diff options
| author | Shirish Kalele <kalele@samba.org> | 2000-05-26 22:37:08 +0000 |
|---|---|---|
| committer | Shirish Kalele <kalele@samba.org> | 2000-05-26 22:37:08 +0000 |
| commit | 590d9ece8449b1feecfe1aa13e61bcd8fea4e5bf (patch) | |
| tree | d9f58a60f9779e0243a1e9ca7cc02c8d2db8c3a0 /source/rpc_server/srv_pipe_hnd.c | |
| parent | 80a0079b2f993159ef35b02ba5c70ce9d8096879 (diff) | |
| download | samba-590d9ece8449b1feecfe1aa13e61bcd8fea4e5bf.tar.gz samba-590d9ece8449b1feecfe1aa13e61bcd8fea4e5bf.tar.xz samba-590d9ece8449b1feecfe1aa13e61bcd8fea4e5bf.zip | |
Fixed memory leak in RPC parsing code.
Problem in prs_set_buffer_size() was Realloc returns a NULL when newsize is zero (equivalent to a free()). We were returning a failure here without resetting the buffer_size or the data_p pointer in the prs_struct. And we weren't checking for a failure from prs_set_buffer_size(). So realloc's to zero size were not reflected in the prs_struct: memory leak.
Diffstat (limited to 'source/rpc_server/srv_pipe_hnd.c')
| -rw-r--r-- | source/rpc_server/srv_pipe_hnd.c | 7 |
1 files changed, 6 insertions, 1 deletions
diff --git a/source/rpc_server/srv_pipe_hnd.c b/source/rpc_server/srv_pipe_hnd.c index a349da839a6..e01ecf82a27 100644 --- a/source/rpc_server/srv_pipe_hnd.c +++ b/source/rpc_server/srv_pipe_hnd.c @@ -480,7 +480,12 @@ authentication failed. Denying the request.\n", p->name)); * size as the current offset. */ - prs_set_buffer_size(&p->in_data.data, prs_offset(&p->in_data.data)); + if(!prs_set_buffer_size(&p->in_data.data, prs_offset(&p->in_data.data))) + { + DEBUG(0,("process_request_pdu: Call to prs_set_buffer_size failed!\n")); + set_incoming_fault(p); + return False; + } /* * Set the parse offset to the start of the data and set the |