diff options
author | Jeremy Allison <jra@samba.org> | 2007-05-22 20:20:01 +0000 |
---|---|---|
committer | Jeremy Allison <jra@samba.org> | 2007-05-22 20:20:01 +0000 |
commit | 6c0daaca49a0d4840481f0ff5f6b89c0b1b7be35 (patch) | |
tree | 44b7a8a27afdc6764e94a95746295de38bac14d1 /source | |
parent | 8b66cd6121e8f0b86338a130668b653bde9b9ffe (diff) | |
download | samba-6c0daaca49a0d4840481f0ff5f6b89c0b1b7be35.tar.gz samba-6c0daaca49a0d4840481f0ff5f6b89c0b1b7be35.tar.xz samba-6c0daaca49a0d4840481f0ff5f6b89c0b1b7be35.zip |
r23080: Fix bug #4637 - we hads missed some cases where
we were calling PRS_ALLOC_MEM with zero count.
Jeremy.
Diffstat (limited to 'source')
-rw-r--r-- | source/libads/authdata.c | 36 | ||||
-rw-r--r-- | source/registry/regfio.c | 8 | ||||
-rw-r--r-- | source/rpc_parse/parse_lsa.c | 20 | ||||
-rw-r--r-- | source/rpc_parse/parse_net.c | 23 | ||||
-rw-r--r-- | source/rpc_parse/parse_prs.c | 48 | ||||
-rw-r--r-- | source/rpc_parse/parse_samr.c | 22 | ||||
-rw-r--r-- | source/rpc_parse/parse_spoolss.c | 34 | ||||
-rw-r--r-- | source/rpc_parse/parse_srv.c | 26 |
8 files changed, 133 insertions, 84 deletions
diff --git a/source/libads/authdata.c b/source/libads/authdata.c index 71294941a60..8e951dde805 100644 --- a/source/libads/authdata.c +++ b/source/libads/authdata.c @@ -120,10 +120,14 @@ static BOOL pac_io_krb_sid_and_attr_array(const char *desc, return False; if (UNMARSHALLING(ps)) { - array->krb_sid_and_attrs = PRS_ALLOC_MEM(ps, KRB_SID_AND_ATTRS, num); - if (!array->krb_sid_and_attrs) { - DEBUG(3, ("No memory available\n")); - return False; + if (num) { + array->krb_sid_and_attrs = PRS_ALLOC_MEM(ps, KRB_SID_AND_ATTRS, num); + if (!array->krb_sid_and_attrs) { + DEBUG(3, ("No memory available\n")); + return False; + } + } else { + array->krb_sid_and_attrs = NULL; } } @@ -184,10 +188,14 @@ static BOOL pac_io_group_membership_array(const char *desc, return False; if (UNMARSHALLING(ps)) { - array->group_membership = PRS_ALLOC_MEM(ps, GROUP_MEMBERSHIP, num); - if (!array->group_membership) { - DEBUG(3, ("No memory available\n")); - return False; + if (num) { + array->group_membership = PRS_ALLOC_MEM(ps, GROUP_MEMBERSHIP, num); + if (!array->group_membership) { + DEBUG(3, ("No memory available\n")); + return False; + } + } else { + array->group_membership = NULL; } } @@ -456,10 +464,14 @@ static BOOL pac_io_pac_signature_data(const char *desc, return False; if (UNMARSHALLING(ps) && length) { - data->signature.buffer = PRS_ALLOC_MEM(ps, uint8, siglen); - if (!data->signature.buffer) { - DEBUG(3, ("No memory available\n")); - return False; + if (siglen) { + data->signature.buffer = PRS_ALLOC_MEM(ps, uint8, siglen); + if (!data->signature.buffer) { + DEBUG(3, ("No memory available\n")); + return False; + } + } else { + data->signature.buffer = NULL; } } diff --git a/source/registry/regfio.c b/source/registry/regfio.c index 3a554177a4c..3e3e7e480c5 100644 --- a/source/registry/regfio.c +++ b/source/registry/regfio.c @@ -642,8 +642,12 @@ static BOOL hbin_prs_lf_records( const char *desc, REGF_HBIN *hbin, int depth, R return False; if ( UNMARSHALLING(&hbin->ps) ) { - if ( !(lf->hashes = PRS_ALLOC_MEM( &hbin->ps, REGF_HASH_REC, lf->num_keys )) ) - return False; + if (lf->num_keys) { + if ( !(lf->hashes = PRS_ALLOC_MEM( &hbin->ps, REGF_HASH_REC, lf->num_keys )) ) + return False; + } else { + lf->hashes = NULL; + } } for ( i=0; i<lf->num_keys; i++ ) { diff --git a/source/rpc_parse/parse_lsa.c b/source/rpc_parse/parse_lsa.c index 06ccec4ab34..0add8b2bb0c 100644 --- a/source/rpc_parse/parse_lsa.c +++ b/source/rpc_parse/parse_lsa.c @@ -1178,7 +1178,7 @@ static BOOL lsa_io_sid_enum(const char *desc, LSA_SID_ENUM *sen, prs_struct *ps, /* Mallocate memory if we're unpacking from the wire */ - if (UNMARSHALLING(ps)) { + if (UNMARSHALLING(ps) && sen->num_entries) { if ((sen->ptr_sid = PRS_ALLOC_MEM( ps, uint32, sen->num_entries)) == NULL) { DEBUG(3, ("init_lsa_sid_enum(): out of memory for " "ptr_sid\n")); @@ -1361,7 +1361,7 @@ static BOOL lsa_io_trans_names(const char *desc, LSA_TRANS_NAME_ENUM *trn, return False; } - if (UNMARSHALLING(ps)) { + if (UNMARSHALLING(ps) && trn->num_entries2) { if ((trn->name = PRS_ALLOC_MEM(ps, LSA_TRANS_NAME, trn->num_entries2)) == NULL) { return False; } @@ -1423,7 +1423,7 @@ static BOOL lsa_io_trans_names2(const char *desc, LSA_TRANS_NAME_ENUM2 *trn, return False; } - if (UNMARSHALLING(ps)) { + if (UNMARSHALLING(ps) && trn->num_entries2) { if ((trn->name = PRS_ALLOC_MEM(ps, LSA_TRANS_NAME2, trn->num_entries2)) == NULL) { return False; } @@ -1700,7 +1700,7 @@ BOOL lsa_io_r_lookup_names(const char *desc, LSA_R_LOOKUP_NAMES *out, prs_struct return False; } - if (UNMARSHALLING(ps)) { + if (UNMARSHALLING(ps) && out->num_entries2) { if ((out->dom_rid = PRS_ALLOC_MEM(ps, DOM_RID, out->num_entries2)) == NULL) { DEBUG(3, ("lsa_io_r_lookup_names(): out of memory\n")); @@ -1825,7 +1825,7 @@ BOOL lsa_io_r_lookup_names2(const char *desc, LSA_R_LOOKUP_NAMES2 *out, prs_stru return False; } - if (UNMARSHALLING(ps)) { + if (UNMARSHALLING(ps) && out->num_entries2) { if ((out->dom_rid = PRS_ALLOC_MEM(ps, DOM_RID2, out->num_entries2)) == NULL) { DEBUG(3, ("lsa_io_r_lookup_names2(): out of memory\n")); @@ -1978,7 +1978,7 @@ BOOL lsa_io_r_lookup_names3(const char *desc, LSA_R_LOOKUP_NAMES3 *out, prs_stru return False; } - if (UNMARSHALLING(ps)) { + if (UNMARSHALLING(ps) && out->num_entries2) { if ((out->trans_sids = PRS_ALLOC_MEM(ps, LSA_TRANSLATED_SID3, out->num_entries2)) == NULL) { DEBUG(3, ("lsa_io_r_lookup_names3(): out of memory\n")); @@ -2107,7 +2107,7 @@ BOOL lsa_io_r_lookup_names4(const char *desc, LSA_R_LOOKUP_NAMES4 *out, prs_stru return False; } - if (UNMARSHALLING(ps)) { + if (UNMARSHALLING(ps) && out->num_entries2) { if ((out->trans_sids = PRS_ALLOC_MEM(ps, LSA_TRANSLATED_SID3, out->num_entries2)) == NULL) { DEBUG(3, ("lsa_io_r_lookup_names4(): out of memory\n")); @@ -2346,7 +2346,7 @@ BOOL lsa_io_r_enum_privs(const char *desc, LSA_R_ENUM_PRIVS *out, prs_struct *ps if(!prs_uint32("count1", ps, depth, &out->count1)) return False; - if (UNMARSHALLING(ps)) + if (UNMARSHALLING(ps) && out->count1) if (!(out->privs = PRS_ALLOC_MEM(ps, LSA_PRIV_ENTRY, out->count1))) return False; @@ -3908,7 +3908,7 @@ static BOOL smb_io_lsa_data_buf(const char *desc, LSA_DATA_BUF *buf, prs_debug(ps, depth, desc, "smb_io_lsa_data_buf"); depth++; - if ( UNMARSHALLING(ps) ) { + if ( UNMARSHALLING(ps) && length ) { if ( !(buf->data = PRS_ALLOC_MEM( ps, uint8, length )) ) return False; } @@ -3922,7 +3922,7 @@ static BOOL smb_io_lsa_data_buf(const char *desc, LSA_DATA_BUF *buf, if (!prs_uint32("length", ps, depth, &buf->length)) return False; - if(!prs_uint8s(False, "data", ps, depth, buf->data, size)) + if(!prs_uint8s(False, "data", ps, depth, buf->data, length)) return False; return True; diff --git a/source/rpc_parse/parse_net.c b/source/rpc_parse/parse_net.c index 2d6a5e89caa..28e10caeec1 100644 --- a/source/rpc_parse/parse_net.c +++ b/source/rpc_parse/parse_net.c @@ -1729,9 +1729,13 @@ BOOL net_io_user_info3(const char *desc, NET_USER_INFO_3 *usr, prs_struct *ps, } if (UNMARSHALLING(ps)) { - usr->gids = PRS_ALLOC_MEM(ps, DOM_GID, usr->num_groups); - if (usr->gids == NULL) - return False; + if (usr->num_groups) { + usr->gids = PRS_ALLOC_MEM(ps, DOM_GID, usr->num_groups); + if (usr->gids == NULL) + return False; + } else { + usr->gids = NULL; + } } for (i = 0; i < usr->num_groups; i++) { @@ -1764,10 +1768,15 @@ BOOL net_io_user_info3(const char *desc, NET_USER_INFO_3 *usr, prs_struct *ps, return False; if (UNMARSHALLING(ps)) { - usr->other_sids = PRS_ALLOC_MEM(ps, DOM_SID2, usr->num_other_sids); - usr->other_sids_attrib = - PRS_ALLOC_MEM(ps, uint32, usr->num_other_sids); - + if (usr->num_other_sids) { + usr->other_sids = PRS_ALLOC_MEM(ps, DOM_SID2, usr->num_other_sids); + usr->other_sids_attrib = + PRS_ALLOC_MEM(ps, uint32, usr->num_other_sids); + } else { + usr->other_sids = NULL; + usr->other_sids_attrib = NULL; + } + if ((num_other_sids != 0) && ((usr->other_sids == NULL) || (usr->other_sids_attrib == NULL))) diff --git a/source/rpc_parse/parse_prs.c b/source/rpc_parse/parse_prs.c index 174a0223d3f..0edc7388de2 100644 --- a/source/rpc_parse/parse_prs.c +++ b/source/rpc_parse/parse_prs.c @@ -644,8 +644,12 @@ BOOL prs_pointer( const char *name, prs_struct *ps, int depth, return True; if (UNMARSHALLING(ps)) { - if ( !(*data = PRS_ALLOC_MEM(ps, char, data_size)) ) - return False; + if (data_size) { + if ( !(*data = PRS_ALLOC_MEM(ps, char, data_size)) ) + return False; + } else { + *data = NULL; + } } return prs_fn(name, ps, depth, *data); @@ -1016,16 +1020,16 @@ BOOL prs_buffer5(BOOL charmode, const char *name, prs_struct *ps, int depth, BUF if (q == NULL) return False; + /* If the string is empty, we don't have anything to stream */ + if (str->buf_len==0) + return True; + if (UNMARSHALLING(ps)) { str->buffer = PRS_ALLOC_MEM(ps,uint16,str->buf_len); if (str->buffer == NULL) return False; } - /* If the string is empty, we don't have anything to stream */ - if (str->buf_len==0) - return True; - p = (char *)str->buffer; dbg_rw_punival(charmode, name, depth, ps, q, p, str->buf_len); @@ -1055,6 +1059,8 @@ BOOL prs_regval_buffer(BOOL charmode, const char *name, prs_struct *ps, int dept buf->buffer = PRS_ALLOC_MEM(ps, uint16, buf->buf_max_len); if ( buf->buffer == NULL ) return False; + } else { + buf->buffer = NULL; } } @@ -1082,9 +1088,13 @@ BOOL prs_string2(BOOL charmode, const char *name, prs_struct *ps, int depth, STR if (str->str_str_len > str->str_max_len) { return False; } - str->buffer = PRS_ALLOC_MEM(ps,unsigned char, str->str_max_len); - if (str->buffer == NULL) - return False; + if (str->str_max_len) { + str->buffer = PRS_ALLOC_MEM(ps,unsigned char, str->str_max_len); + if (str->buffer == NULL) + return False; + } else { + str->buffer = NULL; + } } if (UNMARSHALLING(ps)) { @@ -1129,9 +1139,13 @@ BOOL prs_unistr2(BOOL charmode, const char *name, prs_struct *ps, int depth, UNI if (str->uni_str_len > str->uni_max_len) { return False; } - str->buffer = PRS_ALLOC_MEM(ps,uint16,str->uni_max_len); - if (str->buffer == NULL) - return False; + if (str->uni_max_len) { + str->buffer = PRS_ALLOC_MEM(ps,uint16,str->uni_max_len); + if (str->buffer == NULL) + return False; + } else { + str->buffer = NULL; + } } p = (char *)str->buffer; @@ -1156,9 +1170,13 @@ BOOL prs_unistr3(BOOL charmode, const char *name, UNISTR3 *str, prs_struct *ps, return False; if (UNMARSHALLING(ps)) { - str->str.buffer = PRS_ALLOC_MEM(ps,uint16,str->uni_str_len); - if (str->str.buffer == NULL) - return False; + if (str->uni_str_len) { + str->str.buffer = PRS_ALLOC_MEM(ps,uint16,str->uni_str_len); + if (str->str.buffer == NULL) + return False; + } else { + str->str.buffer = NULL; + } } p = (char *)str->str.buffer; diff --git a/source/rpc_parse/parse_samr.c b/source/rpc_parse/parse_samr.c index f73983f8329..6f50d2cbd74 100644 --- a/source/rpc_parse/parse_samr.c +++ b/source/rpc_parse/parse_samr.c @@ -3328,7 +3328,7 @@ BOOL samr_io_r_enum_domains(const char *desc, SAMR_R_ENUM_DOMAINS * r_u, if(!prs_uint32("num_entries3", ps, depth, &r_u->num_entries3)) return False; - if (UNMARSHALLING(ps)) { + if (UNMARSHALLING(ps) && r_u->num_entries2) { r_u->sam = PRS_ALLOC_MEM(ps,SAM_ENTRY,r_u->num_entries2); r_u->uni_dom_name = PRS_ALLOC_MEM(ps,UNISTR2,r_u->num_entries2); } @@ -3467,7 +3467,7 @@ BOOL samr_io_r_enum_dom_groups(const char *desc, SAMR_R_ENUM_DOM_GROUPS * r_u, if(!prs_uint32("num_entries3", ps, depth, &r_u->num_entries3)) return False; - if (UNMARSHALLING(ps)) { + if (UNMARSHALLING(ps) && r_u->num_entries2) { r_u->sam = PRS_ALLOC_MEM(ps,SAM_ENTRY,r_u->num_entries2); r_u->uni_grp_name = PRS_ALLOC_MEM(ps,UNISTR2,r_u->num_entries2); } @@ -4997,12 +4997,13 @@ BOOL samr_io_r_lookup_names(const char *desc, SAMR_R_LOOKUP_NAMES * r_u, return False; } - if (UNMARSHALLING(ps)) + if (UNMARSHALLING(ps) && r_u->num_rids2) { r_u->rids = PRS_ALLOC_MEM(ps, uint32, r_u->num_rids2); - if (!r_u->rids) { - DEBUG(0, ("NULL rids in samr_io_r_lookup_names\n")); - return False; + if (!r_u->rids) { + DEBUG(0, ("NULL rids in samr_io_r_lookup_names\n")); + return False; + } } for (i = 0; i < r_u->num_rids2; i++) { @@ -5026,12 +5027,13 @@ BOOL samr_io_r_lookup_names(const char *desc, SAMR_R_LOOKUP_NAMES * r_u, return False; } - if (UNMARSHALLING(ps)) + if (UNMARSHALLING(ps) && r_u->num_types2) { r_u->types = PRS_ALLOC_MEM(ps, uint32, r_u->num_types2); - if (!r_u->types) { - DEBUG(0, ("NULL types in samr_io_r_lookup_names\n")); - return False; + if (!r_u->types) { + DEBUG(0, ("NULL types in samr_io_r_lookup_names\n")); + return False; + } } for (i = 0; i < r_u->num_types2; i++) { diff --git a/source/rpc_parse/parse_spoolss.c b/source/rpc_parse/parse_spoolss.c index 060b53f44a9..00490fe798c 100644 --- a/source/rpc_parse/parse_spoolss.c +++ b/source/rpc_parse/parse_spoolss.c @@ -256,7 +256,7 @@ static BOOL smb_io_notify_option_type_ctr(const char *desc, SPOOL_NOTIFY_OPTION_ return False; /* reading */ - if (UNMARSHALLING(ps)) + if (UNMARSHALLING(ps) && ctr->count) if((ctr->type=PRS_ALLOC_MEM(ps,SPOOL_NOTIFY_OPTION_TYPE,ctr->count)) == NULL) return False; @@ -415,7 +415,7 @@ BOOL smb_io_notify_info_data_strings(const char *desc,SPOOL_NOTIFY_INFO_DATA *da if(!prs_uint32("string length", ps, depth, &data->notify_data.data.length)) return False; - if (UNMARSHALLING(ps)) { + if (UNMARSHALLING(ps) && data->notify_data.data.length) { data->notify_data.data.string = PRS_ALLOC_MEM(ps, uint16, data->notify_data.data.length); @@ -434,7 +434,7 @@ BOOL smb_io_notify_info_data_strings(const char *desc,SPOOL_NOTIFY_INFO_DATA *da case NOTIFY_POINTER: - if (UNMARSHALLING(ps)) { + if (UNMARSHALLING(ps) && data->notify_data.data.length) { data->notify_data.data.string = PRS_ALLOC_MEM(ps, uint16, data->notify_data.data.length); @@ -494,9 +494,13 @@ BOOL smb_io_notify_info_data_strings(const char *desc,SPOOL_NOTIFY_INFO_DATA *da /* Tallocate memory for string */ - data->notify_data.data.string = PRS_ALLOC_MEM(ps, uint16, x * 2); - if (!data->notify_data.data.string) - return False; + if (x) { + data->notify_data.data.string = PRS_ALLOC_MEM(ps, uint16, x * 2); + if (!data->notify_data.data.string) + return False; + } else { + data->notify_data.data.string = NULL; + } if(!prs_uint16uni(True,"string",ps,depth,data->notify_data.data.string,x)) return False; @@ -6005,14 +6009,14 @@ BOOL spoolss_io_q_setprinterdata(const char *desc, SPOOL_Q_SETPRINTERDATA *q_u, case REG_BINARY: case REG_DWORD: case REG_MULTI_SZ: - if (q_u->max_len) { - if (UNMARSHALLING(ps)) - q_u->data=PRS_ALLOC_MEM(ps, uint8, q_u->max_len); - if(q_u->data == NULL) - return False; - if(!prs_uint8s(False,"data", ps, depth, q_u->data, q_u->max_len)) - return False; - } + if (q_u->max_len) { + if (UNMARSHALLING(ps)) + q_u->data=PRS_ALLOC_MEM(ps, uint8, q_u->max_len); + if(q_u->data == NULL) + return False; + if(!prs_uint8s(False,"data", ps, depth, q_u->data, q_u->max_len)) + return False; + } if(!prs_align(ps)) return False; break; @@ -7035,7 +7039,7 @@ static BOOL spoolss_io_printer_enum_values_ctr(const char *desc, prs_struct *ps, /* first loop to write basic enum_value information */ - if (UNMARSHALLING(ps)) { + if (UNMARSHALLING(ps) && ctr->size_of_array) { ctr->values = PRS_ALLOC_MEM(ps, PRINTER_ENUM_VALUES, ctr->size_of_array); if (!ctr->values) return False; diff --git a/source/rpc_parse/parse_srv.c b/source/rpc_parse/parse_srv.c index f4e0e84d85a..b562b6d6f79 100644 --- a/source/rpc_parse/parse_srv.c +++ b/source/rpc_parse/parse_srv.c @@ -783,7 +783,7 @@ static BOOL srv_io_srv_share_ctr(const char *desc, SRV_SHARE_INFO_CTR *ctr, prs_ int num_entries = ctr->num_entries; int i; - if (UNMARSHALLING(ps)) { + if (UNMARSHALLING(ps) && num_entries) { if (!(info0 = PRS_ALLOC_MEM(ps, SRV_SHARE_INFO_0, num_entries))) return False; ctr->share.info0 = info0; @@ -809,7 +809,7 @@ static BOOL srv_io_srv_share_ctr(const char *desc, SRV_SHARE_INFO_CTR *ctr, prs_ int num_entries = ctr->num_entries; int i; - if (UNMARSHALLING(ps)) { + if (UNMARSHALLING(ps) && num_entries) { if (!(info1 = PRS_ALLOC_MEM(ps, SRV_SHARE_INFO_1, num_entries))) return False; ctr->share.info1 = info1; @@ -835,7 +835,7 @@ static BOOL srv_io_srv_share_ctr(const char *desc, SRV_SHARE_INFO_CTR *ctr, prs_ int num_entries = ctr->num_entries; int i; - if (UNMARSHALLING(ps)) { + if (UNMARSHALLING(ps) && num_entries) { if (!(info2 = PRS_ALLOC_MEM(ps,SRV_SHARE_INFO_2,num_entries))) return False; ctr->share.info2 = info2; @@ -860,7 +860,7 @@ static BOOL srv_io_srv_share_ctr(const char *desc, SRV_SHARE_INFO_CTR *ctr, prs_ int num_entries = ctr->num_entries; int i; - if (UNMARSHALLING(ps)) { + if (UNMARSHALLING(ps) && num_entries) { if (!(info501 = PRS_ALLOC_MEM(ps, SRV_SHARE_INFO_501, num_entries))) return False; ctr->share.info501 = info501; @@ -885,7 +885,7 @@ static BOOL srv_io_srv_share_ctr(const char *desc, SRV_SHARE_INFO_CTR *ctr, prs_ int num_entries = ctr->num_entries; int i; - if (UNMARSHALLING(ps)) { + if (UNMARSHALLING(ps) && num_entries) { if (!(info502 = PRS_ALLOC_MEM(ps,SRV_SHARE_INFO_502,num_entries))) return False; ctr->share.info502 = info502; @@ -911,7 +911,7 @@ static BOOL srv_io_srv_share_ctr(const char *desc, SRV_SHARE_INFO_CTR *ctr, prs_ int num_entries = ctr->num_entries; int i; - if (UNMARSHALLING(ps)) { + if (UNMARSHALLING(ps) && num_entries) { if (!(info1004 = PRS_ALLOC_MEM(ps,SRV_SHARE_INFO_1004,num_entries))) return False; ctr->share.info1004 = info1004; @@ -937,7 +937,7 @@ static BOOL srv_io_srv_share_ctr(const char *desc, SRV_SHARE_INFO_CTR *ctr, prs_ int num_entries = ctr->num_entries; int i; - if (UNMARSHALLING(ps)) { + if (UNMARSHALLING(ps) && num_entries) { if (!(info1005 = PRS_ALLOC_MEM(ps,SRV_SHARE_INFO_1005,num_entries))) return False; ctr->share.info1005 = info1005; @@ -957,7 +957,7 @@ static BOOL srv_io_srv_share_ctr(const char *desc, SRV_SHARE_INFO_CTR *ctr, prs_ int num_entries = ctr->num_entries; int i; - if (UNMARSHALLING(ps)) { + if (UNMARSHALLING(ps) && num_entries) { if (!(info1006 = PRS_ALLOC_MEM(ps,SRV_SHARE_INFO_1006,num_entries))) return False; ctr->share.info1006 = info1006; @@ -977,7 +977,7 @@ static BOOL srv_io_srv_share_ctr(const char *desc, SRV_SHARE_INFO_CTR *ctr, prs_ int num_entries = ctr->num_entries; int i; - if (UNMARSHALLING(ps)) { + if (UNMARSHALLING(ps) && num_entries) { if (!(info1007 = PRS_ALLOC_MEM(ps,SRV_SHARE_INFO_1007,num_entries))) return False; ctr->share.info1007 = info1007; @@ -1003,7 +1003,7 @@ static BOOL srv_io_srv_share_ctr(const char *desc, SRV_SHARE_INFO_CTR *ctr, prs_ int num_entries = ctr->num_entries; int i; - if (UNMARSHALLING(ps)) { + if (UNMARSHALLING(ps) && num_entries) { if (!(info1501 = PRS_ALLOC_MEM(ps,SRV_SHARE_INFO_1501,num_entries))) return False; ctr->share.info1501 = info1501; @@ -2466,7 +2466,7 @@ static BOOL srv_io_srv_file_ctr(const char *desc, SRV_FILE_INFO_CTR *ctr, prs_st int num_entries = ctr->num_entries; int i; - if (UNMARSHALLING(ps)) { + if (UNMARSHALLING(ps) && num_entries) { if (!(info3 = PRS_ALLOC_MEM(ps, FILE_INFO_3, num_entries))) return False; ctr->file.info3 = info3; @@ -3246,7 +3246,7 @@ BOOL srv_io_r_net_disk_enum(const char *desc, SRV_R_NET_DISK_ENUM *r_n, prs_stru r_n->disk_enum_ctr.entries_read = entries_read3; - if(UNMARSHALLING(ps)) { + if(UNMARSHALLING(ps) && entries_read3) { DISK_INFO *dinfo; @@ -3255,7 +3255,7 @@ BOOL srv_io_r_net_disk_enum(const char *desc, SRV_R_NET_DISK_ENUM *r_n, prs_stru r_n->disk_enum_ctr.disk_info = dinfo; } - for(i=0; i < r_n->disk_enum_ctr.entries_read; i++) { + for(i=0; i < entries_read3; i++) { if(!prs_uint32("unknown", ps, depth, &r_n->disk_enum_ctr.disk_info[i].unknown)) return False; |