summaryrefslogtreecommitdiffstats
path: root/source/smbd
diff options
context:
space:
mode:
Diffstat (limited to 'source/smbd')
-rw-r--r--source/smbd/blocking.c4
-rw-r--r--source/smbd/conn.c2
-rw-r--r--source/smbd/dir.c6
-rw-r--r--source/smbd/fake_file.c2
-rw-r--r--source/smbd/fileio.c4
-rw-r--r--source/smbd/files.c2
-rw-r--r--source/smbd/ipc.c8
-rw-r--r--source/smbd/lanman.c129
-rw-r--r--source/smbd/mangle_hash.c4
-rw-r--r--source/smbd/mangle_hash2.c18
-rw-r--r--source/smbd/msdfs.c13
-rw-r--r--source/smbd/notify.c2
-rw-r--r--source/smbd/ntquotas.c6
-rw-r--r--source/smbd/nttrans.c21
-rw-r--r--source/smbd/open.c2
-rw-r--r--source/smbd/oplock.c4
-rw-r--r--source/smbd/password.c8
-rw-r--r--source/smbd/posix_acls.c29
-rw-r--r--source/smbd/process.c7
-rw-r--r--source/smbd/reply.c4
-rw-r--r--source/smbd/sec_ctx.c4
-rw-r--r--source/smbd/session.c6
-rw-r--r--source/smbd/statcache.c6
-rw-r--r--source/smbd/trans2.c40
-rw-r--r--source/smbd/vfs.c8
25 files changed, 178 insertions, 161 deletions
diff --git a/source/smbd/blocking.c b/source/smbd/blocking.c
index e143999a785..0e71174a2ee 100644
--- a/source/smbd/blocking.c
+++ b/source/smbd/blocking.c
@@ -106,12 +106,12 @@ BOOL push_blocking_lock_request( char *inbuf, int length, int lock_timeout,
* the expiration time here.
*/
- if((blr = (blocking_lock_record *)malloc(sizeof(blocking_lock_record))) == NULL) {
+ if((blr = SMB_MALLOC_P(blocking_lock_record)) == NULL) {
DEBUG(0,("push_blocking_lock_request: Malloc fail !\n" ));
return False;
}
- if((blr->inbuf = (char *)malloc(length)) == NULL) {
+ if((blr->inbuf = (char *)SMB_MALLOC(length)) == NULL) {
DEBUG(0,("push_blocking_lock_request: Malloc fail (2)!\n" ));
SAFE_FREE(blr);
return False;
diff --git a/source/smbd/conn.c b/source/smbd/conn.c
index 34e19a3ca6b..6b5942f7f66 100644
--- a/source/smbd/conn.c
+++ b/source/smbd/conn.c
@@ -132,7 +132,7 @@ find_again:
return NULL;
}
- if ((conn=(connection_struct *)talloc_zero(mem_ctx, sizeof(*conn)))==NULL) {
+ if ((conn=TALLOC_ZERO_P(mem_ctx, connection_struct))==NULL) {
DEBUG(0,("talloc_zero() failed!\n"));
return NULL;
}
diff --git a/source/smbd/dir.c b/source/smbd/dir.c
index 2bda42f76dc..f721bf3ba8a 100644
--- a/source/smbd/dir.c
+++ b/source/smbd/dir.c
@@ -407,7 +407,7 @@ int dptr_create(connection_struct *conn, pstring path, BOOL old_handle, BOOL exp
if (dptrs_open >= MAX_OPEN_DIRECTORIES)
dptr_idleoldest();
- dptr = (dptr_struct *)malloc(sizeof(dptr_struct));
+ dptr = SMB_MALLOC_P(dptr_struct);
if(!dptr) {
DEBUG(0,("malloc fail in dptr_create.\n"));
return -1;
@@ -819,7 +819,7 @@ void *OpenDir(connection_struct *conn, const char *name, BOOL use_veto)
if (!p)
return(NULL);
- dirp = (Dir *)malloc(sizeof(Dir));
+ dirp = SMB_MALLOC_P(Dir);
if (!dirp) {
DEBUG(0,("Out of memory in OpenDir\n"));
SMB_VFS_CLOSEDIR(conn,p);
@@ -900,7 +900,7 @@ void *OpenDir(connection_struct *conn, const char *name, BOOL use_veto)
if (used + l > dirp->mallocsize) {
int s = MAX(used+l,used+2000);
char *r;
- r = (char *)Realloc(dirp->data,s);
+ r = (char *)SMB_REALLOC(dirp->data,s);
if (!r) {
DEBUG(0,("Out of memory in OpenDir\n"));
break;
diff --git a/source/smbd/fake_file.c b/source/smbd/fake_file.c
index fc874dc0867..53aac1e0364 100644
--- a/source/smbd/fake_file.c
+++ b/source/smbd/fake_file.c
@@ -132,7 +132,7 @@ struct _FAKE_FILE_HANDLE *init_fake_file_handle(enum FAKE_FILE_TYPE type)
return NULL;
}
- if ((fh =(FAKE_FILE_HANDLE *)talloc_zero(mem_ctx, sizeof(FAKE_FILE_HANDLE)))==NULL) {
+ if ((fh =TALLOC_ZERO_P(mem_ctx, FAKE_FILE_HANDLE))==NULL) {
DEBUG(0,("talloc_zero() failed.\n"));
talloc_destroy(mem_ctx);
return NULL;
diff --git a/source/smbd/fileio.c b/source/smbd/fileio.c
index b9fe1ad1cfc..bc62683eaee 100644
--- a/source/smbd/fileio.c
+++ b/source/smbd/fileio.c
@@ -662,7 +662,7 @@ static BOOL setup_write_cache(files_struct *fsp, SMB_OFF_T file_size)
if(alloc_size == 0 || fsp->wcp)
return False;
- if((wcp = (write_cache *)malloc(sizeof(write_cache))) == NULL) {
+ if((wcp = SMB_MALLOC_P(write_cache)) == NULL) {
DEBUG(0,("setup_write_cache: malloc fail.\n"));
return False;
}
@@ -671,7 +671,7 @@ static BOOL setup_write_cache(files_struct *fsp, SMB_OFF_T file_size)
wcp->offset = 0;
wcp->alloc_size = alloc_size;
wcp->data_size = 0;
- if((wcp->data = malloc(wcp->alloc_size)) == NULL) {
+ if((wcp->data = SMB_MALLOC(wcp->alloc_size)) == NULL) {
DEBUG(0,("setup_write_cache: malloc fail for buffer size %u.\n",
(unsigned int)wcp->alloc_size ));
SAFE_FREE(wcp);
diff --git a/source/smbd/files.c b/source/smbd/files.c
index 580dc545452..ecf39c2b54f 100644
--- a/source/smbd/files.c
+++ b/source/smbd/files.c
@@ -93,7 +93,7 @@ files_struct *file_new(connection_struct *conn)
return NULL;
}
- fsp = (files_struct *)malloc(sizeof(*fsp));
+ fsp = SMB_MALLOC_P(files_struct);
if (!fsp) {
unix_ERR_class = ERRSRV;
unix_ERR_code = ERRnofids;
diff --git a/source/smbd/ipc.c b/source/smbd/ipc.c
index e5465b902c8..ec8176e1234 100644
--- a/source/smbd/ipc.c
+++ b/source/smbd/ipc.c
@@ -165,7 +165,7 @@ void send_trans_reply(char *outbuf,
static BOOL api_rpc_trans_reply(char *outbuf, smb_np_struct *p)
{
BOOL is_data_outstanding;
- char *rdata = malloc(p->max_trans_reply);
+ char *rdata = SMB_MALLOC(p->max_trans_reply);
int data_len;
if(rdata == NULL) {
@@ -389,7 +389,7 @@ int reply_trans(connection_struct *conn, char *inbuf,char *outbuf, int size, int
goto bad_param;
if (tdscnt) {
- if((data = (char *)malloc(tdscnt)) == NULL) {
+ if((data = (char *)SMB_MALLOC(tdscnt)) == NULL) {
DEBUG(0,("reply_trans: data malloc fail for %u bytes !\n", tdscnt));
END_PROFILE(SMBtrans);
return(ERROR_DOS(ERRDOS,ERRnomem));
@@ -404,7 +404,7 @@ int reply_trans(connection_struct *conn, char *inbuf,char *outbuf, int size, int
}
if (tpscnt) {
- if((params = (char *)malloc(tpscnt)) == NULL) {
+ if((params = (char *)SMB_MALLOC(tpscnt)) == NULL) {
DEBUG(0,("reply_trans: param malloc fail for %u bytes !\n", tpscnt));
SAFE_FREE(data);
END_PROFILE(SMBtrans);
@@ -421,7 +421,7 @@ int reply_trans(connection_struct *conn, char *inbuf,char *outbuf, int size, int
if (suwcnt) {
unsigned int i;
- if((setup = (uint16 *)malloc(suwcnt*sizeof(uint16))) == NULL) {
+ if((setup = SMB_MALLOC_ARRAY(uint16,suwcnt)) == NULL) {
DEBUG(0,("reply_trans: setup malloc fail for %u bytes !\n", (unsigned int)(suwcnt * sizeof(uint16))));
SAFE_FREE(data);
SAFE_FREE(params);
diff --git a/source/smbd/lanman.c b/source/smbd/lanman.c
index e7aa05b54a6..f4dad2ddb9c 100644
--- a/source/smbd/lanman.c
+++ b/source/smbd/lanman.c
@@ -753,7 +753,7 @@ static BOOL api_DosPrintQGetInfo(connection_struct *conn,
*/
*rdata_len = 0;
*rparam_len = 6;
- *rparam = REALLOC(*rparam,*rparam_len);
+ *rparam = SMB_REALLOC_LIMIT(*rparam,*rparam_len);
SSVALS(*rparam,0,ERRunknownlevel);
SSVAL(*rparam,2,0);
SSVAL(*rparam,4,0);
@@ -780,7 +780,7 @@ static BOOL api_DosPrintQGetInfo(connection_struct *conn,
}
if (mdrcnt > 0) {
- *rdata = REALLOC(*rdata,mdrcnt);
+ *rdata = SMB_REALLOC_LIMIT(*rdata,mdrcnt);
desc.base = *rdata;
desc.buflen = mdrcnt;
} else {
@@ -789,7 +789,7 @@ static BOOL api_DosPrintQGetInfo(connection_struct *conn,
* init_package will return wrong size if buflen=0
*/
desc.buflen = getlen(desc.format);
- desc.base = tmpdata = (char *) malloc (desc.buflen);
+ desc.base = tmpdata = (char *) SMB_MALLOC (desc.buflen);
}
if (init_package(&desc,1,count)) {
@@ -809,7 +809,7 @@ static BOOL api_DosPrintQGetInfo(connection_struct *conn,
*rdata_len = desc.usedlen;
*rparam_len = 6;
- *rparam = REALLOC(*rparam,*rparam_len);
+ *rparam = SMB_REALLOC_LIMIT(*rparam,*rparam_len);
SSVALS(*rparam,0,desc.errcode);
SSVAL(*rparam,2,0);
SSVAL(*rparam,4,desc.neededlen);
@@ -857,7 +857,7 @@ static BOOL api_DosPrintQEnum(connection_struct *conn, uint16 vuid, char* param,
*/
*rdata_len = 0;
*rparam_len = 6;
- *rparam = REALLOC(*rparam,*rparam_len);
+ *rparam = SMB_REALLOC_LIMIT(*rparam,*rparam_len);
SSVALS(*rparam,0,ERRunknownlevel);
SSVAL(*rparam,2,0);
SSVAL(*rparam,4,0);
@@ -869,17 +869,17 @@ static BOOL api_DosPrintQEnum(connection_struct *conn, uint16 vuid, char* param,
if (lp_snum_ok(i) && lp_print_ok(i) && lp_browseable(i))
queuecnt++;
if (uLevel > 0) {
- if((queue = (print_queue_struct**)malloc(queuecnt*sizeof(print_queue_struct*))) == NULL) {
+ if((queue = SMB_MALLOC_ARRAY(print_queue_struct*, queuecnt)) == NULL) {
DEBUG(0,("api_DosPrintQEnum: malloc fail !\n"));
return False;
}
memset(queue,0,queuecnt*sizeof(print_queue_struct*));
- if((status = (print_status_struct*)malloc(queuecnt*sizeof(print_status_struct))) == NULL) {
+ if((status = SMB_MALLOC_ARRAY(print_status_struct,queuecnt)) == NULL) {
DEBUG(0,("api_DosPrintQEnum: malloc fail !\n"));
return False;
}
memset(status,0,queuecnt*sizeof(print_status_struct));
- if((subcntarr = (int*)malloc(queuecnt*sizeof(int))) == NULL) {
+ if((subcntarr = SMB_MALLOC_ARRAY(int,queuecnt)) == NULL) {
DEBUG(0,("api_DosPrintQEnum: malloc fail !\n"));
return False;
}
@@ -892,7 +892,7 @@ static BOOL api_DosPrintQEnum(connection_struct *conn, uint16 vuid, char* param,
n++;
}
}
- if (mdrcnt > 0) *rdata = REALLOC(*rdata,mdrcnt);
+ if (mdrcnt > 0) *rdata = SMB_REALLOC_LIMIT(*rdata,mdrcnt);
desc.base = *rdata;
desc.buflen = mdrcnt;
@@ -911,7 +911,7 @@ static BOOL api_DosPrintQEnum(connection_struct *conn, uint16 vuid, char* param,
*rdata_len = desc.usedlen;
*rparam_len = 8;
- *rparam = REALLOC(*rparam,*rparam_len);
+ *rparam = SMB_REALLOC_LIMIT(*rparam,*rparam_len);
SSVALS(*rparam,0,desc.errcode);
SSVAL(*rparam,2,0);
SSVAL(*rparam,4,succnt);
@@ -995,8 +995,7 @@ static int get_server_info(uint32 servertype,
struct srv_info_struct *ts;
alloced += 10;
- ts = (struct srv_info_struct *)
- Realloc(*servers,sizeof(**servers)*alloced);
+ ts = SMB_REALLOC_ARRAY(*servers,struct srv_info_struct, alloced);
if (!ts) {
DEBUG(0,("get_server_info: failed to enlarge servers info struct!\n"));
return(0);
@@ -1242,7 +1241,7 @@ static BOOL api_RNetServerEnum(connection_struct *conn, uint16 vuid, char *param
}
*rdata_len = fixed_len + string_len;
- *rdata = REALLOC(*rdata,*rdata_len);
+ *rdata = SMB_REALLOC_LIMIT(*rdata,*rdata_len);
memset(*rdata,'\0',*rdata_len);
p2 = (*rdata) + fixed_len; /* auxilliary data (strings) will go here */
@@ -1266,7 +1265,7 @@ static BOOL api_RNetServerEnum(connection_struct *conn, uint16 vuid, char *param
}
*rparam_len = 8;
- *rparam = REALLOC(*rparam,*rparam_len);
+ *rparam = SMB_REALLOC_LIMIT(*rparam,*rparam_len);
SSVAL(*rparam,0,(missed == 0 ? NERR_Success : ERRmoredata));
SSVAL(*rparam,2,0);
SSVAL(*rparam,4,counted);
@@ -1303,7 +1302,7 @@ static BOOL api_RNetGroupGetUsers(connection_struct *conn, uint16 vuid, char *pa
*rdata_len = 0;
*rparam_len = 8;
- *rparam = REALLOC(*rparam,*rparam_len);
+ *rparam = SMB_REALLOC_LIMIT(*rparam,*rparam_len);
SSVAL(*rparam,0,0x08AC); /* informational warning message */
SSVAL(*rparam,2,0);
@@ -1449,13 +1448,13 @@ static BOOL api_RNetShareGetInfo(connection_struct *conn,uint16 vuid, char *para
if (!prefix_ok(str1,"zWrLh")) return False;
if (!check_share_info(uLevel,str2)) return False;
- *rdata = REALLOC(*rdata,mdrcnt);
+ *rdata = SMB_REALLOC_LIMIT(*rdata,mdrcnt);
p = *rdata;
*rdata_len = fill_share_info(conn,snum,uLevel,&p,&mdrcnt,0,0,0);
if (*rdata_len < 0) return False;
*rparam_len = 6;
- *rparam = REALLOC(*rparam,*rparam_len);
+ *rparam = SMB_REALLOC_LIMIT(*rparam,*rparam_len);
SSVAL(*rparam,0,NERR_Success);
SSVAL(*rparam,2,0); /* converter word */
SSVAL(*rparam,4,*rdata_len);
@@ -1520,7 +1519,7 @@ static BOOL api_RNetShareEnum( connection_struct *conn,
}
}
*rdata_len = fixed_len + string_len;
- *rdata = REALLOC(*rdata,*rdata_len);
+ *rdata = SMB_REALLOC_LIMIT(*rdata,*rdata_len);
memset(*rdata,0,*rdata_len);
p2 = (*rdata) + fixed_len; /* auxiliary data (strings) will go here */
@@ -1541,7 +1540,7 @@ static BOOL api_RNetShareEnum( connection_struct *conn,
}
*rparam_len = 8;
- *rparam = REALLOC(*rparam,*rparam_len);
+ *rparam = SMB_REALLOC_LIMIT(*rparam,*rparam_len);
SSVAL(*rparam,0,missed ? ERRmoredata : NERR_Success);
SSVAL(*rparam,2,0);
SSVAL(*rparam,4,counted);
@@ -1627,7 +1626,7 @@ static BOOL api_RNetShareAdd(connection_struct *conn,uint16 vuid, char *param,ch
} else return False;
*rparam_len = 6;
- *rparam = REALLOC(*rparam,*rparam_len);
+ *rparam = SMB_REALLOC_LIMIT(*rparam,*rparam_len);
SSVAL(*rparam,0,NERR_Success);
SSVAL(*rparam,2,0); /* converter word */
SSVAL(*rparam,4,*rdata_len);
@@ -1637,7 +1636,7 @@ static BOOL api_RNetShareAdd(connection_struct *conn,uint16 vuid, char *param,ch
error_exit:
*rparam_len = 4;
- *rparam = REALLOC(*rparam,*rparam_len);
+ *rparam = SMB_REALLOC_LIMIT(*rparam,*rparam_len);
*rdata_len = 0;
SSVAL(*rparam,0,res);
SSVAL(*rparam,2,0);
@@ -1692,7 +1691,7 @@ static BOOL api_RNetGroupEnum(connection_struct *conn,uint16 vuid, char *param,c
DEBUG(10,("api_RNetGroupEnum:resume context: %d, client buffer size: %d\n", resume_context, cli_buf_size));
*rdata_len = cli_buf_size;
- *rdata = REALLOC(*rdata,*rdata_len);
+ *rdata = SMB_REALLOC_LIMIT(*rdata,*rdata_len);
p = *rdata;
@@ -1714,7 +1713,7 @@ static BOOL api_RNetGroupEnum(connection_struct *conn,uint16 vuid, char *param,c
*rdata_len = PTR_DIFF(p,*rdata);
*rparam_len = 8;
- *rparam = REALLOC(*rparam,*rparam_len);
+ *rparam = SMB_REALLOC_LIMIT(*rparam,*rparam_len);
SSVAL(*rparam, 0, errflags);
SSVAL(*rparam, 2, 0); /* converter word */
@@ -1750,7 +1749,7 @@ static BOOL api_NetUserGetGroups(connection_struct *conn,uint16 vuid, char *para
DOM_SID sid, dom_sid;
*rparam_len = 8;
- *rparam = REALLOC(*rparam,*rparam_len);
+ *rparam = SMB_REALLOC_LIMIT(*rparam,*rparam_len);
/* check it's a supported varient */
@@ -1769,7 +1768,7 @@ static BOOL api_NetUserGetGroups(connection_struct *conn,uint16 vuid, char *para
return False;
*rdata_len = mdrcnt + 1024;
- *rdata = REALLOC(*rdata,*rdata_len);
+ *rdata = SMB_REALLOC_LIMIT(*rdata,*rdata_len);
SSVAL(*rparam,0,NERR_Success);
SSVAL(*rparam,2,0); /* converter word */
@@ -1864,14 +1863,14 @@ static BOOL api_RNetUserEnum(connection_struct *conn,uint16 vuid, char *param,ch
DEBUG(10,("api_RNetUserEnum:resume context: %d, client buffer size: %d\n", resume_context, cli_buf_size));
*rparam_len = 8;
- *rparam = REALLOC(*rparam,*rparam_len);
+ *rparam = SMB_REALLOC_LIMIT(*rparam,*rparam_len);
/* check it's a supported varient */
if (strcmp("B21",str2) != 0)
return False;
*rdata_len = cli_buf_size;
- *rdata = REALLOC(*rdata,*rdata_len);
+ *rdata = SMB_REALLOC_LIMIT(*rdata,*rdata_len);
p = *rdata;
@@ -1934,10 +1933,10 @@ static BOOL api_NetRemoteTOD(connection_struct *conn,uint16 vuid, char *param,ch
{
char *p;
*rparam_len = 4;
- *rparam = REALLOC(*rparam,*rparam_len);
+ *rparam = SMB_REALLOC_LIMIT(*rparam,*rparam_len);
*rdata_len = 21;
- *rdata = REALLOC(*rdata,*rdata_len);
+ *rdata = SMB_REALLOC_LIMIT(*rdata,*rdata_len);
SSVAL(*rparam,0,NERR_Success);
SSVAL(*rparam,2,0); /* converter word */
@@ -1996,7 +1995,7 @@ static BOOL api_SetUserPassword(connection_struct *conn,uint16 vuid, char *param
memcpy(pass2,p+16,16);
*rparam_len = 4;
- *rparam = REALLOC(*rparam,*rparam_len);
+ *rparam = SMB_REALLOC_LIMIT(*rparam,*rparam_len);
*rdata_len = 0;
@@ -2068,7 +2067,7 @@ static BOOL api_SamOEMChangePassword(connection_struct *conn,uint16 vuid, char *
fstring user;
char *p = param + 2;
*rparam_len = 2;
- *rparam = REALLOC(*rparam,*rparam_len);
+ *rparam = SMB_REALLOC_LIMIT(*rparam,*rparam_len);
*rdata_len = 0;
@@ -2135,7 +2134,7 @@ static BOOL api_RDosPrintJobDel(connection_struct *conn,uint16 vuid, char *param
return(False);
*rparam_len = 4;
- *rparam = REALLOC(*rparam,*rparam_len);
+ *rparam = SMB_REALLOC_LIMIT(*rparam,*rparam_len);
*rdata_len = 0;
if (!print_job_exists(sharename, jobid)) {
@@ -2192,7 +2191,7 @@ static BOOL api_WPrintQueueCtrl(connection_struct *conn,uint16 vuid, char *param
return(False);
*rparam_len = 4;
- *rparam = REALLOC(*rparam,*rparam_len);
+ *rparam = SMB_REALLOC_LIMIT(*rparam,*rparam_len);
*rdata_len = 0;
snum = print_queue_snum(QueueName);
@@ -2266,7 +2265,7 @@ static BOOL api_PrintJobInfo(connection_struct *conn,uint16 vuid,char *param,cha
if(!rap_to_pjobid(SVAL(p,0), sharename, &jobid))
return False;
*rparam_len = 4;
- *rparam = REALLOC(*rparam,*rparam_len);
+ *rparam = SMB_REALLOC_LIMIT(*rparam,*rparam_len);
if ( (snum = lp_servicenumber(sharename)) == -1 ) {
DEBUG(0,("api_PrintJobInfo: unable to get service number from sharename [%s]\n",
@@ -2367,7 +2366,7 @@ static BOOL api_RNetServerGetInfo(connection_struct *conn,uint16 vuid, char *par
}
*rdata_len = mdrcnt;
- *rdata = REALLOC(*rdata,*rdata_len);
+ *rdata = SMB_REALLOC_LIMIT(*rdata,*rdata_len);
p = *rdata;
p2 = p + struct_len;
@@ -2416,7 +2415,7 @@ static BOOL api_RNetServerGetInfo(connection_struct *conn,uint16 vuid, char *par
*rdata_len = PTR_DIFF(p2,*rdata);
*rparam_len = 6;
- *rparam = REALLOC(*rparam,*rparam_len);
+ *rparam = SMB_REALLOC_LIMIT(*rparam,*rparam_len);
SSVAL(*rparam,0,NERR_Success);
SSVAL(*rparam,2,0); /* converter word */
SSVAL(*rparam,4,*rdata_len);
@@ -2443,14 +2442,14 @@ static BOOL api_NetWkstaGetInfo(connection_struct *conn,uint16 vuid, char *param
DEBUG(4,("NetWkstaGetInfo level %d\n",level));
*rparam_len = 6;
- *rparam = REALLOC(*rparam,*rparam_len);
+ *rparam = SMB_REALLOC_LIMIT(*rparam,*rparam_len);
/* check it's a supported varient */
if (!(level==10 && strcsequal(str1,"WrLh") && strcsequal(str2,"zzzBBzz")))
return(False);
*rdata_len = mdrcnt + 1024;
- *rdata = REALLOC(*rdata,*rdata_len);
+ *rdata = SMB_REALLOC_LIMIT(*rdata,*rdata_len);
SSVAL(*rparam,0,NERR_Success);
SSVAL(*rparam,2,0); /* converter word */
@@ -2689,7 +2688,7 @@ static BOOL api_RNetUserGetInfo(connection_struct *conn,uint16 vuid, char *param
vuser->user.unix_name));
*rparam_len = 6;
- *rparam = REALLOC(*rparam,*rparam_len);
+ *rparam = SMB_REALLOC_LIMIT(*rparam,*rparam_len);
DEBUG(4,("RNetUserGetInfo level=%d\n", uLevel));
@@ -2708,7 +2707,7 @@ static BOOL api_RNetUserGetInfo(connection_struct *conn,uint16 vuid, char *param
if (strcmp(level_string,str2) != 0) return False;
*rdata_len = mdrcnt + 1024;
- *rdata = REALLOC(*rdata,*rdata_len);
+ *rdata = SMB_REALLOC_LIMIT(*rdata,*rdata_len);
SSVAL(*rparam,0,NERR_Success);
SSVAL(*rparam,2,0); /* converter word */
@@ -2855,7 +2854,7 @@ static BOOL api_WWkstaUserLogon(connection_struct *conn,uint16 vuid, char *param
/* check it's a supported varient */
if (strcmp(str1,"OOWb54WrLh") != 0) return False;
if (uLevel != 1 || strcmp(str2,"WB21BWDWWDDDDDDDzzzD") != 0) return False;
- if (mdrcnt > 0) *rdata = REALLOC(*rdata,mdrcnt);
+ if (mdrcnt > 0) *rdata = SMB_REALLOC_LIMIT(*rdata,mdrcnt);
desc.base = *rdata;
desc.buflen = mdrcnt;
desc.subformat = NULL;
@@ -2894,7 +2893,7 @@ static BOOL api_WWkstaUserLogon(connection_struct *conn,uint16 vuid, char *param
*rdata_len = desc.usedlen;
*rparam_len = 6;
- *rparam = REALLOC(*rparam,*rparam_len);
+ *rparam = SMB_REALLOC_LIMIT(*rparam,*rparam_len);
SSVALS(*rparam,0,desc.errcode);
SSVAL(*rparam,2,0);
SSVAL(*rparam,4,desc.neededlen);
@@ -2924,7 +2923,7 @@ static BOOL api_WAccessGetUserPerms(connection_struct *conn,uint16 vuid, char *p
if (strcmp(str2,"") != 0) return False;
*rparam_len = 6;
- *rparam = REALLOC(*rparam,*rparam_len);
+ *rparam = SMB_REALLOC_LIMIT(*rparam,*rparam_len);
SSVALS(*rparam,0,0); /* errorcode */
SSVAL(*rparam,2,0); /* converter word */
SSVAL(*rparam,4,0x7f); /* permission flags */
@@ -2976,7 +2975,7 @@ static BOOL api_WPrintJobGetInfo(connection_struct *conn,uint16 vuid, char *para
}
if (mdrcnt > 0) {
- *rdata = REALLOC(*rdata,mdrcnt);
+ *rdata = SMB_REALLOC_LIMIT(*rdata,mdrcnt);
desc.base = *rdata;
desc.buflen = mdrcnt;
} else {
@@ -2985,7 +2984,7 @@ static BOOL api_WPrintJobGetInfo(connection_struct *conn,uint16 vuid, char *para
* init_package will return wrong size if buflen=0
*/
desc.buflen = getlen(desc.format);
- desc.base = tmpdata = (char *)malloc ( desc.buflen );
+ desc.base = tmpdata = (char *)SMB_MALLOC( desc.buflen );
}
if (init_package(&desc,1,0)) {
@@ -3000,7 +2999,7 @@ static BOOL api_WPrintJobGetInfo(connection_struct *conn,uint16 vuid, char *para
}
*rparam_len = 6;
- *rparam = REALLOC(*rparam,*rparam_len);
+ *rparam = SMB_REALLOC_LIMIT(*rparam,*rparam_len);
SSVALS(*rparam,0,desc.errcode);
SSVAL(*rparam,2,0);
SSVAL(*rparam,4,desc.neededlen);
@@ -3054,7 +3053,7 @@ static BOOL api_WPrintJobEnumerate(connection_struct *conn,uint16 vuid, char *pa
if (snum < 0 || !VALID_SNUM(snum)) return(False);
count = print_queue_status(snum,&queue,&status);
- if (mdrcnt > 0) *rdata = REALLOC(*rdata,mdrcnt);
+ if (mdrcnt > 0) *rdata = SMB_REALLOC_LIMIT(*rdata,mdrcnt);
desc.base = *rdata;
desc.buflen = mdrcnt;
@@ -3069,7 +3068,7 @@ static BOOL api_WPrintJobEnumerate(connection_struct *conn,uint16 vuid, char *pa
*rdata_len = desc.usedlen;
*rparam_len = 8;
- *rparam = REALLOC(*rparam,*rparam_len);
+ *rparam = SMB_REALLOC_LIMIT(*rparam,*rparam_len);
SSVALS(*rparam,0,desc.errcode);
SSVAL(*rparam,2,0);
SSVAL(*rparam,4,succnt);
@@ -3170,7 +3169,7 @@ static BOOL api_WPrintDestGetInfo(connection_struct *conn,uint16 vuid, char *par
}
else {
if (mdrcnt > 0) {
- *rdata = REALLOC(*rdata,mdrcnt);
+ *rdata = SMB_REALLOC_LIMIT(*rdata,mdrcnt);
desc.base = *rdata;
desc.buflen = mdrcnt;
} else {
@@ -3179,7 +3178,7 @@ static BOOL api_WPrintDestGetInfo(connection_struct *conn,uint16 vuid, char *par
* init_package will return wrong size if buflen=0
*/
desc.buflen = getlen(desc.format);
- desc.base = tmpdata = (char *)malloc ( desc.buflen );
+ desc.base = tmpdata = (char *)SMB_MALLOC( desc.buflen );
}
if (init_package(&desc,1,0)) {
fill_printdest_info(conn,snum,uLevel,&desc);
@@ -3188,7 +3187,7 @@ static BOOL api_WPrintDestGetInfo(connection_struct *conn,uint16 vuid, char *par
}
*rparam_len = 6;
- *rparam = REALLOC(*rparam,*rparam_len);
+ *rparam = SMB_REALLOC_LIMIT(*rparam,*rparam_len);
SSVALS(*rparam,0,desc.errcode);
SSVAL(*rparam,2,0);
SSVAL(*rparam,4,desc.neededlen);
@@ -3227,7 +3226,7 @@ static BOOL api_WPrintDestEnum(connection_struct *conn,uint16 vuid, char *param,
if (lp_snum_ok(i) && lp_print_ok(i) && lp_browseable(i))
queuecnt++;
- if (mdrcnt > 0) *rdata = REALLOC(*rdata,mdrcnt);
+ if (mdrcnt > 0) *rdata = SMB_REALLOC_LIMIT(*rdata,mdrcnt);
desc.base = *rdata;
desc.buflen = mdrcnt;
if (init_package(&desc,queuecnt,0)) {
@@ -3245,7 +3244,7 @@ static BOOL api_WPrintDestEnum(connection_struct *conn,uint16 vuid, char *param,
*rdata_len = desc.usedlen;
*rparam_len = 8;
- *rparam = REALLOC(*rparam,*rparam_len);
+ *rparam = SMB_REALLOC_LIMIT(*rparam,*rparam_len);
SSVALS(*rparam,0,desc.errcode);
SSVAL(*rparam,2,0);
SSVAL(*rparam,4,succnt);
@@ -3277,7 +3276,7 @@ static BOOL api_WPrintDriverEnum(connection_struct *conn,uint16 vuid, char *para
if (strcmp(str1,"WrLeh") != 0) return False;
if (uLevel != 0 || strcmp(str2,"B41") != 0) return False;
- if (mdrcnt > 0) *rdata = REALLOC(*rdata,mdrcnt);
+ if (mdrcnt > 0) *rdata = SMB_REALLOC_LIMIT(*rdata,mdrcnt);
desc.base = *rdata;
desc.buflen = mdrcnt;
if (init_package(&desc,1,0)) {
@@ -3289,7 +3288,7 @@ static BOOL api_WPrintDriverEnum(connection_struct *conn,uint16 vuid, char *para
*rdata_len = desc.usedlen;
*rparam_len = 8;
- *rparam = REALLOC(*rparam,*rparam_len);
+ *rparam = SMB_REALLOC_LIMIT(*rparam,*rparam_len);
SSVALS(*rparam,0,desc.errcode);
SSVAL(*rparam,2,0);
SSVAL(*rparam,4,succnt);
@@ -3321,7 +3320,7 @@ static BOOL api_WPrintQProcEnum(connection_struct *conn,uint16 vuid, char *param
if (strcmp(str1,"WrLeh") != 0) return False;
if (uLevel != 0 || strcmp(str2,"B13") != 0) return False;
- if (mdrcnt > 0) *rdata = REALLOC(*rdata,mdrcnt);
+ if (mdrcnt > 0) *rdata = SMB_REALLOC_LIMIT(*rdata,mdrcnt);
desc.base = *rdata;
desc.buflen = mdrcnt;
desc.format = str2;
@@ -3334,7 +3333,7 @@ static BOOL api_WPrintQProcEnum(connection_struct *conn,uint16 vuid, char *param
*rdata_len = desc.usedlen;
*rparam_len = 8;
- *rparam = REALLOC(*rparam,*rparam_len);
+ *rparam = SMB_REALLOC_LIMIT(*rparam,*rparam_len);
SSVALS(*rparam,0,desc.errcode);
SSVAL(*rparam,2,0);
SSVAL(*rparam,4,succnt);
@@ -3366,7 +3365,7 @@ static BOOL api_WPrintPortEnum(connection_struct *conn,uint16 vuid, char *param,
if (strcmp(str1,"WrLeh") != 0) return False;
if (uLevel != 0 || strcmp(str2,"B9") != 0) return False;
- if (mdrcnt > 0) *rdata = REALLOC(*rdata,mdrcnt);
+ if (mdrcnt > 0) *rdata = SMB_REALLOC_LIMIT(*rdata,mdrcnt);
memset((char *)&desc,'\0',sizeof(desc));
desc.base = *rdata;
desc.buflen = mdrcnt;
@@ -3380,7 +3379,7 @@ static BOOL api_WPrintPortEnum(connection_struct *conn,uint16 vuid, char *param,
*rdata_len = desc.usedlen;
*rparam_len = 8;
- *rparam = REALLOC(*rparam,*rparam_len);
+ *rparam = SMB_REALLOC_LIMIT(*rparam,*rparam_len);
SSVALS(*rparam,0,desc.errcode);
SSVAL(*rparam,2,0);
SSVAL(*rparam,4,succnt);
@@ -3422,7 +3421,7 @@ static BOOL api_RNetSessionEnum(connection_struct *conn,uint16 vuid, char *param
num_sessions = list_sessions(&session_list);
- if (mdrcnt > 0) *rdata = REALLOC(*rdata,mdrcnt);
+ if (mdrcnt > 0) *rdata = SMB_REALLOC_LIMIT(*rdata,mdrcnt);
memset((char *)&desc,'\0',sizeof(desc));
desc.base = *rdata;
desc.buflen = mdrcnt;
@@ -3446,7 +3445,7 @@ static BOOL api_RNetSessionEnum(connection_struct *conn,uint16 vuid, char *param
*rdata_len = desc.usedlen;
*rparam_len = 8;
- *rparam = REALLOC(*rparam,*rparam_len);
+ *rparam = SMB_REALLOC_LIMIT(*rparam,*rparam_len);
SSVALS(*rparam,0,desc.errcode);
SSVAL(*rparam,2,0); /* converter */
SSVAL(*rparam,4,num_sessions); /* count */
@@ -3466,7 +3465,7 @@ static BOOL api_TooSmall(connection_struct *conn,uint16 vuid, char *param,char *
int *rdata_len,int *rparam_len)
{
*rparam_len = MIN(*rparam_len,mprcnt);
- *rparam = REALLOC(*rparam,*rparam_len);
+ *rparam = SMB_REALLOC_LIMIT(*rparam,*rparam_len);
*rdata_len = 0;
@@ -3488,7 +3487,7 @@ static BOOL api_Unsupported(connection_struct *conn,uint16 vuid, char *param,cha
int *rdata_len,int *rparam_len)
{
*rparam_len = 4;
- *rparam = REALLOC(*rparam,*rparam_len);
+ *rparam = SMB_REALLOC_LIMIT(*rparam,*rparam_len);
*rdata_len = 0;
@@ -3595,11 +3594,11 @@ int api_reply(connection_struct *conn,uint16 vuid,char *outbuf,char *data,char *
return ERROR_NT(NT_STATUS_ACCESS_DENIED);
}
- rdata = (char *)malloc(1024);
+ rdata = (char *)SMB_MALLOC(1024);
if (rdata)
memset(rdata,'\0',1024);
- rparam = (char *)malloc(1024);
+ rparam = (char *)SMB_MALLOC(1024);
if (rparam)
memset(rparam,'\0',1024);
diff --git a/source/smbd/mangle_hash.c b/source/smbd/mangle_hash.c
index 26ddf1b3a3d..0067023e610 100644
--- a/source/smbd/mangle_hash.c
+++ b/source/smbd/mangle_hash.c
@@ -476,7 +476,7 @@ static BOOL check_cache( char *s, size_t maxlen )
if(data_val.dptr == NULL || data_val.dsize == 0) {
ext_start = strrchr( s, '.' );
if( ext_start ) {
- if((saved_ext = strdup(ext_start)) == NULL)
+ if((saved_ext = SMB_STRDUP(ext_start)) == NULL)
return False;
*ext_start = '\0';
@@ -624,7 +624,7 @@ static void name_map(char *OutName, BOOL need83, BOOL cache83, int default_case)
/* mangle it into 8.3 */
if (cache83)
- tmp = strdup(OutName);
+ tmp = SMB_STRDUP(OutName);
to_8_3(OutName, default_case);
diff --git a/source/smbd/mangle_hash2.c b/source/smbd/mangle_hash2.c
index c6ad1215b09..4896cfb17be 100644
--- a/source/smbd/mangle_hash2.c
+++ b/source/smbd/mangle_hash2.c
@@ -153,13 +153,19 @@ static u32 mangle_hash(const char *key, unsigned int length)
*/
static BOOL cache_init(void)
{
- if (prefix_cache) return True;
+ if (prefix_cache) {
+ return True;
+ }
- prefix_cache = calloc(MANGLE_CACHE_SIZE, sizeof(char *));
- if (!prefix_cache) return False;
+ prefix_cache = SMB_CALLOC_ARRAY(char *,MANGLE_CACHE_SIZE);
+ if (!prefix_cache) {
+ return False;
+ }
- prefix_cache_hashes = calloc(MANGLE_CACHE_SIZE, sizeof(u32));
- if (!prefix_cache_hashes) return False;
+ prefix_cache_hashes = SMB_CALLOC_ARRAY(u32, MANGLE_CACHE_SIZE);
+ if (!prefix_cache_hashes) {
+ return False;
+ }
return True;
}
@@ -175,7 +181,7 @@ static void cache_insert(const char *prefix, int length, u32 hash)
free(prefix_cache[i]);
}
- prefix_cache[i] = strndup(prefix, length);
+ prefix_cache[i] = SMB_STRNDUP(prefix, length);
prefix_cache_hashes[i] = hash;
}
diff --git a/source/smbd/msdfs.c b/source/smbd/msdfs.c
index 6c132897f98..b5ae7486d38 100644
--- a/source/smbd/msdfs.c
+++ b/source/smbd/msdfs.c
@@ -189,7 +189,7 @@ static BOOL parse_symlink(char* buf,struct referral** preflist,
DEBUG(10,("parse_symlink: count=%d\n", count));
- reflist = *preflist = (struct referral*) malloc(count * sizeof(struct referral));
+ reflist = *preflist = SMB_MALLOC_ARRAY(struct referral, count);
if(reflist == NULL) {
DEBUG(0,("parse_symlink: Malloc failed!\n"));
return False;
@@ -417,7 +417,7 @@ static BOOL self_ref(char *pathname, struct junction_map *jucn,
*self_referralp = True;
jucn->referral_count = 1;
- if((ref = (struct referral*) malloc(sizeof(struct referral))) == NULL) {
+ if((ref = SMB_MALLOC_P(struct referral)) == NULL) {
DEBUG(0,("self_ref: malloc failed for referral\n"));
return False;
}
@@ -503,7 +503,7 @@ BOOL get_referred_path(char *pathname, struct junction_map *jucn,
self_referralp);
jucn->referral_count = 1;
- if ((ref = (struct referral*) malloc(sizeof(struct referral))) == NULL) {
+ if ((ref = SMB_MALLOC_P(struct referral)) == NULL) {
DEBUG(0, ("malloc failed for referral\n"));
goto out;
}
@@ -595,7 +595,7 @@ static int setup_ver2_dfs_referral(char* pathname, char** ppdata,
/* add the unexplained 0x16 bytes */
reply_size += 0x16;
- pdata = Realloc(pdata,reply_size);
+ pdata = SMB_REALLOC(pdata,reply_size);
if(pdata == NULL) {
DEBUG(0,("malloc failed for Realloc!\n"));
return -1;
@@ -676,7 +676,7 @@ static int setup_ver3_dfs_referral(char* pathname, char** ppdata,
reply_size += (strlen(junction->referral_list[i].alternate_path)+1)*2;
}
- pdata = Realloc(pdata,reply_size);
+ pdata = SMB_REALLOC(pdata,reply_size);
if(pdata == NULL) {
DEBUG(0,("version3 referral setup: malloc failed for Realloc!\n"));
return -1;
@@ -962,8 +962,7 @@ static BOOL form_junctions(int snum, struct junction_map* jucn, int* jn_count)
jucn[cnt].volume_name[0] = '\0';
jucn[cnt].referral_count = 1;
- ref = jucn[cnt].referral_list
- = (struct referral*) malloc(sizeof(struct referral));
+ ref = jucn[cnt].referral_list = SMB_MALLOC_P(struct referral);
if (jucn[cnt].referral_list == NULL) {
DEBUG(0, ("Malloc failed!\n"));
goto out;
diff --git a/source/smbd/notify.c b/source/smbd/notify.c
index 9adf827c794..92b86f350c7 100644
--- a/source/smbd/notify.c
+++ b/source/smbd/notify.c
@@ -178,7 +178,7 @@ BOOL change_notify_set(char *inbuf, files_struct *fsp, connection_struct *conn,
{
struct change_notify *cnbp;
- if((cnbp = (struct change_notify *)malloc(sizeof(*cnbp))) == NULL) {
+ if((cnbp = SMB_MALLOC_P(struct change_notify)) == NULL) {
DEBUG(0,("change_notify_set: malloc fail !\n" ));
return -1;
}
diff --git a/source/smbd/ntquotas.c b/source/smbd/ntquotas.c
index 555f32d773f..8fbf858008b 100644
--- a/source/smbd/ntquotas.c
+++ b/source/smbd/ntquotas.c
@@ -199,14 +199,14 @@ int vfs_get_user_ntquota_list(files_struct *fsp, SMB_NTQUOTA_LIST **qt_list)
DEBUG(15,("quota entry for id[%s] path[%s]\n",
sid_string_static(&sid),fsp->conn->connectpath));
- if ((tmp_list_ent=(SMB_NTQUOTA_LIST *)talloc_zero(mem_ctx,sizeof(SMB_NTQUOTA_LIST)))==NULL) {
+ if ((tmp_list_ent=TALLOC_ZERO_P(mem_ctx,SMB_NTQUOTA_LIST))==NULL) {
DEBUG(0,("talloc_zero() failed\n"));
*qt_list = NULL;
talloc_destroy(mem_ctx);
return (-1);
}
- if ((tmp_list_ent->quotas=(SMB_NTQUOTA_STRUCT *)talloc_zero(mem_ctx,sizeof(SMB_NTQUOTA_STRUCT)))==NULL) {
+ if ((tmp_list_ent->quotas=TALLOC_ZERO_P(mem_ctx,SMB_NTQUOTA_STRUCT))==NULL) {
DEBUG(0,("talloc_zero() failed\n"));
*qt_list = NULL;
talloc_destroy(mem_ctx);
@@ -232,7 +232,7 @@ void *init_quota_handle(TALLOC_CTX *mem_ctx)
if (!mem_ctx)
return False;
- qt_handle = (SMB_NTQUOTA_HANDLE *)talloc_zero(mem_ctx,sizeof(SMB_NTQUOTA_HANDLE));
+ qt_handle = TALLOC_ZERO_P(mem_ctx,SMB_NTQUOTA_HANDLE);
if (qt_handle==NULL) {
DEBUG(0,("talloc_zero() failed\n"));
return NULL;
diff --git a/source/smbd/nttrans.c b/source/smbd/nttrans.c
index eaaf68d6895..755b5abb160 100644
--- a/source/smbd/nttrans.c
+++ b/source/smbd/nttrans.c
@@ -58,11 +58,12 @@ static char *nttrans_realloc(char **ptr, size_t size)
if (ptr==NULL)
smb_panic("nttrans_realloc() called with NULL ptr\n");
- tptr = Realloc_zero(*ptr, size);
+ tptr = SMB_REALLOC(*ptr, size);
if(tptr == NULL) {
*ptr = NULL;
return NULL;
}
+ memset(tptr,'\0',size);
*ptr = tptr;
@@ -2141,7 +2142,7 @@ static int call_nt_transact_ioctl(connection_struct *conn, char *inbuf, char *ou
return ERROR_NT(NT_STATUS_NO_MEMORY);
}
- shadow_data = (SHADOW_COPY_DATA *)talloc_zero(shadow_mem_ctx,sizeof(SHADOW_COPY_DATA));
+ shadow_data = TALLOC_ZERO_P(shadow_mem_ctx,SHADOW_COPY_DATA);
if (shadow_data == NULL) {
DEBUG(0,("talloc_zero() failed!\n"));
return ERROR_NT(NT_STATUS_NO_MEMORY);
@@ -2452,6 +2453,10 @@ static int call_nt_transact_get_user_quota(connection_struct *conn, char *inbuf,
}
sid_len = IVAL(pdata,4);
+ /* Ensure this is less than 1mb. */
+ if (sid_len > (1024*1024)) {
+ return ERROR_DOS(ERRDOS,ERRnomem);
+ }
if (data_count < 8+sid_len) {
DEBUG(0,("TRANSACT_GET_USER_QUOTA_FOR_SID: requires %d >= %lu bytes data\n",data_count,(unsigned long)(8+sid_len)));
@@ -2707,14 +2712,20 @@ due to being in oplock break state.\n", (unsigned int)function_code ));
goto bad_param;
}
+ /* Don't allow more than 128mb for each value. */
+ if ((total_parameter_count > (1024*1024*128)) || (total_data_count > (1024*1024*128))) {
+ END_PROFILE(SMBnttrans);
+ return ERROR_DOS(ERRDOS,ERRnomem);
+ }
+
/* Allocate the space for the setup, the maximum needed parameters and data */
if(setup_count > 0)
- setup = (char *)malloc(setup_count);
+ setup = (char *)SMB_MALLOC(setup_count);
if (total_parameter_count > 0)
- params = (char *)malloc(total_parameter_count);
+ params = (char *)SMB_MALLOC(total_parameter_count);
if (total_data_count > 0)
- data = (char *)malloc(total_data_count);
+ data = (char *)SMB_MALLOC(total_data_count);
if ((total_parameter_count && !params) || (total_data_count && !data) ||
(setup_count && !setup)) {
diff --git a/source/smbd/open.c b/source/smbd/open.c
index 55970493fa1..278c195f10f 100644
--- a/source/smbd/open.c
+++ b/source/smbd/open.c
@@ -681,7 +681,7 @@ dev = %x, inode = %.0f\n", old_shares[i].op_type, fname, (unsigned int)dev, (dou
return -1;
}
- broken_entry = malloc(sizeof(struct share_mode_entry_list));
+ broken_entry = SMB_MALLOC_P(struct share_mode_entry_list);
if (!broken_entry) {
smb_panic("open_mode_check: malloc fail.\n");
}
diff --git a/source/smbd/oplock.c b/source/smbd/oplock.c
index 1ffc798b1fc..3ebf93e5608 100644
--- a/source/smbd/oplock.c
+++ b/source/smbd/oplock.c
@@ -740,12 +740,12 @@ static BOOL oplock_break(SMB_DEV_T dev, SMB_INO_T inode, unsigned long file_id,
* messages crossing on the wire.
*/
- if((inbuf = (char *)malloc(BUFFER_SIZE + LARGE_WRITEX_HDR_SIZE + SAFETY_MARGIN))==NULL) {
+ if((inbuf = (char *)SMB_MALLOC(BUFFER_SIZE + LARGE_WRITEX_HDR_SIZE + SAFETY_MARGIN))==NULL) {
DEBUG(0,("oplock_break: malloc fail for input buffer.\n"));
return False;
}
- if((outbuf = (char *)malloc(BUFFER_SIZE + LARGE_WRITEX_HDR_SIZE + SAFETY_MARGIN))==NULL) {
+ if((outbuf = (char *)SMB_MALLOC(BUFFER_SIZE + LARGE_WRITEX_HDR_SIZE + SAFETY_MARGIN))==NULL) {
DEBUG(0,("oplock_break: malloc fail for output buffer.\n"));
SAFE_FREE(inbuf);
return False;
diff --git a/source/smbd/password.c b/source/smbd/password.c
index eb389d7013d..213ef98ea34 100644
--- a/source/smbd/password.c
+++ b/source/smbd/password.c
@@ -139,7 +139,7 @@ int register_vuid(auth_serversupplied_info *server_info, DATA_BLOB session_key,
return UID_FIELD_INVALID;
}
- if((vuser = (user_struct *)malloc( sizeof(user_struct) )) == NULL) {
+ if((vuser = SMB_MALLOC_P(user_struct)) == NULL) {
DEBUG(0,("Failed to malloc users struct!\n"));
data_blob_free(&session_key);
return UID_FIELD_INVALID;
@@ -316,7 +316,7 @@ void add_session_user(const char *user)
DEBUG(3,("add_session_user: session userlist already too large.\n"));
return;
}
- newlist = Realloc( session_userlist, len_session_userlist + PSTRING_LEN );
+ newlist = SMB_REALLOC( session_userlist, len_session_userlist + PSTRING_LEN );
if( newlist == NULL ) {
DEBUG(1,("Unable to resize session_userlist\n"));
return;
@@ -498,9 +498,9 @@ BOOL authorise_login(int snum, fstring user, DATA_BLOB password,
char *user_list = NULL;
if ( session_userlist )
- user_list = strdup(session_userlist);
+ user_list = SMB_STRDUP(session_userlist);
else
- user_list = strdup("");
+ user_list = SMB_STRDUP("");
if (!user_list)
return(False);
diff --git a/source/smbd/posix_acls.c b/source/smbd/posix_acls.c
index 0ba4437303d..321d5e20ab4 100644
--- a/source/smbd/posix_acls.c
+++ b/source/smbd/posix_acls.c
@@ -166,7 +166,7 @@ static char *create_pai_buf(canon_ace *file_ace_list, canon_ace *dir_ace_list, B
*store_size = PAI_ENTRIES_BASE + ((num_entries + num_def_entries)*PAI_ENTRY_LENGTH);
- pai_buf = malloc(*store_size);
+ pai_buf = SMB_MALLOC(*store_size);
if (!pai_buf) {
return NULL;
}
@@ -343,7 +343,7 @@ static struct pai_val *create_pai_val(char *buf, size_t size)
if (!check_pai_ok(buf, size))
return NULL;
- paiv = malloc(sizeof(struct pai_val));
+ paiv = SMB_MALLOC_P(struct pai_val);
if (!paiv)
return NULL;
@@ -362,7 +362,7 @@ static struct pai_val *create_pai_val(char *buf, size_t size)
for (i = 0; i < paiv->num_entries; i++) {
struct pai_entry *paie;
- paie = malloc(sizeof(struct pai_entry));
+ paie = SMB_MALLOC_P(struct pai_entry);
if (!paie) {
free_inherited_info(paiv);
return NULL;
@@ -393,7 +393,7 @@ static struct pai_val *create_pai_val(char *buf, size_t size)
for (i = 0; i < paiv->num_def_entries; i++) {
struct pai_entry *paie;
- paie = malloc(sizeof(struct pai_entry));
+ paie = SMB_MALLOC_P(struct pai_entry);
if (!paie) {
free_inherited_info(paiv);
return NULL;
@@ -438,7 +438,7 @@ static struct pai_val *load_inherited_info(files_struct *fsp)
if (!lp_map_acl_inherit(SNUM(fsp->conn)))
return NULL;
- if ((pai_buf = malloc(pai_buf_size)) == NULL)
+ if ((pai_buf = SMB_MALLOC(pai_buf_size)) == NULL)
return NULL;
do {
@@ -456,7 +456,10 @@ static struct pai_val *load_inherited_info(files_struct *fsp)
/* Buffer too small - enlarge it. */
pai_buf_size *= 2;
SAFE_FREE(pai_buf);
- if ((pai_buf = malloc(pai_buf_size)) == NULL)
+ if (pai_buf_size > 1024*1024) {
+ return NULL; /* Limit malloc to 1mb. */
+ }
+ if ((pai_buf = SMB_MALLOC(pai_buf_size)) == NULL)
return NULL;
}
} while (ret == -1);
@@ -523,7 +526,7 @@ static void free_canon_ace_list( canon_ace *list_head )
static canon_ace *dup_canon_ace( canon_ace *src_ace)
{
- canon_ace *dst_ace = (canon_ace *)malloc(sizeof(canon_ace));
+ canon_ace *dst_ace = SMB_MALLOC_P(canon_ace);
if (dst_ace == NULL)
return NULL;
@@ -1083,7 +1086,7 @@ static BOOL ensure_canon_entry_valid(canon_ace **pp_ace,
}
if (!got_user) {
- if ((pace = (canon_ace *)malloc(sizeof(canon_ace))) == NULL) {
+ if ((pace = SMB_MALLOC_P(canon_ace)) == NULL) {
DEBUG(0,("ensure_canon_entry_valid: malloc fail.\n"));
return False;
}
@@ -1113,7 +1116,7 @@ static BOOL ensure_canon_entry_valid(canon_ace **pp_ace,
}
if (!got_grp) {
- if ((pace = (canon_ace *)malloc(sizeof(canon_ace))) == NULL) {
+ if ((pace = SMB_MALLOC_P(canon_ace)) == NULL) {
DEBUG(0,("ensure_canon_entry_valid: malloc fail.\n"));
return False;
}
@@ -1139,7 +1142,7 @@ static BOOL ensure_canon_entry_valid(canon_ace **pp_ace,
}
if (!got_other) {
- if ((pace = (canon_ace *)malloc(sizeof(canon_ace))) == NULL) {
+ if ((pace = SMB_MALLOC_P(canon_ace)) == NULL) {
DEBUG(0,("ensure_canon_entry_valid: malloc fail.\n"));
return False;
}
@@ -1323,7 +1326,7 @@ static BOOL create_canon_ace_lists(files_struct *fsp, SMB_STRUCT_STAT *pst,
* Create a cannon_ace entry representing this NT DACL ACE.
*/
- if ((current_ace = (canon_ace *)malloc(sizeof(canon_ace))) == NULL) {
+ if ((current_ace = SMB_MALLOC_P(canon_ace)) == NULL) {
free_canon_ace_list(file_ace);
free_canon_ace_list(dir_ace);
DEBUG(0,("create_canon_ace_lists: malloc fail.\n"));
@@ -2161,7 +2164,7 @@ static canon_ace *canonicalise_acl( files_struct *fsp, SMB_ACL_T posix_acl, SMB_
* Add this entry to the list.
*/
- if ((ace = (canon_ace *)malloc(sizeof(canon_ace))) == NULL)
+ if ((ace = SMB_MALLOC_P(canon_ace)) == NULL)
goto fail;
ZERO_STRUCTP(ace);
@@ -2793,7 +2796,7 @@ size_t get_nt_acl(files_struct *fsp, uint32 security_info, SEC_DESC **ppdesc)
num_dir_acls = count_canon_ace_list(dir_ace);
/* Allocate the ace list. */
- if ((nt_ace_list = (SEC_ACE *)malloc((num_acls + num_profile_acls + num_dir_acls)* sizeof(SEC_ACE))) == NULL) {
+ if ((nt_ace_list = SMB_MALLOC_ARRAY(SEC_ACE, num_acls + num_profile_acls + num_dir_acls)) == NULL) {
DEBUG(0,("get_nt_acl: Unable to malloc space for nt_ace_list.\n"));
goto done;
}
diff --git a/source/smbd/process.c b/source/smbd/process.c
index 5be68d9f0a1..8adc5c2e665 100644
--- a/source/smbd/process.c
+++ b/source/smbd/process.c
@@ -85,8 +85,7 @@ static void free_queued_message(struct pending_message_list *msg)
static BOOL push_queued_message(enum q_type qt, char *buf, int msg_len, struct timeval *ptv, char *private, size_t private_len)
{
struct pending_message_list *tmp_msg;
- struct pending_message_list *msg = (struct pending_message_list *)
- malloc(sizeof(struct pending_message_list));
+ struct pending_message_list *msg = SMB_MALLOC_P(struct pending_message_list);
if(msg == NULL) {
DEBUG(0,("push_message: malloc fail (1)\n"));
@@ -1498,8 +1497,8 @@ void smbd_process(void)
unsigned int num_smbs = 0;
const size_t total_buffer_size = BUFFER_SIZE + LARGE_WRITEX_HDR_SIZE + SAFETY_MARGIN;
- InBuffer = (char *)malloc(total_buffer_size);
- OutBuffer = (char *)malloc(total_buffer_size);
+ InBuffer = (char *)SMB_MALLOC(total_buffer_size);
+ OutBuffer = (char *)SMB_MALLOC(total_buffer_size);
if ((InBuffer == NULL) || (OutBuffer == NULL))
return;
diff --git a/source/smbd/reply.c b/source/smbd/reply.c
index 845f0588670..6135c36580b 100644
--- a/source/smbd/reply.c
+++ b/source/smbd/reply.c
@@ -900,7 +900,7 @@ int reply_search(connection_struct *conn, char *inbuf,char *outbuf, int dum_size
END_PROFILE(SMBsearch);
return ERROR_DOS(ERRDOS,ERRnofids);
}
- dptr_set_wcard(dptr_num, strdup(mask));
+ dptr_set_wcard(dptr_num, SMB_STRDUP(mask));
dptr_set_attr(dptr_num, dirtype);
} else {
dirtype = dptr_attr(dptr_num);
@@ -4884,7 +4884,7 @@ int reply_writebmpx(connection_struct *conn, char *inbuf,char *outbuf, int size,
if(fsp->wbmpx_ptr != NULL)
wbms = fsp->wbmpx_ptr; /* Use an existing struct */
else
- wbms = (write_bmpx_struct *)malloc(sizeof(write_bmpx_struct));
+ wbms = SMB_MALLOC_P(write_bmpx_struct);
if(!wbms) {
DEBUG(0,("Out of memory in reply_readmpx\n"));
END_PROFILE(SMBwriteBmpx);
diff --git a/source/smbd/sec_ctx.c b/source/smbd/sec_ctx.c
index 8a85792ead5..a5411b94a17 100644
--- a/source/smbd/sec_ctx.c
+++ b/source/smbd/sec_ctx.c
@@ -154,7 +154,7 @@ int get_current_groups(gid_t gid, int *p_ngroups, gid_t **p_groups)
goto fail;
}
- if((groups = (gid_t *)malloc(sizeof(gid_t)*(ngroups+1))) == NULL) {
+ if((groups = SMB_MALLOC_ARRAY(gid_t, ngroups+1)) == NULL) {
DEBUG(0,("setup_groups malloc fail !\n"));
goto fail;
}
@@ -260,7 +260,7 @@ BOOL push_sec_ctx(void)
ctx_p->ngroups = sys_getgroups(0, NULL);
if (ctx_p->ngroups != 0) {
- if (!(ctx_p->groups = malloc(ctx_p->ngroups * sizeof(gid_t)))) {
+ if (!(ctx_p->groups = SMB_MALLOC_ARRAY(gid_t, ctx_p->ngroups))) {
DEBUG(0, ("Out of memory in push_sec_ctx()\n"));
delete_nt_token(&ctx_p->token);
return False;
diff --git a/source/smbd/session.c b/source/smbd/session.c
index 91ebaeb830b..9a9a0d90b24 100644
--- a/source/smbd/session.c
+++ b/source/smbd/session.c
@@ -151,7 +151,7 @@ BOOL session_claim(user_struct *vuser)
sessionid.id_str, sessionid.id_num);
}
- vuser->session_keystr = strdup(keystr);
+ vuser->session_keystr = SMB_STRDUP(keystr);
if (!vuser->session_keystr) {
DEBUG(0, ("session_claim: strdup() failed for session_keystr\n"));
return False;
@@ -221,8 +221,8 @@ static int gather_sessioninfo(TDB_CONTEXT *stdb, TDB_DATA kbuf, TDB_DATA dbuf,
const struct sessionid *current = (const struct sessionid *) dbuf.dptr;
sesslist->count += 1;
- sesslist->sessions = REALLOC(sesslist->sessions, sesslist->count *
- sizeof(struct sessionid));
+ sesslist->sessions = SMB_REALLOC_ARRAY(sesslist->sessions, struct sessionid,
+ sesslist->count);
memcpy(&sesslist->sessions[sesslist->count - 1], current,
sizeof(struct sessionid));
diff --git a/source/smbd/statcache.c b/source/smbd/statcache.c
index ba37d4927cc..cfc5286327b 100644
--- a/source/smbd/statcache.c
+++ b/source/smbd/statcache.c
@@ -76,7 +76,7 @@ void stat_cache_add( const char *full_orig_name, const char *orig_translated_pat
* translated path.
*/
- translated_path = strdup(orig_translated_path);
+ translated_path = SMB_STRDUP(orig_translated_path);
if (!translated_path)
return;
@@ -88,7 +88,7 @@ void stat_cache_add( const char *full_orig_name, const char *orig_translated_pat
}
if(case_sensitive) {
- original_path = strdup(full_orig_name);
+ original_path = SMB_STRDUP(full_orig_name);
} else {
original_path = strdup_upper(full_orig_name);
}
@@ -179,7 +179,7 @@ BOOL stat_cache_lookup(connection_struct *conn, pstring name, pstring dirpath,
return False;
if (conn->case_sensitive) {
- chk_name = strdup(name);
+ chk_name = SMB_STRDUP(name);
if (!chk_name) {
DEBUG(0, ("stat_cache_lookup: strdup failed!\n"));
return False;
diff --git a/source/smbd/trans2.c b/source/smbd/trans2.c
index ac282ed95fc..720ede9c767 100644
--- a/source/smbd/trans2.c
+++ b/source/smbd/trans2.c
@@ -115,7 +115,7 @@ static BOOL get_ea_value(TALLOC_CTX *mem_ctx, connection_struct *conn, files_str
again:
- val = talloc_realloc(mem_ctx, val, attr_size);
+ val = TALLOC_REALLOC_ARRAY(mem_ctx, val, char, attr_size);
if (!val) {
return False;
}
@@ -169,8 +169,8 @@ static struct ea_list *get_ea_list(TALLOC_CTX *mem_ctx, connection_struct *conn,
return NULL;
}
- for (i = 0, ea_namelist = talloc(mem_ctx, ea_namelist_size); i < 6;
- ea_namelist = talloc_realloc(mem_ctx, ea_namelist, ea_namelist_size), i++) {
+ for (i = 0, ea_namelist = TALLOC(mem_ctx, ea_namelist_size); i < 6;
+ ea_namelist = TALLOC_REALLOC_ARRAY(mem_ctx, ea_namelist, char, ea_namelist_size), i++) {
if (fsp && fsp->fd != -1) {
sizeret = SMB_VFS_FLISTXATTR(fsp, fsp->fd, ea_namelist, ea_namelist_size);
} else {
@@ -196,7 +196,7 @@ static struct ea_list *get_ea_list(TALLOC_CTX *mem_ctx, connection_struct *conn,
if (strnequal(p, "system.", 7) || samba_private_attr_name(p))
continue;
- listp = talloc(mem_ctx, sizeof(struct ea_list));
+ listp = TALLOC_P(mem_ctx, struct ea_list);
if (!listp)
return NULL;
@@ -671,7 +671,7 @@ static int call_trans2open(connection_struct *conn, char *inbuf, char *outbuf, i
}
/* Realloc the size of parameters and data we will return */
- params = Realloc(*pparams, 28);
+ params = SMB_REALLOC(*pparams, 28);
if( params == NULL )
return(ERROR_DOS(ERRDOS,ERRnomem));
*pparams = params;
@@ -1411,7 +1411,7 @@ close_if_end = %d requires_resume_key = %d level = 0x%x, max_data_bytes = %d\n",
DEBUG(5,("dir=%s, mask = %s\n",directory, mask));
- pdata = Realloc(*ppdata, max_data_bytes + DIR_ENTRY_SAFETY_MARGIN);
+ pdata = SMB_REALLOC(*ppdata, max_data_bytes + DIR_ENTRY_SAFETY_MARGIN);
if( pdata == NULL )
return(ERROR_DOS(ERRDOS,ERRnomem));
@@ -1419,7 +1419,7 @@ close_if_end = %d requires_resume_key = %d level = 0x%x, max_data_bytes = %d\n",
memset((char *)pdata,'\0',max_data_bytes + DIR_ENTRY_SAFETY_MARGIN);
/* Realloc the params space */
- params = Realloc(*pparams, 10);
+ params = SMB_REALLOC(*pparams, 10);
if (params == NULL)
return ERROR_DOS(ERRDOS,ERRnomem);
*pparams = params;
@@ -1431,7 +1431,7 @@ close_if_end = %d requires_resume_key = %d level = 0x%x, max_data_bytes = %d\n",
/* Save the wildcard match and attribs we are using on this directory -
needed as lanman2 assumes these are being saved between calls */
- if(!(wcard = strdup(mask))) {
+ if(!(wcard = SMB_STRDUP(mask))) {
dptr_close(&dptr_num);
return ERROR_DOS(ERRDOS,ERRnomem);
}
@@ -1609,7 +1609,7 @@ resume_key = %d resume name = %s continue=%d level = %d\n",
return ERROR_DOS(ERRDOS,ERRunknownlevel);
}
- pdata = Realloc( *ppdata, max_data_bytes + DIR_ENTRY_SAFETY_MARGIN);
+ pdata = SMB_REALLOC( *ppdata, max_data_bytes + DIR_ENTRY_SAFETY_MARGIN);
if(pdata == NULL)
return ERROR_DOS(ERRDOS,ERRnomem);
@@ -1617,7 +1617,7 @@ resume_key = %d resume name = %s continue=%d level = %d\n",
memset((char *)pdata,'\0',max_data_bytes + DIR_ENTRY_SAFETY_MARGIN);
/* Realloc the params space */
- params = Realloc(*pparams, 6*SIZEOFWORD);
+ params = SMB_REALLOC(*pparams, 6*SIZEOFWORD);
if( params == NULL )
return ERROR_DOS(ERRDOS,ERRnomem);
@@ -1829,7 +1829,7 @@ static int call_trans2qfsinfo(connection_struct *conn, char *inbuf, char *outbuf
return ERROR_DOS(ERRSRV,ERRinvdevice);
}
- pdata = Realloc(*ppdata, max_data_bytes + DIR_ENTRY_SAFETY_MARGIN);
+ pdata = SMB_REALLOC(*ppdata, max_data_bytes + DIR_ENTRY_SAFETY_MARGIN);
if ( pdata == NULL )
return ERROR_DOS(ERRDOS,ERRnomem);
@@ -2395,13 +2395,13 @@ static int call_trans2qfilepathinfo(connection_struct *conn,
if (mode & aDIR)
file_size = 0;
- params = Realloc(*pparams,2);
+ params = SMB_REALLOC(*pparams,2);
if (params == NULL)
return ERROR_DOS(ERRDOS,ERRnomem);
*pparams = params;
memset((char *)params,'\0',2);
data_size = max_data_bytes + DIR_ENTRY_SAFETY_MARGIN;
- pdata = Realloc(*ppdata, data_size);
+ pdata = SMB_REALLOC(*ppdata, data_size);
if ( pdata == NULL )
return ERROR_DOS(ERRDOS,ERRnomem);
*ppdata = pdata;
@@ -3096,7 +3096,7 @@ static int call_trans2setfilepathinfo(connection_struct *conn,
tran_call,fname, fsp ? fsp->fnum : -1, info_level,total_data));
/* Realloc the parameter and data sizes */
- params = Realloc(*pparams,2);
+ params = SMB_REALLOC(*pparams,2);
if(params == NULL)
return ERROR_DOS(ERRDOS,ERRnomem);
*pparams = params;
@@ -3770,7 +3770,7 @@ static int call_trans2mkdir(connection_struct *conn,
}
/* Realloc the parameter and data sizes */
- params = Realloc(*pparams,2);
+ params = SMB_REALLOC(*pparams,2);
if(params == NULL)
return ERROR_DOS(ERRDOS,ERRnomem);
*pparams = params;
@@ -3810,7 +3810,7 @@ static int call_trans2findnotifyfirst(connection_struct *conn,
}
/* Realloc the parameter and data sizes */
- params = Realloc(*pparams,6);
+ params = SMB_REALLOC(*pparams,6);
if(params == NULL)
return ERROR_DOS(ERRDOS,ERRnomem);
*pparams = params;
@@ -3843,7 +3843,7 @@ static int call_trans2findnotifynext(connection_struct *conn,
DEBUG(3,("call_trans2findnotifynext\n"));
/* Realloc the parameter and data sizes */
- params = Realloc(*pparams,4);
+ params = SMB_REALLOC(*pparams,4);
if(params == NULL)
return ERROR_DOS(ERRDOS,ERRnomem);
*pparams = params;
@@ -3910,7 +3910,7 @@ static int call_trans2ioctl(connection_struct *conn, char* inbuf,
if ((SVAL(inbuf,(smb_setup+4)) == LMCAT_SPL) &&
(SVAL(inbuf,(smb_setup+6)) == LMFUNC_GETJOBID)) {
- pdata = Realloc(*ppdata, 32);
+ pdata = SMB_REALLOC(*ppdata, 32);
if(pdata == NULL)
return ERROR_DOS(ERRDOS,ERRnomem);
*ppdata = pdata;
@@ -4061,9 +4061,9 @@ int reply_trans2(connection_struct *conn,
/* Allocate the space for the maximum needed parameters and data */
if (total_params > 0)
- params = (char *)malloc(total_params);
+ params = (char *)SMB_MALLOC(total_params);
if (total_data > 0)
- data = (char *)malloc(total_data);
+ data = (char *)SMB_MALLOC(total_data);
if ((total_params && !params) || (total_data && !data)) {
DEBUG(2,("Out of memory in reply_trans2\n"));
diff --git a/source/smbd/vfs.c b/source/smbd/vfs.c
index 0328558fe88..68a6dca31dd 100644
--- a/source/smbd/vfs.c
+++ b/source/smbd/vfs.c
@@ -185,7 +185,7 @@ NTSTATUS smb_register_vfs(int version, const char *name, vfs_op_tuple *vfs_op_tu
return NT_STATUS_OBJECT_NAME_COLLISION;
}
- entry = smb_xmalloc(sizeof(struct vfs_init_function_entry));
+ entry = SMB_XMALLOC_P(struct vfs_init_function_entry);
entry->name = smb_xstrdup(name);
entry->vfs_op_tuples = vfs_op_tuples;
@@ -258,7 +258,7 @@ BOOL vfs_init_custom(connection_struct *conn, const char *vfs_object)
return False;
}
- handle = (vfs_handle_struct *)talloc_zero(conn->mem_ctx,sizeof(vfs_handle_struct));
+ handle = TALLOC_ZERO_P(conn->mem_ctx,vfs_handle_struct);
if (!handle) {
DEBUG(0,("talloc_zero() failed!\n"));
SAFE_FREE(module_name);
@@ -681,7 +681,7 @@ static void array_promote(char *array,int elsize,int element)
if (element == 0)
return;
- p = (char *)malloc(elsize);
+ p = (char *)SMB_MALLOC(elsize);
if (!p) {
DEBUG(5,("array_promote: malloc fail\n"));
@@ -876,7 +876,7 @@ BOOL reduce_name(connection_struct *conn, const pstring fname)
pstrcat(tmp_fname, last_component);
#ifdef REALPATH_TAKES_NULL
SAFE_FREE(resolved_name);
- resolved_name = strdup(tmp_fname);
+ resolved_name = SMB_STRDUP(tmp_fname);
if (!resolved_name) {
DEBUG(0,("reduce_name: malloc fail for %s\n", tmp_fname));
errno = saved_errno;
generated by cgit (git 2.34.1) at 2024-06-16 22:50:28 +0000