summaryrefslogtreecommitdiffstats
path: root/source/smbd/nttrans.c
diff options
context:
space:
mode:
authorGerald Carter <jerry@samba.org>2004-12-16 12:30:49 +0000
committerGerald Carter <jerry@samba.org>2004-12-16 12:30:49 +0000
commit8d91e07ef22ad3ed484b04bc4968380a24940696 (patch)
treeb5b8989f8da9ef7f852081f0460995386edd4b5d /source/smbd/nttrans.c
parent1a878c865637feb80206c0dc599acebf7f4a46bd (diff)
downloadsamba-3.0.10.tar.gz
samba-3.0.10.tar.xz
samba-3.0.10.zip
r4231: commiting changes to 3.0.10samba-3.0.10
Diffstat (limited to 'source/smbd/nttrans.c')
-rw-r--r--source/smbd/nttrans.c21
1 files changed, 16 insertions, 5 deletions
diff --git a/source/smbd/nttrans.c b/source/smbd/nttrans.c
index eaaf68d6895..755b5abb160 100644
--- a/source/smbd/nttrans.c
+++ b/source/smbd/nttrans.c
@@ -58,11 +58,12 @@ static char *nttrans_realloc(char **ptr, size_t size)
if (ptr==NULL)
smb_panic("nttrans_realloc() called with NULL ptr\n");
- tptr = Realloc_zero(*ptr, size);
+ tptr = SMB_REALLOC(*ptr, size);
if(tptr == NULL) {
*ptr = NULL;
return NULL;
}
+ memset(tptr,'\0',size);
*ptr = tptr;
@@ -2141,7 +2142,7 @@ static int call_nt_transact_ioctl(connection_struct *conn, char *inbuf, char *ou
return ERROR_NT(NT_STATUS_NO_MEMORY);
}
- shadow_data = (SHADOW_COPY_DATA *)talloc_zero(shadow_mem_ctx,sizeof(SHADOW_COPY_DATA));
+ shadow_data = TALLOC_ZERO_P(shadow_mem_ctx,SHADOW_COPY_DATA);
if (shadow_data == NULL) {
DEBUG(0,("talloc_zero() failed!\n"));
return ERROR_NT(NT_STATUS_NO_MEMORY);
@@ -2452,6 +2453,10 @@ static int call_nt_transact_get_user_quota(connection_struct *conn, char *inbuf,
}
sid_len = IVAL(pdata,4);
+ /* Ensure this is less than 1mb. */
+ if (sid_len > (1024*1024)) {
+ return ERROR_DOS(ERRDOS,ERRnomem);
+ }
if (data_count < 8+sid_len) {
DEBUG(0,("TRANSACT_GET_USER_QUOTA_FOR_SID: requires %d >= %lu bytes data\n",data_count,(unsigned long)(8+sid_len)));
@@ -2707,14 +2712,20 @@ due to being in oplock break state.\n", (unsigned int)function_code ));
goto bad_param;
}
+ /* Don't allow more than 128mb for each value. */
+ if ((total_parameter_count > (1024*1024*128)) || (total_data_count > (1024*1024*128))) {
+ END_PROFILE(SMBnttrans);
+ return ERROR_DOS(ERRDOS,ERRnomem);
+ }
+
/* Allocate the space for the setup, the maximum needed parameters and data */
if(setup_count > 0)
- setup = (char *)malloc(setup_count);
+ setup = (char *)SMB_MALLOC(setup_count);
if (total_parameter_count > 0)
- params = (char *)malloc(total_parameter_count);
+ params = (char *)SMB_MALLOC(total_parameter_count);
if (total_data_count > 0)
- data = (char *)malloc(total_data_count);
+ data = (char *)SMB_MALLOC(total_data_count);
if ((total_parameter_count && !params) || (total_data_count && !data) ||
(setup_count && !setup)) {
generated by cgit (git 2.34.1) at 2025-07-01 12:34:28 +0000