summaryrefslogtreecommitdiffstats
path: root/source/smbd/nttrans.c
diff options
context:
space:
mode:
authorJeremy Allison <jra@samba.org>2004-12-07 18:25:53 +0000
committerGerald (Jerry) Carter <jerry@samba.org>2007-10-10 10:53:32 -0500
commit620f2e608f70ba92f032720c031283d295c5c06a (patch)
treeec3dd5fcf29eaa98a26ddeae3acb7a89fd0e0fb8 /source/smbd/nttrans.c
parent12440744ba36445186042c8c254785766cce5385 (diff)
downloadsamba-620f2e608f70ba92f032720c031283d295c5c06a.tar.gz
samba-620f2e608f70ba92f032720c031283d295c5c06a.tar.xz
samba-620f2e608f70ba92f032720c031283d295c5c06a.zip
r4088: Get medieval on our ass about malloc.... :-). Take control of all our allocation
functions so we can funnel through some well known functions. Should help greatly with malloc checking. HEAD patch to follow. Jeremy.
Diffstat (limited to 'source/smbd/nttrans.c')
-rw-r--r--source/smbd/nttrans.c23
1 files changed, 17 insertions, 6 deletions
diff --git a/source/smbd/nttrans.c b/source/smbd/nttrans.c
index 42953a1b7a1..2395d0d8db5 100644
--- a/source/smbd/nttrans.c
+++ b/source/smbd/nttrans.c
@@ -58,11 +58,12 @@ static char *nttrans_realloc(char **ptr, size_t size)
if (ptr==NULL)
smb_panic("nttrans_realloc() called with NULL ptr\n");
- tptr = Realloc_zero(*ptr, size);
+ tptr = SMB_REALLOC(*ptr, size);
if(tptr == NULL) {
*ptr = NULL;
return NULL;
}
+ memset(tptr,'\0',size);
*ptr = tptr;
@@ -2139,7 +2140,7 @@ static int call_nt_transact_ioctl(connection_struct *conn, char *inbuf, char *ou
return ERROR_NT(NT_STATUS_NO_MEMORY);
}
- shadow_data = (SHADOW_COPY_DATA *)talloc_zero(shadow_mem_ctx,sizeof(SHADOW_COPY_DATA));
+ shadow_data = TALLOC_ZERO_P(shadow_mem_ctx,SHADOW_COPY_DATA);
if (shadow_data == NULL) {
DEBUG(0,("talloc_zero() failed!\n"));
return ERROR_NT(NT_STATUS_NO_MEMORY);
@@ -2449,6 +2450,10 @@ static int call_nt_transact_get_user_quota(connection_struct *conn, char *inbuf,
}
sid_len = IVAL(pdata,4);
+ /* Ensure this is less than 1mb. */
+ if (sid_len > (1024*1024)) {
+ return ERROR_DOS(ERRDOS,ERRnomem);
+ }
if (data_count < 8+sid_len) {
DEBUG(0,("TRANSACT_GET_USER_QUOTA_FOR_SID: requires %d >= %lu bytes data\n",data_count,(unsigned long)(8+sid_len)));
@@ -2703,15 +2708,21 @@ due to being in oplock break state.\n", (unsigned int)function_code ));
CVAL(inbuf, smb_wct), 19 + (setup_count/2)));
goto bad_param;
}
-
+
+ /* Don't allow more than 128mb for each value. */
+ if ((total_parameter_count > (1024*1024*128)) || (total_data_count > (1024*1024*128))) {
+ END_PROFILE(SMBnttrans);
+ return ERROR_DOS(ERRDOS,ERRnomem);
+ }
+
/* Allocate the space for the setup, the maximum needed parameters and data */
if(setup_count > 0)
- setup = (char *)malloc(setup_count);
+ setup = (char *)SMB_MALLOC(setup_count);
if (total_parameter_count > 0)
- params = (char *)malloc(total_parameter_count);
+ params = (char *)SMB_MALLOC(total_parameter_count);
if (total_data_count > 0)
- data = (char *)malloc(total_data_count);
+ data = (char *)SMB_MALLOC(total_data_count);
if ((total_parameter_count && !params) || (total_data_count && !data) ||
(setup_count && !setup)) {
generated by cgit (git 2.34.1) at 2024-10-07 18:25:59 +0000