Why are we using SMB_MALLOC_ARRAY in smb2_setinfo.c
Richard Sharpe
realrichardsharpe at gmail.com
Sun Jun 14 11:47:21 MDT 2015
Hi folks,
In smb2_setinfo.c: smbd_smb2_setinfo_send I see the following code in
the SMB2_SETINFO_FILE branch of the switch:
data = NULL;
data_size = in_input_buffer.length;
if (data_size > 0) {
data = (char *)SMB_MALLOC_ARRAY(char, data_size);
if (tevent_req_nomem(data, req)) {
return tevent_req_post(req, ev);
}
memcpy(data, in_input_buffer.data, data_size);
}
...
And then, a little further down there appears to be an early return
that can leak that memory. This is the
SMB2_FILE_RENAME_INFORMATION_INTERNAL case.
--
Regards,
Richard Sharpe
(何以解憂?唯有杜康。--曹操)
More information about the samba-technical
mailing list