diff options
| author | Gerald Carter <jerry@samba.org> | 2007-05-03 16:58:30 +0000 |
|---|---|---|
| committer | Gerald Carter <jerry@samba.org> | 2007-05-03 16:58:30 +0000 |
| commit | 812a6afc0a6a0d95ed7dc2a6e1847678143521f0 (patch) | |
| tree | 30060f23dd59bb821b434a9a141ecaf0034b82ac /source/rpc_parse | |
| parent | 4ae5d4171c16ba0c0197fc62087a19ccba9ffe9e (diff) | |
| download | samba-812a6afc0a6a0d95ed7dc2a6e1847678143521f0.tar.gz samba-812a6afc0a6a0d95ed7dc2a6e1847678143521f0.tar.xz samba-812a6afc0a6a0d95ed7dc2a6e1847678143521f0.zip | |
r22650: sync up with SMABA_3_0_25 as of svn r22649
Diffstat (limited to 'source/rpc_parse')
| -rw-r--r-- | source/rpc_parse/parse_buffer.c | 3 | ||||
| -rw-r--r-- | source/rpc_parse/parse_dfs.c | 24 | ||||
| -rw-r--r-- | source/rpc_parse/parse_eventlog.c | 4 | ||||
| -rw-r--r-- | source/rpc_parse/parse_lsa.c | 62 | ||||
| -rw-r--r-- | source/rpc_parse/parse_misc.c | 97 | ||||
| -rw-r--r-- | source/rpc_parse/parse_net.c | 214 | ||||
| -rw-r--r-- | source/rpc_parse/parse_ntsvcs.c | 10 | ||||
| -rw-r--r-- | source/rpc_parse/parse_prs.c | 6 | ||||
| -rw-r--r-- | source/rpc_parse/parse_samr.c | 32 | ||||
| -rw-r--r-- | source/rpc_parse/parse_spoolss.c | 10 | ||||
| -rw-r--r-- | source/rpc_parse/parse_svcctl.c | 12 |
11 files changed, 318 insertions, 156 deletions
diff --git a/source/rpc_parse/parse_buffer.c b/source/rpc_parse/parse_buffer.c index 5643189afea..b66eb9910a8 100644 --- a/source/rpc_parse/parse_buffer.c +++ b/source/rpc_parse/parse_buffer.c @@ -401,6 +401,9 @@ BOOL smb_io_relarraystr(const char *desc, RPC_BUFFER *buffer, int depth, uint16 { chaine2[l_chaine2] = '\0'; *string=(uint16 *)TALLOC_MEMDUP(prs_get_mem_context(ps),chaine2,realloc_size); + if (!*string) { + return False; + } SAFE_FREE(chaine2); } diff --git a/source/rpc_parse/parse_dfs.c b/source/rpc_parse/parse_dfs.c index e590aae0526..118429e7d2f 100644 --- a/source/rpc_parse/parse_dfs.c +++ b/source/rpc_parse/parse_dfs.c @@ -326,6 +326,9 @@ BOOL netdfs_io_dfs_Info3_d(const char *desc, NETDFS_DFS_INFO3 *v, prs_struct *ps if (UNMARSHALLING(ps)) { v->stores = (void *)PRS_ALLOC_MEM_VOID(ps,sizeof(*v->stores)*v->num_stores); + if (!v->stores) { + return False; + } } for (i_stores_1=0; i_stores_1<v->num_stores;i_stores_1++) { if (!netdfs_io_dfs_StorageInfo_p("stores", &v->stores[i_stores_1], ps, depth)) @@ -448,6 +451,9 @@ BOOL netdfs_io_dfs_Info4_d(const char *desc, NETDFS_DFS_INFO4 *v, prs_struct *ps if (UNMARSHALLING(ps)) { v->stores = (void *)PRS_ALLOC_MEM_VOID(ps,sizeof(*v->stores)*v->num_stores); + if (!v->stores) { + return False; + } } for (i_stores_1=0; i_stores_1<v->num_stores;i_stores_1++) { if (!netdfs_io_dfs_StorageInfo_p("stores", &v->stores[i_stores_1], ps, depth)) @@ -921,6 +927,9 @@ BOOL netdfs_io_dfs_EnumArray1_d(const char *desc, NETDFS_DFS_ENUMARRAY1 *v, prs_ if (UNMARSHALLING(ps)) { v->s = (void *)PRS_ALLOC_MEM_VOID(ps,sizeof(*v->s)*v->count); + if (!v->s) { + return False; + } } for (i_s_1=0; i_s_1<v->count;i_s_1++) { if (!netdfs_io_dfs_Info1_p("s", &v->s[i_s_1], ps, depth)) @@ -987,6 +996,9 @@ BOOL netdfs_io_dfs_EnumArray2_d(const char *desc, NETDFS_DFS_ENUMARRAY2 *v, prs_ if (UNMARSHALLING(ps)) { v->s = (void *)PRS_ALLOC_MEM_VOID(ps,sizeof(*v->s)*v->count); + if (!v->s) { + return False; + } } for (i_s_1=0; i_s_1<v->count;i_s_1++) { if (!netdfs_io_dfs_Info2_p("s", &v->s[i_s_1], ps, depth)) @@ -1053,6 +1065,9 @@ BOOL netdfs_io_dfs_EnumArray3_d(const char *desc, NETDFS_DFS_ENUMARRAY3 *v, prs_ if (UNMARSHALLING(ps)) { v->s = (void *)PRS_ALLOC_MEM_VOID(ps,sizeof(*v->s)*v->count); + if (!v->s) { + return False; + } } for (i_s_1=0; i_s_1<v->count;i_s_1++) { if (!netdfs_io_dfs_Info3_p("s", &v->s[i_s_1], ps, depth)) @@ -1119,6 +1134,9 @@ BOOL netdfs_io_dfs_EnumArray4_d(const char *desc, NETDFS_DFS_ENUMARRAY4 *v, prs_ if (UNMARSHALLING(ps)) { v->s = (void *)PRS_ALLOC_MEM_VOID(ps,sizeof(*v->s)*v->count); + if (!v->s) { + return False; + } } for (i_s_1=0; i_s_1<v->count;i_s_1++) { if (!netdfs_io_dfs_Info4_p("s", &v->s[i_s_1], ps, depth)) @@ -1185,6 +1203,9 @@ BOOL netdfs_io_dfs_EnumArray200_d(const char *desc, NETDFS_DFS_ENUMARRAY200 *v, if (UNMARSHALLING(ps)) { v->s = (void *)PRS_ALLOC_MEM_VOID(ps,sizeof(*v->s)*v->count); + if (!v->s) { + return False; + } } for (i_s_1=0; i_s_1<v->count;i_s_1++) { if (!netdfs_io_dfs_Info200_p("s", &v->s[i_s_1], ps, depth)) @@ -1251,6 +1272,9 @@ BOOL netdfs_io_dfs_EnumArray300_d(const char *desc, NETDFS_DFS_ENUMARRAY300 *v, if (UNMARSHALLING(ps)) { v->s = (void *)PRS_ALLOC_MEM_VOID(ps,sizeof(*v->s)*v->count); + if (!v->s) { + return False; + } } for (i_s_1=0; i_s_1<v->count;i_s_1++) { if (!netdfs_io_dfs_Info300_p("s", &v->s[i_s_1], ps, depth)) diff --git a/source/rpc_parse/parse_eventlog.c b/source/rpc_parse/parse_eventlog.c index addf433feb8..436f35aff6a 100644 --- a/source/rpc_parse/parse_eventlog.c +++ b/source/rpc_parse/parse_eventlog.c @@ -354,7 +354,9 @@ BOOL eventlog_io_r_read_eventlog(const char *desc, /* Now pad with whitespace until the end of the response buffer */ if (q_u->max_read_size - r_u->num_bytes_in_resp) { - r_u->end_of_entries_padding = SMB_CALLOC_ARRAY(uint8, q_u->max_read_size - r_u->num_bytes_in_resp); + if (!r_u->end_of_entries_padding) { + return False; + } if(!(prs_uint8s(False, "end of entries padding", ps, depth, r_u->end_of_entries_padding, diff --git a/source/rpc_parse/parse_lsa.c b/source/rpc_parse/parse_lsa.c index e1630f79f48..ea249dc5600 100644 --- a/source/rpc_parse/parse_lsa.c +++ b/source/rpc_parse/parse_lsa.c @@ -573,14 +573,17 @@ void init_r_enum_trust_dom(TALLOC_CTX *ctx, LSA_R_ENUM_TRUST_DOM *out, return; } - out->domlist->domains = TALLOC_ARRAY( ctx, DOMAIN_INFO, + if (out->count) { + out->domlist->domains = TALLOC_ARRAY( ctx, DOMAIN_INFO, out->count ); - - if ( !out->domlist->domains ) { - out->status = NT_STATUS_NO_MEMORY; - return; + if ( !out->domlist->domains ) { + out->status = NT_STATUS_NO_MEMORY; + return; + } + } else { + out->domlist->domains = NULL; } - + out->domlist->count = out->count; /* initialize the list of domains and their sid */ @@ -737,9 +740,13 @@ static BOOL lsa_io_dom_query_2(const char *desc, DOM_QUERY_2 *d_q, prs_struct *p return False; if (UNMARSHALLING(ps)) { - d_q->auditsettings = TALLOC_ZERO_ARRAY(ps->mem_ctx, uint32, d_q->count2); - if (!d_q->auditsettings) { - return False; + if (d_q->count2) { + d_q->auditsettings = TALLOC_ZERO_ARRAY(ps->mem_ctx, uint32, d_q->count2); + if (!d_q->auditsettings) { + return False; + } + } else { + d_q->auditsettings = NULL; } } @@ -1118,16 +1125,16 @@ static void init_lsa_sid_enum(TALLOC_CTX *mem_ctx, LSA_SID_ENUM *sen, /* Allocate memory for sids and sid pointers */ - if (num_entries == 0) return; - - if ((sen->ptr_sid = TALLOC_ZERO_ARRAY(mem_ctx, uint32, num_entries )) == NULL) { - DEBUG(3, ("init_lsa_sid_enum(): out of memory for ptr_sid\n")); - return; - } + if (num_entries) { + if ((sen->ptr_sid = TALLOC_ZERO_ARRAY(mem_ctx, uint32, num_entries )) == NULL) { + DEBUG(3, ("init_lsa_sid_enum(): out of memory for ptr_sid\n")); + return; + } - if ((sen->sid = TALLOC_ZERO_ARRAY(mem_ctx, DOM_SID2, num_entries)) == NULL) { - DEBUG(3, ("init_lsa_sid_enum(): out of memory for sids\n")); - return; + if ((sen->sid = TALLOC_ZERO_ARRAY(mem_ctx, DOM_SID2, num_entries)) == NULL) { + DEBUG(3, ("init_lsa_sid_enum(): out of memory for sids\n")); + return; + } } /* Copy across SIDs and SID pointers */ @@ -1563,14 +1570,19 @@ void init_q_lookup_names(TALLOC_CTX *mem_ctx, LSA_Q_LOOKUP_NAMES *q_l, q_l->num_entries2 = num_names; q_l->lookup_level = 1; - if ((q_l->uni_name = TALLOC_ZERO_ARRAY(mem_ctx, UNISTR2, num_names)) == NULL) { - DEBUG(3, ("init_q_lookup_names(): out of memory\n")); - return; - } + if (num_names) { + if ((q_l->uni_name = TALLOC_ZERO_ARRAY(mem_ctx, UNISTR2, num_names)) == NULL) { + DEBUG(3, ("init_q_lookup_names(): out of memory\n")); + return; + } - if ((q_l->hdr_name = TALLOC_ZERO_ARRAY(mem_ctx, UNIHDR, num_names)) == NULL) { - DEBUG(3, ("init_q_lookup_names(): out of memory\n")); - return; + if ((q_l->hdr_name = TALLOC_ZERO_ARRAY(mem_ctx, UNIHDR, num_names)) == NULL) { + DEBUG(3, ("init_q_lookup_names(): out of memory\n")); + return; + } + } else { + q_l->uni_name = NULL; + q_l->hdr_name = NULL; } for (i = 0; i < num_names; i++) { diff --git a/source/rpc_parse/parse_misc.c b/source/rpc_parse/parse_misc.c index 3b1e9a4f08e..a926a5e18ee 100644 --- a/source/rpc_parse/parse_misc.c +++ b/source/rpc_parse/parse_misc.c @@ -268,7 +268,7 @@ BOOL smb_io_dom_sid2_p(const char *desc, prs_struct *ps, int depth, DOM_SID2 **s if (UNMARSHALLING(ps)) { if ( !(*sid2 = PRS_ALLOC_MEM(ps, DOM_SID2, 1)) ) - return False; + return False; } return True; @@ -496,11 +496,15 @@ void init_unistr(UNISTR *str, const char *buf) len = strlen(buf) + 1; - str->buffer = TALLOC_ZERO_ARRAY(get_talloc_ctx(), uint16, len); - if (str->buffer == NULL) - smb_panic("init_unistr: malloc fail\n"); + if (len) { + str->buffer = TALLOC_ZERO_ARRAY(get_talloc_ctx(), uint16, len); + if (str->buffer == NULL) + smb_panic("init_unistr: malloc fail\n"); - rpcstr_push(str->buffer, buf, len*sizeof(uint16), STR_TERMINATE); + rpcstr_push(str->buffer, buf, len*sizeof(uint16), STR_TERMINATE); + } else { + str->buffer = NULL; + } } /******************************************************************* @@ -703,15 +707,18 @@ void copy_unistr2(UNISTR2 *str, const UNISTR2 *from) (the the length of the source string) to prevent reallocation of memory. */ if (str->buffer == NULL) { - str->buffer = (uint16 *)TALLOC_ZERO_ARRAY(get_talloc_ctx(), uint16, str->uni_max_len); - if ((str->buffer == NULL)) { - smb_panic("copy_unistr2: talloc fail\n"); - return; + if (str->uni_max_len) { + str->buffer = (uint16 *)TALLOC_ZERO_ARRAY(get_talloc_ctx(), uint16, str->uni_max_len); + if ((str->buffer == NULL)) { + smb_panic("copy_unistr2: talloc fail\n"); + return; + } + /* copy the string */ + memcpy(str->buffer, from->buffer, str->uni_max_len*sizeof(uint16)); + } else { + str->buffer = NULL; } } - - /* copy the string */ - memcpy(str->buffer, from->buffer, str->uni_max_len*sizeof(uint16)); } /******************************************************************* @@ -799,7 +806,9 @@ void init_unistr2(UNISTR2 *str, const char *buf, enum unistr2_term_codes flags) len = strlen(buf) + 1; if ( flags == UNI_STR_DBLTERMINATE ) len++; - } else { + } + + if (buf == NULL || len == 0) { /* no buffer -- nothing to do */ str->uni_max_len = 0; str->offset = 0; @@ -887,10 +896,14 @@ void init_unistr2_w(TALLOC_CTX *ctx, UNISTR2 *str, const smb_ucs2_t *buf) str->offset = 0; str->uni_str_len = len; - str->buffer = TALLOC_ZERO_ARRAY(ctx, uint16, len + 1); - if (str->buffer == NULL) { - smb_panic("init_unistr2_w: talloc fail\n"); - return; + if (len + 1) { + str->buffer = TALLOC_ZERO_ARRAY(ctx, uint16, len + 1); + if (str->buffer == NULL) { + smb_panic("init_unistr2_w: talloc fail\n"); + return; + } + } else { + str->buffer = NULL; } /* @@ -903,7 +916,9 @@ void init_unistr2_w(TALLOC_CTX *ctx, UNISTR2 *str, const smb_ucs2_t *buf) /* Yes, this is a strncpy( foo, bar, strlen(bar)) - but as long as the buffer above is talloc()ed correctly then this is the correct thing to do */ - strncpy_w(str->buffer, buf, len + 1); + if (len+1) { + strncpy_w(str->buffer, buf, len + 1); + } } /******************************************************************* @@ -937,10 +952,14 @@ void init_unistr2_from_unistr(UNISTR2 *to, const UNISTR *from) to->uni_str_len = i; /* allocate the space and copy the string buffer */ - to->buffer = TALLOC_ZERO_ARRAY(get_talloc_ctx(), uint16, i); - if (to->buffer == NULL) - smb_panic("init_unistr2_from_unistr: malloc fail\n"); - memcpy(to->buffer, from->buffer, i*sizeof(uint16)); + if (i) { + to->buffer = TALLOC_ZERO_ARRAY(get_talloc_ctx(), uint16, i); + if (to->buffer == NULL) + smb_panic("init_unistr2_from_unistr: malloc fail\n"); + memcpy(to->buffer, from->buffer, i*sizeof(uint16)); + } else { + to->buffer = NULL; + } return; } @@ -1136,12 +1155,13 @@ BOOL prs_unistr4_array(const char *desc, prs_struct *ps, int depth, UNISTR4_ARRA if(!prs_uint32("count", ps, depth, &array->count)) return False; - if ( array->count == 0 ) - return True; - if (UNMARSHALLING(ps)) { - if ( !(array->strings = TALLOC_ZERO_ARRAY( get_talloc_ctx(), UNISTR4, array->count)) ) - return False; + if (array->count) { + if ( !(array->strings = TALLOC_ZERO_ARRAY( get_talloc_ctx(), UNISTR4, array->count)) ) + return False; + } else { + array->strings = NULL; + } } /* write the headers and then the actual string buffer */ @@ -1169,13 +1189,14 @@ BOOL init_unistr4_array( UNISTR4_ARRAY *array, uint32 count, const char **string array->count = count; - if ( array->count == 0 ) - return True; - /* allocate memory for the array of UNISTR4 objects */ - if ( !(array->strings = TALLOC_ZERO_ARRAY(get_talloc_ctx(), UNISTR4, count )) ) - return False; + if (array->count) { + if ( !(array->strings = TALLOC_ZERO_ARRAY(get_talloc_ctx(), UNISTR4, count )) ) + return False; + } else { + array->strings = NULL; + } for ( i=0; i<count; i++ ) init_unistr4( &array->strings[i], strings[i], UNI_STR_TERMINATE ); @@ -1724,11 +1745,15 @@ void init_unistr3(UNISTR3 *str, const char *buf) str->uni_str_len = strlen(buf) + 1; - str->str.buffer = TALLOC_ZERO_ARRAY(get_talloc_ctx(), uint16, str->uni_str_len); - if (str->str.buffer == NULL) - smb_panic("init_unistr3: malloc fail\n"); + if (str->uni_str_len) { + str->str.buffer = TALLOC_ZERO_ARRAY(get_talloc_ctx(), uint16, str->uni_str_len); + if (str->str.buffer == NULL) + smb_panic("init_unistr3: malloc fail\n"); - rpcstr_push((char *)str->str.buffer, buf, str->uni_str_len * sizeof(uint16), STR_TERMINATE); + rpcstr_push((char *)str->str.buffer, buf, str->uni_str_len * sizeof(uint16), STR_TERMINATE); + } else { + str->str.buffer = NULL; + } } /******************************************************************* diff --git a/source/rpc_parse/parse_net.c b/source/rpc_parse/parse_net.c index 2ccc9f59f68..d84dc4ef11c 100644 --- a/source/rpc_parse/parse_net.c +++ b/source/rpc_parse/parse_net.c @@ -1022,9 +1022,13 @@ static int init_dom_sid2s(TALLOC_CTX *ctx, const char *sids_str, DOM_SID2 **ppsi } /* Now allocate space for them. */ - *ppsids = TALLOC_ZERO_ARRAY(ctx, DOM_SID2, count); - if (*ppsids == NULL) - return 0; + if (count) { + *ppsids = TALLOC_ZERO_ARRAY(ctx, DOM_SID2, count); + if (*ppsids == NULL) + return 0; + } else { + *ppsids = NULL; + } sids = *ppsids; @@ -1506,9 +1510,13 @@ void init_net_user_info3(TALLOC_CTX *ctx, NET_USER_INFO_3 *usr, usr->num_groups2 = num_groups; - usr->gids = TALLOC_ZERO_ARRAY(ctx,DOM_GID,num_groups); - if (usr->gids == NULL && num_groups>0) - return; + if (num_groups) { + usr->gids = TALLOC_ZERO_ARRAY(ctx,DOM_GID,num_groups); + if (usr->gids == NULL) + return; + } else { + usr->gids = NULL; + } for (i = 0; i < num_groups; i++) usr->gids[i] = gids[i]; @@ -2467,13 +2475,19 @@ static BOOL net_io_sam_group_mem_info(const char *desc, SAM_GROUP_MEM_INFO * inf return False; } - info->rids = TALLOC_ARRAY(ps->mem_ctx, uint32, info->num_members2); - - if (info->rids == NULL) { - DEBUG(0, ("out of memory allocating %d rids\n", - info->num_members2)); - return False; - } + if (UNMARSHALLING(ps)) { + if (info->num_members2) { + info->rids = TALLOC_ARRAY(ps->mem_ctx, uint32, info->num_members2); + + if (info->rids == NULL) { + DEBUG(0, ("out of memory allocating %d rids\n", + info->num_members2)); + return False; + } + } else { + info->rids = NULL; + } + } for (i = 0; i < info->num_members2; i++) { @@ -2494,13 +2508,19 @@ static BOOL net_io_sam_group_mem_info(const char *desc, SAM_GROUP_MEM_INFO * inf return False; } - info->attribs = TALLOC_ARRAY(ps->mem_ctx, uint32, info->num_members3); - - if (info->attribs == NULL) { - DEBUG(0, ("out of memory allocating %d attribs\n", - info->num_members3)); - return False; - } + if (UNMARSHALLING(ps)) { + if (info->num_members3) { + info->attribs = TALLOC_ARRAY(ps->mem_ctx, uint32, info->num_members3); + + if (info->attribs == NULL) { + DEBUG(0, ("out of memory allocating %d attribs\n", + info->num_members3)); + return False; + } + } else { + info->attribs = NULL; + } + } for (i = 0; i < info->num_members3; i++) { @@ -2580,13 +2600,19 @@ static BOOL net_io_sam_alias_mem_info(const char *desc, SAM_ALIAS_MEM_INFO * inf return False; } - info->ptr_sids = TALLOC_ARRAY(ps->mem_ctx, uint32, info->num_sids); + if (UNMARSHALLING(ps)) { + if (info->num_sids) { + info->ptr_sids = TALLOC_ARRAY(ps->mem_ctx, uint32, info->num_sids); - if (info->ptr_sids == NULL) { - DEBUG(0, ("out of memory allocating %d ptr_sids\n", - info->num_sids)); - return False; - } + if (info->ptr_sids == NULL) { + DEBUG(0, ("out of memory allocating %d ptr_sids\n", + info->num_sids)); + return False; + } + } else { + info->ptr_sids = NULL; + } + } for (i = 0; i < info->num_sids; i++) { @@ -2595,13 +2621,19 @@ static BOOL net_io_sam_alias_mem_info(const char *desc, SAM_ALIAS_MEM_INFO * inf return False; } - info->sids = TALLOC_ARRAY(ps->mem_ctx, DOM_SID2, info->num_sids); - - if (info->sids == NULL) { - DEBUG(0, ("error allocating %d sids\n", - info->num_sids)); - return False; - } + if (UNMARSHALLING(ps)) { + if (info->num_sids) { + info->sids = TALLOC_ARRAY(ps->mem_ctx, DOM_SID2, info->num_sids); + + if (info->sids == NULL) { + DEBUG(0, ("error allocating %d sids\n", + info->num_sids)); + return False; + } + } else { + info->sids = NULL; + } + } for (i = 0; i < info->num_sids; i++) { @@ -2911,7 +2943,16 @@ static BOOL net_io_sam_privs_info(const char *desc, SAM_DELTA_PRIVS *info, if(!prs_uint32("attribute_count", ps, depth, &info->attribute_count)) return False; - info->attributes = TALLOC_ARRAY(ps->mem_ctx, uint32, info->attribute_count); + if (UNMARSHALLING(ps)) { + if (info->attribute_count) { + info->attributes = TALLOC_ARRAY(ps->mem_ctx, uint32, info->attribute_count); + if (!info->attributes) { + return False; + } + } else { + info->attributes = NULL; + } + } for (i=0; i<info->attribute_count; i++) if(!prs_uint32("attributes", ps, depth, &info->attributes[i])) @@ -2920,8 +2961,21 @@ static BOOL net_io_sam_privs_info(const char *desc, SAM_DELTA_PRIVS *info, if(!prs_uint32("privlist_count", ps, depth, &info->privlist_count)) return False; - info->hdr_privslist = TALLOC_ARRAY(ps->mem_ctx, UNIHDR, info->privlist_count); - info->uni_privslist = TALLOC_ARRAY(ps->mem_ctx, UNISTR2, info->privlist_count); + if (UNMARSHALLING(ps)) { + if (info->privlist_count) { + info->hdr_privslist = TALLOC_ARRAY(ps->mem_ctx, UNIHDR, info->privlist_count); + info->uni_privslist = TALLOC_ARRAY(ps->mem_ctx, UNISTR2, info->privlist_count); + if (!info->hdr_privslist) { + return False; + } + if (!info->uni_privslist) { + return False; + } + } else { + info->hdr_privslist = NULL; + info->uni_privslist = NULL; + } + } for (i=0; i<info->privlist_count; i++) if(!smb_io_unihdr("hdr_privslist", &info->hdr_privslist[i], ps, depth)) @@ -3051,15 +3105,19 @@ BOOL net_io_r_sam_sync(const char *desc, return False; } - if (r_s->num_deltas2 > 0) { - r_s->hdr_deltas = TALLOC_ARRAY(ps->mem_ctx, SAM_DELTA_HDR, r_s->num_deltas2); - if (r_s->hdr_deltas == NULL) { - DEBUG(0, ("error tallocating memory " - "for %d delta headers\n", - r_s->num_deltas2)); - return False; - } - } + if (UNMARSHALLING(ps)) { + if (r_s->num_deltas2) { + r_s->hdr_deltas = TALLOC_ARRAY(ps->mem_ctx, SAM_DELTA_HDR, r_s->num_deltas2); + if (r_s->hdr_deltas == NULL) { + DEBUG(0, ("error tallocating memory " + "for %d delta headers\n", + r_s->num_deltas2)); + return False; + } + } else { + r_s->hdr_deltas = NULL; + } + } for (i = 0; i < r_s->num_deltas2; i++) { @@ -3069,15 +3127,19 @@ BOOL net_io_r_sam_sync(const char *desc, return False; } - if (r_s->num_deltas2 > 0) { - r_s->deltas = TALLOC_ARRAY(ps->mem_ctx, SAM_DELTA_CTR, r_s->num_deltas2); - if (r_s->deltas == NULL) { - DEBUG(0, ("error tallocating memory " - "for %d deltas\n", - r_s->num_deltas2)); - return False; - } - } + if (UNMARSHALLING(ps)) { + if (r_s->num_deltas2) { + r_s->deltas = TALLOC_ARRAY(ps->mem_ctx, SAM_DELTA_CTR, r_s->num_deltas2); + if (r_s->deltas == NULL) { + DEBUG(0, ("error tallocating memory " + "for %d deltas\n", + r_s->num_deltas2)); + return False; + } + } else { + r_s->deltas = NULL; + } + } for (i = 0; i < r_s->num_deltas2; i++) { @@ -3180,15 +3242,19 @@ BOOL net_io_r_sam_deltas(const char *desc, if (r_s->ptr_deltas != 0) { - if (r_s->num_deltas > 0) { - r_s->hdr_deltas = TALLOC_ARRAY(ps->mem_ctx, SAM_DELTA_HDR, r_s->num_deltas); - if (r_s->hdr_deltas == NULL) { - DEBUG(0, ("error tallocating memory " - "for %d delta headers\n", - r_s->num_deltas)); - return False; - } - } + if (UNMARSHALLING(ps)) { + if (r_s->num_deltas) { + r_s->hdr_deltas = TALLOC_ARRAY(ps->mem_ctx, SAM_DELTA_HDR, r_s->num_deltas); + if (r_s->hdr_deltas == NULL) { + DEBUG(0, ("error tallocating memory " + "for %d delta headers\n", + r_s->num_deltas)); + return False; + } + } else { + r_s->hdr_deltas = NULL; + } + } for (i = 0; i < r_s->num_deltas; i++) { @@ -3196,15 +3262,19 @@ BOOL net_io_r_sam_deltas(const char *desc, ps, depth); } - if (r_s->num_deltas > 0) { - r_s->deltas = TALLOC_ARRAY(ps->mem_ctx, SAM_DELTA_CTR, r_s->num_deltas); - if (r_s->deltas == NULL) { - DEBUG(0, ("error tallocating memory " - "for %d deltas\n", - r_s->num_deltas)); - return False; - } - } + if (UNMARSHALLING(ps)) { + if (r_s->num_deltas) { + r_s->deltas = TALLOC_ARRAY(ps->mem_ctx, SAM_DELTA_CTR, r_s->num_deltas); + if (r_s->deltas == NULL) { + DEBUG(0, ("error tallocating memory " + "for %d deltas\n", + r_s->num_deltas)); + return False; + } + } else { + r_s->deltas = NULL; + } + } for (i = 0; i < r_s->num_deltas; i++) { diff --git a/source/rpc_parse/parse_ntsvcs.c b/source/rpc_parse/parse_ntsvcs.c index ab5f3f75e87..559a9d5ab5f 100644 --- a/source/rpc_parse/parse_ntsvcs.c +++ b/source/rpc_parse/parse_ntsvcs.c @@ -334,9 +334,13 @@ BOOL ntsvcs_io_r_get_hw_profile_info(const char *desc, NTSVCS_R_GET_HW_PROFILE_I return False; if ( UNMARSHALLING(ps) ) { - r_u->buffer = TALLOC_ARRAY(get_talloc_ctx(), uint8, r_u->buffer_size ); - if (!r_u->buffer) { - return False; + if (r_u->buffer_size) { + r_u->buffer = TALLOC_ARRAY(get_talloc_ctx(), uint8, r_u->buffer_size ); + if (!r_u->buffer) { + return False; + } + } else { + r_u->buffer = NULL; } } diff --git a/source/rpc_parse/parse_prs.c b/source/rpc_parse/parse_prs.c index 540db5b6a85..2a5daac2e6e 100644 --- a/source/rpc_parse/parse_prs.c +++ b/source/rpc_parse/parse_prs.c @@ -156,9 +156,9 @@ char *prs_alloc_mem(prs_struct *ps, size_t size, unsigned int count) { char *ret = NULL; - if (size) { + if (size && count) { /* We can't call the type-safe version here. */ - ret = (char *)_talloc_zero_array(ps->mem_ctx, size, count, + ret = (char *)_talloc_zero_array_zeronull(ps->mem_ctx, size, count, "parse_prs"); } return ret; @@ -1817,7 +1817,7 @@ return the contents of a prs_struct in a DATA_BLOB BOOL prs_data_blob(prs_struct *prs, DATA_BLOB *blob, TALLOC_CTX *mem_ctx) { blob->length = prs_data_size(prs); - blob->data = (uint8 *)talloc_zero_size(mem_ctx, blob->length); + blob->data = (uint8 *)TALLOC_ZERO_SIZE(mem_ctx, blob->length); /* set the pointer at the end of the buffer */ prs_set_offset( prs, prs_data_size(prs) ); diff --git a/source/rpc_parse/parse_samr.c b/source/rpc_parse/parse_samr.c index 27a5ef9d996..273b1b97261 100644 --- a/source/rpc_parse/parse_samr.c +++ b/source/rpc_parse/parse_samr.c @@ -4175,7 +4175,11 @@ void init_samr_q_lookup_rids(TALLOC_CTX *ctx, SAMR_Q_LOOKUP_RIDS * q_u, q_u->flags = flags; q_u->ptr = 0; q_u->num_rids2 = num_rids; - q_u->rid = TALLOC_ZERO_ARRAY(ctx, uint32, num_rids ); + if (num_rids) { + q_u->rid = TALLOC_ZERO_ARRAY(ctx, uint32, num_rids ); + } else { + q_u->rid = NULL; + } if (q_u->rid == NULL) { q_u->num_rids1 = 0; q_u->num_rids2 = 0; @@ -4814,11 +4818,16 @@ NTSTATUS init_samr_q_lookup_names(TALLOC_CTX *ctx, SAMR_Q_LOOKUP_NAMES * q_u, q_u->ptr = 0; q_u->num_names2 = num_names; - if (!(q_u->hdr_name = TALLOC_ZERO_ARRAY(ctx, UNIHDR, num_names))) - return NT_STATUS_NO_MEMORY; + if (num_names) { + if (!(q_u->hdr_name = TALLOC_ZERO_ARRAY(ctx, UNIHDR, num_names))) + return NT_STATUS_NO_MEMORY; - if (!(q_u->uni_name = TALLOC_ZERO_ARRAY(ctx, UNISTR2, num_names))) - return NT_STATUS_NO_MEMORY; + if (!(q_u->uni_name = TALLOC_ZERO_ARRAY(ctx, UNISTR2, num_names))) + return NT_STATUS_NO_MEMORY; + } else { + q_u->hdr_name = NULL; + q_u->uni_name = NULL; + } for (i = 0; i < num_names; i++) { init_unistr2(&q_u->uni_name[i], name[i], UNI_FLAGS_NONE); /* unicode string for machine account */ @@ -4903,10 +4912,15 @@ NTSTATUS init_samr_r_lookup_names(TALLOC_CTX *ctx, SAMR_R_LOOKUP_NAMES * r_u, r_u->ptr_rids = 1; r_u->num_rids2 = num_rids; - if (!(r_u->rids = TALLOC_ZERO_ARRAY(ctx, uint32, num_rids))) - return NT_STATUS_NO_MEMORY; - if (!(r_u->types = TALLOC_ZERO_ARRAY(ctx, uint32, num_rids))) - return NT_STATUS_NO_MEMORY; + if (num_rids) { + if (!(r_u->rids = TALLOC_ZERO_ARRAY(ctx, uint32, num_rids))) + return NT_STATUS_NO_MEMORY; + if (!(r_u->types = TALLOC_ZERO_ARRAY(ctx, uint32, num_rids))) + return NT_STATUS_NO_MEMORY; + } else { + r_u->rids = NULL; + r_u->types = NULL; + } if (!r_u->rids || !r_u->types) goto empty; diff --git a/source/rpc_parse/parse_spoolss.c b/source/rpc_parse/parse_spoolss.c index 57899ceff30..ae82f9c1164 100644 --- a/source/rpc_parse/parse_spoolss.c +++ b/source/rpc_parse/parse_spoolss.c @@ -5255,9 +5255,13 @@ BOOL make_spoolss_buffer5(TALLOC_CTX *mem_ctx, BUFFER5 *buf5, uint32 len, uint16 buf5->buf_len = len; if (src) { - if((buf5->buffer=(uint16*)TALLOC_MEMDUP(mem_ctx, src, sizeof(uint16)*len)) == NULL) { - DEBUG(0,("make_spoolss_buffer5: Unable to malloc memory for buffer!\n")); - return False; + if (len) { + if((buf5->buffer=(uint16*)TALLOC_MEMDUP(mem_ctx, src, sizeof(uint16)*len)) == NULL) { + DEBUG(0,("make_spoolss_buffer5: Unable to malloc memory for buffer!\n")); + return False; + } + } else { + buf5->buffer = NULL; } } else { buf5->buffer=NULL; diff --git a/source/rpc_parse/parse_svcctl.c b/source/rpc_parse/parse_svcctl.c index dc4ee3e6e99..3846812f31d 100644 --- a/source/rpc_parse/parse_svcctl.c +++ b/source/rpc_parse/parse_svcctl.c @@ -829,10 +829,14 @@ BOOL svcctl_io_service_fa( const char *desc, SERVICE_FAILURE_ACTIONS *fa, RPC_BU if ( !prs_uint32("num_actions", ps, depth, &fa->num_actions) ) return False; - if ( UNMARSHALLING(ps) && fa->num_actions ) { - if ( !(fa->actions = TALLOC_ARRAY( get_talloc_ctx(), SC_ACTION, fa->num_actions )) ) { - DEBUG(0,("svcctl_io_service_fa: talloc() failure!\n")); - return False; + if ( UNMARSHALLING(ps)) { + if (fa->num_actions) { + if ( !(fa->actions = TALLOC_ARRAY( get_talloc_ctx(), SC_ACTION, fa->num_actions )) ) { + DEBUG(0,("svcctl_io_service_fa: talloc() failure!\n")); + return False; + } + } else { + fa->actions = NULL; } } |