r16582: Fix Klocwork #1997 and all generic class of problems

author Jeremy Allison <jra@samba.org>

Wed, 28 Jun 2006 00:50:14 +0000 (00:50 +0000)

committer Gerald (Jerry) Carter <jerry@samba.org>

Wed, 10 Oct 2007 16:19:01 +0000 (11:19 -0500)
author Jeremy Allison <jra@samba.org>
Wed, 28 Jun 2006 00:50:14 +0000 (00:50 +0000)
committer Gerald (Jerry) Carter <jerry@samba.org>
Wed, 10 Oct 2007 16:19:01 +0000 (11:19 -0500)
diff --git a/source/lib/interface.c b/source/lib/interface.c

index 2bd7d6ddbe066ef423b7ca4b843f03a7e9f9e6d1..dea01c60111c2966842333f5126645292bbdf58d 100644 (file)
--- a/source/lib/interface.c
+++ b/source/lib/interface.c
@@ -188,6 +188,10 @@ void load_interfaces(void)
  
         if (total_probed > 0) {
                 probed_ifaces = memdup(ifaces, sizeof(ifaces[0])*total_probed);
+               if (!probed_ifaces) {
+                       DEBUG(0,("ERROR: memdup failed\n"));
+                       exit(1);
+               }
         }
  
         /* if we don't have a interfaces line then use all broadcast capable 
diff --git a/source/libsmb/clirap.c b/source/libsmb/clirap.c

index 58fa9c8dfff15b24dc018e34ce8ea3667b4da311..26f22f213142ec1a0c03303bd0da310f19534880 100644 (file)
--- a/source/libsmb/clirap.c
+++ b/source/libsmb/clirap.c
@@ -848,6 +848,12 @@ BOOL cli_qfileinfo_test(struct cli_state *cli, int fnum, int level, char **poutd
         }
  
         *poutdata = memdup(rdata, data_len);
+       if (!*poutdata) {
+               SAFE_FREE(rdata);
+               SAFE_FREE(rparam);
+               return False;
+       }
+
         *poutlen = data_len;
  
         SAFE_FREE(rdata);
diff --git a/source/passdb/pdb_tdb.c b/source/passdb/pdb_tdb.c

index 0dc46bec2d0d626093ed0e6e0497463d64b63cc9..94be32162c5902cd42967c136208246a7d83ca1d 100644 (file)
--- a/source/passdb/pdb_tdb.c
+++ b/source/passdb/pdb_tdb.c
@@ -902,6 +902,12 @@ static int tdbsam_traverse_setpwent(TDB_CONTEXT *t, TDB_DATA key, TDB_DATA data,
                 /* save a copy of the key */
                 
                 ptr->key.dptr = memdup( key.dptr, key.dsize );
+               if (!ptr->key.dptr) {
+                       DEBUG(0,("tdbsam_traverse_setpwent: memdup failed\n"));
+                       /* just return 0 and let the traversal continue */
+                       return 0;
+               }
+
                 ptr->key.dsize = key.dsize;
                 
                 DLIST_ADD( tdbsam_pwent_list, ptr );
diff --git a/source/printing/nt_printing.c b/source/printing/nt_printing.c

index 5c4039722e1450cdc1453dc0ebafd6df711bf3b3..85b7513c621ce1b8aee6f4d99d1a5f3191fa9d32 100644 (file)
--- a/source/printing/nt_printing.c
+++ b/source/printing/nt_printing.c
@@ -738,6 +738,9 @@ uint32 get_c_setprinter(void)
  int get_builtin_ntforms(nt_forms_struct **list)
  {
         *list = (nt_forms_struct *)memdup(&default_forms[0], sizeof(default_forms));
+       if (!*list) {
+               return 0;
+       }
         return sizeof(default_forms) / sizeof(default_forms[0]);
  }
  
@@ -2078,6 +2081,10 @@ static WERROR get_a_printer_driver_3_default(NT_PRINTER_DRIVER_INFO_LEVEL_3 **in
         fstrcpy(info.dependentfiles[0], "");
  
         *info_ptr = memdup(&info, sizeof(info));
+       if (!*info_ptr) {
+               SAFE_FREE(info.dependentfiles);
+               return WERR_NOMEM;
+       }
         
         return WERR_OK;
  }
@@ -2152,6 +2159,10 @@ static WERROR get_a_printer_driver_3(NT_PRINTER_DRIVER_INFO_LEVEL_3 **info_ptr,
         }
  
         *info_ptr = (NT_PRINTER_DRIVER_INFO_LEVEL_3 *)memdup(&driver, sizeof(driver));
+       if (!*info_ptr) {
+               SAFE_FREE(driver.dependentfiles);
+               return WERR_NOMEM;
+       }
  
         return WERR_OK;
  }
@@ -2652,6 +2663,10 @@ int unpack_devicemode(NT_DEVICEMODE **nt_devmode, char *buf, int buflen)
         }
  
         *nt_devmode = (NT_DEVICEMODE *)memdup(&devmode, sizeof(devmode));
+       if (!*nt_devmode) {
+               SAFE_FREE(devmode.nt_dev_private);
+               return -1;
+       }
  
         DEBUG(8,("Unpacked devicemode [%s](%s)\n", devmode.devicename, devmode.formname));
         if (devmode.nt_dev_private)
diff --git a/source/rpc_server/srv_pipe.c b/source/rpc_server/srv_pipe.c

index 72298520e3e88edaca5d6649405c7871753d8408..1c9173575607430697e00620a68d642dd060cb67 100644 (file)
--- a/source/rpc_server/srv_pipe.c
+++ b/source/rpc_server/srv_pipe.c
@@ -679,7 +679,8 @@ static BOOL pipe_ntlmssp_verify_final(pipes_struct *p, DATA_BLOB *p_resp_blob)
         if (p->pipe_user.ut.ngroups) {
                 if (!(p->pipe_user.ut.groups = memdup(a->server_info->groups,
                                                 sizeof(gid_t) * p->pipe_user.ut.ngroups))) {
-                       DEBUG(0,("failed to memdup group list to p->pipe_user.groups\n"));
+                       DEBUG(0,("pipe_ntlmssp_verify_final: failed to memdup group list to p->pipe_user.groups\n"));
+                       data_blob_free(&p->session_key);
                         return False;
                 }
         }
@@ -687,9 +688,17 @@ static BOOL pipe_ntlmssp_verify_final(pipes_struct *p, DATA_BLOB *p_resp_blob)
         if (a->server_info->ptok) {
                 p->pipe_user.nt_user_token =
                         dup_nt_token(NULL, a->server_info->ptok);
+               if (!p->pipe_user.nt_user_token) {
+                       DEBUG(1,("pipe_ntlmssp_verify_final: dup_nt_token failed.\n"));
+                       data_blob_free(&p->session_key);
+                       SAFE_FREE(p->pipe_user.ut.groups);
+                       return False;
+               }
+
         } else {
-               DEBUG(1,("Error: Authmodule failed to provide nt_user_token\n"));
-               p->pipe_user.nt_user_token = NULL;
+               DEBUG(1,("pipe_ntlmssp_verify_final: Error: Authmodule failed to provide nt_user_token\n"));
+               data_blob_free(&p->session_key);
+               SAFE_FREE(p->pipe_user.ut.groups);
                 return False;
         }
  
diff --git a/source/smbd/sec_ctx.c b/source/smbd/sec_ctx.c

index a30123bfa7923c413cbc14250540fc127fef6636..51d1d6cc0a8d92cd263530b004a20e9625f8633d 100644 (file)
--- a/source/smbd/sec_ctx.c
+++ b/source/smbd/sec_ctx.c
@@ -252,13 +252,29 @@ void set_sec_ctx(uid_t uid, gid_t gid, int ngroups, gid_t *groups, NT_USER_TOKEN
         ctx_p->ut.ngroups = ngroups;
  
         SAFE_FREE(ctx_p->ut.groups);
-       if (token && (token == ctx_p->token))
+       if (token && (token == ctx_p->token)) {
                 smb_panic("DUPLICATE_TOKEN");
+       }
  
         TALLOC_FREE(ctx_p->token);
         
-       ctx_p->ut.groups = memdup(groups, sizeof(gid_t) * ngroups);
-       ctx_p->token = dup_nt_token(NULL, token);
+       if (ngroups) {
+               ctx_p->ut.groups = memdup(groups, sizeof(gid_t) * ngroups);
+               if (!ctx_p->ut.groups) {
+                       smb_panic("memdup failed");
+               }
+       } else {
+               ctx_p->ut.groups = NULL;
+       }
+
+       if (token) {
+               ctx_p->token = dup_nt_token(NULL, token);
+               if (!ctx_p->token) {
+                       smb_panic("dup_nt_token failed");
+               }
+       } else {
+               ctx_p->token = NULL;
+       }
  
         become_id(uid, gid);
author	Jeremy Allison <jra@samba.org>
	Wed, 28 Jun 2006 00:50:14 +0000 (00:50 +0000)
committer	Gerald (Jerry) Carter <jerry@samba.org>
	Wed, 10 Oct 2007 16:19:01 +0000 (11:19 -0500)
source/lib/interface.c		patch \| blob \| history
source/libsmb/clirap.c		patch \| blob \| history
source/passdb/pdb_tdb.c		patch \| blob \| history
source/printing/nt_printing.c		patch \| blob \| history
source/rpc_server/srv_pipe.c		patch \| blob \| history
source/smbd/sec_ctx.c		patch \| blob \| history