svn commit: samba r9815 - in branches/SOC/SAMBA_4_0/source: libnet torture/rpc

Brad Henry j0j0 at riod.ca
Wed Aug 31 17:58:50 GMT 2005 

Hi Metze, thanks for the comments! I'm still working through some of 
them, but I have a couple of questions so far:

Stefan (metze) Metzmacher wrote:

>+	r->out.domain_sid = talloc_reference(tmp_ctx, domain_sid);
>+	r->out.domain_name = talloc_reference(tmp_ctx, domain_name);
>+	r->out.realm = talloc_reference(tmp_ctx, realm);
>+	r->out.samr_pipe = talloc_reference(tmp_ctx, samr_pipe);
>+	r->out.samr_binding = talloc_reference(tmp_ctx, samr_binding);
>+	r->out.user_handle = &u_handle;
>+	r->out.error_string = talloc_reference(tmp_ctx, r2.samr_handle.out.error_string);
>using tmp_ctx here will result in a mem leak
>as you just increase the reference count,
>as this values are supposed to be passed to the caller
>this should be talloc_reference(mem_ctx, ...);
>this will create a 2nd reference to the values from the callers TALLOC_CTX
>and they get free'ed when the tmp_ctx AND the mem_ctx are free'ed.
>
>but also in this case you can also use talloc_steal(mem_ctx, ...)
>as talloc_steal() can never fail with a alloc failure,
>where talloc_reference can!
>
>and as we know that we'll destroy the tmp_ctx shortly,
>talloc_steal is better.
>  
>
Should I be doing something different to keep a valid reference to 
u_handle here?
I can't talloc_steal() it because it's not currently allocated memory 
within a talloc context, and I don't think that
    struct policy_handle *u_handle;
    u_handle =  talloc(tmp_ctx, struct policy_handle);
     ...
    r->out.user_handle = talloc_steal(mem_ctx, u_handle);
is the right approach.

>
>+	computer_dn = talloc_asprintf(ctx,
>+			"%s",r_crack_names.out.ctr.ctr1->array[0].result_name);
>here we should also use talloc_steal(), with the right TALLOC_CTX.
>(I haven't looked close to it to find the right one out.)
>and also we should move that statement after the DsCrackNames call,
>and make shure we didn't dereference a NULL pointer or empty array,
>in case the server sends bad data.
>
>so we need to check if r_crack_names.out.ctr.ctr1 and r_crack_names.out.ctr.ctr1->array[0]
>and r_crack_names.out.ctr.ctr1->array[0].result_name are valid.
>(we may already do this checks, I haven't checked closer)
>
>  
>
r_crack_names.out.ctr.ctr1 gets to ensure it's not NULL.
To ensure that r_crack_names.out.ctr.ctr1->array[0] and 
r_crack_names.out.ctr.ctr1->array[0].result_name are valid, do I just 
check for a NULL reference?


Thanks again!
Brad

More information about the samba-technical mailing list