Why are we using SMB_MALLOC_ARRAY in smb2_setinfo.c

Sun Jun 14 11:47:21 MDT 2015

Hi folks,

In smb2_setinfo.c: smbd_smb2_setinfo_send I see the following code in
the SMB2_SETINFO_FILE branch of the switch:

                data = NULL;
                data_size = in_input_buffer.length;
                if (data_size > 0) {
                        data = (char *)SMB_MALLOC_ARRAY(char, data_size);
                        if (tevent_req_nomem(data, req)) {
                                return tevent_req_post(req, ev);
                        }
                        memcpy(data, in_input_buffer.data, data_size);
                }

...

And then, a little further down there appears to be an early return
that can leak that memory. This is the
SMB2_FILE_RENAME_INFORMATION_INTERNAL case.

-- 
Regards,
Richard Sharpe
(何以解憂？唯有杜康。--曹操)