Author: jra Date: 2006-06-28 00:50:14 +0000 (Wed, 28 Jun 2006) New Revision: 16582
WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=16582 Log: Fix Klocwork #1997 and all generic class of problems where we don't correctly check the return from memdup. Jeremy. Modified: branches/SAMBA_3_0/source/lib/interface.c branches/SAMBA_3_0/source/libsmb/clirap.c branches/SAMBA_3_0/source/passdb/pdb_tdb.c branches/SAMBA_3_0/source/printing/nt_printing.c branches/SAMBA_3_0/source/rpc_server/srv_pipe.c branches/SAMBA_3_0/source/smbd/sec_ctx.c Changeset: Modified: branches/SAMBA_3_0/source/lib/interface.c =================================================================== --- branches/SAMBA_3_0/source/lib/interface.c 2006-06-28 00:07:53 UTC (rev 16581) +++ branches/SAMBA_3_0/source/lib/interface.c 2006-06-28 00:50:14 UTC (rev 16582) @@ -188,6 +188,10 @@ if (total_probed > 0) { probed_ifaces = memdup(ifaces, sizeof(ifaces[0])*total_probed); + if (!probed_ifaces) { + DEBUG(0,("ERROR: memdup failed\n")); + exit(1); + } } /* if we don't have a interfaces line then use all broadcast capable Modified: branches/SAMBA_3_0/source/libsmb/clirap.c =================================================================== --- branches/SAMBA_3_0/source/libsmb/clirap.c 2006-06-28 00:07:53 UTC (rev 16581) +++ branches/SAMBA_3_0/source/libsmb/clirap.c 2006-06-28 00:50:14 UTC (rev 16582) @@ -848,6 +848,12 @@ } *poutdata = memdup(rdata, data_len); + if (!*poutdata) { + SAFE_FREE(rdata); + SAFE_FREE(rparam); + return False; + } + *poutlen = data_len; SAFE_FREE(rdata); Modified: branches/SAMBA_3_0/source/passdb/pdb_tdb.c =================================================================== --- branches/SAMBA_3_0/source/passdb/pdb_tdb.c 2006-06-28 00:07:53 UTC (rev 16581) +++ branches/SAMBA_3_0/source/passdb/pdb_tdb.c 2006-06-28 00:50:14 UTC (rev 16582) @@ -902,6 +902,12 @@ /* save a copy of the key */ ptr->key.dptr = memdup( key.dptr, key.dsize ); + if (!ptr->key.dptr) { + DEBUG(0,("tdbsam_traverse_setpwent: memdup failed\n")); + /* just return 0 and let the traversal continue */ + return 0; + } + ptr->key.dsize = key.dsize; DLIST_ADD( tdbsam_pwent_list, ptr ); Modified: branches/SAMBA_3_0/source/printing/nt_printing.c =================================================================== --- branches/SAMBA_3_0/source/printing/nt_printing.c 2006-06-28 00:07:53 UTC (rev 16581) +++ branches/SAMBA_3_0/source/printing/nt_printing.c 2006-06-28 00:50:14 UTC (rev 16582) @@ -738,6 +738,9 @@ int get_builtin_ntforms(nt_forms_struct **list) { *list = (nt_forms_struct *)memdup(&default_forms[0], sizeof(default_forms)); + if (!*list) { + return 0; + } return sizeof(default_forms) / sizeof(default_forms[0]); } @@ -2078,6 +2081,10 @@ fstrcpy(info.dependentfiles[0], ""); *info_ptr = memdup(&info, sizeof(info)); + if (!*info_ptr) { + SAFE_FREE(info.dependentfiles); + return WERR_NOMEM; + } return WERR_OK; } @@ -2152,6 +2159,10 @@ } *info_ptr = (NT_PRINTER_DRIVER_INFO_LEVEL_3 *)memdup(&driver, sizeof(driver)); + if (!*info_ptr) { + SAFE_FREE(driver.dependentfiles); + return WERR_NOMEM; + } return WERR_OK; } @@ -2652,6 +2663,10 @@ } *nt_devmode = (NT_DEVICEMODE *)memdup(&devmode, sizeof(devmode)); + if (!*nt_devmode) { + SAFE_FREE(devmode.nt_dev_private); + return -1; + } DEBUG(8,("Unpacked devicemode [%s](%s)\n", devmode.devicename, devmode.formname)); if (devmode.nt_dev_private) Modified: branches/SAMBA_3_0/source/rpc_server/srv_pipe.c =================================================================== --- branches/SAMBA_3_0/source/rpc_server/srv_pipe.c 2006-06-28 00:07:53 UTC (rev 16581) +++ branches/SAMBA_3_0/source/rpc_server/srv_pipe.c 2006-06-28 00:50:14 UTC (rev 16582) @@ -679,7 +679,8 @@ if (p->pipe_user.ut.ngroups) { if (!(p->pipe_user.ut.groups = memdup(a->server_info->groups, sizeof(gid_t) * p->pipe_user.ut.ngroups))) { - DEBUG(0,("failed to memdup group list to p->pipe_user.groups\n")); + DEBUG(0,("pipe_ntlmssp_verify_final: failed to memdup group list to p->pipe_user.groups\n")); + data_blob_free(&p->session_key); return False; } } @@ -687,9 +688,17 @@ if (a->server_info->ptok) { p->pipe_user.nt_user_token = dup_nt_token(NULL, a->server_info->ptok); + if (!p->pipe_user.nt_user_token) { + DEBUG(1,("pipe_ntlmssp_verify_final: dup_nt_token failed.\n")); + data_blob_free(&p->session_key); + SAFE_FREE(p->pipe_user.ut.groups); + return False; + } + } else { - DEBUG(1,("Error: Authmodule failed to provide nt_user_token\n")); - p->pipe_user.nt_user_token = NULL; + DEBUG(1,("pipe_ntlmssp_verify_final: Error: Authmodule failed to provide nt_user_token\n")); + data_blob_free(&p->session_key); + SAFE_FREE(p->pipe_user.ut.groups); return False; } Modified: branches/SAMBA_3_0/source/smbd/sec_ctx.c =================================================================== --- branches/SAMBA_3_0/source/smbd/sec_ctx.c 2006-06-28 00:07:53 UTC (rev 16581) +++ branches/SAMBA_3_0/source/smbd/sec_ctx.c 2006-06-28 00:50:14 UTC (rev 16582) @@ -252,14 +252,30 @@ ctx_p->ut.ngroups = ngroups; SAFE_FREE(ctx_p->ut.groups); - if (token && (token == ctx_p->token)) + if (token && (token == ctx_p->token)) { smb_panic("DUPLICATE_TOKEN"); + } TALLOC_FREE(ctx_p->token); - ctx_p->ut.groups = memdup(groups, sizeof(gid_t) * ngroups); - ctx_p->token = dup_nt_token(NULL, token); + if (ngroups) { + ctx_p->ut.groups = memdup(groups, sizeof(gid_t) * ngroups); + if (!ctx_p->ut.groups) { + smb_panic("memdup failed"); + } + } else { + ctx_p->ut.groups = NULL; + } + if (token) { + ctx_p->token = dup_nt_token(NULL, token); + if (!ctx_p->token) { + smb_panic("dup_nt_token failed"); + } + } else { + ctx_p->token = NULL; + } + become_id(uid, gid); ctx_p->ut.uid = uid;