(maxlen)) == NULL) {
+ if ((text = SMB_MALLOC(maxlen)) == NULL) {
errno = ENOMEM;
return NULL;
}
@@ -1321,7 +1321,7 @@
maxlen += nbytes + 20 * (acl_d->count - i);
- if ((text = Realloc(oldtext, maxlen)) == NULL) {
+ if ((text = SMB_REALLOC(oldtext, maxlen)) == NULL) {
free(oldtext);
errno = ENOMEM;
return NULL;
@@ -1353,7 +1353,7 @@
* acl[] array, this actually allocates an ACL with room
* for (count+1) entries
*/
- if ((a = malloc(sizeof(*a) + count * sizeof(struct acl))) == NULL) {
+ if ((a = SMB_MALLOC(sizeof(*a) + count * sizeof(struct acl))) == NULL) {
errno = ENOMEM;
return NULL;
}
@@ -1819,7 +1819,7 @@
* allocate a temporary buffer for the complete ACL
*/
acl_count = acc_acl->count + def_acl->count;
- acl_p = acl_buf = malloc(acl_count * sizeof(acl_buf[0]));
+ acl_p = acl_buf = SMB_MALLOC(acl_count * sizeof(acl_buf[0]));
if (acl_buf == NULL) {
sys_acl_free_acl(tmp_acl);
@@ -1982,7 +1982,7 @@
{
SMB_ACL_T a;
- if ((a = malloc(sizeof(*a))) == NULL) {
+ if ((a = SMB_MALLOC_P(struct SMB_ACL_T)) == NULL) {
errno = ENOMEM;
return NULL;
}
@@ -1999,7 +1999,7 @@
{
SMB_ACL_T a;
- if ((a = malloc(sizeof(*a))) == NULL) {
+ if ((a = SMB_MALLOC_P(struct SMB_ACL_T)) == NULL) {
errno = ENOMEM;
return NULL;
}
@@ -2056,7 +2056,7 @@
return NULL;
}
- if ((a = malloc(sizeof(*a) + sizeof(struct acl))) == NULL) {
+ if ((a = SMB_MALLOC(sizeof(*a) + sizeof(struct acl))) == NULL) {
errno = ENOMEM;
return NULL;
}
@@ -2282,7 +2282,7 @@
DEBUG(10,("Entering sys_acl_get_file\n"));
DEBUG(10,("path_p is %s\n",path_p));
- file_acl = (struct acl *)malloc(BUFSIZ);
+ file_acl = (struct acl *)SMB_MALLOC(BUFSIZ);
if(file_acl == NULL) {
errno=ENOMEM;
@@ -2313,7 +2313,7 @@
if(acl_entry_link_head == NULL)
return(NULL);
- acl_entry_link->entryp = (struct new_acl_entry *)malloc(sizeof(struct new_acl_entry));
+ acl_entry_link->entryp = SMB_MALLOC_P(struct new_acl_entry);
if(acl_entry_link->entryp == NULL) {
SAFE_FREE(file_acl);
errno = ENOMEM;
@@ -2348,8 +2348,7 @@
* and already has entryp allocated. */
if(acl_entry_link_head->count != 0) {
- acl_entry_link->nextp = (struct acl_entry_link *)
- malloc(sizeof(struct acl_entry_link));
+ acl_entry_link->nextp = SMB_MALLOC_P(struct acl_entry_link);
if(acl_entry_link->nextp == NULL) {
SAFE_FREE(file_acl);
@@ -2360,7 +2359,7 @@
acl_entry_link->nextp->prevp = acl_entry_link;
acl_entry_link = acl_entry_link->nextp;
- acl_entry_link->entryp = (struct new_acl_entry *)malloc(sizeof(struct new_acl_entry));
+ acl_entry_link->entryp = SMB_MALLOC_P(struct new_acl_entry);
if(acl_entry_link->entryp == NULL) {
SAFE_FREE(file_acl);
errno = ENOMEM;
@@ -2419,7 +2418,7 @@
for( i = 1; i < 4; i++) {
DEBUG(10,("i is %d\n",i));
if(acl_entry_link_head->count != 0) {
- acl_entry_link->nextp = (struct acl_entry_link *)malloc(sizeof(struct acl_entry_link));
+ acl_entry_link->nextp = SMB_MALLOC_P(struct acl_entry_link);
if(acl_entry_link->nextp == NULL) {
SAFE_FREE(file_acl);
errno = ENOMEM;
@@ -2429,7 +2428,7 @@
acl_entry_link->nextp->prevp = acl_entry_link;
acl_entry_link = acl_entry_link->nextp;
- acl_entry_link->entryp = (struct new_acl_entry *)malloc(sizeof(struct new_acl_entry));
+ acl_entry_link->entryp = SMB_MALLOC_P(struct new_acl_entry);
if(acl_entry_link->entryp == NULL) {
SAFE_FREE(file_acl);
errno = ENOMEM;
@@ -2496,7 +2495,7 @@
DEBUG(10,("Entering sys_acl_get_fd\n"));
DEBUG(10,("fd is %d\n",fd));
- file_acl = (struct acl *)malloc(BUFSIZ);
+ file_acl = (struct acl *)SMB_MALLOC(BUFSIZ);
if(file_acl == NULL) {
errno=ENOMEM;
@@ -2529,7 +2528,7 @@
return(NULL);
}
- acl_entry_link->entryp = (struct new_acl_entry *)malloc(sizeof(struct new_acl_entry));
+ acl_entry_link->entryp = SMB_MALLOC_P(struct new_acl_entry);
if(acl_entry_link->entryp == NULL) {
errno = ENOMEM;
@@ -2566,7 +2565,7 @@
* and already has entryp allocated. */
if(acl_entry_link_head->count != 0) {
- acl_entry_link->nextp = (struct acl_entry_link *)malloc(sizeof(struct acl_entry_link));
+ acl_entry_link->nextp = SMB_MALLOC_P(struct acl_entry_link);
if(acl_entry_link->nextp == NULL) {
errno = ENOMEM;
DEBUG(0,("Error in sys_acl_get_fd is %d\n",errno));
@@ -2575,7 +2574,7 @@
}
acl_entry_link->nextp->prevp = acl_entry_link;
acl_entry_link = acl_entry_link->nextp;
- acl_entry_link->entryp = (struct new_acl_entry *)malloc(sizeof(struct new_acl_entry));
+ acl_entry_link->entryp = SMB_MALLOC_P(struct new_acl_entry);
if(acl_entry_link->entryp == NULL) {
errno = ENOMEM;
DEBUG(0,("Error in sys_acl_get_fd is %d\n",errno));
@@ -2634,7 +2633,7 @@
for( i = 1; i < 4; i++) {
DEBUG(10,("i is %d\n",i));
if(acl_entry_link_head->count != 0){
- acl_entry_link->nextp = (struct acl_entry_link *)malloc(sizeof(struct acl_entry_link));
+ acl_entry_link->nextp = SMB_MALLOC_P(struct acl_entry_link);
if(acl_entry_link->nextp == NULL) {
errno = ENOMEM;
DEBUG(0,("Error in sys_acl_get_fd is %d\n",errno));
@@ -2644,7 +2643,7 @@
acl_entry_link->nextp->prevp = acl_entry_link;
acl_entry_link = acl_entry_link->nextp;
- acl_entry_link->entryp = (struct new_acl_entry *)malloc(sizeof(struct new_acl_entry));
+ acl_entry_link->entryp = SMB_MALLOC_P(struct new_acl_entry);
if(acl_entry_link->entryp == NULL) {
SAFE_FREE(file_acl);
@@ -2723,7 +2722,7 @@
DEBUG(10,("Entering sys_acl_init\n"));
- theacl = (struct acl_entry_link *)malloc(sizeof(struct acl_entry_link));
+ theacl = SMB_MALLOC_P(struct acl_entry_link);
if(theacl == NULL) {
errno = ENOMEM;
DEBUG(0,("Error in sys_acl_init is %d\n",errno));
@@ -2758,7 +2757,7 @@
}
if(theacl->count != 0){
- temp_entry->nextp = acl_entryp = (struct acl_entry_link *)malloc(sizeof(struct acl_entry_link));
+ temp_entry->nextp = acl_entryp = SMB_MALLOC_P(struct acl_entry_link);
if(acl_entryp == NULL) {
errno = ENOMEM;
DEBUG(0,("Error in sys_acl_create_entry is %d\n",errno));
@@ -2770,7 +2769,7 @@
DEBUG(10,("The acl_entryp->prevp is %d\n",acl_entryp->prevp));
}
- *pentry = acl_entryp->entryp = (struct new_acl_entry *)malloc(sizeof(struct new_acl_entry));
+ *pentry = acl_entryp->entryp = SMB_MALLOC_P(struct new_acl_entry);
if(*pentry == NULL) {
errno = ENOMEM;
DEBUG(0,("Error in sys_acl_create_entry is %d\n",errno));
@@ -2860,7 +2859,7 @@
return(0);
acl_length = BUFSIZ;
- file_acl = (struct acl *)malloc(BUFSIZ);
+ file_acl = (struct acl *)SMB_MALLOC(BUFSIZ);
if(file_acl == NULL) {
errno = ENOMEM;
@@ -2893,7 +2892,7 @@
if((file_acl->acl_len + sizeof(struct acl_entry)) > acl_length) {
acl_length += sizeof(struct acl_entry);
- file_acl_temp = (struct acl *)malloc(acl_length);
+ file_acl_temp = (struct acl *)SMB_MALLOC(acl_length);
if(file_acl_temp == NULL) {
SAFE_FREE(file_acl);
errno = ENOMEM;
@@ -2948,7 +2947,7 @@
DEBUG(10,("Entering sys_acl_set_fd\n"));
acl_length = BUFSIZ;
- file_acl = (struct acl *)malloc(BUFSIZ);
+ file_acl = (struct acl *)SMB_MALLOC(BUFSIZ);
if(file_acl == NULL) {
errno = ENOMEM;
@@ -2982,7 +2981,7 @@
if((file_acl->acl_len + sizeof(struct acl_entry)) > acl_length) {
acl_length += sizeof(struct acl_entry);
- file_acl_temp = (struct acl *)malloc(acl_length);
+ file_acl_temp = (struct acl *)SMB_MALLOC(acl_length);
if(file_acl_temp == NULL) {
SAFE_FREE(file_acl);
errno = ENOMEM;
Index: source/lib/afs_settoken.c
===================================================================
--- source/lib/afs_settoken.c (revision 4289)
+++ source/lib/afs_settoken.c (working copy)
@@ -53,7 +53,7 @@
DATA_BLOB blob;
struct ClearToken result_ct;
- char *s = strdup(string);
+ char *s = SMB_STRDUP(string);
char *t;
@@ -62,7 +62,7 @@
return False;
}
- *cell = strdup(t);
+ *cell = SMB_STRDUP(t);
if ((t = strtok(NULL, "\n")) == NULL) {
DEBUG(10, ("strtok failed\n"));
Index: source/libsmb/clikrb5.c
===================================================================
--- source/libsmb/clikrb5.c (revision 4289)
+++ source/libsmb/clikrb5.c (working copy)
@@ -233,7 +233,7 @@
return -1;
}
- sa = malloc( sizeof(struct sockaddr) * num_kdcs );
+ sa = SMB_MALLOC( sizeof(struct sockaddr) * num_kdcs );
if (!sa) {
DEBUG(0, ("krb5_locate_kdc: malloc failed\n"));
krb5_krbhst_free(ctx, hnd);
@@ -241,7 +241,7 @@
return -1;
}
- *addr_pp = malloc(sizeof(struct sockaddr) * num_kdcs);
+ *addr_pp = SMB_MALLOC(sizeof(struct sockaddr) * num_kdcs);
memset(*addr_pp, '\0', sizeof(struct sockaddr) * num_kdcs );
for (i = 0; i < num_kdcs && (rc = krb5_krbhst_next(ctx, hnd, &hinfo) == 0); i++) {
Index: source/utils/net_rpc_samsync.c
===================================================================
--- source/utils/net_rpc_samsync.c (revision 4289)
+++ source/utils/net_rpc_samsync.c (working copy)
@@ -863,7 +863,7 @@
return NT_STATUS_NO_MEMORY;
}
- nt_members = talloc_zero(t, sizeof(char *) * delta->num_members);
+ nt_members = TALLOC_ZERO_ARRAY(t, char *, delta->num_members);
for (i=0; i<delta->num_members; i++) {
NTSTATUS nt_status;
More information about the samba-technical
mailing list