The branch, master has been updated via a00d72b wafsamba: make sure build fails when uninitialized variable is detected via b3a472d lib: Use iov_buflen in smb1cli_req_chain_submit via eaf9fd4 lib: Use iov_buflen in smb1cli_req_writev_submit via c7fe434 lib: Use iov_buflen in smb1cli_req_create via 7bcd7e2 lib: Use iov_buf in smbXcli_iov_concat via 4c00054 libcli: Use iov_buflen in smbXcli_iov_len via cab45cb smbd: Fix a typo via ce9ae13 smb2_server: Use iov_advance via 1c2562e smb2_server: Add range checking to nbt_length via d6f70d3 tsocket: Use iov_advance via 6e94f69 iov_buf: Add an explaining comment via 0a20ffb tsocket: Fix a typo via a610336 lib: Move "iov_buf.[ch]" to lib/util via d5de29b rpc: Use tevent_req_poll_ntstatus from 04a061e ctdb-io: Do not use sys_write to write to client sockets
https://git.samba.org/?p=samba.git;a=shortlog;h=master - Log ----------------------------------------------------------------- commit a00d72bf5db4215fd70e6d396ad3d22e612d5ebc Author: Alexander Bokovoy <a...@samba.org> Date: Tue Feb 24 15:12:39 2015 +0200 wafsamba: make sure build fails when uninitialized variable is detected In developer build, fail if uninitialized variable is found by GCC. Signed-off-by: Alexander Bokovoy <a...@samba.org> Reviewed-by: Andreas Schneider <a...@samba.org> Reviewed-by: Jeremy Allison <j...@samba.org> Autobuild-User(master): Jeremy Allison <j...@samba.org> Autobuild-Date(master): Tue Feb 24 20:21:52 CET 2015 on sn-devel-104 commit b3a472d976f61c9a3839d94d549fa94199404de1 Author: Volker Lendecke <v...@samba.org> Date: Tue Feb 17 20:19:33 2015 +0000 lib: Use iov_buflen in smb1cli_req_chain_submit Signed-off-by: Volker Lendecke <v...@samba.org> Reviewed-by: Jeremy Allison <j...@samba.org> commit eaf9fd4b7ac57ec3ab02991299b69420dbae8ad0 Author: Volker Lendecke <v...@samba.org> Date: Tue Feb 17 20:19:10 2015 +0000 lib: Use iov_buflen in smb1cli_req_writev_submit Signed-off-by: Volker Lendecke <v...@samba.org> Reviewed-by: Jeremy Allison <j...@samba.org> commit c7fe434d48fb52a7db18405004da03e479aec8d4 Author: Volker Lendecke <v...@samba.org> Date: Tue Feb 17 20:18:37 2015 +0000 lib: Use iov_buflen in smb1cli_req_create Signed-off-by: Volker Lendecke <v...@samba.org> Reviewed-by: Jeremy Allison <j...@samba.org> commit 7bcd7e2f5ca4dd88871588239ee7d2285d6e0d83 Author: Volker Lendecke <v...@samba.org> Date: Tue Feb 17 20:17:35 2015 +0000 lib: Use iov_buf in smbXcli_iov_concat Signed-off-by: Volker Lendecke <v...@samba.org> Reviewed-by: Jeremy Allison <j...@samba.org> commit 4c000545c00943993b5d814f14e8112abd19975f Author: Volker Lendecke <v...@samba.org> Date: Tue Feb 17 20:16:45 2015 +0000 libcli: Use iov_buflen in smbXcli_iov_len Signed-off-by: Volker Lendecke <v...@samba.org> Reviewed-by: Jeremy Allison <j...@samba.org> commit cab45cb7654e978ac7ad50a12de35cf2728cb10c Author: Volker Lendecke <v...@samba.org> Date: Mon Feb 16 14:36:28 2015 +0000 smbd: Fix a typo Signed-off-by: Volker Lendecke <v...@samba.org> Reviewed-by: Jeremy Allison <j...@samba.org> commit ce9ae131fe66c82448e2f82dbc0b103aecc851b6 Author: Volker Lendecke <v...@samba.org> Date: Mon Feb 16 14:35:03 2015 +0000 smb2_server: Use iov_advance Signed-off-by: Volker Lendecke <v...@samba.org> Reviewed-by: Jeremy Allison <j...@samba.org> commit 1c2562e691937b6e877189477f18a735210ec5f5 Author: Volker Lendecke <v...@samba.org> Date: Mon Feb 16 14:29:36 2015 +0000 smb2_server: Add range checking to nbt_length Signed-off-by: Volker Lendecke <v...@samba.org> Reviewed-by: Jeremy Allison <j...@samba.org> commit d6f70d334602d374442fa0670c09d80e70641c13 Author: Volker Lendecke <v...@samba.org> Date: Mon Feb 16 13:50:25 2015 +0000 tsocket: Use iov_advance Signed-off-by: Volker Lendecke <v...@samba.org> Reviewed-by: Jeremy Allison <j...@samba.org> commit 6e94f695c4cb8aabc57b5ef00073c2301fec409a Author: Volker Lendecke <v...@samba.org> Date: Mon Feb 16 13:26:29 2015 +0000 iov_buf: Add an explaining comment Signed-off-by: Volker Lendecke <v...@samba.org> Reviewed-by: Jeremy Allison <j...@samba.org> commit 0a20ffb17dcc849834ccde4aa3f751bda31f8824 Author: Volker Lendecke <v...@samba.org> Date: Mon Feb 16 13:24:04 2015 +0000 tsocket: Fix a typo Signed-off-by: Volker Lendecke <v...@samba.org> Reviewed-by: Jeremy Allison <j...@samba.org> commit a610336886259b960317f172d3084de6ecc5a396 Author: Volker Lendecke <v...@samba.org> Date: Sat Feb 14 16:48:54 2015 +0100 lib: Move "iov_buf.[ch]" to lib/util Signed-off-by: Volker Lendecke <v...@samba.org> Reviewed-by: Jeremy Allison <j...@samba.org> commit d5de29b8601a8e0d6afed779aae2da370358e4ca Author: Volker Lendecke <v...@samba.org> Date: Sat Feb 14 16:28:06 2015 +0100 rpc: Use tevent_req_poll_ntstatus Signed-off-by: Volker Lendecke <v...@samba.org> Reviewed-by: Jeremy Allison <j...@samba.org> ----------------------------------------------------------------------- Summary of changes: buildtools/wafsamba/samba_autoconf.py | 2 + lib/async_req/async_sock.c | 2 +- lib/tsocket/tsocket_bsd.c | 69 +++++++------------------- lib/tsocket/wscript_build | 2 +- {source3/lib => lib/util}/iov_buf.c | 4 ++ {source3/lib => lib/util}/iov_buf.h | 0 lib/util/wscript_build | 5 ++ libcli/smb/smbXcli_base.c | 57 ++++++++++++++-------- libcli/smb/wscript | 2 +- librpc/rpc/binding_handle.c | 3 +- source3/lib/messages.c | 2 +- source3/lib/messages_ctdbd.c | 2 +- source3/lib/msghdr.c | 2 +- source3/lib/sys_rw_data.c | 2 +- source3/lib/unix_msg/unix_msg.c | 2 +- source3/smbd/smb2_server.c | 91 ++++++++++++++++++++--------------- source3/smbd/trans2.c | 2 +- source3/wscript_build | 5 -- 18 files changed, 129 insertions(+), 125 deletions(-) rename {source3/lib => lib/util}/iov_buf.c (89%) rename {source3/lib => lib/util}/iov_buf.h (100%) Changeset truncated at 500 lines: diff --git a/buildtools/wafsamba/samba_autoconf.py b/buildtools/wafsamba/samba_autoconf.py index c13bfe7..905adc7 100644 --- a/buildtools/wafsamba/samba_autoconf.py +++ b/buildtools/wafsamba/samba_autoconf.py @@ -677,6 +677,8 @@ def SAMBA_CONFIG_H(conf, path=None): testflags=True) conf.ADD_CFLAGS('-Werror=return-type -Wreturn-type', testflags=True) + conf.ADD_CFLAGS('-Werror=uninitialized -Wuninitialized', + testflags=True) conf.ADD_CFLAGS('-Wformat=2 -Wno-format-y2k', testflags=True) # This check is because for ldb_search(), a NULL format string diff --git a/lib/async_req/async_sock.c b/lib/async_req/async_sock.c index b986e45..ee91b8f 100644 --- a/lib/async_req/async_sock.c +++ b/lib/async_req/async_sock.c @@ -27,7 +27,7 @@ #include <talloc.h> #include <tevent.h> #include "lib/async_req/async_sock.h" -#include "lib/iov_buf.h" +#include "lib/util/iov_buf.h" /* Note: lib/util/ is currently GPL */ #include "lib/util/tevent_unix.h" diff --git a/lib/tsocket/tsocket_bsd.c b/lib/tsocket/tsocket_bsd.c index fe39dfd..79235c6 100644 --- a/lib/tsocket/tsocket_bsd.c +++ b/lib/tsocket/tsocket_bsd.c @@ -26,6 +26,7 @@ #include "system/network.h" #include "tsocket.h" #include "tsocket_internal.h" +#include "lib/util/iov_buf.h" static int tsocket_bsd_error_from_errno(int ret, int sys_errno, @@ -1117,7 +1118,7 @@ static void tdgram_bsd_sendto_handler(void *private_data) sizeof(bufsize)); if (ret == 0) { /* - * We do the rety here, rather then via the + * We do the retry here, rather then via the * handler, as we only want to retry once for * this condition, so if there is a mismatch * between what setsockopt() accepts and what can @@ -1747,7 +1748,8 @@ static void tstream_bsd_readv_handler(void *private_data) struct tstream_bsd *bsds = tstream_context_data(stream, struct tstream_bsd); int ret; int err; - bool retry; + int _count; + bool ok, retry; ret = readv(bsds->fd, state->vector, state->count); if (ret == 0) { @@ -1766,31 +1768,13 @@ static void tstream_bsd_readv_handler(void *private_data) state->ret += ret; - while (ret > 0) { - if (ret < state->vector[0].iov_len) { - uint8_t *base; - base = (uint8_t *)state->vector[0].iov_base; - base += ret; - state->vector[0].iov_base = (void *)base; - state->vector[0].iov_len -= ret; - break; - } - ret -= state->vector[0].iov_len; - state->vector += 1; - state->count -= 1; - } + _count = state->count; /* tstream has size_t count, readv has int */ + ok = iov_advance(&state->vector, &_count, ret); + state->count = _count; - /* - * there're maybe some empty vectors at the end - * which we need to skip, otherwise we would get - * ret == 0 from the readv() call and return EPIPE - */ - while (state->count > 0) { - if (state->vector[0].iov_len > 0) { - break; - } - state->vector += 1; - state->count -= 1; + if (!ok) { + tevent_req_error(req, EINVAL); + return; } if (state->count > 0) { @@ -1907,7 +1891,8 @@ static void tstream_bsd_writev_handler(void *private_data) struct tstream_bsd *bsds = tstream_context_data(stream, struct tstream_bsd); ssize_t ret; int err; - bool retry; + int _count; + bool ok, retry; ret = writev(bsds->fd, state->vector, state->count); if (ret == 0) { @@ -1926,31 +1911,13 @@ static void tstream_bsd_writev_handler(void *private_data) state->ret += ret; - while (ret > 0) { - if (ret < state->vector[0].iov_len) { - uint8_t *base; - base = (uint8_t *)state->vector[0].iov_base; - base += ret; - state->vector[0].iov_base = (void *)base; - state->vector[0].iov_len -= ret; - break; - } - ret -= state->vector[0].iov_len; - state->vector += 1; - state->count -= 1; - } + _count = state->count; /* tstream has size_t count, writev has int */ + ok = iov_advance(&state->vector, &_count, ret); + state->count = _count; - /* - * there're maybe some empty vectors at the end - * which we need to skip, otherwise we would get - * ret == 0 from the writev() call and return EPIPE - */ - while (state->count > 0) { - if (state->vector[0].iov_len > 0) { - break; - } - state->vector += 1; - state->count -= 1; + if (!ok) { + tevent_req_error(req, EINVAL); + return; } if (state->count > 0) { diff --git a/lib/tsocket/wscript_build b/lib/tsocket/wscript_build index 5fa05f8..31ef14e 100644 --- a/lib/tsocket/wscript_build +++ b/lib/tsocket/wscript_build @@ -3,7 +3,7 @@ bld.SAMBA_SUBSYSTEM('LIBTSOCKET', source='tsocket.c tsocket_helpers.c tsocket_bsd.c', - public_deps='talloc tevent', + public_deps='talloc tevent iov_buf', public_headers='tsocket.h tsocket_internal.h', ) diff --git a/source3/lib/iov_buf.c b/lib/util/iov_buf.c similarity index 89% rename from source3/lib/iov_buf.c rename to lib/util/iov_buf.c index 82a4af5..d260b2f 100644 --- a/source3/lib/iov_buf.c +++ b/lib/util/iov_buf.c @@ -75,6 +75,10 @@ bool iov_advance(struct iovec **iov, int *iovcnt, size_t n) /* * Skip 0-length iovec's + * + * There might be empty buffers at the end of iov. Next time we do a + * readv/writev based on this iov would give 0 transferred bytes, also + * known as EPIPE. So we need to be careful discarding them. */ while ((cnt > 0) && (v->iov_len == 0)) { diff --git a/source3/lib/iov_buf.h b/lib/util/iov_buf.h similarity index 100% rename from source3/lib/iov_buf.h rename to lib/util/iov_buf.h diff --git a/lib/util/wscript_build b/lib/util/wscript_build index 3121e1f..2588742 100755 --- a/lib/util/wscript_build +++ b/lib/util/wscript_build @@ -36,6 +36,11 @@ bld.SAMBA_LIBRARY('socket-blocking', local_include=False, private_library=True) +bld.SAMBA_LIBRARY('iov_buf', + source='iov_buf.c', + local_include=False, + private_library=True) + bld.SAMBA_SUBSYSTEM('samba-util-core', source='''xfile.c data_blob.c util_file.c time.c signal.c util.c idtree.c fault.c diff --git a/libcli/smb/smbXcli_base.c b/libcli/smb/smbXcli_base.c index 8aa6020..2b34980 100644 --- a/libcli/smb/smbXcli_base.c +++ b/libcli/smb/smbXcli_base.c @@ -25,6 +25,7 @@ #include "../lib/util/tevent_unix.h" #include "lib/util/util_net.h" #include "lib/util/dlinklist.h" +#include "lib/util/iov_buf.h" #include "../libcli/smb/smb_common.h" #include "../libcli/smb/smb_seal.h" #include "../libcli/smb/smb_signing.h" @@ -1115,32 +1116,31 @@ void smb1cli_req_set_seqnum(struct tevent_req *req, uint32_t seqnum) static size_t smbXcli_iov_len(const struct iovec *iov, int count) { - size_t result = 0; - int i; - for (i=0; i<count; i++) { - result += iov[i].iov_len; - } - return result; + ssize_t ret = iov_buflen(iov, count); + + /* Ignore the overflow case for now ... */ + return ret; } static uint8_t *smbXcli_iov_concat(TALLOC_CTX *mem_ctx, const struct iovec *iov, int count) { - size_t len = smbXcli_iov_len(iov, count); - size_t copied; + ssize_t buflen; uint8_t *buf; - int i; - buf = talloc_array(mem_ctx, uint8_t, len); - if (buf == NULL) { + buflen = iov_buflen(iov, count); + if (buflen == -1) { return NULL; } - copied = 0; - for (i=0; i<count; i++) { - memcpy(buf+copied, iov[i].iov_base, iov[i].iov_len); - copied += iov[i].iov_len; + + buf = talloc_array(mem_ctx, uint8_t, buflen); + if (buf == NULL) { + return NULL; } + + iov_buf(iov, count, buf, buflen); + return buf; } @@ -1266,6 +1266,7 @@ struct tevent_req *smb1cli_req_create(TALLOC_CTX *mem_ctx, uint16_t flags2 = 0; uint16_t uid = 0; uint16_t tid = 0; + ssize_t num_bytes; if (iov_count > MAX_SMB_IOV) { /* @@ -1337,7 +1338,17 @@ struct tevent_req *smb1cli_req_create(TALLOC_CTX *mem_ctx, state->smb1.vwv = vwv; - SSVAL(state->smb1.bytecount_buf, 0, smbXcli_iov_len(bytes_iov, iov_count)); + num_bytes = iov_buflen(bytes_iov, iov_count); + if (num_bytes == -1) { + /* + * I'd love to add a check for num_bytes<=UINT16_MAX here, but + * the smbclient->samba connections can lie and transfer more. + */ + TALLOC_FREE(req); + return NULL; + } + + SSVAL(state->smb1.bytecount_buf, 0, num_bytes); state->smb1.iov[0].iov_base = (void *)state->length_hdr; state->smb1.iov[0].iov_len = sizeof(state->length_hdr); @@ -1444,6 +1455,7 @@ static NTSTATUS smb1cli_req_writev_submit(struct tevent_req *req, NTSTATUS status; uint8_t cmd; uint16_t mid; + ssize_t nbtlen; if (!smbXcli_conn_is_connected(state->conn)) { return NT_STATUS_CONNECTION_DISCONNECTED; @@ -1484,7 +1496,12 @@ static NTSTATUS smb1cli_req_writev_submit(struct tevent_req *req, } SSVAL(iov[1].iov_base, HDR_MID, mid); - _smb_setlen_nbt(iov[0].iov_base, smbXcli_iov_len(&iov[1], iov_count-1)); + nbtlen = iov_buflen(&iov[1], iov_count-1); + if ((nbtlen == -1) || (nbtlen > 0x1FFFF)) { + return NT_STATUS_INVALID_PARAMETER_MIX; + } + + _smb_setlen_nbt(iov[0].iov_base, nbtlen); status = smb1cli_conn_signv(state->conn, iov, iov_count, &state->smb1.seqnum, @@ -2350,7 +2367,7 @@ NTSTATUS smb1cli_req_chain_submit(struct tevent_req **reqs, int num_reqs) struct iovec *iov = NULL; struct iovec *this_iov; NTSTATUS status; - size_t nbt_len; + ssize_t nbt_len; if (num_reqs == 1) { return smb1cli_req_writev_submit(reqs[0], first_state, @@ -2472,8 +2489,8 @@ NTSTATUS smb1cli_req_chain_submit(struct tevent_req **reqs, int num_reqs) chain_padding = next_padding; } - nbt_len = smbXcli_iov_len(&iov[1], iovlen-1); - if (nbt_len > first_state->conn->smb1.max_xmit) { + nbt_len = iov_buflen(&iov[1], iovlen-1); + if ((nbt_len == -1) || (nbt_len > first_state->conn->smb1.max_xmit)) { TALLOC_FREE(iov); TALLOC_FREE(first_state->smb1.chained_requests); return NT_STATUS_INVALID_PARAMETER_MIX; diff --git a/libcli/smb/wscript b/libcli/smb/wscript index 48fa2b4..dad9821 100755 --- a/libcli/smb/wscript +++ b/libcli/smb/wscript @@ -46,7 +46,7 @@ def build(bld): LIBCRYPTO NDR_SMB2_LEASE_STRUCT errors gensec krb5samba smb_transport ''', - public_deps='talloc samba-util', + public_deps='talloc samba-util iov_buf', private_library=True, public_headers=''' smb_common.h smb2_constants.h smb_constants.h diff --git a/librpc/rpc/binding_handle.c b/librpc/rpc/binding_handle.c index ef2b7bd..5a94144 100644 --- a/librpc/rpc/binding_handle.c +++ b/librpc/rpc/binding_handle.c @@ -250,8 +250,7 @@ NTSTATUS dcerpc_binding_handle_raw_call(struct dcerpc_binding_handle *h, return NT_STATUS_NO_MEMORY; } - if (!tevent_req_poll(subreq, ev)) { - status = map_nt_error_from_unix_common(errno); + if (!tevent_req_poll_ntstatus(subreq, ev, &status)) { talloc_free(frame); return status; } diff --git a/source3/lib/messages.c b/source3/lib/messages.c index 7df7cdb..aa67640 100644 --- a/source3/lib/messages.c +++ b/source3/lib/messages.c @@ -52,7 +52,7 @@ #include "lib/util/tevent_unix.h" #include "lib/background.h" #include "lib/messages_dgm.h" -#include "lib/iov_buf.h" +#include "lib/util/iov_buf.h" #include "lib/util/server_id_db.h" #include "lib/messages_dgm_ref.h" #include "lib/messages_util.h" diff --git a/source3/lib/messages_ctdbd.c b/source3/lib/messages_ctdbd.c index dbca103..1268bd4 100644 --- a/source3/lib/messages_ctdbd.c +++ b/source3/lib/messages_ctdbd.c @@ -20,7 +20,7 @@ #include "includes.h" #include "messages.h" #include "util_tdb.h" -#include "lib/iov_buf.h" +#include "lib/util/iov_buf.h" /* * It is not possible to include ctdb.h and tdb_compat.h (included via diff --git a/source3/lib/msghdr.c b/source3/lib/msghdr.c index 82f7ca7..5d771e8 100644 --- a/source3/lib/msghdr.c +++ b/source3/lib/msghdr.c @@ -18,7 +18,7 @@ #include "replace.h" #include "lib/msghdr.h" -#include "lib/iov_buf.h" +#include "lib/util/iov_buf.h" #include <sys/socket.h> ssize_t msghdr_prep_fds(struct msghdr *msg, uint8_t *buf, size_t bufsize, diff --git a/source3/lib/sys_rw_data.c b/source3/lib/sys_rw_data.c index 7198783..e3f934d 100644 --- a/source3/lib/sys_rw_data.c +++ b/source3/lib/sys_rw_data.c @@ -24,7 +24,7 @@ #include "system/filesys.h" #include "lib/sys_rw_data.h" #include "lib/sys_rw.h" -#include "lib/iov_buf.h" +#include "lib/util/iov_buf.h" /**************************************************************************** Write all data from an iov array diff --git a/source3/lib/unix_msg/unix_msg.c b/source3/lib/unix_msg/unix_msg.c index 6714f0d..f242249 100644 --- a/source3/lib/unix_msg/unix_msg.c +++ b/source3/lib/unix_msg/unix_msg.c @@ -23,7 +23,7 @@ #include "system/network.h" #include "dlinklist.h" #include "pthreadpool/pthreadpool.h" -#include "lib/iov_buf.h" +#include "lib/util/iov_buf.h" #include "lib/msghdr.h" #include <fcntl.h> diff --git a/source3/smbd/smb2_server.c b/source3/smbd/smb2_server.c index 25d11b1..432b866 100644 --- a/source3/smbd/smb2_server.c +++ b/source3/smbd/smb2_server.c @@ -28,7 +28,7 @@ #include "smbprofile.h" #include "../lib/util/bitmap.h" #include "../librpc/gen_ndr/krb5pac.h" -#include "lib/iov_buf.h" +#include "lib/util/iov_buf.h" #include "auth.h" static void smbd_smb2_connection_handler(struct tevent_context *ev, @@ -237,16 +237,22 @@ static NTSTATUS smbd_initialize_smb2(struct smbXsrv_connection *xconn) buf[3] = (len)&0xFF; \ } while (0) -static void smb2_setup_nbt_length(struct iovec *vector, int count) +static bool smb2_setup_nbt_length(struct iovec *vector, int count) { - size_t len = 0; - int i; + ssize_t len; - for (i=1; i < count; i++) { - len += vector[i].iov_len; + if (count == 0) { + return false; + } + + len = iov_buflen(vector+1, count-1); + + if ((len == -1) || (len > 0xFFFFFF)) { + return false; } _smb2_setlen(vector[0].iov_base, len); + return true; } static int smbd_smb2_request_destructor(struct smbd_smb2_request *req) @@ -944,6 +950,7 @@ static NTSTATUS smbd_smb2_request_setup_out(struct smbd_smb2_request *req) struct iovec *vector; int count; int idx; + bool ok; count = req->in.vector_count; if (count <= ARRAY_SIZE(req->out._vector)) { @@ -1035,7 +1042,10 @@ static NTSTATUS smbd_smb2_request_setup_out(struct smbd_smb2_request *req) req->out.vector_count = count; /* setup the length of the NBT packet */ - smb2_setup_nbt_length(req->out.vector, req->out.vector_count); + ok = smb2_setup_nbt_length(req->out.vector, req->out.vector_count); + if (!ok) { + return NT_STATUS_INVALID_PARAMETER_MIX; + } DLIST_ADD_END(xconn->smb2.requests, req, struct smbd_smb2_request *); @@ -1156,6 +1166,7 @@ static struct smbd_smb2_request *dup_smb2_req(const struct smbd_smb2_request *re struct iovec *outvec = NULL; int count = req->out.vector_count; int i; + bool ok; newreq = smbd_smb2_request_allocate(req->xconn); if (!newreq) { @@ -1195,8 +1206,12 @@ static struct smbd_smb2_request *dup_smb2_req(const struct smbd_smb2_request *re return NULL; } - smb2_setup_nbt_length(newreq->out.vector, - newreq->out.vector_count); + ok = smb2_setup_nbt_length(newreq->out.vector, + newreq->out.vector_count); + if (!ok) { + TALLOC_FREE(newreq); + return NULL; + } return newreq; } @@ -1210,6 +1225,7 @@ static NTSTATUS smb2_send_async_interim_response(const struct smbd_smb2_request uint8_t *outhdr = NULL; -- Samba Shared Repository