Why are we using SMB_MALLOC_ARRAY in smb2_setinfo.c

Volker Lendecke Volker.Lendecke at SerNet.DE
Mon Jun 15 00:20:37 MDT 2015


On Sun, Jun 14, 2015 at 10:47:21AM -0700, Richard Sharpe wrote:
> Hi folks,
> 
> In smb2_setinfo.c: smbd_smb2_setinfo_send I see the following code in
> the SMB2_SETINFO_FILE branch of the switch:
> 
>                 data = NULL;
>                 data_size = in_input_buffer.length;
>                 if (data_size > 0) {
>                         data = (char *)SMB_MALLOC_ARRAY(char, data_size);
>                         if (tevent_req_nomem(data, req)) {
>                                 return tevent_req_post(req, ev);
>                         }
>                         memcpy(data, in_input_buffer.data, data_size);
>                 }
> 
> ...
> 
> And then, a little further down there appears to be an early return
> that can leak that memory. This is the
> SMB2_FILE_RENAME_INFORMATION_INTERNAL case.

You're right about the memleak. We need to fix that.

Regarding why SMB_MALLOC_ARRAY: Nobody has taken the task
yet to convert trans2.c to talloc yet. Look for example at
smbd_do_qfilepathinfo, there the low-level routine does a
SMB_REALLOC. It's not really difficult to do, but trans2 is
just pretty large and it's not possible to convert that step
by step.

Volker

-- 
SerNet GmbH, Bahnhofsallee 1b, 37081 Göttingen
phone: +49-551-370000-0, fax: +49-551-370000-9
AG Göttingen, HRB 2816, GF: Dr. Johannes Loxen
http://www.sernet.de, mailto:kontakt at sernet.de


More information about the samba-technical mailing list