diff options
26 files changed, 513 insertions, 412 deletions
diff --git a/source/include/client.h b/source/include/client.h index 625277d856c..748c7375e11 100644 --- a/source/include/client.h +++ b/source/include/client.h @@ -107,6 +107,8 @@ struct cli_state { int win95; uint32 capabilities; + TALLOC_CTX *mem_ctx; + /* * Only used in NT domain calls. */ diff --git a/source/include/ntdomain.h b/source/include/ntdomain.h index fe6704c2adc..7a47f6150e9 100644 --- a/source/include/ntdomain.h +++ b/source/include/ntdomain.h @@ -33,6 +33,8 @@ #include "rpc_creds.h" +#include "talloc.h" + /* * A bunch of stuff that was put into smb.h * in the NTDOM branch - it didn't belong there. @@ -64,6 +66,7 @@ typedef struct _prs_struct uint32 buffer_size; /* Current allocated size of the buffer. */ uint32 grow_size; /* size requested via prs_grow() calls */ char *data_p; /* The buffer itself. */ + TALLOC_CTX *mem_ctx; /* When unmarshalling, use this.... */ } prs_struct; /* @@ -131,17 +134,17 @@ typedef struct _input_data { struct msrpc_state { - fstring pipe_name; - struct user_creds usr; - struct ntdom_info nt; + fstring pipe_name; + struct user_creds usr; + struct ntdom_info nt; - int fd; - BOOL redirect; - BOOL initialised; - char *inbuf; - char *outbuf; + int fd; + BOOL redirect; + BOOL initialised; + char *inbuf; + char *outbuf; - uint32 pid; + uint32 pid; }; typedef struct pipes_struct @@ -208,9 +211,8 @@ typedef struct pipes_struct data that can be sent in the initial reply. */ int max_trans_reply; - /* remote, server-side rpc redirection */ - struct msrpc_state *m; - + /* talloc context to use when allocating memory on this pipe. */ + TALLOC_CTX *mem_ctx; } pipes_struct; struct api_struct diff --git a/source/include/proto.h b/source/include/proto.h index 9ea50db15ef..b6fce9edaac 100644 --- a/source/include/proto.h +++ b/source/include/proto.h @@ -271,6 +271,7 @@ int sys_pclose(int fd); TALLOC_CTX *talloc_init(void); void *talloc(TALLOC_CTX *t, size_t size); +void talloc_destroy_pool(TALLOC_CTX *t); void talloc_destroy(TALLOC_CTX *t); /*The following definitions come from lib/time.c */ @@ -1663,6 +1664,7 @@ BOOL parse_lpq_entry(int snum,char *line, /*The following definitions come from printing/nt_printing.c */ +#if OLD_NTDOMAIN BOOL nt_printing_init(void); int get_ntforms(nt_forms_struct **list); int write_ntforms(nt_forms_struct **list, int number); @@ -1694,6 +1696,7 @@ uint32 nt_printing_setsec(char *printername, SEC_DESC_BUF *secdesc_ctr); BOOL nt_printing_getsec(char *printername, SEC_DESC_BUF **secdesc_ctr); BOOL print_access_check(struct current_user *user, int snum, uint32 required_access); +#endif /*The following definitions come from printing/pcap.c */ @@ -2146,6 +2149,7 @@ BOOL lsa_io_r_close(char *desc, LSA_R_CLOSE *r_c, prs_struct *ps, int depth); /*The following definitions come from rpc_parse/parse_misc.c */ +void parse_talloc_free(void); BOOL smb_io_time(char *desc, NTTIME *nttime, prs_struct *ps, int depth); BOOL smb_io_lookup_level(char *desc, LOOKUP_LEVEL *level, prs_struct *ps, int depth); uint32 get_enum_hnd(ENUM_HND *enh); @@ -2174,7 +2178,6 @@ void init_buffer3_hex(BUFFER3 *str, char *buf); void init_buffer3_bytes(BUFFER3 *str, uint8 *buf, int len); BOOL smb_io_buffer3(char *desc, BUFFER3 *buf3, prs_struct *ps, int depth); BOOL smb_io_buffer5(char *desc, BUFFER5 *buf5, prs_struct *ps, int depth); -void free_buffer5(BUFFER5 *buf5); void init_buffer2(BUFFER2 *str, uint8 *buf, int len); BOOL smb_io_buffer2(char *desc, BUFFER2 *buf2, uint32 buffer, prs_struct *ps, int depth); void init_buf_unistr2(UNISTR2 *str, uint32 *ptr, const char *buf); @@ -2294,9 +2297,11 @@ BOOL net_io_r_sam_logoff(char *desc, NET_R_SAM_LOGOFF *r_l, prs_struct *ps, int void prs_dump(char *name, int v, prs_struct *ps); void prs_debug(prs_struct *ps, int depth, char *desc, char *fn_name); -BOOL prs_init(prs_struct *ps, uint32 size, uint8 align, BOOL io); +BOOL prs_init(prs_struct *ps, uint32 size, uint8 align, TALLOC_CTX *ctx, BOOL io); BOOL prs_read(prs_struct *ps, int fd, size_t len, int timeout); void prs_mem_free(prs_struct *ps); +char *prs_alloc_mem(prs_struct *ps, size_t size); +TALLOC_CTX *prs_get_mem_context(prs_struct *ps); void prs_give_memory(prs_struct *ps, char *buf, uint32 size, BOOL is_dynamic); char *prs_take_memory(prs_struct *ps, uint32 *psize); BOOL prs_set_buffer_size(prs_struct *ps, uint32 newsize); @@ -2333,7 +2338,7 @@ BOOL prs_uint32_pre(char *name, prs_struct *ps, int depth, uint32 *data32, uint3 BOOL prs_uint32_post(char *name, prs_struct *ps, int depth, uint32 *data32, uint32 ptr_uint32, uint32 data_size); int tdb_prs_store(TDB_CONTEXT *tdb, char *keystr, prs_struct *ps); -int tdb_prs_fetch(TDB_CONTEXT *tdb, char *keystr, prs_struct *ps); +int tdb_prs_fetch(TDB_CONTEXT *tdb, char *keystr, prs_struct *ps, TALLOC_CTX *mem_ctx); /*The following definitions come from rpc_parse/parse_reg.c */ diff --git a/source/include/rpc_misc.h b/source/include/rpc_misc.h index 5ef4044cb4e..6e585e7a0ef 100644 --- a/source/include/rpc_misc.h +++ b/source/include/rpc_misc.h @@ -125,7 +125,7 @@ typedef struct unihdr2_info typedef struct unistr_info { /* unicode characters. ***MUST*** be little-endian. ***MUST*** be null-terminated */ - uint16 buffer[MAX_UNISTRLEN]; + uint16 *buffer; } UNISTR; /* BUFHDR - buffer header */ @@ -145,7 +145,7 @@ typedef struct buffer2_info uint32 undoc; uint32 buf_len; /* unicode characters. ***MUST*** be little-endian. **NOT** necessarily null-terminated */ - uint16 buffer[MAX_UNISTRLEN]; + uint16 *buffer; } BUFFER2; @@ -153,7 +153,7 @@ typedef struct buffer2_info typedef struct buffer3_info { uint32 buf_max_len; - uint8 buffer[MAX_BUFFERLEN]; /* data */ + uint8 *buffer; /* Data */ uint32 buf_len; } BUFFER3; @@ -172,7 +172,7 @@ typedef struct unistr2_info uint32 undoc; uint32 uni_str_len; /* unicode characters. ***MUST*** be little-endian. **NOT** necessarily null-terminated */ - uint16 buffer[MAX_UNISTRLEN]; + uint16 *buffer; } UNISTR2; @@ -182,7 +182,7 @@ typedef struct string2_info uint32 str_max_len; uint32 undoc; uint32 str_str_len; - uint8 buffer[MAX_STRINGLEN]; /* uint8 characters. **NOT** necessarily null-terminated */ + uint8 *buffer; /* uint8 characters. **NOT** necessarily null-terminated */ } STRING2; diff --git a/source/include/talloc.h b/source/include/talloc.h index df68166a5e1..a0dc3d9795e 100644 --- a/source/include/talloc.h +++ b/source/include/talloc.h @@ -1,3 +1,5 @@ +#ifndef _TALLOC_H_ +#define _TALLOC_H_ /* Unix SMB/Netbios implementation. Version 3.0 @@ -30,3 +32,4 @@ typedef struct { struct talloc_chunk *list; } TALLOC_CTX; +#endif diff --git a/source/lib/cmd_interp.c b/source/lib/cmd_interp.c index a9a1ad0e6b6..a029d0bbd28 100644 --- a/source/lib/cmd_interp.c +++ b/source/lib/cmd_interp.c @@ -349,6 +349,7 @@ static uint32 do_command(struct client_info *info, char *line) } free_char_array(cmd_argc, cmd_argv); + parse_talloc_free(); /* Free up init_XXX memory. */ return status; } diff --git a/source/lib/msrpc-client.c b/source/lib/msrpc-client.c index 60924ed81c5..ee3ee0adcc7 100644 --- a/source/lib/msrpc-client.c +++ b/source/lib/msrpc-client.c @@ -36,7 +36,7 @@ BOOL receive_msrpc(int fd, prs_struct *data, unsigned int timeout) size_t len; RPC_HDR hdr; - prs_init(data, 0, 4, True); + prs_init(data, 0, 4, NULL, True); ok = prs_read(data, fd, 16, timeout); diff --git a/source/lib/talloc.c b/source/lib/talloc.c index 35d4ddd2110..31594d2a01e 100644 --- a/source/lib/talloc.c +++ b/source/lib/talloc.c @@ -81,7 +81,7 @@ void *talloc(TALLOC_CTX *t, size_t size) } /* destroy a whole pool */ -void talloc_destroy(TALLOC_CTX *t) +void talloc_destroy_pool(TALLOC_CTX *t) { struct talloc_chunk *c; @@ -92,5 +92,12 @@ void talloc_destroy(TALLOC_CTX *t) t->list = c; } + t->list = NULL; +} + +/* destroy a whole pool including the context */ +void talloc_destroy(TALLOC_CTX *t) +{ + talloc_destroy_pool(t); free(t); } diff --git a/source/libsmb/clientgen.c b/source/libsmb/clientgen.c index c6f24c5e801..8d9fcb61d6e 100644 --- a/source/libsmb/clientgen.c +++ b/source/libsmb/clientgen.c @@ -203,6 +203,12 @@ struct cli_state *cli_initialise(struct cli_state *cli) return False; } + if ((cli->mem_ctx = talloc_init()) == NULL) { + free(cli->outbuf); + free(cli->inbuf); + return False; + } + memset(cli->outbuf, '\0', cli->bufsize); memset(cli->inbuf, '\0', cli->bufsize); @@ -224,6 +230,10 @@ void cli_shutdown(struct cli_state *cli) { free(cli->inbuf); } + + if (cli->mem_ctx) + talloc_destroy(cli->mem_ctx); + #ifdef WITH_SSL if (cli->fd != -1) sslutil_disconnect(cli->fd); diff --git a/source/printing/nt_printing.c b/source/printing/nt_printing.c index 77f2ec47dae..0161ee05e83 100644 --- a/source/printing/nt_printing.c +++ b/source/printing/nt_printing.c @@ -1815,9 +1815,14 @@ uint32 nt_printing_setsec(char *printername, SEC_DESC_BUF *secdesc_ctr) SEC_DESC_BUF *new_secdesc_ctr = NULL; SEC_DESC_BUF *old_secdesc_ctr = NULL; prs_struct ps; + TALLOC_CTX *mem_ctx = NULL; fstring key; uint32 status; + mem_ctx = talloc_init(); + if (mem_ctx == NULL) + return False; + /* The old owner and group sids of the security descriptor are not present when new ACEs are added or removed by changing printer permissions through NT. If they are NULL in the new security @@ -1864,7 +1869,7 @@ uint32 nt_printing_setsec(char *printername, SEC_DESC_BUF *secdesc_ctr) /* Store the security descriptor in a tdb */ prs_init(&ps, (uint32)sec_desc_size(new_secdesc_ctr->sec) + - sizeof(SEC_DESC_BUF), 4, MARSHALL); + sizeof(SEC_DESC_BUF), 4, mem_ctx, MARSHALL); if (!sec_io_desc_buf("nt_printing_setsec", &new_secdesc_ctr, &ps, 1)) { @@ -1891,6 +1896,8 @@ uint32 nt_printing_setsec(char *printername, SEC_DESC_BUF *secdesc_ctr) } prs_mem_free(&ps); + if (mem_ctx) + talloc_destroy(mem_ctx); return status; } @@ -1967,20 +1974,28 @@ static SEC_DESC_BUF *construct_default_printer_sdb(void) BOOL nt_printing_getsec(char *printername, SEC_DESC_BUF **secdesc_ctr) { prs_struct ps; + TALLOC_CTX *mem_ctx = NULL; fstring key; + mem_ctx = talloc_init(); + if (mem_ctx == NULL) + return False; + /* Fetch security descriptor from tdb */ slprintf(key, sizeof(key), "SECDESC/%s", printername); - if (tdb_prs_fetch(tdb, key, &ps)!=0 || + if (tdb_prs_fetch(tdb, key, &ps, mem_ctx)!=0 || !sec_io_desc_buf("nt_printing_getsec", secdesc_ctr, &ps, 1)) { DEBUG(4,("using default secdesc for %s\n", printername)); - if (!(*secdesc_ctr = construct_default_printer_sdb())) + if (!(*secdesc_ctr = construct_default_printer_sdb())) { + talloc_destroy(mem_ctx); return False; + } + talloc_destroy(mem_ctx); return True; } @@ -2028,6 +2043,7 @@ BOOL nt_printing_getsec(char *printername, SEC_DESC_BUF **secdesc_ctr) } prs_mem_free(&ps); + talloc_destroy(mem_ctx); return True; } @@ -2123,3 +2139,4 @@ BOOL print_access_check(struct current_user *user, int snum, return result; } +#undef OLD_NTDOMAIN diff --git a/source/rpc_client/cli_lsarpc.c b/source/rpc_client/cli_lsarpc.c index 239d38c358f..a9b9eddfb83 100644 --- a/source/rpc_client/cli_lsarpc.c +++ b/source/rpc_client/cli_lsarpc.c @@ -50,8 +50,8 @@ BOOL do_lsa_open_policy(struct cli_state *cli, if (hnd == NULL) return False; - prs_init(&buf , MAX_PDU_FRAG_LEN, 4, MARSHALL); - prs_init(&rbuf, 0, 4, UNMARSHALL ); + prs_init(&buf , MAX_PDU_FRAG_LEN, 4, cli->mem_ctx, MARSHALL); + prs_init(&rbuf, 0, 4, cli->mem_ctx, UNMARSHALL ); /* create and send a MSRPC command with api LSA_OPENPOLICY */ @@ -125,8 +125,8 @@ BOOL do_lsa_lookup_sids(struct cli_state *cli, if (hnd == NULL || num_sids == 0 || sids == NULL) return False; - prs_init(&buf , MAX_PDU_FRAG_LEN, 4, MARSHALL); - prs_init(&rbuf, 0, 4, UNMARSHALL ); + prs_init(&buf , MAX_PDU_FRAG_LEN, 4, cli->mem_ctx, MARSHALL); + prs_init(&rbuf, 0, 4, cli->mem_ctx, UNMARSHALL ); /* create and send a MSRPC command with api LSA_LOOKUP_SIDS */ @@ -229,8 +229,8 @@ BOOL do_lsa_query_info_pol(struct cli_state *cli, if (hnd == NULL || domain_name == NULL || domain_sid == NULL) return False; - prs_init(&buf , MAX_PDU_FRAG_LEN, 4, MARSHALL); - prs_init(&rbuf, 0, 4, UNMARSHALL ); + prs_init(&buf , MAX_PDU_FRAG_LEN, 4, cli->mem_ctx, MARSHALL); + prs_init(&rbuf, 0, 4, cli->mem_ctx, UNMARSHALL ); /* create and send a MSRPC command with api LSA_QUERYINFOPOLICY */ @@ -329,8 +329,8 @@ BOOL do_lsa_close(struct cli_state *cli, POLICY_HND *hnd) /* create and send a MSRPC command with api LSA_OPENPOLICY */ - prs_init(&buf , MAX_PDU_FRAG_LEN, 4, MARSHALL); - prs_init(&rbuf, 0, 4, UNMARSHALL ); + prs_init(&buf , MAX_PDU_FRAG_LEN, 4, cli->mem_ctx, MARSHALL); + prs_init(&rbuf, 0, 4, cli->mem_ctx, UNMARSHALL ); DEBUG(4,("LSA Close\n")); diff --git a/source/rpc_client/cli_netlogon.c b/source/rpc_client/cli_netlogon.c index 6437685ed82..63461c5023e 100644 --- a/source/rpc_client/cli_netlogon.c +++ b/source/rpc_client/cli_netlogon.c @@ -64,8 +64,8 @@ BOOL cli_net_logon_ctrl2(struct cli_state *cli, uint32 status_level) NET_Q_LOGON_CTRL2 q_l; BOOL ok = False; - prs_init(&buf , 1024, 4, False); - prs_init(&rbuf, 0, 4, True ); + prs_init(&buf , 1024, 4, cli->mem_ctx, False); + prs_init(&rbuf, 0, 4, cli->mem_ctx, True ); /* create and send a MSRPC command with api NET_LOGON_CTRL2 */ @@ -125,8 +125,8 @@ BOOL cli_net_auth2(struct cli_state *cli, uint16 sec_chan, NET_Q_AUTH_2 q_a; BOOL ok = False; - prs_init(&buf , 1024, 4, False); - prs_init(&rbuf, 0, 4, True ); + prs_init(&buf , 1024, 4, cli->mem_ctx, False); + prs_init(&rbuf, 0, 4, cli->mem_ctx, True ); /* create and send a MSRPC command with api NET_AUTH2 */ @@ -215,8 +215,8 @@ BOOL cli_net_req_chal(struct cli_state *cli, DOM_CHAL *clnt_chal, DOM_CHAL *srv_ NET_Q_REQ_CHAL q_c; BOOL valid_chal = False; - prs_init(&buf , 1024, 4, False); - prs_init(&rbuf, 0, 4, True ); + prs_init(&buf , 1024, 4, cli->mem_ctx, False); + prs_init(&rbuf, 0, 4, cli->mem_ctx, True ); /* create and send a MSRPC command with api NET_REQCHAL */ @@ -279,8 +279,8 @@ BOOL cli_net_srv_pwset(struct cli_state *cli, uint8 hashed_mach_pwd[16]) gen_next_creds( cli, &new_clnt_cred); - prs_init(&buf , 1024, 4, False); - prs_init(&rbuf, 0, 4, True ); + prs_init(&buf , 1024, 4, cli->mem_ctx, False); + prs_init(&rbuf, 0, 4, cli->mem_ctx, True ); /* create and send a MSRPC command with api NET_SRV_PWSET */ @@ -350,8 +350,8 @@ BOOL cli_net_sam_logon(struct cli_state *cli, NET_ID_INFO_CTR *ctr, gen_next_creds( cli, &new_clnt_cred); - prs_init(&buf , 1024, 4, False); - prs_init(&rbuf, 0, 4, True ); + prs_init(&buf , 1024, 4, cli->mem_ctx, False); + prs_init(&rbuf, 0, 4, cli->mem_ctx, True ); /* create and send a MSRPC command with api NET_SAMLOGON */ @@ -439,8 +439,8 @@ BOOL cli_net_sam_logoff(struct cli_state *cli, NET_ID_INFO_CTR *ctr) gen_next_creds( cli, &new_clnt_cred); - prs_init(&buf , 1024, 4, False); - prs_init(&rbuf, 0, 4, True ); + prs_init(&buf , 1024, 4, cli->mem_ctx, False); + prs_init(&rbuf, 0, 4, cli->mem_ctx, True ); /* create and send a MSRPC command with api NET_SAMLOGOFF */ diff --git a/source/rpc_client/cli_pipe.c b/source/rpc_client/cli_pipe.c index ade31dbb5be..8136b7894c6 100644 --- a/source/rpc_client/cli_pipe.c +++ b/source/rpc_client/cli_pipe.c @@ -223,7 +223,7 @@ static BOOL rpc_auth_pipe(struct cli_state *cli, prs_struct *rdata, int len, int memcpy(data, dp, sizeof(data)); - prs_init(&auth_req , 0, 4, UNMARSHALL); + prs_init(&auth_req , 0, 4, cli->mem_ctx, UNMARSHALL); prs_give_memory(&auth_req, data, RPC_HDR_AUTH_LEN, False); /* @@ -267,7 +267,7 @@ static BOOL rpc_auth_pipe(struct cli_state *cli, prs_struct *rdata, int len, int memcpy(data, dp, RPC_AUTH_NTLMSSP_CHK_LEN); dump_data(100, data, auth_len); - prs_init(&auth_verf, 0, 4, UNMARSHALL); + prs_init(&auth_verf, 0, 4, cli->mem_ctx, UNMARSHALL); prs_give_memory(&auth_verf, data, RPC_AUTH_NTLMSSP_CHK_LEN, False); if(!smb_io_rpc_auth_ntlmssp_chk("auth_sign", &chk, &auth_verf, 0)) { @@ -446,7 +446,7 @@ static BOOL rpc_api_pipe(struct cli_state *cli, uint16 cmd, prs_struct *data, pr * First read the header of the next PDU. */ - prs_init(&hps, 0, 4, UNMARSHALL); + prs_init(&hps, 0, 4, cli->mem_ctx, UNMARSHALL); prs_give_memory(&hps, hdr_data, sizeof(hdr_data), False); num_read = cli_read(cli, cli->nt_pipe_fnum, hdr_data, 0, RPC_HEADER_LEN+RPC_HDR_RESP_LEN); @@ -522,7 +522,7 @@ static BOOL create_rpc_bind_req(prs_struct *rpc_out, BOOL do_auth, uint32 rpc_ca prs_struct auth_info; int auth_len = 0; - prs_init(&auth_info, 0, 4, MARSHALL); + prs_init(&auth_info, 0, 4, prs_get_mem_context(rpc_out), MARSHALL); if (do_auth) { RPC_HDR_AUTH hdr_auth; @@ -626,7 +626,7 @@ static BOOL create_rpc_bind_resp(struct pwd_info *pwd, * Marshall the variable length data into a temporary parse * struct, pointing into a 4k local buffer. */ - prs_init(&auth_info, 0, 4, MARSHALL); + prs_init(&auth_info, 0, 4, prs_get_mem_context(rpc_out), MARSHALL); /* * Use the 4k buffer to store the auth info. @@ -784,7 +784,7 @@ BOOL rpc_api_pipe_req(struct cli_state *cli, uint8 op_num, * Malloc a parse struct to hold it (and enough for alignments). */ - if(!prs_init(&outgoing_packet, data_len + 8, 4, MARSHALL)) { + if(!prs_init(&outgoing_packet, data_len + 8, 4, cli->mem_ctx, MARSHALL)) { DEBUG(0,("rpc_api_pipe_req: Failed to malloc %u bytes.\n", (unsigned int)data_len )); return False; } @@ -1022,7 +1022,7 @@ static BOOL rpc_send_auth_reply(struct cli_state *cli, prs_struct *rdata, uint32 pwd_make_lm_nt_owf(&cli->pwd, rhdr_chal.challenge); - prs_init(&rpc_out, 0, 4, MARSHALL); + prs_init(&rpc_out, 0, 4, cli->mem_ctx, MARSHALL); prs_give_memory( &rpc_out, buffer, sizeof(buffer), False); @@ -1094,7 +1094,7 @@ BOOL rpc_pipe_bind(struct cli_state *cli, char *pipe_name, char *my_name) if (!valid_pipe_name(pipe_name, &abstract, &transfer)) return False; - prs_init(&rpc_out, 0, 4, MARSHALL); + prs_init(&rpc_out, 0, 4, cli->mem_ctx, MARSHALL); /* * Use the MAX_PDU_FRAG_LEN buffer to store the bind request. @@ -1110,7 +1110,7 @@ BOOL rpc_pipe_bind(struct cli_state *cli, char *pipe_name, char *my_name) global_myname, cli->domain, cli->ntlmssp_cli_flgs); /* Initialize the incoming data struct. */ - prs_init(&rdata, 0, 4, UNMARSHALL); + prs_init(&rdata, 0, 4, cli->mem_ctx, UNMARSHALL); /* send data on \PIPE\. receive a response */ if (rpc_api_pipe(cli, 0x0026, &rpc_out, &rdata)) { diff --git a/source/rpc_client/cli_reg.c b/source/rpc_client/cli_reg.c index d8b6931b424..13a9b265155 100644 --- a/source/rpc_client/cli_reg.c +++ b/source/rpc_client/cli_reg.c @@ -86,8 +86,8 @@ BOOL do_reg_open_hklm(struct cli_state *cli, uint16 unknown_0, uint32 level, if (hnd == NULL) return False; - prs_init(&buf , MAX_PDU_FRAG_LEN, 4, MARSHALL); - prs_init(&rbuf, 0, 4, UNMARSHALL); + prs_init(&buf , MAX_PDU_FRAG_LEN, 4, cli->mem_ctx, MARSHALL); + prs_init(&rbuf, 0, 4, cli->mem_ctx, UNMARSHALL); /* create and send a MSRPC command with api REG_OPEN_HKLM */ @@ -147,8 +147,8 @@ BOOL do_reg_open_hku(struct cli_state *cli, uint16 unknown_0, uint32 level, if (hnd == NULL) return False; - prs_init(&buf , MAX_PDU_FRAG_LEN, 4, MARSHALL); - prs_init(&rbuf, 0, 4, UNMARSHALL); + prs_init(&buf , MAX_PDU_FRAG_LEN, 4, cli->mem_ctx, MARSHALL); + prs_init(&rbuf, 0, 4, cli->mem_ctx, UNMARSHALL); /* create and send a MSRPC command with api REG_OPEN_HKU */ @@ -209,8 +209,8 @@ BOOL do_reg_flush_key(struct cli_state *cli, POLICY_HND *hnd) if (hnd == NULL) return False; - prs_init(&buf , MAX_PDU_FRAG_LEN, 4, MARSHALL); - prs_init(&rbuf, 0, 4, UNMARSHALL); + prs_init(&buf , MAX_PDU_FRAG_LEN, 4, cli->mem_ctx, MARSHALL); + prs_init(&rbuf, 0, 4, cli->mem_ctx, UNMARSHALL); /* create and send a MSRPC command with api REG_FLUSH_KEY */ @@ -271,8 +271,8 @@ BOOL do_reg_query_key(struct cli_state *cli, POLICY_HND *hnd, if (hnd == NULL) return False; - prs_init(&buf , MAX_PDU_FRAG_LEN, 4, MARSHALL); - prs_init(&rbuf, 0, 4, UNMARSHALL); + prs_init(&buf , MAX_PDU_FRAG_LEN, 4, cli->mem_ctx, MARSHALL); + prs_init(&rbuf, 0, 4, cli->mem_ctx, UNMARSHALL); /* create and send a MSRPC command with api REG_QUERY_KEY */ @@ -339,8 +339,8 @@ BOOL do_reg_unknown_1a(struct cli_state *cli, POLICY_HND *hnd, uint32 *unk) if (hnd == NULL) return False; - prs_init(&buf , MAX_PDU_FRAG_LEN, 4, MARSHALL); - prs_init(&rbuf, 0, 4, UNMARSHALL); + prs_init(&buf , MAX_PDU_FRAG_LEN, 4, cli->mem_ctx, MARSHALL); + prs_init(&rbuf, 0, 4, cli->mem_ctx, UNMARSHALL); /* create and send a MSRPC command with api REG_UNKNOWN_1A */ @@ -399,8 +399,8 @@ BOOL do_reg_query_info(struct cli_state *cli, POLICY_HND *hnd, if (hnd == NULL) return False; - prs_init(&buf , MAX_PDU_FRAG_LEN, 4, MARSHALL); - prs_init(&rbuf, 0, 4, UNMARSHALL); + prs_init(&buf , MAX_PDU_FRAG_LEN, 4, cli->mem_ctx, MARSHALL); + prs_init(&rbuf, 0, 4, cli->mem_ctx, UNMARSHALL); /* create and send a MSRPC command with api REG_INFO */ @@ -459,8 +459,8 @@ BOOL do_reg_set_key_sec(struct cli_state *cli, POLICY_HND *hnd, SEC_DESC_BUF *se if (hnd == NULL) return False; - prs_init(&buf , MAX_PDU_FRAG_LEN, 4, MARSHALL); - prs_init(&rbuf, 0, 4, UNMARSHALL); + prs_init(&buf , MAX_PDU_FRAG_LEN, 4, cli->mem_ctx, MARSHALL); + prs_init(&rbuf, 0, 4, cli->mem_ctx, UNMARSHALL); /* create and send a MSRPC command with api REG_SET_KEY_SEC */ @@ -515,8 +515,8 @@ BOOL do_reg_get_key_sec(struct cli_state *cli, POLICY_HND *hnd, uint32 *sec_buf_ if (hnd == NULL) return False; - prs_init(&buf , MAX_PDU_FRAG_LEN, 4, MARSHALL); - prs_init(&rbuf, 0, 4, UNMARSHALL); + prs_init(&buf , MAX_PDU_FRAG_LEN, 4, cli->mem_ctx, MARSHALL); + prs_init(&rbuf, 0, 4, cli->mem_ctx, UNMARSHALL); /* create and send a MSRPC command with api REG_GET_KEY_SEC */ @@ -581,8 +581,8 @@ BOOL do_reg_delete_val(struct cli_state *cli, POLICY_HND *hnd, char *val_name) if (hnd == NULL) return False; - prs_init(&buf , MAX_PDU_FRAG_LEN, 4, MARSHALL); - prs_init(&rbuf, 0, 4, UNMARSHALL); + prs_init(&buf , MAX_PDU_FRAG_LEN, 4, cli->mem_ctx, MARSHALL); + prs_init(&rbuf, 0, 4, cli->mem_ctx, UNMARSHALL); /* create and send a MSRPC command with api REG_DELETE_VALUE */ @@ -638,8 +638,8 @@ BOOL do_reg_delete_key(struct cli_state *cli, POLICY_HND *hnd, char *key_name) if (hnd == NULL) return False; - prs_init(&buf , MAX_PDU_FRAG_LEN, 4, MARSHALL); - prs_init(&rbuf, 0, 4, UNMARSHALL); + prs_init(&buf , MAX_PDU_FRAG_LEN, 4, cli->mem_ctx, MARSHALL); + prs_init(&rbuf, 0, 4, cli->mem_ctx, UNMARSHALL); /* create and send a MSRPC command with api REG_DELETE_KEY */ @@ -722,8 +722,8 @@ BOOL do_reg_create_key(struct cli_state *cli, POLICY_HND *hnd, } free_sec_desc(&sec); - prs_init(&buf, MAX_PDU_FRAG_LEN, 4, MARSHALL); - prs_init(&rbuf, 0, 4, UNMARSHALL); + prs_init(&buf, MAX_PDU_FRAG_LEN, 4, cli->mem_ctx, MARSHALL); + prs_init(&rbuf, 0, 4, cli->mem_ctx, UNMARSHALL); init_reg_q_create_key(&q_o, hnd, key_name, key_class, sam_access, sec_buf); @@ -783,8 +783,8 @@ BOOL do_reg_enum_key(struct cli_state *cli, POLICY_HND *hnd, if (hnd == NULL) return False; - prs_init(&buf, MAX_PDU_FRAG_LEN, 4, MARSHALL); - prs_init(&rbuf, 0, 4, UNMARSHALL); + prs_init(&buf, MAX_PDU_FRAG_LEN, 4, cli->mem_ctx, MARSHALL); + prs_init(&rbuf, 0, 4, cli->mem_ctx, UNMARSHALL); /* create and send a MSRPC command with api REG_ENUM_KEY */ @@ -846,8 +846,8 @@ BOOL do_reg_create_val(struct cli_state *cli, POLICY_HND *hnd, if (hnd == NULL) return False; - prs_init(&buf, MAX_PDU_FRAG_LEN, 4, MARSHALL); - prs_init(&rbuf, 0, 4, UNMARSHALL); + prs_init(&buf, MAX_PDU_FRAG_LEN, 4, cli->mem_ctx, MARSHALL); + prs_init(&rbuf, 0, 4, cli->mem_ctx, UNMARSHALL); /* create and send a MSRPC command with api REG_CREATE_VALUE */ @@ -906,8 +906,8 @@ BOOL do_reg_enum_val(struct cli_state *cli, POLICY_HND *hnd, if (hnd == NULL) return False; - prs_init(&buf, MAX_PDU_FRAG_LEN, 4, MARSHALL); - prs_init(&rbuf, 0, 4, UNMARSHALL); + prs_init(&buf, MAX_PDU_FRAG_LEN, 4, cli->mem_ctx, MARSHALL); + prs_init(&rbuf, 0, 4, cli->mem_ctx, UNMARSHALL); /* create and send a MSRPC command with api REG_ENUM_VALUE */ @@ -969,8 +969,8 @@ BOOL do_reg_open_entry(struct cli_state *cli, POLICY_HND *hnd, if (hnd == NULL) return False; - prs_init(&buf, MAX_PDU_FRAG_LEN, 4, MARSHALL); - prs_init(&rbuf, 0, 4, UNMARSHALL); + prs_init(&buf, MAX_PDU_FRAG_LEN, 4, cli->mem_ctx, MARSHALL); + prs_init(&rbuf, 0, 4, cli->mem_ctx, UNMARSHALL); /* create and send a MSRPC command with api REG_OPEN_ENTRY */ @@ -1031,8 +1031,8 @@ BOOL do_reg_close(struct cli_state *cli, POLICY_HND *hnd) /* create and send a MSRPC command with api REG_CLOSE */ - prs_init(&buf, MAX_PDU_FRAG_LEN, 4, MARSHALL); - prs_init(&rbuf, 0, 4, UNMARSHALL); + prs_init(&buf, MAX_PDU_FRAG_LEN, 4, cli->mem_ctx, MARSHALL); + prs_init(&rbuf, 0, 4, cli->mem_ctx, UNMARSHALL); DEBUG(4,("REG Close\n")); diff --git a/source/rpc_client/cli_samr.c b/source/rpc_client/cli_samr.c index 18c1decefde..521c42ce2cc 100644 --- a/source/rpc_client/cli_samr.c +++ b/source/rpc_client/cli_samr.c @@ -113,8 +113,8 @@ BOOL do_samr_chgpasswd_user(struct cli_state *cli, /* create and send a MSRPC command with api SAMR_CHGPASSWD_USER */ - prs_init(&data , MAX_PDU_FRAG_LEN, 4, MARSHALL); - prs_init(&rdata, 0, 4, UNMARSHALL); + prs_init(&data , MAX_PDU_FRAG_LEN, 4, cli->mem_ctx, MARSHALL); + prs_init(&rdata, 0, 4, cli->mem_ctx, UNMARSHALL); DEBUG(4,("SAMR Change User Password. server:%s username:%s\n", srv_name, user_name)); @@ -169,8 +169,8 @@ BOOL do_samr_unknown_38(struct cli_state *cli, char *srv_name) /* create and send a MSRPC command with api SAMR_ENUM_DOM_USERS */ - prs_init(&data , MAX_PDU_FRAG_LEN, 4, MARSHALL); - prs_init(&rdata, 0, 4, UNMARSHALL); + prs_init(&data , MAX_PDU_FRAG_LEN, 4, cli->mem_ctx, MARSHALL); + prs_init(&rdata, 0, 4, cli->mem_ctx, UNMARSHALL); DEBUG(4,("SAMR Unknown 38 server:%s\n", srv_name)); @@ -225,8 +225,8 @@ BOOL do_samr_query_dom_info(struct cli_state *cli, /* create and send a MSRPC command with api SAMR_ENUM_DOM_USERS */ - prs_init(&data , MAX_PDU_FRAG_LEN, 4, MARSHALL); - prs_init(&rdata, 0, 4, UNMARSHALL); + prs_init(&data , MAX_PDU_FRAG_LEN, 4, cli->mem_ctx, MARSHALL); + prs_init(&rdata, 0, 4, cli->mem_ctx, UNMARSHALL); DEBUG(4,("SAMR Unknown 8 switch:%d\n", switch_value)); @@ -287,8 +287,8 @@ BOOL do_samr_enum_dom_users(struct cli_state *cli, /* create and send a MSRPC command with api SAMR_ENUM_DOM_USERS */ - prs_init(&data , MAX_PDU_FRAG_LEN, 4, MARSHALL); - prs_init(&rdata, 0, 4, UNMARSHALL); + prs_init(&data , MAX_PDU_FRAG_LEN, 4, cli->mem_ctx, MARSHALL); + prs_init(&rdata, 0, 4, cli->mem_ctx, UNMARSHALL); DEBUG(4,("SAMR Enum SAM DB max size:%x\n", size)); @@ -374,8 +374,8 @@ BOOL do_samr_connect(struct cli_state *cli, /* create and send a MSRPC command with api SAMR_CONNECT */ - prs_init(&data , MAX_PDU_FRAG_LEN, 4, MARSHALL); - prs_init(&rdata, 0, 4, UNMARSHALL); + prs_init(&data , MAX_PDU_FRAG_LEN, 4, cli->mem_ctx, MARSHALL); + prs_init(&rdata, 0, 4, cli->mem_ctx, UNMARSHALL); DEBUG(4,("SAMR Open Policy server:%s undoc value:%x\n", srv_name, unknown_0)); @@ -435,8 +435,8 @@ BOOL do_samr_open_user(struct cli_state *cli, /* create and send a MSRPC command with api SAMR_OPEN_USER */ - prs_init(&data , MAX_PDU_FRAG_LEN, 4, MARSHALL); - prs_init(&rdata, 0, 4, UNMARSHALL); + prs_init(&data , MAX_PDU_FRAG_LEN, 4, cli->mem_ctx, MARSHALL); + prs_init(&rdata, 0, 4, cli->mem_ctx, UNMARSHALL); DEBUG(4,("SAMR Open User. unk_0: %08x RID:%x\n", unk_0, rid)); @@ -497,8 +497,8 @@ BOOL do_samr_open_domain(struct cli_state *cli, /* create and send a MSRPC command with api SAMR_OPEN_DOMAIN */ - prs_init(&data , MAX_PDU_FRAG_LEN, 4, MARSHALL); - prs_init(&rdata, 0, 4, UNMARSHALL); + prs_init(&data , MAX_PDU_FRAG_LEN, 4, cli->mem_ctx, MARSHALL); + prs_init(&rdata, 0, 4, cli->mem_ctx, UNMARSHALL); sid_to_string(sid_str, sid); DEBUG(4,("SAMR Open Domain. SID:%s RID:%x\n", sid_str, rid)); @@ -561,8 +561,8 @@ BOOL do_samr_query_unknown_12(struct cli_state *cli, /* create and send a MSRPC command with api SAMR_UNKNOWN_12 */ - prs_init(&data , MAX_PDU_FRAG_LEN, 4, MARSHALL); - prs_init(&rdata, 0, 4, UNMARSHALL); + prs_init(&data , MAX_PDU_FRAG_LEN, 4, cli->mem_ctx, MARSHALL); + prs_init(&rdata, 0, 4, cli->mem_ctx, UNMARSHALL); DEBUG(4,("SAMR Query Unknown 12.\n")); @@ -638,8 +638,8 @@ BOOL do_samr_query_usergroups(struct cli_state *cli, /* create and send a MSRPC command with api SAMR_QUERY_USERGROUPS */ - prs_init(&data , MAX_PDU_FRAG_LEN, 4, MARSHALL); - prs_init(&rdata, 0, 4, UNMARSHALL); + prs_init(&data , MAX_PDU_FRAG_LEN, 4, cli->mem_ctx, MARSHALL); + prs_init(&rdata, 0, 4, cli->mem_ctx, UNMARSHALL); DEBUG(4,("SAMR Query User Groups.\n")); @@ -700,8 +700,8 @@ BOOL do_samr_query_userinfo(struct cli_state *cli, /* create and send a MSRPC command with api SAMR_QUERY_USERINFO */ - prs_init(&data , MAX_PDU_FRAG_LEN, 4, MARSHALL); - prs_init(&rdata, 0, 4, UNMARSHALL); + prs_init(&data , MAX_PDU_FRAG_LEN, 4, cli->mem_ctx, MARSHALL); + prs_init(&rdata, 0, 4, cli->mem_ctx, UNMARSHALL); DEBUG(4,("SAMR Query User Info. level: %d\n", switch_value)); @@ -770,8 +770,8 @@ BOOL do_samr_close(struct cli_state *cli, POLICY_HND *hnd) if (hnd == NULL) return False; - prs_init(&data , MAX_PDU_FRAG_LEN, 4, MARSHALL); - prs_init(&rdata, 0, 4, UNMARSHALL); + prs_init(&data , MAX_PDU_FRAG_LEN, 4, cli->mem_ctx, MARSHALL); + prs_init(&rdata, 0, 4, cli->mem_ctx, UNMARSHALL); /* create and send a MSRPC command with api SAMR_CLOSE_HND */ diff --git a/source/rpc_client/cli_srvsvc.c b/source/rpc_client/cli_srvsvc.c index b883cc19425..b6dc0aff4a3 100644 --- a/source/rpc_client/cli_srvsvc.c +++ b/source/rpc_client/cli_srvsvc.c @@ -49,8 +49,8 @@ BOOL do_srv_net_srv_conn_enum(struct cli_state *cli, if (server_name == NULL || ctr == NULL || preferred_len == 0) return False; - prs_init(&data , MAX_PDU_FRAG_LEN, 4, MARSHALL); - prs_init(&rdata, 0, 4, UNMARSHALL); + prs_init(&data , MAX_PDU_FRAG_LEN, 4, cli->mem_ctx, MARSHALL); + prs_init(&rdata, 0, 4, cli->mem_ctx, UNMARSHALL); /* create and send a MSRPC command with api SRV_NETCONNENUM */ @@ -129,8 +129,8 @@ BOOL do_srv_net_srv_sess_enum(struct cli_state *cli, if (server_name == NULL || ctr == NULL || preferred_len == 0) return False; - prs_init(&data , MAX_PDU_FRAG_LEN, 4, MARSHALL); - prs_init(&rdata, 0, 4, UNMARSHALL); + prs_init(&data , MAX_PDU_FRAG_LEN, 4, cli->mem_ctx, MARSHALL); + prs_init(&rdata, 0, 4, cli->mem_ctx, UNMARSHALL); /* create and send a MSRPC command with api SRV_NETSESSENUM */ @@ -206,8 +206,8 @@ BOOL do_srv_net_srv_share_enum(struct cli_state *cli, if (server_name == NULL || preferred_len == 0) return False; - prs_init(&data , MAX_PDU_FRAG_LEN, 4, MARSHALL); - prs_init(&rdata, 0, 4, UNMARSHALL); + prs_init(&data , MAX_PDU_FRAG_LEN, 4, cli->mem_ctx, MARSHALL); + prs_init(&rdata, 0, 4, cli->mem_ctx, UNMARSHALL); /* create and send a MSRPC command with api SRV_NETSHAREENUM */ @@ -279,8 +279,8 @@ BOOL do_srv_net_srv_file_enum(struct cli_state *cli, if (server_name == NULL || ctr == NULL || preferred_len == 0) return False; - prs_init(&data , MAX_PDU_FRAG_LEN, 4, MARSHALL); - prs_init(&rdata, 0, 4, UNMARSHALL); + prs_init(&data , MAX_PDU_FRAG_LEN, 4, cli->mem_ctx, MARSHALL); + prs_init(&rdata, 0, 4, cli->mem_ctx, UNMARSHALL); /* create and send a MSRPC command with api SRV_NETFILEENUM */ @@ -357,8 +357,8 @@ BOOL do_srv_net_srv_get_info(struct cli_state *cli, if (server_name == NULL || switch_value == 0 || ctr == NULL) return False; - prs_init(&data , MAX_PDU_FRAG_LEN, 4, MARSHALL); - prs_init(&rdata, 0, 4, UNMARSHALL); + prs_init(&data , MAX_PDU_FRAG_LEN, 4, cli->mem_ctx, MARSHALL); + prs_init(&rdata, 0, 4, cli->mem_ctx, UNMARSHALL); /* create and send a MSRPC command with api SRV_NET_SRV_GET_INFO */ diff --git a/source/rpc_client/cli_wkssvc.c b/source/rpc_client/cli_wkssvc.c index ae0d5d8231a..16968b39e44 100644 --- a/source/rpc_client/cli_wkssvc.c +++ b/source/rpc_client/cli_wkssvc.c @@ -47,8 +47,8 @@ BOOL do_wks_query_info(struct cli_state *cli, if (server_name == 0 || wks100 == NULL) return False; - prs_init(&buf , MAX_PDU_FRAG_LEN, 4, MARSHALL); - prs_init(&rbuf, 0, 4, UNMARSHALL ); + prs_init(&buf , MAX_PDU_FRAG_LEN, 4, cli->mem_ctx, MARSHALL); + prs_init(&rbuf, 0, 4, cli->mem_ctx, UNMARSHALL ); /* create and send a MSRPC command with api WKS_QUERY_INFO */ diff --git a/source/rpc_parse/parse_creds.c b/source/rpc_parse/parse_creds.c index 9ffc5d7a693..c34a7f5ac33 100644 --- a/source/rpc_parse/parse_creds.c +++ b/source/rpc_parse/parse_creds.c @@ -597,7 +597,7 @@ BOOL create_ntuser_creds( prs_struct *ps, usr.ptr_ntc = 0; } - prs_init(ps, 1024, 4, False); + prs_init(ps, 1024, 4, NULL, False); ps->data_offset = 4; return creds_io_cmd("creds", &cmd, ps, 0); @@ -623,7 +623,7 @@ BOOL create_user_creds( prs_struct *ps, cmd.ptr_creds = usr != NULL ? 1 : 0; cmd.cred = usr; - prs_init(ps, 1024, 4, False); + prs_init(ps, 1024, 4, NULL, False); ps->data_offset = 4; return creds_io_cmd("creds", &cmd, ps, 0); diff --git a/source/rpc_parse/parse_misc.c b/source/rpc_parse/parse_misc.c index fe2778a356a..2a642e1cec1 100644 --- a/source/rpc_parse/parse_misc.c +++ b/source/rpc_parse/parse_misc.c @@ -26,6 +26,20 @@ extern int DEBUGLEVEL; +static TALLOC_CTX *parse_misc_talloc = NULL; + +/******************************************************************* a +free up temporary memory - called from the main loop +********************************************************************/ + +void parse_talloc_free(void) +{ + if (!parse_misc_talloc) + return; + talloc_destroy(parse_misc_talloc); + parse_misc_talloc = NULL; +} + /******************************************************************* Reads or writes a UTIME type. ********************************************************************/ @@ -296,12 +310,6 @@ BOOL smb_io_strhdr(char *desc, STRHDR *hdr, prs_struct *ps, int depth) if(!prs_uint32("buffer ", ps, depth, &hdr->buffer)) return False; - /* oops! XXXX maybe issue a warning that this is happening... */ - if (hdr->str_max_len > MAX_STRINGLEN) - hdr->str_max_len = MAX_STRINGLEN; - if (hdr->str_str_len > MAX_STRINGLEN) - hdr->str_str_len = MAX_STRINGLEN; - return True; } @@ -338,12 +346,6 @@ BOOL smb_io_unihdr(char *desc, UNIHDR *hdr, prs_struct *ps, int depth) if(!prs_uint32("buffer ", ps, depth, &hdr->buffer)) return False; - /* oops! XXXX maybe issue a warning that this is happening... */ - if (hdr->uni_max_len > MAX_UNISTRLEN) - hdr->uni_max_len = MAX_UNISTRLEN; - if (hdr->uni_str_len > MAX_UNISTRLEN) - hdr->uni_str_len = MAX_UNISTRLEN; - return True; } @@ -429,12 +431,6 @@ BOOL smb_io_hdrbuf(char *desc, BUFHDR *hdr, prs_struct *ps, int depth) if(!prs_uint32("buf_len ", ps, depth, &hdr->buf_len)) return False; - /* oops! XXXX maybe issue a warning that this is happening... */ - if (hdr->buf_max_len > MAX_BUFFERLEN) - hdr->buf_max_len = MAX_BUFFERLEN; - if (hdr->buf_len > MAX_BUFFERLEN) - hdr->buf_len = MAX_BUFFERLEN; - return True; } @@ -477,8 +473,21 @@ BOOL smb_io_unihdr2(char *desc, UNIHDR2 *hdr2, prs_struct *ps, int depth) void init_unistr(UNISTR *str, const char *buf) { + size_t len = strlen(buf) + 1; + + if (!parse_misc_talloc) + parse_misc_talloc = talloc_init(); + + if (len < MAX_UNISTRLEN) + len = MAX_UNISTRLEN; + len *= sizeof(uint16); + + str->buffer = (uint16 *)talloc(parse_misc_talloc, len); + if (str->buffer == NULL) + smb_panic("init_unistr2: malloc fail\n"); + /* store the string (null-terminated copy) */ - dos_struni2((char *)str->buffer, buf, sizeof(str->buffer)); + dos_struni2((char *)str->buffer, buf, len); } /******************************************************************* @@ -503,6 +512,24 @@ BOOL smb_io_unistr(char *desc, UNISTR *uni, prs_struct *ps, int depth) } /******************************************************************* + Allocate the BUFFER3 memory. +********************************************************************/ + +static void create_buffer3(BUFFER3 *str, size_t len) +{ + if (!parse_misc_talloc) + parse_misc_talloc = talloc_init(); + + if (len < MAX_BUFFERLEN) + len = MAX_BUFFERLEN; + + str->buffer = talloc(parse_misc_talloc, len); + if (str->buffer == NULL) + smb_panic("create_buffer3: malloc fail\n"); + +} + +/******************************************************************* Inits a BUFFER3 structure from a uint32 ********************************************************************/ @@ -514,6 +541,7 @@ void init_buffer3_uint32(BUFFER3 *str, uint32 val) str->buf_max_len = sizeof(uint32); str->buf_len = sizeof(uint32); + create_buffer3(str, sizeof(uint32)); SIVAL(str->buffer, 0, val); } @@ -529,8 +557,10 @@ void init_buffer3_str(BUFFER3 *str, char *buf, int len) str->buf_max_len = len * 2; str->buf_len = len * 2; + create_buffer3(str, str->buf_max_len); + /* store the string (null-terminated 8 bit chars into 16 bit chars) */ - dos_struni2((char *)str->buffer, buf, sizeof(str->buffer)); + dos_struni2((char *)str->buffer, buf, str->buf_max_len); } /******************************************************************* @@ -540,6 +570,7 @@ void init_buffer3_str(BUFFER3 *str, char *buf, int len) void init_buffer3_hex(BUFFER3 *str, char *buf) { ZERO_STRUCTP(str); + create_buffer3(str, strlen(buf)); str->buf_max_len = str->buf_len = strhex_to_str((char *)str->buffer, sizeof(str->buffer), buf); } @@ -553,8 +584,10 @@ void init_buffer3_bytes(BUFFER3 *str, uint8 *buf, int len) /* max buffer size (allocated size) */ str->buf_max_len = len; - if (buf != NULL) - memcpy(str->buffer, buf, MIN(str->buf_len, sizeof(str->buffer))); + if (buf != NULL) { + create_buffer3(str, len); + memcpy(str->buffer, buf, len); + } str->buf_len = buf != NULL ? len : 0; } @@ -578,16 +611,17 @@ BOOL smb_io_buffer3(char *desc, BUFFER3 *buf3, prs_struct *ps, int depth) if(!prs_uint32("uni_max_len", ps, depth, &buf3->buf_max_len)) return False; - if (buf3->buf_max_len > MAX_UNISTRLEN) - buf3->buf_max_len = MAX_UNISTRLEN; + if (UNMARSHALLING(ps)) { + buf3->buffer = prs_alloc_mem(ps, buf3->buf_max_len); + if (buf3->buffer == NULL) + return False; + } if(!prs_uint8s(True, "buffer ", ps, depth, buf3->buffer, buf3->buf_max_len)) return False; if(!prs_uint32("buf_len ", ps, depth, &buf3->buf_len)) return False; - if (buf3->buf_len > MAX_UNISTRLEN) - buf3->buf_len = MAX_UNISTRLEN; return True; } @@ -607,9 +641,10 @@ BOOL smb_io_buffer5(char *desc, BUFFER5 *buf5, prs_struct *ps, int depth) prs_uint32("buf_len", ps, depth, &(buf5->buf_len)); /* reading: alloc the buffer first */ - if ( ps->io ) - { - buf5->buffer=(uint16 *)malloc( sizeof(uint16)*buf5->buf_len ); + if ( UNMARSHALLING(ps) ) { + buf5->buffer=(uint16 *)prs_alloc_mem(ps, sizeof(uint16)*buf5->buf_len ); + if (buf5->buffer == NULL) + return False; } prs_uint16s(True, "buffer", ps, depth, buf5->buffer, buf5->buf_len); @@ -618,15 +653,6 @@ BOOL smb_io_buffer5(char *desc, BUFFER5 *buf5, prs_struct *ps, int depth) } /******************************************************************* - Frees a BUFFER5 structure (just the malloced part). -********************************************************************/ - -void free_buffer5(BUFFER5 *buf5) -{ - safe_free(buf5->buffer); -} - -/******************************************************************* Inits a BUFFER2 structure. ********************************************************************/ @@ -639,8 +665,17 @@ void init_buffer2(BUFFER2 *str, uint8 *buf, int len) str->undoc = 0; str->buf_len = buf != NULL ? len : 0; - if (buf != NULL) - memcpy(str->buffer, buf, MIN(str->buf_len, sizeof(str->buffer))); + if (buf != NULL) { + if (!parse_misc_talloc) + parse_misc_talloc = talloc_init(); + + if (len < MAX_BUFFERLEN) + len = MAX_BUFFERLEN; + str->buffer = talloc(parse_misc_talloc, len); + if (str->buffer == NULL) + smb_panic("init_buffer2: malloc fail\n"); + memcpy(str->buffer, buf, MIN(str->buf_len, len)); + } } /******************************************************************* @@ -669,12 +704,6 @@ BOOL smb_io_buffer2(char *desc, BUFFER2 *buf2, uint32 buffer, prs_struct *ps, in if(!prs_uint32("buf_len ", ps, depth, &buf2->buf_len)) return False; - /* oops! XXXX maybe issue a warning that this is happening... */ - if (buf2->buf_max_len > MAX_UNISTRLEN) - buf2->buf_max_len = MAX_UNISTRLEN; - if (buf2->buf_len > MAX_UNISTRLEN) - buf2->buf_len = MAX_UNISTRLEN; - /* buffer advanced by indicated length of string NOT by searching for null-termination */ @@ -721,6 +750,21 @@ void copy_unistr2(UNISTR2 *str, UNISTR2 *from) str->undoc = from->undoc; str->uni_str_len = from->uni_str_len; + if (str->buffer == NULL) { + size_t len = from->uni_max_len * 2; + + if (!parse_misc_talloc) + parse_misc_talloc = talloc_init(); + + if (len < MAX_UNISTRLEN) + len = MAX_UNISTRLEN; + len *= sizeof(uint16); + + str->buffer = (uint16 *)talloc(parse_misc_talloc, len); + if (str->buffer == NULL) + smb_panic("copy_unistr2: malloc fail\n"); + } + /* copy the string */ memcpy(str->buffer, from->buffer, sizeof(from->buffer)); } @@ -731,14 +775,23 @@ void copy_unistr2(UNISTR2 *str, UNISTR2 *from) void init_string2(STRING2 *str, char *buf, int len) { - /* set up string lengths. */ - str->str_max_len = len; - str->undoc = 0; - str->str_str_len = len; - - /* store the string */ - if(len != 0) - memcpy(str->buffer, buf, len); + /* set up string lengths. */ + str->str_max_len = len; + str->undoc = 0; + str->str_str_len = len; + + /* store the string */ + if(len != 0) { + if (!parse_misc_talloc) + parse_misc_talloc = talloc_init(); + + if (len < MAX_STRINGLEN) + len = MAX_STRINGLEN; + str->buffer = talloc(parse_misc_talloc, len); + if (str->buffer == NULL) + smb_panic("init_string2: malloc fail\n"); + memcpy(str->buffer, buf, len); + } } /******************************************************************* @@ -768,12 +821,6 @@ BOOL smb_io_string2(char *desc, STRING2 *str2, uint32 buffer, prs_struct *ps, in if(!prs_uint32("str_str_len", ps, depth, &str2->str_str_len)) return False; - /* oops! XXXX maybe issue a warning that this is happening... */ - if (str2->str_max_len > MAX_STRINGLEN) - str2->str_max_len = MAX_STRINGLEN; - if (str2->str_str_len > MAX_STRINGLEN) - str2->str_str_len = MAX_STRINGLEN; - /* buffer advanced by indicated length of string NOT by searching for null-termination */ if(!prs_string2(True, "buffer ", ps, depth, str2)) @@ -803,8 +850,19 @@ void init_unistr2(UNISTR2 *str, const char *buf, size_t len) str->undoc = 0; str->uni_str_len = (uint32)len; + if (!parse_misc_talloc) + parse_misc_talloc = talloc_init(); + + if (len < MAX_UNISTRLEN) + len = MAX_UNISTRLEN; + len *= sizeof(uint16); + + str->buffer = (uint16 *)talloc(parse_misc_talloc, len); + if (str->buffer == NULL) + smb_panic("init_unistr2: malloc fail\n"); + /* store the string (null-terminated 8 bit chars into 16 bit chars) */ - dos_struni2((char *)str->buffer, buf, sizeof(str->buffer)); + dos_struni2((char *)str->buffer, buf, len); } /******************************************************************* @@ -834,12 +892,6 @@ BOOL smb_io_unistr2(char *desc, UNISTR2 *uni2, uint32 buffer, prs_struct *ps, in if(!prs_uint32("uni_str_len", ps, depth, &uni2->uni_str_len)) return False; - /* oops! XXXX maybe issue a warning that this is happening... */ - if (uni2->uni_max_len > MAX_UNISTRLEN) - uni2->uni_max_len = MAX_UNISTRLEN; - if (uni2->uni_str_len > MAX_UNISTRLEN) - uni2->uni_str_len = MAX_UNISTRLEN; - /* buffer advanced by indicated length of string NOT by searching for null-termination */ if(!prs_unistr2(True, "buffer ", ps, depth, uni2)) @@ -957,14 +1009,14 @@ static void init_clnt_srv(DOM_CLNT_SRV *log, char *logon_srv, char *comp_name) if (logon_srv != NULL) { log->undoc_buffer = 1; - init_unistr2(&(log->uni_logon_srv), logon_srv, strlen(logon_srv)+1); + init_unistr2(&log->uni_logon_srv, logon_srv, strlen(logon_srv)+1); } else { log->undoc_buffer = 0; } if (comp_name != NULL) { log->undoc_buffer2 = 1; - init_unistr2(&(log->uni_comp_name), comp_name, strlen(comp_name)+1); + init_unistr2(&log->uni_comp_name, comp_name, strlen(comp_name)+1); } else { log->undoc_buffer2 = 0; } diff --git a/source/rpc_parse/parse_prs.c b/source/rpc_parse/parse_prs.c index 42a3410752e..bf36b5b3467 100644 --- a/source/rpc_parse/parse_prs.c +++ b/source/rpc_parse/parse_prs.c @@ -67,7 +67,7 @@ void prs_debug(prs_struct *ps, int depth, char *desc, char *fn_name) /******************************************************************* Initialise a parse structure - malloc the data if requested. ********************************************************************/ -BOOL prs_init(prs_struct *ps, uint32 size, uint8 align, BOOL io) +BOOL prs_init(prs_struct *ps, uint32 size, uint8 align, TALLOC_CTX *ctx, BOOL io) { ZERO_STRUCTP(ps); ps->io = io; @@ -77,6 +77,7 @@ BOOL prs_init(prs_struct *ps, uint32 size, uint8 align, BOOL io) ps->data_offset = 0; ps->buffer_size = 0; ps->data_p = NULL; + ps->mem_ctx = ctx; if (size != 0) { ps->buffer_size = size; @@ -98,17 +99,12 @@ BOOL prs_read(prs_struct *ps, int fd, size_t len, int timeout) BOOL ok; size_t prev_size = ps->buffer_size; if (!prs_grow(ps, len)) - { return False; - } - if (timeout > 0) - { + if (timeout > 0) { ok = (read_with_timeout(fd, &ps->data_p[prev_size], len, len,timeout) == len); - } - else - { + } else { ok = (read_data(fd, &ps->data_p[prev_size], len) == len); } return ok; @@ -129,6 +125,24 @@ void prs_mem_free(prs_struct *ps) } /******************************************************************* + Allocate memory when unmarshalling... + ********************************************************************/ + +char *prs_alloc_mem(prs_struct *ps, size_t size) +{ + return talloc(ps->mem_ctx, size); +} + +/******************************************************************* + Return the current talloc context we're using. + ********************************************************************/ + +TALLOC_CTX *prs_get_mem_context(prs_struct *ps) +{ + return ps->mem_ctx; +} + +/******************************************************************* Hand some already allocated memory to a prs_struct. ********************************************************************/ @@ -543,11 +557,19 @@ BOOL prs_uint32s(BOOL charmode, char *name, prs_struct *ps, int depth, uint32 *d BOOL prs_buffer2(BOOL charmode, char *name, prs_struct *ps, int depth, BUFFER2 *str) { - char *p = (char *)str->buffer; + char *p; char *q = prs_mem_get(ps, str->buf_len); if (q == NULL) return False; + if (UNMARSHALLING(ps)) { + str->buffer = (uint16 *)prs_alloc_mem(ps,str->buf_len); + if (str->buffer == NULL) + return False; + } + + p = (char *)str->buffer; + /* If we're using big-endian, reverse to get little-endian. */ if(ps->bigendian_data) DBG_RW_PSVAL(charmode, name, depth, ps->data_offset, ps->io, ps->bigendian_data, q, p, str->buf_len/2) @@ -569,6 +591,12 @@ BOOL prs_string2(BOOL charmode, char *name, prs_struct *ps, int depth, STRING2 * if (q == NULL) return False; + if (UNMARSHALLING(ps)) { + str->buffer = prs_alloc_mem(ps,str->str_str_len); + if (str->buffer == NULL) + return False; + } + DBG_RW_PCVAL(charmode, name, depth, ps->data_offset, ps->io, q, str->buffer, str->str_max_len) ps->data_offset += (str->str_str_len * sizeof(uint8)); @@ -583,16 +611,24 @@ BOOL prs_string2(BOOL charmode, char *name, prs_struct *ps, int depth, STRING2 * BOOL prs_unistr2(BOOL charmode, char *name, prs_struct *ps, int depth, UNISTR2 *str) { - char *p = (char *)str->buffer; + char *p; char *q = prs_mem_get(ps, str->uni_str_len * sizeof(uint16)); if (q == NULL) return False; + if (UNMARSHALLING(ps)) { + str->buffer = (uint16 *)prs_alloc_mem(ps,str->uni_str_len * sizeof(uint16)); + if (str->buffer == NULL) + return False; + } + + p = (char *)str->buffer; + /* If we're using big-endian, reverse to get little-endian. */ if(ps->bigendian_data) DBG_RW_PSVAL(charmode, name, depth, ps->data_offset, ps->io, ps->bigendian_data, q, p, str->uni_str_len) else - DBG_RW_PCVAL(charmode, name, depth, ps->data_offset, ps->io, q, p, str->uni_str_len * 2) + DBG_RW_PCVAL(charmode, name, depth, ps->data_offset, ps->io, q, p, str->uni_str_len * sizeof(uint16)) ps->data_offset += (str->uni_str_len * sizeof(uint16)); return True; @@ -608,16 +644,24 @@ BOOL prs_unistr2(BOOL charmode, char *name, prs_struct *ps, int depth, UNISTR2 * BOOL prs_unistr3(BOOL charmode, char *name, UNISTR3 *str, prs_struct *ps, int depth) { - char *p = (char *)str->str.buffer; + char *p; char *q = prs_mem_get(ps, str->uni_str_len * sizeof(uint16)); if (q == NULL) return False; + if (UNMARSHALLING(ps)) { + str->str.buffer = (uint16 *)prs_alloc_mem(ps,str->uni_str_len * sizeof(uint16)); + if (str->str.buffer == NULL) + return False; + } + + p = (char *)str->str.buffer; + /* If we're using big-endian, reverse to get little-endian. */ if(ps->bigendian_data) DBG_RW_PSVAL(charmode, name, depth, ps->data_offset, ps->io, ps->bigendian_data, q, p, str->uni_str_len) else - DBG_RW_PCVAL(charmode, name, depth, ps->data_offset, ps->io, q, p, str->uni_str_len * 2) + DBG_RW_PCVAL(charmode, name, depth, ps->data_offset, ps->io, q, p, str->uni_str_len * sizeof(uint16)) ps->data_offset += (str->uni_str_len * sizeof(uint16)); return True; @@ -638,8 +682,7 @@ BOOL prs_unistr(char *name, prs_struct *ps, int depth, UNISTR *str) if (MARSHALLING(ps)) { - for(len = 0; len < (sizeof(str->buffer) / sizeof(str->buffer[0])) && - str->buffer[len] != 0; len++) + for(len = 0; str->buffer[len] != 0; len++) ; q = prs_mem_get(ps, (len+1)*2); @@ -648,8 +691,7 @@ BOOL prs_unistr(char *name, prs_struct *ps, int depth, UNISTR *str) start = (uint8*)q; - for(len = 0; len < (sizeof(str->buffer) / sizeof(str->buffer[0])) && - str->buffer[len] != 0; len++) + for(len = 0; str->buffer[len] != 0; len++) { if(ps->bigendian_data) { @@ -685,9 +727,27 @@ BOOL prs_unistr(char *name, prs_struct *ps, int depth, UNISTR *str) } else { /* unmarshalling */ + uint32 alloc_len = 0; len = -1; q = prs_data_p(ps) + prs_offset(ps); + /* + * Work out how much space we need and talloc it. + */ + { + uint32 max_len = (ps->buffer_size - ps->data_offset)/sizeof(uint16); + uint16 *ptr; + + for ( ptr = (uint16 *)q; *ptr && (alloc_len <= max_len); alloc_len++) + ; + + str->buffer = (uint16 *)prs_alloc_mem(ps,alloc_len * sizeof(uint16)); + if (str->buffer == NULL) + return False; + + p = (unsigned char *)str->buffer; + } + do { len++; @@ -705,8 +765,7 @@ BOOL prs_unistr(char *name, prs_struct *ps, int depth, UNISTR *str) p++; q++; } - } while (len < (sizeof(str->buffer) / sizeof(str->buffer[0])) && - str->buffer[len] != 0); + } while (len < alloc_len && str->buffer[len] != 0); } ps->data_offset += len*2; @@ -852,7 +911,7 @@ int tdb_prs_store(TDB_CONTEXT *tdb, char *keystr, prs_struct *ps) } /* useful function to fetch a structure into rpc wire format */ -int tdb_prs_fetch(TDB_CONTEXT *tdb, char *keystr, prs_struct *ps) +int tdb_prs_fetch(TDB_CONTEXT *tdb, char *keystr, prs_struct *ps, TALLOC_CTX *mem_ctx) { TDB_DATA kbuf, dbuf; kbuf.dptr = keystr; @@ -862,7 +921,7 @@ int tdb_prs_fetch(TDB_CONTEXT *tdb, char *keystr, prs_struct *ps) if (!dbuf.dptr) return -1; ZERO_STRUCTP(ps); - prs_init(ps, 0, 4, UNMARSHALL); + prs_init(ps, 0, 4, mem_ctx, UNMARSHALL); prs_give_memory(ps, dbuf.dptr, dbuf.dsize, True); return 0; diff --git a/source/rpc_parse/parse_spoolss.c b/source/rpc_parse/parse_spoolss.c index bee8bae8cf1..9ec796d3e7e 100644 --- a/source/rpc_parse/parse_spoolss.c +++ b/source/rpc_parse/parse_spoolss.c @@ -503,6 +503,12 @@ static BOOL spoolss_io_devmode(char *desc, prs_struct *ps, int depth, DEVICEMODE prs_debug(ps, depth, desc, "spoolss_io_devmode"); depth++; + if (UNMARSHALLING(ps)) { + devmode->devicename.buffer = prs_alloc_mem(ps, 32 * sizeof(uint16) ); + if (devmode->devicename.buffer == NULL) + return False; + } + if (!prs_uint16s(True,"devicename", ps, depth, devmode->devicename.buffer, 32)) return False; if (!prs_uint16("specversion", ps, depth, &devmode->specversion)) @@ -541,6 +547,13 @@ static BOOL spoolss_io_devmode(char *desc, prs_struct *ps, int depth, DEVICEMODE return False; if (!prs_uint16("collate", ps, depth, &devmode->collate)) return False; + + if (UNMARSHALLING(ps)) { + devmode->formname.buffer = prs_alloc_mem(ps, 32 * sizeof(uint16) ); + if (devmode->formname.buffer == NULL) + return False; + } + if (!prs_uint16s(True, "formname", ps, depth, devmode->formname.buffer, 32)) return False; if (!prs_uint16("logpixels", ps, depth, &devmode->logpixels)) @@ -683,12 +696,12 @@ BOOL make_spoolss_q_open_printer_ex(SPOOL_Q_OPEN_PRINTER_EX *q_u, { DEBUG(5,("make_spoolss_q_open_printer_ex\n")); q_u->printername_ptr = (printername!=NULL)?1:0; - init_unistr2(&(q_u->printername), printername, strlen(printername)); + init_unistr2(&q_u->printername, printername, strlen(printername)); q_u->printer_default.datatype_ptr = 0; /* q_u->printer_default.datatype_ptr = (datatype!=NULL)?1:0; - init_unistr2(&(q_u->printer_default.datatype), datatype, strlen(datatype)); + init_unistr2(&q_u->printer_default.datatype, datatype, strlen(datatype)); */ q_u->printer_default.devmode_cont.size=0; q_u->printer_default.devmode_cont.devmode_ptr=0; @@ -704,8 +717,8 @@ BOOL make_spoolss_q_open_printer_ex(SPOOL_Q_OPEN_PRINTER_EX *q_u, q_u->user_ctr.user1.major=2; q_u->user_ctr.user1.minor=0; q_u->user_ctr.user1.processor=0; - init_unistr2(&(q_u->user_ctr.user1.client_name), clientname, strlen(clientname)); - init_unistr2(&(q_u->user_ctr.user1.user_name), user_name, strlen(user_name)); + init_unistr2(&q_u->user_ctr.user1.client_name, clientname, strlen(clientname)); + init_unistr2(&q_u->user_ctr.user1.user_name, user_name, strlen(user_name)); return True; } @@ -1432,19 +1445,28 @@ static BOOL new_smb_io_relarraystr(char *desc, NEW_BUFFER *buffer, int depth, ui while (*q!=0) q++; + chaine.buffer = malloc((q-p+1)*sizeof(uint16)); + if (chaine.buffer == NULL) + return False; + memcpy(chaine.buffer, p, (q-p+1)*sizeof(uint16)); buffer->string_at_end -= (q-p+1)*sizeof(uint16); - if(!prs_set_offset(ps, buffer->string_at_end)) + if(!prs_set_offset(ps, buffer->string_at_end)) { + free(chaine.buffer); return False; + } /* write the string */ - if (!spoolss_smb_io_unistr(desc, &chaine, ps, depth)) + if (!spoolss_smb_io_unistr(desc, &chaine, ps, depth)) { + free(chaine.buffer); return False; + } q++; p=q; + free(chaine.buffer); } if(!prs_set_offset(ps, struct_offset)) @@ -1791,7 +1813,7 @@ BOOL new_smb_io_printer_info_2(char *desc, NEW_BUFFER *buffer, PRINTER_INFO_2 *i if (!new_smb_io_relstr("parameters", buffer, depth, &info->parameters)) return False; -#if 0 /* JFMTEST */ +#if 1 /* JFMTEST */ if (!prs_uint32_pre("secdesc_ptr ", ps, depth, NULL, &sec_offset)) return False; #else @@ -1816,7 +1838,7 @@ BOOL new_smb_io_printer_info_2(char *desc, NEW_BUFFER *buffer, PRINTER_INFO_2 *i if (!prs_uint32("averageppm", ps, depth, &info->averageppm)) return False; -#if 0 /* JFMTEST */ +#if 1 /* JFMTEST */ if (!prs_uint32_post("secdesc_ptr", ps, depth, NULL, sec_offset, info->secdesc ? prs_offset(ps)-buffer->struct_start : 0 )) return False; @@ -2121,7 +2143,7 @@ static BOOL new_spoolss_io_buffer(char *desc, prs_struct *ps, int depth, NEW_BUF buffer->string_at_end=0; if (buffer->ptr==0) { - if (!prs_init(&buffer->prs, 0, 4, UNMARSHALL)) + if (!prs_init(&buffer->prs, 0, 4, prs_get_mem_context(ps), UNMARSHALL)) return False; return True; } @@ -2129,7 +2151,7 @@ static BOOL new_spoolss_io_buffer(char *desc, prs_struct *ps, int depth, NEW_BUF if (!prs_uint32("size", ps, depth, &buffer->size)) return False; - if (!prs_init(&buffer->prs, buffer->size, 4, UNMARSHALL)) + if (!prs_init(&buffer->prs, buffer->size, 4, prs_get_mem_context(ps), UNMARSHALL)) return False; if (!prs_append_some_prs_data(&buffer->prs, ps, prs_offset(ps), buffer->size)) @@ -2804,7 +2826,7 @@ BOOL make_spoolss_q_enumprinters(SPOOL_Q_ENUMPRINTERS *q_u, uint32 flags, q_u->flags=flags; q_u->servername_ptr = (servername != NULL) ? 1 : 0; - init_unistr2(&(q_u->servername), servername, strlen(servername)); + init_unistr2(&q_u->servername, servername, strlen(servername)); q_u->level=level; q_u->buffer=buffer; @@ -3654,8 +3676,11 @@ BOOL spool_io_printer_info_level(char *desc, SPOOL_PRINTER_INFO_LEVEL *il, prs_s return False; ZERO_STRUCTP(il->info_1); } - if (!spool_io_printer_info_level_1("", il->info_1, ps, depth)) + if (!spool_io_printer_info_level_1("", il->info_1, ps, depth)) { + if (UNMARSHALLING(ps)) + safe_free(il->info_1); return False; + } break; } case 2: @@ -3664,8 +3689,11 @@ BOOL spool_io_printer_info_level(char *desc, SPOOL_PRINTER_INFO_LEVEL *il, prs_s return False; ZERO_STRUCTP(il->info_2); } - if (!spool_io_printer_info_level_2("", il->info_2, ps, depth)) + if (!spool_io_printer_info_level_2("", il->info_2, ps, depth)) { + if (UNMARSHALLING(ps)) + safe_free(il->info_2); return False; + } break; case 3: { @@ -3674,8 +3702,11 @@ BOOL spool_io_printer_info_level(char *desc, SPOOL_PRINTER_INFO_LEVEL *il, prs_s return False; ZERO_STRUCTP(il->info_3); } - if (!spool_io_printer_info_level_3("", il->info_3, ps, depth)) + if (!spool_io_printer_info_level_3("", il->info_3, ps, depth)) { + if (UNMARSHALLING(ps)) + safe_free(il->info_3); return False; + } break; } } @@ -3839,8 +3870,6 @@ void free_spool_printer_driver_info_level_3(SPOOL_PRINTER_DRIVER_INFO_LEVEL_3 ** if (il == NULL) return; - free_buffer5(&il->dependentfiles); - safe_free(il); } @@ -3985,9 +4014,6 @@ void free_spool_printer_driver_info_level_6(SPOOL_PRINTER_DRIVER_INFO_LEVEL_6 ** if (il == NULL) return; - free_buffer5(&il->dependentfiles); - free_buffer5(&il->previousnames); - safe_free(il); } diff --git a/source/rpc_server/srv_pipe.c b/source/rpc_server/srv_pipe.c index f6746367bb1..6f650c7e5e0 100644 --- a/source/rpc_server/srv_pipe.c +++ b/source/rpc_server/srv_pipe.c @@ -167,17 +167,19 @@ BOOL create_next_pdu(pipes_struct *p) * data. */ - prs_init( &outgoing_pdu, 0, 4, MARSHALL); + prs_init( &outgoing_pdu, 0, 4, p->mem_ctx, MARSHALL); prs_give_memory( &outgoing_pdu, (char *)p->out_data.current_pdu, sizeof(p->out_data.current_pdu), False); /* Store the header in the data stream. */ if(!smb_io_rpc_hdr("hdr", &p->hdr, &outgoing_pdu, 0)) { DEBUG(0,("create_next_pdu: failed to marshall RPC_HDR.\n")); + prs_mem_free(&outgoing_pdu); return False; } if(!smb_io_rpc_hdr_resp("resp", &hdr_resp, &outgoing_pdu, 0)) { DEBUG(0,("create_next_pdu: failed to marshall RPC_HDR_RESP.\n")); + prs_mem_free(&outgoing_pdu); return False; } @@ -189,6 +191,7 @@ BOOL create_next_pdu(pipes_struct *p) if(!prs_append_data(&outgoing_pdu, data_from, data_len)) { DEBUG(0,("create_next_pdu: failed to copy %u bytes of data.\n", (unsigned int)data_len)); + prs_mem_free(&outgoing_pdu); return False; } @@ -216,6 +219,7 @@ BOOL create_next_pdu(pipes_struct *p) (auth_verify ? RPC_HDR_AUTH_LEN : 0), (auth_verify ? 1 : 0)); if(!smb_io_rpc_hdr_auth("hdr_auth", &auth_info, &outgoing_pdu, 0)) { DEBUG(0,("create_next_pdu: failed to marshall RPC_HDR_AUTH.\n")); + prs_mem_free(&outgoing_pdu); return False; } } @@ -230,6 +234,7 @@ BOOL create_next_pdu(pipes_struct *p) auth_data = prs_data_p(&outgoing_pdu) + prs_offset(&outgoing_pdu) + 4; if(!smb_io_rpc_auth_ntlmssp_chk("auth_sign", &ntlmssp_chk, &outgoing_pdu, 0)) { DEBUG(0,("create_next_pdu: failed to marshall RPC_AUTH_NTLMSSP_CHK.\n")); + prs_mem_free(&outgoing_pdu); return False; } NTLMSSPcalc_p(p, (uchar*)auth_data, RPC_AUTH_NTLMSSP_CHK_LEN - 4); @@ -244,6 +249,7 @@ BOOL create_next_pdu(pipes_struct *p) p->out_data.current_pdu_len = p->hdr.frag_len; p->out_data.current_pdu_sent = 0; + prs_mem_free(&outgoing_pdu); return True; } @@ -566,7 +572,7 @@ static BOOL setup_bind_nak(pipes_struct *p) * header and are never sending more than one PDU here. */ - prs_init( &outgoing_rpc, 0, 4, MARSHALL); + prs_init( &outgoing_rpc, 0, 4, p->mem_ctx, MARSHALL); prs_give_memory( &outgoing_rpc, (char *)p->out_data.current_pdu, sizeof(p->out_data.current_pdu), False); @@ -583,6 +589,7 @@ static BOOL setup_bind_nak(pipes_struct *p) if(!smb_io_rpc_hdr("", &nak_hdr, &outgoing_rpc, 0)) { DEBUG(0,("setup_bind_nak: marshalling of RPC_HDR failed.\n")); + prs_mem_free(&outgoing_rpc); return False; } @@ -590,8 +597,10 @@ static BOOL setup_bind_nak(pipes_struct *p) * Now add the reject reason. */ - if(!prs_uint16("reject code", &outgoing_rpc, 0, &zero)) + if(!prs_uint16("reject code", &outgoing_rpc, 0, &zero)) { + prs_mem_free(&outgoing_rpc); return False; + } p->out_data.data_sent_length = 0; p->out_data.current_pdu_len = prs_offset(&outgoing_rpc); @@ -622,7 +631,7 @@ BOOL setup_fault_pdu(pipes_struct *p) * header and are never sending more than one PDU here. */ - prs_init( &outgoing_pdu, 0, 4, MARSHALL); + prs_init( &outgoing_pdu, 0, 4, p->mem_ctx, MARSHALL); prs_give_memory( &outgoing_pdu, (char *)p->out_data.current_pdu, sizeof(p->out_data.current_pdu), False); /* @@ -647,16 +656,19 @@ BOOL setup_fault_pdu(pipes_struct *p) if(!smb_io_rpc_hdr("", &fault_hdr, &outgoing_pdu, 0)) { DEBUG(0,("setup_fault_pdu: marshalling of RPC_HDR failed.\n")); + prs_mem_free(&outgoing_pdu); return False; } if(!smb_io_rpc_hdr_resp("resp", &hdr_resp, &outgoing_pdu, 0)) { DEBUG(0,("setup_fault_pdu: failed to marshall RPC_HDR_RESP.\n")); + prs_mem_free(&outgoing_pdu); return False; } if(!smb_io_rpc_hdr_fault("fault", &fault_resp, &outgoing_pdu, 0)) { DEBUG(0,("setup_fault_pdu: failed to marshall RPC_HDR_FAULT.\n")); + prs_mem_free(&outgoing_pdu); return False; } @@ -664,6 +676,7 @@ BOOL setup_fault_pdu(pipes_struct *p) p->out_data.current_pdu_len = prs_offset(&outgoing_pdu); p->out_data.current_pdu_sent = 0; + prs_mem_free(&outgoing_pdu); return True; } @@ -835,7 +848,7 @@ BOOL api_pipe_bind_req(pipes_struct *p, prs_struct *rpc_in_p) * header and are never sending more than one PDU here. */ - prs_init( &outgoing_rpc, 0, 4, MARSHALL); + prs_init( &outgoing_rpc, 0, 4, p->mem_ctx, MARSHALL); prs_give_memory( &outgoing_rpc, (char *)p->out_data.current_pdu, sizeof(p->out_data.current_pdu), False); /* @@ -843,13 +856,15 @@ BOOL api_pipe_bind_req(pipes_struct *p, prs_struct *rpc_in_p) * auth footers. */ - if(!prs_init(&out_hdr_ba, 1024, 4, MARSHALL)) { + if(!prs_init(&out_hdr_ba, 1024, 4, p->mem_ctx, MARSHALL)) { DEBUG(0,("api_pipe_bind_req: malloc out_hdr_ba failed.\n")); + prs_mem_free(&outgoing_rpc); return False; } - if(!prs_init(&out_auth, 1024, 4, MARSHALL)) { + if(!prs_init(&out_auth, 1024, 4, p->mem_ctx, MARSHALL)) { DEBUG(0,("pi_pipe_bind_req: malloc out_auth failed.\n")); + prs_mem_free(&outgoing_rpc); prs_mem_free(&out_hdr_ba); return False; } @@ -984,6 +999,7 @@ BOOL api_pipe_bind_req(pipes_struct *p, prs_struct *rpc_in_p) err_exit: + prs_mem_free(&outgoing_rpc); prs_mem_free(&out_hdr_ba); prs_mem_free(&out_auth); return False; diff --git a/source/rpc_server/srv_pipe_hnd.c b/source/rpc_server/srv_pipe_hnd.c index faba41b9258..e51bc5ae4d8 100644 --- a/source/rpc_server/srv_pipe_hnd.c +++ b/source/rpc_server/srv_pipe_hnd.c @@ -78,8 +78,10 @@ void init_rpc_pipe_hnd(void) Initialise an outgoing packet. ****************************************************************************/ -static BOOL pipe_init_outgoing_data(output_data *o_data) +static BOOL pipe_init_outgoing_data(pipes_struct *p) { + output_data *o_data = &p->out_data; + /* Reset the offset counters. */ o_data->data_sent_length = 0; o_data->current_pdu_len = 0; @@ -94,7 +96,7 @@ static BOOL pipe_init_outgoing_data(output_data *o_data) * Initialize the outgoing RPC data buffer. * we will use this as the raw data area for replying to rpc requests. */ - if(!prs_init(&o_data->rdata, MAX_PDU_FRAG_LEN, 4, MARSHALL)) { + if(!prs_init(&o_data->rdata, MAX_PDU_FRAG_LEN, 4, p->mem_ctx, MARSHALL)) { DEBUG(0,("pipe_init_outgoing_data: malloc fail.\n")); return False; } @@ -103,60 +105,6 @@ static BOOL pipe_init_outgoing_data(output_data *o_data) } /**************************************************************************** - Attempt to find a remote process to communicate RPC's with. -****************************************************************************/ - -#if 0 - -static void attempt_remote_rpc_connect(pipes_struct *p) -{ - struct user_creds usr; - user_struct *vuser = get_valid_user_struct(p->vuid); - - p->m = NULL; - - if (vuser == NULL) { - DEBUG(4,("attempt_remote_rpc_connect: invalid vuid %d\n", (int)p->vuid)); - return; - } - - ZERO_STRUCT(usr); - - /* set up unix credentials from the smb side, to feed over the pipe */ - make_creds_unix(&usr.uxc, vuser->user.unix_name, vuser->user.smb_name, - vuser->user.full_name, vuser->guest); - usr.ptr_uxc = 1; - make_creds_unix_sec(&usr.uxs, vuser->uid, vuser->gid, - vuser->n_groups, vuser->groups); - usr.ptr_uxs = 1; - - usr.ptr_ssk = 1; - DEBUG(10,("user session key not available (yet).\n")); - DEBUG(10,("password-change operations may fail.\n")); - -#if USER_SESSION_KEY_DEFINED_IN_VUSER_STRUCT - memcpy(usr.usr_sess_key, vuser->usr_sess_key, sizeof(usr.usr_sess_key)); -#else - memset(usr.usr_sess_key, 0, sizeof(usr.usr_sess_key)); -#endif - - /* set up nt credentials from the smb side, to feed over the pipe */ - /* lkclXXXX todo! - make_creds_nt(&usr.ntc); - make_creds_nt_sec(&usr.nts); - */ - - become_root(); /* to connect to pipe */ - p->m = msrpc_use_add(p->name, sys_getpid(), &usr, False); - unbecome_root(); - - if (p->m == NULL) - DEBUG(10,("attempt_remote_rpc_connect: msrpc redirect failed - using local implementation.\n")); -} - -#endif - -/**************************************************************************** Find first available pipe slot. ****************************************************************************/ @@ -196,6 +144,12 @@ pipes_struct *open_rpc_pipe_p(char *pipe_name, ZERO_STRUCTP(p); + if ((p->mem_ctx = talloc_init()) == NULL) { + DEBUG(0,("open_rpc_pipe_p: talloc_init failed.\n")); + free(p); + return NULL; + } + DLIST_ADD(Pipes, p); /* @@ -205,7 +159,7 @@ pipes_struct *open_rpc_pipe_p(char *pipe_name, * change the type to UNMARSALLING before processing the stream. */ - if(!prs_init(&p->in_data.data, MAX_PDU_FRAG_LEN, 4, MARSHALL)) { + if(!prs_init(&p->in_data.data, MAX_PDU_FRAG_LEN, 4, p->mem_ctx, MARSHALL)) { DEBUG(0,("open_rpc_pipe_p: malloc fail for in_data struct.\n")); return NULL; } @@ -250,7 +204,7 @@ pipes_struct *open_rpc_pipe_p(char *pipe_name, /* * Initialize the outgoing RPC data buffer with no memory. */ - prs_init(&p->out_data.rdata, 0, 4, MARSHALL); + prs_init(&p->out_data.rdata, 0, 4, p->mem_ctx, MARSHALL); ZERO_STRUCT(p->pipe_user); @@ -332,7 +286,7 @@ static ssize_t unmarshall_rpc_header(pipes_struct *p) return -1; } - prs_init( &rpc_in, 0, 4, UNMARSHALL); + prs_init( &rpc_in, 0, 4, p->mem_ctx, UNMARSHALL); prs_give_memory( &rpc_in, (char *)&p->in_data.current_in_pdu[0], p->in_data.pdu_received_len, False); @@ -344,6 +298,7 @@ static ssize_t unmarshall_rpc_header(pipes_struct *p) if(!smb_io_rpc_hdr("", &p->hdr, &rpc_in, 0)) { DEBUG(0,("unmarshall_rpc_header: failed to unmarshall RPC_HDR.\n")); set_incoming_fault(p); + prs_mem_free(&rpc_in); return -1; } @@ -354,6 +309,7 @@ static ssize_t unmarshall_rpc_header(pipes_struct *p) if(p->hdr.major != 5 && p->hdr.minor != 0) { DEBUG(0,("unmarshall_rpc_header: invalid major/minor numbers in RPC_HDR.\n")); set_incoming_fault(p); + prs_mem_free(&rpc_in); return -1; } @@ -366,6 +322,7 @@ static ssize_t unmarshall_rpc_header(pipes_struct *p) if((p->hdr.pkt_type == RPC_REQUEST) && (prs_offset(&p->in_data.data) == 0) && !(p->hdr.flags & RPC_FLG_FIRST)) { DEBUG(0,("unmarshall_rpc_header: FIRST flag not set in first PDU !\n")); set_incoming_fault(p); + prs_mem_free(&rpc_in); return -1; } @@ -376,6 +333,7 @@ static ssize_t unmarshall_rpc_header(pipes_struct *p) if((p->hdr.frag_len < RPC_HEADER_LEN) || (p->hdr.frag_len > MAX_PDU_FRAG_LEN)) { DEBUG(0,("unmarshall_rpc_header: assert on frag length failed.\n")); set_incoming_fault(p); + prs_mem_free(&rpc_in); return -1; } @@ -394,6 +352,8 @@ static ssize_t unmarshall_rpc_header(pipes_struct *p) memset((char *)&p->in_data.current_in_pdu[0], '\0', RPC_HEADER_LEN); + prs_mem_free(&rpc_in); + return 0; /* No extra data processed. */ } @@ -505,7 +465,7 @@ authentication failed. Denying the request.\n", p->name)); * Process the complete data stream here. */ - if(pipe_init_outgoing_data(&p->out_data)) + if(pipe_init_outgoing_data(p)) ret = api_pipe_request(p); /* @@ -536,6 +496,14 @@ static ssize_t process_complete_pdu(pipes_struct *p) char *data_p = (char *)&p->in_data.current_in_pdu[0]; BOOL reply = False; + if (p->mem_ctx) { + talloc_destroy_pool(p->mem_ctx); + } else { + p->mem_ctx = talloc_init(); + if (p->mem_ctx == NULL) + p->fault_state = True; + } + if(p->fault_state) { DEBUG(10,("process_complete_pdu: pipe %s in fault state.\n", p->name )); @@ -544,7 +512,7 @@ static ssize_t process_complete_pdu(pipes_struct *p) return (ssize_t)data_len; } - prs_init( &rpc_in, 0, 4, UNMARSHALL); + prs_init( &rpc_in, 0, 4, p->mem_ctx, UNMARSHALL); prs_give_memory( &rpc_in, data_p, (uint32)data_len, False); DEBUG(10,("process_complete_pdu: processing packet type %u\n", @@ -556,14 +524,14 @@ static ssize_t process_complete_pdu(pipes_struct *p) /* * We assume that a pipe bind is only in one pdu. */ - if(pipe_init_outgoing_data(&p->out_data)) + if(pipe_init_outgoing_data(p)) reply = api_pipe_bind_req(p, &rpc_in); break; case RPC_BINDRESP: /* * We assume that a pipe bind_resp is only in one pdu. */ - if(pipe_init_outgoing_data(&p->out_data)) + if(pipe_init_outgoing_data(p)) reply = api_pipe_bind_auth_resp(p, &rpc_in); break; case RPC_REQUEST: @@ -578,6 +546,7 @@ static ssize_t process_complete_pdu(pipes_struct *p) DEBUG(3,("process_complete_pdu: DCE/RPC fault sent on pipe %s\n", p->pipe_srv_name)); set_incoming_fault(p); setup_fault_pdu(p); + prs_mem_free(&rpc_in); } else { /* * Reset the lengths. We're ready for a new pdu. @@ -586,6 +555,7 @@ static ssize_t process_complete_pdu(pipes_struct *p) p->in_data.pdu_received_len = 0; } + prs_mem_free(&rpc_in); return (ssize_t)data_len; } @@ -687,14 +657,7 @@ ssize_t write_to_pipe(pipes_struct *p, char *data, size_t n) DEBUG(10,("write_to_pipe: data_left = %u\n", (unsigned int)data_left )); - /* - * Deal with the redirect to the remote RPC daemon. - */ - - if(p->m) - data_used = write(p->m->fd, data, data_left); - else - data_used = process_incoming_data(p, data, data_left); + data_used = process_incoming_data(p, data, data_left); DEBUG(10,("write_to_pipe: data_used = %d\n", (int)data_used )); @@ -709,70 +672,6 @@ ssize_t write_to_pipe(pipes_struct *p, char *data, size_t n) } /**************************************************************************** - Gets data from a remote TNG daemon. Gets data from the remote daemon into - the outgoing prs_struct. - - NB. Note to Luke : This code will be broken until Luke implements a length - field before reply data... - -****************************************************************************/ - -static BOOL read_from_remote(pipes_struct *p) -{ - uint32 data_len; - uint32 data_len_left; - - if(prs_offset(&p->out_data.rdata) == 0) { - - ssize_t len = 0; - - /* - * Read all the reply data as a stream of pre-created - * PDU's from the remote deamon into the rdata struct. - */ - - /* - * Create the response data buffer. - */ - - if(!pipe_init_outgoing_data(&p->out_data)) { - DEBUG(0,("read_from_remote: failed to create outgoing buffer.\n")); - return False; - } - - /* Read from remote here. */ - if((len = read_with_timeout(p->m->fd, prs_data_p(&p->out_data.rdata), 1, 65536, 10000)) < 0) { - DEBUG(0,("read_from_remote: failed to read from external daemon.\n")); - prs_mem_free(&p->out_data.rdata); - return False; - } - - /* Set the length we got. */ - prs_set_offset(&p->out_data.rdata, (uint32)len); - } - - /* - * The amount we send is the minimum of the available - * space and the amount left to send. - */ - - data_len_left = prs_offset(&p->out_data.rdata) - p->out_data.data_sent_length; - - /* - * Ensure there really is data left to send. - */ - - if(!data_len_left) { - DEBUG(0,("read_from_remote: no data left to send !\n")); - return False; - } - - data_len = MIN(data_len_left, MAX_PDU_FRAG_LEN); - - return False; /* Notfinished... */ -} - -/**************************************************************************** Replies to a request to read data from a pipe. Headers are interspersed with the data at PDU intervals. By the time @@ -844,28 +743,16 @@ returning %d bytes.\n", p->name, (unsigned int)p->out_data.current_pdu_len, return 0; } - if(p->m) { - /* - * Remote to the RPC daemon. - */ - if(!read_from_remote(p)) { - DEBUG(0,("read_from_pipe: %s: read_from_remote failed.\n", p->name )); - return -1; - } - - } else { - - /* - * We need to create a new PDU from the data left in p->rdata. - * Create the header/data/footers. This also sets up the fields - * p->current_pdu_len, p->current_pdu_sent, p->data_sent_length - * and stores the outgoing PDU in p->current_pdu. - */ + /* + * We need to create a new PDU from the data left in p->rdata. + * Create the header/data/footers. This also sets up the fields + * p->current_pdu_len, p->current_pdu_sent, p->data_sent_length + * and stores the outgoing PDU in p->current_pdu. + */ - if(!create_next_pdu(p)) { - DEBUG(0,("read_from_pipe: %s: create_next_pdu failed.\n", p->name)); - return -1; - } + if(!create_next_pdu(p)) { + DEBUG(0,("read_from_pipe: %s: create_next_pdu failed.\n", p->name)); + return -1; } data_returned = MIN(n, p->out_data.current_pdu_len); @@ -937,18 +824,13 @@ BOOL close_rpc_pipe_hnd(pipes_struct *p, connection_struct *conn) prs_mem_free(&p->out_data.rdata); prs_mem_free(&p->in_data.data); + if (p->mem_ctx) + talloc_destroy(p->mem_ctx); + bitmap_clear(bmap, p->pnum - pipe_handle_offset); pipes_open--; - if (p->m != NULL) { - DEBUG(4,("close_rpc_pipe_hnd: closing msrpc redirect: ")); - if (msrpc_use_del(p->m->pipe_name, &p->m->usr, False, NULL)) - DEBUG(4,("OK\n")); - else - DEBUG(4,("FAILED\n")); - } - DEBUG(4,("closed pipe name %s pnum=%x (pipes_open=%d)\n", p->name, p->pnum, pipes_open)); diff --git a/source/rpc_server/srv_spoolss_nt.c b/source/rpc_server/srv_spoolss_nt.c index 76dff789c6e..c9d81e1cba4 100644 --- a/source/rpc_server/srv_spoolss_nt.c +++ b/source/rpc_server/srv_spoolss_nt.c @@ -2490,7 +2490,7 @@ uint32 _spoolss_getprinter(POLICY_HND *handle, uint32 level, ********************************************************************/ static void fill_printer_driver_info_1(DRIVER_INFO_1 *info, NT_PRINTER_DRIVER_INFO_LEVEL driver, fstring servername, fstring architecture) { - init_unistr( &(info->name), driver.info_3->name); + init_unistr( &info->name, driver.info_3->name); } /******************************************************************** @@ -3336,7 +3336,7 @@ static BOOL fill_job_info_2(JOB_INFO_2 *job_info, print_queue_struct *queue, snprintf(chaine, sizeof(chaine)-1, "\\\\%s\\%s", global_myname, ntprinter->info_2->printername); - init_unistr(&(job_info->printername), chaine); + init_unistr(&job_info->printername, chaine); init_unistr(&job_info->machinename, temp_name); init_unistr(&job_info->username, queue->user); @@ -4506,7 +4506,7 @@ static uint32 enumprintprocessors_level_1(NEW_BUFFER *buffer, uint32 offered, ui (*returned) = 0x1; - init_unistr(&(info_1->name), "winprint"); + init_unistr(&info_1->name, "winprint"); *needed += spoolss_size_printprocessor_info_1(info_1); @@ -4565,7 +4565,7 @@ static uint32 enumprintprocdatatypes_level_1(NEW_BUFFER *buffer, uint32 offered, (*returned) = 0x1; - init_unistr(&(info_1->name), "RAW"); + init_unistr(&info_1->name, "RAW"); *needed += spoolss_size_printprocdatatype_info_1(info_1); @@ -4617,7 +4617,7 @@ static uint32 enumprintmonitors_level_1(NEW_BUFFER *buffer, uint32 offered, uint (*returned) = 0x1; - init_unistr(&(info_1->name), "Local Port"); + init_unistr(&info_1->name, "Local Port"); *needed += spoolss_size_printmonitor_info_1(info_1); @@ -4648,9 +4648,9 @@ static uint32 enumprintmonitors_level_2(NEW_BUFFER *buffer, uint32 offered, uint (*returned) = 0x1; - init_unistr(&(info_2->name), "Local Port"); - init_unistr(&(info_2->environment), "Windows NT X86"); - init_unistr(&(info_2->dll_name), "localmon.dll"); + init_unistr(&info_2->name, "Local Port"); + init_unistr(&info_2->environment, "Windows NT X86"); + init_unistr(&info_2->dll_name, "localmon.dll"); *needed += spoolss_size_printmonitor_info_2(info_2); diff --git a/source/smbd/nttrans.c b/source/smbd/nttrans.c index 4e4e418efdc..4673c87f588 100644 --- a/source/smbd/nttrans.c +++ b/source/smbd/nttrans.c @@ -1496,6 +1496,7 @@ static int call_nt_transact_query_security_desc(connection_struct *conn, prs_struct pd; SEC_DESC *psd = NULL; size_t sd_size; + TALLOC_CTX *mem_ctx; files_struct *fsp = file_fsp(params,0); @@ -1544,7 +1545,13 @@ static int call_nt_transact_query_security_desc(connection_struct *conn, * Init the parse struct we will marshall into. */ - prs_init(&pd, 0, 4, MARSHALL); + if ((mem_ctx = talloc_init()) == NULL) { + DEBUG(0,("call_nt_transact_query_security_desc: talloc_init failed.\n")); + free_sec_desc(&psd); + return(ERROR(ERRDOS,ERRnomem)); + } + + prs_init(&pd, 0, 4, mem_ctx, MARSHALL); /* * Setup the prs_struct to point at the memory we just @@ -1564,6 +1571,7 @@ security descriptor.\n")); /* * Return access denied for want of a better error message.. */ + talloc_destroy(mem_ctx); return(UNIXERROR(ERRDOS,ERRnoaccess)); } @@ -1572,6 +1580,7 @@ security descriptor.\n")); */ free_sec_desc(&psd); + talloc_destroy(mem_ctx); send_nt_replies(inbuf, outbuf, bufsize, 0, params, 4, data, (int)sd_size); return -1; @@ -1594,6 +1603,7 @@ static int call_nt_transact_set_security_desc(connection_struct *conn, uint32 total_data_count = (uint32)IVAL(inbuf, smb_nts_TotalDataCount); files_struct *fsp = NULL; uint32 security_info_sent = 0; + TALLOC_CTX *mem_ctx; if(!lp_nt_acl_support()) return(UNIXERROR(ERRDOS,ERRnoaccess)); @@ -1613,7 +1623,12 @@ static int call_nt_transact_set_security_desc(connection_struct *conn, * Init the parse struct we will unmarshall from. */ - prs_init(&pd, 0, 4, UNMARSHALL); + if ((mem_ctx = talloc_init()) == NULL) { + DEBUG(0,("call_nt_transact_query_security_desc: talloc_init failed.\n")); + return(ERROR(ERRDOS,ERRnomem)); + } + + prs_init(&pd, 0, 4, mem_ctx, UNMARSHALL); /* * Setup the prs_struct to point at the memory we just @@ -1633,15 +1648,18 @@ security descriptor.\n")); /* * Return access denied for want of a better error message.. */ + talloc_destroy(mem_ctx); return(UNIXERROR(ERRDOS,ERRnoaccess)); } if (!set_nt_acl(fsp, security_info_sent, psd)) { free_sec_desc(&psd); + talloc_destroy(mem_ctx); return(UNIXERROR(ERRDOS,ERRnoaccess)); } free_sec_desc(&psd); + talloc_destroy(mem_ctx); send_nt_replies(inbuf, outbuf, bufsize, 0, NULL, 0, NULL, 0); return -1; } diff --git a/source/smbd/process.c b/source/smbd/process.c index 3c85c053127..2662db5896f 100644 --- a/source/smbd/process.c +++ b/source/smbd/process.c @@ -1042,6 +1042,7 @@ void smbd_process(void) /* free up temporary memory */ lp_talloc_free(); + parse_talloc_free(); while (!receive_message_or_smb(InBuffer,BUFFER_SIZE,select_timeout)) { if(!timeout_processing( deadtime, &select_timeout, &last_timeout_processing_time)) |