YMMC 3 memdup
andreas moroder
claudiamoroder at st-ulrich.suedtirol.net
Sat Aug 18 08:46:50 GMT 2001
Hello,
two more missing alloc checks
LIB/INTERFACE.C
at line 198 and following there is this code
if (total_probed > 0) {
probed_ifaces = memdup(ifaces, sizeof(ifaces[0])*total_probed); <<<<<
MEMORY ASSIGNED TO PROBED_INTERFACES
}
/* if we don't have a interfaces line then use all broadcast capable
interfaces except loopback */
if (!ptr || !*ptr) {
if (total_probed <= 0) {
DEBUG(0,("ERROR: Could not determine network interfaces, you must use a
interfaces config line\n"));
exit(1);
}
for (i=0;i<total_probed;i++) {
if (probed_ifaces[i].netmask.s_addr != allones_ip.s_addr && <<<<
PROBED_INTERFACES USED BUT THERE WAS NO CHECK BEFORE
probed_ifaces[i].ip.s_addr != loopback_ip.s_addr) {
LOCKING/LOCKING.C
at line 453 *ppse = memdup( ...
ppse is passed as **ppse to the function and the function del_share_mode is
only called in smbd/close.c
share_entry_count = del_share_mode(fsp, &share_entry);
/*
* We delete on close if it's the last open, and the
* delete on close flag was set in the entry we just deleted.
*/
if ((share_entry_count == 0) && share_entry &&
GET_DELETE_ON_CLOSE_FLAG(share_entry->share_mode) )
delete_on_close = True;
safe_free(share_entry);
and the pointer is checked, but the
GET_DELETE_ON_CLOSE_FLAG(share_entry->share_mode) ) test is never made and
the delete_on_close = True never set even if it should be, only because there
is no more memory.
Because the parameter share_entry is passed only to get back the value of
share_entry->share_mode, it would be better to pass as parameter a pointer to
a local variable and assign the share_mode to this variable.
Bye
Andreas Moroder
code are never called,
More information about the samba-technical
mailing list