diff options
author | todd stecher <todd.stecher@gmail.com> | 2009-01-22 10:17:37 -0800 |
---|---|---|
committer | Karolin Seeger <kseeger@samba.org> | 2009-01-23 09:07:38 +0100 |
commit | 6b93dd04ee4dff93be3d66d7ab223e8b81e77d93 (patch) | |
tree | f50ca2b7161905538019f3afca714b7c3ecb805f | |
parent | 5739cc5eb4d222b435a3cc32c1733288bf3d5635 (diff) | |
download | samba-6b93dd04ee4dff93be3d66d7ab223e8b81e77d93.tar.gz samba-6b93dd04ee4dff93be3d66d7ab223e8b81e77d93.tar.xz samba-6b93dd04ee4dff93be3d66d7ab223e8b81e77d93.zip |
Memory leaks and other fixes found by Coverity
(cherry picked from commit ba576efa8f884f3dd37bb5035fbb47ae0305c0b0)
-rw-r--r-- | source/auth/pampass.c | 4 | ||||
-rw-r--r-- | source/include/proto.h | 2 | ||||
-rw-r--r-- | source/lib/dprintf.c | 26 | ||||
-rw-r--r-- | source/libsmb/clikrb5.c | 10 | ||||
-rw-r--r-- | source/nmbd/nmbd_incomingrequests.c | 4 | ||||
-rw-r--r-- | source/nmbd/nmbd_serverlistdb.c | 2 | ||||
-rw-r--r-- | source/passdb/pdb_interface.c | 6 | ||||
-rw-r--r-- | source/passdb/pdb_ldap.c | 1 | ||||
-rw-r--r-- | source/rpc_client/cli_spoolss.c | 66 | ||||
-rw-r--r-- | source/rpc_parse/parse_buffer.c | 11 | ||||
-rw-r--r-- | source/rpc_server/srv_pipe.c | 4 | ||||
-rw-r--r-- | source/rpc_server/srv_spoolss_nt.c | 3 | ||||
-rw-r--r-- | source/rpc_server/srv_svcctl_nt.c | 1 | ||||
-rw-r--r-- | source/utils/net_rpc.c | 12 | ||||
-rw-r--r-- | source/winbindd/winbindd_group.c | 8 | ||||
-rw-r--r-- | source/winbindd/winbindd_user.c | 8 | ||||
-rw-r--r-- | source/winbindd/winbindd_util.c | 12 | ||||
-rw-r--r-- | source/winbindd/winbindd_wins.c | 10 |
18 files changed, 131 insertions, 59 deletions
diff --git a/source/auth/pampass.c b/source/auth/pampass.c index 9345eed27af..4312b771c95 100644 --- a/source/auth/pampass.c +++ b/source/auth/pampass.c @@ -462,7 +462,9 @@ static bool smb_pam_end(pam_handle_t *pamh, struct pam_conv *smb_pam_conv_ptr) static bool smb_pam_start(pam_handle_t **pamh, const char *user, const char *rhost, struct pam_conv *pconv) { int pam_error; +#ifdef PAM_RHOST const char *our_rhost; +#endif char addr[INET6_ADDRSTRLEN]; *pamh = (pam_handle_t *)NULL; @@ -475,6 +477,7 @@ static bool smb_pam_start(pam_handle_t **pamh, const char *user, const char *rho return False; } +#ifdef PAM_RHOST if (rhost == NULL) { our_rhost = client_name(get_client_fd()); if (strequal(our_rhost,"UNKNOWN")) @@ -483,7 +486,6 @@ static bool smb_pam_start(pam_handle_t **pamh, const char *user, const char *rho our_rhost = rhost; } -#ifdef PAM_RHOST DEBUG(4,("smb_pam_start: PAM: setting rhost to: %s\n", our_rhost)); pam_error = pam_set_item(*pamh, PAM_RHOST, our_rhost); if(!smb_pam_error_handler(*pamh, pam_error, "set rhost failed", 0)) { diff --git a/source/include/proto.h b/source/include/proto.h index 6b7291f85f3..b1e3a08a7da 100644 --- a/source/include/proto.h +++ b/source/include/proto.h @@ -7632,7 +7632,7 @@ NTSTATUS cli_do_rpc_ndr(struct rpc_pipe_client *cli, /* The following definitions come from rpc_parse/parse_buffer.c */ -void rpcbuf_init(RPC_BUFFER *buffer, uint32 size, TALLOC_CTX *ctx); +bool rpcbuf_init(RPC_BUFFER *buffer, uint32 size, TALLOC_CTX *ctx); bool prs_rpcbuffer(const char *desc, prs_struct *ps, int depth, RPC_BUFFER *buffer); bool prs_rpcbuffer_p(const char *desc, prs_struct *ps, int depth, RPC_BUFFER **buffer); bool rpcbuf_alloc_size(RPC_BUFFER *buffer, uint32 buffer_size); diff --git a/source/lib/dprintf.c b/source/lib/dprintf.c index a3bb5be43af..34cc92a49dd 100644 --- a/source/lib/dprintf.c +++ b/source/lib/dprintf.c @@ -32,24 +32,27 @@ int d_vfprintf(FILE *f, const char *format, va_list ap) { - char *p, *p2; + char *p = NULL, *p2 = NULL; int ret, maxlen, clen; const char *msgstr; va_list ap2; + VA_COPY(ap2, ap); + /* do any message translations */ msgstr = lang_msg(format); - if (!msgstr) return -1; - - VA_COPY(ap2, ap); + if (!msgstr) { + ret = -1; + goto out; + } ret = vasprintf(&p, msgstr, ap2); lang_msg_free(msgstr); if (ret <= 0) { - va_end(ap2); - return ret; + ret = -1; + goto out; } /* now we have the string in unix format, convert it to the display @@ -58,10 +61,10 @@ again: p2 = (char *)SMB_MALLOC(maxlen); if (!p2) { - SAFE_FREE(p); - va_end(ap2); - return -1; + ret = -1; + goto out; } + clen = convert_string(CH_UNIX, CH_DISPLAY, p, ret, p2, maxlen, True); if (clen >= maxlen) { @@ -72,10 +75,11 @@ again: } /* good, its converted OK */ - SAFE_FREE(p); ret = fwrite(p2, 1, clen, f); - SAFE_FREE(p2); +out: + SAFE_FREE(p); + SAFE_FREE(p2); va_end(ap2); return ret; diff --git a/source/libsmb/clikrb5.c b/source/libsmb/clikrb5.c index b8afb579778..da76c46404c 100644 --- a/source/libsmb/clikrb5.c +++ b/source/libsmb/clikrb5.c @@ -1407,7 +1407,7 @@ done: addrs = (krb5_address **)SMB_MALLOC(sizeof(krb5_address *) * num_addr); if (addrs == NULL) { - SAFE_FREE(kerb_addr); + SAFE_FREE(*kerb_addr); return ENOMEM; } @@ -1416,7 +1416,7 @@ done: addrs[0] = (krb5_address *)SMB_MALLOC(sizeof(krb5_address)); if (addrs[0] == NULL) { SAFE_FREE(addrs); - SAFE_FREE(kerb_addr); + SAFE_FREE(*kerb_addr); return ENOMEM; } @@ -1427,7 +1427,7 @@ done: if (addrs[0]->contents == NULL) { SAFE_FREE(addrs[0]); SAFE_FREE(addrs); - SAFE_FREE(kerb_addr); + SAFE_FREE(*kerb_addr); return ENOMEM; } @@ -1439,7 +1439,7 @@ done: { addrs = (krb5_addresses *)SMB_MALLOC(sizeof(krb5_addresses)); if (addrs == NULL) { - SAFE_FREE(kerb_addr); + SAFE_FREE(*kerb_addr); return ENOMEM; } @@ -1459,7 +1459,7 @@ done: if (addrs->val[0].address.data == NULL) { SAFE_FREE(addrs->val); SAFE_FREE(addrs); - SAFE_FREE(kerb_addr); + SAFE_FREE(*kerb_addr); return ENOMEM; } diff --git a/source/nmbd/nmbd_incomingrequests.c b/source/nmbd/nmbd_incomingrequests.c index ebe19481410..63f9a3a45cc 100644 --- a/source/nmbd/nmbd_incomingrequests.c +++ b/source/nmbd/nmbd_incomingrequests.c @@ -314,14 +314,14 @@ void process_node_status_request(struct subnet_record *subrec, struct packet_str char rdata[MAX_DGRAM_SIZE]; char *countptr, *buf, *bufend, *buf0; int names_added,i; - struct name_record *namerec; + struct name_record *namerec = NULL; pull_ascii_nstring(qname, sizeof(qname), nmb->question.question_name.name); DEBUG(3,("process_node_status_request: status request for name %s from IP %s on \ subnet %s.\n", nmb_namestr(&nmb->question.question_name), inet_ntoa(p->ip), subrec->subnet_name)); - if((namerec = find_name_on_subnet(subrec, &nmb->question.question_name, FIND_SELF_NAME)) == 0) { + if(find_name_on_subnet(subrec, &nmb->question.question_name, FIND_SELF_NAME) == 0) { DEBUG(1,("process_node_status_request: status request for name %s from IP %s on \ subnet %s - name not found.\n", nmb_namestr(&nmb->question.question_name), inet_ntoa(p->ip), subrec->subnet_name)); diff --git a/source/nmbd/nmbd_serverlistdb.c b/source/nmbd/nmbd_serverlistdb.c index 349c3f4df3d..b35d8bb94a9 100644 --- a/source/nmbd/nmbd_serverlistdb.c +++ b/source/nmbd/nmbd_serverlistdb.c @@ -128,7 +128,7 @@ struct server_record *create_server_on_workgroup(struct work_record *work, return (NULL); } - if((servrec = find_server_in_workgroup(work, name)) != NULL) { + if(find_server_in_workgroup(work, name) != NULL) { DEBUG(0,("create_server_on_workgroup: Server %s already exists on \ workgroup %s. This is a bug.\n", name, work->work_group)); return NULL; diff --git a/source/passdb/pdb_interface.c b/source/passdb/pdb_interface.c index b13644bac36..486b5b1b80c 100644 --- a/source/passdb/pdb_interface.c +++ b/source/passdb/pdb_interface.c @@ -605,6 +605,9 @@ static NTSTATUS pdb_default_delete_dom_group(struct pdb_methods *methods, struct group *grp; const char *grp_name; + /* coverity */ + map.gid = (gid_t) -1; + sid_compose(&group_sid, get_global_sam_sid(), rid); if (!get_domain_group_from_sid(group_sid, &map)) { @@ -780,6 +783,9 @@ static NTSTATUS pdb_default_add_groupmem(struct pdb_methods *methods, const char *group_name; uid_t uid; + /* coverity */ + map.gid = (gid_t) -1; + sid_compose(&group_sid, get_global_sam_sid(), group_rid); sid_compose(&member_sid, get_global_sam_sid(), member_rid); diff --git a/source/passdb/pdb_ldap.c b/source/passdb/pdb_ldap.c index f031483ea15..043b6207560 100644 --- a/source/passdb/pdb_ldap.c +++ b/source/passdb/pdb_ldap.c @@ -4221,6 +4221,7 @@ const char **talloc_attrs(TALLOC_CTX *mem_ctx, ...) result[i] = talloc_strdup(result, va_arg(ap, const char*)); if (result[i] == NULL) { talloc_free(result); + va_end(ap); return NULL; } } diff --git a/source/rpc_client/cli_spoolss.c b/source/rpc_client/cli_spoolss.c index 69cee6c8e84..30a707f943d 100644 --- a/source/rpc_client/cli_spoolss.c +++ b/source/rpc_client/cli_spoolss.c @@ -521,7 +521,8 @@ WERROR rpccli_spoolss_enum_printers(struct rpc_pipe_client *cli, TALLOC_CTX *mem ZERO_STRUCT(out); offered = 0; - rpcbuf_init(&buffer, offered, mem_ctx); + if (!rpcbuf_init(&buffer, offered, mem_ctx)) + return WERR_NOMEM; make_spoolss_q_enumprinters( &in, flags, name, level, &buffer, offered ); CLI_DO_RPC_WERR( cli, mem_ctx, &syntax_spoolss, SPOOLSS_ENUMPRINTERS, @@ -537,7 +538,8 @@ WERROR rpccli_spoolss_enum_printers(struct rpc_pipe_client *cli, TALLOC_CTX *mem ZERO_STRUCT(in); ZERO_STRUCT(out); - rpcbuf_init(&buffer, offered, mem_ctx); + if (!rpcbuf_init(&buffer, offered, mem_ctx)) + return WERR_NOMEM; make_spoolss_q_enumprinters( &in, flags, name, level, &buffer, offered ); CLI_DO_RPC_WERR( cli, mem_ctx, &syntax_spoolss, SPOOLSS_ENUMPRINTERS, @@ -601,7 +603,8 @@ WERROR rpccli_spoolss_enum_ports(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ct strupper_m(server); offered = 0; - rpcbuf_init(&buffer, offered, mem_ctx); + if (!rpcbuf_init(&buffer, offered, mem_ctx)) + return WERR_NOMEM; make_spoolss_q_enumports( &in, server, level, &buffer, offered ); CLI_DO_RPC_WERR( cli, mem_ctx, &syntax_spoolss, SPOOLSS_ENUMPORTS, @@ -617,7 +620,8 @@ WERROR rpccli_spoolss_enum_ports(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ct ZERO_STRUCT(in); ZERO_STRUCT(out); - rpcbuf_init(&buffer, offered, mem_ctx); + if (!rpcbuf_init(&buffer, offered, mem_ctx)) + return WERR_NOMEM; make_spoolss_q_enumports( &in, server, level, &buffer, offered ); CLI_DO_RPC_WERR( cli, mem_ctx, &syntax_spoolss, SPOOLSS_ENUMPORTS, @@ -670,7 +674,8 @@ WERROR rpccli_spoolss_getprinter(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ct /* Initialise input parameters */ offered = 0; - rpcbuf_init(&buffer, offered, mem_ctx); + if (!rpcbuf_init(&buffer, offered, mem_ctx)) + return WERR_NOMEM; make_spoolss_q_getprinter( mem_ctx, &in, pol, level, &buffer, offered ); CLI_DO_RPC_WERR( cli, mem_ctx, &syntax_spoolss, SPOOLSS_GETPRINTER, @@ -686,7 +691,8 @@ WERROR rpccli_spoolss_getprinter(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ct ZERO_STRUCT(in); ZERO_STRUCT(out); - rpcbuf_init(&buffer, offered, mem_ctx); + if (!rpcbuf_init(&buffer, offered, mem_ctx)) + return WERR_NOMEM; make_spoolss_q_getprinter( mem_ctx, &in, pol, level, &buffer, offered ); CLI_DO_RPC_WERR( cli, mem_ctx, &syntax_spoolss, SPOOLSS_GETPRINTER, @@ -781,7 +787,8 @@ WERROR rpccli_spoolss_getprinterdriver(struct rpc_pipe_client *cli, strupper_m(server); offered = 0; - rpcbuf_init(&buffer, offered, mem_ctx); + if (!rpcbuf_init(&buffer, offered, mem_ctx)) + return WERR_NOMEM; make_spoolss_q_getprinterdriver2( &in, pol, env, level, version, 2, &buffer, offered); @@ -798,7 +805,8 @@ WERROR rpccli_spoolss_getprinterdriver(struct rpc_pipe_client *cli, ZERO_STRUCT(in); ZERO_STRUCT(out); - rpcbuf_init(&buffer, offered, mem_ctx); + if (!rpcbuf_init(&buffer, offered, mem_ctx)) + return WERR_NOMEM; make_spoolss_q_getprinterdriver2( &in, pol, env, level, version, 2, &buffer, offered); @@ -859,7 +867,8 @@ WERROR rpccli_spoolss_enumprinterdrivers (struct rpc_pipe_client *cli, strupper_m(server); offered = 0; - rpcbuf_init(&buffer, offered, mem_ctx); + if (!rpcbuf_init(&buffer, offered, mem_ctx)) + return WERR_NOMEM; make_spoolss_q_enumprinterdrivers( &in, server, env, level, &buffer, offered); @@ -876,7 +885,8 @@ WERROR rpccli_spoolss_enumprinterdrivers (struct rpc_pipe_client *cli, ZERO_STRUCT(in); ZERO_STRUCT(out); - rpcbuf_init(&buffer, offered, mem_ctx); + if (!rpcbuf_init(&buffer, offered, mem_ctx)) + return WERR_NOMEM; make_spoolss_q_enumprinterdrivers( &in, server, env, level, &buffer, offered); @@ -942,7 +952,8 @@ WERROR rpccli_spoolss_getprinterdriverdir (struct rpc_pipe_client *cli, strupper_m(server); offered = 0; - rpcbuf_init(&buffer, offered, mem_ctx); + if (!rpcbuf_init(&buffer, offered, mem_ctx)) + return WERR_NOMEM; make_spoolss_q_getprinterdriverdir( &in, server, env, level, &buffer, offered ); @@ -959,7 +970,8 @@ WERROR rpccli_spoolss_getprinterdriverdir (struct rpc_pipe_client *cli, ZERO_STRUCT(in); ZERO_STRUCT(out); - rpcbuf_init(&buffer, offered, mem_ctx); + if (!rpcbuf_init(&buffer, offered, mem_ctx)) + return WERR_NOMEM; make_spoolss_q_getprinterdriverdir( &in, server, env, level, &buffer, offered ); @@ -1125,7 +1137,8 @@ WERROR rpccli_spoolss_getprintprocessordirectory(struct rpc_pipe_client *cli, ZERO_STRUCT(out); offered = 0; - rpcbuf_init(&buffer, offered, mem_ctx); + if (!rpcbuf_init(&buffer, offered, mem_ctx)) + return WERR_NOMEM; make_spoolss_q_getprintprocessordirectory( &in, name, environment, level, &buffer, offered ); @@ -1142,7 +1155,8 @@ WERROR rpccli_spoolss_getprintprocessordirectory(struct rpc_pipe_client *cli, ZERO_STRUCT(in); ZERO_STRUCT(out); - rpcbuf_init(&buffer, offered, mem_ctx); + if (!rpcbuf_init(&buffer, offered, mem_ctx)) + return WERR_NOMEM; make_spoolss_q_getprintprocessordirectory( &in, name, environment, level, &buffer, offered ); @@ -1230,7 +1244,8 @@ WERROR rpccli_spoolss_getform(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx, ZERO_STRUCT(out); offered = 0; - rpcbuf_init(&buffer, offered, mem_ctx); + if (!rpcbuf_init(&buffer, offered, mem_ctx)) + return WERR_NOMEM; make_spoolss_q_getform( &in, handle, formname, level, &buffer, offered ); CLI_DO_RPC_WERR( cli, mem_ctx, &syntax_spoolss, SPOOLSS_GETFORM, @@ -1246,7 +1261,8 @@ WERROR rpccli_spoolss_getform(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx, ZERO_STRUCT(in); ZERO_STRUCT(out); - rpcbuf_init(&buffer, offered, mem_ctx); + if (!rpcbuf_init(&buffer, offered, mem_ctx)) + return WERR_NOMEM; make_spoolss_q_getform( &in, handle, formname, level, &buffer, offered ); CLI_DO_RPC_WERR( cli, mem_ctx, &syntax_spoolss, SPOOLSS_GETFORM, @@ -1309,7 +1325,8 @@ WERROR rpccli_spoolss_enumforms(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx ZERO_STRUCT(out); offered = 0; - rpcbuf_init(&buffer, offered, mem_ctx); + if (!rpcbuf_init(&buffer, offered, mem_ctx)) + return WERR_NOMEM; make_spoolss_q_enumforms( &in, handle, level, &buffer, offered ); CLI_DO_RPC_WERR( cli, mem_ctx, &syntax_spoolss, SPOOLSS_ENUMFORMS, @@ -1325,7 +1342,8 @@ WERROR rpccli_spoolss_enumforms(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx ZERO_STRUCT(in); ZERO_STRUCT(out); - rpcbuf_init(&buffer, offered, mem_ctx); + if (!rpcbuf_init(&buffer, offered, mem_ctx)) + return WERR_NOMEM; make_spoolss_q_enumforms( &in, handle, level, &buffer, offered ); CLI_DO_RPC_WERR( cli, mem_ctx, &syntax_spoolss, SPOOLSS_ENUMFORMS, @@ -1365,7 +1383,8 @@ WERROR rpccli_spoolss_enumjobs(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx, ZERO_STRUCT(out); offered = 0; - rpcbuf_init(&buffer, offered, mem_ctx); + if (!rpcbuf_init(&buffer, offered, mem_ctx)) + return WERR_NOMEM; make_spoolss_q_enumjobs( &in, hnd, firstjob, num_jobs, level, &buffer, offered ); @@ -1382,7 +1401,8 @@ WERROR rpccli_spoolss_enumjobs(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx, ZERO_STRUCT(in); ZERO_STRUCT(out); - rpcbuf_init(&buffer, offered, mem_ctx); + if (!rpcbuf_init(&buffer, offered, mem_ctx)) + return WERR_NOMEM; make_spoolss_q_enumjobs( &in, hnd, firstjob, num_jobs, level, &buffer, offered ); @@ -1461,7 +1481,8 @@ WERROR rpccli_spoolss_getjob(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx, ZERO_STRUCT(out); offered = 0; - rpcbuf_init(&buffer, offered, mem_ctx); + if (!rpcbuf_init(&buffer, offered, mem_ctx)) + return WERR_NOMEM; make_spoolss_q_getjob( &in, hnd, jobid, level, &buffer, offered ); CLI_DO_RPC_WERR( cli, mem_ctx, &syntax_spoolss, SPOOLSS_GETJOB, @@ -1477,7 +1498,8 @@ WERROR rpccli_spoolss_getjob(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx, ZERO_STRUCT(in); ZERO_STRUCT(out); - rpcbuf_init(&buffer, offered, mem_ctx); + if (!rpcbuf_init(&buffer, offered, mem_ctx)) + return WERR_NOMEM; make_spoolss_q_getjob( &in, hnd, jobid, level, &buffer, offered ); CLI_DO_RPC_WERR( cli, mem_ctx, &syntax_spoolss, SPOOLSS_GETJOB, diff --git a/source/rpc_parse/parse_buffer.c b/source/rpc_parse/parse_buffer.c index 63a73c4b7c7..296c4878d13 100644 --- a/source/rpc_parse/parse_buffer.c +++ b/source/rpc_parse/parse_buffer.c @@ -30,14 +30,15 @@ /********************************************************************** Initialize a new spoolss buff for use by a client rpc **********************************************************************/ -void rpcbuf_init(RPC_BUFFER *buffer, uint32 size, TALLOC_CTX *ctx) +bool rpcbuf_init(RPC_BUFFER *buffer, uint32 size, TALLOC_CTX *ctx) { buffer->size = size; buffer->string_at_end = size; - if (prs_init(&buffer->prs, size, ctx, MARSHALL)) - buffer->struct_start = prs_offset(&buffer->prs); - else - buffer->struct_start = 0; + if (!prs_init(&buffer->prs, size, ctx, MARSHALL)) + return false; + + buffer->struct_start = prs_offset(&buffer->prs); + return true; } /******************************************************************* diff --git a/source/rpc_server/srv_pipe.c b/source/rpc_server/srv_pipe.c index be7d3db4443..705add6f7b3 100644 --- a/source/rpc_server/srv_pipe.c +++ b/source/rpc_server/srv_pipe.c @@ -732,7 +732,7 @@ static int rpc_lookup_size; bool api_pipe_bind_auth3(pipes_struct *p, prs_struct *rpc_in_p) { RPC_HDR_AUTH auth_info; - uint32 pad; + uint32 pad = 0; DATA_BLOB blob; ZERO_STRUCT(blob); @@ -1871,6 +1871,8 @@ bool api_pipe_alter_context(pipes_struct *p, prs_struct *rpc_in_p) return False; } + ZERO_STRUCT(hdr_rb); + DEBUG(5,("api_pipe_alter_context: decode request. %d\n", __LINE__)); /* decode the alter context request */ diff --git a/source/rpc_server/srv_spoolss_nt.c b/source/rpc_server/srv_spoolss_nt.c index 635898a9d57..a2dd5d4a2cb 100644 --- a/source/rpc_server/srv_spoolss_nt.c +++ b/source/rpc_server/srv_spoolss_nt.c @@ -9931,7 +9931,8 @@ WERROR _spoolss_xcvdataport(pipes_struct *p, SPOOL_Q_XCVDATAPORT *q_u, SPOOL_R_X /* Allocate the outgoing buffer */ - rpcbuf_init( &r_u->outdata, q_u->offered, p->mem_ctx ); + if (!rpcbuf_init( &r_u->outdata, q_u->offered, p->mem_ctx )) + return WERR_NOMEM; switch ( Printer->printer_type ) { case SPLHND_PORTMON_TCP: diff --git a/source/rpc_server/srv_svcctl_nt.c b/source/rpc_server/srv_svcctl_nt.c index bfd1c3b4c61..dbe0981f822 100644 --- a/source/rpc_server/srv_svcctl_nt.c +++ b/source/rpc_server/srv_svcctl_nt.c @@ -679,7 +679,6 @@ WERROR _svcctl_QueryServiceConfigW(pipes_struct *p, /* we have to set the outgoing buffer size to the same as the incoming buffer size (even in the case of failure */ - *r->out.bytes_needed = r->in.buf_size; wresult = fill_svc_config( p->mem_ctx, info->name, r->out.query, p->pipe_user.nt_user_token ); diff --git a/source/utils/net_rpc.c b/source/utils/net_rpc.c index 8742f9ac0a2..3f572f03fe5 100644 --- a/source/utils/net_rpc.c +++ b/source/utils/net_rpc.c @@ -4064,7 +4064,11 @@ static bool get_user_sids(const char *domain, const char *user, NT_USER_TOKEN *t return false; } - string_to_sid(&user_sid, sid_str); + if (!string_to_sid(&user_sid, sid_str)) { + DEBUG(1,("Could not convert sid %s from string\n", sid_str)); + return false; + } + wbcFreeMemory(sid_str); sid_str = NULL; @@ -4200,7 +4204,11 @@ static bool get_user_tokens_from_file(FILE *f, /* We have a SID */ DOM_SID sid; - string_to_sid(&sid, &line[1]); + if(!string_to_sid(&sid, &line[1])) { + DEBUG(1,("get_user_tokens_from_file: Could " + "not convert sid %s \n",&line[1])); + return false; + } if (token == NULL) { DEBUG(0, ("File does not begin with username")); diff --git a/source/winbindd/winbindd_group.c b/source/winbindd/winbindd_group.c index 7432bda451f..bc532bbce7c 100644 --- a/source/winbindd/winbindd_group.c +++ b/source/winbindd/winbindd_group.c @@ -991,7 +991,13 @@ static void getgrgid_recv(void *private_data, bool success, const char *sid) DEBUG(10,("getgrgid_recv: gid %lu has sid %s\n", (unsigned long)(state->request.data.gid), sid)); - string_to_sid(&group_sid, sid); + if (!string_to_sid(&group_sid, sid)) { + DEBUG(1,("getgrgid_recv: Could not convert sid %s " + "from string\n", sid)); + request_error(state); + return; + } + winbindd_getgrsid(state, group_sid); return; } diff --git a/source/winbindd/winbindd_user.c b/source/winbindd/winbindd_user.c index fd1fdd36998..5356e16a74d 100644 --- a/source/winbindd/winbindd_user.c +++ b/source/winbindd/winbindd_user.c @@ -527,7 +527,13 @@ static void getpwuid_recv(void *private_data, bool success, const char *sid) DEBUG(10,("uid2sid_recv: uid %lu has sid %s\n", (unsigned long)(state->request.data.uid), sid)); - string_to_sid(&user_sid, sid); + if (!string_to_sid(&user_sid, sid)) { + DEBUG(1,("uid2sid_recv: Could not convert sid %s " + "from string\n,", sid)); + request_error(state); + return; + } + winbindd_getpwsid(state, &user_sid); } diff --git a/source/winbindd/winbindd_util.c b/source/winbindd/winbindd_util.c index 748099a32e5..2d87015fec0 100644 --- a/source/winbindd/winbindd_util.c +++ b/source/winbindd/winbindd_util.c @@ -682,8 +682,16 @@ static void init_child_recv(void *private_data, bool success) state->response->data.domain_info.name); fstrcpy(state->domain->alt_name, state->response->data.domain_info.alt_name); - string_to_sid(&state->domain->sid, - state->response->data.domain_info.sid); + if (!string_to_sid(&state->domain->sid, + state->response->data.domain_info.sid)) { + DEBUG(1,("init_child_recv: Could not convert sid %s " + "from string\n", + state->response->data.domain_info.sid)); + state->continuation(state->private_data, False); + talloc_destroy(state->mem_ctx); + return; + } + state->domain->native_mode = state->response->data.domain_info.native_mode; state->domain->active_directory = diff --git a/source/winbindd/winbindd_wins.c b/source/winbindd/winbindd_wins.c index 4a3d2682b65..f9ba13ffdad 100644 --- a/source/winbindd/winbindd_wins.c +++ b/source/winbindd/winbindd_wins.c @@ -46,9 +46,15 @@ static int wins_lookup_open_socket_in(void) if (res == -1) return -1; - setsockopt(res,SOL_SOCKET,SO_REUSEADDR,(char *)&val,sizeof(val)); + if (setsockopt(res,SOL_SOCKET,SO_REUSEADDR,(char *)&val,sizeof(val))) { + close(res); + return -1; + } #ifdef SO_REUSEPORT - setsockopt(res,SOL_SOCKET,SO_REUSEPORT,(char *)&val,sizeof(val)); + if (setsockopt(res,SOL_SOCKET,SO_REUSEPORT,(char *)&val,sizeof(val))) { + close(res); + return -1; + } #endif /* SO_REUSEPORT */ /* now we've got a socket - we need to bind it */ |