summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authortodd stecher <todd.stecher@gmail.com>2009-01-22 10:17:37 -0800
committerKarolin Seeger <kseeger@samba.org>2009-01-23 09:07:38 +0100
commit6b93dd04ee4dff93be3d66d7ab223e8b81e77d93 (patch)
treef50ca2b7161905538019f3afca714b7c3ecb805f
parent5739cc5eb4d222b435a3cc32c1733288bf3d5635 (diff)
downloadsamba-6b93dd04ee4dff93be3d66d7ab223e8b81e77d93.tar.gz
samba-6b93dd04ee4dff93be3d66d7ab223e8b81e77d93.tar.xz
samba-6b93dd04ee4dff93be3d66d7ab223e8b81e77d93.zip
Memory leaks and other fixes found by Coverity
(cherry picked from commit ba576efa8f884f3dd37bb5035fbb47ae0305c0b0)
-rw-r--r--source/auth/pampass.c4
-rw-r--r--source/include/proto.h2
-rw-r--r--source/lib/dprintf.c26
-rw-r--r--source/libsmb/clikrb5.c10
-rw-r--r--source/nmbd/nmbd_incomingrequests.c4
-rw-r--r--source/nmbd/nmbd_serverlistdb.c2
-rw-r--r--source/passdb/pdb_interface.c6
-rw-r--r--source/passdb/pdb_ldap.c1
-rw-r--r--source/rpc_client/cli_spoolss.c66
-rw-r--r--source/rpc_parse/parse_buffer.c11
-rw-r--r--source/rpc_server/srv_pipe.c4
-rw-r--r--source/rpc_server/srv_spoolss_nt.c3
-rw-r--r--source/rpc_server/srv_svcctl_nt.c1
-rw-r--r--source/utils/net_rpc.c12
-rw-r--r--source/winbindd/winbindd_group.c8
-rw-r--r--source/winbindd/winbindd_user.c8
-rw-r--r--source/winbindd/winbindd_util.c12
-rw-r--r--source/winbindd/winbindd_wins.c10
18 files changed, 131 insertions, 59 deletions
diff --git a/source/auth/pampass.c b/source/auth/pampass.c
index 9345eed27af..4312b771c95 100644
--- a/source/auth/pampass.c
+++ b/source/auth/pampass.c
@@ -462,7 +462,9 @@ static bool smb_pam_end(pam_handle_t *pamh, struct pam_conv *smb_pam_conv_ptr)
static bool smb_pam_start(pam_handle_t **pamh, const char *user, const char *rhost, struct pam_conv *pconv)
{
int pam_error;
+#ifdef PAM_RHOST
const char *our_rhost;
+#endif
char addr[INET6_ADDRSTRLEN];
*pamh = (pam_handle_t *)NULL;
@@ -475,6 +477,7 @@ static bool smb_pam_start(pam_handle_t **pamh, const char *user, const char *rho
return False;
}
+#ifdef PAM_RHOST
if (rhost == NULL) {
our_rhost = client_name(get_client_fd());
if (strequal(our_rhost,"UNKNOWN"))
@@ -483,7 +486,6 @@ static bool smb_pam_start(pam_handle_t **pamh, const char *user, const char *rho
our_rhost = rhost;
}
-#ifdef PAM_RHOST
DEBUG(4,("smb_pam_start: PAM: setting rhost to: %s\n", our_rhost));
pam_error = pam_set_item(*pamh, PAM_RHOST, our_rhost);
if(!smb_pam_error_handler(*pamh, pam_error, "set rhost failed", 0)) {
diff --git a/source/include/proto.h b/source/include/proto.h
index 6b7291f85f3..b1e3a08a7da 100644
--- a/source/include/proto.h
+++ b/source/include/proto.h
@@ -7632,7 +7632,7 @@ NTSTATUS cli_do_rpc_ndr(struct rpc_pipe_client *cli,
/* The following definitions come from rpc_parse/parse_buffer.c */
-void rpcbuf_init(RPC_BUFFER *buffer, uint32 size, TALLOC_CTX *ctx);
+bool rpcbuf_init(RPC_BUFFER *buffer, uint32 size, TALLOC_CTX *ctx);
bool prs_rpcbuffer(const char *desc, prs_struct *ps, int depth, RPC_BUFFER *buffer);
bool prs_rpcbuffer_p(const char *desc, prs_struct *ps, int depth, RPC_BUFFER **buffer);
bool rpcbuf_alloc_size(RPC_BUFFER *buffer, uint32 buffer_size);
diff --git a/source/lib/dprintf.c b/source/lib/dprintf.c
index a3bb5be43af..34cc92a49dd 100644
--- a/source/lib/dprintf.c
+++ b/source/lib/dprintf.c
@@ -32,24 +32,27 @@
int d_vfprintf(FILE *f, const char *format, va_list ap)
{
- char *p, *p2;
+ char *p = NULL, *p2 = NULL;
int ret, maxlen, clen;
const char *msgstr;
va_list ap2;
+ VA_COPY(ap2, ap);
+
/* do any message translations */
msgstr = lang_msg(format);
- if (!msgstr) return -1;
-
- VA_COPY(ap2, ap);
+ if (!msgstr) {
+ ret = -1;
+ goto out;
+ }
ret = vasprintf(&p, msgstr, ap2);
lang_msg_free(msgstr);
if (ret <= 0) {
- va_end(ap2);
- return ret;
+ ret = -1;
+ goto out;
}
/* now we have the string in unix format, convert it to the display
@@ -58,10 +61,10 @@
again:
p2 = (char *)SMB_MALLOC(maxlen);
if (!p2) {
- SAFE_FREE(p);
- va_end(ap2);
- return -1;
+ ret = -1;
+ goto out;
}
+
clen = convert_string(CH_UNIX, CH_DISPLAY, p, ret, p2, maxlen, True);
if (clen >= maxlen) {
@@ -72,10 +75,11 @@ again:
}
/* good, its converted OK */
- SAFE_FREE(p);
ret = fwrite(p2, 1, clen, f);
- SAFE_FREE(p2);
+out:
+ SAFE_FREE(p);
+ SAFE_FREE(p2);
va_end(ap2);
return ret;
diff --git a/source/libsmb/clikrb5.c b/source/libsmb/clikrb5.c
index b8afb579778..da76c46404c 100644
--- a/source/libsmb/clikrb5.c
+++ b/source/libsmb/clikrb5.c
@@ -1407,7 +1407,7 @@ done:
addrs = (krb5_address **)SMB_MALLOC(sizeof(krb5_address *) * num_addr);
if (addrs == NULL) {
- SAFE_FREE(kerb_addr);
+ SAFE_FREE(*kerb_addr);
return ENOMEM;
}
@@ -1416,7 +1416,7 @@ done:
addrs[0] = (krb5_address *)SMB_MALLOC(sizeof(krb5_address));
if (addrs[0] == NULL) {
SAFE_FREE(addrs);
- SAFE_FREE(kerb_addr);
+ SAFE_FREE(*kerb_addr);
return ENOMEM;
}
@@ -1427,7 +1427,7 @@ done:
if (addrs[0]->contents == NULL) {
SAFE_FREE(addrs[0]);
SAFE_FREE(addrs);
- SAFE_FREE(kerb_addr);
+ SAFE_FREE(*kerb_addr);
return ENOMEM;
}
@@ -1439,7 +1439,7 @@ done:
{
addrs = (krb5_addresses *)SMB_MALLOC(sizeof(krb5_addresses));
if (addrs == NULL) {
- SAFE_FREE(kerb_addr);
+ SAFE_FREE(*kerb_addr);
return ENOMEM;
}
@@ -1459,7 +1459,7 @@ done:
if (addrs->val[0].address.data == NULL) {
SAFE_FREE(addrs->val);
SAFE_FREE(addrs);
- SAFE_FREE(kerb_addr);
+ SAFE_FREE(*kerb_addr);
return ENOMEM;
}
diff --git a/source/nmbd/nmbd_incomingrequests.c b/source/nmbd/nmbd_incomingrequests.c
index ebe19481410..63f9a3a45cc 100644
--- a/source/nmbd/nmbd_incomingrequests.c
+++ b/source/nmbd/nmbd_incomingrequests.c
@@ -314,14 +314,14 @@ void process_node_status_request(struct subnet_record *subrec, struct packet_str
char rdata[MAX_DGRAM_SIZE];
char *countptr, *buf, *bufend, *buf0;
int names_added,i;
- struct name_record *namerec;
+ struct name_record *namerec = NULL;
pull_ascii_nstring(qname, sizeof(qname), nmb->question.question_name.name);
DEBUG(3,("process_node_status_request: status request for name %s from IP %s on \
subnet %s.\n", nmb_namestr(&nmb->question.question_name), inet_ntoa(p->ip), subrec->subnet_name));
- if((namerec = find_name_on_subnet(subrec, &nmb->question.question_name, FIND_SELF_NAME)) == 0) {
+ if(find_name_on_subnet(subrec, &nmb->question.question_name, FIND_SELF_NAME) == 0) {
DEBUG(1,("process_node_status_request: status request for name %s from IP %s on \
subnet %s - name not found.\n", nmb_namestr(&nmb->question.question_name),
inet_ntoa(p->ip), subrec->subnet_name));
diff --git a/source/nmbd/nmbd_serverlistdb.c b/source/nmbd/nmbd_serverlistdb.c
index 349c3f4df3d..b35d8bb94a9 100644
--- a/source/nmbd/nmbd_serverlistdb.c
+++ b/source/nmbd/nmbd_serverlistdb.c
@@ -128,7 +128,7 @@ struct server_record *create_server_on_workgroup(struct work_record *work,
return (NULL);
}
- if((servrec = find_server_in_workgroup(work, name)) != NULL) {
+ if(find_server_in_workgroup(work, name) != NULL) {
DEBUG(0,("create_server_on_workgroup: Server %s already exists on \
workgroup %s. This is a bug.\n", name, work->work_group));
return NULL;
diff --git a/source/passdb/pdb_interface.c b/source/passdb/pdb_interface.c
index b13644bac36..486b5b1b80c 100644
--- a/source/passdb/pdb_interface.c
+++ b/source/passdb/pdb_interface.c
@@ -605,6 +605,9 @@ static NTSTATUS pdb_default_delete_dom_group(struct pdb_methods *methods,
struct group *grp;
const char *grp_name;
+ /* coverity */
+ map.gid = (gid_t) -1;
+
sid_compose(&group_sid, get_global_sam_sid(), rid);
if (!get_domain_group_from_sid(group_sid, &map)) {
@@ -780,6 +783,9 @@ static NTSTATUS pdb_default_add_groupmem(struct pdb_methods *methods,
const char *group_name;
uid_t uid;
+ /* coverity */
+ map.gid = (gid_t) -1;
+
sid_compose(&group_sid, get_global_sam_sid(), group_rid);
sid_compose(&member_sid, get_global_sam_sid(), member_rid);
diff --git a/source/passdb/pdb_ldap.c b/source/passdb/pdb_ldap.c
index f031483ea15..043b6207560 100644
--- a/source/passdb/pdb_ldap.c
+++ b/source/passdb/pdb_ldap.c
@@ -4221,6 +4221,7 @@ const char **talloc_attrs(TALLOC_CTX *mem_ctx, ...)
result[i] = talloc_strdup(result, va_arg(ap, const char*));
if (result[i] == NULL) {
talloc_free(result);
+ va_end(ap);
return NULL;
}
}
diff --git a/source/rpc_client/cli_spoolss.c b/source/rpc_client/cli_spoolss.c
index 69cee6c8e84..30a707f943d 100644
--- a/source/rpc_client/cli_spoolss.c
+++ b/source/rpc_client/cli_spoolss.c
@@ -521,7 +521,8 @@ WERROR rpccli_spoolss_enum_printers(struct rpc_pipe_client *cli, TALLOC_CTX *mem
ZERO_STRUCT(out);
offered = 0;
- rpcbuf_init(&buffer, offered, mem_ctx);
+ if (!rpcbuf_init(&buffer, offered, mem_ctx))
+ return WERR_NOMEM;
make_spoolss_q_enumprinters( &in, flags, name, level, &buffer, offered );
CLI_DO_RPC_WERR( cli, mem_ctx, &syntax_spoolss, SPOOLSS_ENUMPRINTERS,
@@ -537,7 +538,8 @@ WERROR rpccli_spoolss_enum_printers(struct rpc_pipe_client *cli, TALLOC_CTX *mem
ZERO_STRUCT(in);
ZERO_STRUCT(out);
- rpcbuf_init(&buffer, offered, mem_ctx);
+ if (!rpcbuf_init(&buffer, offered, mem_ctx))
+ return WERR_NOMEM;
make_spoolss_q_enumprinters( &in, flags, name, level, &buffer, offered );
CLI_DO_RPC_WERR( cli, mem_ctx, &syntax_spoolss, SPOOLSS_ENUMPRINTERS,
@@ -601,7 +603,8 @@ WERROR rpccli_spoolss_enum_ports(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ct
strupper_m(server);
offered = 0;
- rpcbuf_init(&buffer, offered, mem_ctx);
+ if (!rpcbuf_init(&buffer, offered, mem_ctx))
+ return WERR_NOMEM;
make_spoolss_q_enumports( &in, server, level, &buffer, offered );
CLI_DO_RPC_WERR( cli, mem_ctx, &syntax_spoolss, SPOOLSS_ENUMPORTS,
@@ -617,7 +620,8 @@ WERROR rpccli_spoolss_enum_ports(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ct
ZERO_STRUCT(in);
ZERO_STRUCT(out);
- rpcbuf_init(&buffer, offered, mem_ctx);
+ if (!rpcbuf_init(&buffer, offered, mem_ctx))
+ return WERR_NOMEM;
make_spoolss_q_enumports( &in, server, level, &buffer, offered );
CLI_DO_RPC_WERR( cli, mem_ctx, &syntax_spoolss, SPOOLSS_ENUMPORTS,
@@ -670,7 +674,8 @@ WERROR rpccli_spoolss_getprinter(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ct
/* Initialise input parameters */
offered = 0;
- rpcbuf_init(&buffer, offered, mem_ctx);
+ if (!rpcbuf_init(&buffer, offered, mem_ctx))
+ return WERR_NOMEM;
make_spoolss_q_getprinter( mem_ctx, &in, pol, level, &buffer, offered );
CLI_DO_RPC_WERR( cli, mem_ctx, &syntax_spoolss, SPOOLSS_GETPRINTER,
@@ -686,7 +691,8 @@ WERROR rpccli_spoolss_getprinter(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ct
ZERO_STRUCT(in);
ZERO_STRUCT(out);
- rpcbuf_init(&buffer, offered, mem_ctx);
+ if (!rpcbuf_init(&buffer, offered, mem_ctx))
+ return WERR_NOMEM;
make_spoolss_q_getprinter( mem_ctx, &in, pol, level, &buffer, offered );
CLI_DO_RPC_WERR( cli, mem_ctx, &syntax_spoolss, SPOOLSS_GETPRINTER,
@@ -781,7 +787,8 @@ WERROR rpccli_spoolss_getprinterdriver(struct rpc_pipe_client *cli,
strupper_m(server);
offered = 0;
- rpcbuf_init(&buffer, offered, mem_ctx);
+ if (!rpcbuf_init(&buffer, offered, mem_ctx))
+ return WERR_NOMEM;
make_spoolss_q_getprinterdriver2( &in, pol, env, level,
version, 2, &buffer, offered);
@@ -798,7 +805,8 @@ WERROR rpccli_spoolss_getprinterdriver(struct rpc_pipe_client *cli,
ZERO_STRUCT(in);
ZERO_STRUCT(out);
- rpcbuf_init(&buffer, offered, mem_ctx);
+ if (!rpcbuf_init(&buffer, offered, mem_ctx))
+ return WERR_NOMEM;
make_spoolss_q_getprinterdriver2( &in, pol, env, level,
version, 2, &buffer, offered);
@@ -859,7 +867,8 @@ WERROR rpccli_spoolss_enumprinterdrivers (struct rpc_pipe_client *cli,
strupper_m(server);
offered = 0;
- rpcbuf_init(&buffer, offered, mem_ctx);
+ if (!rpcbuf_init(&buffer, offered, mem_ctx))
+ return WERR_NOMEM;
make_spoolss_q_enumprinterdrivers( &in, server, env, level,
&buffer, offered);
@@ -876,7 +885,8 @@ WERROR rpccli_spoolss_enumprinterdrivers (struct rpc_pipe_client *cli,
ZERO_STRUCT(in);
ZERO_STRUCT(out);
- rpcbuf_init(&buffer, offered, mem_ctx);
+ if (!rpcbuf_init(&buffer, offered, mem_ctx))
+ return WERR_NOMEM;
make_spoolss_q_enumprinterdrivers( &in, server, env, level,
&buffer, offered);
@@ -942,7 +952,8 @@ WERROR rpccli_spoolss_getprinterdriverdir (struct rpc_pipe_client *cli,
strupper_m(server);
offered = 0;
- rpcbuf_init(&buffer, offered, mem_ctx);
+ if (!rpcbuf_init(&buffer, offered, mem_ctx))
+ return WERR_NOMEM;
make_spoolss_q_getprinterdriverdir( &in, server, env, level,
&buffer, offered );
@@ -959,7 +970,8 @@ WERROR rpccli_spoolss_getprinterdriverdir (struct rpc_pipe_client *cli,
ZERO_STRUCT(in);
ZERO_STRUCT(out);
- rpcbuf_init(&buffer, offered, mem_ctx);
+ if (!rpcbuf_init(&buffer, offered, mem_ctx))
+ return WERR_NOMEM;
make_spoolss_q_getprinterdriverdir( &in, server, env, level,
&buffer, offered );
@@ -1125,7 +1137,8 @@ WERROR rpccli_spoolss_getprintprocessordirectory(struct rpc_pipe_client *cli,
ZERO_STRUCT(out);
offered = 0;
- rpcbuf_init(&buffer, offered, mem_ctx);
+ if (!rpcbuf_init(&buffer, offered, mem_ctx))
+ return WERR_NOMEM;
make_spoolss_q_getprintprocessordirectory( &in, name,
environment, level, &buffer, offered );
@@ -1142,7 +1155,8 @@ WERROR rpccli_spoolss_getprintprocessordirectory(struct rpc_pipe_client *cli,
ZERO_STRUCT(in);
ZERO_STRUCT(out);
- rpcbuf_init(&buffer, offered, mem_ctx);
+ if (!rpcbuf_init(&buffer, offered, mem_ctx))
+ return WERR_NOMEM;
make_spoolss_q_getprintprocessordirectory( &in, name,
environment, level, &buffer, offered );
@@ -1230,7 +1244,8 @@ WERROR rpccli_spoolss_getform(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx,
ZERO_STRUCT(out);
offered = 0;
- rpcbuf_init(&buffer, offered, mem_ctx);
+ if (!rpcbuf_init(&buffer, offered, mem_ctx))
+ return WERR_NOMEM;
make_spoolss_q_getform( &in, handle, formname, level, &buffer, offered );
CLI_DO_RPC_WERR( cli, mem_ctx, &syntax_spoolss, SPOOLSS_GETFORM,
@@ -1246,7 +1261,8 @@ WERROR rpccli_spoolss_getform(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx,
ZERO_STRUCT(in);
ZERO_STRUCT(out);
- rpcbuf_init(&buffer, offered, mem_ctx);
+ if (!rpcbuf_init(&buffer, offered, mem_ctx))
+ return WERR_NOMEM;
make_spoolss_q_getform( &in, handle, formname, level, &buffer, offered );
CLI_DO_RPC_WERR( cli, mem_ctx, &syntax_spoolss, SPOOLSS_GETFORM,
@@ -1309,7 +1325,8 @@ WERROR rpccli_spoolss_enumforms(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx
ZERO_STRUCT(out);
offered = 0;
- rpcbuf_init(&buffer, offered, mem_ctx);
+ if (!rpcbuf_init(&buffer, offered, mem_ctx))
+ return WERR_NOMEM;
make_spoolss_q_enumforms( &in, handle, level, &buffer, offered );
CLI_DO_RPC_WERR( cli, mem_ctx, &syntax_spoolss, SPOOLSS_ENUMFORMS,
@@ -1325,7 +1342,8 @@ WERROR rpccli_spoolss_enumforms(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx
ZERO_STRUCT(in);
ZERO_STRUCT(out);
- rpcbuf_init(&buffer, offered, mem_ctx);
+ if (!rpcbuf_init(&buffer, offered, mem_ctx))
+ return WERR_NOMEM;
make_spoolss_q_enumforms( &in, handle, level, &buffer, offered );
CLI_DO_RPC_WERR( cli, mem_ctx, &syntax_spoolss, SPOOLSS_ENUMFORMS,
@@ -1365,7 +1383,8 @@ WERROR rpccli_spoolss_enumjobs(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx,
ZERO_STRUCT(out);
offered = 0;
- rpcbuf_init(&buffer, offered, mem_ctx);
+ if (!rpcbuf_init(&buffer, offered, mem_ctx))
+ return WERR_NOMEM;
make_spoolss_q_enumjobs( &in, hnd, firstjob, num_jobs, level,
&buffer, offered );
@@ -1382,7 +1401,8 @@ WERROR rpccli_spoolss_enumjobs(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx,
ZERO_STRUCT(in);
ZERO_STRUCT(out);
- rpcbuf_init(&buffer, offered, mem_ctx);
+ if (!rpcbuf_init(&buffer, offered, mem_ctx))
+ return WERR_NOMEM;
make_spoolss_q_enumjobs( &in, hnd, firstjob, num_jobs, level,
&buffer, offered );
@@ -1461,7 +1481,8 @@ WERROR rpccli_spoolss_getjob(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx,
ZERO_STRUCT(out);
offered = 0;
- rpcbuf_init(&buffer, offered, mem_ctx);
+ if (!rpcbuf_init(&buffer, offered, mem_ctx))
+ return WERR_NOMEM;
make_spoolss_q_getjob( &in, hnd, jobid, level, &buffer, offered );
CLI_DO_RPC_WERR( cli, mem_ctx, &syntax_spoolss, SPOOLSS_GETJOB,
@@ -1477,7 +1498,8 @@ WERROR rpccli_spoolss_getjob(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx,
ZERO_STRUCT(in);
ZERO_STRUCT(out);
- rpcbuf_init(&buffer, offered, mem_ctx);
+ if (!rpcbuf_init(&buffer, offered, mem_ctx))
+ return WERR_NOMEM;
make_spoolss_q_getjob( &in, hnd, jobid, level, &buffer, offered );
CLI_DO_RPC_WERR( cli, mem_ctx, &syntax_spoolss, SPOOLSS_GETJOB,
diff --git a/source/rpc_parse/parse_buffer.c b/source/rpc_parse/parse_buffer.c
index 63a73c4b7c7..296c4878d13 100644
--- a/source/rpc_parse/parse_buffer.c
+++ b/source/rpc_parse/parse_buffer.c
@@ -30,14 +30,15 @@
/**********************************************************************
Initialize a new spoolss buff for use by a client rpc
**********************************************************************/
-void rpcbuf_init(RPC_BUFFER *buffer, uint32 size, TALLOC_CTX *ctx)
+bool rpcbuf_init(RPC_BUFFER *buffer, uint32 size, TALLOC_CTX *ctx)
{
buffer->size = size;
buffer->string_at_end = size;
- if (prs_init(&buffer->prs, size, ctx, MARSHALL))
- buffer->struct_start = prs_offset(&buffer->prs);
- else
- buffer->struct_start = 0;
+ if (!prs_init(&buffer->prs, size, ctx, MARSHALL))
+ return false;
+
+ buffer->struct_start = prs_offset(&buffer->prs);
+ return true;
}
/*******************************************************************
diff --git a/source/rpc_server/srv_pipe.c b/source/rpc_server/srv_pipe.c
index be7d3db4443..705add6f7b3 100644
--- a/source/rpc_server/srv_pipe.c
+++ b/source/rpc_server/srv_pipe.c
@@ -732,7 +732,7 @@ static int rpc_lookup_size;
bool api_pipe_bind_auth3(pipes_struct *p, prs_struct *rpc_in_p)
{
RPC_HDR_AUTH auth_info;
- uint32 pad;
+ uint32 pad = 0;
DATA_BLOB blob;
ZERO_STRUCT(blob);
@@ -1871,6 +1871,8 @@ bool api_pipe_alter_context(pipes_struct *p, prs_struct *rpc_in_p)
return False;
}
+ ZERO_STRUCT(hdr_rb);
+
DEBUG(5,("api_pipe_alter_context: decode request. %d\n", __LINE__));
/* decode the alter context request */
diff --git a/source/rpc_server/srv_spoolss_nt.c b/source/rpc_server/srv_spoolss_nt.c
index 635898a9d57..a2dd5d4a2cb 100644
--- a/source/rpc_server/srv_spoolss_nt.c
+++ b/source/rpc_server/srv_spoolss_nt.c
@@ -9931,7 +9931,8 @@ WERROR _spoolss_xcvdataport(pipes_struct *p, SPOOL_Q_XCVDATAPORT *q_u, SPOOL_R_X
/* Allocate the outgoing buffer */
- rpcbuf_init( &r_u->outdata, q_u->offered, p->mem_ctx );
+ if (!rpcbuf_init( &r_u->outdata, q_u->offered, p->mem_ctx ))
+ return WERR_NOMEM;
switch ( Printer->printer_type ) {
case SPLHND_PORTMON_TCP:
diff --git a/source/rpc_server/srv_svcctl_nt.c b/source/rpc_server/srv_svcctl_nt.c
index bfd1c3b4c61..dbe0981f822 100644
--- a/source/rpc_server/srv_svcctl_nt.c
+++ b/source/rpc_server/srv_svcctl_nt.c
@@ -679,7 +679,6 @@ WERROR _svcctl_QueryServiceConfigW(pipes_struct *p,
/* we have to set the outgoing buffer size to the same as the
incoming buffer size (even in the case of failure */
-
*r->out.bytes_needed = r->in.buf_size;
wresult = fill_svc_config( p->mem_ctx, info->name, r->out.query, p->pipe_user.nt_user_token );
diff --git a/source/utils/net_rpc.c b/source/utils/net_rpc.c
index 8742f9ac0a2..3f572f03fe5 100644
--- a/source/utils/net_rpc.c
+++ b/source/utils/net_rpc.c
@@ -4064,7 +4064,11 @@ static bool get_user_sids(const char *domain, const char *user, NT_USER_TOKEN *t
return false;
}
- string_to_sid(&user_sid, sid_str);
+ if (!string_to_sid(&user_sid, sid_str)) {
+ DEBUG(1,("Could not convert sid %s from string\n", sid_str));
+ return false;
+ }
+
wbcFreeMemory(sid_str);
sid_str = NULL;
@@ -4200,7 +4204,11 @@ static bool get_user_tokens_from_file(FILE *f,
/* We have a SID */
DOM_SID sid;
- string_to_sid(&sid, &line[1]);
+ if(!string_to_sid(&sid, &line[1])) {
+ DEBUG(1,("get_user_tokens_from_file: Could "
+ "not convert sid %s \n",&line[1]));
+ return false;
+ }
if (token == NULL) {
DEBUG(0, ("File does not begin with username"));
diff --git a/source/winbindd/winbindd_group.c b/source/winbindd/winbindd_group.c
index 7432bda451f..bc532bbce7c 100644
--- a/source/winbindd/winbindd_group.c
+++ b/source/winbindd/winbindd_group.c
@@ -991,7 +991,13 @@ static void getgrgid_recv(void *private_data, bool success, const char *sid)
DEBUG(10,("getgrgid_recv: gid %lu has sid %s\n",
(unsigned long)(state->request.data.gid), sid));
- string_to_sid(&group_sid, sid);
+ if (!string_to_sid(&group_sid, sid)) {
+ DEBUG(1,("getgrgid_recv: Could not convert sid %s "
+ "from string\n", sid));
+ request_error(state);
+ return;
+ }
+
winbindd_getgrsid(state, group_sid);
return;
}
diff --git a/source/winbindd/winbindd_user.c b/source/winbindd/winbindd_user.c
index fd1fdd36998..5356e16a74d 100644
--- a/source/winbindd/winbindd_user.c
+++ b/source/winbindd/winbindd_user.c
@@ -527,7 +527,13 @@ static void getpwuid_recv(void *private_data, bool success, const char *sid)
DEBUG(10,("uid2sid_recv: uid %lu has sid %s\n",
(unsigned long)(state->request.data.uid), sid));
- string_to_sid(&user_sid, sid);
+ if (!string_to_sid(&user_sid, sid)) {
+ DEBUG(1,("uid2sid_recv: Could not convert sid %s "
+ "from string\n,", sid));
+ request_error(state);
+ return;
+ }
+
winbindd_getpwsid(state, &user_sid);
}
diff --git a/source/winbindd/winbindd_util.c b/source/winbindd/winbindd_util.c
index 748099a32e5..2d87015fec0 100644
--- a/source/winbindd/winbindd_util.c
+++ b/source/winbindd/winbindd_util.c
@@ -682,8 +682,16 @@ static void init_child_recv(void *private_data, bool success)
state->response->data.domain_info.name);
fstrcpy(state->domain->alt_name,
state->response->data.domain_info.alt_name);
- string_to_sid(&state->domain->sid,
- state->response->data.domain_info.sid);
+ if (!string_to_sid(&state->domain->sid,
+ state->response->data.domain_info.sid)) {
+ DEBUG(1,("init_child_recv: Could not convert sid %s "
+ "from string\n",
+ state->response->data.domain_info.sid));
+ state->continuation(state->private_data, False);
+ talloc_destroy(state->mem_ctx);
+ return;
+ }
+
state->domain->native_mode =
state->response->data.domain_info.native_mode;
state->domain->active_directory =
diff --git a/source/winbindd/winbindd_wins.c b/source/winbindd/winbindd_wins.c
index 4a3d2682b65..f9ba13ffdad 100644
--- a/source/winbindd/winbindd_wins.c
+++ b/source/winbindd/winbindd_wins.c
@@ -46,9 +46,15 @@ static int wins_lookup_open_socket_in(void)
if (res == -1)
return -1;
- setsockopt(res,SOL_SOCKET,SO_REUSEADDR,(char *)&val,sizeof(val));
+ if (setsockopt(res,SOL_SOCKET,SO_REUSEADDR,(char *)&val,sizeof(val))) {
+ close(res);
+ return -1;
+ }
#ifdef SO_REUSEPORT
- setsockopt(res,SOL_SOCKET,SO_REUSEPORT,(char *)&val,sizeof(val));
+ if (setsockopt(res,SOL_SOCKET,SO_REUSEPORT,(char *)&val,sizeof(val))) {
+ close(res);
+ return -1;
+ }
#endif /* SO_REUSEPORT */
/* now we've got a socket - we need to bind it */