[PATCH] Fix a few CIDs
Stefan Metzmacher
metze at samba.org
Tue Apr 3 20:33:17 UTC 2018
Hi Volker,
> From c5a9210bbb4a8ae13d040d570832731b04b94121 Mon Sep 17 00:00:00 2001
> From: Volker Lendecke <vl at samba.org>
> Date: Fri, 30 Mar 2018 12:22:57 -0500
> Subject: [PATCH 10/22] tstream: Fix CID 1167982 Unchecked return value
>
> Signed-off-by: Volker Lendecke <vl at samba.org>
> ---
> libcli/smb/tstream_smbXcli_np.c | 3 +--
> 1 file changed, 1 insertion(+), 2 deletions(-)
>
> diff --git a/libcli/smb/tstream_smbXcli_np.c b/libcli/smb/tstream_smbXcli_np.c
> index a59db13..7928f40 100644
> --- a/libcli/smb/tstream_smbXcli_np.c
> +++ b/libcli/smb/tstream_smbXcli_np.c
> @@ -1008,9 +1008,8 @@ static void tstream_smbXcli_np_readv_trans_done(struct tevent_req *subreq)
> cli_nps->read.ofs = 0;
> cli_nps->read.left = received;
> cli_nps->read.buf = talloc_array(cli_nps, uint8_t, received);
> - if (cli_nps->read.buf == NULL) {
> + if (tevent_req_nomem(cli_nps->read.buf, req)) {
> TALLOC_FREE(subreq);
> - tevent_req_nomem(cli_nps->read.buf, req);
> return;
> }
> memcpy(cli_nps->read.buf, rcvbuf, received);
This looks wrong, in tstream_smbXcli_np_readv_trans_done()
you can also remove TALLOC_FREE(subreq), as that's already called
a few lines above, but in tstream_smbXcli_np_readv_read_done()
we need to keep this or rework smb1cli_readx_recv() to take a memory
context, so that we don't have to defer TALLOC_FREE(subreq);
The problem is that TALLOC_FREE(subreq); will crash as
it will be implicitly free'ed via the callback triggered by
tevent_req_nomem().
metze
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: OpenPGP digital signature
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20180403/bae6a69a/signature.sig>
More information about the samba-technical
mailing list