Author: jra Date: 2007-09-27 22:55:11 +0000 (Thu, 27 Sep 2007) New Revision: 25389
WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=25389 Log: Fix crash bug using DFS info struct uninitialized. Jeremy. Modified: branches/SAMBA_3_2/source/rpc_server/srv_dfs_nt.c branches/SAMBA_3_2_0/source/rpc_server/srv_dfs_nt.c Changeset: Modified: branches/SAMBA_3_2/source/rpc_server/srv_dfs_nt.c =================================================================== --- branches/SAMBA_3_2/source/rpc_server/srv_dfs_nt.c 2007-09-27 22:54:40 UTC (rev 25388) +++ branches/SAMBA_3_2/source/rpc_server/srv_dfs_nt.c 2007-09-27 22:55:11 UTC (rev 25389) @@ -379,10 +379,34 @@ vfs_ChDir(p->conn,p->conn->connectpath); switch (r->in.level) { - case 1: ret = init_reply_dfs_info_1(ctx, jn, r->out.info->info1); break; - case 2: ret = init_reply_dfs_info_2(ctx, jn, r->out.info->info2); break; - case 3: ret = init_reply_dfs_info_3(ctx, jn, r->out.info->info3); break; - case 100: ret = init_reply_dfs_info_100(ctx, jn, r->out.info->info100); break; + case 1: + r->out.info->info1 = TALLOC_ZERO_P(ctx,struct dfs_Info1); + if (!r->out.info->info1) { + return WERR_NOMEM; + } + ret = init_reply_dfs_info_1(ctx, jn, r->out.info->info1); + break; + case 2: + r->out.info->info2 = TALLOC_ZERO_P(ctx,struct dfs_Info2); + if (!r->out.info->info2) { + return WERR_NOMEM; + } + ret = init_reply_dfs_info_2(ctx, jn, r->out.info->info2); + break; + case 3: + r->out.info->info3 = TALLOC_ZERO_P(ctx,struct dfs_Info3); + if (!r->out.info->info3) { + return WERR_NOMEM; + } + ret = init_reply_dfs_info_3(ctx, jn, r->out.info->info3); + break; + case 100: + r->out.info->info100 = TALLOC_ZERO_P(ctx,struct dfs_Info100); + if (!r->out.info->info100) { + return WERR_NOMEM; + } + ret = init_reply_dfs_info_100(ctx, jn, r->out.info->info100); + break; default: r->out.info->info1 = NULL; return WERR_INVALID_PARAM; Modified: branches/SAMBA_3_2_0/source/rpc_server/srv_dfs_nt.c =================================================================== --- branches/SAMBA_3_2_0/source/rpc_server/srv_dfs_nt.c 2007-09-27 22:54:40 UTC (rev 25388) +++ branches/SAMBA_3_2_0/source/rpc_server/srv_dfs_nt.c 2007-09-27 22:55:11 UTC (rev 25389) @@ -379,10 +379,34 @@ vfs_ChDir(p->conn,p->conn->connectpath); switch (r->in.level) { - case 1: ret = init_reply_dfs_info_1(ctx, jn, r->out.info->info1); break; - case 2: ret = init_reply_dfs_info_2(ctx, jn, r->out.info->info2); break; - case 3: ret = init_reply_dfs_info_3(ctx, jn, r->out.info->info3); break; - case 100: ret = init_reply_dfs_info_100(ctx, jn, r->out.info->info100); break; + case 1: + r->out.info->info1 = TALLOC_ZERO_P(ctx,struct dfs_Info1); + if (!r->out.info->info1) { + return WERR_NOMEM; + } + ret = init_reply_dfs_info_1(ctx, jn, r->out.info->info1); + break; + case 2: + r->out.info->info2 = TALLOC_ZERO_P(ctx,struct dfs_Info2); + if (!r->out.info->info2) { + return WERR_NOMEM; + } + ret = init_reply_dfs_info_2(ctx, jn, r->out.info->info2); + break; + case 3: + r->out.info->info3 = TALLOC_ZERO_P(ctx,struct dfs_Info3); + if (!r->out.info->info3) { + return WERR_NOMEM; + } + ret = init_reply_dfs_info_3(ctx, jn, r->out.info->info3); + break; + case 100: + r->out.info->info100 = TALLOC_ZERO_P(ctx,struct dfs_Info100); + if (!r->out.info->info100) { + return WERR_NOMEM; + } + ret = init_reply_dfs_info_100(ctx, jn, r->out.info->info100); + break; default: r->out.info->info1 = NULL; return WERR_INVALID_PARAM;
