Memory leaks and other fixes found by Coverity
authortodd stecher <todd.stecher@gmail.com>
Mon, 19 Jan 2009 23:09:51 +0000 (15:09 -0800)
committerSteven Danneman <steven.danneman@isilon.com>
Thu, 22 Jan 2009 01:13:03 +0000 (17:13 -0800)
19 files changed:
source3/auth/pampass.c
source3/include/proto.h
source3/lib/dprintf.c
source3/libsmb/clikrb5.c
source3/nmbd/nmbd_incomingrequests.c
source3/nmbd/nmbd_serverlistdb.c
source3/passdb/pdb_interface.c
source3/passdb/pdb_ldap.c
source3/rpc_client/cli_spoolss.c
source3/rpc_parse/parse_buffer.c
source3/rpc_server/srv_pipe.c
source3/rpc_server/srv_spoolss_nt.c
source3/rpc_server/srv_svcctl_nt.c
source3/utils/net_rpc.c
source3/winbindd/winbindd_group.c
source3/winbindd/winbindd_user.c
source3/winbindd/winbindd_util.c
source3/winbindd/winbindd_wins.c
testsuite/printing/psec.c

index 9345eed..4312b77 100644 (file)
@@ -462,7 +462,9 @@ static bool smb_pam_end(pam_handle_t *pamh, struct pam_conv *smb_pam_conv_ptr)
 static bool smb_pam_start(pam_handle_t **pamh, const char *user, const char *rhost, struct pam_conv *pconv)
 {
        int pam_error;
+#ifdef PAM_RHOST
        const char *our_rhost;
+#endif
        char addr[INET6_ADDRSTRLEN];
 
        *pamh = (pam_handle_t *)NULL;
@@ -475,6 +477,7 @@ static bool smb_pam_start(pam_handle_t **pamh, const char *user, const char *rho
                return False;
        }
 
+#ifdef PAM_RHOST
        if (rhost == NULL) {
                our_rhost = client_name(get_client_fd());
                if (strequal(our_rhost,"UNKNOWN"))
@@ -483,7 +486,6 @@ static bool smb_pam_start(pam_handle_t **pamh, const char *user, const char *rho
                our_rhost = rhost;
        }
 
-#ifdef PAM_RHOST
        DEBUG(4,("smb_pam_start: PAM: setting rhost to: %s\n", our_rhost));
        pam_error = pam_set_item(*pamh, PAM_RHOST, our_rhost);
        if(!smb_pam_error_handler(*pamh, pam_error, "set rhost failed", 0)) {
index 9ce6a9d..1445b10 100644 (file)
@@ -5581,7 +5581,7 @@ NTSTATUS cli_do_rpc_ndr(struct rpc_pipe_client *cli,
 
 /* The following definitions come from rpc_parse/parse_buffer.c  */
 
-void rpcbuf_init(RPC_BUFFER *buffer, uint32 size, TALLOC_CTX *ctx);
+bool rpcbuf_init(RPC_BUFFER *buffer, uint32 size, TALLOC_CTX *ctx);
 bool prs_rpcbuffer(const char *desc, prs_struct *ps, int depth, RPC_BUFFER *buffer);
 bool prs_rpcbuffer_p(const char *desc, prs_struct *ps, int depth, RPC_BUFFER **buffer);
 bool rpcbuf_alloc_size(RPC_BUFFER *buffer, uint32 buffer_size);
index b3c830d..631c45a 100644 (file)
 
  int d_vfprintf(FILE *f, const char *format, va_list ap)
 {
-       char *p, *p2;
+       char *p = NULL, *p2 = NULL;
        int ret, maxlen, clen;
        const char *msgstr;
        va_list ap2;
 
+       va_copy(ap2, ap);
+
        /* do any message translations */
        msgstr = lang_msg(format);
-       if (!msgstr) return -1;
-
-       va_copy(ap2, ap);
+       if (!msgstr) {
+               ret = -1;
+               goto out;
+       }
 
        ret = vasprintf(&p, msgstr, ap2);
 
        lang_msg_free(msgstr);
 
        if (ret <= 0) {
-         va_end(ap2);
-         return ret;
+               ret = -1;
+               goto out;
        }
 
        /* now we have the string in unix format, convert it to the display
 again:
        p2 = (char *)SMB_MALLOC(maxlen);
        if (!p2) {
-               SAFE_FREE(p);
-               va_end(ap2);
-               return -1;
+               ret = -1;
+               goto out;
        }
+
        clen = convert_string(CH_UNIX, CH_DISPLAY, p, ret, p2, maxlen, True);
 
        if (clen >= maxlen) {
@@ -72,10 +75,11 @@ again:
        }
 
        /* good, its converted OK */
-       SAFE_FREE(p);
        ret = fwrite(p2, 1, clen, f);
-       SAFE_FREE(p2);
+out:
 
+       SAFE_FREE(p);
+       SAFE_FREE(p2);
        va_end(ap2);
 
        return ret;
index 9f86b8b..a95a25c 100644 (file)
@@ -1417,7 +1417,7 @@ done:
 
                addrs = (krb5_address **)SMB_MALLOC(sizeof(krb5_address *) * num_addr);
                if (addrs == NULL) {
-                       SAFE_FREE(kerb_addr);
+                       SAFE_FREE(*kerb_addr);
                        return ENOMEM;
                }
 
@@ -1426,7 +1426,7 @@ done:
                addrs[0] = (krb5_address *)SMB_MALLOC(sizeof(krb5_address));
                if (addrs[0] == NULL) {
                        SAFE_FREE(addrs);
-                       SAFE_FREE(kerb_addr);
+                       SAFE_FREE(*kerb_addr);
                        return ENOMEM;
                }
 
@@ -1437,7 +1437,7 @@ done:
                if (addrs[0]->contents == NULL) {
                        SAFE_FREE(addrs[0]);
                        SAFE_FREE(addrs);
-                       SAFE_FREE(kerb_addr);
+                       SAFE_FREE(*kerb_addr);
                        return ENOMEM;
                }
 
@@ -1449,7 +1449,7 @@ done:
        {
                addrs = (krb5_addresses *)SMB_MALLOC(sizeof(krb5_addresses));
                if (addrs == NULL) {
-                       SAFE_FREE(kerb_addr);
+                       SAFE_FREE(*kerb_addr);
                        return ENOMEM;
                }
 
@@ -1469,7 +1469,7 @@ done:
                if (addrs->val[0].address.data == NULL) {
                        SAFE_FREE(addrs->val);
                        SAFE_FREE(addrs);
-                       SAFE_FREE(kerb_addr);
+                       SAFE_FREE(*kerb_addr);
                        return ENOMEM;
                }
 
index ebe1948..63f9a3a 100644 (file)
@@ -314,14 +314,14 @@ void process_node_status_request(struct subnet_record *subrec, struct packet_str
        char rdata[MAX_DGRAM_SIZE];
        char *countptr, *buf, *bufend, *buf0;
        int names_added,i;
-       struct name_record *namerec;
+       struct name_record *namerec = NULL;
 
        pull_ascii_nstring(qname, sizeof(qname), nmb->question.question_name.name);
 
        DEBUG(3,("process_node_status_request: status request for name %s from IP %s on \
 subnet %s.\n", nmb_namestr(&nmb->question.question_name), inet_ntoa(p->ip), subrec->subnet_name));
 
-       if((namerec = find_name_on_subnet(subrec, &nmb->question.question_name, FIND_SELF_NAME)) == 0) {
+       if(find_name_on_subnet(subrec, &nmb->question.question_name, FIND_SELF_NAME) == 0) {
                DEBUG(1,("process_node_status_request: status request for name %s from IP %s on \
 subnet %s - name not found.\n", nmb_namestr(&nmb->question.question_name),
                        inet_ntoa(p->ip), subrec->subnet_name));
index 28c164f..0728f29 100644 (file)
@@ -128,7 +128,7 @@ struct server_record *create_server_on_workgroup(struct work_record *work,
                return (NULL);
        }
   
-       if((servrec = find_server_in_workgroup(work, name)) != NULL) {
+       if(find_server_in_workgroup(work, name) != NULL) {
                DEBUG(0,("create_server_on_workgroup: Server %s already exists on \
 workgroup %s. This is a bug.\n", name, work->work_group));
                return NULL;
index b13644b..486b5b1 100644 (file)
@@ -605,6 +605,9 @@ static NTSTATUS pdb_default_delete_dom_group(struct pdb_methods *methods,
        struct group *grp;
        const char *grp_name;
 
+       /* coverity */
+       map.gid = (gid_t) -1;
+
        sid_compose(&group_sid, get_global_sam_sid(), rid);
 
        if (!get_domain_group_from_sid(group_sid, &map)) {
@@ -780,6 +783,9 @@ static NTSTATUS pdb_default_add_groupmem(struct pdb_methods *methods,
        const char *group_name;
        uid_t uid;
 
+       /* coverity */
+       map.gid = (gid_t) -1;
+
        sid_compose(&group_sid, get_global_sam_sid(), group_rid);
        sid_compose(&member_sid, get_global_sam_sid(), member_rid);
 
index f031483..043b620 100644 (file)
@@ -4221,6 +4221,7 @@ const char **talloc_attrs(TALLOC_CTX *mem_ctx, ...)
                result[i] = talloc_strdup(result, va_arg(ap, const char*));
                if (result[i] == NULL) {
                        talloc_free(result);
+                       va_end(ap);
                        return NULL;
                }
        }
index 69cee6c..30a707f 100644 (file)
@@ -521,7 +521,8 @@ WERROR rpccli_spoolss_enum_printers(struct rpc_pipe_client *cli, TALLOC_CTX *mem
        ZERO_STRUCT(out);
 
        offered = 0;
-       rpcbuf_init(&buffer, offered, mem_ctx);
+       if (!rpcbuf_init(&buffer, offered, mem_ctx))
+               return WERR_NOMEM;
        make_spoolss_q_enumprinters( &in, flags, name, level, &buffer, offered );
 
        CLI_DO_RPC_WERR( cli, mem_ctx, &syntax_spoolss, SPOOLSS_ENUMPRINTERS,
@@ -537,7 +538,8 @@ WERROR rpccli_spoolss_enum_printers(struct rpc_pipe_client *cli, TALLOC_CTX *mem
                ZERO_STRUCT(in);
                ZERO_STRUCT(out);
 
-               rpcbuf_init(&buffer, offered, mem_ctx);
+               if (!rpcbuf_init(&buffer, offered, mem_ctx))
+                       return WERR_NOMEM;
                make_spoolss_q_enumprinters( &in, flags, name, level, &buffer, offered );
 
                CLI_DO_RPC_WERR( cli, mem_ctx, &syntax_spoolss, SPOOLSS_ENUMPRINTERS,
@@ -601,7 +603,8 @@ WERROR rpccli_spoolss_enum_ports(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ct
         strupper_m(server);
 
        offered = 0;
-       rpcbuf_init(&buffer, offered, mem_ctx);
+       if (!rpcbuf_init(&buffer, offered, mem_ctx))
+               return WERR_NOMEM;
        make_spoolss_q_enumports( &in, server, level, &buffer, offered );
        
        CLI_DO_RPC_WERR( cli, mem_ctx, &syntax_spoolss, SPOOLSS_ENUMPORTS,
@@ -617,7 +620,8 @@ WERROR rpccli_spoolss_enum_ports(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ct
                ZERO_STRUCT(in);
                ZERO_STRUCT(out);
                
-               rpcbuf_init(&buffer, offered, mem_ctx);
+               if (!rpcbuf_init(&buffer, offered, mem_ctx))
+                       return WERR_NOMEM;
                make_spoolss_q_enumports( &in, server, level, &buffer, offered );
 
                CLI_DO_RPC_WERR( cli, mem_ctx, &syntax_spoolss, SPOOLSS_ENUMPORTS,
@@ -670,7 +674,8 @@ WERROR rpccli_spoolss_getprinter(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ct
        /* Initialise input parameters */
 
        offered = 0;
-       rpcbuf_init(&buffer, offered, mem_ctx);
+       if (!rpcbuf_init(&buffer, offered, mem_ctx))
+               return WERR_NOMEM;
        make_spoolss_q_getprinter( mem_ctx, &in, pol, level, &buffer, offered );
        
        CLI_DO_RPC_WERR( cli, mem_ctx, &syntax_spoolss, SPOOLSS_GETPRINTER,
@@ -686,7 +691,8 @@ WERROR rpccli_spoolss_getprinter(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ct
                ZERO_STRUCT(in);
                ZERO_STRUCT(out);
                
-               rpcbuf_init(&buffer, offered, mem_ctx);
+               if (!rpcbuf_init(&buffer, offered, mem_ctx))
+                       return WERR_NOMEM;
                make_spoolss_q_getprinter( mem_ctx, &in, pol, level, &buffer, offered );
 
                CLI_DO_RPC_WERR( cli, mem_ctx, &syntax_spoolss, SPOOLSS_GETPRINTER,
@@ -781,7 +787,8 @@ WERROR rpccli_spoolss_getprinterdriver(struct rpc_pipe_client *cli,
        strupper_m(server);
 
        offered = 0;
-       rpcbuf_init(&buffer, offered, mem_ctx);
+       if (!rpcbuf_init(&buffer, offered, mem_ctx))
+               return WERR_NOMEM;
        make_spoolss_q_getprinterdriver2( &in, pol, env, level, 
                version, 2, &buffer, offered);
 
@@ -798,7 +805,8 @@ WERROR rpccli_spoolss_getprinterdriver(struct rpc_pipe_client *cli,
                ZERO_STRUCT(in);
                ZERO_STRUCT(out);
                
-               rpcbuf_init(&buffer, offered, mem_ctx);
+               if (!rpcbuf_init(&buffer, offered, mem_ctx))
+                       return WERR_NOMEM;
                make_spoolss_q_getprinterdriver2( &in, pol, env, level, 
                        version, 2, &buffer, offered);
 
@@ -859,7 +867,8 @@ WERROR rpccli_spoolss_enumprinterdrivers (struct rpc_pipe_client *cli,
         strupper_m(server);
 
        offered = 0;
-       rpcbuf_init(&buffer, offered, mem_ctx);
+       if (!rpcbuf_init(&buffer, offered, mem_ctx))
+               return WERR_NOMEM;
        make_spoolss_q_enumprinterdrivers( &in, server, env, level, 
                &buffer, offered);
        
@@ -876,7 +885,8 @@ WERROR rpccli_spoolss_enumprinterdrivers (struct rpc_pipe_client *cli,
                ZERO_STRUCT(in);
                ZERO_STRUCT(out);
                
-               rpcbuf_init(&buffer, offered, mem_ctx);
+               if (!rpcbuf_init(&buffer, offered, mem_ctx))
+                       return WERR_NOMEM;
                make_spoolss_q_enumprinterdrivers( &in, server, env, level, 
                        &buffer, offered);
        
@@ -942,7 +952,8 @@ WERROR rpccli_spoolss_getprinterdriverdir (struct rpc_pipe_client *cli,
         strupper_m(server);
 
        offered = 0;
-       rpcbuf_init(&buffer, offered, mem_ctx);
+       if (!rpcbuf_init(&buffer, offered, mem_ctx))
+               return WERR_NOMEM;
        make_spoolss_q_getprinterdriverdir( &in, server, env, level, 
                &buffer, offered );
 
@@ -959,7 +970,8 @@ WERROR rpccli_spoolss_getprinterdriverdir (struct rpc_pipe_client *cli,
                ZERO_STRUCT(in);
                ZERO_STRUCT(out);
                
-               rpcbuf_init(&buffer, offered, mem_ctx);
+               if (!rpcbuf_init(&buffer, offered, mem_ctx))
+                       return WERR_NOMEM;
                make_spoolss_q_getprinterdriverdir( &in, server, env, level, 
                        &buffer, offered );
 
@@ -1125,7 +1137,8 @@ WERROR rpccli_spoolss_getprintprocessordirectory(struct rpc_pipe_client *cli,
        ZERO_STRUCT(out);
 
        offered = 0;
-       rpcbuf_init(&buffer, offered, mem_ctx);
+       if (!rpcbuf_init(&buffer, offered, mem_ctx))
+               return WERR_NOMEM;
        make_spoolss_q_getprintprocessordirectory( &in, name, 
                environment, level, &buffer, offered );
 
@@ -1142,7 +1155,8 @@ WERROR rpccli_spoolss_getprintprocessordirectory(struct rpc_pipe_client *cli,
                ZERO_STRUCT(in);
                ZERO_STRUCT(out);
                
-               rpcbuf_init(&buffer, offered, mem_ctx);
+               if (!rpcbuf_init(&buffer, offered, mem_ctx))
+                       return WERR_NOMEM;
                make_spoolss_q_getprintprocessordirectory( &in, name, 
                        environment, level, &buffer, offered );
 
@@ -1230,7 +1244,8 @@ WERROR rpccli_spoolss_getform(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx,
        ZERO_STRUCT(out);
 
        offered = 0;
-       rpcbuf_init(&buffer, offered, mem_ctx);
+       if (!rpcbuf_init(&buffer, offered, mem_ctx))
+               return WERR_NOMEM;
        make_spoolss_q_getform( &in, handle, formname, level, &buffer, offered );
        
        CLI_DO_RPC_WERR( cli, mem_ctx, &syntax_spoolss, SPOOLSS_GETFORM,
@@ -1246,7 +1261,8 @@ WERROR rpccli_spoolss_getform(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx,
                ZERO_STRUCT(in);
                ZERO_STRUCT(out);
                
-               rpcbuf_init(&buffer, offered, mem_ctx);
+               if (!rpcbuf_init(&buffer, offered, mem_ctx))
+                       return WERR_NOMEM;
                make_spoolss_q_getform( &in, handle, formname, level, &buffer, offered );
        
                CLI_DO_RPC_WERR( cli, mem_ctx, &syntax_spoolss, SPOOLSS_GETFORM,
@@ -1309,7 +1325,8 @@ WERROR rpccli_spoolss_enumforms(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx
        ZERO_STRUCT(out);
 
        offered = 0;
-       rpcbuf_init(&buffer, offered, mem_ctx);
+       if (!rpcbuf_init(&buffer, offered, mem_ctx))
+               return WERR_NOMEM;
        make_spoolss_q_enumforms( &in, handle, level, &buffer, offered );
 
        CLI_DO_RPC_WERR( cli, mem_ctx, &syntax_spoolss, SPOOLSS_ENUMFORMS,
@@ -1325,7 +1342,8 @@ WERROR rpccli_spoolss_enumforms(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx
                ZERO_STRUCT(in);
                ZERO_STRUCT(out);
 
-               rpcbuf_init(&buffer, offered, mem_ctx);
+               if (!rpcbuf_init(&buffer, offered, mem_ctx))
+                       return WERR_NOMEM;
                make_spoolss_q_enumforms( &in, handle, level, &buffer, offered );
 
                CLI_DO_RPC_WERR( cli, mem_ctx, &syntax_spoolss, SPOOLSS_ENUMFORMS,
@@ -1365,7 +1383,8 @@ WERROR rpccli_spoolss_enumjobs(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx,
        ZERO_STRUCT(out);
 
        offered = 0;
-       rpcbuf_init(&buffer, offered, mem_ctx);
+       if (!rpcbuf_init(&buffer, offered, mem_ctx))
+               return WERR_NOMEM;
        make_spoolss_q_enumjobs( &in, hnd, firstjob, num_jobs, level, 
                &buffer, offered );
 
@@ -1382,7 +1401,8 @@ WERROR rpccli_spoolss_enumjobs(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx,
                ZERO_STRUCT(in);
                ZERO_STRUCT(out);
 
-               rpcbuf_init(&buffer, offered, mem_ctx);
+               if (!rpcbuf_init(&buffer, offered, mem_ctx))
+                       return WERR_NOMEM;
                make_spoolss_q_enumjobs( &in, hnd, firstjob, num_jobs, level, 
                        &buffer, offered );
 
@@ -1461,7 +1481,8 @@ WERROR rpccli_spoolss_getjob(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx,
        ZERO_STRUCT(out);
 
        offered = 0;
-       rpcbuf_init(&buffer, offered, mem_ctx);
+       if (!rpcbuf_init(&buffer, offered, mem_ctx))
+               return WERR_NOMEM;
        make_spoolss_q_getjob( &in, hnd, jobid, level, &buffer, offered );
 
        CLI_DO_RPC_WERR( cli, mem_ctx, &syntax_spoolss, SPOOLSS_GETJOB,
@@ -1477,7 +1498,8 @@ WERROR rpccli_spoolss_getjob(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx,
                ZERO_STRUCT(in);
                ZERO_STRUCT(out);
                
-               rpcbuf_init(&buffer, offered, mem_ctx);
+               if (!rpcbuf_init(&buffer, offered, mem_ctx))
+                       return WERR_NOMEM;
                make_spoolss_q_getjob( &in, hnd, jobid, level, &buffer, offered );
 
                CLI_DO_RPC_WERR( cli, mem_ctx, &syntax_spoolss, SPOOLSS_GETJOB,
index b5177cc..99546ef 100644 (file)
 /**********************************************************************
  Initialize a new spoolss buff for use by a client rpc
 **********************************************************************/
-void rpcbuf_init(RPC_BUFFER *buffer, uint32 size, TALLOC_CTX *ctx)
+bool rpcbuf_init(RPC_BUFFER *buffer, uint32 size, TALLOC_CTX *ctx)
 {
        buffer->size = size;
        buffer->string_at_end = size;
-       if (prs_init(&buffer->prs, size, ctx, MARSHALL))
-               buffer->struct_start = prs_offset(&buffer->prs);
-       else
-               buffer->struct_start = 0;
+       if (!prs_init(&buffer->prs, size, ctx, MARSHALL))
+               return false;
+
+       buffer->struct_start = prs_offset(&buffer->prs);
+       return true;
 }
 
 /*******************************************************************
index 4f78d69..343342a 100644 (file)
@@ -706,7 +706,7 @@ static int rpc_lookup_size;
 bool api_pipe_bind_auth3(pipes_struct *p, prs_struct *rpc_in_p)
 {
        RPC_HDR_AUTH auth_info;
-       uint32 pad;
+       uint32 pad = 0;
        DATA_BLOB blob;
 
        ZERO_STRUCT(blob);
@@ -1839,6 +1839,8 @@ bool api_pipe_alter_context(pipes_struct *p, prs_struct *rpc_in_p)
                return False;
        }
 
+       ZERO_STRUCT(hdr_rb);
+
        DEBUG(5,("api_pipe_alter_context: decode request. %d\n", __LINE__));
 
        /* decode the alter context request */
index 123cbf9..ba2fe77 100644 (file)
@@ -9927,7 +9927,8 @@ WERROR _spoolss_xcvdataport(pipes_struct *p, SPOOL_Q_XCVDATAPORT *q_u, SPOOL_R_X
 
        /* Allocate the outgoing buffer */
 
-       rpcbuf_init( &r_u->outdata, q_u->offered, p->mem_ctx );
+       if (!rpcbuf_init( &r_u->outdata, q_u->offered, p->mem_ctx ))
+               return WERR_NOMEM;
 
        switch ( Printer->printer_type ) {
        case SPLHND_PORTMON_TCP:
index 3b04494..33bf3d0 100644 (file)
@@ -580,7 +580,6 @@ WERROR _svcctl_QueryServiceStatusEx(pipes_struct *p,
 
        /* we have to set the outgoing buffer size to the same as the
           incoming buffer size (even in the case of failure) */
-
        *r->out.bytes_needed = r->in.buf_size;
 
        switch ( r->in.info_level ) {
@@ -736,7 +735,6 @@ WERROR _svcctl_QueryServiceConfig2W(pipes_struct *p,
 
        /* we have to set the outgoing buffer size to the same as the
           incoming buffer size (even in the case of failure */
-
        *r->out.bytes_needed = r->in.buf_size;
 
        switch ( r->in.info_level ) {
index 652f0b5..c000b58 100644 (file)
@@ -4064,7 +4064,11 @@ static bool get_user_sids(const char *domain, const char *user, NT_USER_TOKEN *t
                return false;
        }
 
-       string_to_sid(&user_sid, sid_str);
+       if (!string_to_sid(&user_sid, sid_str)) {
+               DEBUG(1,("Could not convert sid %s from string\n", sid_str));
+               return false;
+       }
+
        wbcFreeMemory(sid_str);
        sid_str = NULL;
 
@@ -4200,7 +4204,11 @@ static bool get_user_tokens_from_file(FILE *f,
                        /* We have a SID */
 
                        DOM_SID sid;
-                       string_to_sid(&sid, &line[1]);
+                       if(!string_to_sid(&sid, &line[1])) {
+                               DEBUG(1,("get_user_tokens_from_file: Could "
+                                       "not convert sid %s \n",&line[1]));
+                               return false;
+                       }
 
                        if (token == NULL) {
                                DEBUG(0, ("File does not begin with username"));
index 7432bda..bc532bb 100644 (file)
@@ -991,7 +991,13 @@ static void getgrgid_recv(void *private_data, bool success, const char *sid)
                DEBUG(10,("getgrgid_recv: gid %lu has sid %s\n",
                          (unsigned long)(state->request.data.gid), sid));
 
-               string_to_sid(&group_sid, sid);
+               if (!string_to_sid(&group_sid, sid)) {
+                       DEBUG(1,("getgrgid_recv: Could not convert sid %s "
+                               "from string\n", sid));
+                       request_error(state);
+                       return;
+               }
+
                winbindd_getgrsid(state, group_sid);
                return;
        }
index fd1fdd3..5356e16 100644 (file)
@@ -527,7 +527,13 @@ static void getpwuid_recv(void *private_data, bool success, const char *sid)
        DEBUG(10,("uid2sid_recv: uid %lu has sid %s\n",
                  (unsigned long)(state->request.data.uid), sid));
 
-       string_to_sid(&user_sid, sid);
+       if (!string_to_sid(&user_sid, sid)) {
+               DEBUG(1,("uid2sid_recv: Could not convert sid %s "
+                       "from string\n,", sid));
+               request_error(state);
+               return;
+       }
+
        winbindd_getpwsid(state, &user_sid);
 }
 
index 748099a..2d87015 100644 (file)
@@ -682,8 +682,16 @@ static void init_child_recv(void *private_data, bool success)
                state->response->data.domain_info.name);
        fstrcpy(state->domain->alt_name,
                state->response->data.domain_info.alt_name);
-       string_to_sid(&state->domain->sid,
-                     state->response->data.domain_info.sid);
+       if (!string_to_sid(&state->domain->sid,
+                     state->response->data.domain_info.sid)) {
+               DEBUG(1,("init_child_recv: Could not convert sid %s "
+                       "from string\n",
+                       state->response->data.domain_info.sid));
+               state->continuation(state->private_data, False);
+               talloc_destroy(state->mem_ctx);
+               return;
+       }
+
        state->domain->native_mode =
                state->response->data.domain_info.native_mode;
        state->domain->active_directory =
index 4a3d268..f9ba13f 100644 (file)
@@ -46,9 +46,15 @@ static int wins_lookup_open_socket_in(void)
        if (res == -1)
                return -1;
 
-       setsockopt(res,SOL_SOCKET,SO_REUSEADDR,(char *)&val,sizeof(val));
+       if (setsockopt(res,SOL_SOCKET,SO_REUSEADDR,(char *)&val,sizeof(val))) {
+               close(res);
+               return -1;
+       }
 #ifdef SO_REUSEPORT
-       setsockopt(res,SOL_SOCKET,SO_REUSEPORT,(char *)&val,sizeof(val));
+       if (setsockopt(res,SOL_SOCKET,SO_REUSEPORT,(char *)&val,sizeof(val))) {
+               close(res);
+               return -1;
+       }
 #endif /* SO_REUSEPORT */
 
        /* now we've got a socket - we need to bind it */
index 33a45e8..051837c 100644 (file)
@@ -352,8 +352,11 @@ int psec_setsec(char *printer)
                goto done;
        }
 
-       prs_init(&ps, (uint32)sec_desc_size(sdb->sec) + 
-                sizeof(SEC_DESC_BUF), 4, mem_ctx, MARSHALL);
+       if (!prs_init(&ps, (uint32)sec_desc_size(sdb->sec) +
+                sizeof(SEC_DESC_BUF), 4, mem_ctx, MARSHALL)) {
+               printf("prs_init() failed\n");
+               goto done;
+       }
 
        if (!sec_io_desc_buf("nt_printing_setsec", &sdb, &ps, 1)) {
                printf("sec_io_desc_buf failed\n");