diff options
| author | Jeremy Allison <jra@samba.org> | 2006-12-09 02:58:18 +0000 |
|---|---|---|
| committer | Jeremy Allison <jra@samba.org> | 2006-12-09 02:58:18 +0000 |
| commit | fd8e93f6abd6a964481bcfdd0f2387c5c8a7a216 (patch) | |
| tree | 263faaab16e57666fe3591efbb6ab6858205c58b /source/lib/util.c | |
| parent | 423105aa77792c4fb9554fee4a462dbb57dafea6 (diff) | |
| download | samba-fd8e93f6abd6a964481bcfdd0f2387c5c8a7a216.tar.gz samba-fd8e93f6abd6a964481bcfdd0f2387c5c8a7a216.tar.xz samba-fd8e93f6abd6a964481bcfdd0f2387c5c8a7a216.zip | |
r20090: Fix a class of bugs found by James Peach. Ensure
we never mix malloc and talloc'ed contexts in the
add_XX_to_array() and add_XX_to_array_unique()
calls. Ensure that these calls always return
False on out of memory, True otherwise and always
check them. Ensure that the relevent parts of
the conn struct and the nt_user_tokens are
TALLOC_DESTROYED not SAFE_FREE'd.
James - this should fix your crash bug in both
branches.
Jeremy.
Diffstat (limited to 'source/lib/util.c')
| -rw-r--r-- | source/lib/util.c | 36 |
1 files changed, 12 insertions, 24 deletions
diff --git a/source/lib/util.c b/source/lib/util.c index 19c6cab5b28..d1801527e97 100644 --- a/source/lib/util.c +++ b/source/lib/util.c @@ -307,7 +307,7 @@ const char *tmpdir(void) Add a gid to an array of gids if it's not already there. ****************************************************************************/ -void add_gid_to_array_unique(TALLOC_CTX *mem_ctx, gid_t gid, +BOOL add_gid_to_array_unique(TALLOC_CTX *mem_ctx, gid_t gid, gid_t **gids, size_t *num_gids) { int i; @@ -316,26 +316,24 @@ void add_gid_to_array_unique(TALLOC_CTX *mem_ctx, gid_t gid, /* * A former call to this routine has failed to allocate memory */ - return; + return False; } for (i=0; i<*num_gids; i++) { - if ((*gids)[i] == gid) - return; - } - - if (mem_ctx != NULL) { - *gids = TALLOC_REALLOC_ARRAY(mem_ctx, *gids, gid_t, *num_gids+1); - } else { - *gids = SMB_REALLOC_ARRAY(*gids, gid_t, *num_gids+1); + if ((*gids)[i] == gid) { + return True; + } } + *gids = TALLOC_REALLOC_ARRAY(mem_ctx, *gids, gid_t, *num_gids+1); if (*gids == NULL) { - return; + *num_gids = 0; + return False; } (*gids)[*num_gids] = gid; *num_gids += 1; + return True; } /**************************************************************************** @@ -1077,12 +1075,7 @@ void add_to_large_array(TALLOC_CTX *mem_ctx, size_t element_size, goto error; } - if (mem_ctx != NULL) { - *array = TALLOC(mem_ctx, element_size * (*array_size)); - } else { - *array = SMB_MALLOC(element_size * (*array_size)); - } - + *array = TALLOC(mem_ctx, element_size * (*array_size)); if (*array == NULL) { goto error; } @@ -1095,13 +1088,8 @@ void add_to_large_array(TALLOC_CTX *mem_ctx, size_t element_size, goto error; } - if (mem_ctx != NULL) { - *array = TALLOC_REALLOC(mem_ctx, *array, - element_size * (*array_size)); - } else { - *array = SMB_REALLOC(*array, - element_size * (*array_size)); - } + *array = TALLOC_REALLOC(mem_ctx, *array, + element_size * (*array_size)); if (*array == NULL) { goto error; |