Why are we using SMB_MALLOC_ARRAY in smb2_setinfo.c
Volker Lendecke
Volker.Lendecke at SerNet.DE
Mon Jun 15 00:20:37 MDT 2015
On Sun, Jun 14, 2015 at 10:47:21AM -0700, Richard Sharpe wrote:
> Hi folks,
>
> In smb2_setinfo.c: smbd_smb2_setinfo_send I see the following code in
> the SMB2_SETINFO_FILE branch of the switch:
>
> data = NULL;
> data_size = in_input_buffer.length;
> if (data_size > 0) {
> data = (char *)SMB_MALLOC_ARRAY(char, data_size);
> if (tevent_req_nomem(data, req)) {
> return tevent_req_post(req, ev);
> }
> memcpy(data, in_input_buffer.data, data_size);
> }
>
> ...
>
> And then, a little further down there appears to be an early return
> that can leak that memory. This is the
> SMB2_FILE_RENAME_INFORMATION_INTERNAL case.
You're right about the memleak. We need to fix that.
Regarding why SMB_MALLOC_ARRAY: Nobody has taken the task
yet to convert trans2.c to talloc yet. Look for example at
smbd_do_qfilepathinfo, there the low-level routine does a
SMB_REALLOC. It's not really difficult to do, but trans2 is
just pretty large and it's not possible to convert that step
by step.
Volker
--
SerNet GmbH, Bahnhofsallee 1b, 37081 Göttingen
phone: +49-551-370000-0, fax: +49-551-370000-9
AG Göttingen, HRB 2816, GF: Dr. Johannes Loxen
http://www.sernet.de, mailto:kontakt at sernet.de
More information about the samba-technical
mailing list