From fa8e55b8b465114ce209344965c1ca0333b84db9 Mon Sep 17 00:00:00 2001 From: Simo Sorce Date: Sun, 12 Aug 2001 17:30:01 +0000 Subject: [PATCH] this is a big global fix for the ptr = Realloc(ptr, size) bug. many possible mem leaks, and segfaults fixed. someone should port this fix to 2.2 also. --- source/aparser/parser.c | 10 +++-- source/client/client.c | 6 ++- source/client/clitar.c | 6 ++- source/groupdb/aliasdb.c | 7 ++- source/groupdb/aliasfile.c | 7 ++- source/groupdb/groupdb.c | 7 ++- source/groupdb/groupfile.c | 7 ++- source/groupdb/mapping.c | 27 +++++++++--- source/lib/time.c | 9 ++-- source/lib/util.c | 8 +++- source/lib/util_array.c | 7 ++- source/lib/util_file.c | 22 +++++++--- source/libsmb/clilist.c | 19 +++++--- source/libsmb/clitrans.c | 30 +++++++++++-- source/locking/brlock.c | 6 ++- source/locking/posix.c | 13 ++++-- source/msdfs/msdfs.c | 6 ++- source/nsswitch/wb_client.c | 7 +-- source/nsswitch/winbindd_group.c | 9 ++-- source/nsswitch/winbindd_misc.c | 11 +++-- source/nsswitch/winbindd_user.c | 9 ++-- source/param/loadparm.c | 23 +++++++--- source/param/params.c | 27 ++++++++---- source/passdb/ldap.c | 19 +++++--- source/printing/nt_printing.c | 60 ++++++++++++++++++++++---- source/rpc_parse/parse_creds.c | 20 +++++---- source/rpc_parse/parse_spoolss.c | 33 ++++++++++---- source/rpc_server/srv_spoolss_nt.c | 69 ++++++++++++++++++++++-------- source/smbd/lanman.c | 10 ++++- source/smbwrapper/smbw_dir.c | 5 ++- 30 files changed, 363 insertions(+), 136 deletions(-) diff --git a/source/aparser/parser.c b/source/aparser/parser.c index c2348b84f96..0c7153e1fb7 100644 --- a/source/aparser/parser.c +++ b/source/aparser/parser.c @@ -460,8 +460,12 @@ realloc some memory for a parse structure ********************************************************************/ BOOL io_realloc(char *name, io_struct *ps, void **ptr, unsigned size) { - (*ptr) = (void *)Realloc(*ptr, size); - if (*ptr) return True; - return False; + BOOL ret = True; + void *tp; + + tp = (void *)Realloc(*ptr, size); + if (tp) *ptr = tp; + else ret = False; + return ret; } diff --git a/source/client/client.c b/source/client/client.c index 32cc34b2254..f3cc28cc607 100644 --- a/source/client/client.c +++ b/source/client/client.c @@ -415,20 +415,22 @@ static void adjust_do_list_queue(void) static void add_to_do_list_queue(const char* entry) { + char *dlq; long new_end = do_list_queue_end + ((long)strlen(entry)) + 1; while (new_end > do_list_queue_size) { do_list_queue_size *= 2; DEBUG(4,("enlarging do_list_queue to %d\n", (int)do_list_queue_size)); - do_list_queue = Realloc(do_list_queue, do_list_queue_size); - if (! do_list_queue) { + dlq = Realloc(do_list_queue, do_list_queue_size); + if (! dlq) { DEBUG(0,("failure enlarging do_list_queue to %d bytes\n", (int)do_list_queue_size)); reset_do_list_queue(); } else { + do_list_queue = dlq; memset(do_list_queue + do_list_queue_size / 2, 0, do_list_queue_size / 2); } diff --git a/source/client/clitar.c b/source/client/clitar.c index d28e652b35e..3ae4cafc180 100644 --- a/source/client/clitar.c +++ b/source/client/clitar.c @@ -1569,14 +1569,16 @@ static int read_inclusion_file(char *filename) } if ((strlen(buf) + 1 + inclusion_buffer_sofar) >= inclusion_buffer_size) { + char *ib; inclusion_buffer_size *= 2; - inclusion_buffer = Realloc(inclusion_buffer,inclusion_buffer_size); - if (! inclusion_buffer) { + ib = Realloc(inclusion_buffer,inclusion_buffer_size); + if (! ib) { DEBUG(0,("failure enlarging inclusion buffer to %d bytes\n", inclusion_buffer_size)); error = 1; break; } + else inclusion_buffer = ib; } safe_strcpy(inclusion_buffer + inclusion_buffer_sofar, buf, inclusion_buffer_size - inclusion_buffer_sofar); diff --git a/source/groupdb/aliasdb.c b/source/groupdb/aliasdb.c index a6876d0afca..eed417a6990 100644 --- a/source/groupdb/aliasdb.c +++ b/source/groupdb/aliasdb.c @@ -140,16 +140,19 @@ LOCAL_GRP *iterate_getaliasnam(char *name, LOCAL_GRP_MEMBER **mem, int *num_mem) *************************************************************************/ BOOL add_domain_alias(LOCAL_GRP **alss, int *num_alss, LOCAL_GRP *als) { + LOCAL_GRP *talss; + if (alss == NULL || num_alss == NULL || als == NULL) { return False; } - (*alss) = Realloc((*alss), ((*num_alss)+1) * sizeof(LOCAL_GRP)); - if ((*alss) == NULL) + talss = Realloc((*alss), ((*num_alss)+1) * sizeof(LOCAL_GRP)); + if (talss == NULL) { return False; } + else (*alss) = talss; DEBUG(10,("adding alias %s(%s)\n", als->name, als->comment)); diff --git a/source/groupdb/aliasfile.c b/source/groupdb/aliasfile.c index 4b8bbe3079f..2735fef38f2 100644 --- a/source/groupdb/aliasfile.c +++ b/source/groupdb/aliasfile.c @@ -128,12 +128,13 @@ static char *get_alias_members(char *p, int *num_mem, LOCAL_GRP_MEMBER **members while (next_token(&p, name, ",", sizeof(fstring))) { + LOCAL_GRP_MEMBER *mbrs; DOM_SID sid; uint8 type; if (lookup_sid(name, &sid, &type)) { - (*members) = Realloc((*members), ((*num_mem)+1) * sizeof(LOCAL_GRP_MEMBER)); + mbrs = Realloc((*members), ((*num_mem)+1) * sizeof(LOCAL_GRP_MEMBER)); (*num_mem)++; } else @@ -141,10 +142,12 @@ static char *get_alias_members(char *p, int *num_mem, LOCAL_GRP_MEMBER **members DEBUG(0,("alias database: could not resolve alias named %s\n", name)); continue; } - if ((*members) == NULL) + if (mbrs == NULL) { return NULL; } + else (*members) = mbrs; + fstrcpy((*members)[(*num_mem)-1].name, name); (*members)[(*num_mem)-1].sid_use = type; sid_copy(&(*members)[(*num_mem)-1].sid, &sid); diff --git a/source/groupdb/groupdb.c b/source/groupdb/groupdb.c index 1f773d9f153..4b7795c57ba 100644 --- a/source/groupdb/groupdb.c +++ b/source/groupdb/groupdb.c @@ -138,16 +138,19 @@ DOMAIN_GRP *iterate_getgroupnam(char *name, DOMAIN_GRP_MEMBER **mem, int *num_me *************************************************************************/ BOOL add_domain_group(DOMAIN_GRP **grps, int *num_grps, DOMAIN_GRP *grp) { + DOMAIN_GRP *tgrps; + if (grps == NULL || num_grps == NULL || grp == NULL) { return False; } - (*grps) = Realloc((*grps), ((*num_grps)+1) * sizeof(DOMAIN_GRP)); - if ((*grps) == NULL) + tgrps = Realloc((*grps), ((*num_grps)+1) * sizeof(DOMAIN_GRP)); + if (tgrps == NULL) { return False; } + else (*grps) = tgrps; DEBUG(10,("adding group %s(%s)\n", grp->name, grp->comment)); diff --git a/source/groupdb/groupfile.c b/source/groupdb/groupfile.c index 88d362e7d4c..ba9027b4f61 100644 --- a/source/groupdb/groupfile.c +++ b/source/groupdb/groupfile.c @@ -128,11 +128,14 @@ static char *get_group_members(char *p, int *num_mem, DOMAIN_GRP_MEMBER **member while (next_token(&p, name, ",", sizeof(fstring))) { - (*members) = Realloc((*members), ((*num_mem)+1) * sizeof(DOMAIN_GRP_MEMBER)); - if ((*members) == NULL) + DOMAIN_GRP_MEMBER *mbrs; + + mbrs = Realloc((*members), ((*num_mem)+1) * sizeof(DOMAIN_GRP_MEMBER)); + if (mbrs == NULL) { return NULL; } + else (*members) = mbrs; fstrcpy((*members)[(*num_mem)].name, name); (*members)[(*num_mem)].attr = 0x07; (*num_mem)++; diff --git a/source/groupdb/mapping.c b/source/groupdb/mapping.c index 97e75515866..268a1b1bd47 100644 --- a/source/groupdb/mapping.c +++ b/source/groupdb/mapping.c @@ -395,7 +395,7 @@ BOOL enum_group_mapping(enum SID_NAME_USE sid_name_use, GROUP_MAP **rmap, fstring string_sid; fstring group_type; GROUP_MAP map; - GROUP_MAP *mapt=NULL; + GROUP_MAP *mapt; int ret; int entries=0; @@ -433,7 +433,14 @@ BOOL enum_group_mapping(enum SID_NAME_USE sid_name_use, GROUP_MAP **rmap, decode_sid_name_use(group_type, map.sid_name_use); - mapt=(GROUP_MAP *)Realloc(mapt, (entries+1)*sizeof(GROUP_MAP)); + mapt=(GROUP_MAP *)Realloc((*rmap), (entries+1)*sizeof(GROUP_MAP)); + if (!mapt) { + DEBUG(0,("enum_group_mapping: Unable to enlarge group map!\n")); + if (*rmap) free(*rmap); + *rmap=NULL; + return False; + } + else (*rmap) = mapt; mapt[entries].gid = map.gid; sid_copy( &mapt[entries].sid, &map.sid); @@ -445,7 +452,6 @@ BOOL enum_group_mapping(enum SID_NAME_USE sid_name_use, GROUP_MAP **rmap, entries++; } - *rmap=mapt; *num_entries=entries; return True; } @@ -661,6 +667,7 @@ BOOL get_uid_list_of_group(gid_t gid, uid_t **uid, int *num_uids) struct passwd *pwd; int i=0; char *gr; + uid_t *u; *num_uids = 0; *uid=NULL; @@ -672,7 +679,12 @@ BOOL get_uid_list_of_group(gid_t gid, uid_t **uid, int *num_uids) DEBUG(10, ("getting members\n")); while (gr && (*gr != (char)'\0')) { - (*uid)=Realloc((*uid), sizeof(uid_t)*(*num_uids+1)); + u = Realloc((*uid), sizeof(uid_t)*(*num_uids+1)); + if (!u) { + DEBUG(0,("get_uid_list_of_group: unable to enlarge uid list!\n")); + return False; + } + else (*uid) = u; if( (pwd=getpwnam(gr)) !=NULL) { (*uid)[*num_uids]=pwd->pw_uid; @@ -685,7 +697,12 @@ BOOL get_uid_list_of_group(gid_t gid, uid_t **uid, int *num_uids) setpwent(); while ((pwd=getpwent()) != NULL) { if (pwd->pw_gid==gid) { - (*uid)=Realloc((*uid), sizeof(uid_t)*(*num_uids+1)); + u = Realloc((*uid), sizeof(uid_t)*(*num_uids+1)); + if (!u) { + DEBUG(0,("get_uid_list_of_group: unable to enlarge uid list!\n")); + return False; + } + else (*uid) = u; (*uid)[*num_uids]=pwd->pw_uid; (*num_uids)++; diff --git a/source/lib/time.c b/source/lib/time.c index 9714d4b9f8e..12643b05224 100644 --- a/source/lib/time.c +++ b/source/lib/time.c @@ -121,7 +121,7 @@ Updated by Paul Eggert ********************************************************************/ static int TimeZoneFaster(time_t t) { - static struct dst_table {time_t start,end; int zone;} *dst_table = NULL; + static struct dst_table {time_t start,end; int zone;} *tdt, *dst_table = NULL; static int table_size = 0; int i; int zone = 0; @@ -141,11 +141,14 @@ static int TimeZoneFaster(time_t t) time_t low,high; zone = TimeZone(t); - dst_table = (struct dst_table *)Realloc(dst_table, + tdt = (struct dst_table *)Realloc(dst_table, sizeof(dst_table[0])*(i+1)); - if (!dst_table) { + if (!tdt) { + DEBUG(0,("TimeZoneFaster: out of memory!\n")); + if (dst_table) free (dst_table); table_size = 0; } else { + dst_table = tdt; table_size++; dst_table[i].zone = zone; diff --git a/source/lib/util.c b/source/lib/util.c index ac0a004a264..33d604e85fa 100644 --- a/source/lib/util.c +++ b/source/lib/util.c @@ -166,11 +166,15 @@ char *get_numlist(char *p, uint32 **num, int *count) while ((p = Atoic(p, &val, ":,")) != NULL && (*p) != ':') { - (*num) = Realloc((*num), ((*count)+1) * sizeof(uint32)); - if ((*num) == NULL) + uint32 *tn; + + tn = Realloc((*num), ((*count)+1) * sizeof(uint32)); + if (tn == NULL) { + if (*num) free(*num); return NULL; } + else (*num) = tn; (*num)[(*count)] = val; (*count)++; p++; diff --git a/source/lib/util_array.c b/source/lib/util_array.c index 567c170834a..dcb08d9ce75 100644 --- a/source/lib/util_array.c +++ b/source/lib/util_array.c @@ -58,15 +58,18 @@ void* add_copy_to_array(uint32 *len, void ***array, const void *item, void* add_item_to_array(uint32 *len, void ***array, void *item) { + void **tary; + if (len == NULL || array == NULL) { return NULL; } - (*array) = (void**)Realloc((*array), ((*len)+1)*sizeof((*array)[0])); + tary = (void**)Realloc((*array), ((*len)+1)*sizeof((*array)[0])); - if ((*array) != NULL) + if (tary != NULL) { + (*array) = tary; (*array)[(*len)] = item; (*len)++; return item; diff --git a/source/lib/util_file.c b/source/lib/util_file.c index a92eb153335..d80c09666b5 100644 --- a/source/lib/util_file.c +++ b/source/lib/util_file.c @@ -287,7 +287,7 @@ char *fgets_slash(char *s2,int maxlen,FILE *f) if (!s2) { maxlen = MIN(maxlen,8); - s = (char *)Realloc(s,maxlen); + s = (char *)malloc(maxlen); } if (!s) return(NULL); @@ -327,9 +327,15 @@ char *fgets_slash(char *s2,int maxlen,FILE *f) } if (!s2 && len > maxlen-3) { + char *t; + maxlen *= 2; - s = (char *)Realloc(s,maxlen); - if (!s) return(NULL); + t = (char *)Realloc(s,maxlen); + if (!t) { + DEBUG(0,("fgets_slash: failed to expand buffer!\n")); + if (s) free(s); + return(NULL); + } else s = t; } } return(s); @@ -342,7 +348,7 @@ load from a pipe into memory char *file_pload(char *syscmd, size_t *size) { int fd, n; - char *p; + char *p, *tp; pstring buf; size_t total; @@ -353,11 +359,13 @@ char *file_pload(char *syscmd, size_t *size) total = 0; while ((n = read(fd, buf, sizeof(buf))) > 0) { - p = Realloc(p, total + n + 1); - if (!p) { + tp = Realloc(p, total + n + 1); + if (!tp) { + DEBUG(0,("file_pload: failed to exand buffer!\n")); close(fd); + if (p) free(p); return NULL; - } + } else p = tp; memcpy(p+total, buf, n); total += n; } diff --git a/source/libsmb/clilist.c b/source/libsmb/clilist.c index b7624486d63..609f5f23315 100644 --- a/source/libsmb/clilist.c +++ b/source/libsmb/clilist.c @@ -141,7 +141,7 @@ int cli_list_new(struct cli_state *cli,const char *Mask,uint16 attribute, pstring mask; file_info finfo; int i; - char *dirlist = NULL; + char *tdl, *dirlist = NULL; int dirlist_len = 0; int total_received = -1; BOOL First = True; @@ -259,12 +259,13 @@ int cli_list_new(struct cli_state *cli,const char *Mask,uint16 attribute, } /* and add them to the dirlist pool */ - dirlist = Realloc(dirlist,dirlist_len + data_len); + tdl = Realloc(dirlist,dirlist_len + data_len); - if (!dirlist) { - DEBUG(0,("Failed to expand dirlist\n")); + if (!tdl) { + DEBUG(0,("cli_list_new: Failed to expand dirlist\n")); break; } + else dirlist = tdl; /* put in a length for the last entry, to ensure we can chain entries into the next packet */ @@ -340,7 +341,7 @@ int cli_list_old(struct cli_state *cli,const char *Mask,uint16 attribute, int num_asked = (cli->max_xmit - 100)/DIR_STRUCT_SIZE; int num_received = 0; int i; - char *dirlist = NULL; + char *tdl, *dirlist = NULL; pstring mask; ZERO_ARRAY(status); @@ -385,10 +386,14 @@ int cli_list_old(struct cli_state *cli,const char *Mask,uint16 attribute, first = False; - dirlist = Realloc(dirlist,(num_received + received)*DIR_STRUCT_SIZE); + tdl = Realloc(dirlist,(num_received + received)*DIR_STRUCT_SIZE); - if (!dirlist) + if (!tdl) { + DEBUG(0,("cli_list_old: failed to expand dirlist")); + if (dirlist) free(dirlist); return 0; + } + else dirlist = tdl; p = smb_buf(cli->inbuf) + 3; diff --git a/source/libsmb/clitrans.c b/source/libsmb/clitrans.c index ac50c7bf6d9..c4e19b9375f 100644 --- a/source/libsmb/clitrans.c +++ b/source/libsmb/clitrans.c @@ -147,6 +147,7 @@ BOOL cli_receive_trans(struct cli_state *cli,int trans, int this_data,this_param; uint8 eclass; uint32 ecode; + char *tdata; *data_len = *param_len = 0; @@ -187,8 +188,18 @@ BOOL cli_receive_trans(struct cli_state *cli,int trans, total_param = SVAL(cli->inbuf,smb_tprcnt); /* allocate it */ - *data = Realloc(*data,total_data); - *param = Realloc(*param,total_param); + tdata = Realloc(*data,total_data); + if (!tdata) { + DEBUG(0,("cli_receive_trans: failed to enlarge buffer")); + return False; + } + else *data = tdata; + tdata = Realloc(*param,total_param); + if (!tdata) { + DEBUG(0,("cli_receive_trans: failed to enlarge buffer")); + return False; + } + else *param = tdata; while (1) { this_data = SVAL(cli->inbuf,smb_drcnt); @@ -358,6 +369,7 @@ BOOL cli_receive_nt_trans(struct cli_state *cli, int this_data,this_param; uint8 eclass; uint32 ecode; + char *tdata; *data_len = *param_len = 0; @@ -389,8 +401,18 @@ BOOL cli_receive_nt_trans(struct cli_state *cli, total_param = SVAL(cli->inbuf,smb_ntr_TotalParameterCount); /* allocate it */ - *data = Realloc(*data,total_data); - *param = Realloc(*param,total_param); + tdata = Realloc(*data,total_data); + if (!tdata) { + DEBUG(0,("cli_receive_nt_trans: failed to enlarge buffer")); + return False; + } + else *data = tdata; + tdata = Realloc(*param,total_param); + if (!tdata) { + DEBUG(0,("cli_receive_nt_trans: failed to enlarge buffer")); + return False; + } + else *param = tdata; while (1) { this_data = SVAL(cli->inbuf,smb_ntr_DataCount); diff --git a/source/locking/brlock.c b/source/locking/brlock.c index 1982d9982c2..d22297a9488 100644 --- a/source/locking/brlock.c +++ b/source/locking/brlock.c @@ -218,6 +218,7 @@ BOOL brl_lock(SMB_DEV_T dev, SMB_INO_T ino, int fnum, TDB_DATA kbuf, dbuf; int count, i; struct lock_struct lock, *locks; + char *tp; kbuf = locking_key(dev,ino); @@ -246,8 +247,9 @@ BOOL brl_lock(SMB_DEV_T dev, SMB_INO_T ino, int fnum, } /* no conflicts - add it to the list of locks */ - dbuf.dptr = Realloc(dbuf.dptr, dbuf.dsize + sizeof(*locks)); - if (!dbuf.dptr) goto fail; + tp = Realloc(dbuf.dptr, dbuf.dsize + sizeof(*locks)); + if (!tp) goto fail; + else dbuf.dptr = tp; memcpy(dbuf.dptr + dbuf.dsize, &lock, sizeof(lock)); dbuf.dsize += sizeof(lock); tdb_store(tdb, kbuf, dbuf, TDB_REPLACE); diff --git a/source/locking/posix.c b/source/locking/posix.c index 2a8a7aacd73..833914c7aa7 100644 --- a/source/locking/posix.c +++ b/source/locking/posix.c @@ -98,16 +98,19 @@ static BOOL add_fd_to_close_entry(files_struct *fsp) { TDB_DATA kbuf = locking_key_fsp(fsp); TDB_DATA dbuf; + char *tp; dbuf.dptr = NULL; dbuf = tdb_fetch(posix_pending_close_tdb, kbuf); - dbuf.dptr = Realloc(dbuf.dptr, dbuf.dsize + sizeof(int)); - if (!dbuf.dptr) { + tp = Realloc(dbuf.dptr, dbuf.dsize + sizeof(int)); + if (!tp) { DEBUG(0,("add_fd_to_close_entry: Realloc fail !\n")); + if (dbuf.dptr) free(dbuf.dptr); return False; } + else dbuf.dptr = tp; memcpy(dbuf.dptr + dbuf.dsize, &fsp->fd, sizeof(int)); dbuf.dsize += sizeof(int); @@ -354,6 +357,7 @@ static BOOL add_posix_lock_entry(files_struct *fsp, SMB_OFF_T start, SMB_OFF_T s TDB_DATA kbuf = locking_key_fsp(fsp); TDB_DATA dbuf; struct posix_lock pl; + char *tp; dbuf.dptr = NULL; @@ -370,11 +374,12 @@ static BOOL add_posix_lock_entry(files_struct *fsp, SMB_OFF_T start, SMB_OFF_T s pl.size = size; pl.lock_type = lock_type; - dbuf.dptr = Realloc(dbuf.dptr, dbuf.dsize + sizeof(pl)); - if (!dbuf.dptr) { + tp = Realloc(dbuf.dptr, dbuf.dsize + sizeof(pl)); + if (!tp) { DEBUG(0,("add_posix_lock_entry: Realloc fail !\n")); goto fail; } + else dbuf.dptr = tp; memcpy(dbuf.dptr + dbuf.dsize, &pl, sizeof(pl)); dbuf.dsize += sizeof(pl); diff --git a/source/msdfs/msdfs.c b/source/msdfs/msdfs.c index 2890b05b521..1fa16d40060 100644 --- a/source/msdfs/msdfs.c +++ b/source/msdfs/msdfs.c @@ -398,11 +398,12 @@ static int setup_ver2_dfs_referral(char* pathname, char** ppdata, /* add the unexplained 0x16 bytes */ reply_size += 0x16; - pdata = *ppdata = Realloc(pdata,reply_size); + pdata = Realloc(pdata,reply_size); if(pdata == NULL) { DEBUG(0,("malloc failed for Realloc!\n")); return -1; } + else *ppdata = pdata; /* copy in the dfs requested paths.. required for offset calculations */ memcpy(pdata+uni_reqpathoffset1,uni_requestedpath,requestedpathlen); @@ -476,11 +477,12 @@ static int setup_ver3_dfs_referral(char* pathname, char** ppdata, reply_size += (strlen(junction->referral_list[i].alternate_path)+1)*2; } - pdata = *ppdata = Realloc(pdata,reply_size); + pdata = Realloc(pdata,reply_size); if(pdata == NULL) { DEBUG(0,("version3 referral setup: malloc failed for Realloc!\n")); return -1; } + else *ppdata = pdata; /* create the header */ SSVAL(pdata,0,reqpathlen-2); /* path consumed */ diff --git a/source/nsswitch/wb_client.c b/source/nsswitch/wb_client.c index 2a29773b9ec..f5585557fbe 100644 --- a/source/nsswitch/wb_client.c +++ b/source/nsswitch/wb_client.c @@ -278,7 +278,7 @@ static int wb_getgroups(char *user, gid_t **groups) int winbind_initgroups(char *user, gid_t gid) { - gid_t *groups = NULL; + gid_t *tgr, *groups = NULL; int result; char *sep; @@ -310,13 +310,14 @@ int winbind_initgroups(char *user, gid_t gid) /* Add group to list if necessary */ if (!is_member) { - groups = Realloc(groups, sizeof(gid_t) * ngroups + 1); + tgr = Realloc(groups, sizeof(gid_t) * ngroups + 1); - if (!groups) { + if (!tgr) { errno = ENOMEM; result = -1; goto done; } + else groups = tgr; groups[ngroups] = gid; ngroups++; diff --git a/source/nsswitch/winbindd_group.c b/source/nsswitch/winbindd_group.c index ed4db07dda4..ff357dc0984 100644 --- a/source/nsswitch/winbindd_group.c +++ b/source/nsswitch/winbindd_group.c @@ -764,7 +764,7 @@ enum winbindd_result winbindd_list_groups(struct winbindd_cli_state *state) uint32 total_entries = 0; struct winbindd_domain *domain; struct getent_state groups; - char *extra_data = NULL; + char *ted, *extra_data = NULL; int extra_data_len = 0, i; DEBUG(3, ("[%5d]: list groups\n", state->pid)); @@ -794,12 +794,15 @@ enum winbindd_result winbindd_list_groups(struct winbindd_cli_state *state) account names to sizeof(fstring) = 128 characters. */ total_entries += groups.num_sam_entries; - extra_data = Realloc(extra_data, + ted = Realloc(extra_data, sizeof(fstring) * total_entries); - if (!extra_data) { + if (!ted) { + DEBUG(0,("winbindd_list_groups: failed to enlarge buffer!\n")); + if (extra_data) free(extra_data); return WINBINDD_ERROR; } + else extra_data = ted; /* Pack group list into extra data fields */ diff --git a/source/nsswitch/winbindd_misc.c b/source/nsswitch/winbindd_misc.c index 9520fc218b3..21f1afa6a70 100644 --- a/source/nsswitch/winbindd_misc.c +++ b/source/nsswitch/winbindd_misc.c @@ -136,7 +136,7 @@ enum winbindd_result winbindd_list_trusted_domains(struct winbindd_cli_state { struct winbindd_domain *domain; int total_entries = 0, extra_data_len = 0; - char *extra_data = NULL; + char *ted, *extra_data = NULL; DEBUG(3, ("[%5d]: list trusted domains\n", state->pid)); @@ -149,10 +149,15 @@ enum winbindd_result winbindd_list_trusted_domains(struct winbindd_cli_state /* Add domain to list */ total_entries++; - extra_data = Realloc(extra_data, sizeof(fstring) * + ted = Realloc(extra_data, sizeof(fstring) * total_entries); - if (!extra_data) return WINBINDD_ERROR; + if (!ted) { + DEBUG(0,("winbindd_list_trusted_domains: failed to enlarge buffer!\n")); + if (extra_data) free(extra_data); + return WINBINDD_ERROR; + } + else extra_data = ted; memcpy(&extra_data[extra_data_len], domain->name, strlen(domain->name)); diff --git a/source/nsswitch/winbindd_user.c b/source/nsswitch/winbindd_user.c index 30416e76d77..804d3deebb1 100644 --- a/source/nsswitch/winbindd_user.c +++ b/source/nsswitch/winbindd_user.c @@ -594,7 +594,7 @@ enum winbindd_result winbindd_list_users(struct winbindd_cli_state *state) SAM_DISPINFO_CTR ctr; SAM_DISPINFO_1 info1; uint32 num_entries = 0, total_entries = 0; - char *extra_data = NULL; + char *ted, *extra_data = NULL; int extra_data_len = 0; DEBUG(3, ("[%5d]: list users\n", state->pid)); @@ -635,12 +635,15 @@ enum winbindd_result winbindd_list_users(struct winbindd_cli_state *state) total_entries += num_entries; - extra_data = Realloc(extra_data, sizeof(fstring) * + ted = Realloc(extra_data, sizeof(fstring) * total_entries); - if (!extra_data) { + if (!ted) { + DEBUG(0,("winbindd_list_users: failed to enlarge buffer!\n")); + if (extra_data) free(extra_data); return WINBINDD_ERROR; } + else extra_data = ted; /* Pack user list into extra data fields */ diff --git a/source/param/loadparm.c b/source/param/loadparm.c index cb7f9f35c39..b004265261d 100644 --- a/source/param/loadparm.c +++ b/source/param/loadparm.c @@ -1782,16 +1782,25 @@ static int add_a_service(service * pservice, char *name) /* if not, then create one */ if (i == iNumServices) { - ServicePtrs = - (service **) Realloc(ServicePtrs, - sizeof(service *) * - num_to_alloc); - if (ServicePtrs) + service **tsp; + + tsp = (service **) Realloc(ServicePtrs, + sizeof(service *) * + num_to_alloc); + + if (!tsp) { + DEBUG(0,("add_a_service: failed to enlarge ServicePtrs!\n")); + return (-1); + } + else { + ServicePtrs = tsp; ServicePtrs[iNumServices] = (service *) malloc(sizeof(service)); - - if (!ServicePtrs || !ServicePtrs[iNumServices]) + } + if (!ServicePtrs[iNumServices]) { + DEBUG(0,("add_a_service: out of memory!\n")); return (-1); + } iNumServices++; } diff --git a/source/param/params.c b/source/param/params.c index 61baf9517c3..94169659191 100644 --- a/source/param/params.c +++ b/source/param/params.c @@ -238,13 +238,16 @@ static BOOL Section( myFILE *InFile, BOOL (*sfunc)(char *) ) /* Check that the buffer is big enough for the next character. */ if( i > (bSize - 2) ) { - bSize += BUFR_INC; - bufr = Realloc( bufr, bSize ); - if( NULL == bufr ) + char *tb; + + tb = Realloc( bufr, bSize +BUFR_INC ); + if( NULL == tb ) { DEBUG(0, ("%s Memory re-allocation failure.", func) ); return( False ); } + bufr = tb; + bSize += BUFR_INC; } /* Handle a single character. */ @@ -332,13 +335,16 @@ static BOOL Parameter( myFILE *InFile, BOOL (*pfunc)(char *, char *), int c ) if( i > (bSize - 2) ) /* Ensure there's space for next char. */ { - bSize += BUFR_INC; - bufr = Realloc( bufr, bSize ); - if( NULL == bufr ) + char *tb; + + tb = Realloc( bufr, bSize + BUFR_INC ); + if( NULL == tb ) { DEBUG(0, ("%s Memory re-allocation failure.", func) ); return( False ); } + bufr = tb; + bSize += BUFR_INC; } switch( c ) @@ -397,13 +403,16 @@ static BOOL Parameter( myFILE *InFile, BOOL (*pfunc)(char *, char *), int c ) if( i > (bSize - 2) ) /* Make sure there's enough room. */ { - bSize += BUFR_INC; - bufr = Realloc( bufr, bSize ); - if( NULL == bufr ) + char *tb; + + tb = Realloc( bufr, bSize + BUFR_INC ); + if( NULL == tb ) { DEBUG(0, ("%s Memory re-allocation failure.", func) ); return( False ); } + bufr = tb; + bSize += BUFR_INC; } switch( c ) diff --git a/source/passdb/ldap.c b/source/passdb/ldap.c index 9987990cc23..ee99664af48 100644 --- a/source/passdb/ldap.c +++ b/source/passdb/ldap.c @@ -378,7 +378,7 @@ static void ldap_get_sam_passwd(LDAP *ldap_struct, LDAPMessage *entry, ************************************************************************/ static void make_a_mod(LDAPMod ***modlist,int modop, char *attribute, char *value) { - LDAPMod **mods; + LDAPMod **mods, **tmods; int i; int j; @@ -386,12 +386,13 @@ static void make_a_mod(LDAPMod ***modlist,int modop, char *attribute, char *valu if (mods == NULL) { - mods = (LDAPMod **)malloc( sizeof(LDAPMod *) ); - if (mods == NULL) + tmods = (LDAPMod **)malloc( sizeof(LDAPMod *) ); + if (tmods == NULL) { DEBUG(0,("make_a_mod: out of memory!\n")); return; } + mods = tmods; mods[0] = NULL; } @@ -406,12 +407,13 @@ static void make_a_mod(LDAPMod ***modlist,int modop, char *attribute, char *valu if (mods[i] == NULL) { - mods = (LDAPMod **)Realloc( mods, (i+2) * sizeof( LDAPMod * ) ); - if (mods == NULL) + tmods = (LDAPMod **)Realloc( mods, (i+2) * sizeof( LDAPMod * ) ); + if (tmods == NULL) { DEBUG(0,("make_a_mod: out of memory!\n")); return; } + mods = tmods; mods[i] = (LDAPMod *)malloc( sizeof( LDAPMod ) ); if (mods[i] == NULL) { @@ -426,18 +428,21 @@ static void make_a_mod(LDAPMod ***modlist,int modop, char *attribute, char *valu if (value ! = NULL ) { + char **tmval; + j = 0; if ( mods[ i ]->mod_values ! = NULL ) { for ( ; mods[ i ]->mod_values[ j ] ! = NULL; j++ ); } - mods[ i ]->mod_values = (char **)Realloc(mods[ i ]->mod_values, + tmval = (char **)Realloc(mods[ i ]->mod_values, (j+2) * sizeof( char * )); - if ( mods[ i ]->mod_values == NULL) + if ( tmval == NULL) { DEBUG(0, "make_a_mod: Memory allocation failure!\n"); return; } + mods[ i ]->mod_values = tmval; mods[ i ]->mod_values[ j ] = strdup(value); mods[ i ]->mod_values[ j + 1 ] = NULL; } diff --git a/source/printing/nt_printing.c b/source/printing/nt_printing.c index 5482d1608a7..20bdcda5ecb 100644 --- a/source/printing/nt_printing.c +++ b/source/printing/nt_printing.c @@ -316,6 +316,7 @@ get a form struct list int get_ntforms(nt_forms_struct **list) { TDB_DATA kbuf, newkey, dbuf; + nt_forms_struct *tl; nt_forms_struct form; int ret; int i; @@ -336,11 +337,12 @@ int get_ntforms(nt_forms_struct **list) safe_free(dbuf.dptr); if (ret != dbuf.dsize) continue; - *list = Realloc(*list, sizeof(nt_forms_struct)*(n+1)); - if (!*list) { + tl = Realloc(*list, sizeof(nt_forms_struct)*(n+1)); + if (!tl) { DEBUG(0,("get_ntforms: Realloc fail.\n")); return 0; } + *list = tl; (*list)[n] = form; n++; } @@ -385,6 +387,7 @@ BOOL add_a_form(nt_forms_struct **list, const FORM *form, int *count) int n=0; BOOL update; fstring form_name; + nt_forms_struct *tl; /* * NT tries to add forms even when @@ -404,8 +407,11 @@ BOOL add_a_form(nt_forms_struct **list, const FORM *form, int *count) } if (update==False) { - if((*list=Realloc(*list, (n+1)*sizeof(nt_forms_struct))) == NULL) + if((tl=Realloc(*list, (n+1)*sizeof(nt_forms_struct))) == NULL) { + DEBUG(0,("add_a_form: failed to enlarge forms list!\n")); return False; + } + *list = tl; unistr2_to_ascii((*list)[n].name, &form->name, sizeof((*list)[n].name)-1); (*count)++; } @@ -496,6 +502,7 @@ int get_ntdrivers(fstring **list, char *architecture, uint32 version) { int total=0; fstring short_archi; + fstring *fl; pstring key; TDB_DATA kbuf, newkey; @@ -507,8 +514,11 @@ int get_ntdrivers(fstring **list, char *architecture, uint32 version) newkey = tdb_nextkey(tdb_drivers, kbuf), safe_free(kbuf.dptr), kbuf=newkey) { if (strncmp(kbuf.dptr, key, strlen(key)) != 0) continue; - if((*list = Realloc(*list, sizeof(fstring)*(total+1))) == NULL) + if((fl = Realloc(*list, sizeof(fstring)*(total+1))) == NULL) { + DEBUG(0,("get_ntdrivers: failed to enlarge list!\n")); return -1; + } + else *list = fl; fstrcpy((*list)[total], kbuf.dptr+strlen(key)); total++; @@ -1520,7 +1530,15 @@ static uint32 add_a_printer_driver_3(NT_PRINTER_DRIVER_INFO_LEVEL_3 *driver) } if (len != buflen) { - buf = (char *)Realloc(buf, len); + char *tb; + + tb = (char *)Realloc(buf, len); + if (!tb) { + DEBUG(0,("add_a_printer_driver_3: failed to enlarge buffer\n!")); + ret = -1; + goto done; + } + else buf = tb; buflen = len; goto again; } @@ -1533,6 +1551,7 @@ static uint32 add_a_printer_driver_3(NT_PRINTER_DRIVER_INFO_LEVEL_3 *driver) ret = tdb_store(tdb_drivers, kbuf, dbuf, TDB_REPLACE); +done: if (ret) DEBUG(0,("add_a_printer_driver_3: Adding driver with key %s failed.\n", key )); @@ -1630,10 +1649,15 @@ static uint32 get_a_printer_driver_3(NT_PRINTER_DRIVER_INFO_LEVEL_3 **info_ptr, i=0; while (len < dbuf.dsize) { - driver.dependentfiles = (fstring *)Realloc(driver.dependentfiles, + fstring *tddfs; + + tddfs = (fstring *)Realloc(driver.dependentfiles, sizeof(fstring)*(i+2)); - if (driver.dependentfiles == NULL) + if (tddfs == NULL) { + DEBUG(0,("get_a_printer_driver_3: failed to enlarge buffer!\n")); break; + } + else driver.dependentfiles = tddfs; len += tdb_unpack(dbuf.dptr+len, dbuf.dsize-len, "f", &driver.dependentfiles[i]); @@ -1936,7 +1960,15 @@ static uint32 update_a_printer_2(NT_PRINTER_INFO_LEVEL_2 *info) len += pack_specifics(info->specific, buf+len, buflen-len); if (buflen != len) { - buf = (char *)Realloc(buf, len); + char *tb; + + tb = (char *)Realloc(buf, len); + if (!tb) { + DEBUG(0,("update_a_printer_2: failed to enlarge buffer!\n")); + ret = -1; + goto done; + } + else buf = tb; buflen = len; goto again; } @@ -1951,6 +1983,7 @@ static uint32 update_a_printer_2(NT_PRINTER_INFO_LEVEL_2 *info) ret = tdb_store(tdb_printers, kbuf, dbuf, TDB_REPLACE); +done: if (ret == -1) DEBUG(8, ("error updating printer to tdb on disk\n")); @@ -2793,7 +2826,15 @@ static uint32 update_driver_init_2(NT_PRINTER_INFO_LEVEL_2 *info) len += pack_specifics(info->specific, buf+len, buflen-len); if (buflen != len) { - buf = (char *)Realloc(buf, len); + char *tb; + + tb = (char *)Realloc(buf, len); + if (!tb) { + DEBUG(0, ("update_driver_init_2: failed to enlarge buffer!\n")); + ret = -1; + goto done; + } + else buf = tb; buflen = len; goto again; } @@ -2807,6 +2848,7 @@ static uint32 update_driver_init_2(NT_PRINTER_INFO_LEVEL_2 *info) ret = tdb_store(tdb_drivers, kbuf, dbuf, TDB_REPLACE); +done: if (ret == -1) DEBUG(8, ("update_driver_init_2: error updating printer init to tdb on disk\n")); diff --git a/source/rpc_parse/parse_creds.c b/source/rpc_parse/parse_creds.c index 7bdbe658800..ae8ba23a560 100644 --- a/source/rpc_parse/parse_creds.c +++ b/source/rpc_parse/parse_creds.c @@ -90,8 +90,7 @@ BOOL make_creds_unix_sec(CREDS_UNIX_SEC *r_u, r_u->uid = uid; r_u->gid = gid; r_u->num_grps = num_grps; - r_u->grps = (uint32*)Realloc(NULL, sizeof(r_u->grps[0]) * - r_u->num_grps); + r_u->grps = (uint32*)malloc(sizeof(r_u->grps[0]) * r_u->num_grps); if (r_u->grps == NULL && num_grps != 0) { return False; @@ -123,14 +122,17 @@ BOOL creds_io_unix_sec(char *desc, CREDS_UNIX_SEC *r_u, prs_struct *ps, int dept prs_uint32("num_grps", ps, depth, (uint32 *)&(r_u->num_grps)); if (r_u->num_grps != 0) { - r_u->grps = (uint32*)Realloc(r_u->grps, + uint32 *tgr; + + tgr = (uint32*)Realloc(r_u->grps, sizeof(r_u->grps[0]) * r_u->num_grps); - if (r_u->grps == NULL) + if (tgr == NULL) { creds_free_unix_sec(r_u); return False; } + else r_u->grps = tgr; } for (i = 0; i < r_u->num_grps; i++) { @@ -165,8 +167,7 @@ BOOL make_creds_nt_sec(CREDS_NT_SEC *r_u, sid_copy(&r_u->sid, sid); r_u->num_grps = num_grps; - r_u->grp_rids = (uint32*)Realloc(NULL, sizeof(r_u->grp_rids[0]) * - r_u->num_grps); + r_u->grp_rids = (uint32*)malloc(sizeof(r_u->grp_rids[0]) * r_u->num_grps); if (r_u->grp_rids == NULL && num_grps != 0) { @@ -199,14 +200,17 @@ BOOL creds_io_nt_sec(char *desc, CREDS_NT_SEC *r_u, prs_struct *ps, int depth) prs_uint32("num_grps", ps, depth, &(r_u->num_grps)); if (r_u->num_grps != 0) { - r_u->grp_rids = (uint32*)Realloc(r_u->grp_rids, + uint32 *tgrid; + + tgrid = (uint32*)Realloc(r_u->grp_rids, sizeof(r_u->grp_rids[0]) * r_u->num_grps); - if (r_u->grp_rids == NULL) + if (tgrid == NULL) { creds_free_nt_sec(r_u); return False; } + else r_u->grp_rids = tgrid; } for (i = 0; i < r_u->num_grps; i++) { diff --git a/source/rpc_parse/parse_spoolss.c b/source/rpc_parse/parse_spoolss.c index b5689957527..dd2c4a541ab 100644 --- a/source/rpc_parse/parse_spoolss.c +++ b/source/rpc_parse/parse_spoolss.c @@ -1861,12 +1861,17 @@ static BOOL smb_io_relarraystr(char *desc, NEW_BUFFER *buffer, int depth, uint16 an extra NULL for termination */ if (l_chaine > 0) { + uint16 *tc2; + realloc_size = (l_chaine2+l_chaine+2)*sizeof(uint16); /* Yes this should be realloc - it's freed below. JRA */ - if((chaine2=(uint16 *)Realloc(chaine2, realloc_size)) == NULL) + if((tc2=(uint16 *)Realloc(chaine2, realloc_size)) == NULL) { + if (chaine2) free(chaine2); return False; + } + else chaine2 = tc2; memcpy(chaine2+l_chaine2, chaine.buffer, (l_chaine+1)*sizeof(uint16)); l_chaine2+=l_chaine+1; } @@ -4703,7 +4708,7 @@ BOOL spool_io_printer_driver_info_level_6(char *desc, SPOOL_PRINTER_DRIVER_INFO_ ********************************************************************/ static BOOL uniarray_2_dosarray(BUFFER5 *buf5, fstring **ar) { - fstring f; + fstring f, *tar; int n = 0; char *src; @@ -4715,7 +4720,9 @@ static BOOL uniarray_2_dosarray(BUFFER5 *buf5, fstring **ar) while (src < ((char *)buf5->buffer) + buf5->buf_len*2) { rpcstr_pull(f, src, sizeof(f)-1, -1, 0); src = skip_unibuf(src, 2*buf5->buf_len - PTR_DIFF(src,buf5->buffer)); - *ar = (fstring *)Realloc(*ar, sizeof(fstring)*(n+2)); + tar = (fstring *)Realloc(*ar, sizeof(fstring)*(n+2)); + if (!tar) return False; + else *ar = tar; fstrcpy((*ar)[n], f); n++; } @@ -4993,9 +5000,11 @@ BOOL uni_2_asc_printer_driver_3(SPOOL_PRINTER_DRIVER_INFO_LEVEL_3 *uni, DEBUGADD(8,( "monitorname: %s\n", d->monitorname)); DEBUGADD(8,( "defaultdatatype: %s\n", d->defaultdatatype)); - uniarray_2_dosarray(&uni->dependentfiles, &d->dependentfiles ); - - return True; + if (uniarray_2_dosarray(&uni->dependentfiles, &d->dependentfiles )) + return True; + + free(*asc); + return False; } /******************************************************************* @@ -5038,10 +5047,16 @@ BOOL uni_2_asc_printer_driver_6(SPOOL_PRINTER_DRIVER_INFO_LEVEL_6 *uni, DEBUGADD(8,( "monitorname: %s\n", d->monitorname)); DEBUGADD(8,( "defaultdatatype: %s\n", d->defaultdatatype)); - uniarray_2_dosarray(&uni->dependentfiles, &d->dependentfiles ); - uniarray_2_dosarray(&uni->previousnames, &d->previousnames ); - + if (!uniarray_2_dosarray(&uni->dependentfiles, &d->dependentfiles )) + goto error; + if (!uniarray_2_dosarray(&uni->previousnames, &d->previousnames )) + goto error; + return True; + +error: + free(*asc); + return False; } BOOL uni_2_asc_printer_info_2(const SPOOL_PRINTER_INFO_LEVEL_2 *uni, diff --git a/source/rpc_server/srv_spoolss_nt.c b/source/rpc_server/srv_spoolss_nt.c index f002ceabd2d..023c9a1203a 100644 --- a/source/rpc_server/srv_spoolss_nt.c +++ b/source/rpc_server/srv_spoolss_nt.c @@ -915,20 +915,24 @@ static BOOL convert_printer_info(const SPOOL_PRINTER_INFO_LEVEL *uni, static BOOL convert_printer_driver_info(const SPOOL_PRINTER_DRIVER_INFO_LEVEL *uni, NT_PRINTER_DRIVER_INFO_LEVEL *printer, uint32 level) { + BOOL result = True; + switch (level) { case 3: printer->info_3=NULL; - uni_2_asc_printer_driver_3(uni->info_3, &printer->info_3); + if (!uni_2_asc_printer_driver_3(uni->info_3, &printer->info_3)) + result = False; break; case 6: printer->info_6=NULL; - uni_2_asc_printer_driver_6(uni->info_6, &printer->info_6); + if (!uni_2_asc_printer_driver_6(uni->info_6, &printer->info_6)) + result = False; break; default: break; } - return True; + return result; } BOOL convert_devicemode(char *printername, const DEVICEMODE *devmode, @@ -2200,7 +2204,7 @@ static BOOL construct_notify_printer_info(SPOOL_NOTIFY_INFO *info, int uint16 type; uint16 field; - SPOOL_NOTIFY_INFO_DATA *current_data; + SPOOL_NOTIFY_INFO_DATA *current_data, *tid; NT_PRINTER_INFO_LEVEL *printer = NULL; print_queue_struct *queue=NULL; @@ -2220,9 +2224,12 @@ static BOOL construct_notify_printer_info(SPOOL_NOTIFY_INFO *info, int if (!search_notify(type, field, &j) ) continue; - if((info->data=(SPOOL_NOTIFY_INFO_DATA *)Realloc(info->data, (info->count+1)*sizeof(SPOOL_NOTIFY_INFO_DATA))) == NULL) { + if((tid=(SPOOL_NOTIFY_INFO_DATA *)Realloc(info->data, (info->count+1)*sizeof(SPOOL_NOTIFY_INFO_DATA))) == NULL) { + DEBUG(0,("construct_notify_printer_info: failed to enlarge buffer info->data!\n")); return False; } + else info->data = tid; + current_data=&info->data[info->count]; construct_info_data(current_data, type, field, id); @@ -2256,7 +2263,7 @@ static BOOL construct_notify_jobs_info(print_queue_struct *queue, uint16 type; uint16 field; - SPOOL_NOTIFY_INFO_DATA *current_data; + SPOOL_NOTIFY_INFO_DATA *current_data, *tid; DEBUG(4,("construct_notify_jobs_info\n")); @@ -2272,9 +2279,11 @@ static BOOL construct_notify_jobs_info(print_queue_struct *queue, if (!search_notify(type, field, &j) ) continue; - if((info->data=Realloc(info->data, (info->count+1)*sizeof(SPOOL_NOTIFY_INFO_DATA))) == NULL) { + if((tid=Realloc(info->data, (info->count+1)*sizeof(SPOOL_NOTIFY_INFO_DATA))) == NULL) { + DEBUG(0,("construct_notify_jobs_info: failed to enlarg buffer info->data!\n")); return False; } + else info->data = tid; current_data=&(info->data[info->count]); @@ -2877,7 +2886,7 @@ static BOOL enum_all_printers_info_1(uint32 flags, NEW_BUFFER *buffer, uint32 of int snum; int i; int n_services=lp_numservices(); - PRINTER_INFO_1 *printers=NULL; + PRINTER_INFO_1 *tp, *printers=NULL; PRINTER_INFO_1 current_prt; DEBUG(4,("enum_all_printers_info_1\n")); @@ -2887,10 +2896,13 @@ static BOOL enum_all_printers_info_1(uint32 flags, NEW_BUFFER *buffer, uint32 of DEBUG(4,("Found a printer in smb.conf: %s[%x]\n", lp_servicename(snum), snum)); if (construct_printer_info_1(flags, ¤t_prt, snum)) { - if((printers=Realloc(printers, (*returned +1)*sizeof(PRINTER_INFO_1))) == NULL) { + if((tp=Realloc(printers, (*returned +1)*sizeof(PRINTER_INFO_1))) == NULL) { + DEBUG(0,("enum_all_printers_info_1: failed to enlarge printers buffer!\n")); + safe_free(printers); *returned=0; return ERRnomem; } + else printers = tp; DEBUG(4,("ReAlloced memory for [%d] PRINTER_INFO_1\n", *returned)); memcpy(&printers[*returned], ¤t_prt, sizeof(PRINTER_INFO_1)); (*returned)++; @@ -3024,7 +3036,7 @@ static BOOL enum_all_printers_info_2(NEW_BUFFER *buffer, uint32 offered, uint32 int snum; int i; int n_services=lp_numservices(); - PRINTER_INFO_2 *printers=NULL; + PRINTER_INFO_2 *tp, *printers=NULL; PRINTER_INFO_2 current_prt; for (snum=0; snumname)); if (cur_dir->malloced == cur_dir->count) { - cur_dir->list = (struct file_info *)Realloc(cur_dir->list, + cdl = (struct file_info *)Realloc(cur_dir->list, sizeof(cur_dir->list[0])* (cur_dir->count+100)); if (!cur_dir->list) { /* oops */ return; } + cur_dir->list = cdl; cur_dir->malloced += 100; } -- 2.34.1