diff options
author | Gerald Carter <jerry@samba.org> | 2004-12-16 12:30:49 +0000 |
---|---|---|
committer | Gerald Carter <jerry@samba.org> | 2004-12-16 12:30:49 +0000 |
commit | 8d91e07ef22ad3ed484b04bc4968380a24940696 (patch) | |
tree | b5b8989f8da9ef7f852081f0460995386edd4b5d /source/smbd | |
parent | 1a878c865637feb80206c0dc599acebf7f4a46bd (diff) | |
download | samba-3.0.10.tar.gz samba-3.0.10.tar.xz samba-3.0.10.zip |
r4231: commiting changes to 3.0.10samba-3.0.10
Diffstat (limited to 'source/smbd')
-rw-r--r-- | source/smbd/blocking.c | 4 | ||||
-rw-r--r-- | source/smbd/conn.c | 2 | ||||
-rw-r--r-- | source/smbd/dir.c | 6 | ||||
-rw-r--r-- | source/smbd/fake_file.c | 2 | ||||
-rw-r--r-- | source/smbd/fileio.c | 4 | ||||
-rw-r--r-- | source/smbd/files.c | 2 | ||||
-rw-r--r-- | source/smbd/ipc.c | 8 | ||||
-rw-r--r-- | source/smbd/lanman.c | 129 | ||||
-rw-r--r-- | source/smbd/mangle_hash.c | 4 | ||||
-rw-r--r-- | source/smbd/mangle_hash2.c | 18 | ||||
-rw-r--r-- | source/smbd/msdfs.c | 13 | ||||
-rw-r--r-- | source/smbd/notify.c | 2 | ||||
-rw-r--r-- | source/smbd/ntquotas.c | 6 | ||||
-rw-r--r-- | source/smbd/nttrans.c | 21 | ||||
-rw-r--r-- | source/smbd/open.c | 2 | ||||
-rw-r--r-- | source/smbd/oplock.c | 4 | ||||
-rw-r--r-- | source/smbd/password.c | 8 | ||||
-rw-r--r-- | source/smbd/posix_acls.c | 29 | ||||
-rw-r--r-- | source/smbd/process.c | 7 | ||||
-rw-r--r-- | source/smbd/reply.c | 4 | ||||
-rw-r--r-- | source/smbd/sec_ctx.c | 4 | ||||
-rw-r--r-- | source/smbd/session.c | 6 | ||||
-rw-r--r-- | source/smbd/statcache.c | 6 | ||||
-rw-r--r-- | source/smbd/trans2.c | 40 | ||||
-rw-r--r-- | source/smbd/vfs.c | 8 |
25 files changed, 178 insertions, 161 deletions
diff --git a/source/smbd/blocking.c b/source/smbd/blocking.c index e143999a785..0e71174a2ee 100644 --- a/source/smbd/blocking.c +++ b/source/smbd/blocking.c @@ -106,12 +106,12 @@ BOOL push_blocking_lock_request( char *inbuf, int length, int lock_timeout, * the expiration time here. */ - if((blr = (blocking_lock_record *)malloc(sizeof(blocking_lock_record))) == NULL) { + if((blr = SMB_MALLOC_P(blocking_lock_record)) == NULL) { DEBUG(0,("push_blocking_lock_request: Malloc fail !\n" )); return False; } - if((blr->inbuf = (char *)malloc(length)) == NULL) { + if((blr->inbuf = (char *)SMB_MALLOC(length)) == NULL) { DEBUG(0,("push_blocking_lock_request: Malloc fail (2)!\n" )); SAFE_FREE(blr); return False; diff --git a/source/smbd/conn.c b/source/smbd/conn.c index 34e19a3ca6b..6b5942f7f66 100644 --- a/source/smbd/conn.c +++ b/source/smbd/conn.c @@ -132,7 +132,7 @@ find_again: return NULL; } - if ((conn=(connection_struct *)talloc_zero(mem_ctx, sizeof(*conn)))==NULL) { + if ((conn=TALLOC_ZERO_P(mem_ctx, connection_struct))==NULL) { DEBUG(0,("talloc_zero() failed!\n")); return NULL; } diff --git a/source/smbd/dir.c b/source/smbd/dir.c index 2bda42f76dc..f721bf3ba8a 100644 --- a/source/smbd/dir.c +++ b/source/smbd/dir.c @@ -407,7 +407,7 @@ int dptr_create(connection_struct *conn, pstring path, BOOL old_handle, BOOL exp if (dptrs_open >= MAX_OPEN_DIRECTORIES) dptr_idleoldest(); - dptr = (dptr_struct *)malloc(sizeof(dptr_struct)); + dptr = SMB_MALLOC_P(dptr_struct); if(!dptr) { DEBUG(0,("malloc fail in dptr_create.\n")); return -1; @@ -819,7 +819,7 @@ void *OpenDir(connection_struct *conn, const char *name, BOOL use_veto) if (!p) return(NULL); - dirp = (Dir *)malloc(sizeof(Dir)); + dirp = SMB_MALLOC_P(Dir); if (!dirp) { DEBUG(0,("Out of memory in OpenDir\n")); SMB_VFS_CLOSEDIR(conn,p); @@ -900,7 +900,7 @@ void *OpenDir(connection_struct *conn, const char *name, BOOL use_veto) if (used + l > dirp->mallocsize) { int s = MAX(used+l,used+2000); char *r; - r = (char *)Realloc(dirp->data,s); + r = (char *)SMB_REALLOC(dirp->data,s); if (!r) { DEBUG(0,("Out of memory in OpenDir\n")); break; diff --git a/source/smbd/fake_file.c b/source/smbd/fake_file.c index fc874dc0867..53aac1e0364 100644 --- a/source/smbd/fake_file.c +++ b/source/smbd/fake_file.c @@ -132,7 +132,7 @@ struct _FAKE_FILE_HANDLE *init_fake_file_handle(enum FAKE_FILE_TYPE type) return NULL; } - if ((fh =(FAKE_FILE_HANDLE *)talloc_zero(mem_ctx, sizeof(FAKE_FILE_HANDLE)))==NULL) { + if ((fh =TALLOC_ZERO_P(mem_ctx, FAKE_FILE_HANDLE))==NULL) { DEBUG(0,("talloc_zero() failed.\n")); talloc_destroy(mem_ctx); return NULL; diff --git a/source/smbd/fileio.c b/source/smbd/fileio.c index b9fe1ad1cfc..bc62683eaee 100644 --- a/source/smbd/fileio.c +++ b/source/smbd/fileio.c @@ -662,7 +662,7 @@ static BOOL setup_write_cache(files_struct *fsp, SMB_OFF_T file_size) if(alloc_size == 0 || fsp->wcp) return False; - if((wcp = (write_cache *)malloc(sizeof(write_cache))) == NULL) { + if((wcp = SMB_MALLOC_P(write_cache)) == NULL) { DEBUG(0,("setup_write_cache: malloc fail.\n")); return False; } @@ -671,7 +671,7 @@ static BOOL setup_write_cache(files_struct *fsp, SMB_OFF_T file_size) wcp->offset = 0; wcp->alloc_size = alloc_size; wcp->data_size = 0; - if((wcp->data = malloc(wcp->alloc_size)) == NULL) { + if((wcp->data = SMB_MALLOC(wcp->alloc_size)) == NULL) { DEBUG(0,("setup_write_cache: malloc fail for buffer size %u.\n", (unsigned int)wcp->alloc_size )); SAFE_FREE(wcp); diff --git a/source/smbd/files.c b/source/smbd/files.c index 580dc545452..ecf39c2b54f 100644 --- a/source/smbd/files.c +++ b/source/smbd/files.c @@ -93,7 +93,7 @@ files_struct *file_new(connection_struct *conn) return NULL; } - fsp = (files_struct *)malloc(sizeof(*fsp)); + fsp = SMB_MALLOC_P(files_struct); if (!fsp) { unix_ERR_class = ERRSRV; unix_ERR_code = ERRnofids; diff --git a/source/smbd/ipc.c b/source/smbd/ipc.c index e5465b902c8..ec8176e1234 100644 --- a/source/smbd/ipc.c +++ b/source/smbd/ipc.c @@ -165,7 +165,7 @@ void send_trans_reply(char *outbuf, static BOOL api_rpc_trans_reply(char *outbuf, smb_np_struct *p) { BOOL is_data_outstanding; - char *rdata = malloc(p->max_trans_reply); + char *rdata = SMB_MALLOC(p->max_trans_reply); int data_len; if(rdata == NULL) { @@ -389,7 +389,7 @@ int reply_trans(connection_struct *conn, char *inbuf,char *outbuf, int size, int goto bad_param; if (tdscnt) { - if((data = (char *)malloc(tdscnt)) == NULL) { + if((data = (char *)SMB_MALLOC(tdscnt)) == NULL) { DEBUG(0,("reply_trans: data malloc fail for %u bytes !\n", tdscnt)); END_PROFILE(SMBtrans); return(ERROR_DOS(ERRDOS,ERRnomem)); @@ -404,7 +404,7 @@ int reply_trans(connection_struct *conn, char *inbuf,char *outbuf, int size, int } if (tpscnt) { - if((params = (char *)malloc(tpscnt)) == NULL) { + if((params = (char *)SMB_MALLOC(tpscnt)) == NULL) { DEBUG(0,("reply_trans: param malloc fail for %u bytes !\n", tpscnt)); SAFE_FREE(data); END_PROFILE(SMBtrans); @@ -421,7 +421,7 @@ int reply_trans(connection_struct *conn, char *inbuf,char *outbuf, int size, int if (suwcnt) { unsigned int i; - if((setup = (uint16 *)malloc(suwcnt*sizeof(uint16))) == NULL) { + if((setup = SMB_MALLOC_ARRAY(uint16,suwcnt)) == NULL) { DEBUG(0,("reply_trans: setup malloc fail for %u bytes !\n", (unsigned int)(suwcnt * sizeof(uint16)))); SAFE_FREE(data); SAFE_FREE(params); diff --git a/source/smbd/lanman.c b/source/smbd/lanman.c index e7aa05b54a6..f4dad2ddb9c 100644 --- a/source/smbd/lanman.c +++ b/source/smbd/lanman.c @@ -753,7 +753,7 @@ static BOOL api_DosPrintQGetInfo(connection_struct *conn, */ *rdata_len = 0; *rparam_len = 6; - *rparam = REALLOC(*rparam,*rparam_len); + *rparam = SMB_REALLOC_LIMIT(*rparam,*rparam_len); SSVALS(*rparam,0,ERRunknownlevel); SSVAL(*rparam,2,0); SSVAL(*rparam,4,0); @@ -780,7 +780,7 @@ static BOOL api_DosPrintQGetInfo(connection_struct *conn, } if (mdrcnt > 0) { - *rdata = REALLOC(*rdata,mdrcnt); + *rdata = SMB_REALLOC_LIMIT(*rdata,mdrcnt); desc.base = *rdata; desc.buflen = mdrcnt; } else { @@ -789,7 +789,7 @@ static BOOL api_DosPrintQGetInfo(connection_struct *conn, * init_package will return wrong size if buflen=0 */ desc.buflen = getlen(desc.format); - desc.base = tmpdata = (char *) malloc (desc.buflen); + desc.base = tmpdata = (char *) SMB_MALLOC (desc.buflen); } if (init_package(&desc,1,count)) { @@ -809,7 +809,7 @@ static BOOL api_DosPrintQGetInfo(connection_struct *conn, *rdata_len = desc.usedlen; *rparam_len = 6; - *rparam = REALLOC(*rparam,*rparam_len); + *rparam = SMB_REALLOC_LIMIT(*rparam,*rparam_len); SSVALS(*rparam,0,desc.errcode); SSVAL(*rparam,2,0); SSVAL(*rparam,4,desc.neededlen); @@ -857,7 +857,7 @@ static BOOL api_DosPrintQEnum(connection_struct *conn, uint16 vuid, char* param, */ *rdata_len = 0; *rparam_len = 6; - *rparam = REALLOC(*rparam,*rparam_len); + *rparam = SMB_REALLOC_LIMIT(*rparam,*rparam_len); SSVALS(*rparam,0,ERRunknownlevel); SSVAL(*rparam,2,0); SSVAL(*rparam,4,0); @@ -869,17 +869,17 @@ static BOOL api_DosPrintQEnum(connection_struct *conn, uint16 vuid, char* param, if (lp_snum_ok(i) && lp_print_ok(i) && lp_browseable(i)) queuecnt++; if (uLevel > 0) { - if((queue = (print_queue_struct**)malloc(queuecnt*sizeof(print_queue_struct*))) == NULL) { + if((queue = SMB_MALLOC_ARRAY(print_queue_struct*, queuecnt)) == NULL) { DEBUG(0,("api_DosPrintQEnum: malloc fail !\n")); return False; } memset(queue,0,queuecnt*sizeof(print_queue_struct*)); - if((status = (print_status_struct*)malloc(queuecnt*sizeof(print_status_struct))) == NULL) { + if((status = SMB_MALLOC_ARRAY(print_status_struct,queuecnt)) == NULL) { DEBUG(0,("api_DosPrintQEnum: malloc fail !\n")); return False; } memset(status,0,queuecnt*sizeof(print_status_struct)); - if((subcntarr = (int*)malloc(queuecnt*sizeof(int))) == NULL) { + if((subcntarr = SMB_MALLOC_ARRAY(int,queuecnt)) == NULL) { DEBUG(0,("api_DosPrintQEnum: malloc fail !\n")); return False; } @@ -892,7 +892,7 @@ static BOOL api_DosPrintQEnum(connection_struct *conn, uint16 vuid, char* param, n++; } } - if (mdrcnt > 0) *rdata = REALLOC(*rdata,mdrcnt); + if (mdrcnt > 0) *rdata = SMB_REALLOC_LIMIT(*rdata,mdrcnt); desc.base = *rdata; desc.buflen = mdrcnt; @@ -911,7 +911,7 @@ static BOOL api_DosPrintQEnum(connection_struct *conn, uint16 vuid, char* param, *rdata_len = desc.usedlen; *rparam_len = 8; - *rparam = REALLOC(*rparam,*rparam_len); + *rparam = SMB_REALLOC_LIMIT(*rparam,*rparam_len); SSVALS(*rparam,0,desc.errcode); SSVAL(*rparam,2,0); SSVAL(*rparam,4,succnt); @@ -995,8 +995,7 @@ static int get_server_info(uint32 servertype, struct srv_info_struct *ts; alloced += 10; - ts = (struct srv_info_struct *) - Realloc(*servers,sizeof(**servers)*alloced); + ts = SMB_REALLOC_ARRAY(*servers,struct srv_info_struct, alloced); if (!ts) { DEBUG(0,("get_server_info: failed to enlarge servers info struct!\n")); return(0); @@ -1242,7 +1241,7 @@ static BOOL api_RNetServerEnum(connection_struct *conn, uint16 vuid, char *param } *rdata_len = fixed_len + string_len; - *rdata = REALLOC(*rdata,*rdata_len); + *rdata = SMB_REALLOC_LIMIT(*rdata,*rdata_len); memset(*rdata,'\0',*rdata_len); p2 = (*rdata) + fixed_len; /* auxilliary data (strings) will go here */ @@ -1266,7 +1265,7 @@ static BOOL api_RNetServerEnum(connection_struct *conn, uint16 vuid, char *param } *rparam_len = 8; - *rparam = REALLOC(*rparam,*rparam_len); + *rparam = SMB_REALLOC_LIMIT(*rparam,*rparam_len); SSVAL(*rparam,0,(missed == 0 ? NERR_Success : ERRmoredata)); SSVAL(*rparam,2,0); SSVAL(*rparam,4,counted); @@ -1303,7 +1302,7 @@ static BOOL api_RNetGroupGetUsers(connection_struct *conn, uint16 vuid, char *pa *rdata_len = 0; *rparam_len = 8; - *rparam = REALLOC(*rparam,*rparam_len); + *rparam = SMB_REALLOC_LIMIT(*rparam,*rparam_len); SSVAL(*rparam,0,0x08AC); /* informational warning message */ SSVAL(*rparam,2,0); @@ -1449,13 +1448,13 @@ static BOOL api_RNetShareGetInfo(connection_struct *conn,uint16 vuid, char *para if (!prefix_ok(str1,"zWrLh")) return False; if (!check_share_info(uLevel,str2)) return False; - *rdata = REALLOC(*rdata,mdrcnt); + *rdata = SMB_REALLOC_LIMIT(*rdata,mdrcnt); p = *rdata; *rdata_len = fill_share_info(conn,snum,uLevel,&p,&mdrcnt,0,0,0); if (*rdata_len < 0) return False; *rparam_len = 6; - *rparam = REALLOC(*rparam,*rparam_len); + *rparam = SMB_REALLOC_LIMIT(*rparam,*rparam_len); SSVAL(*rparam,0,NERR_Success); SSVAL(*rparam,2,0); /* converter word */ SSVAL(*rparam,4,*rdata_len); @@ -1520,7 +1519,7 @@ static BOOL api_RNetShareEnum( connection_struct *conn, } } *rdata_len = fixed_len + string_len; - *rdata = REALLOC(*rdata,*rdata_len); + *rdata = SMB_REALLOC_LIMIT(*rdata,*rdata_len); memset(*rdata,0,*rdata_len); p2 = (*rdata) + fixed_len; /* auxiliary data (strings) will go here */ @@ -1541,7 +1540,7 @@ static BOOL api_RNetShareEnum( connection_struct *conn, } *rparam_len = 8; - *rparam = REALLOC(*rparam,*rparam_len); + *rparam = SMB_REALLOC_LIMIT(*rparam,*rparam_len); SSVAL(*rparam,0,missed ? ERRmoredata : NERR_Success); SSVAL(*rparam,2,0); SSVAL(*rparam,4,counted); @@ -1627,7 +1626,7 @@ static BOOL api_RNetShareAdd(connection_struct *conn,uint16 vuid, char *param,ch } else return False; *rparam_len = 6; - *rparam = REALLOC(*rparam,*rparam_len); + *rparam = SMB_REALLOC_LIMIT(*rparam,*rparam_len); SSVAL(*rparam,0,NERR_Success); SSVAL(*rparam,2,0); /* converter word */ SSVAL(*rparam,4,*rdata_len); @@ -1637,7 +1636,7 @@ static BOOL api_RNetShareAdd(connection_struct *conn,uint16 vuid, char *param,ch error_exit: *rparam_len = 4; - *rparam = REALLOC(*rparam,*rparam_len); + *rparam = SMB_REALLOC_LIMIT(*rparam,*rparam_len); *rdata_len = 0; SSVAL(*rparam,0,res); SSVAL(*rparam,2,0); @@ -1692,7 +1691,7 @@ static BOOL api_RNetGroupEnum(connection_struct *conn,uint16 vuid, char *param,c DEBUG(10,("api_RNetGroupEnum:resume context: %d, client buffer size: %d\n", resume_context, cli_buf_size)); *rdata_len = cli_buf_size; - *rdata = REALLOC(*rdata,*rdata_len); + *rdata = SMB_REALLOC_LIMIT(*rdata,*rdata_len); p = *rdata; @@ -1714,7 +1713,7 @@ static BOOL api_RNetGroupEnum(connection_struct *conn,uint16 vuid, char *param,c *rdata_len = PTR_DIFF(p,*rdata); *rparam_len = 8; - *rparam = REALLOC(*rparam,*rparam_len); + *rparam = SMB_REALLOC_LIMIT(*rparam,*rparam_len); SSVAL(*rparam, 0, errflags); SSVAL(*rparam, 2, 0); /* converter word */ @@ -1750,7 +1749,7 @@ static BOOL api_NetUserGetGroups(connection_struct *conn,uint16 vuid, char *para DOM_SID sid, dom_sid; *rparam_len = 8; - *rparam = REALLOC(*rparam,*rparam_len); + *rparam = SMB_REALLOC_LIMIT(*rparam,*rparam_len); /* check it's a supported varient */ @@ -1769,7 +1768,7 @@ static BOOL api_NetUserGetGroups(connection_struct *conn,uint16 vuid, char *para return False; *rdata_len = mdrcnt + 1024; - *rdata = REALLOC(*rdata,*rdata_len); + *rdata = SMB_REALLOC_LIMIT(*rdata,*rdata_len); SSVAL(*rparam,0,NERR_Success); SSVAL(*rparam,2,0); /* converter word */ @@ -1864,14 +1863,14 @@ static BOOL api_RNetUserEnum(connection_struct *conn,uint16 vuid, char *param,ch DEBUG(10,("api_RNetUserEnum:resume context: %d, client buffer size: %d\n", resume_context, cli_buf_size)); *rparam_len = 8; - *rparam = REALLOC(*rparam,*rparam_len); + *rparam = SMB_REALLOC_LIMIT(*rparam,*rparam_len); /* check it's a supported varient */ if (strcmp("B21",str2) != 0) return False; *rdata_len = cli_buf_size; - *rdata = REALLOC(*rdata,*rdata_len); + *rdata = SMB_REALLOC_LIMIT(*rdata,*rdata_len); p = *rdata; @@ -1934,10 +1933,10 @@ static BOOL api_NetRemoteTOD(connection_struct *conn,uint16 vuid, char *param,ch { char *p; *rparam_len = 4; - *rparam = REALLOC(*rparam,*rparam_len); + *rparam = SMB_REALLOC_LIMIT(*rparam,*rparam_len); *rdata_len = 21; - *rdata = REALLOC(*rdata,*rdata_len); + *rdata = SMB_REALLOC_LIMIT(*rdata,*rdata_len); SSVAL(*rparam,0,NERR_Success); SSVAL(*rparam,2,0); /* converter word */ @@ -1996,7 +1995,7 @@ static BOOL api_SetUserPassword(connection_struct *conn,uint16 vuid, char *param memcpy(pass2,p+16,16); *rparam_len = 4; - *rparam = REALLOC(*rparam,*rparam_len); + *rparam = SMB_REALLOC_LIMIT(*rparam,*rparam_len); *rdata_len = 0; @@ -2068,7 +2067,7 @@ static BOOL api_SamOEMChangePassword(connection_struct *conn,uint16 vuid, char * fstring user; char *p = param + 2; *rparam_len = 2; - *rparam = REALLOC(*rparam,*rparam_len); + *rparam = SMB_REALLOC_LIMIT(*rparam,*rparam_len); *rdata_len = 0; @@ -2135,7 +2134,7 @@ static BOOL api_RDosPrintJobDel(connection_struct *conn,uint16 vuid, char *param return(False); *rparam_len = 4; - *rparam = REALLOC(*rparam,*rparam_len); + *rparam = SMB_REALLOC_LIMIT(*rparam,*rparam_len); *rdata_len = 0; if (!print_job_exists(sharename, jobid)) { @@ -2192,7 +2191,7 @@ static BOOL api_WPrintQueueCtrl(connection_struct *conn,uint16 vuid, char *param return(False); *rparam_len = 4; - *rparam = REALLOC(*rparam,*rparam_len); + *rparam = SMB_REALLOC_LIMIT(*rparam,*rparam_len); *rdata_len = 0; snum = print_queue_snum(QueueName); @@ -2266,7 +2265,7 @@ static BOOL api_PrintJobInfo(connection_struct *conn,uint16 vuid,char *param,cha if(!rap_to_pjobid(SVAL(p,0), sharename, &jobid)) return False; *rparam_len = 4; - *rparam = REALLOC(*rparam,*rparam_len); + *rparam = SMB_REALLOC_LIMIT(*rparam,*rparam_len); if ( (snum = lp_servicenumber(sharename)) == -1 ) { DEBUG(0,("api_PrintJobInfo: unable to get service number from sharename [%s]\n", @@ -2367,7 +2366,7 @@ static BOOL api_RNetServerGetInfo(connection_struct *conn,uint16 vuid, char *par } *rdata_len = mdrcnt; - *rdata = REALLOC(*rdata,*rdata_len); + *rdata = SMB_REALLOC_LIMIT(*rdata,*rdata_len); p = *rdata; p2 = p + struct_len; @@ -2416,7 +2415,7 @@ static BOOL api_RNetServerGetInfo(connection_struct *conn,uint16 vuid, char *par *rdata_len = PTR_DIFF(p2,*rdata); *rparam_len = 6; - *rparam = REALLOC(*rparam,*rparam_len); + *rparam = SMB_REALLOC_LIMIT(*rparam,*rparam_len); SSVAL(*rparam,0,NERR_Success); SSVAL(*rparam,2,0); /* converter word */ SSVAL(*rparam,4,*rdata_len); @@ -2443,14 +2442,14 @@ static BOOL api_NetWkstaGetInfo(connection_struct *conn,uint16 vuid, char *param DEBUG(4,("NetWkstaGetInfo level %d\n",level)); *rparam_len = 6; - *rparam = REALLOC(*rparam,*rparam_len); + *rparam = SMB_REALLOC_LIMIT(*rparam,*rparam_len); /* check it's a supported varient */ if (!(level==10 && strcsequal(str1,"WrLh") && strcsequal(str2,"zzzBBzz"))) return(False); *rdata_len = mdrcnt + 1024; - *rdata = REALLOC(*rdata,*rdata_len); + *rdata = SMB_REALLOC_LIMIT(*rdata,*rdata_len); SSVAL(*rparam,0,NERR_Success); SSVAL(*rparam,2,0); /* converter word */ @@ -2689,7 +2688,7 @@ static BOOL api_RNetUserGetInfo(connection_struct *conn,uint16 vuid, char *param vuser->user.unix_name)); *rparam_len = 6; - *rparam = REALLOC(*rparam,*rparam_len); + *rparam = SMB_REALLOC_LIMIT(*rparam,*rparam_len); DEBUG(4,("RNetUserGetInfo level=%d\n", uLevel)); @@ -2708,7 +2707,7 @@ static BOOL api_RNetUserGetInfo(connection_struct *conn,uint16 vuid, char *param if (strcmp(level_string,str2) != 0) return False; *rdata_len = mdrcnt + 1024; - *rdata = REALLOC(*rdata,*rdata_len); + *rdata = SMB_REALLOC_LIMIT(*rdata,*rdata_len); SSVAL(*rparam,0,NERR_Success); SSVAL(*rparam,2,0); /* converter word */ @@ -2855,7 +2854,7 @@ static BOOL api_WWkstaUserLogon(connection_struct *conn,uint16 vuid, char *param /* check it's a supported varient */ if (strcmp(str1,"OOWb54WrLh") != 0) return False; if (uLevel != 1 || strcmp(str2,"WB21BWDWWDDDDDDDzzzD") != 0) return False; - if (mdrcnt > 0) *rdata = REALLOC(*rdata,mdrcnt); + if (mdrcnt > 0) *rdata = SMB_REALLOC_LIMIT(*rdata,mdrcnt); desc.base = *rdata; desc.buflen = mdrcnt; desc.subformat = NULL; @@ -2894,7 +2893,7 @@ static BOOL api_WWkstaUserLogon(connection_struct *conn,uint16 vuid, char *param *rdata_len = desc.usedlen; *rparam_len = 6; - *rparam = REALLOC(*rparam,*rparam_len); + *rparam = SMB_REALLOC_LIMIT(*rparam,*rparam_len); SSVALS(*rparam,0,desc.errcode); SSVAL(*rparam,2,0); SSVAL(*rparam,4,desc.neededlen); @@ -2924,7 +2923,7 @@ static BOOL api_WAccessGetUserPerms(connection_struct *conn,uint16 vuid, char *p if (strcmp(str2,"") != 0) return False; *rparam_len = 6; - *rparam = REALLOC(*rparam,*rparam_len); + *rparam = SMB_REALLOC_LIMIT(*rparam,*rparam_len); SSVALS(*rparam,0,0); /* errorcode */ SSVAL(*rparam,2,0); /* converter word */ SSVAL(*rparam,4,0x7f); /* permission flags */ @@ -2976,7 +2975,7 @@ static BOOL api_WPrintJobGetInfo(connection_struct *conn,uint16 vuid, char *para } if (mdrcnt > 0) { - *rdata = REALLOC(*rdata,mdrcnt); + *rdata = SMB_REALLOC_LIMIT(*rdata,mdrcnt); desc.base = *rdata; desc.buflen = mdrcnt; } else { @@ -2985,7 +2984,7 @@ static BOOL api_WPrintJobGetInfo(connection_struct *conn,uint16 vuid, char *para * init_package will return wrong size if buflen=0 */ desc.buflen = getlen(desc.format); - desc.base = tmpdata = (char *)malloc ( desc.buflen ); + desc.base = tmpdata = (char *)SMB_MALLOC( desc.buflen ); } if (init_package(&desc,1,0)) { @@ -3000,7 +2999,7 @@ static BOOL api_WPrintJobGetInfo(connection_struct *conn,uint16 vuid, char *para } *rparam_len = 6; - *rparam = REALLOC(*rparam,*rparam_len); + *rparam = SMB_REALLOC_LIMIT(*rparam,*rparam_len); SSVALS(*rparam,0,desc.errcode); SSVAL(*rparam,2,0); SSVAL(*rparam,4,desc.neededlen); @@ -3054,7 +3053,7 @@ static BOOL api_WPrintJobEnumerate(connection_struct *conn,uint16 vuid, char *pa if (snum < 0 || !VALID_SNUM(snum)) return(False); count = print_queue_status(snum,&queue,&status); - if (mdrcnt > 0) *rdata = REALLOC(*rdata,mdrcnt); + if (mdrcnt > 0) *rdata = SMB_REALLOC_LIMIT(*rdata,mdrcnt); desc.base = *rdata; desc.buflen = mdrcnt; @@ -3069,7 +3068,7 @@ static BOOL api_WPrintJobEnumerate(connection_struct *conn,uint16 vuid, char *pa *rdata_len = desc.usedlen; *rparam_len = 8; - *rparam = REALLOC(*rparam,*rparam_len); + *rparam = SMB_REALLOC_LIMIT(*rparam,*rparam_len); SSVALS(*rparam,0,desc.errcode); SSVAL(*rparam,2,0); SSVAL(*rparam,4,succnt); @@ -3170,7 +3169,7 @@ static BOOL api_WPrintDestGetInfo(connection_struct *conn,uint16 vuid, char *par } else { if (mdrcnt > 0) { - *rdata = REALLOC(*rdata,mdrcnt); + *rdata = SMB_REALLOC_LIMIT(*rdata,mdrcnt); desc.base = *rdata; desc.buflen = mdrcnt; } else { @@ -3179,7 +3178,7 @@ static BOOL api_WPrintDestGetInfo(connection_struct *conn,uint16 vuid, char *par * init_package will return wrong size if buflen=0 */ desc.buflen = getlen(desc.format); - desc.base = tmpdata = (char *)malloc ( desc.buflen ); + desc.base = tmpdata = (char *)SMB_MALLOC( desc.buflen ); } if (init_package(&desc,1,0)) { fill_printdest_info(conn,snum,uLevel,&desc); @@ -3188,7 +3187,7 @@ static BOOL api_WPrintDestGetInfo(connection_struct *conn,uint16 vuid, char *par } *rparam_len = 6; - *rparam = REALLOC(*rparam,*rparam_len); + *rparam = SMB_REALLOC_LIMIT(*rparam,*rparam_len); SSVALS(*rparam,0,desc.errcode); SSVAL(*rparam,2,0); SSVAL(*rparam,4,desc.neededlen); @@ -3227,7 +3226,7 @@ static BOOL api_WPrintDestEnum(connection_struct *conn,uint16 vuid, char *param, if (lp_snum_ok(i) && lp_print_ok(i) && lp_browseable(i)) queuecnt++; - if (mdrcnt > 0) *rdata = REALLOC(*rdata,mdrcnt); + if (mdrcnt > 0) *rdata = SMB_REALLOC_LIMIT(*rdata,mdrcnt); desc.base = *rdata; desc.buflen = mdrcnt; if (init_package(&desc,queuecnt,0)) { @@ -3245,7 +3244,7 @@ static BOOL api_WPrintDestEnum(connection_struct *conn,uint16 vuid, char *param, *rdata_len = desc.usedlen; *rparam_len = 8; - *rparam = REALLOC(*rparam,*rparam_len); + *rparam = SMB_REALLOC_LIMIT(*rparam,*rparam_len); SSVALS(*rparam,0,desc.errcode); SSVAL(*rparam,2,0); SSVAL(*rparam,4,succnt); @@ -3277,7 +3276,7 @@ static BOOL api_WPrintDriverEnum(connection_struct *conn,uint16 vuid, char *para if (strcmp(str1,"WrLeh") != 0) return False; if (uLevel != 0 || strcmp(str2,"B41") != 0) return False; - if (mdrcnt > 0) *rdata = REALLOC(*rdata,mdrcnt); + if (mdrcnt > 0) *rdata = SMB_REALLOC_LIMIT(*rdata,mdrcnt); desc.base = *rdata; desc.buflen = mdrcnt; if (init_package(&desc,1,0)) { @@ -3289,7 +3288,7 @@ static BOOL api_WPrintDriverEnum(connection_struct *conn,uint16 vuid, char *para *rdata_len = desc.usedlen; *rparam_len = 8; - *rparam = REALLOC(*rparam,*rparam_len); + *rparam = SMB_REALLOC_LIMIT(*rparam,*rparam_len); SSVALS(*rparam,0,desc.errcode); SSVAL(*rparam,2,0); SSVAL(*rparam,4,succnt); @@ -3321,7 +3320,7 @@ static BOOL api_WPrintQProcEnum(connection_struct *conn,uint16 vuid, char *param if (strcmp(str1,"WrLeh") != 0) return False; if (uLevel != 0 || strcmp(str2,"B13") != 0) return False; - if (mdrcnt > 0) *rdata = REALLOC(*rdata,mdrcnt); + if (mdrcnt > 0) *rdata = SMB_REALLOC_LIMIT(*rdata,mdrcnt); desc.base = *rdata; desc.buflen = mdrcnt; desc.format = str2; @@ -3334,7 +3333,7 @@ static BOOL api_WPrintQProcEnum(connection_struct *conn,uint16 vuid, char *param *rdata_len = desc.usedlen; *rparam_len = 8; - *rparam = REALLOC(*rparam,*rparam_len); + *rparam = SMB_REALLOC_LIMIT(*rparam,*rparam_len); SSVALS(*rparam,0,desc.errcode); SSVAL(*rparam,2,0); SSVAL(*rparam,4,succnt); @@ -3366,7 +3365,7 @@ static BOOL api_WPrintPortEnum(connection_struct *conn,uint16 vuid, char *param, if (strcmp(str1,"WrLeh") != 0) return False; if (uLevel != 0 || strcmp(str2,"B9") != 0) return False; - if (mdrcnt > 0) *rdata = REALLOC(*rdata,mdrcnt); + if (mdrcnt > 0) *rdata = SMB_REALLOC_LIMIT(*rdata,mdrcnt); memset((char *)&desc,'\0',sizeof(desc)); desc.base = *rdata; desc.buflen = mdrcnt; @@ -3380,7 +3379,7 @@ static BOOL api_WPrintPortEnum(connection_struct *conn,uint16 vuid, char *param, *rdata_len = desc.usedlen; *rparam_len = 8; - *rparam = REALLOC(*rparam,*rparam_len); + *rparam = SMB_REALLOC_LIMIT(*rparam,*rparam_len); SSVALS(*rparam,0,desc.errcode); SSVAL(*rparam,2,0); SSVAL(*rparam,4,succnt); @@ -3422,7 +3421,7 @@ static BOOL api_RNetSessionEnum(connection_struct *conn,uint16 vuid, char *param num_sessions = list_sessions(&session_list); - if (mdrcnt > 0) *rdata = REALLOC(*rdata,mdrcnt); + if (mdrcnt > 0) *rdata = SMB_REALLOC_LIMIT(*rdata,mdrcnt); memset((char *)&desc,'\0',sizeof(desc)); desc.base = *rdata; desc.buflen = mdrcnt; @@ -3446,7 +3445,7 @@ static BOOL api_RNetSessionEnum(connection_struct *conn,uint16 vuid, char *param *rdata_len = desc.usedlen; *rparam_len = 8; - *rparam = REALLOC(*rparam,*rparam_len); + *rparam = SMB_REALLOC_LIMIT(*rparam,*rparam_len); SSVALS(*rparam,0,desc.errcode); SSVAL(*rparam,2,0); /* converter */ SSVAL(*rparam,4,num_sessions); /* count */ @@ -3466,7 +3465,7 @@ static BOOL api_TooSmall(connection_struct *conn,uint16 vuid, char *param,char * int *rdata_len,int *rparam_len) { *rparam_len = MIN(*rparam_len,mprcnt); - *rparam = REALLOC(*rparam,*rparam_len); + *rparam = SMB_REALLOC_LIMIT(*rparam,*rparam_len); *rdata_len = 0; @@ -3488,7 +3487,7 @@ static BOOL api_Unsupported(connection_struct *conn,uint16 vuid, char *param,cha int *rdata_len,int *rparam_len) { *rparam_len = 4; - *rparam = REALLOC(*rparam,*rparam_len); + *rparam = SMB_REALLOC_LIMIT(*rparam,*rparam_len); *rdata_len = 0; @@ -3595,11 +3594,11 @@ int api_reply(connection_struct *conn,uint16 vuid,char *outbuf,char *data,char * return ERROR_NT(NT_STATUS_ACCESS_DENIED); } - rdata = (char *)malloc(1024); + rdata = (char *)SMB_MALLOC(1024); if (rdata) memset(rdata,'\0',1024); - rparam = (char *)malloc(1024); + rparam = (char *)SMB_MALLOC(1024); if (rparam) memset(rparam,'\0',1024); diff --git a/source/smbd/mangle_hash.c b/source/smbd/mangle_hash.c index 26ddf1b3a3d..0067023e610 100644 --- a/source/smbd/mangle_hash.c +++ b/source/smbd/mangle_hash.c @@ -476,7 +476,7 @@ static BOOL check_cache( char *s, size_t maxlen ) if(data_val.dptr == NULL || data_val.dsize == 0) { ext_start = strrchr( s, '.' ); if( ext_start ) { - if((saved_ext = strdup(ext_start)) == NULL) + if((saved_ext = SMB_STRDUP(ext_start)) == NULL) return False; *ext_start = '\0'; @@ -624,7 +624,7 @@ static void name_map(char *OutName, BOOL need83, BOOL cache83, int default_case) /* mangle it into 8.3 */ if (cache83) - tmp = strdup(OutName); + tmp = SMB_STRDUP(OutName); to_8_3(OutName, default_case); diff --git a/source/smbd/mangle_hash2.c b/source/smbd/mangle_hash2.c index c6ad1215b09..4896cfb17be 100644 --- a/source/smbd/mangle_hash2.c +++ b/source/smbd/mangle_hash2.c @@ -153,13 +153,19 @@ static u32 mangle_hash(const char *key, unsigned int length) */ static BOOL cache_init(void) { - if (prefix_cache) return True; + if (prefix_cache) { + return True; + } - prefix_cache = calloc(MANGLE_CACHE_SIZE, sizeof(char *)); - if (!prefix_cache) return False; + prefix_cache = SMB_CALLOC_ARRAY(char *,MANGLE_CACHE_SIZE); + if (!prefix_cache) { + return False; + } - prefix_cache_hashes = calloc(MANGLE_CACHE_SIZE, sizeof(u32)); - if (!prefix_cache_hashes) return False; + prefix_cache_hashes = SMB_CALLOC_ARRAY(u32, MANGLE_CACHE_SIZE); + if (!prefix_cache_hashes) { + return False; + } return True; } @@ -175,7 +181,7 @@ static void cache_insert(const char *prefix, int length, u32 hash) free(prefix_cache[i]); } - prefix_cache[i] = strndup(prefix, length); + prefix_cache[i] = SMB_STRNDUP(prefix, length); prefix_cache_hashes[i] = hash; } diff --git a/source/smbd/msdfs.c b/source/smbd/msdfs.c index 6c132897f98..b5ae7486d38 100644 --- a/source/smbd/msdfs.c +++ b/source/smbd/msdfs.c @@ -189,7 +189,7 @@ static BOOL parse_symlink(char* buf,struct referral** preflist, DEBUG(10,("parse_symlink: count=%d\n", count)); - reflist = *preflist = (struct referral*) malloc(count * sizeof(struct referral)); + reflist = *preflist = SMB_MALLOC_ARRAY(struct referral, count); if(reflist == NULL) { DEBUG(0,("parse_symlink: Malloc failed!\n")); return False; @@ -417,7 +417,7 @@ static BOOL self_ref(char *pathname, struct junction_map *jucn, *self_referralp = True; jucn->referral_count = 1; - if((ref = (struct referral*) malloc(sizeof(struct referral))) == NULL) { + if((ref = SMB_MALLOC_P(struct referral)) == NULL) { DEBUG(0,("self_ref: malloc failed for referral\n")); return False; } @@ -503,7 +503,7 @@ BOOL get_referred_path(char *pathname, struct junction_map *jucn, self_referralp); jucn->referral_count = 1; - if ((ref = (struct referral*) malloc(sizeof(struct referral))) == NULL) { + if ((ref = SMB_MALLOC_P(struct referral)) == NULL) { DEBUG(0, ("malloc failed for referral\n")); goto out; } @@ -595,7 +595,7 @@ static int setup_ver2_dfs_referral(char* pathname, char** ppdata, /* add the unexplained 0x16 bytes */ reply_size += 0x16; - pdata = Realloc(pdata,reply_size); + pdata = SMB_REALLOC(pdata,reply_size); if(pdata == NULL) { DEBUG(0,("malloc failed for Realloc!\n")); return -1; @@ -676,7 +676,7 @@ static int setup_ver3_dfs_referral(char* pathname, char** ppdata, reply_size += (strlen(junction->referral_list[i].alternate_path)+1)*2; } - pdata = Realloc(pdata,reply_size); + pdata = SMB_REALLOC(pdata,reply_size); if(pdata == NULL) { DEBUG(0,("version3 referral setup: malloc failed for Realloc!\n")); return -1; @@ -962,8 +962,7 @@ static BOOL form_junctions(int snum, struct junction_map* jucn, int* jn_count) jucn[cnt].volume_name[0] = '\0'; jucn[cnt].referral_count = 1; - ref = jucn[cnt].referral_list - = (struct referral*) malloc(sizeof(struct referral)); + ref = jucn[cnt].referral_list = SMB_MALLOC_P(struct referral); if (jucn[cnt].referral_list == NULL) { DEBUG(0, ("Malloc failed!\n")); goto out; diff --git a/source/smbd/notify.c b/source/smbd/notify.c index 9adf827c794..92b86f350c7 100644 --- a/source/smbd/notify.c +++ b/source/smbd/notify.c @@ -178,7 +178,7 @@ BOOL change_notify_set(char *inbuf, files_struct *fsp, connection_struct *conn, { struct change_notify *cnbp; - if((cnbp = (struct change_notify *)malloc(sizeof(*cnbp))) == NULL) { + if((cnbp = SMB_MALLOC_P(struct change_notify)) == NULL) { DEBUG(0,("change_notify_set: malloc fail !\n" )); return -1; } diff --git a/source/smbd/ntquotas.c b/source/smbd/ntquotas.c index 555f32d773f..8fbf858008b 100644 --- a/source/smbd/ntquotas.c +++ b/source/smbd/ntquotas.c @@ -199,14 +199,14 @@ int vfs_get_user_ntquota_list(files_struct *fsp, SMB_NTQUOTA_LIST **qt_list) DEBUG(15,("quota entry for id[%s] path[%s]\n", sid_string_static(&sid),fsp->conn->connectpath)); - if ((tmp_list_ent=(SMB_NTQUOTA_LIST *)talloc_zero(mem_ctx,sizeof(SMB_NTQUOTA_LIST)))==NULL) { + if ((tmp_list_ent=TALLOC_ZERO_P(mem_ctx,SMB_NTQUOTA_LIST))==NULL) { DEBUG(0,("talloc_zero() failed\n")); *qt_list = NULL; talloc_destroy(mem_ctx); return (-1); } - if ((tmp_list_ent->quotas=(SMB_NTQUOTA_STRUCT *)talloc_zero(mem_ctx,sizeof(SMB_NTQUOTA_STRUCT)))==NULL) { + if ((tmp_list_ent->quotas=TALLOC_ZERO_P(mem_ctx,SMB_NTQUOTA_STRUCT))==NULL) { DEBUG(0,("talloc_zero() failed\n")); *qt_list = NULL; talloc_destroy(mem_ctx); @@ -232,7 +232,7 @@ void *init_quota_handle(TALLOC_CTX *mem_ctx) if (!mem_ctx) return False; - qt_handle = (SMB_NTQUOTA_HANDLE *)talloc_zero(mem_ctx,sizeof(SMB_NTQUOTA_HANDLE)); + qt_handle = TALLOC_ZERO_P(mem_ctx,SMB_NTQUOTA_HANDLE); if (qt_handle==NULL) { DEBUG(0,("talloc_zero() failed\n")); return NULL; diff --git a/source/smbd/nttrans.c b/source/smbd/nttrans.c index eaaf68d6895..755b5abb160 100644 --- a/source/smbd/nttrans.c +++ b/source/smbd/nttrans.c @@ -58,11 +58,12 @@ static char *nttrans_realloc(char **ptr, size_t size) if (ptr==NULL) smb_panic("nttrans_realloc() called with NULL ptr\n"); - tptr = Realloc_zero(*ptr, size); + tptr = SMB_REALLOC(*ptr, size); if(tptr == NULL) { *ptr = NULL; return NULL; } + memset(tptr,'\0',size); *ptr = tptr; @@ -2141,7 +2142,7 @@ static int call_nt_transact_ioctl(connection_struct *conn, char *inbuf, char *ou return ERROR_NT(NT_STATUS_NO_MEMORY); } - shadow_data = (SHADOW_COPY_DATA *)talloc_zero(shadow_mem_ctx,sizeof(SHADOW_COPY_DATA)); + shadow_data = TALLOC_ZERO_P(shadow_mem_ctx,SHADOW_COPY_DATA); if (shadow_data == NULL) { DEBUG(0,("talloc_zero() failed!\n")); return ERROR_NT(NT_STATUS_NO_MEMORY); @@ -2452,6 +2453,10 @@ static int call_nt_transact_get_user_quota(connection_struct *conn, char *inbuf, } sid_len = IVAL(pdata,4); + /* Ensure this is less than 1mb. */ + if (sid_len > (1024*1024)) { + return ERROR_DOS(ERRDOS,ERRnomem); + } if (data_count < 8+sid_len) { DEBUG(0,("TRANSACT_GET_USER_QUOTA_FOR_SID: requires %d >= %lu bytes data\n",data_count,(unsigned long)(8+sid_len))); @@ -2707,14 +2712,20 @@ due to being in oplock break state.\n", (unsigned int)function_code )); goto bad_param; } + /* Don't allow more than 128mb for each value. */ + if ((total_parameter_count > (1024*1024*128)) || (total_data_count > (1024*1024*128))) { + END_PROFILE(SMBnttrans); + return ERROR_DOS(ERRDOS,ERRnomem); + } + /* Allocate the space for the setup, the maximum needed parameters and data */ if(setup_count > 0) - setup = (char *)malloc(setup_count); + setup = (char *)SMB_MALLOC(setup_count); if (total_parameter_count > 0) - params = (char *)malloc(total_parameter_count); + params = (char *)SMB_MALLOC(total_parameter_count); if (total_data_count > 0) - data = (char *)malloc(total_data_count); + data = (char *)SMB_MALLOC(total_data_count); if ((total_parameter_count && !params) || (total_data_count && !data) || (setup_count && !setup)) { diff --git a/source/smbd/open.c b/source/smbd/open.c index 55970493fa1..278c195f10f 100644 --- a/source/smbd/open.c +++ b/source/smbd/open.c @@ -681,7 +681,7 @@ dev = %x, inode = %.0f\n", old_shares[i].op_type, fname, (unsigned int)dev, (dou return -1; } - broken_entry = malloc(sizeof(struct share_mode_entry_list)); + broken_entry = SMB_MALLOC_P(struct share_mode_entry_list); if (!broken_entry) { smb_panic("open_mode_check: malloc fail.\n"); } diff --git a/source/smbd/oplock.c b/source/smbd/oplock.c index 1ffc798b1fc..3ebf93e5608 100644 --- a/source/smbd/oplock.c +++ b/source/smbd/oplock.c @@ -740,12 +740,12 @@ static BOOL oplock_break(SMB_DEV_T dev, SMB_INO_T inode, unsigned long file_id, * messages crossing on the wire. */ - if((inbuf = (char *)malloc(BUFFER_SIZE + LARGE_WRITEX_HDR_SIZE + SAFETY_MARGIN))==NULL) { + if((inbuf = (char *)SMB_MALLOC(BUFFER_SIZE + LARGE_WRITEX_HDR_SIZE + SAFETY_MARGIN))==NULL) { DEBUG(0,("oplock_break: malloc fail for input buffer.\n")); return False; } - if((outbuf = (char *)malloc(BUFFER_SIZE + LARGE_WRITEX_HDR_SIZE + SAFETY_MARGIN))==NULL) { + if((outbuf = (char *)SMB_MALLOC(BUFFER_SIZE + LARGE_WRITEX_HDR_SIZE + SAFETY_MARGIN))==NULL) { DEBUG(0,("oplock_break: malloc fail for output buffer.\n")); SAFE_FREE(inbuf); return False; diff --git a/source/smbd/password.c b/source/smbd/password.c index eb389d7013d..213ef98ea34 100644 --- a/source/smbd/password.c +++ b/source/smbd/password.c @@ -139,7 +139,7 @@ int register_vuid(auth_serversupplied_info *server_info, DATA_BLOB session_key, return UID_FIELD_INVALID; } - if((vuser = (user_struct *)malloc( sizeof(user_struct) )) == NULL) { + if((vuser = SMB_MALLOC_P(user_struct)) == NULL) { DEBUG(0,("Failed to malloc users struct!\n")); data_blob_free(&session_key); return UID_FIELD_INVALID; @@ -316,7 +316,7 @@ void add_session_user(const char *user) DEBUG(3,("add_session_user: session userlist already too large.\n")); return; } - newlist = Realloc( session_userlist, len_session_userlist + PSTRING_LEN ); + newlist = SMB_REALLOC( session_userlist, len_session_userlist + PSTRING_LEN ); if( newlist == NULL ) { DEBUG(1,("Unable to resize session_userlist\n")); return; @@ -498,9 +498,9 @@ BOOL authorise_login(int snum, fstring user, DATA_BLOB password, char *user_list = NULL; if ( session_userlist ) - user_list = strdup(session_userlist); + user_list = SMB_STRDUP(session_userlist); else - user_list = strdup(""); + user_list = SMB_STRDUP(""); if (!user_list) return(False); diff --git a/source/smbd/posix_acls.c b/source/smbd/posix_acls.c index 0ba4437303d..321d5e20ab4 100644 --- a/source/smbd/posix_acls.c +++ b/source/smbd/posix_acls.c @@ -166,7 +166,7 @@ static char *create_pai_buf(canon_ace *file_ace_list, canon_ace *dir_ace_list, B *store_size = PAI_ENTRIES_BASE + ((num_entries + num_def_entries)*PAI_ENTRY_LENGTH); - pai_buf = malloc(*store_size); + pai_buf = SMB_MALLOC(*store_size); if (!pai_buf) { return NULL; } @@ -343,7 +343,7 @@ static struct pai_val *create_pai_val(char *buf, size_t size) if (!check_pai_ok(buf, size)) return NULL; - paiv = malloc(sizeof(struct pai_val)); + paiv = SMB_MALLOC_P(struct pai_val); if (!paiv) return NULL; @@ -362,7 +362,7 @@ static struct pai_val *create_pai_val(char *buf, size_t size) for (i = 0; i < paiv->num_entries; i++) { struct pai_entry *paie; - paie = malloc(sizeof(struct pai_entry)); + paie = SMB_MALLOC_P(struct pai_entry); if (!paie) { free_inherited_info(paiv); return NULL; @@ -393,7 +393,7 @@ static struct pai_val *create_pai_val(char *buf, size_t size) for (i = 0; i < paiv->num_def_entries; i++) { struct pai_entry *paie; - paie = malloc(sizeof(struct pai_entry)); + paie = SMB_MALLOC_P(struct pai_entry); if (!paie) { free_inherited_info(paiv); return NULL; @@ -438,7 +438,7 @@ static struct pai_val *load_inherited_info(files_struct *fsp) if (!lp_map_acl_inherit(SNUM(fsp->conn))) return NULL; - if ((pai_buf = malloc(pai_buf_size)) == NULL) + if ((pai_buf = SMB_MALLOC(pai_buf_size)) == NULL) return NULL; do { @@ -456,7 +456,10 @@ static struct pai_val *load_inherited_info(files_struct *fsp) /* Buffer too small - enlarge it. */ pai_buf_size *= 2; SAFE_FREE(pai_buf); - if ((pai_buf = malloc(pai_buf_size)) == NULL) + if (pai_buf_size > 1024*1024) { + return NULL; /* Limit malloc to 1mb. */ + } + if ((pai_buf = SMB_MALLOC(pai_buf_size)) == NULL) return NULL; } } while (ret == -1); @@ -523,7 +526,7 @@ static void free_canon_ace_list( canon_ace *list_head ) static canon_ace *dup_canon_ace( canon_ace *src_ace) { - canon_ace *dst_ace = (canon_ace *)malloc(sizeof(canon_ace)); + canon_ace *dst_ace = SMB_MALLOC_P(canon_ace); if (dst_ace == NULL) return NULL; @@ -1083,7 +1086,7 @@ static BOOL ensure_canon_entry_valid(canon_ace **pp_ace, } if (!got_user) { - if ((pace = (canon_ace *)malloc(sizeof(canon_ace))) == NULL) { + if ((pace = SMB_MALLOC_P(canon_ace)) == NULL) { DEBUG(0,("ensure_canon_entry_valid: malloc fail.\n")); return False; } @@ -1113,7 +1116,7 @@ static BOOL ensure_canon_entry_valid(canon_ace **pp_ace, } if (!got_grp) { - if ((pace = (canon_ace *)malloc(sizeof(canon_ace))) == NULL) { + if ((pace = SMB_MALLOC_P(canon_ace)) == NULL) { DEBUG(0,("ensure_canon_entry_valid: malloc fail.\n")); return False; } @@ -1139,7 +1142,7 @@ static BOOL ensure_canon_entry_valid(canon_ace **pp_ace, } if (!got_other) { - if ((pace = (canon_ace *)malloc(sizeof(canon_ace))) == NULL) { + if ((pace = SMB_MALLOC_P(canon_ace)) == NULL) { DEBUG(0,("ensure_canon_entry_valid: malloc fail.\n")); return False; } @@ -1323,7 +1326,7 @@ static BOOL create_canon_ace_lists(files_struct *fsp, SMB_STRUCT_STAT *pst, * Create a cannon_ace entry representing this NT DACL ACE. */ - if ((current_ace = (canon_ace *)malloc(sizeof(canon_ace))) == NULL) { + if ((current_ace = SMB_MALLOC_P(canon_ace)) == NULL) { free_canon_ace_list(file_ace); free_canon_ace_list(dir_ace); DEBUG(0,("create_canon_ace_lists: malloc fail.\n")); @@ -2161,7 +2164,7 @@ static canon_ace *canonicalise_acl( files_struct *fsp, SMB_ACL_T posix_acl, SMB_ * Add this entry to the list. */ - if ((ace = (canon_ace *)malloc(sizeof(canon_ace))) == NULL) + if ((ace = SMB_MALLOC_P(canon_ace)) == NULL) goto fail; ZERO_STRUCTP(ace); @@ -2793,7 +2796,7 @@ size_t get_nt_acl(files_struct *fsp, uint32 security_info, SEC_DESC **ppdesc) num_dir_acls = count_canon_ace_list(dir_ace); /* Allocate the ace list. */ - if ((nt_ace_list = (SEC_ACE *)malloc((num_acls + num_profile_acls + num_dir_acls)* sizeof(SEC_ACE))) == NULL) { + if ((nt_ace_list = SMB_MALLOC_ARRAY(SEC_ACE, num_acls + num_profile_acls + num_dir_acls)) == NULL) { DEBUG(0,("get_nt_acl: Unable to malloc space for nt_ace_list.\n")); goto done; } diff --git a/source/smbd/process.c b/source/smbd/process.c index 5be68d9f0a1..8adc5c2e665 100644 --- a/source/smbd/process.c +++ b/source/smbd/process.c @@ -85,8 +85,7 @@ static void free_queued_message(struct pending_message_list *msg) static BOOL push_queued_message(enum q_type qt, char *buf, int msg_len, struct timeval *ptv, char *private, size_t private_len) { struct pending_message_list *tmp_msg; - struct pending_message_list *msg = (struct pending_message_list *) - malloc(sizeof(struct pending_message_list)); + struct pending_message_list *msg = SMB_MALLOC_P(struct pending_message_list); if(msg == NULL) { DEBUG(0,("push_message: malloc fail (1)\n")); @@ -1498,8 +1497,8 @@ void smbd_process(void) unsigned int num_smbs = 0; const size_t total_buffer_size = BUFFER_SIZE + LARGE_WRITEX_HDR_SIZE + SAFETY_MARGIN; - InBuffer = (char *)malloc(total_buffer_size); - OutBuffer = (char *)malloc(total_buffer_size); + InBuffer = (char *)SMB_MALLOC(total_buffer_size); + OutBuffer = (char *)SMB_MALLOC(total_buffer_size); if ((InBuffer == NULL) || (OutBuffer == NULL)) return; diff --git a/source/smbd/reply.c b/source/smbd/reply.c index 845f0588670..6135c36580b 100644 --- a/source/smbd/reply.c +++ b/source/smbd/reply.c @@ -900,7 +900,7 @@ int reply_search(connection_struct *conn, char *inbuf,char *outbuf, int dum_size END_PROFILE(SMBsearch); return ERROR_DOS(ERRDOS,ERRnofids); } - dptr_set_wcard(dptr_num, strdup(mask)); + dptr_set_wcard(dptr_num, SMB_STRDUP(mask)); dptr_set_attr(dptr_num, dirtype); } else { dirtype = dptr_attr(dptr_num); @@ -4884,7 +4884,7 @@ int reply_writebmpx(connection_struct *conn, char *inbuf,char *outbuf, int size, if(fsp->wbmpx_ptr != NULL) wbms = fsp->wbmpx_ptr; /* Use an existing struct */ else - wbms = (write_bmpx_struct *)malloc(sizeof(write_bmpx_struct)); + wbms = SMB_MALLOC_P(write_bmpx_struct); if(!wbms) { DEBUG(0,("Out of memory in reply_readmpx\n")); END_PROFILE(SMBwriteBmpx); diff --git a/source/smbd/sec_ctx.c b/source/smbd/sec_ctx.c index 8a85792ead5..a5411b94a17 100644 --- a/source/smbd/sec_ctx.c +++ b/source/smbd/sec_ctx.c @@ -154,7 +154,7 @@ int get_current_groups(gid_t gid, int *p_ngroups, gid_t **p_groups) goto fail; } - if((groups = (gid_t *)malloc(sizeof(gid_t)*(ngroups+1))) == NULL) { + if((groups = SMB_MALLOC_ARRAY(gid_t, ngroups+1)) == NULL) { DEBUG(0,("setup_groups malloc fail !\n")); goto fail; } @@ -260,7 +260,7 @@ BOOL push_sec_ctx(void) ctx_p->ngroups = sys_getgroups(0, NULL); if (ctx_p->ngroups != 0) { - if (!(ctx_p->groups = malloc(ctx_p->ngroups * sizeof(gid_t)))) { + if (!(ctx_p->groups = SMB_MALLOC_ARRAY(gid_t, ctx_p->ngroups))) { DEBUG(0, ("Out of memory in push_sec_ctx()\n")); delete_nt_token(&ctx_p->token); return False; diff --git a/source/smbd/session.c b/source/smbd/session.c index 91ebaeb830b..9a9a0d90b24 100644 --- a/source/smbd/session.c +++ b/source/smbd/session.c @@ -151,7 +151,7 @@ BOOL session_claim(user_struct *vuser) sessionid.id_str, sessionid.id_num); } - vuser->session_keystr = strdup(keystr); + vuser->session_keystr = SMB_STRDUP(keystr); if (!vuser->session_keystr) { DEBUG(0, ("session_claim: strdup() failed for session_keystr\n")); return False; @@ -221,8 +221,8 @@ static int gather_sessioninfo(TDB_CONTEXT *stdb, TDB_DATA kbuf, TDB_DATA dbuf, const struct sessionid *current = (const struct sessionid *) dbuf.dptr; sesslist->count += 1; - sesslist->sessions = REALLOC(sesslist->sessions, sesslist->count * - sizeof(struct sessionid)); + sesslist->sessions = SMB_REALLOC_ARRAY(sesslist->sessions, struct sessionid, + sesslist->count); memcpy(&sesslist->sessions[sesslist->count - 1], current, sizeof(struct sessionid)); diff --git a/source/smbd/statcache.c b/source/smbd/statcache.c index ba37d4927cc..cfc5286327b 100644 --- a/source/smbd/statcache.c +++ b/source/smbd/statcache.c @@ -76,7 +76,7 @@ void stat_cache_add( const char *full_orig_name, const char *orig_translated_pat * translated path. */ - translated_path = strdup(orig_translated_path); + translated_path = SMB_STRDUP(orig_translated_path); if (!translated_path) return; @@ -88,7 +88,7 @@ void stat_cache_add( const char *full_orig_name, const char *orig_translated_pat } if(case_sensitive) { - original_path = strdup(full_orig_name); + original_path = SMB_STRDUP(full_orig_name); } else { original_path = strdup_upper(full_orig_name); } @@ -179,7 +179,7 @@ BOOL stat_cache_lookup(connection_struct *conn, pstring name, pstring dirpath, return False; if (conn->case_sensitive) { - chk_name = strdup(name); + chk_name = SMB_STRDUP(name); if (!chk_name) { DEBUG(0, ("stat_cache_lookup: strdup failed!\n")); return False; diff --git a/source/smbd/trans2.c b/source/smbd/trans2.c index ac282ed95fc..720ede9c767 100644 --- a/source/smbd/trans2.c +++ b/source/smbd/trans2.c @@ -115,7 +115,7 @@ static BOOL get_ea_value(TALLOC_CTX *mem_ctx, connection_struct *conn, files_str again: - val = talloc_realloc(mem_ctx, val, attr_size); + val = TALLOC_REALLOC_ARRAY(mem_ctx, val, char, attr_size); if (!val) { return False; } @@ -169,8 +169,8 @@ static struct ea_list *get_ea_list(TALLOC_CTX *mem_ctx, connection_struct *conn, return NULL; } - for (i = 0, ea_namelist = talloc(mem_ctx, ea_namelist_size); i < 6; - ea_namelist = talloc_realloc(mem_ctx, ea_namelist, ea_namelist_size), i++) { + for (i = 0, ea_namelist = TALLOC(mem_ctx, ea_namelist_size); i < 6; + ea_namelist = TALLOC_REALLOC_ARRAY(mem_ctx, ea_namelist, char, ea_namelist_size), i++) { if (fsp && fsp->fd != -1) { sizeret = SMB_VFS_FLISTXATTR(fsp, fsp->fd, ea_namelist, ea_namelist_size); } else { @@ -196,7 +196,7 @@ static struct ea_list *get_ea_list(TALLOC_CTX *mem_ctx, connection_struct *conn, if (strnequal(p, "system.", 7) || samba_private_attr_name(p)) continue; - listp = talloc(mem_ctx, sizeof(struct ea_list)); + listp = TALLOC_P(mem_ctx, struct ea_list); if (!listp) return NULL; @@ -671,7 +671,7 @@ static int call_trans2open(connection_struct *conn, char *inbuf, char *outbuf, i } /* Realloc the size of parameters and data we will return */ - params = Realloc(*pparams, 28); + params = SMB_REALLOC(*pparams, 28); if( params == NULL ) return(ERROR_DOS(ERRDOS,ERRnomem)); *pparams = params; @@ -1411,7 +1411,7 @@ close_if_end = %d requires_resume_key = %d level = 0x%x, max_data_bytes = %d\n", DEBUG(5,("dir=%s, mask = %s\n",directory, mask)); - pdata = Realloc(*ppdata, max_data_bytes + DIR_ENTRY_SAFETY_MARGIN); + pdata = SMB_REALLOC(*ppdata, max_data_bytes + DIR_ENTRY_SAFETY_MARGIN); if( pdata == NULL ) return(ERROR_DOS(ERRDOS,ERRnomem)); @@ -1419,7 +1419,7 @@ close_if_end = %d requires_resume_key = %d level = 0x%x, max_data_bytes = %d\n", memset((char *)pdata,'\0',max_data_bytes + DIR_ENTRY_SAFETY_MARGIN); /* Realloc the params space */ - params = Realloc(*pparams, 10); + params = SMB_REALLOC(*pparams, 10); if (params == NULL) return ERROR_DOS(ERRDOS,ERRnomem); *pparams = params; @@ -1431,7 +1431,7 @@ close_if_end = %d requires_resume_key = %d level = 0x%x, max_data_bytes = %d\n", /* Save the wildcard match and attribs we are using on this directory - needed as lanman2 assumes these are being saved between calls */ - if(!(wcard = strdup(mask))) { + if(!(wcard = SMB_STRDUP(mask))) { dptr_close(&dptr_num); return ERROR_DOS(ERRDOS,ERRnomem); } @@ -1609,7 +1609,7 @@ resume_key = %d resume name = %s continue=%d level = %d\n", return ERROR_DOS(ERRDOS,ERRunknownlevel); } - pdata = Realloc( *ppdata, max_data_bytes + DIR_ENTRY_SAFETY_MARGIN); + pdata = SMB_REALLOC( *ppdata, max_data_bytes + DIR_ENTRY_SAFETY_MARGIN); if(pdata == NULL) return ERROR_DOS(ERRDOS,ERRnomem); @@ -1617,7 +1617,7 @@ resume_key = %d resume name = %s continue=%d level = %d\n", memset((char *)pdata,'\0',max_data_bytes + DIR_ENTRY_SAFETY_MARGIN); /* Realloc the params space */ - params = Realloc(*pparams, 6*SIZEOFWORD); + params = SMB_REALLOC(*pparams, 6*SIZEOFWORD); if( params == NULL ) return ERROR_DOS(ERRDOS,ERRnomem); @@ -1829,7 +1829,7 @@ static int call_trans2qfsinfo(connection_struct *conn, char *inbuf, char *outbuf return ERROR_DOS(ERRSRV,ERRinvdevice); } - pdata = Realloc(*ppdata, max_data_bytes + DIR_ENTRY_SAFETY_MARGIN); + pdata = SMB_REALLOC(*ppdata, max_data_bytes + DIR_ENTRY_SAFETY_MARGIN); if ( pdata == NULL ) return ERROR_DOS(ERRDOS,ERRnomem); @@ -2395,13 +2395,13 @@ static int call_trans2qfilepathinfo(connection_struct *conn, if (mode & aDIR) file_size = 0; - params = Realloc(*pparams,2); + params = SMB_REALLOC(*pparams,2); if (params == NULL) return ERROR_DOS(ERRDOS,ERRnomem); *pparams = params; memset((char *)params,'\0',2); data_size = max_data_bytes + DIR_ENTRY_SAFETY_MARGIN; - pdata = Realloc(*ppdata, data_size); + pdata = SMB_REALLOC(*ppdata, data_size); if ( pdata == NULL ) return ERROR_DOS(ERRDOS,ERRnomem); *ppdata = pdata; @@ -3096,7 +3096,7 @@ static int call_trans2setfilepathinfo(connection_struct *conn, tran_call,fname, fsp ? fsp->fnum : -1, info_level,total_data)); /* Realloc the parameter and data sizes */ - params = Realloc(*pparams,2); + params = SMB_REALLOC(*pparams,2); if(params == NULL) return ERROR_DOS(ERRDOS,ERRnomem); *pparams = params; @@ -3770,7 +3770,7 @@ static int call_trans2mkdir(connection_struct *conn, } /* Realloc the parameter and data sizes */ - params = Realloc(*pparams,2); + params = SMB_REALLOC(*pparams,2); if(params == NULL) return ERROR_DOS(ERRDOS,ERRnomem); *pparams = params; @@ -3810,7 +3810,7 @@ static int call_trans2findnotifyfirst(connection_struct *conn, } /* Realloc the parameter and data sizes */ - params = Realloc(*pparams,6); + params = SMB_REALLOC(*pparams,6); if(params == NULL) return ERROR_DOS(ERRDOS,ERRnomem); *pparams = params; @@ -3843,7 +3843,7 @@ static int call_trans2findnotifynext(connection_struct *conn, DEBUG(3,("call_trans2findnotifynext\n")); /* Realloc the parameter and data sizes */ - params = Realloc(*pparams,4); + params = SMB_REALLOC(*pparams,4); if(params == NULL) return ERROR_DOS(ERRDOS,ERRnomem); *pparams = params; @@ -3910,7 +3910,7 @@ static int call_trans2ioctl(connection_struct *conn, char* inbuf, if ((SVAL(inbuf,(smb_setup+4)) == LMCAT_SPL) && (SVAL(inbuf,(smb_setup+6)) == LMFUNC_GETJOBID)) { - pdata = Realloc(*ppdata, 32); + pdata = SMB_REALLOC(*ppdata, 32); if(pdata == NULL) return ERROR_DOS(ERRDOS,ERRnomem); *ppdata = pdata; @@ -4061,9 +4061,9 @@ int reply_trans2(connection_struct *conn, /* Allocate the space for the maximum needed parameters and data */ if (total_params > 0) - params = (char *)malloc(total_params); + params = (char *)SMB_MALLOC(total_params); if (total_data > 0) - data = (char *)malloc(total_data); + data = (char *)SMB_MALLOC(total_data); if ((total_params && !params) || (total_data && !data)) { DEBUG(2,("Out of memory in reply_trans2\n")); diff --git a/source/smbd/vfs.c b/source/smbd/vfs.c index 0328558fe88..68a6dca31dd 100644 --- a/source/smbd/vfs.c +++ b/source/smbd/vfs.c @@ -185,7 +185,7 @@ NTSTATUS smb_register_vfs(int version, const char *name, vfs_op_tuple *vfs_op_tu return NT_STATUS_OBJECT_NAME_COLLISION; } - entry = smb_xmalloc(sizeof(struct vfs_init_function_entry)); + entry = SMB_XMALLOC_P(struct vfs_init_function_entry); entry->name = smb_xstrdup(name); entry->vfs_op_tuples = vfs_op_tuples; @@ -258,7 +258,7 @@ BOOL vfs_init_custom(connection_struct *conn, const char *vfs_object) return False; } - handle = (vfs_handle_struct *)talloc_zero(conn->mem_ctx,sizeof(vfs_handle_struct)); + handle = TALLOC_ZERO_P(conn->mem_ctx,vfs_handle_struct); if (!handle) { DEBUG(0,("talloc_zero() failed!\n")); SAFE_FREE(module_name); @@ -681,7 +681,7 @@ static void array_promote(char *array,int elsize,int element) if (element == 0) return; - p = (char *)malloc(elsize); + p = (char *)SMB_MALLOC(elsize); if (!p) { DEBUG(5,("array_promote: malloc fail\n")); @@ -876,7 +876,7 @@ BOOL reduce_name(connection_struct *conn, const pstring fname) pstrcat(tmp_fname, last_component); #ifdef REALPATH_TAKES_NULL SAFE_FREE(resolved_name); - resolved_name = strdup(tmp_fname); + resolved_name = SMB_STRDUP(tmp_fname); if (!resolved_name) { DEBUG(0,("reduce_name: malloc fail for %s\n", tmp_fname)); errno = saved_errno; |