Fox missing SMB_MALLOC return checks noticed by "Andreas Moroder <andreas.moroder...

Jeremy.

diff --git a/source3/lib/util_str.c b/source3/lib/util_str.c
index f93832e7527135b9e00a635d2508e707add61f1b..449b5d1a600b224bd88ba466a29238cb73e13c90 100644 (file)
--- a/source3/lib/util_str.c
+++ b/source3/lib/util_str.c
@@ -2067,6 +2067,9 @@ void string_append(char **left, const char *right)
 
        if (*left == NULL) {
                *left = (char *)SMB_MALLOC(new_len);
+               if (*left == NULL) {
+                       return;
+               }
                *left[0] = '\0';
        } else {
                new_len += strlen(*left);

diff --git a/source3/lib/util_unistr.c b/source3/lib/util_unistr.c
index f53ef94d69eca4b5b8c016b6c9ed75bfbe08457c..4cda38dc191bdfc8247a95613e216b63c8384ee8 100644 (file)
--- a/source3/lib/util_unistr.c
+++ b/source3/lib/util_unistr.c
@@ -109,6 +109,11 @@ void load_case_tables(void)
        if (!upcase_table) {
                DEBUG(1,("creating lame upcase table\n"));
                upcase_table = (smb_ucs2_t *)SMB_MALLOC(0x20000);
+               if (!upcase_table) {
+                       smb_panic("lame upcase table malloc fail");
+                       /* notreached. */
+                       return;
+               }
                for (i=0;i<0x10000;i++) {
                        smb_ucs2_t v;
                        SSVAL(&v, 0, i);
@@ -124,6 +129,11 @@ void load_case_tables(void)
        if (!lowcase_table) {
                DEBUG(1,("creating lame lowcase table\n"));
                lowcase_table = (smb_ucs2_t *)SMB_MALLOC(0x20000);
+               if (!lowcase_table) {
+                       smb_panic("lame lowcase table malloc fail");
+                       /* notreached. */
+                       return;
+               }
                for (i=0;i<0x10000;i++) {
                        smb_ucs2_t v;
                        SSVAL(&v, 0, i);

diff --git a/source3/libads/sasl.c b/source3/libads/sasl.c
index 7ad4c9a86843683e8f17feb9a0c3a5091e4e9a01..051fc961d9bc50a31a4989eb43e0fe94b120b46e 100644 (file)
--- a/source3/libads/sasl.c
+++ b/source3/libads/sasl.c
@@ -987,6 +987,11 @@ static ADS_STATUS ads_sasl_gssapi_do_bind(ADS_STRUCT *ads, const gss_name_t serv
 
        output_token.length = 4;
        output_token.value = SMB_MALLOC(output_token.length);
+       if (!output_token.value) {
+               output_token.length = 0;
+               status = ADS_ERROR_NT(NT_STATUS_NO_MEMORY);
+               goto failed;
+       }
        p = (uint8 *)output_token.value;
 
        RSIVAL(p,0,max_msg_size);
@@ -1002,14 +1007,19 @@ static ADS_STATUS ads_sasl_gssapi_do_bind(ADS_STRUCT *ads, const gss_name_t serv
         */
 
        gss_rc = gss_wrap(&minor_status, context_handle,0,GSS_C_QOP_DEFAULT,
-                         &output_token, &conf_state,
-                         &input_token);
+                       &output_token, /* used as *input* here. */
+                       &conf_state,
+                       &input_token); /* Used as *output* here. */
        if (gss_rc) {
                status = ADS_ERROR_GSS(gss_rc, minor_status);
+               output_token.length = 0;
+               SAFE_FREE(output_token.value);
                goto failed;
        }
 
-       free(output_token.value);
+       /* We've finished with output_token. */
+       SAFE_FREE(output_token.value);
+       output_token.length = 0;
 
        cred.bv_val = (char *)input_token.value;
        cred.bv_len = input_token.length;

diff --git a/source3/libnet/libnet_samsync_ldif.c b/source3/libnet/libnet_samsync_ldif.c
index f18ba5bc33135d9341c9f1d0716d9b051483c9f1..96bad4da327dce92fd1d2ce64dd0cbc5335aaabe 100644 (file)
--- a/source3/libnet/libnet_samsync_ldif.c
+++ b/source3/libnet/libnet_samsync_ldif.c
@@ -83,6 +83,9 @@ static NTSTATUS populate_ldap_for_ldif(const char *sid,
        if (suffix_attr == NULL) {
                len = strlen(suffix);
                suffix_attr = (char*)SMB_MALLOC(len+1);
+               if (!suffix_attr) {
+                       return NT_STATUS_NO_MEMORY;
+               }
                memcpy(suffix_attr, suffix, len);
                suffix_attr[len] = '\0';
        }

diff --git a/source3/libsmb/cliconnect.c b/source3/libsmb/cliconnect.c
index 49da8edb7cfd40d5be30eab2f9f2cec918741333..169bf4f03764d395b12f9ab3d78b1b097cc06365 100644 (file)
--- a/source3/libsmb/cliconnect.c
+++ b/source3/libsmb/cliconnect.c
@@ -2135,6 +2135,11 @@ static void cli_negprot_done(struct tevent_req *subreq)
                        SAFE_FREE(cli->inbuf);
                        cli->outbuf = (char *)SMB_MALLOC(CLI_SAMBA_MAX_LARGE_READX_SIZE+LARGE_WRITEX_HDR_SIZE+SAFETY_MARGIN);
                        cli->inbuf = (char *)SMB_MALLOC(CLI_SAMBA_MAX_LARGE_READX_SIZE+LARGE_WRITEX_HDR_SIZE+SAFETY_MARGIN);
+                       if (!cli->outbuf || !cli->inbuf) {
+                               tevent_req_nterror(req,
+                                               NT_STATUS_NO_MEMORY);
+                               return;
+                       }
                        cli->bufsize = CLI_SAMBA_MAX_LARGE_READX_SIZE + LARGE_WRITEX_HDR_SIZE;
                }