where we don't correctly check the return from memdup.
Jeremy.
if (total_probed > 0) {
probed_ifaces = memdup(ifaces, sizeof(ifaces[0])*total_probed);
+ if (!probed_ifaces) {
+ DEBUG(0,("ERROR: memdup failed\n"));
+ exit(1);
+ }
}
/* if we don't have a interfaces line then use all broadcast capable
}
*poutdata = memdup(rdata, data_len);
+ if (!*poutdata) {
+ SAFE_FREE(rdata);
+ SAFE_FREE(rparam);
+ return False;
+ }
+
*poutlen = data_len;
SAFE_FREE(rdata);
/* save a copy of the key */
ptr->key.dptr = memdup( key.dptr, key.dsize );
+ if (!ptr->key.dptr) {
+ DEBUG(0,("tdbsam_traverse_setpwent: memdup failed\n"));
+ /* just return 0 and let the traversal continue */
+ return 0;
+ }
+
ptr->key.dsize = key.dsize;
DLIST_ADD( tdbsam_pwent_list, ptr );
int get_builtin_ntforms(nt_forms_struct **list)
{
*list = (nt_forms_struct *)memdup(&default_forms[0], sizeof(default_forms));
+ if (!*list) {
+ return 0;
+ }
return sizeof(default_forms) / sizeof(default_forms[0]);
}
fstrcpy(info.dependentfiles[0], "");
*info_ptr = memdup(&info, sizeof(info));
+ if (!*info_ptr) {
+ SAFE_FREE(info.dependentfiles);
+ return WERR_NOMEM;
+ }
return WERR_OK;
}
}
*info_ptr = (NT_PRINTER_DRIVER_INFO_LEVEL_3 *)memdup(&driver, sizeof(driver));
+ if (!*info_ptr) {
+ SAFE_FREE(driver.dependentfiles);
+ return WERR_NOMEM;
+ }
return WERR_OK;
}
}
*nt_devmode = (NT_DEVICEMODE *)memdup(&devmode, sizeof(devmode));
+ if (!*nt_devmode) {
+ SAFE_FREE(devmode.nt_dev_private);
+ return -1;
+ }
DEBUG(8,("Unpacked devicemode [%s](%s)\n", devmode.devicename, devmode.formname));
if (devmode.nt_dev_private)
if (p->pipe_user.ut.ngroups) {
if (!(p->pipe_user.ut.groups = memdup(a->server_info->groups,
sizeof(gid_t) * p->pipe_user.ut.ngroups))) {
- DEBUG(0,("failed to memdup group list to p->pipe_user.groups\n"));
+ DEBUG(0,("pipe_ntlmssp_verify_final: failed to memdup group list to p->pipe_user.groups\n"));
+ data_blob_free(&p->session_key);
return False;
}
}
if (a->server_info->ptok) {
p->pipe_user.nt_user_token =
dup_nt_token(NULL, a->server_info->ptok);
+ if (!p->pipe_user.nt_user_token) {
+ DEBUG(1,("pipe_ntlmssp_verify_final: dup_nt_token failed.\n"));
+ data_blob_free(&p->session_key);
+ SAFE_FREE(p->pipe_user.ut.groups);
+ return False;
+ }
+
} else {
- DEBUG(1,("Error: Authmodule failed to provide nt_user_token\n"));
- p->pipe_user.nt_user_token = NULL;
+ DEBUG(1,("pipe_ntlmssp_verify_final: Error: Authmodule failed to provide nt_user_token\n"));
+ data_blob_free(&p->session_key);
+ SAFE_FREE(p->pipe_user.ut.groups);
return False;
}
ctx_p->ut.ngroups = ngroups;
SAFE_FREE(ctx_p->ut.groups);
- if (token && (token == ctx_p->token))
+ if (token && (token == ctx_p->token)) {
smb_panic("DUPLICATE_TOKEN");
+ }
TALLOC_FREE(ctx_p->token);
- ctx_p->ut.groups = memdup(groups, sizeof(gid_t) * ngroups);
- ctx_p->token = dup_nt_token(NULL, token);
+ if (ngroups) {
+ ctx_p->ut.groups = memdup(groups, sizeof(gid_t) * ngroups);
+ if (!ctx_p->ut.groups) {
+ smb_panic("memdup failed");
+ }
+ } else {
+ ctx_p->ut.groups = NULL;
+ }
+
+ if (token) {
+ ctx_p->token = dup_nt_token(NULL, token);
+ if (!ctx_p->token) {
+ smb_panic("dup_nt_token failed");
+ }
+ } else {
+ ctx_p->token = NULL;
+ }
become_id(uid, gid);