Why are we using SMB_MALLOC_ARRAY in smb2_setinfo.c

Richard Sharpe realrichardsharpe at gmail.com
Sun Jun 14 11:47:21 MDT 2015

Hi folks,

In smb2_setinfo.c: smbd_smb2_setinfo_send I see the following code in
the SMB2_SETINFO_FILE branch of the switch:

                data = NULL;
                data_size = in_input_buffer.length;
                if (data_size > 0) {
                        data = (char *)SMB_MALLOC_ARRAY(char, data_size);
                        if (tevent_req_nomem(data, req)) {
                                return tevent_req_post(req, ev);
                        memcpy(data, in_input_buffer.data, data_size);


And then, a little further down there appears to be an early return
that can leak that memory. This is the

Richard Sharpe

More information about the samba-technical mailing list