diff options
author | Gerald Carter <jerry@samba.org> | 2007-05-03 16:58:30 +0000 |
---|---|---|
committer | Gerald Carter <jerry@samba.org> | 2007-05-03 16:58:30 +0000 |
commit | 812a6afc0a6a0d95ed7dc2a6e1847678143521f0 (patch) | |
tree | 30060f23dd59bb821b434a9a141ecaf0034b82ac | |
parent | 4ae5d4171c16ba0c0197fc62087a19ccba9ffe9e (diff) | |
download | samba-812a6afc0a6a0d95ed7dc2a6e1847678143521f0.tar.gz |
r22650: sync up with SMABA_3_0_25 as of svn r22649
87 files changed, 1634 insertions, 818 deletions
diff --git a/examples/VFS/shadow_copy_test.c b/examples/VFS/shadow_copy_test.c index 155181229b1..98ac304ee2c 100644 --- a/examples/VFS/shadow_copy_test.c +++ b/examples/VFS/shadow_copy_test.c @@ -58,7 +58,11 @@ static int test_get_shadow_copy_data(vfs_handle_struct *handle, files_struct *fs shadow_copy_data->num_volumes = num; if (labels) { - shadow_copy_data->labels = TALLOC_ZERO_ARRAY(shadow_copy_data->mem_ctx,SHADOW_COPY_LABEL,num); + if (num) { + shadow_copy_data->labels = TALLOC_ZERO_ARRAY(shadow_copy_data->mem_ctx,SHADOW_COPY_LABEL,num); + } else { + shadow_copy_data->labels = NULL; + } for (i=0;i<num;i++) { snprintf(shadow_copy_data->labels[i], sizeof(SHADOW_COPY_LABEL), "@GMT-2003.08.05-12.%02u.00",i); } diff --git a/source/VERSION b/source/VERSION index 816251096ab..be77b3bae60 100644 --- a/source/VERSION +++ b/source/VERSION @@ -56,7 +56,7 @@ SAMBA_VERSION_PRE_RELEASE= # e.g. SAMBA_VERSION_RC_RELEASE=1 # # -> "3.0.0rc1" # ######################################################## -SAMBA_VERSION_RC_RELEASE=3 +SAMBA_VERSION_RC_RELEASE=4 ######################################################## # To mark SVN snapshots this should be set to 'yes' # diff --git a/source/auth/auth_util.c b/source/auth/auth_util.c index 4e9e6f85f66..35790749d1d 100644 --- a/source/auth/auth_util.c +++ b/source/auth/auth_util.c @@ -1179,11 +1179,15 @@ NTSTATUS create_token_from_username(TALLOC_CTX *mem_ctx, const char *username, goto done; } - group_sids = talloc_array(tmp_ctx, DOM_SID, num_group_sids); - if (group_sids == NULL) { - DEBUG(1, ("talloc_array failed\n")); - result = NT_STATUS_NO_MEMORY; - goto done; + if (num_group_sids) { + group_sids = TALLOC_ARRAY(tmp_ctx, DOM_SID, num_group_sids); + if (group_sids == NULL) { + DEBUG(1, ("TALLOC_ARRAY failed\n")); + result = NT_STATUS_NO_MEMORY; + goto done; + } + } else { + group_sids = NULL; } for (i=0; i<num_group_sids; i++) { @@ -1209,9 +1213,9 @@ NTSTATUS create_token_from_username(TALLOC_CTX *mem_ctx, const char *username, uint32 dummy; num_group_sids = 1; - group_sids = talloc_array(tmp_ctx, DOM_SID, num_group_sids); + group_sids = TALLOC_ARRAY(tmp_ctx, DOM_SID, num_group_sids); if (group_sids == NULL) { - DEBUG(1, ("talloc_array failed\n")); + DEBUG(1, ("TALLOC_ARRAY failed\n")); result = NT_STATUS_NO_MEMORY; goto done; } @@ -1462,7 +1466,7 @@ static auth_serversupplied_info *copy_serverinfo(auth_serversupplied_info *src) dst->gid = src->gid; dst->n_groups = src->n_groups; if (src->n_groups != 0) { - dst->groups = (gid_t *)talloc_memdup( + dst->groups = (gid_t *)TALLOC_MEMDUP( dst, src->groups, sizeof(gid_t)*dst->n_groups); } else { dst->groups = NULL; @@ -2027,11 +2031,11 @@ NT_USER_TOKEN *dup_nt_token(TALLOC_CTX *mem_ctx, const NT_USER_TOKEN *ptoken) ZERO_STRUCTP(token); if (ptoken->user_sids && ptoken->num_sids) { - token->user_sids = (DOM_SID *)talloc_memdup( + token->user_sids = (DOM_SID *)TALLOC_MEMDUP( token, ptoken->user_sids, sizeof(DOM_SID) * ptoken->num_sids ); if (token->user_sids == NULL) { - DEBUG(0, ("talloc_memdup failed\n")); + DEBUG(0, ("TALLOC_MEMDUP failed\n")); TALLOC_FREE(token); return NULL; } diff --git a/source/client/mount.cifs.c b/source/client/mount.cifs.c index 7e4c27c820b..49150e1ffba 100755 --- a/source/client/mount.cifs.c +++ b/source/client/mount.cifs.c @@ -78,6 +78,7 @@ static int free_share_name = 0; static char * user_name = NULL; static char * mountpassword = NULL; char * domain_name = NULL; +char * prefixpath = NULL; /* BB finish BB @@ -804,6 +805,11 @@ continue_unc_parsing: host_entry = gethostbyname(unc_name); } *(share - 1) = '/'; /* put the slash back */ + if ((prefixpath = strchr(share, '/'))) { + *prefixpath = 0; /* permanently terminate the string */ + if (!strlen(++prefixpath)) + prefixpath = NULL; /* this needs to be done explicitly */ + } if(got_ip) { if(verboseflag) printf("ip address specified explicitly\n"); @@ -1196,6 +1202,10 @@ mount_retry: strcat(options,","); strcat(options,orgoptions); } + if(prefixpath) { + strncat(options,",prefixpath=",12); + strcat(options,prefixpath); /* no need to cat the / */ + } if(verboseflag) printf("\nmount.cifs kernel mount options %s \n",options); if(mount(share_name, mountpoint, "cifs", flags, options)) { diff --git a/source/groupdb/mapping.c b/source/groupdb/mapping.c index 54cffd15882..46e27d4de68 100644 --- a/source/groupdb/mapping.c +++ b/source/groupdb/mapping.c @@ -578,12 +578,17 @@ NTSTATUS pdb_default_alias_memberships(struct pdb_methods *methods, if (!NT_STATUS_IS_OK(result)) return result; + *p_num_alias_rids = 0; + + if (num_alias_sids == 0) { + TALLOC_FREE(alias_sids); + return NT_STATUS_OK; + } + *pp_alias_rids = TALLOC_ARRAY(mem_ctx, uint32, num_alias_sids); if (*pp_alias_rids == NULL) return NT_STATUS_NO_MEMORY; - *p_num_alias_rids = 0; - for (i=0; i<num_alias_sids; i++) { if (!sid_peek_check_rid(domain_sid, &alias_sids[i], &(*pp_alias_rids)[*p_num_alias_rids])) diff --git a/source/include/smb_macros.h b/source/include/smb_macros.h index c433ac2dc43..7c715884b01 100644 --- a/source/include/smb_macros.h +++ b/source/include/smb_macros.h @@ -271,17 +271,19 @@ copy an IP address from one buffer to another /* The new talloc is paranoid malloc checker safe. */ -#define TALLOC(ctx, size) talloc_named_const(ctx, size, __location__) -#define TALLOC_P(ctx, type) (type *)talloc_named_const(ctx, sizeof(type), #type) -#define TALLOC_ARRAY(ctx, type, count) (type *)_talloc_array(ctx, sizeof(type), count, #type) -#define TALLOC_MEMDUP(ctx, ptr, size) _talloc_memdup(ctx, ptr, size, __location__) -#define TALLOC_ZERO(ctx, size) _talloc_zero(ctx, size, __location__) -#define TALLOC_ZERO_P(ctx, type) (type *)_talloc_zero(ctx, sizeof(type), #type) -#define TALLOC_ZERO_ARRAY(ctx, type, count) (type *)_talloc_zero_array(ctx, sizeof(type), count, #type) +#define TALLOC(ctx, size) talloc_zeronull(ctx, size, __location__) +#define TALLOC_P(ctx, type) (type *)talloc_zeronull(ctx, sizeof(type), #type) +#define TALLOC_ARRAY(ctx, type, count) (type *)_talloc_array_zeronull(ctx, sizeof(type), count, #type) +#define TALLOC_MEMDUP(ctx, ptr, size) _talloc_memdup_zeronull(ctx, ptr, size, __location__) +#define TALLOC_ZERO(ctx, size) _talloc_zero_zeronull(ctx, size, __location__) +#define TALLOC_ZERO_P(ctx, type) (type *)_talloc_zero_zeronull(ctx, sizeof(type), #type) +#define TALLOC_ZERO_ARRAY(ctx, type, count) (type *)_talloc_zero_array_zeronull(ctx, sizeof(type), count, #type) #define TALLOC_REALLOC(ctx, ptr, count) _talloc_realloc(ctx, ptr, count, __location__) #define TALLOC_REALLOC_ARRAY(ctx, ptr, type, count) (type *)_talloc_realloc_array(ctx, ptr, sizeof(type), count, #type) #define talloc_destroy(ctx) talloc_free(ctx) #define TALLOC_FREE(ctx) do { if ((ctx) != NULL) {talloc_free(ctx); ctx=NULL;} } while(0) +#define TALLOC_SIZE(ctx, size) talloc_zeronull(ctx, size, __location__) +#define TALLOC_ZERO_SIZE(ctx, size) _talloc_zero_zeronull(ctx, size, __location__) /* only define PARANOID_MALLOC_CHECKER with --enable-developer and not compiling the smbmount utils */ diff --git a/source/lib/data_blob.c b/source/lib/data_blob.c index c7eadc1acfb..e07247bc49e 100644 --- a/source/lib/data_blob.c +++ b/source/lib/data_blob.c @@ -72,7 +72,7 @@ DATA_BLOB data_blob_talloc(TALLOC_CTX *mem_ctx, const void *p, size_t length) if (p) { ret.data = (uint8 *)TALLOC_MEMDUP(mem_ctx, p, length); if (ret.data == NULL) - smb_panic("data_blob_talloc: talloc_memdup failed.\n"); + smb_panic("data_blob_talloc: TALLOC_MEMDUP failed.\n"); } else { ret.data = (uint8 *)TALLOC(mem_ctx, length); if (ret.data == NULL) diff --git a/source/lib/privileges.c b/source/lib/privileges.c index c0f7857c95b..9c60b80e451 100644 --- a/source/lib/privileges.c +++ b/source/lib/privileges.c @@ -723,10 +723,14 @@ NTSTATUS dup_luid_attr(TALLOC_CTX *mem_ctx, LUID_ATTR **new_la, LUID_ATTR *old_l if ( !old_la ) return NT_STATUS_OK; - *new_la = TALLOC_ARRAY(mem_ctx, LUID_ATTR, count); - if ( !*new_la ) { - DEBUG(0,("dup_luid_attr: failed to alloc new LUID_ATTR array [%d]\n", count)); - return NT_STATUS_NO_MEMORY; + if (count) { + *new_la = TALLOC_ARRAY(mem_ctx, LUID_ATTR, count); + if ( !*new_la ) { + DEBUG(0,("dup_luid_attr: failed to alloc new LUID_ATTR array [%d]\n", count)); + return NT_STATUS_NO_MEMORY; + } + } else { + *new_la = NULL; } for (i=0; i<count; i++) { diff --git a/source/lib/secace.c b/source/lib/secace.c index ab7ad811a0a..c9b4f839503 100644 --- a/source/lib/secace.c +++ b/source/lib/secace.c @@ -124,8 +124,12 @@ NTSTATUS sec_ace_del_sid(TALLOC_CTX *ctx, SEC_ACE **pp_new, SEC_ACE *old, uint32 if (!ctx || !pp_new || !old || !sid || !num) return NT_STATUS_INVALID_PARAMETER; - if((pp_new[0] = TALLOC_ZERO_ARRAY(ctx, SEC_ACE, *num )) == 0) - return NT_STATUS_NO_MEMORY; + if (*num) { + if((pp_new[0] = TALLOC_ZERO_ARRAY(ctx, SEC_ACE, *num )) == 0) + return NT_STATUS_NO_MEMORY; + } else { + pp_new[0] = NULL; + } for (i = 0; i < *num; i ++) { if (sid_compare(&old[i].trustee, sid) != 0) diff --git a/source/lib/secdesc.c b/source/lib/secdesc.c index 16dde0da111..160fdb949d2 100644 --- a/source/lib/secdesc.c +++ b/source/lib/secdesc.c @@ -430,8 +430,12 @@ SEC_DESC_BUF *se_create_child_secdesc(TALLOC_CTX *ctx, SEC_DESC *parent_ctr, the_acl = parent_ctr->dacl; - if (!(new_ace_list = TALLOC_ARRAY(ctx, SEC_ACE, the_acl->num_aces))) - return NULL; + if (the_acl->num_aces) { + if (!(new_ace_list = TALLOC_ARRAY(ctx, SEC_ACE, the_acl->num_aces))) + return NULL; + } else { + new_ace_list = NULL; + } for (i = 0; i < the_acl->num_aces; i++) { SEC_ACE *ace = &the_acl->aces[i]; diff --git a/source/lib/talloc/talloc.c b/source/lib/talloc/talloc.c index 028b44a8c72..b2b00d8c65a 100644 --- a/source/lib/talloc/talloc.c +++ b/source/lib/talloc/talloc.c @@ -1086,7 +1086,6 @@ void *_talloc_zero(const void *ctx, size_t size, const char *name) return p; } - /* memdup with a talloc. */ @@ -1292,7 +1291,6 @@ void *_talloc_zero_array(const void *ctx, size_t el_size, unsigned count, const return _talloc_zero(ctx, el_size * count, name); } - /* realloc an array, checking for integer overflow in the array size */ diff --git a/source/lib/talloc/talloc.h b/source/lib/talloc/talloc.h index 51640bb28d5..9ef8724dc32 100644 --- a/source/lib/talloc/talloc.h +++ b/source/lib/talloc/talloc.h @@ -167,4 +167,3 @@ void talloc_show_parents(const void *context, FILE *file); int talloc_is_parent(const void *context, const void *ptr); #endif - diff --git a/source/lib/util.c b/source/lib/util.c index f49af133adb..90100d83374 100644 --- a/source/lib/util.c +++ b/source/lib/util.c @@ -921,6 +921,9 @@ BOOL yesno(char *p) void *malloc_(size_t size) { + if (size == 0) { + return NULL; + } #undef malloc return malloc(size); #define malloc(s) __ERROR_DONT_USE_MALLOC_DIRECTLY @@ -932,6 +935,9 @@ void *malloc_(size_t size) static void *calloc_(size_t count, size_t size) { + if (size == 0 || count == 0) { + return NULL; + } #undef calloc return calloc(count, size); #define calloc(n,s) __ERROR_DONT_USE_CALLOC_DIRECTLY @@ -960,6 +966,9 @@ void *malloc_array(size_t el_size, unsigned int count) return NULL; } + if (el_size == 0 || count == 0) { + return NULL; + } #if defined(PARANOID_MALLOC_CHECKER) return malloc_(el_size*count); #else @@ -989,6 +998,9 @@ void *calloc_array(size_t size, size_t nmemb) if (nmemb >= MAX_ALLOC_SIZE/size) { return NULL; } + if (size == 0 || nmemb == 0) { + return NULL; + } #if defined(PARANOID_MALLOC_CHECKER) return calloc_(nmemb, size); #else @@ -3195,3 +3207,102 @@ int get_safe_IVAL(const char *buf_base, size_t buf_len, char *ptr, size_t off, i } return IVAL(ptr,off); } + +/**************************************************************** + talloc wrapper functions that guarentee a null pointer return + if size == 0. +****************************************************************/ + +#ifndef MAX_TALLOC_SIZE +#define MAX_TALLOC_SIZE 0x10000000 +#endif + +/* + * talloc and zero memory. + * - returns NULL if size is zero. + */ + +void *_talloc_zero_zeronull(const void *ctx, size_t size, const char *name) +{ + void *p; + + if (size == 0) { + return NULL; + } + + p = talloc_named_const(ctx, size, name); + + if (p) { + memset(p, '\0', size); + } + + return p; +} + +/* + * memdup with a talloc. + * - returns NULL if size is zero. + */ + +void *_talloc_memdup_zeronull(const void *t, const void *p, size_t size, const char *name) +{ + void *newp; + + if (size == 0) { + return NULL; + } + + newp = talloc_named_const(t, size, name); + if (newp) { + memcpy(newp, p, size); + } + + return newp; +} + +/* + * alloc an array, checking for integer overflow in the array size. + * - returns NULL if count or el_size are zero. + */ + +void *_talloc_array_zeronull(const void *ctx, size_t el_size, unsigned count, const char *name) +{ + if (count >= MAX_TALLOC_SIZE/el_size) { + return NULL; + } + + if (el_size == 0 || count == 0) { + return NULL; + } + + return talloc_named_const(ctx, el_size * count, name); +} + +/* + * alloc an zero array, checking for integer overflow in the array size + * - returns NULL if count or el_size are zero. + */ + +void *_talloc_zero_array_zeronull(const void *ctx, size_t el_size, unsigned count, const char *name) +{ + if (count >= MAX_TALLOC_SIZE/el_size) { + return NULL; + } + + if (el_size == 0 || count == 0) { + return NULL; + } + + return _talloc_zero(ctx, el_size * count, name); +} + +/* + * Talloc wrapper that returns NULL if size == 0. + */ +void *talloc_zeronull(const void *context, size_t size, const char *name) +{ + if (size == 0) { + return NULL; + } + return talloc_named_const(context, size, name); +} diff --git a/source/lib/util_sid.c b/source/lib/util_sid.c index c89abc916f2..032be9aa93b 100644 --- a/source/lib/util_sid.c +++ b/source/lib/util_sid.c @@ -510,9 +510,6 @@ BOOL non_mappable_sid(DOM_SID *sid) DOM_SID dom; uint32 rid; - if (sid_equal(sid, &global_sid_System)) - return True; - sid_copy(&dom, sid); sid_split_rid(&dom, &rid); diff --git a/source/libaddns/dns.h b/source/libaddns/dns.h index 6f480a54695..4862a23b3d4 100644 --- a/source/libaddns/dns.h +++ b/source/libaddns/dns.h @@ -88,16 +88,25 @@ #include <talloc.h> -#define TALLOC(ctx, size) talloc_named_const(ctx, size, __location__) -#define TALLOC_P(ctx, type) (type *)talloc_named_const(ctx, sizeof(type), #type) -#define TALLOC_ARRAY(ctx, type, count) (type *)_talloc_array(ctx, sizeof(type), count, #type) -#define TALLOC_MEMDUP(ctx, ptr, size) _talloc_memdup(ctx, ptr, size, __location__) -#define TALLOC_ZERO(ctx, size) _talloc_zero(ctx, size, __location__) -#define TALLOC_ZERO_P(ctx, type) (type *)_talloc_zero(ctx, sizeof(type), #type) -#define TALLOC_ZERO_ARRAY(ctx, type, count) (type *)_talloc_zero_array(ctx, sizeof(type), count, #type) +void *_talloc_zero_zeronull(const void *ctx, size_t size, const char *name); +void *_talloc_memdup_zeronull(const void *t, const void *p, size_t size, const char *name); +void *_talloc_array_zeronull(const void *ctx, size_t el_size, unsigned count, const char *name); +void *_talloc_zero_array_zeronull(const void *ctx, size_t el_size, unsigned count, const char *name); +void *talloc_zeronull(const void *context, size_t size, const char *name); + +#define TALLOC(ctx, size) talloc_zeronull(ctx, size, __location__) +#define TALLOC_P(ctx, type) (type *)talloc_zeronull(ctx, sizeof(type), #type) +#define TALLOC_ARRAY(ctx, type, count) (type *)_talloc_array_zeronull(ctx, sizeof(type), count, #type) +#define TALLOC_MEMDUP(ctx, ptr, size) _talloc_memdup_zeronull(ctx, ptr, size, __location__) +#define TALLOC_ZERO(ctx, size) _talloc_zero_zeronull(ctx, size, __location__) +#define TALLOC_ZERO_P(ctx, type) (type *)_talloc_zero_zeronull(ctx, sizeof(type), #type) +#define TALLOC_ZERO_ARRAY(ctx, type, count) (type *)_talloc_zero_array_zeronull(ctx, sizeof(type), count, #type) #define TALLOC_REALLOC(ctx, ptr, count) _talloc_realloc(ctx, ptr, count, __location__) #define TALLOC_REALLOC_ARRAY(ctx, ptr, type, count) (type *)_talloc_realloc_array(ctx, ptr, sizeof(type), count, #type) +#define talloc_destroy(ctx) talloc_free(ctx) #define TALLOC_FREE(ctx) do { if ((ctx) != NULL) {talloc_free(ctx); ctx=NULL;} } while(0) +#define TALLOC_SIZE(ctx, size) talloc_zeronull(ctx, size, __location__) +#define TALLOC_ZERO_SIZE(ctx, size) _talloc_zero_zeronull(ctx, size, __location__) /******************************************************************* Type definitions for int16, int32, uint16 and uint32. Needed diff --git a/source/libaddns/dnsrecord.c b/source/libaddns/dnsrecord.c index 37a5886af70..c649dbd7de4 100644 --- a/source/libaddns/dnsrecord.c +++ b/source/libaddns/dnsrecord.c @@ -234,9 +234,13 @@ DNS_ERROR dns_unmarshall_tkey_record(TALLOC_CTX *mem_ctx, struct dns_rrec *rec, if (!ERR_DNS_IS_OK(buf.error)) goto error; - if (!(tkey->key = TALLOC_ARRAY(tkey, uint8, tkey->key_length))) { - buf.error = ERROR_DNS_NO_MEMORY; - goto error; + if (tkey->key_length) { + if (!(tkey->key = TALLOC_ARRAY(tkey, uint8, tkey->key_length))) { + buf.error = ERROR_DNS_NO_MEMORY; + goto error; + } + } else { + tkey->key = NULL; } dns_unmarshall_buffer(&buf, tkey->key, tkey->key_length); diff --git a/source/libaddns/dnssock.c b/source/libaddns/dnssock.c index 5dbedc4fd51..6ceefb4e32d 100644 --- a/source/libaddns/dnssock.c +++ b/source/libaddns/dnssock.c @@ -264,9 +264,13 @@ static DNS_ERROR dns_receive_tcp(TALLOC_CTX *mem_ctx, buf->size = ntohs(len); - if (!(buf->data = TALLOC_ARRAY(buf, uint8, buf->size))) { - TALLOC_FREE(buf); - return ERROR_DNS_NO_MEMORY; + if (buf->size) { + if (!(buf->data = TALLOC_ARRAY(buf, uint8, buf->size))) { + TALLOC_FREE(buf); + return ERROR_DNS_NO_MEMORY; + } + } else { + buf->data = NULL; } err = read_all(conn->s, buf->data, buf->size); diff --git a/source/libads/dns.c b/source/libads/dns.c index 008266ea0b0..f16cea25554 100644 --- a/source/libads/dns.c +++ b/source/libads/dns.c @@ -283,9 +283,13 @@ static NTSTATUS dns_send_req( TALLOC_CTX *ctx, const char *name, int q_type, buf_len = resp_len * sizeof(uint8); - if ( (buffer = TALLOC_ARRAY(ctx, uint8, buf_len)) == NULL ) { - DEBUG(0,("ads_dns_lookup_srv: talloc() failed!\n")); - return NT_STATUS_NO_MEMORY; + if (buf_len) { + if ( (buffer = TALLOC_ARRAY(ctx, uint8, buf_len)) == NULL ) { + DEBUG(0,("ads_dns_lookup_srv: talloc() failed!\n")); + return NT_STATUS_NO_MEMORY; + } + } else { + buffer = NULL; } if ( (resp_len = res_query(name, C_IN, q_type, buffer, buf_len)) < 0 ) { @@ -351,10 +355,14 @@ static NTSTATUS ads_dns_lookup_srv( TALLOC_CTX *ctx, const char *name, struct dn DEBUG(4,("ads_dns_lookup_srv: %d records returned in the answer section.\n", answer_count)); - if ( (dcs = TALLOC_ZERO_ARRAY(ctx, struct dns_rr_srv, answer_count)) == NULL ) { - DEBUG(0,("ads_dns_lookup_srv: talloc() failure for %d char*'s\n", - answer_count)); - return NT_STATUS_NO_MEMORY; + if (answer_count) { + if ( (dcs = TALLOC_ZERO_ARRAY(ctx, struct dns_rr_srv, answer_count)) == NULL ) { + DEBUG(0,("ads_dns_lookup_srv: talloc() failure for %d char*'s\n", + answer_count)); + return NT_STATUS_NO_MEMORY; + } + } else { + dcs = NULL; } /* now skip the header */ @@ -499,10 +507,14 @@ NTSTATUS ads_dns_lookup_ns( TALLOC_CTX *ctx, const char *dnsdomain, struct dns_r DEBUG(4,("ads_dns_lookup_ns: %d records returned in the answer section.\n", answer_count)); - if ( (nsarray = TALLOC_ARRAY(ctx, struct dns_rr_ns, answer_count)) == NULL ) { - DEBUG(0,("ads_dns_lookup_ns: talloc() failure for %d char*'s\n", - answer_count)); - return NT_STATUS_NO_MEMORY; + if (answer_count) { + if ( (nsarray = TALLOC_ARRAY(ctx, struct dns_rr_ns, answer_count)) == NULL ) { + DEBUG(0,("ads_dns_lookup_ns: talloc() failure for %d char*'s\n", + answer_count)); + return NT_STATUS_NO_MEMORY; + } + } else { + nsarray = NULL; } /* now skip the header */ diff --git a/source/libads/ldap.c b/source/libads/ldap.c index b2ca68f67fe..452a2285313 100644 --- a/source/libads/ldap.c +++ b/source/libads/ldap.c @@ -2225,10 +2225,14 @@ int ads_count_replies(ADS_STRUCT *ads, void *res) for (i=0; values[i]; i++) /* nop */ ; - (*sids) = TALLOC_ARRAY(mem_ctx, DOM_SID, i); - if (!(*sids)) { - ldap_value_free_len(values); - return 0; + if (i) { + (*sids) = TALLOC_ARRAY(mem_ctx, DOM_SID, i); + if (!(*sids)) { + ldap_value_free_len(values); + return 0; + } + } else { + (*sids) = NULL; } count = 0; diff --git a/source/libgpo/gpo_ldap.c b/source/libgpo/gpo_ldap.c index 13ec80f2ad2..6c1079832d0 100644 --- a/source/libgpo/gpo_ldap.c +++ b/source/libgpo/gpo_ldap.c @@ -47,12 +47,17 @@ ADS_STATUS ads_parse_gp_ext(TALLOC_CTX *mem_ctx, gp_ext->num_exts = i; - gp_ext->extensions = TALLOC_ZERO_ARRAY(mem_ctx, char *, gp_ext->num_exts); - gp_ext->extensions_guid = TALLOC_ZERO_ARRAY(mem_ctx, char *, gp_ext->num_exts); - gp_ext->snapins = TALLOC_ZERO_ARRAY(mem_ctx, char *, gp_ext->num_exts); - gp_ext->snapins_guid = TALLOC_ZERO_ARRAY(mem_ctx, char *, gp_ext->num_exts); - - gp_ext->gp_extension = talloc_strdup(mem_ctx, extension_raw); + if (gp_ext->num_exts) { + gp_ext->extensions = TALLOC_ZERO_ARRAY(mem_ctx, char *, gp_ext->num_exts); + gp_ext->extensions_guid = TALLOC_ZERO_ARRAY(mem_ctx, char *, gp_ext->num_exts); + gp_ext->snapins = TALLOC_ZERO_ARRAY(mem_ctx, char *, gp_ext->num_exts); + gp_ext->snapins_guid = TALLOC_ZERO_ARRAY(mem_ctx, char *, gp_ext->num_exts); + } else { + gp_ext->extensions = NULL; + gp_ext->extensions_guid = NULL; + gp_ext->snapins = NULL; + gp_ext->snapins_guid = NULL; + } if (gp_ext->extensions == NULL || gp_ext->extensions_guid == NULL || gp_ext->snapins == NULL || gp_ext->snapins_guid == NULL || @@ -60,6 +65,8 @@ ADS_STATUS ads_parse_gp_ext(TALLOC_CTX *mem_ctx, goto parse_error; } + gp_ext->gp_extension = talloc_strdup(mem_ctx, extension_raw); + for (i = 0; ext_list[i] != NULL; i++) { int k; @@ -161,8 +168,13 @@ ADS_STATUS ads_parse_gplink(TALLOC_CTX *mem_ctx, gp_link->gp_opts = options; gp_link->num_links = i; - gp_link->link_names = TALLOC_ZERO_ARRAY(mem_ctx, char *, gp_link->num_links); - gp_link->link_opts = TALLOC_ZERO_ARRAY(mem_ctx, uint32, gp_link->num_links); + if (gp_link->num_links) { + gp_link->link_names = TALLOC_ZERO_ARRAY(mem_ctx, char *, gp_link->num_links); + gp_link->link_opts = TALLOC_ZERO_ARRAY(mem_ctx, uint32, gp_link->num_links); + } else { + gp_link->link_names = NULL; + gp_link->link_opts = NULL; + } gp_link->gp_link = talloc_strdup(mem_ctx, gp_link_raw); diff --git a/source/libmsrpc/cac_lsarpc.c b/source/libmsrpc/cac_lsarpc.c index 6b8987d71d8..23b6b519ba3 100644 --- a/source/libmsrpc/cac_lsarpc.c +++ b/source/libmsrpc/cac_lsarpc.c @@ -203,11 +203,15 @@ int cac_LsaGetNamesFromSids( CacServerHandle * hnd, TALLOC_CTX * mem_ctx, if ( NT_STATUS_IS_OK( hnd->status ) ) { /*this is the easy part, just make the out.sids array */ - sids_out = TALLOC_ARRAY( mem_ctx, CacSidInfo, num_sids ); - if ( !sids_out ) { - errno = ENOMEM; - hnd->status = NT_STATUS_NO_MEMORY; - return CAC_FAILURE; + if (num_sids) { + sids_out = TALLOC_ARRAY( mem_ctx, CacSidInfo, num_sids ); + if ( !sids_out ) { + errno = ENOMEM; + hnd->status = NT_STATUS_NO_MEMORY; + return CAC_FAILURE; + } + } else { + sids_out = NULL; } for ( i = 0; i < num_sids; i++ ) { @@ -232,22 +236,29 @@ int cac_LsaGetNamesFromSids( CacServerHandle * hnd, TALLOC_CTX * mem_ctx, return CAC_FAILURE; } - sids_out = - TALLOC_ARRAY( mem_ctx, CacSidInfo, + if ( num_sids - num_unknown) { + sids_out = + TALLOC_ARRAY( mem_ctx, CacSidInfo, ( num_sids - num_unknown ) ); - if ( !sids_out ) { - errno = ENOMEM; - hnd->status = NT_STATUS_NO_MEMORY; - return CAC_FAILURE; + if ( !sids_out ) { + errno = ENOMEM; + hnd->status = NT_STATUS_NO_MEMORY; + return CAC_FAILURE; + } + } else { + sids_out = NULL; } - unknown_out = TALLOC_ARRAY( mem_ctx, DOM_SID, num_unknown ); - if ( !unknown_out ) { - errno = ENOMEM; - hnd->status = NT_STATUS_NO_MEMORY; - return CAC_FAILURE; + if (num_unknown) { + unknown_out = TALLOC_ARRAY( mem_ctx, DOM_SID, num_unknown ); + if ( !unknown_out ) { + errno = ENOMEM; + hnd->status = NT_STATUS_NO_MEMORY; + return CAC_FAILURE; + } + } else { + unknown_out = NULL; } - found_idx = unknown_idx = 0; /*now we can actually do the real work */ @@ -330,11 +341,15 @@ int cac_LsaGetSidsFromNames( CacServerHandle * hnd, TALLOC_CTX * mem_ctx, if ( NT_STATUS_IS_OK( hnd->status ) ) { /*this is the easy part, just make the out.sids array */ - sids_out = TALLOC_ARRAY( mem_ctx, CacSidInfo, num_names ); - if ( !sids_out ) { - errno = ENOMEM; - hnd->status = NT_STATUS_NO_MEMORY; - return CAC_FAILURE; + if (num_names) { + sids_out = TALLOC_ARRAY( mem_ctx, CacSidInfo, num_names ); + if ( !sids_out ) { + errno = ENOMEM; + hnd->status = NT_STATUS_NO_MEMORY; + return CAC_FAILURE; + } + } else { + sids_out = NULL; } for ( i = 0; i < num_names; i++ ) { @@ -360,20 +375,28 @@ int cac_LsaGetSidsFromNames( CacServerHandle * hnd, TALLOC_CTX * mem_ctx, return CAC_FAILURE; } - sids_out = - TALLOC_ARRAY( mem_ctx, CacSidInfo, + if (num_names - num_unknown) { + sids_out = + TALLOC_ARRAY( mem_ctx, CacSidInfo, ( num_names - num_unknown ) ); - if ( !sids_out ) { - errno = ENOMEM; - hnd->status = NT_STATUS_NO_MEMORY; - return CAC_FAILURE; + if ( !sids_out ) { + errno = ENOMEM; + hnd->status = NT_STATUS_NO_MEMORY; + return CAC_FAILURE; + } + } else { + sids_out = NULL; } - unknown_out = TALLOC_ARRAY( mem_ctx, char *, num_unknown ); - if ( !unknown_out ) { - errno = ENOMEM; - hnd->status = NT_STATUS_NO_MEMORY; - return CAC_FAILURE; + if (num_unknown) { + unknown_out = TALLOC_ARRAY( mem_ctx, char *, num_unknown ); + if ( !unknown_out ) { + errno = ENOMEM; + hnd->status = NT_STATUS_NO_MEMORY; + return CAC_FAILURE; + } + } else { + unknown_out = NULL; } unknown_idx = found_idx = 0; diff --git a/source/libmsrpc/cac_samr.c b/source/libmsrpc/cac_samr.c index e85142af906..4d3acc85e3a 100644 --- a/source/libmsrpc/cac_samr.c +++ b/source/libmsrpc/cac_samr.c @@ -176,7 +176,7 @@ DOM_SID *cac_get_domain_sid( CacServerHandle * hnd, TALLOC_CTX * mem_ctx, if ( !fs.out.domain_sid ) return NULL; - sid = ( DOM_SID * ) talloc_memdup( mem_ctx, + sid = ( DOM_SID * ) TALLOC_MEMDUP( mem_ctx, &( fs.out.domain_sid->sid ), sizeof( DOM_SID ) ); @@ -557,10 +557,14 @@ int cac_SamGetNamesFromRids( CacServerHandle * hnd, TALLOC_CTX * mem_ctx, && !NT_STATUS_EQUAL( hnd->status, STATUS_SOME_UNMAPPED ) ) return CAC_FAILURE; - map_out = TALLOC_ARRAY( mem_ctx, CacLookupRidsRecord, num_names_out ); - if ( !map_out ) { - hnd->status = NT_STATUS_NO_MEMORY; - return CAC_FAILURE; + if (num_names_out) { + map_out = TALLOC_ARRAY( mem_ctx, CacLookupRidsRecord, num_names_out ); + if ( !map_out ) { + hnd->status = NT_STATUS_NO_MEMORY; + return CAC_FAILURE; + } + } else { + map_out = NULL; } for ( i = 0; i < num_names_out; i++ ) { @@ -643,10 +647,14 @@ int cac_SamGetRidsFromNames( CacServerHandle * hnd, TALLOC_CTX * mem_ctx, && !NT_STATUS_EQUAL( hnd->status, STATUS_SOME_UNMAPPED ) ) return CAC_FAILURE; - map_out = TALLOC_ARRAY( mem_ctx, CacLookupRidsRecord, num_rids_out ); - if ( !map_out ) { - hnd->status = NT_STATUS_NO_MEMORY; - return CAC_FAILURE; + if (num_rids_out) { + map_out = TALLOC_ARRAY( mem_ctx, CacLookupRidsRecord, num_rids_out ); + if ( !map_out ) { + hnd->status = NT_STATUS_NO_MEMORY; + return CAC_FAILURE; + } + } else { + map_out = NULL; } for ( i = 0; i < num_rids_out; i++ ) { @@ -718,16 +726,20 @@ int cac_SamGetGroupsForUser( CacServerHandle * hnd, TALLOC_CTX * mem_ctx, return CAC_FAILURE; - rids_out = talloc_array( mem_ctx, uint32, num_groups_out ); - if ( !rids_out ) { - hnd->status = NT_STATUS_NO_MEMORY; - return CAC_FAILURE; - } - - attr_out = talloc_array( mem_ctx, uint32, num_groups_out ); - if ( !attr_out ) { - hnd->status = NT_STATUS_NO_MEMORY; - return CAC_FAILURE; + if (num_groups_out) { + rids_out = TALLOC_ARRAY( mem_ctx, uint32, num_groups_out ); + if ( !rids_out ) { + hnd->status = NT_STATUS_NO_MEMORY; + return CAC_FAILURE; + } + attr_out = TALLOC_ARRAY( mem_ctx, uint32, num_groups_out ); + if ( !attr_out ) { + hnd->status = NT_STATUS_NO_MEMORY; + return CAC_FAILURE; + } + } else { + rids_out = NULL; + attr_out = NULL; } for ( i = 0; i < num_groups_out; i++ ) { @@ -1153,28 +1165,34 @@ int cac_SamEnumGroups( CacServerHandle * hnd, TALLOC_CTX * mem_ctx, return CAC_FAILURE; } - names_out = talloc_array( mem_ctx, char *, num_groups_out ); - if ( !names_out ) { - hnd->status = NT_STATUS_NO_MEMORY; - TALLOC_FREE( acct_buf ); - return CAC_FAILURE; - } + if (num_groups_out) { + names_out = TALLOC_ARRAY( mem_ctx, char *, num_groups_out ); + if ( !names_out ) { + hnd->status = NT_STATUS_NO_MEMORY; + TALLOC_FREE( acct_buf ); + return CAC_FAILURE; + } - desc_out = talloc_array( mem_ctx, char *, num_groups_out ); - if ( !desc_out ) { - hnd->status = NT_STATUS_NO_MEMORY; - TALLOC_FREE( acct_buf ); - TALLOC_FREE( names_out ); - return CAC_FAILURE; - } + desc_out = TALLOC_ARRAY( mem_ctx, char *, num_groups_out ); + if ( !desc_out ) { + hnd->status = NT_STATUS_NO_MEMORY; + TALLOC_FREE( acct_buf ); + TALLOC_FREE( names_out ); + return CAC_FAILURE; + } - rids_out = talloc_array( mem_ctx, uint32, num_groups_out ); - if ( !rids_out ) { - hnd->status = NT_STATUS_NO_MEMORY; - TALLOC_FREE( acct_buf ); - TALLOC_FREE( names_out ); - TALLOC_FREE( desc_out ); - return CAC_FAILURE; + rids_out = TALLOC_ARRAY( mem_ctx, uint32, num_groups_out ); + if ( !rids_out ) { + hnd->status = NT_STATUS_NO_MEMORY; + TALLOC_FREE( acct_buf ); + TALLOC_FREE( names_out ); + TALLOC_FREE( desc_out ); + return CAC_FAILURE; + } + } else { + names_out = NULL; + desc_out = NULL; + rids_out = NULL; } for ( i = 0; i < num_groups_out; i++ ) { @@ -1256,28 +1274,34 @@ int cac_SamEnumAliases( CacServerHandle * hnd, TALLOC_CTX * mem_ctx, NT_STATUS_V( STATUS_MORE_ENTRIES ) ) return CAC_FAILURE; - names_out = talloc_array( mem_ctx, char *, num_als_out ); - if ( !names_out ) { - hnd->status = NT_STATUS_NO_MEMORY; - TALLOC_FREE( acct_buf ); - return CAC_FAILURE; - } + if (num_als_out) { + names_out = TALLOC_ARRAY( mem_ctx, char *, num_als_out ); + if ( !names_out ) { + hnd->status = NT_STATUS_NO_MEMORY; + TALLOC_FREE( acct_buf ); + return CAC_FAILURE; + } - desc_out = talloc_array( mem_ctx, char *, num_als_out ); - if ( !desc_out ) { - hnd->status = NT_STATUS_NO_MEMORY; - TALLOC_FREE( acct_buf ); - TALLOC_FREE( names_out ); - return CAC_FAILURE; - } + desc_out = TALLOC_ARRAY( mem_ctx, char *, num_als_out ); + if ( !desc_out ) { + hnd->status = NT_STATUS_NO_MEMORY; + TALLOC_FREE( acct_buf ); + TALLOC_FREE( names_out ); + return CAC_FAILURE; + } - rids_out = talloc_array( mem_ctx, uint32, num_als_out ); - if ( !rids_out ) { - hnd->status = NT_STATUS_NO_MEMORY; - TALLOC_FREE( acct_buf ); - TALLOC_FREE( names_out ); - TALLOC_FREE( desc_out ); - return CAC_FAILURE; + rids_out = TALLOC_ARRAY( mem_ctx, uint32, num_als_out ); + if ( !rids_out ) { + hnd->status = NT_STATUS_NO_MEMORY; + TALLOC_FREE( acct_buf ); + TALLOC_FREE( names_out ); + TALLOC_FREE( desc_out ); + return CAC_FAILURE; + } + } else { + names_out = NULL; + desc_out = NULL; + rids_out = NULL; } for ( i = 0; i < num_als_out; i++ ) { diff --git a/source/libmsrpc/cac_winreg.c b/source/libmsrpc/cac_winreg.c index 1546cfeda4c..d8d2047be4e 100644 --- a/source/libmsrpc/cac_winreg.c +++ b/source/libmsrpc/cac_winreg.c @@ -258,26 +258,32 @@ int cac_RegEnumKeys( CacServerHandle * hnd, TALLOC_CTX * mem_ctx, } /**the only way to know how many keys to expect is to assume max_keys keys will be found*/ - key_names_out = TALLOC_ARRAY( mem_ctx, char *, op->in.max_keys ); - if ( !key_names_out ) { - hnd->status = NT_STATUS_NO_MEMORY; - return CAC_FAILURE; - } + if (op->in.max_keys) { + key_names_out = TALLOC_ARRAY( mem_ctx, char *, op->in.max_keys ); + if ( !key_names_out ) { + hnd->status = NT_STATUS_NO_MEMORY; + return CAC_FAILURE; + } - class_names_out = TALLOC_ARRAY( mem_ctx, char *, op->in.max_keys ); - if ( !class_names_out ) { - hnd->status = NT_STATUS_NO_MEMORY; - TALLOC_FREE( key_names_out ); - return CAC_FAILURE; - } + class_names_out = TALLOC_ARRAY( mem_ctx, char *, op->in.max_keys ); + if ( !class_names_out ) { + hnd->status = NT_STATUS_NO_MEMORY; + TALLOC_FREE( key_names_out ); + return CAC_FAILURE; + } - mod_times_out = TALLOC_ARRAY( mem_ctx, time_t, op->in.max_keys ); - if ( !mod_times_out ) { - hnd->status = NT_STATUS_NO_MEMORY; - TALLOC_FREE( key_names_out ); - TALLOC_FREE( class_names_out ); + mod_times_out = TALLOC_ARRAY( mem_ctx, time_t, op->in.max_keys ); + if ( !mod_times_out ) { + hnd->status = NT_STATUS_NO_MEMORY; + TALLOC_FREE( key_names_out ); + TALLOC_FREE( class_names_out ); - return CAC_FAILURE; + return CAC_FAILURE; + } + } else { + key_names_out = NULL; + class_names_out = NULL; + mod_times_out = NULL; } resume_idx = op->out.resume_idx; @@ -611,7 +617,7 @@ int cac_RegQueryKeyInfo( CacServerHandle * hnd, TALLOC_CTX * mem_ctx, } else if ( class_len != 0 && class_name_out[class_len - 1] != '\0' ) { /*then we need to add a '\0' */ op->out.class_name = - talloc_size( mem_ctx, + TALLOC_SIZE( mem_ctx, sizeof( char ) * ( class_len + 1 ) ); memcpy( op->out.class_name, class_name_out, class_len ); @@ -734,27 +740,33 @@ int cac_RegEnumValues( CacServerHandle * hnd, TALLOC_CTX * mem_ctx, } /*we need to assume that the max number of values will be enumerated */ - types_out = - ( uint32 * ) talloc_array( mem_ctx, int, op->in.max_values ); - if ( !types_out ) { - hnd->status = NT_STATUS_NO_MEMORY; - return CAC_FAILURE; - } + if (op->in.max_values) { + types_out = + ( uint32 * ) TALLOC_ARRAY( mem_ctx, int, op->in.max_values ); + if ( !types_out ) { + hnd->status = NT_STATUS_NO_MEMORY; + return CAC_FAILURE; + } - values_out = - talloc_array( mem_ctx, REG_VALUE_DATA *, op->in.max_values ); - if ( !values_out ) { - TALLOC_FREE( types_out ); - hnd->status = NT_STATUS_NO_MEMORY; - return CAC_FAILURE; - } + values_out = + TALLOC_ARRAY( mem_ctx, REG_VALUE_DATA *, op->in.max_values ); + if ( !values_out ) { + TALLOC_FREE( types_out ); + hnd->status = NT_STATUS_NO_MEMORY; + return CAC_FAILURE; + } - val_names_out = talloc_array( mem_ctx, char *, op->in.max_values ); - if ( !val_names_out ) { - TALLOC_FREE( types_out ); - TALLOC_FREE( values_out ); - hnd->status = NT_STATUS_NO_MEMORY; - return CAC_FAILURE; + val_names_out = TALLOC_ARRAY( mem_ctx, char *, op->in.max_values ); + if ( !val_names_out ) { + TALLOC_FREE( types_out ); + TALLOC_FREE( values_out ); + hnd->status = NT_STATUS_NO_MEMORY; + return CAC_FAILURE; + } + } else { + types_out = NULL; + values_out = NULL; + val_names_out = NULL; } resume_idx = op->out.resume_idx; diff --git a/source/libmsrpc/libmsrpc_internal.c b/source/libmsrpc/libmsrpc_internal.c index c062b47ede5..1323567aaff 100644 --- a/source/libmsrpc/libmsrpc_internal.c +++ b/source/libmsrpc/libmsrpc_internal.c @@ -200,7 +200,7 @@ char *cac_unistr_to_str( TALLOC_CTX * mem_ctx, uint16 * src, int num_bytes ) /*need room for a '\0' */ str_len++; - buf = talloc_array( mem_ctx, char, str_len ); + buf = TALLOC_ARRAY( mem_ctx, char, str_len ); if ( !buf ) { return NULL; @@ -264,13 +264,16 @@ REG_VALUE_DATA *cac_MakeRegValueData( TALLOC_CTX * mem_ctx, uint32 data_type, data->reg_binary.data_length = size; - data->reg_binary.data = - ( uint8 * ) talloc_memdup( mem_ctx, buf.buffer, - size ); - if ( !data->reg_binary.data ) { - TALLOC_FREE( data ); - errno = ENOMEM; - data = NULL; + if (size) { + data->reg_binary.data = + ( uint8 * ) TALLOC_MEMDUP( mem_ctx, buf.buffer, size ); + if ( !data->reg_binary.data ) { + TALLOC_FREE( data ); + errno = ENOMEM; + data = NULL; + } + } else { + data->reg_binary.data = NULL; } break; @@ -296,12 +299,16 @@ REG_VALUE_DATA *cac_MakeRegValueData( TALLOC_CTX * mem_ctx, uint32 data_type, break; } - strings = talloc_array( mem_ctx, char *, num_strings ); + if (num_strings) { + strings = TALLOC_ARRAY( mem_ctx, char *, num_strings ); - if ( !strings ) { - errno = ENOMEM; - TALLOC_FREE( data ); - break; + if ( !strings ) { + errno = ENOMEM; + TALLOC_FREE( data ); + break; + } + } else { + strings = NULL; } if ( num_strings == 0 ) /*then our work here is done */ @@ -424,7 +431,7 @@ char *talloc_unistr2_to_ascii( TALLOC_CTX * mem_ctx, UNISTR2 str ) if ( !mem_ctx ) return NULL; - buf = talloc_array( mem_ctx, char, ( str.uni_str_len + 1 ) ); + buf = TALLOC_ARRAY( mem_ctx, char, ( str.uni_str_len + 1 ) ); if ( !buf ) return NULL; @@ -514,7 +521,7 @@ CacUserInfo *cac_MakeUserInfo( TALLOC_CTX * mem_ctx, SAM_USERINFO_CTR * ctr ) memcpy( info->lm_password, id21->lm_pwd, 8 ); info->logon_hours = - ( LOGON_HRS * ) talloc_memdup( mem_ctx, &( id21->logon_hrs ), + ( LOGON_HRS * ) TALLOC_MEMDUP( mem_ctx, &( id21->logon_hrs ), sizeof( LOGON_HRS ) ); if ( !info->logon_hours ) return NULL; @@ -706,9 +713,13 @@ CacService *cac_MakeServiceArray( TALLOC_CTX * mem_ctx, if ( !mem_ctx || !svc ) return NULL; - services = TALLOC_ZERO_ARRAY( mem_ctx, CacService, num_services ); - if ( !services ) - return NULL; + if (num_services) { + services = TALLOC_ZERO_ARRAY( mem_ctx, CacService, num_services ); + if ( !services ) + return NULL; + } else { + services = NULL; + } for ( i = 0; i < num_services; i++ ) { services[i].service_name = diff --git a/source/libsmb/cliconnect.c b/source/libsmb/cliconnect.c index 183cbe3bfc0..dd84db319eb 100644 --- a/source/libsmb/cliconnect.c +++ b/source/libsmb/cliconnect.c @@ -536,6 +536,7 @@ static BOOL cli_session_setup_blob(struct cli_state *cli, DATA_BLOB blob, DATA_B int32 cur = 0; DATA_BLOB send_blob = data_blob(NULL, 0); int32 max_blob_size = 0; + DATA_BLOB receive_blob = data_blob(NULL, 0); if (cli->max_xmit < BASE_SESSSETUP_BLOB_PACKET_SIZE + 1) { DEBUG(0,("cli_session_setup_blob: cli->max_xmit too small " @@ -575,7 +576,8 @@ static BOOL cli_session_setup_blob(struct cli_state *cli, DATA_BLOB blob, DATA_B return False; } - cli_session_setup_blob_receive(cli); + receive_blob = cli_session_setup_blob_receive(cli); + data_blob_free(&receive_blob); if (cli_is_error(cli) && !NT_STATUS_EQUAL( cli_get_nt_error(cli), diff --git a/source/libsmb/clifile.c b/source/libsmb/clifile.c index ce2081a81e1..4f4f4745454 100644 --- a/source/libsmb/clifile.c +++ b/source/libsmb/clifile.c @@ -1692,9 +1692,13 @@ static BOOL cli_get_ea_list(struct cli_state *cli, goto out; } - ea_list = TALLOC_ARRAY(ctx, struct ea_struct, num_eas); - if (!ea_list) { - goto out; + if (num_eas) { + ea_list = TALLOC_ARRAY(ctx, struct ea_struct, num_eas); + if (!ea_list) { + goto out; + } + } else { + ea_list = NULL; } ea_size = (size_t)IVAL(rdata,0); diff --git a/source/libsmb/cliquota.c b/source/libsmb/cliquota.c index 5627d28bb5d..2a47ae24632 100644 --- a/source/libsmb/cliquota.c +++ b/source/libsmb/cliquota.c @@ -322,13 +322,13 @@ BOOL cli_list_user_quota(struct cli_state *cli, int quota_fnum, SMB_NTQUOTA_LIST } if ((tmp_list_ent=TALLOC_ZERO_P(mem_ctx,SMB_NTQUOTA_LIST))==NULL) { - DEBUG(0,("talloc_zero() failed\n")); + DEBUG(0,("TALLOC_ZERO() failed\n")); talloc_destroy(mem_ctx); return (-1); } if ((tmp_list_ent->quotas=TALLOC_ZERO_P(mem_ctx,SMB_NTQUOTA_STRUCT))==NULL) { - DEBUG(0,("talloc_zero() failed\n")); + DEBUG(0,("TALLOC_ZERO() failed\n")); talloc_destroy(mem_ctx); return (-1); } @@ -382,13 +382,13 @@ BOOL cli_list_user_quota(struct cli_state *cli, int quota_fnum, SMB_NTQUOTA_LIST } if ((tmp_list_ent=TALLOC_ZERO_P(mem_ctx,SMB_NTQUOTA_LIST))==NULL) { - DEBUG(0,("talloc_zero() failed\n")); + DEBUG(0,("TALLOC_ZERO() failed\n")); talloc_destroy(mem_ctx); goto cleanup; } if ((tmp_list_ent->quotas=TALLOC_ZERO_P(mem_ctx,SMB_NTQUOTA_STRUCT))==NULL) { - DEBUG(0,("talloc_zero() failed\n")); + DEBUG(0,("TALLOC_ZERO() failed\n")); talloc_destroy(mem_ctx); goto cleanup; } diff --git a/source/libsmb/samlogon_cache.c b/source/libsmb/samlogon_cache.c index c48c75f3efa..0258f177382 100644 --- a/source/libsmb/samlogon_cache.c +++ b/source/libsmb/samlogon_cache.c @@ -194,10 +194,13 @@ NET_USER_INFO_3* netsamlogon_cache_get( TALLOC_CTX *mem_ctx, const DOM_SID *user data = tdb_fetch( netsamlogon_tdb, key ); if ( data.dptr ) { - - if ( (user = SMB_MALLOC_P(NET_USER_INFO_3)) == NULL ) + + + user = TALLOC_ZERO_P(mem_ctx, NET_USER_INFO_3); + if (user == NULL) { return NULL; - + } + prs_init( &ps, 0, mem_ctx, UNMARSHALL ); prs_give_memory( &ps, data.dptr, data.dsize, True ); @@ -249,7 +252,6 @@ BOOL netsamlogon_cache_have(const DOM_SID *user_sid) result = (user != NULL); talloc_destroy(mem_ctx); - SAFE_FREE(user); return result; } diff --git a/source/locking/brlock.c b/source/locking/brlock.c index 76a4039d823..5da76a1782d 100644 --- a/source/locking/brlock.c +++ b/source/locking/brlock.c @@ -1283,10 +1283,15 @@ void brl_close_fnum(struct byte_range_lock *br_lck) unsigned int num_locks_copy; /* Copy the current lock array. */ - locks_copy = (struct lock_struct *)TALLOC_MEMDUP(br_lck, locks, br_lck->num_locks * sizeof(struct lock_struct)); - if (!locks_copy) { - smb_panic("brl_close_fnum: talloc fail.\n"); + if (br_lck->num_locks) { + locks_copy = (struct lock_struct *)TALLOC_MEMDUP(br_lck, locks, br_lck->num_locks * sizeof(struct lock_struct)); + if (!locks_copy) { + smb_panic("brl_close_fnum: talloc fail.\n"); + } + } else { + locks_copy = NULL; } + num_locks_copy = br_lck->num_locks; for (i=0; i < num_locks_copy; i++) { diff --git a/source/locking/locking.c b/source/locking/locking.c index 37e6dbc4e54..2181fca4085 100644 --- a/source/locking/locking.c +++ b/source/locking/locking.c @@ -521,7 +521,7 @@ static BOOL parse_share_modes(TDB_DATA dbuf, struct share_mode_lock *lck) } lck->share_modes = (struct share_mode_entry *) - talloc_memdup(lck, dbuf.dptr+sizeof(*data), + TALLOC_MEMDUP(lck, dbuf.dptr+sizeof(*data), lck->num_share_modes * sizeof(struct share_mode_entry)); diff --git a/source/modules/nfs4_acls.c b/source/modules/nfs4_acls.c index dd452408579..8530a5db032 100644 --- a/source/modules/nfs4_acls.c +++ b/source/modules/nfs4_acls.c @@ -84,10 +84,10 @@ static SMB_ACE4_INT_T *get_validated_aceint(SMB4ACE_T *ace) SMB4ACL_T *smb_create_smb4acl(void) { TALLOC_CTX *mem_ctx = main_loop_talloc_get(); - SMB_ACL4_INT_T *acl = (SMB_ACL4_INT_T *)talloc_size(mem_ctx, sizeof(SMB_ACL4_INT_T)); + SMB_ACL4_INT_T *acl = (SMB_ACL4_INT_T *)TALLOC_SIZE(mem_ctx, sizeof(SMB_ACL4_INT_T)); if (acl==NULL) { - DEBUG(0, ("talloc_size failed\n")); + DEBUG(0, ("TALLOC_SIZE failed\n")); errno = ENOMEM; return NULL; } @@ -103,10 +103,10 @@ SMB4ACE_T *smb_add_ace4(SMB4ACL_T *acl, SMB_ACE4PROP_T *prop) TALLOC_CTX *mem_ctx = main_loop_talloc_get(); SMB_ACE4_INT_T *ace; - ace = (SMB_ACE4_INT_T *)talloc_size(mem_ctx, sizeof(SMB_ACE4_INT_T)); + ace = (SMB_ACE4_INT_T *)TALLOC_SIZE(mem_ctx, sizeof(SMB_ACE4_INT_T)); if (ace==NULL) { - DEBUG(0, ("talloc_size failed\n")); + DEBUG(0, ("TALLOC_SIZE failed\n")); errno = ENOMEM; return NULL; } @@ -206,14 +206,18 @@ static BOOL smbacl4_nfs42win(SMB4ACL_T *acl, /* in */ if (aclint==NULL) return False; - nt_ace_list = (SEC_ACE *)talloc_size(mem_ctx, aclint->naces * sizeof(SEC_ACE)); - if (nt_ace_list==NULL) - { - DEBUG(10, ("talloc error")); - errno = ENOMEM; - return False; + if (aclint->naces) { + nt_ace_list = (SEC_ACE *)TALLOC_SIZE(mem_ctx, aclint->naces * sizeof(SEC_ACE)); + if (nt_ace_list==NULL) + { + DEBUG(10, ("talloc error")); + errno = ENOMEM; + return False; + } + memset(nt_ace_list, 0, aclint->naces * sizeof(SEC_ACE)); + } else { + nt_ace_list = NULL; } - memset(nt_ace_list, 0, aclint->naces * sizeof(SEC_ACE)); for (aceint=aclint->first; aceint!=NULL; aceint=(SMB_ACE4_INT_T *)aceint->next) { SEC_ACCESS mask; diff --git a/source/modules/vfs_afsacl.c b/source/modules/vfs_afsacl.c index 43fa537d734..a82e6b350b2 100644 --- a/source/modules/vfs_afsacl.c +++ b/source/modules/vfs_afsacl.c @@ -616,10 +616,14 @@ static size_t afs_to_nt_acl(struct afs_acl *afs_acl, uid_to_sid(&owner_sid, sbuf.st_uid); gid_to_sid(&group_sid, sbuf.st_gid); - nt_ace_list = TALLOC_ARRAY(mem_ctx, SEC_ACE, afs_acl->num_aces); + if (num_aces) { + nt_ace_list = TALLOC_ARRAY(mem_ctx, SEC_ACE, afs_acl->num_aces); - if (nt_ace_list == NULL) - return 0; + if (nt_ace_list == NULL) + return 0; + } else { + nt_ace_list = NULL; + } afs_ace = afs_acl->acelist; good_aces = 0; diff --git a/source/modules/vfs_aixacl2.c b/source/modules/vfs_aixacl2.c index 62a517a6e08..f1e116ec197 100644 --- a/source/modules/vfs_aixacl2.c +++ b/source/modules/vfs_aixacl2.c @@ -68,7 +68,7 @@ static AIXJFS2_ACL_T *aixjfs2_getacl_alloc(const char *fname, acl_type_t *type) TALLOC_CTX *mem_ctx; mem_ctx = main_loop_talloc_get(); - acl = (AIXJFS2_ACL_T *)talloc_size(mem_ctx, len); + acl = (AIXJFS2_ACL_T *)TALLOC_SIZE(mem_ctx, len); if (acl == NULL) { errno = ENOMEM; return NULL; @@ -83,7 +83,7 @@ static AIXJFS2_ACL_T *aixjfs2_getacl_alloc(const char *fname, acl_type_t *type) len = aixacl2_getlen(acl, type) + sizeof(AIXJFS2_ACL_T); DEBUG(10,("aixjfs2_getacl_alloc - acl_len:%d\n",len)); - acl = (AIXJFS2_ACL_T *)talloc_size(mem_ctx, len); + acl = (AIXJFS2_ACL_T *)TALLOC_SIZE(mem_ctx, len); if (acl == NULL) { errno = ENOMEM; return NULL; @@ -312,9 +312,9 @@ static BOOL aixjfs2_process_smbacl(files_struct *fsp, SMB4ACL_T *smbacl) naces = smb_get_naces(smbacl); aclLen = ACL_V4_SIZ + naces * entryLen; - jfs2acl = (nfs4_acl_int_t *)talloc_size(mem_ctx, aclLen); + jfs2acl = (nfs4_acl_int_t *)TALLOC_SIZE(mem_ctx, aclLen); if (jfs2acl==NULL) { - DEBUG(0, ("talloc_size failed\n")); + DEBUG(0, ("TALLOC_SIZE failed\n")); errno = ENOMEM; return False; } diff --git a/source/modules/vfs_gpfs.c b/source/modules/vfs_gpfs.c index 6841300d5b3..932b5000c83 100644 --- a/source/modules/vfs_gpfs.c +++ b/source/modules/vfs_gpfs.c @@ -104,7 +104,7 @@ static struct gpfs_acl *gpfs_getacl_alloc(const char *fname, gpfs_aclType_t type int ret; TALLOC_CTX *mem_ctx = main_loop_talloc_get(); - acl = (struct gpfs_acl *)talloc_size(mem_ctx, len); + acl = (struct gpfs_acl *)TALLOC_SIZE(mem_ctx, len); if (acl == NULL) { errno = ENOMEM; return NULL; @@ -117,7 +117,7 @@ static struct gpfs_acl *gpfs_getacl_alloc(const char *fname, gpfs_aclType_t type ret = smbd_gpfs_getacl((char *)fname, GPFS_GETACL_STRUCT | GPFS_ACL_SAMBA, acl); if ((ret != 0) && (errno == ENOSPC)) { - struct gpfs_acl *new_acl = (struct gpfs_acl *)talloc_size( + struct gpfs_acl *new_acl = (struct gpfs_acl *)TALLOC_SIZE( mem_ctx, acl->acl_len + sizeof(struct gpfs_acl)); if (new_acl == NULL) { errno = ENOMEM; @@ -260,7 +260,7 @@ static BOOL gpfsacl_process_smbacl(files_struct *fsp, SMB4ACL_T *smbacl) gacl_len = sizeof(struct gpfs_acl) + (smb_get_naces(smbacl)-1)*sizeof(gpfs_ace_v4_t); - gacl = talloc_size(mem_ctx, gacl_len); + gacl = TALLOC_SIZE(mem_ctx, gacl_len); if (gacl == NULL) { DEBUG(0, ("talloc failed\n")); errno = ENOMEM; diff --git a/source/nsswitch/idmap.c b/source/nsswitch/idmap.c index 7589ee66abd..5222eba8f36 100644 --- a/source/nsswitch/idmap.c +++ b/source/nsswitch/idmap.c @@ -360,7 +360,7 @@ NTSTATUS idmap_init(void) } /* init domain */ - dom = talloc_zero(idmap_ctx, struct idmap_domain); + dom = TALLOC_ZERO_P(idmap_ctx, struct idmap_domain); IDMAP_CHECK_ALLOC(dom); dom->name = talloc_strdup(dom, dom_list[i]); @@ -464,7 +464,7 @@ NTSTATUS idmap_init(void) ( ! pri_dom_is_in_list) && lp_winbind_trusted_domains_only()) { - dom = talloc_zero(idmap_ctx, struct idmap_domain); + dom = TALLOC_ZERO_P(idmap_ctx, struct idmap_domain); IDMAP_CHECK_ALLOC(dom); dom->name = talloc_strdup(dom, lp_workgroup()); @@ -515,7 +515,7 @@ NTSTATUS idmap_init(void) } /**** automatically add idmap_passdb backend ****/ - dom = talloc_zero(idmap_ctx, struct idmap_domain); + dom = TALLOC_ZERO_P(idmap_ctx, struct idmap_domain); IDMAP_CHECK_ALLOC(dom); dom->name = talloc_strdup(dom, get_global_sam_name()); @@ -607,7 +607,7 @@ NTSTATUS idmap_init(void) if ( alloc_backend ) { - idmap_alloc_ctx = talloc_zero(idmap_ctx, struct idmap_alloc_context); + idmap_alloc_ctx = TALLOC_ZERO_P(idmap_ctx, struct idmap_alloc_context); IDMAP_CHECK_ALLOC(idmap_alloc_ctx); idmap_alloc_ctx->methods = get_alloc_methods(alloc_backends, alloc_backend); @@ -1026,9 +1026,15 @@ static NTSTATUS idmap_backends_sids_to_unixids(struct id_map **ids) /* split list per domain */ - dom_ids = talloc_zero_array(ctx, struct id_map **, num_domains); - IDMAP_CHECK_ALLOC(dom_ids); - counters = talloc_zero_array(ctx, int, num_domains); + if (num_domains) { + dom_ids = TALLOC_ZERO_ARRAY(ctx, struct id_map **, num_domains); + IDMAP_CHECK_ALLOC(dom_ids); + counters = TALLOC_ZERO_ARRAY(ctx, int, num_domains); + IDMAP_CHECK_ALLOC(counters); + } else { + dom_ids = NULL; + counters = NULL; + } /* partition the requests by domain */ @@ -1143,7 +1149,7 @@ NTSTATUS idmap_unixids_to_sids(struct id_map **ids) if ( ! bids) { /* alloc space for ids to be resolved by backends (realloc ten by ten) */ - bids = talloc_array(ctx, struct id_map *, 10); + bids = TALLOC_ARRAY(ctx, struct id_map *, 10); if ( ! bids) { DEBUG(1, ("Out of memory!\n")); talloc_free(ctx); @@ -1248,7 +1254,7 @@ NTSTATUS idmap_sids_to_unixids(struct id_map **ids) if ( ! bids) { /* alloc space for ids to be resolved by backends (realloc ten by ten) */ - bids = talloc_array(ctx, struct id_map *, 10); + bids = TALLOC_ARRAY(ctx, struct id_map *, 10); if ( ! bids) { DEBUG(1, ("Out of memory!\n")); talloc_free(ctx); diff --git a/source/nsswitch/idmap_ad.c b/source/nsswitch/idmap_ad.c index e15e4b90fb8..aadbb2419d8 100644 --- a/source/nsswitch/idmap_ad.c +++ b/source/nsswitch/idmap_ad.c @@ -167,7 +167,7 @@ static NTSTATUS idmap_ad_initialize(struct idmap_domain *dom) const char *range = NULL; const char *schema_mode = NULL; - if ( (ctx = talloc_zero(dom, struct idmap_ad_context)) == NULL ) { + if ( (ctx = TALLOC_ZERO_P(dom, struct idmap_ad_context)) == NULL ) { DEBUG(0, ("Out of memory!\n")); return NT_STATUS_NO_MEMORY; } diff --git a/source/nsswitch/idmap_ldap.c b/source/nsswitch/idmap_ldap.c index e6cd5c7f231..ecd549f6860 100644 --- a/source/nsswitch/idmap_ldap.c +++ b/source/nsswitch/idmap_ldap.c @@ -79,11 +79,17 @@ static NTSTATUS get_credentials( TALLOC_CTX *mem_ctx, tmp = lp_parm_const_string(-1, config_option, "ldap_user_dn", NULL); if ( tmp ) { - secret = idmap_fetch_secret("ldap", false, dom->name, tmp); + if (!dom) { + /* only the alloc backend is allowed to pass in a NULL dom */ + secret = idmap_fetch_secret("ldap", true, NULL, tmp); + } else { + secret = idmap_fetch_secret("ldap", false, dom->name, tmp); + } + if (!secret) { DEBUG(0, ("get_credentials: Unable to fetch " "auth credentials for %s in %s\n", - tmp, dom->name)); + tmp, (dom==NULL)?"ALLOC":dom->name)); ret = NT_STATUS_ACCESS_DENIED; goto done; } @@ -215,7 +221,7 @@ static NTSTATUS idmap_ldap_alloc_init(const char *params) return NT_STATUS_FILE_IS_OFFLINE; } - idmap_alloc_ldap = talloc_zero(NULL, struct idmap_ldap_alloc_context); + idmap_alloc_ldap = TALLOC_ZERO_P(NULL, struct idmap_ldap_alloc_context); CHECK_ALLOC_DONE( idmap_alloc_ldap ); /* load ranges */ @@ -734,7 +740,7 @@ static NTSTATUS idmap_ldap_db_init(struct idmap_domain *dom) return NT_STATUS_FILE_IS_OFFLINE; } - ctx = talloc_zero(dom, struct idmap_ldap_context); + ctx = TALLOC_ZERO_P(dom, struct idmap_ldap_context); if ( ! ctx) { DEBUG(0, ("Out of memory!\n")); return NT_STATUS_NO_MEMORY; diff --git a/source/nsswitch/idmap_rid.c b/source/nsswitch/idmap_rid.c index 8e016879b8c..f7503a4dd67 100644 --- a/source/nsswitch/idmap_rid.c +++ b/source/nsswitch/idmap_rid.c @@ -44,7 +44,7 @@ static NTSTATUS idmap_rid_initialize(struct idmap_domain *dom) char *config_option = NULL; const char *range; - if ( (ctx = talloc_zero(dom, struct idmap_rid_context)) == NULL ) { + if ( (ctx = TALLOC_ZERO_P(dom, struct idmap_rid_context)) == NULL ) { DEBUG(0, ("Out of memory!\n")); return NT_STATUS_NO_MEMORY; } diff --git a/source/nsswitch/idmap_tdb.c b/source/nsswitch/idmap_tdb.c index 8ce88e015d4..ec866519353 100644 --- a/source/nsswitch/idmap_tdb.c +++ b/source/nsswitch/idmap_tdb.c @@ -1198,7 +1198,7 @@ static NTSTATUS idmap_tdb_dump_data(struct idmap_domain *dom, struct id_map **ma ctx = talloc_get_type(dom->private_data, struct idmap_tdb_context); - data = talloc_zero(ctx, struct dump_data); + data = TALLOC_ZERO_P(ctx, struct dump_data); if ( ! data) { DEBUG(0, ("Out of memory!\n")); return NT_STATUS_NO_MEMORY; diff --git a/source/nsswitch/wb_client.c b/source/nsswitch/wb_client.c index afb62027544..25fbefc45e1 100644 --- a/source/nsswitch/wb_client.c +++ b/source/nsswitch/wb_client.c @@ -165,11 +165,16 @@ BOOL winbind_lookup_rids(TALLOC_CTX *mem_ctx, *domain_name = talloc_strdup(mem_ctx, response.data.domain_name); - *names = TALLOC_ARRAY(mem_ctx, const char *, num_rids); - *types = TALLOC_ARRAY(mem_ctx, enum lsa_SidType, num_rids); + if (num_rids) { + *names = TALLOC_ARRAY(mem_ctx, const char *, num_rids); + *types = TALLOC_ARRAY(mem_ctx, enum lsa_SidType, num_rids); - if ((*names == NULL) || (*types == NULL)) { - goto fail; + if ((*names == NULL) || (*types == NULL)) { + goto fail; + } + } else { + *names = NULL; + *types = NULL; } p = (char *)response.extra_data.data; diff --git a/source/nsswitch/winbindd_ads.c b/source/nsswitch/winbindd_ads.c index 5988c6aff45..01f94137502 100644 --- a/source/nsswitch/winbindd_ads.c +++ b/source/nsswitch/winbindd_ads.c @@ -961,16 +961,21 @@ static NTSTATUS lookup_groupmem(struct winbindd_domain *domain, the problem is that the members are in the form of distinguised names */ - (*sid_mem) = TALLOC_ZERO_ARRAY(mem_ctx, DOM_SID, num_members); - (*name_types) = TALLOC_ZERO_ARRAY(mem_ctx, uint32, num_members); - (*names) = TALLOC_ZERO_ARRAY(mem_ctx, char *, num_members); - - if ((num_members != 0) && - ((members == NULL) || (*sid_mem == NULL) || - (*name_types == NULL) || (*names == NULL))) { - DEBUG(1, ("talloc failed\n")); - status = NT_STATUS_NO_MEMORY; - goto done; + if (num_members) { + (*sid_mem) = TALLOC_ZERO_ARRAY(mem_ctx, DOM_SID, num_members); + (*name_types) = TALLOC_ZERO_ARRAY(mem_ctx, uint32, num_members); + (*names) = TALLOC_ZERO_ARRAY(mem_ctx, char *, num_members); + + if ((members == NULL) || (*sid_mem == NULL) || + (*name_types == NULL) || (*names == NULL)) { + DEBUG(1, ("talloc failed\n")); + status = NT_STATUS_NO_MEMORY; + goto done; + } + } else { + (*sid_mem) = NULL; + (*name_types) = NULL; + (*names) = NULL; } for (i=0;i<num_members;i++) { diff --git a/source/nsswitch/winbindd_async.c b/source/nsswitch/winbindd_async.c index aa48f513e97..a8a92c3caea 100644 --- a/source/nsswitch/winbindd_async.c +++ b/source/nsswitch/winbindd_async.c @@ -276,13 +276,13 @@ enum winbindd_result winbindd_dual_sids2xids(struct winbindd_domain *domain, sids = (DOM_SID *)state->request.extra_data.data; num = state->request.extra_len / sizeof(DOM_SID); - ids = talloc_zero_array(state->mem_ctx, struct id_map *, num + 1); + ids = TALLOC_ZERO_ARRAY(state->mem_ctx, struct id_map *, num + 1); if ( ! ids) { DEBUG(0, ("Out of memory!\n")); return WINBINDD_ERROR; } for (i = 0; i < num; i++) { - ids[i] = talloc(ids, struct id_map); + ids[i] = TALLOC_P(ids, struct id_map); if ( ! ids[i]) { DEBUG(0, ("Out of memory!\n")); talloc_free(ids); diff --git a/source/nsswitch/winbindd_cache.c b/source/nsswitch/winbindd_cache.c index a9ade4459e8..a2b8cb4193e 100644 --- a/source/nsswitch/winbindd_cache.c +++ b/source/nsswitch/winbindd_cache.c @@ -1776,11 +1776,15 @@ static NTSTATUS lookup_useraliases(struct winbindd_domain *domain, *num_aliases = centry_uint32(centry); *alias_rids = NULL; - (*alias_rids) = TALLOC_ARRAY(mem_ctx, uint32, *num_aliases); + if (*num_aliases) { + (*alias_rids) = TALLOC_ARRAY(mem_ctx, uint32, *num_aliases); - if ((*num_aliases != 0) && ((*alias_rids) == NULL)) { - centry_free(centry); - return NT_STATUS_NO_MEMORY; + if ((*alias_rids) == NULL) { + centry_free(centry); + return NT_STATUS_NO_MEMORY; + } + } else { + (*alias_rids) = NULL; } for (i=0; i<(*num_aliases); i++) @@ -1942,13 +1946,19 @@ static NTSTATUS trusted_domains(struct winbindd_domain *domain, *num_domains = centry_uint32(centry); - (*names) = TALLOC_ARRAY(mem_ctx, char *, *num_domains); - (*alt_names) = TALLOC_ARRAY(mem_ctx, char *, *num_domains); - (*dom_sids) = TALLOC_ARRAY(mem_ctx, DOM_SID, *num_domains); + if (*num_domains) { + (*names) = TALLOC_ARRAY(mem_ctx, char *, *num_domains); + (*alt_names) = TALLOC_ARRAY(mem_ctx, char *, *num_domains); + (*dom_sids) = TALLOC_ARRAY(mem_ctx, DOM_SID, *num_domains); - if (! (*dom_sids) || ! (*names) || ! (*alt_names)) { - smb_panic("trusted_domains out of memory"); - } + if (! (*dom_sids) || ! (*names) || ! (*alt_names)) { + smb_panic("trusted_domains out of memory"); + } + } else { + (*names) = NULL; + (*alt_names) = NULL; + (*dom_sids) = NULL; + } for (i=0; i<(*num_domains); i++) { (*names)[i] = centry_string(centry, mem_ctx); @@ -2130,7 +2140,14 @@ void wcache_invalidate_samlogon(struct winbindd_domain *domain, NET_USER_INFO_3 *info3) { struct winbind_cache *cache; - + + /* dont clear cached U/SID and UG/SID entries when we want to logon + * offline - gd */ + + if (lp_winbind_offline_logon()) { + return; + } + if (!domain) return; diff --git a/source/nsswitch/winbindd_passdb.c b/source/nsswitch/winbindd_passdb.c index cd081d65175..56166be7d31 100644 --- a/source/nsswitch/winbindd_passdb.c +++ b/source/nsswitch/winbindd_passdb.c @@ -403,13 +403,19 @@ static NTSTATUS trusted_domains(struct winbindd_domain *domain, return nt_status; } - *names = TALLOC_ARRAY(mem_ctx, char *, *num_domains); - *alt_names = TALLOC_ARRAY(mem_ctx, char *, *num_domains); - *dom_sids = TALLOC_ARRAY(mem_ctx, DOM_SID, *num_domains); + if (*num_domains) { + *names = TALLOC_ARRAY(mem_ctx, char *, *num_domains); + *alt_names = TALLOC_ARRAY(mem_ctx, char *, *num_domains); + *dom_sids = TALLOC_ARRAY(mem_ctx, DOM_SID, *num_domains); - if ((*alt_names == NULL) || (*names == NULL) || (*dom_sids == NULL)) { - TALLOC_FREE(tmp_ctx); - return NT_STATUS_NO_MEMORY; + if ((*alt_names == NULL) || (*names == NULL) || (*dom_sids == NULL)) { + TALLOC_FREE(tmp_ctx); + return NT_STATUS_NO_MEMORY; + } + } else { + *names = NULL; + *alt_names = NULL; + *dom_sids = NULL; } for (i=0; i<*num_domains; i++) { diff --git a/source/nsswitch/winbindd_rpc.c b/source/nsswitch/winbindd_rpc.c index 3707f0311f8..f408e1e15ee 100644 --- a/source/nsswitch/winbindd_rpc.c +++ b/source/nsswitch/winbindd_rpc.c @@ -342,9 +342,13 @@ NTSTATUS msrpc_rids_to_names(struct winbindd_domain *domain, DEBUG(3, ("rids_to_names [rpc] for domain %s\n", domain->name )); - sids = TALLOC_ARRAY(mem_ctx, DOM_SID, num_rids); - if (sids == NULL) { - return NT_STATUS_NO_MEMORY; + if (num_rids) { + sids = TALLOC_ARRAY(mem_ctx, DOM_SID, num_rids); + if (sids == NULL) { + return NT_STATUS_NO_MEMORY; + } + } else { + sids = NULL; } for (i=0; i<num_rids; i++) { @@ -418,7 +422,7 @@ static NTSTATUS query_user(struct winbindd_domain *domain, user_info->shell = NULL; user_info->primary_gid = (gid_t)-1; - SAFE_FREE(user); + TALLOC_FREE(user); return NT_STATUS_OK; } @@ -560,10 +564,13 @@ NTSTATUS msrpc_lookup_useraliases(struct winbindd_domain *domain, DEBUG(10,("rpc: lookup_useraliases: entering query %d for %d sids\n", num_queries, num_query_sids)); - - query_sids = TALLOC_ARRAY(mem_ctx, DOM_SID2, num_query_sids); - if (query_sids == NULL) { - return NT_STATUS_NO_MEMORY; + if (num_query_sids) { + query_sids = TALLOC_ARRAY(mem_ctx, DOM_SID2, num_query_sids); + if (query_sids == NULL) { + return NT_STATUS_NO_MEMORY; + } + } else { + query_sids = NULL; } for (i=0; i<num_query_sids; i++) { diff --git a/source/nsswitch/winbindd_util.c b/source/nsswitch/winbindd_util.c index abfd3f6fccf..bf575bae26a 100644 --- a/source/nsswitch/winbindd_util.c +++ b/source/nsswitch/winbindd_util.c @@ -1040,7 +1040,7 @@ NTSTATUS lookup_usergroups_cached(struct winbindd_domain *domain, } if (info3->num_groups == 0) { - SAFE_FREE(info3); + TALLOC_FREE(info3); return NT_STATUS_UNSUCCESSFUL; } @@ -1048,7 +1048,7 @@ NTSTATUS lookup_usergroups_cached(struct winbindd_domain *domain, sid_compose(&primary_group, &info3->dom_sid.sid, info3->user_rid); if (!add_sid_to_array(mem_ctx, &primary_group, user_sids, &num_groups)) { - SAFE_FREE(info3); + TALLOC_FREE(info3); return NT_STATUS_NO_MEMORY; } @@ -1058,12 +1058,12 @@ NTSTATUS lookup_usergroups_cached(struct winbindd_domain *domain, if (!add_sid_to_array(mem_ctx, &group_sid, user_sids, &num_groups)) { - SAFE_FREE(info3); + TALLOC_FREE(info3); return NT_STATUS_NO_MEMORY; } } - SAFE_FREE(info3); + TALLOC_FREE(info3); *p_num_groups = num_groups; status = (user_sids != NULL) ? NT_STATUS_OK : NT_STATUS_NO_MEMORY; diff --git a/source/passdb/lookup_sid.c b/source/passdb/lookup_sid.c index ca5970875d1..9025f287036 100644 --- a/source/passdb/lookup_sid.c +++ b/source/passdb/lookup_sid.c @@ -447,11 +447,16 @@ static BOOL lookup_rids(TALLOC_CTX *mem_ctx, const DOM_SID *domain_sid, { int i; - *names = TALLOC_ARRAY(mem_ctx, const char *, num_rids); - *types = TALLOC_ARRAY(mem_ctx, enum lsa_SidType, num_rids); + if (num_rids) { + *names = TALLOC_ARRAY(mem_ctx, const char *, num_rids); + *types = TALLOC_ARRAY(mem_ctx, enum lsa_SidType, num_rids); - if ((*names == NULL) || (*types == NULL)) { - return False; + if ((*names == NULL) || (*types == NULL)) { + return False; + } + } else { + *names = NULL; + *types = NULL; } if (sid_check_is_domain(domain_sid)) { @@ -679,7 +684,7 @@ NTSTATUS lookup_sids(TALLOC_CTX *mem_ctx, int num_sids, TALLOC_CTX *tmp_ctx; NTSTATUS result = NT_STATUS_UNSUCCESSFUL; struct lsa_name_info *name_infos; - struct lsa_dom_info *dom_infos; + struct lsa_dom_info *dom_infos = NULL; int i, j; @@ -688,10 +693,19 @@ NTSTATUS lookup_sids(TALLOC_CTX *mem_ctx, int num_sids, return NT_STATUS_NO_MEMORY; } - name_infos = TALLOC_ARRAY(mem_ctx, struct lsa_name_info, num_sids); + if (num_sids) { + name_infos = TALLOC_ARRAY(mem_ctx, struct lsa_name_info, num_sids); + if (name_infos == NULL) { + result = NT_STATUS_NO_MEMORY; + goto fail; + } + } else { + name_infos = NULL; + } + dom_infos = TALLOC_ZERO_ARRAY(mem_ctx, struct lsa_dom_info, MAX_REF_DOMAINS); - if ((name_infos == NULL) || (dom_infos == NULL)) { + if (dom_infos == NULL) { result = NT_STATUS_NO_MEMORY; goto fail; } @@ -825,9 +839,13 @@ NTSTATUS lookup_sids(TALLOC_CTX *mem_ctx, int num_sids, break; } - if (!(rids = TALLOC_ARRAY(tmp_ctx, uint32, dom->num_idxs))) { - result = NT_STATUS_NO_MEMORY; - goto fail; + if (dom->num_idxs) { + if (!(rids = TALLOC_ARRAY(tmp_ctx, uint32, dom->num_idxs))) { + result = NT_STATUS_NO_MEMORY; + goto fail; + } + } else { + rids = NULL; } for (j=0; j<dom->num_idxs; j++) { diff --git a/source/printing/notify.c b/source/printing/notify.c index 7d5b7027819..b79a6bb54a4 100644 --- a/source/printing/notify.c +++ b/source/printing/notify.c @@ -222,7 +222,7 @@ static BOOL copy_notify2_msg( SPOOLSS_NOTIFY_MSG *to, SPOOLSS_NOTIFY_MSG *from ) if ( from->len ) { to->notify.data = (char *)TALLOC_MEMDUP(send_ctx, from->notify.data, from->len ); if ( !to->notify.data ) { - DEBUG(0,("copy_notify2_msg: talloc_memdup() of size [%d] failed!\n", from->len )); + DEBUG(0,("copy_notify2_msg: TALLOC_MEMDUP() of size [%d] failed!\n", from->len )); return False; } } @@ -537,9 +537,13 @@ BOOL print_notify_pid_list(const char *printername, TALLOC_CTX *mem_ctx, size_t num_pids = data.dsize / 8; - if ((pid_list = TALLOC_ARRAY(mem_ctx, pid_t, num_pids)) == NULL) { - ret = False; - goto done; + if (num_pids) { + if ((pid_list = TALLOC_ARRAY(mem_ctx, pid_t, num_pids)) == NULL) { + ret = False; + goto done; + } + } else { + pid_list = NULL; } for( i = 0, offset = 0; offset < data.dsize; offset += 8, i++) diff --git a/source/printing/nt_printing.c b/source/printing/nt_printing.c index 8829ef2b0c2..34f46c4a9cd 100644 --- a/source/printing/nt_printing.c +++ b/source/printing/nt_printing.c @@ -3274,6 +3274,7 @@ WERROR check_published_printers(void) if (!ADS_ERR_OK(ads_rc)) { DEBUG(3, ("ads_connect failed: %s\n", ads_errstr(ads_rc))); ads_destroy(&ads); + ads_kdestroy("MEMORY:prtpub_cache"); return WERR_ACCESS_DENIED; } @@ -3290,6 +3291,7 @@ WERROR check_published_printers(void) } ads_destroy(&ads); + ads_kdestroy("MEMORY:prtpub_cache"); return WERR_OK; } diff --git a/source/registry/reg_objects.c b/source/registry/reg_objects.c index 83fd85658fb..4103033c751 100644 --- a/source/registry/reg_objects.c +++ b/source/registry/reg_objects.c @@ -308,8 +308,16 @@ int regval_ctr_addvalue( REGVAL_CTR *ctr, const char *name, uint16 type, fstrcpy( ctr->values[ctr->num_values]->valuename, name ); ctr->values[ctr->num_values]->type = type; - ctr->values[ctr->num_values]->data_p = (uint8 *)TALLOC_MEMDUP( - ctr, data_p, size ); + if (size) { + ctr->values[ctr->num_values]->data_p = (uint8 *)TALLOC_MEMDUP( + ctr, data_p, size ); + if (!ctr->values[ctr->num_values]->data_p) { + ctr->num_values = 0; + return 0; + } + } else { + ctr->values[ctr->num_values]->data_p = NULL; + } ctr->values[ctr->num_values]->size = size; ctr->num_values++; @@ -348,8 +356,16 @@ int regval_ctr_copyvalue( REGVAL_CTR *ctr, REGISTRY_VALUE *val ) fstrcpy( ctr->values[ctr->num_values]->valuename, val->valuename ); ctr->values[ctr->num_values]->type = val->type; - ctr->values[ctr->num_values]->data_p = (uint8 *)TALLOC_MEMDUP( - ctr, val->data_p, val->size ); + if (val->size) { + ctr->values[ctr->num_values]->data_p = (uint8 *)TALLOC_MEMDUP( + ctr, val->data_p, val->size ); + if (!ctr->values[ctr->num_values]->data_p) { + ctr->num_values = 0; + return 0; + } + } else { + ctr->values[ctr->num_values]->data_p = NULL; + } ctr->values[ctr->num_values]->size = val->size; ctr->num_values++; } diff --git a/source/registry/regfio.c b/source/registry/regfio.c index f2e95da8898..3a554177a4c 100644 --- a/source/registry/regfio.c +++ b/source/registry/regfio.c @@ -1823,8 +1823,12 @@ static int hashrec_cmp( REGF_HASH_REC *h1, REGF_HASH_REC *h2 ) memcpy( nk->subkeys.header, "lf", REC_HDR_SIZE ); nk->subkeys.num_keys = nk->num_subkeys; - if ( !(nk->subkeys.hashes = TALLOC_ZERO_ARRAY( file->mem_ctx, REGF_HASH_REC, nk->subkeys.num_keys )) ) - return NULL; + if (nk->subkeys.num_keys) { + if ( !(nk->subkeys.hashes = TALLOC_ZERO_ARRAY( file->mem_ctx, REGF_HASH_REC, nk->subkeys.num_keys )) ) + return NULL; + } else { + nk->subkeys.hashes = NULL; + } nk->subkey_index = 0; /* update the max_bytes_subkey{name,classname} fields */ @@ -1847,8 +1851,12 @@ static int hashrec_cmp( REGF_HASH_REC *h1, REGF_HASH_REC *h2 ) } nk->values_off = prs_offset( &vlist_hbin->ps ) + vlist_hbin->first_hbin_off - HBIN_HDR_SIZE; - if ( !(nk->values = TALLOC_ARRAY( file->mem_ctx, REGF_VK_REC, nk->num_values )) ) - return NULL; + if (nk->num_values) { + if ( !(nk->values = TALLOC_ARRAY( file->mem_ctx, REGF_VK_REC, nk->num_values )) ) + return NULL; + } else { + nk->values = NULL; + } /* create the vk records */ diff --git a/source/rpc_client/cli_ds.c b/source/rpc_client/cli_ds.c index c01a5519660..5443170d8b2 100644 --- a/source/rpc_client/cli_ds.c +++ b/source/rpc_client/cli_ds.c @@ -98,10 +98,14 @@ NTSTATUS rpccli_ds_enum_domain_trusts(struct rpc_pipe_client *cli, int i; *num_domains = r.num_domains; - *trusts = TALLOC_ARRAY(mem_ctx, struct ds_domain_trust, r.num_domains); + if (r.num_domains) { + *trusts = TALLOC_ARRAY(mem_ctx, struct ds_domain_trust, r.num_domains); - if (*trusts == NULL) { - return NT_STATUS_NO_MEMORY; + if (*trusts == NULL) { + return NT_STATUS_NO_MEMORY; + } + } else { + *trusts = NULL; } for ( i=0; i< *num_domains; i++ ) { diff --git a/source/rpc_client/cli_lsarpc.c b/source/rpc_client/cli_lsarpc.c index 97d8326ede4..b31f7fc064d 100644 --- a/source/rpc_client/cli_lsarpc.c +++ b/source/rpc_client/cli_lsarpc.c @@ -219,22 +219,28 @@ NTSTATUS rpccli_lsa_lookup_sids(struct rpc_pipe_client *cli, goto done; } - if (!((*domains) = TALLOC_ARRAY(mem_ctx, char *, num_sids))) { - DEBUG(0, ("cli_lsa_lookup_sids(): out of memory\n")); - result = NT_STATUS_NO_MEMORY; - goto done; - } + if (num_sids) { + if (!((*domains) = TALLOC_ARRAY(mem_ctx, char *, num_sids))) { + DEBUG(0, ("cli_lsa_lookup_sids(): out of memory\n")); + result = NT_STATUS_NO_MEMORY; + goto done; + } - if (!((*names) = TALLOC_ARRAY(mem_ctx, char *, num_sids))) { - DEBUG(0, ("cli_lsa_lookup_sids(): out of memory\n")); - result = NT_STATUS_NO_MEMORY; - goto done; - } + if (!((*names) = TALLOC_ARRAY(mem_ctx, char *, num_sids))) { + DEBUG(0, ("cli_lsa_lookup_sids(): out of memory\n")); + result = NT_STATUS_NO_MEMORY; + goto done; + } - if (!((*types) = TALLOC_ARRAY(mem_ctx, uint32, num_sids))) { - DEBUG(0, ("cli_lsa_lookup_sids(): out of memory\n")); - result = NT_STATUS_NO_MEMORY; - goto done; + if (!((*types) = TALLOC_ARRAY(mem_ctx, uint32, num_sids))) { + DEBUG(0, ("cli_lsa_lookup_sids(): out of memory\n")); + result = NT_STATUS_NO_MEMORY; + goto done; + } + } else { + (*domains) = NULL; + (*names) = NULL; + (*types) = NULL; } for (i = 0; i < num_sids; i++) { @@ -321,25 +327,33 @@ NTSTATUS rpccli_lsa_lookup_names(struct rpc_pipe_client *cli, goto done; } - if (!((*sids = TALLOC_ARRAY(mem_ctx, DOM_SID, num_names)))) { - DEBUG(0, ("cli_lsa_lookup_sids(): out of memory\n")); - result = NT_STATUS_NO_MEMORY; - goto done; - } - - if (!((*types = TALLOC_ARRAY(mem_ctx, uint32, num_names)))) { - DEBUG(0, ("cli_lsa_lookup_sids(): out of memory\n")); - result = NT_STATUS_NO_MEMORY; - goto done; - } + if (num_names) { + if (!((*sids = TALLOC_ARRAY(mem_ctx, DOM_SID, num_names)))) { + DEBUG(0, ("cli_lsa_lookup_sids(): out of memory\n")); + result = NT_STATUS_NO_MEMORY; + goto done; + } - if (dom_names != NULL) { - *dom_names = TALLOC_ARRAY(mem_ctx, const char *, num_names); - if (*dom_names == NULL) { + if (!((*types = TALLOC_ARRAY(mem_ctx, uint32, num_names)))) { DEBUG(0, ("cli_lsa_lookup_sids(): out of memory\n")); result = NT_STATUS_NO_MEMORY; goto done; } + + if (dom_names != NULL) { + *dom_names = TALLOC_ARRAY(mem_ctx, const char *, num_names); + if (*dom_names == NULL) { + DEBUG(0, ("cli_lsa_lookup_sids(): out of memory\n")); + result = NT_STATUS_NO_MEMORY; + goto done; + } + } + } else { + *sids = NULL; + *types = NULL; + if (dom_names != NULL) { + *dom_names = NULL; + } } for (i = 0; i < num_names; i++) { @@ -784,22 +798,28 @@ NTSTATUS rpccli_lsa_enum_privilege(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ *enum_context = r.enum_context; *count = r.count; - if (!((*privs_name = TALLOC_ARRAY(mem_ctx, char *, r.count)))) { - DEBUG(0, ("(cli_lsa_enum_privilege): out of memory\n")); - result = NT_STATUS_UNSUCCESSFUL; - goto done; - } + if (r.count) { + if (!((*privs_name = TALLOC_ARRAY(mem_ctx, char *, r.count)))) { + DEBUG(0, ("(cli_lsa_enum_privilege): out of memory\n")); + result = NT_STATUS_UNSUCCESSFUL; + goto done; + } - if (!((*privs_high = TALLOC_ARRAY(mem_ctx, uint32, r.count)))) { - DEBUG(0, ("(cli_lsa_enum_privilege): out of memory\n")); - result = NT_STATUS_UNSUCCESSFUL; - goto done; - } + if (!((*privs_high = TALLOC_ARRAY(mem_ctx, uint32, r.count)))) { + DEBUG(0, ("(cli_lsa_enum_privilege): out of memory\n")); + result = NT_STATUS_UNSUCCESSFUL; + goto done; + } - if (!((*privs_low = TALLOC_ARRAY(mem_ctx, uint32, r.count)))) { - DEBUG(0, ("(cli_lsa_enum_privilege): out of memory\n")); - result = NT_STATUS_UNSUCCESSFUL; - goto done; + if (!((*privs_low = TALLOC_ARRAY(mem_ctx, uint32, r.count)))) { + DEBUG(0, ("(cli_lsa_enum_privilege): out of memory\n")); + result = NT_STATUS_UNSUCCESSFUL; + goto done; + } + } else { + *privs_name = NULL; + *privs_high = NULL; + *privs_low = NULL; } for (i = 0; i < r.count; i++) { diff --git a/source/rpc_client/cli_samr.c b/source/rpc_client/cli_samr.c index 26b2b002d7c..444011edc5d 100644 --- a/source/rpc_client/cli_samr.c +++ b/source/rpc_client/cli_samr.c @@ -554,10 +554,14 @@ NTSTATUS rpccli_samr_query_useraliases(struct rpc_pipe_client *cli, ZERO_STRUCT(q); ZERO_STRUCT(r); - sid_ptrs = TALLOC_ARRAY(mem_ctx, uint32, num_sids); - if (sid_ptrs == NULL) - return NT_STATUS_NO_MEMORY; - + if (num_sids) { + sid_ptrs = TALLOC_ARRAY(mem_ctx, uint32, num_sids); + if (sid_ptrs == NULL) + return NT_STATUS_NO_MEMORY; + } else { + sid_ptrs = NULL; + } + for (i=0; i<num_sids; i++) sid_ptrs[i] = 1; diff --git a/source/rpc_client/cli_spoolss.c b/source/rpc_client/cli_spoolss.c index 75c617c944c..76a5e0b8ad4 100644 --- a/source/rpc_client/cli_spoolss.c +++ b/source/rpc_client/cli_spoolss.c @@ -39,11 +39,15 @@ static BOOL decode_printer_info_0(TALLOC_CTX *mem_ctx, RPC_BUFFER *buffer, uint32 i; PRINTER_INFO_0 *inf; - inf=TALLOC_ARRAY(mem_ctx, PRINTER_INFO_0, returned); - if (!inf) { - return False; + if (returned) { + inf=TALLOC_ARRAY(mem_ctx, PRINTER_INFO_0, returned); + if (!inf) { + return False; + } + memset(inf, 0, returned*sizeof(PRINTER_INFO_0)); + } else { + inf = NULL; } - memset(inf, 0, returned*sizeof(PRINTER_INFO_0)); prs_set_offset(&buffer->prs,0); @@ -66,11 +70,15 @@ static BOOL decode_printer_info_1(TALLOC_CTX *mem_ctx, RPC_BUFFER *buffer, uint32 i; PRINTER_INFO_1 *inf; - inf=TALLOC_ARRAY(mem_ctx, PRINTER_INFO_1, returned); - if (!inf) { - return False; + if (returned) { + inf=TALLOC_ARRAY(mem_ctx, PRINTER_INFO_1, returned); + if (!inf) { + return False; + } + memset(inf, 0, returned*sizeof(PRINTER_INFO_1)); + } else { + inf = NULL; } - memset(inf, 0, returned*sizeof(PRINTER_INFO_1)); prs_set_offset(&buffer->prs,0); @@ -93,11 +101,15 @@ static BOOL decode_printer_info_2(TALLOC_CTX *mem_ctx, RPC_BUFFER *buffer, uint32 i; PRINTER_INFO_2 *inf; - inf=TALLOC_ARRAY(mem_ctx, PRINTER_INFO_2, returned); - if (!inf) { - return False; + if (returned) { + inf=TALLOC_ARRAY(mem_ctx, PRINTER_INFO_2, returned); + if (!inf) { + return False; + } + memset(inf, 0, returned*sizeof(PRINTER_INFO_2)); + } else { + inf = NULL; } - memset(inf, 0, returned*sizeof(PRINTER_INFO_2)); prs_set_offset(&buffer->prs,0); @@ -122,11 +134,15 @@ static BOOL decode_printer_info_3(TALLOC_CTX *mem_ctx, RPC_BUFFER *buffer, uint32 i; PRINTER_INFO_3 *inf; - inf=TALLOC_ARRAY(mem_ctx, PRINTER_INFO_3, returned); - if (!inf) { - return False; + if (returned) { + inf=TALLOC_ARRAY(mem_ctx, PRINTER_INFO_3, returned); + if (!inf) { + return False; + } + memset(inf, 0, returned*sizeof(PRINTER_INFO_3)); + } else { + inf = NULL; } - memset(inf, 0, returned*sizeof(PRINTER_INFO_3)); prs_set_offset(&buffer->prs,0); @@ -150,11 +166,15 @@ static BOOL decode_printer_info_7(TALLOC_CTX *mem_ctx, RPC_BUFFER *buffer, uint32 i; PRINTER_INFO_7 *inf; - inf=TALLOC_ARRAY(mem_ctx, PRINTER_INFO_7, returned); - if (!inf) { - return False; + if (returned) { + inf=TALLOC_ARRAY(mem_ctx, PRINTER_INFO_7, returned); + if (!inf) { + return False; + } + memset(inf, 0, returned*sizeof(PRINTER_INFO_7)); + } else { + inf = NULL; } - memset(inf, 0, returned*sizeof(PRINTER_INFO_7)); prs_set_offset(&buffer->prs,0); @@ -178,11 +198,15 @@ static BOOL decode_port_info_1(TALLOC_CTX *mem_ctx, RPC_BUFFER *buffer, uint32 i; PORT_INFO_1 *inf; - inf=TALLOC_ARRAY(mem_ctx, PORT_INFO_1, returned); - if (!inf) { - return False; + if (returned) { + inf=TALLOC_ARRAY(mem_ctx, PORT_INFO_1, returned); + if (!inf) { + return False; + } + memset(inf, 0, returned*sizeof(PORT_INFO_1)); + } else { + inf = NULL; } - memset(inf, 0, returned*sizeof(PORT_INFO_1)); prs_set_offset(&buffer->prs, 0); @@ -205,11 +229,15 @@ static BOOL decode_port_info_2(TALLOC_CTX *mem_ctx, RPC_BUFFER *buffer, uint32 i; PORT_INFO_2 *inf; - inf=TALLOC_ARRAY(mem_ctx, PORT_INFO_2, returned); - if (!inf) { - return False; + if (returned) { + inf=TALLOC_ARRAY(mem_ctx, PORT_INFO_2, returned); + if (!inf) { + return False; + } + memset(inf, 0, returned*sizeof(PORT_INFO_2)); + } else { + inf = NULL; } - memset(inf, 0, returned*sizeof(PORT_INFO_2)); prs_set_offset(&buffer->prs, 0); @@ -232,11 +260,15 @@ static BOOL decode_printer_driver_1(TALLOC_CTX *mem_ctx, RPC_BUFFER *buffer, uint32 i; DRIVER_INFO_1 *inf; - inf=TALLOC_ARRAY(mem_ctx, DRIVER_INFO_1, returned); - if (!inf) { - return False; + if (returned) { + inf=TALLOC_ARRAY(mem_ctx, DRIVER_INFO_1, returned); + if (!inf) { + return False; + } + memset(inf, 0, returned*sizeof(DRIVER_INFO_1)); + } else { + inf = NULL; } - memset(inf, 0, returned*sizeof(DRIVER_INFO_1)); prs_set_offset(&buffer->prs,0); @@ -259,11 +291,15 @@ static BOOL decode_printer_driver_2(TALLOC_CTX *mem_ctx, RPC_BUFFER *buffer, uint32 i; DRIVER_INFO_2 *inf; - inf=TALLOC_ARRAY(mem_ctx, DRIVER_INFO_2, returned); - if (!inf) { - return False; + if (returned) { + inf=TALLOC_ARRAY(mem_ctx, DRIVER_INFO_2, returned); + if (!inf) { + return False; + } + memset(inf, 0, returned*sizeof(DRIVER_INFO_2)); + } else { + inf = NULL; } - memset(inf, 0, returned*sizeof(DRIVER_INFO_2)); prs_set_offset(&buffer->prs,0); @@ -286,11 +322,15 @@ static BOOL decode_printer_driver_3(TALLOC_CTX *mem_ctx, RPC_BUFFER *buffer, uint32 i; DRIVER_INFO_3 *inf; - inf=TALLOC_ARRAY(mem_ctx, DRIVER_INFO_3, returned); - if (!inf) { - return False; + if (returned) { + inf=TALLOC_ARRAY(mem_ctx, DRIVER_INFO_3, returned); + if (!inf) { + return False; + } + memset(inf, 0, returned*sizeof(DRIVER_INFO_3)); + } else { + inf = NULL; } - memset(inf, 0, returned*sizeof(DRIVER_INFO_3)); prs_set_offset(&buffer->prs,0); @@ -337,9 +377,13 @@ static BOOL decode_jobs_1(TALLOC_CTX *mem_ctx, RPC_BUFFER *buffer, { uint32 i; - *jobs = TALLOC_ARRAY(mem_ctx, JOB_INFO_1, num_jobs); - if (*jobs == NULL) { - return False; + if (num_jobs) { + *jobs = TALLOC_ARRAY(mem_ctx, JOB_INFO_1, num_jobs); + if (*jobs == NULL) { + return False; + } + } else { + *jobs = NULL; } prs_set_offset(&buffer->prs,0); @@ -360,9 +404,13 @@ static BOOL decode_jobs_2(TALLOC_CTX *mem_ctx, RPC_BUFFER *buffer, { uint32 i; - *jobs = TALLOC_ARRAY(mem_ctx, JOB_INFO_2, num_jobs); - if (*jobs == NULL) { - return False; + if (num_jobs) { + *jobs = TALLOC_ARRAY(mem_ctx, JOB_INFO_2, num_jobs); + if (*jobs == NULL) { + return False; + } + } else { + *jobs = NULL; } prs_set_offset(&buffer->prs,0); @@ -383,10 +431,15 @@ static BOOL decode_forms_1(TALLOC_CTX *mem_ctx, RPC_BUFFER *buffer, { int i; - *forms = TALLOC_ARRAY(mem_ctx, FORM_1, num_forms); - if (*forms == NULL) { - return False; + if (num_forms) { + *forms = TALLOC_ARRAY(mem_ctx, FORM_1, num_forms); + if (*forms == NULL) { + return False; + } + } else { + *forms = NULL; } + prs_set_offset(&buffer->prs,0); for (i = 0; i < num_forms; i++) { @@ -1609,7 +1662,11 @@ WERROR rpccli_spoolss_getprinterdata(struct rpc_pipe_client *cli, TALLOC_CTX *me /* Return output parameters */ - value->data_p = (uint8 *)TALLOC_MEMDUP(mem_ctx, out.data, out.needed); + if (out.needed) { + value->data_p = (uint8 *)TALLOC_MEMDUP(mem_ctx, out.data, out.needed); + } else { + value->data_p = NULL; + } value->type = out.type; value->size = out.size; @@ -1662,7 +1719,11 @@ WERROR rpccli_spoolss_getprinterdataex(struct rpc_pipe_client *cli, TALLOC_CTX * /* Return output parameters */ - value->data_p = (uint8 *)TALLOC_MEMDUP(mem_ctx, out.data, out.needed); + if (out.needed) { + value->data_p = (uint8 *)TALLOC_MEMDUP(mem_ctx, out.data, out.needed); + } else { + value->data_p = NULL; + } value->type = out.type; value->size = out.needed; @@ -1758,8 +1819,12 @@ WERROR rpccli_spoolss_enumprinterdata(struct rpc_pipe_client *cli, TALLOC_CTX *m if (value) { rpcstr_pull(value->valuename, out.value, sizeof(value->valuename), -1, STR_TERMINATE); - value->data_p = (uint8 *)TALLOC_MEMDUP(mem_ctx, out.data, + if (out.realdatasize) { + value->data_p = (uint8 *)TALLOC_MEMDUP(mem_ctx, out.data, out.realdatasize); + } else { + value->data_p = NULL; + } value->type = out.type; value->size = out.realdatasize; } diff --git a/source/rpc_client/cli_srvsvc.c b/source/rpc_client/cli_srvsvc.c index 7b4818b4b06..e471de7c3ba 100644 --- a/source/rpc_client/cli_srvsvc.c +++ b/source/rpc_client/cli_srvsvc.c @@ -545,11 +545,15 @@ WERROR rpccli_srvsvc_net_file_enum(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ switch(file_level) { case 3: - if ( (ctr->file.info3 = TALLOC_ARRAY(mem_ctx, FILE_INFO_3, ctr->num_entries)) == NULL ) { - return WERR_NOMEM; - } + if (ctr->num_entries) { + if ( (ctr->file.info3 = TALLOC_ARRAY(mem_ctx, FILE_INFO_3, ctr->num_entries)) == NULL ) { + return WERR_NOMEM; + } - memset(ctr->file.info3, 0, sizeof(FILE_INFO_3) * ctr->num_entries); + memset(ctr->file.info3, 0, sizeof(FILE_INFO_3) * ctr->num_entries); + } else { + ctr->file.info3 = NULL; + } for (i = 0; i < r.ctr.num_entries; i++) { FILE_INFO_3 *info3 = &ctr->file.info3[i]; diff --git a/source/rpc_parse/parse_buffer.c b/source/rpc_parse/parse_buffer.c index 5643189afea..b66eb9910a8 100644 --- a/source/rpc_parse/parse_buffer.c +++ b/source/rpc_parse/parse_buffer.c @@ -401,6 +401,9 @@ BOOL smb_io_relarraystr(const char *desc, RPC_BUFFER *buffer, int depth, uint16 { chaine2[l_chaine2] = '\0'; *string=(uint16 *)TALLOC_MEMDUP(prs_get_mem_context(ps),chaine2,realloc_size); + if (!*string) { + return False; + } SAFE_FREE(chaine2); } diff --git a/source/rpc_parse/parse_dfs.c b/source/rpc_parse/parse_dfs.c index e590aae0526..118429e7d2f 100644 --- a/source/rpc_parse/parse_dfs.c +++ b/source/rpc_parse/parse_dfs.c @@ -326,6 +326,9 @@ BOOL netdfs_io_dfs_Info3_d(const char *desc, NETDFS_DFS_INFO3 *v, prs_struct *ps if (UNMARSHALLING(ps)) { v->stores = (void *)PRS_ALLOC_MEM_VOID(ps,sizeof(*v->stores)*v->num_stores); + if (!v->stores) { + return False; + } } for (i_stores_1=0; i_stores_1<v->num_stores;i_stores_1++) { if (!netdfs_io_dfs_StorageInfo_p("stores", &v->stores[i_stores_1], ps, depth)) @@ -448,6 +451,9 @@ BOOL netdfs_io_dfs_Info4_d(const char *desc, NETDFS_DFS_INFO4 *v, prs_struct *ps if (UNMARSHALLING(ps)) { v->stores = (void *)PRS_ALLOC_MEM_VOID(ps,sizeof(*v->stores)*v->num_stores); + if (!v->stores) { + return False; + } } for (i_stores_1=0; i_stores_1<v->num_stores;i_stores_1++) { if (!netdfs_io_dfs_StorageInfo_p("stores", &v->stores[i_stores_1], ps, depth)) @@ -921,6 +927,9 @@ BOOL netdfs_io_dfs_EnumArray1_d(const char *desc, NETDFS_DFS_ENUMARRAY1 *v, prs_ if (UNMARSHALLING(ps)) { v->s = (void *)PRS_ALLOC_MEM_VOID(ps,sizeof(*v->s)*v->count); + if (!v->s) { + return False; + } } for (i_s_1=0; i_s_1<v->count;i_s_1++) { if (!netdfs_io_dfs_Info1_p("s", &v->s[i_s_1], ps, depth)) @@ -987,6 +996,9 @@ BOOL netdfs_io_dfs_EnumArray2_d(const char *desc, NETDFS_DFS_ENUMARRAY2 *v, prs_ if (UNMARSHALLING(ps)) { v->s = (void *)PRS_ALLOC_MEM_VOID(ps,sizeof(*v->s)*v->count); + if (!v->s) { + return False; + } } for (i_s_1=0; i_s_1<v->count;i_s_1++) { if (!netdfs_io_dfs_Info2_p("s", &v->s[i_s_1], ps, depth)) @@ -1053,6 +1065,9 @@ BOOL netdfs_io_dfs_EnumArray3_d(const char *desc, NETDFS_DFS_ENUMARRAY3 *v, prs_ if (UNMARSHALLING(ps)) { v->s = (void *)PRS_ALLOC_MEM_VOID(ps,sizeof(*v->s)*v->count); + if (!v->s) { + return False; + } } for (i_s_1=0; i_s_1<v->count;i_s_1++) { if (!netdfs_io_dfs_Info3_p("s", &v->s[i_s_1], ps, depth)) @@ -1119,6 +1134,9 @@ BOOL netdfs_io_dfs_EnumArray4_d(const char *desc, NETDFS_DFS_ENUMARRAY4 *v, prs_ if (UNMARSHALLING(ps)) { v->s = (void *)PRS_ALLOC_MEM_VOID(ps,sizeof(*v->s)*v->count); + if (!v->s) { + return False; + } } for (i_s_1=0; i_s_1<v->count;i_s_1++) { if (!netdfs_io_dfs_Info4_p("s", &v->s[i_s_1], ps, depth)) @@ -1185,6 +1203,9 @@ BOOL netdfs_io_dfs_EnumArray200_d(const char *desc, NETDFS_DFS_ENUMARRAY200 *v, if (UNMARSHALLING(ps)) { v->s = (void *)PRS_ALLOC_MEM_VOID(ps,sizeof(*v->s)*v->count); + if (!v->s) { + return False; + } } for (i_s_1=0; i_s_1<v->count;i_s_1++) { if (!netdfs_io_dfs_Info200_p("s", &v->s[i_s_1], ps, depth)) @@ -1251,6 +1272,9 @@ BOOL netdfs_io_dfs_EnumArray300_d(const char *desc, NETDFS_DFS_ENUMARRAY300 *v, if (UNMARSHALLING(ps)) { v->s = (void *)PRS_ALLOC_MEM_VOID(ps,sizeof(*v->s)*v->count); + if (!v->s) { + return False; + } } for (i_s_1=0; i_s_1<v->count;i_s_1++) { if (!netdfs_io_dfs_Info300_p("s", &v->s[i_s_1], ps, depth)) diff --git a/source/rpc_parse/parse_eventlog.c b/source/rpc_parse/parse_eventlog.c index addf433feb8..436f35aff6a 100644 --- a/source/rpc_parse/parse_eventlog.c +++ b/source/rpc_parse/parse_eventlog.c @@ -354,7 +354,9 @@ BOOL eventlog_io_r_read_eventlog(const char *desc, /* Now pad with whitespace until the end of the response buffer */ if (q_u->max_read_size - r_u->num_bytes_in_resp) { - r_u->end_of_entries_padding = SMB_CALLOC_ARRAY(uint8, q_u->max_read_size - r_u->num_bytes_in_resp); + if (!r_u->end_of_entries_padding) { + return False; + } if(!(prs_uint8s(False, "end of entries padding", ps, depth, r_u->end_of_entries_padding, diff --git a/source/rpc_parse/parse_lsa.c b/source/rpc_parse/parse_lsa.c index e1630f79f48..ea249dc5600 100644 --- a/source/rpc_parse/parse_lsa.c +++ b/source/rpc_parse/parse_lsa.c @@ -573,14 +573,17 @@ void init_r_enum_trust_dom(TALLOC_CTX *ctx, LSA_R_ENUM_TRUST_DOM *out, return; } - out->domlist->domains = TALLOC_ARRAY( ctx, DOMAIN_INFO, + if (out->count) { + out->domlist->domains = TALLOC_ARRAY( ctx, DOMAIN_INFO, out->count ); - - if ( !out->domlist->domains ) { - out->status = NT_STATUS_NO_MEMORY; - return; + if ( !out->domlist->domains ) { + out->status = NT_STATUS_NO_MEMORY; + return; + } + } else { + out->domlist->domains = NULL; } - + out->domlist->count = out->count; /* initialize the list of domains and their sid */ @@ -737,9 +740,13 @@ static BOOL lsa_io_dom_query_2(const char *desc, DOM_QUERY_2 *d_q, prs_struct *p return False; if (UNMARSHALLING(ps)) { - d_q->auditsettings = TALLOC_ZERO_ARRAY(ps->mem_ctx, uint32, d_q->count2); - if (!d_q->auditsettings) { - return False; + if (d_q->count2) { + d_q->auditsettings = TALLOC_ZERO_ARRAY(ps->mem_ctx, uint32, d_q->count2); + if (!d_q->auditsettings) { + return False; + } + } else { + d_q->auditsettings = NULL; } } @@ -1118,16 +1125,16 @@ static void init_lsa_sid_enum(TALLOC_CTX *mem_ctx, LSA_SID_ENUM *sen, /* Allocate memory for sids and sid pointers */ - if (num_entries == 0) return; - - if ((sen->ptr_sid = TALLOC_ZERO_ARRAY(mem_ctx, uint32, num_entries )) == NULL) { - DEBUG(3, ("init_lsa_sid_enum(): out of memory for ptr_sid\n")); - return; - } + if (num_entries) { + if ((sen->ptr_sid = TALLOC_ZERO_ARRAY(mem_ctx, uint32, num_entries )) == NULL) { + DEBUG(3, ("init_lsa_sid_enum(): out of memory for ptr_sid\n")); + return; + } - if ((sen->sid = TALLOC_ZERO_ARRAY(mem_ctx, DOM_SID2, num_entries)) == NULL) { - DEBUG(3, ("init_lsa_sid_enum(): out of memory for sids\n")); - return; + if ((sen->sid = TALLOC_ZERO_ARRAY(mem_ctx, DOM_SID2, num_entries)) == NULL) { + DEBUG(3, ("init_lsa_sid_enum(): out of memory for sids\n")); + return; + } } /* Copy across SIDs and SID pointers */ @@ -1563,14 +1570,19 @@ void init_q_lookup_names(TALLOC_CTX *mem_ctx, LSA_Q_LOOKUP_NAMES *q_l, q_l->num_entries2 = num_names; q_l->lookup_level = 1; - if ((q_l->uni_name = TALLOC_ZERO_ARRAY(mem_ctx, UNISTR2, num_names)) == NULL) { - DEBUG(3, ("init_q_lookup_names(): out of memory\n")); - return; - } + if (num_names) { + if ((q_l->uni_name = TALLOC_ZERO_ARRAY(mem_ctx, UNISTR2, num_names)) == NULL) { + DEBUG(3, ("init_q_lookup_names(): out of memory\n")); + return; + } - if ((q_l->hdr_name = TALLOC_ZERO_ARRAY(mem_ctx, UNIHDR, num_names)) == NULL) { - DEBUG(3, ("init_q_lookup_names(): out of memory\n")); - return; + if ((q_l->hdr_name = TALLOC_ZERO_ARRAY(mem_ctx, UNIHDR, num_names)) == NULL) { + DEBUG(3, ("init_q_lookup_names(): out of memory\n")); + return; + } + } else { + q_l->uni_name = NULL; + q_l->hdr_name = NULL; } for (i = 0; i < num_names; i++) { diff --git a/source/rpc_parse/parse_misc.c b/source/rpc_parse/parse_misc.c index 3b1e9a4f08e..a926a5e18ee 100644 --- a/source/rpc_parse/parse_misc.c +++ b/source/rpc_parse/parse_misc.c @@ -268,7 +268,7 @@ BOOL smb_io_dom_sid2_p(const char *desc, prs_struct *ps, int depth, DOM_SID2 **s if (UNMARSHALLING(ps)) { if ( !(*sid2 = PRS_ALLOC_MEM(ps, DOM_SID2, 1)) ) - return False; + return False; } return True; @@ -496,11 +496,15 @@ void init_unistr(UNISTR *str, const char *buf) len = strlen(buf) + 1; - str->buffer = TALLOC_ZERO_ARRAY(get_talloc_ctx(), uint16, len); - if (str->buffer == NULL) - smb_panic("init_unistr: malloc fail\n"); + if (len) { + str->buffer = TALLOC_ZERO_ARRAY(get_talloc_ctx(), uint16, len); + if (str->buffer == NULL) + smb_panic("init_unistr: malloc fail\n"); - rpcstr_push(str->buffer, buf, len*sizeof(uint16), STR_TERMINATE); + rpcstr_push(str->buffer, buf, len*sizeof(uint16), STR_TERMINATE); + } else { + str->buffer = NULL; + } } /******************************************************************* @@ -703,15 +707,18 @@ void copy_unistr2(UNISTR2 *str, const UNISTR2 *from) (the the length of the source string) to prevent reallocation of memory. */ if (str->buffer == NULL) { - str->buffer = (uint16 *)TALLOC_ZERO_ARRAY(get_talloc_ctx(), uint16, str->uni_max_len); - if ((str->buffer == NULL)) { - smb_panic("copy_unistr2: talloc fail\n"); - return; + if (str->uni_max_len) { + str->buffer = (uint16 *)TALLOC_ZERO_ARRAY(get_talloc_ctx(), uint16, str->uni_max_len); + if ((str->buffer == NULL)) { + smb_panic("copy_unistr2: talloc fail\n"); + return; + } + /* copy the string */ + memcpy(str->buffer, from->buffer, str->uni_max_len*sizeof(uint16)); + } else { + str->buffer = NULL; } } - - /* copy the string */ - memcpy(str->buffer, from->buffer, str->uni_max_len*sizeof(uint16)); } /******************************************************************* @@ -799,7 +806,9 @@ void init_unistr2(UNISTR2 *str, const char *buf, enum unistr2_term_codes flags) len = strlen(buf) + 1; if ( flags == UNI_STR_DBLTERMINATE ) len++; - } else { + } + + if (buf == NULL || len == 0) { /* no buffer -- nothing to do */ str->uni_max_len = 0; str->offset = 0; @@ -887,10 +896,14 @@ void init_unistr2_w(TALLOC_CTX *ctx, UNISTR2 *str, const smb_ucs2_t *buf) str->offset = 0; str->uni_str_len = len; - str->buffer = TALLOC_ZERO_ARRAY(ctx, uint16, len + 1); - if (str->buffer == NULL) { - smb_panic("init_unistr2_w: talloc fail\n"); - return; + if (len + 1) { + str->buffer = TALLOC_ZERO_ARRAY(ctx, uint16, len + 1); + if (str->buffer == NULL) { + smb_panic("init_unistr2_w: talloc fail\n"); + return; + } + } else { + str->buffer = NULL; } /* @@ -903,7 +916,9 @@ void init_unistr2_w(TALLOC_CTX *ctx, UNISTR2 *str, const smb_ucs2_t *buf) /* Yes, this is a strncpy( foo, bar, strlen(bar)) - but as long as the buffer above is talloc()ed correctly then this is the correct thing to do */ - strncpy_w(str->buffer, buf, len + 1); + if (len+1) { + strncpy_w(str->buffer, buf, len + 1); + } } /******************************************************************* @@ -937,10 +952,14 @@ void init_unistr2_from_unistr(UNISTR2 *to, const UNISTR *from) to->uni_str_len = i; /* allocate the space and copy the string buffer */ - to->buffer = TALLOC_ZERO_ARRAY(get_talloc_ctx(), uint16, i); - if (to->buffer == NULL) - smb_panic("init_unistr2_from_unistr: malloc fail\n"); - memcpy(to->buffer, from->buffer, i*sizeof(uint16)); + if (i) { + to->buffer = TALLOC_ZERO_ARRAY(get_talloc_ctx(), uint16, i); + if (to->buffer == NULL) + smb_panic("init_unistr2_from_unistr: malloc fail\n"); + memcpy(to->buffer, from->buffer, i*sizeof(uint16)); + } else { + to->buffer = NULL; + } return; } @@ -1136,12 +1155,13 @@ BOOL prs_unistr4_array(const char *desc, prs_struct *ps, int depth, UNISTR4_ARRA if(!prs_uint32("count", ps, depth, &array->count)) return False; - if ( array->count == 0 ) - return True; - if (UNMARSHALLING(ps)) { - if ( !(array->strings = TALLOC_ZERO_ARRAY( get_talloc_ctx(), UNISTR4, array->count)) ) - return False; + if (array->count) { + if ( !(array->strings = TALLOC_ZERO_ARRAY( get_talloc_ctx(), UNISTR4, array->count)) ) + return False; + } else { + array->strings = NULL; + } } /* write the headers and then the actual string buffer */ @@ -1169,13 +1189,14 @@ BOOL init_unistr4_array( UNISTR4_ARRAY *array, uint32 count, const char **string array->count = count; - if ( array->count == 0 ) - return True; - /* allocate memory for the array of UNISTR4 objects */ - if ( !(array->strings = TALLOC_ZERO_ARRAY(get_talloc_ctx(), UNISTR4, count )) ) - return False; + if (array->count) { + if ( !(array->strings = TALLOC_ZERO_ARRAY(get_talloc_ctx(), UNISTR4, count )) ) + return False; + } else { + array->strings = NULL; + } for ( i=0; i<count; i++ ) init_unistr4( &array->strings[i], strings[i], UNI_STR_TERMINATE ); @@ -1724,11 +1745,15 @@ void init_unistr3(UNISTR3 *str, const char *buf) str->uni_str_len = strlen(buf) + 1; - str->str.buffer = TALLOC_ZERO_ARRAY(get_talloc_ctx(), uint16, str->uni_str_len); - if (str->str.buffer == NULL) - smb_panic("init_unistr3: malloc fail\n"); + if (str->uni_str_len) { + str->str.buffer = TALLOC_ZERO_ARRAY(get_talloc_ctx(), uint16, str->uni_str_len); + if (str->str.buffer == NULL) + smb_panic("init_unistr3: malloc fail\n"); - rpcstr_push((char *)str->str.buffer, buf, str->uni_str_len * sizeof(uint16), STR_TERMINATE); + rpcstr_push((char *)str->str.buffer, buf, str->uni_str_len * sizeof(uint16), STR_TERMINATE); + } else { + str->str.buffer = NULL; + } } /******************************************************************* diff --git a/source/rpc_parse/parse_net.c b/source/rpc_parse/parse_net.c index 2ccc9f59f68..d84dc4ef11c 100644 --- a/source/rpc_parse/parse_net.c +++ b/source/rpc_parse/parse_net.c @@ -1022,9 +1022,13 @@ static int init_dom_sid2s(TALLOC_CTX *ctx, const char *sids_str, DOM_SID2 **ppsi } /* Now allocate space for them. */ - *ppsids = TALLOC_ZERO_ARRAY(ctx, DOM_SID2, count); - if (*ppsids == NULL) - return 0; + if (count) { + *ppsids = TALLOC_ZERO_ARRAY(ctx, DOM_SID2, count); + if (*ppsids == NULL) + return 0; + } else { + *ppsids = NULL; + } sids = *ppsids; @@ -1506,9 +1510,13 @@ void init_net_user_info3(TALLOC_CTX *ctx, NET_USER_INFO_3 *usr, usr->num_groups2 = num_groups; - usr->gids = TALLOC_ZERO_ARRAY(ctx,DOM_GID,num_groups); - if (usr->gids == NULL && num_groups>0) - return; + if (num_groups) { + usr->gids = TALLOC_ZERO_ARRAY(ctx,DOM_GID,num_groups); + if (usr->gids == NULL) + return; + } else { + usr->gids = NULL; + } for (i = 0; i < num_groups; i++) usr->gids[i] = gids[i]; @@ -2467,13 +2475,19 @@ static BOOL net_io_sam_group_mem_info(const char *desc, SAM_GROUP_MEM_INFO * inf return False; } - info->rids = TALLOC_ARRAY(ps->mem_ctx, uint32, info->num_members2); - - if (info->rids == NULL) { - DEBUG(0, ("out of memory allocating %d rids\n", - info->num_members2)); - return False; - } + if (UNMARSHALLING(ps)) { + if (info->num_members2) { + info->rids = TALLOC_ARRAY(ps->mem_ctx, uint32, info->num_members2); + + if (info->rids == NULL) { + DEBUG(0, ("out of memory allocating %d rids\n", + info->num_members2)); + return False; + } + } else { + info->rids = NULL; + } + } for (i = 0; i < info->num_members2; i++) { @@ -2494,13 +2508,19 @@ static BOOL net_io_sam_group_mem_info(const char *desc, SAM_GROUP_MEM_INFO * inf return False; } - info->attribs = TALLOC_ARRAY(ps->mem_ctx, uint32, info->num_members3); - - if (info->attribs == NULL) { - DEBUG(0, ("out of memory allocating %d attribs\n", - info->num_members3)); - return False; - } + if (UNMARSHALLING(ps)) { + if (info->num_members3) { + info->attribs = TALLOC_ARRAY(ps->mem_ctx, uint32, info->num_members3); + + if (info->attribs == NULL) { + DEBUG(0, ("out of memory allocating %d attribs\n", + info->num_members3)); + return False; + } + } else { + info->attribs = NULL; + } + } for (i = 0; i < info->num_members3; i++) { @@ -2580,13 +2600,19 @@ static BOOL net_io_sam_alias_mem_info(const char *desc, SAM_ALIAS_MEM_INFO * inf return False; } - info->ptr_sids = TALLOC_ARRAY(ps->mem_ctx, uint32, info->num_sids); + if (UNMARSHALLING(ps)) { + if (info->num_sids) { + info->ptr_sids = TALLOC_ARRAY(ps->mem_ctx, uint32, info->num_sids); - if (info->ptr_sids == NULL) { - DEBUG(0, ("out of memory allocating %d ptr_sids\n", - info->num_sids)); - return False; - } + if (info->ptr_sids == NULL) { + DEBUG(0, ("out of memory allocating %d ptr_sids\n", + info->num_sids)); + return False; + } + } else { + info->ptr_sids = NULL; + } + } for (i = 0; i < info->num_sids; i++) { @@ -2595,13 +2621,19 @@ static BOOL net_io_sam_alias_mem_info(const char *desc, SAM_ALIAS_MEM_INFO * inf return False; } - info->sids = TALLOC_ARRAY(ps->mem_ctx, DOM_SID2, info->num_sids); - - if (info->sids == NULL) { - DEBUG(0, ("error allocating %d sids\n", - info->num_sids)); - return False; - } + if (UNMARSHALLING(ps)) { + if (info->num_sids) { + info->sids = TALLOC_ARRAY(ps->mem_ctx, DOM_SID2, info->num_sids); + + if (info->sids == NULL) { + DEBUG(0, ("error allocating %d sids\n", + info->num_sids)); + return False; + } + } else { + info->sids = NULL; + } + } for (i = 0; i < info->num_sids; i++) { @@ -2911,7 +2943,16 @@ static BOOL net_io_sam_privs_info(const char *desc, SAM_DELTA_PRIVS *info, if(!prs_uint32("attribute_count", ps, depth, &info->attribute_count)) return False; - info->attributes = TALLOC_ARRAY(ps->mem_ctx, uint32, info->attribute_count); + if (UNMARSHALLING(ps)) { + if (info->attribute_count) { + info->attributes = TALLOC_ARRAY(ps->mem_ctx, uint32, info->attribute_count); + if (!info->attributes) { + return False; + } + } else { + info->attributes = NULL; + } + } for (i=0; i<info->attribute_count; i++) if(!prs_uint32("attributes", ps, depth, &info->attributes[i])) @@ -2920,8 +2961,21 @@ static BOOL net_io_sam_privs_info(const char *desc, SAM_DELTA_PRIVS *info, if(!prs_uint32("privlist_count", ps, depth, &info->privlist_count)) return False; - info->hdr_privslist = TALLOC_ARRAY(ps->mem_ctx, UNIHDR, info->privlist_count); - info->uni_privslist = TALLOC_ARRAY(ps->mem_ctx, UNISTR2, info->privlist_count); + if (UNMARSHALLING(ps)) { + if (info->privlist_count) { + info->hdr_privslist = TALLOC_ARRAY(ps->mem_ctx, UNIHDR, info->privlist_count); + info->uni_privslist = TALLOC_ARRAY(ps->mem_ctx, UNISTR2, info->privlist_count); + if (!info->hdr_privslist) { + return False; + } + if (!info->uni_privslist) { + return False; + } + } else { + info->hdr_privslist = NULL; + info->uni_privslist = NULL; + } + } for (i=0; i<info->privlist_count; i++) if(!smb_io_unihdr("hdr_privslist", &info->hdr_privslist[i], ps, depth)) @@ -3051,15 +3105,19 @@ BOOL net_io_r_sam_sync(const char *desc, return False; } - if (r_s->num_deltas2 > 0) { - r_s->hdr_deltas = TALLOC_ARRAY(ps->mem_ctx, SAM_DELTA_HDR, r_s->num_deltas2); - if (r_s->hdr_deltas == NULL) { - DEBUG(0, ("error tallocating memory " - "for %d delta headers\n", - r_s->num_deltas2)); - return False; - } - } + if (UNMARSHALLING(ps)) { + if (r_s->num_deltas2) { + r_s->hdr_deltas = TALLOC_ARRAY(ps->mem_ctx, SAM_DELTA_HDR, r_s->num_deltas2); + if (r_s->hdr_deltas == NULL) { + DEBUG(0, ("error tallocating memory " + "for %d delta headers\n", + r_s->num_deltas2)); + return False; + } + } else { + r_s->hdr_deltas = NULL; + } + } for (i = 0; i < r_s->num_deltas2; i++) { @@ -3069,15 +3127,19 @@ BOOL net_io_r_sam_sync(const char *desc, return False; } - if (r_s->num_deltas2 > 0) { - r_s->deltas = TALLOC_ARRAY(ps->mem_ctx, SAM_DELTA_CTR, r_s->num_deltas2); - if (r_s->deltas == NULL) { - DEBUG(0, ("error tallocating memory " - "for %d deltas\n", - r_s->num_deltas2)); - return False; - } - } + if (UNMARSHALLING(ps)) { + if (r_s->num_deltas2) { + r_s->deltas = TALLOC_ARRAY(ps->mem_ctx, SAM_DELTA_CTR, r_s->num_deltas2); + if (r_s->deltas == NULL) { + DEBUG(0, ("error tallocating memory " + "for %d deltas\n", + r_s->num_deltas2)); + return False; + } + } else { + r_s->deltas = NULL; + } + } for (i = 0; i < r_s->num_deltas2; i++) { @@ -3180,15 +3242,19 @@ BOOL net_io_r_sam_deltas(const char *desc, if (r_s->ptr_deltas != 0) { - if (r_s->num_deltas > 0) { - r_s->hdr_deltas = TALLOC_ARRAY(ps->mem_ctx, SAM_DELTA_HDR, r_s->num_deltas); - if (r_s->hdr_deltas == NULL) { - DEBUG(0, ("error tallocating memory " - "for %d delta headers\n", - r_s->num_deltas)); - return False; - } - } + if (UNMARSHALLING(ps)) { + if (r_s->num_deltas) { + r_s->hdr_deltas = TALLOC_ARRAY(ps->mem_ctx, SAM_DELTA_HDR, r_s->num_deltas); + if (r_s->hdr_deltas == NULL) { + DEBUG(0, ("error tallocating memory " + "for %d delta headers\n", + r_s->num_deltas)); + return False; + } + } else { + r_s->hdr_deltas = NULL; + } + } for (i = 0; i < r_s->num_deltas; i++) { @@ -3196,15 +3262,19 @@ BOOL net_io_r_sam_deltas(const char *desc, ps, depth); } - if (r_s->num_deltas > 0) { - r_s->deltas = TALLOC_ARRAY(ps->mem_ctx, SAM_DELTA_CTR, r_s->num_deltas); - if (r_s->deltas == NULL) { - DEBUG(0, ("error tallocating memory " - "for %d deltas\n", - r_s->num_deltas)); - return False; - } - } + if (UNMARSHALLING(ps)) { + if (r_s->num_deltas) { + r_s->deltas = TALLOC_ARRAY(ps->mem_ctx, SAM_DELTA_CTR, r_s->num_deltas); + if (r_s->deltas == NULL) { + DEBUG(0, ("error tallocating memory " + "for %d deltas\n", + r_s->num_deltas)); + return False; + } + } else { + r_s->deltas = NULL; + } + } for (i = 0; i < r_s->num_deltas; i++) { diff --git a/source/rpc_parse/parse_ntsvcs.c b/source/rpc_parse/parse_ntsvcs.c index ab5f3f75e87..559a9d5ab5f 100644 --- a/source/rpc_parse/parse_ntsvcs.c +++ b/source/rpc_parse/parse_ntsvcs.c @@ -334,9 +334,13 @@ BOOL ntsvcs_io_r_get_hw_profile_info(const char *desc, NTSVCS_R_GET_HW_PROFILE_I return False; if ( UNMARSHALLING(ps) ) { - r_u->buffer = TALLOC_ARRAY(get_talloc_ctx(), uint8, r_u->buffer_size ); - if (!r_u->buffer) { - return False; + if (r_u->buffer_size) { + r_u->buffer = TALLOC_ARRAY(get_talloc_ctx(), uint8, r_u->buffer_size ); + if (!r_u->buffer) { + return False; + } + } else { + r_u->buffer = NULL; } } diff --git a/source/rpc_parse/parse_prs.c b/source/rpc_parse/parse_prs.c index 540db5b6a85..2a5daac2e6e 100644 --- a/source/rpc_parse/parse_prs.c +++ b/source/rpc_parse/parse_prs.c @@ -156,9 +156,9 @@ char *prs_alloc_mem(prs_struct *ps, size_t size, unsigned int count) { char *ret = NULL; - if (size) { + if (size && count) { /* We can't call the type-safe version here. */ - ret = (char *)_talloc_zero_array(ps->mem_ctx, size, count, + ret = (char *)_talloc_zero_array_zeronull(ps->mem_ctx, size, count, "parse_prs"); } return ret; @@ -1817,7 +1817,7 @@ return the contents of a prs_struct in a DATA_BLOB BOOL prs_data_blob(prs_struct *prs, DATA_BLOB *blob, TALLOC_CTX *mem_ctx) { blob->length = prs_data_size(prs); - blob->data = (uint8 *)talloc_zero_size(mem_ctx, blob->length); + blob->data = (uint8 *)TALLOC_ZERO_SIZE(mem_ctx, blob->length); /* set the pointer at the end of the buffer */ prs_set_offset( prs, prs_data_size(prs) ); diff --git a/source/rpc_parse/parse_samr.c b/source/rpc_parse/parse_samr.c index 27a5ef9d996..273b1b97261 100644 --- a/source/rpc_parse/parse_samr.c +++ b/source/rpc_parse/parse_samr.c @@ -4175,7 +4175,11 @@ void init_samr_q_lookup_rids(TALLOC_CTX *ctx, SAMR_Q_LOOKUP_RIDS * q_u, q_u->flags = flags; q_u->ptr = 0; q_u->num_rids2 = num_rids; - q_u->rid = TALLOC_ZERO_ARRAY(ctx, uint32, num_rids ); + if (num_rids) { + q_u->rid = TALLOC_ZERO_ARRAY(ctx, uint32, num_rids ); + } else { + q_u->rid = NULL; + } if (q_u->rid == NULL) { q_u->num_rids1 = 0; q_u->num_rids2 = 0; @@ -4814,11 +4818,16 @@ NTSTATUS init_samr_q_lookup_names(TALLOC_CTX *ctx, SAMR_Q_LOOKUP_NAMES * q_u, q_u->ptr = 0; q_u->num_names2 = num_names; - if (!(q_u->hdr_name = TALLOC_ZERO_ARRAY(ctx, UNIHDR, num_names))) - return NT_STATUS_NO_MEMORY; + if (num_names) { + if (!(q_u->hdr_name = TALLOC_ZERO_ARRAY(ctx, UNIHDR, num_names))) + return NT_STATUS_NO_MEMORY; - if (!(q_u->uni_name = TALLOC_ZERO_ARRAY(ctx, UNISTR2, num_names))) - return NT_STATUS_NO_MEMORY; + if (!(q_u->uni_name = TALLOC_ZERO_ARRAY(ctx, UNISTR2, num_names))) + return NT_STATUS_NO_MEMORY; + } else { + q_u->hdr_name = NULL; + q_u->uni_name = NULL; + } for (i = 0; i < num_names; i++) { init_unistr2(&q_u->uni_name[i], name[i], UNI_FLAGS_NONE); /* unicode string for machine account */ @@ -4903,10 +4912,15 @@ NTSTATUS init_samr_r_lookup_names(TALLOC_CTX *ctx, SAMR_R_LOOKUP_NAMES * r_u, r_u->ptr_rids = 1; r_u->num_rids2 = num_rids; - if (!(r_u->rids = TALLOC_ZERO_ARRAY(ctx, uint32, num_rids))) - return NT_STATUS_NO_MEMORY; - if (!(r_u->types = TALLOC_ZERO_ARRAY(ctx, uint32, num_rids))) - return NT_STATUS_NO_MEMORY; + if (num_rids) { + if (!(r_u->rids = TALLOC_ZERO_ARRAY(ctx, uint32, num_rids))) + return NT_STATUS_NO_MEMORY; + if (!(r_u->types = TALLOC_ZERO_ARRAY(ctx, uint32, num_rids))) + return NT_STATUS_NO_MEMORY; + } else { + r_u->rids = NULL; + r_u->types = NULL; + } if (!r_u->rids || !r_u->types) goto empty; diff --git a/source/rpc_parse/parse_spoolss.c b/source/rpc_parse/parse_spoolss.c index 57899ceff30..ae82f9c1164 100644 --- a/source/rpc_parse/parse_spoolss.c +++ b/source/rpc_parse/parse_spoolss.c @@ -5255,9 +5255,13 @@ BOOL make_spoolss_buffer5(TALLOC_CTX *mem_ctx, BUFFER5 *buf5, uint32 len, uint16 buf5->buf_len = len; if (src) { - if((buf5->buffer=(uint16*)TALLOC_MEMDUP(mem_ctx, src, sizeof(uint16)*len)) == NULL) { - DEBUG(0,("make_spoolss_buffer5: Unable to malloc memory for buffer!\n")); - return False; + if (len) { + if((buf5->buffer=(uint16*)TALLOC_MEMDUP(mem_ctx, src, sizeof(uint16)*len)) == NULL) { + DEBUG(0,("make_spoolss_buffer5: Unable to malloc memory for buffer!\n")); + return False; + } + } else { + buf5->buffer = NULL; } } else { buf5->buffer=NULL; diff --git a/source/rpc_parse/parse_svcctl.c b/source/rpc_parse/parse_svcctl.c index dc4ee3e6e99..3846812f31d 100644 --- a/source/rpc_parse/parse_svcctl.c +++ b/source/rpc_parse/parse_svcctl.c @@ -829,10 +829,14 @@ BOOL svcctl_io_service_fa( const char *desc, SERVICE_FAILURE_ACTIONS *fa, RPC_BU if ( !prs_uint32("num_actions", ps, depth, &fa->num_actions) ) return False; - if ( UNMARSHALLING(ps) && fa->num_actions ) { - if ( !(fa->actions = TALLOC_ARRAY( get_talloc_ctx(), SC_ACTION, fa->num_actions )) ) { - DEBUG(0,("svcctl_io_service_fa: talloc() failure!\n")); - return False; + if ( UNMARSHALLING(ps)) { + if (fa->num_actions) { + if ( !(fa->actions = TALLOC_ARRAY( get_talloc_ctx(), SC_ACTION, fa->num_actions )) ) { + DEBUG(0,("svcctl_io_service_fa: talloc() failure!\n")); + return False; + } + } else { + fa->actions = NULL; } } diff --git a/source/rpc_server/srv_dfs_nt.c b/source/rpc_server/srv_dfs_nt.c index 19d1693d924..626e90c8aaf 100644 --- a/source/rpc_server/srv_dfs_nt.c +++ b/source/rpc_server/srv_dfs_nt.c @@ -233,14 +233,18 @@ static BOOL init_reply_dfs_info_3(TALLOC_CTX *ctx, struct junction_map* j, NETDF init_unistr2(&dfs3->comment, j->comment, UNI_STR_TERMINATE); dfs3->state = 1; dfs3->num_stores = dfs3->size_stores = j->referral_count; - dfs3->ptr0_stores = 1; /* also enumerate the stores */ - dfs3->stores = TALLOC_ARRAY(ctx, NETDFS_DFS_STORAGEINFO, j->referral_count); - if (!dfs3->stores) - return False; - - memset(dfs3->stores, '\0', j->referral_count * sizeof(NETDFS_DFS_STORAGEINFO)); + if (j->referral_count) { + dfs3->stores = TALLOC_ARRAY(ctx, NETDFS_DFS_STORAGEINFO, j->referral_count); + if (!dfs3->stores) + return False; + memset(dfs3->stores, '\0', j->referral_count * sizeof(NETDFS_DFS_STORAGEINFO)); + dfs3->ptr0_stores = 1; + } else { + dfs3->stores = NULL; + dfs3->ptr0_stores = 0; + } for(ii=0;ii<j->referral_count;ii++) { char* p; @@ -294,28 +298,34 @@ WERROR _dfs_Enum(pipes_struct *p, NETDFS_Q_DFS_ENUM *q_u, NETDFS_R_DFS_ENUM *r_u /* Create the return array */ switch (level) { case 1: - if ((r_u->info.e.u.info1.s = TALLOC_ARRAY(p->mem_ctx, NETDFS_DFS_INFO1, num_jn)) == NULL) { - return WERR_NOMEM; - } r_u->info.e.u.info1.count = num_jn; - r_u->info.e.u.info1.ptr0_s = 1; - r_u->info.e.u.info1.size_s = num_jn; + if (num_jn) { + if ((r_u->info.e.u.info1.s = TALLOC_ARRAY(p->mem_ctx, NETDFS_DFS_INFO1, num_jn)) == NULL) { + return WERR_NOMEM; + } + r_u->info.e.u.info1.ptr0_s = 1; + r_u->info.e.u.info1.size_s = num_jn; + } break; case 2: - if ((r_u->info.e.u.info2.s = TALLOC_ARRAY(p->mem_ctx, NETDFS_DFS_INFO2, num_jn)) == NULL) { - return WERR_NOMEM; - } r_u->info.e.u.info2.count = num_jn; - r_u->info.e.u.info2.ptr0_s = 1; - r_u->info.e.u.info2.size_s = num_jn; + if (num_jn) { + if ((r_u->info.e.u.info2.s = TALLOC_ARRAY(p->mem_ctx, NETDFS_DFS_INFO2, num_jn)) == NULL) { + return WERR_NOMEM; + } + r_u->info.e.u.info2.ptr0_s = 1; + r_u->info.e.u.info2.size_s = num_jn; + } break; case 3: - if ((r_u->info.e.u.info3.s = TALLOC_ARRAY(p->mem_ctx, NETDFS_DFS_INFO3, num_jn)) == NULL) { - return WERR_NOMEM; - } r_u->info.e.u.info3.count = num_jn; - r_u->info.e.u.info3.ptr0_s = 1; - r_u->info.e.u.info3.size_s = num_jn; + if (num_jn) { + if ((r_u->info.e.u.info3.s = TALLOC_ARRAY(p->mem_ctx, NETDFS_DFS_INFO3, num_jn)) == NULL) { + return WERR_NOMEM; + } + r_u->info.e.u.info3.ptr0_s = 1; + r_u->info.e.u.info3.size_s = num_jn; + } break; default: return WERR_INVALID_PARAM; diff --git a/source/rpc_server/srv_echo_nt.c b/source/rpc_server/srv_echo_nt.c index 86fcce28c71..89519602bce 100644 --- a/source/rpc_server/srv_echo_nt.c +++ b/source/rpc_server/srv_echo_nt.c @@ -44,6 +44,11 @@ void _echo_data(pipes_struct *p, ECHO_Q_ECHO_DATA *q_u, { DEBUG(10, ("_echo_data\n")); + if (q_u->size == 0) { + r_u->data = NULL; + r_u->size = 0; + return; + } r_u->data = TALLOC(p->mem_ctx, q_u->size); r_u->size = q_u->size; memcpy(r_u->data, q_u->data, q_u->size); @@ -68,6 +73,11 @@ void _source_data(pipes_struct *p, ECHO_Q_SOURCE_DATA *q_u, DEBUG(10, ("_source_data\n")); + if (q_u->size == 0) { + r_u->data = NULL; + r_u->size = 0; + return; + } r_u->data = TALLOC(p->mem_ctx, q_u->size); r_u->size = q_u->size; diff --git a/source/rpc_server/srv_lsa_nt.c b/source/rpc_server/srv_lsa_nt.c index 3e39b2fd831..b42a851c151 100644 --- a/source/rpc_server/srv_lsa_nt.c +++ b/source/rpc_server/srv_lsa_nt.c @@ -1069,7 +1069,18 @@ NTSTATUS _lsa_lookup_names(pipes_struct *p,LSA_Q_LOOKUP_NAMES *q_u, LSA_R_LOOKUP } ref = TALLOC_ZERO_P(p->mem_ctx, DOM_R_REF); - rids = TALLOC_ZERO_ARRAY(p->mem_ctx, DOM_RID, num_entries); + if (!ref) { + return NT_STATUS_NO_MEMORY; + } + + if (num_entries) { + rids = TALLOC_ZERO_ARRAY(p->mem_ctx, DOM_RID, num_entries); + if (!rids) { + return NT_STATUS_NO_MEMORY; + } + } else { + rids = NULL; + } if (!find_policy_by_hnd(p, &q_u->pol, (void **)(void *)&handle)) { r_u->status = NT_STATUS_INVALID_HANDLE; @@ -1082,9 +1093,6 @@ NTSTATUS _lsa_lookup_names(pipes_struct *p,LSA_Q_LOOKUP_NAMES *q_u, LSA_R_LOOKUP goto done; } - if (!ref || !rids) - return NT_STATUS_NO_MEMORY; - /* set up the LSA Lookup RIDs response */ become_root(); /* lookup_name can require root privs */ r_u->status = lookup_lsa_rids(p->mem_ctx, ref, rids, num_entries, @@ -1131,14 +1139,23 @@ NTSTATUS _lsa_lookup_names2(pipes_struct *p, LSA_Q_LOOKUP_NAMES2 *q_u, LSA_R_LOO } ref = TALLOC_ZERO_P(p->mem_ctx, DOM_R_REF); - rids = TALLOC_ZERO_ARRAY(p->mem_ctx, DOM_RID, num_entries); - rids2 = TALLOC_ZERO_ARRAY(p->mem_ctx, DOM_RID2, num_entries); - - if ((ref == NULL) || (rids == NULL) || (rids2 == NULL)) { + if (ref == NULL) { r_u->status = NT_STATUS_NO_MEMORY; return NT_STATUS_NO_MEMORY; } + if (num_entries) { + rids = TALLOC_ZERO_ARRAY(p->mem_ctx, DOM_RID, num_entries); + rids2 = TALLOC_ZERO_ARRAY(p->mem_ctx, DOM_RID2, num_entries); + if ((rids == NULL) || (rids2 == NULL)) { + r_u->status = NT_STATUS_NO_MEMORY; + return NT_STATUS_NO_MEMORY; + } + } else { + rids = NULL; + rids2 = NULL; + } + if (!find_policy_by_hnd(p, &q_u->pol, (void **)(void *)&handle)) { r_u->status = NT_STATUS_INVALID_HANDLE; goto done; @@ -1203,7 +1220,17 @@ NTSTATUS _lsa_lookup_names3(pipes_struct *p, LSA_Q_LOOKUP_NAMES3 *q_u, LSA_R_LOO } ref = TALLOC_ZERO_P(p->mem_ctx, DOM_R_REF); - trans_sids = TALLOC_ZERO_ARRAY(p->mem_ctx, LSA_TRANSLATED_SID3, num_entries); + if (ref == NULL) { + return NT_STATUS_NO_MEMORY; + } + if (num_entries) { + trans_sids = TALLOC_ZERO_ARRAY(p->mem_ctx, LSA_TRANSLATED_SID3, num_entries); + if (!trans_sids) { + return NT_STATUS_NO_MEMORY; + } + } else { + trans_sids = NULL; + } if (!find_policy_by_hnd(p, &q_u->pol, (void **)(void *)&handle)) { r_u->status = NT_STATUS_INVALID_HANDLE; @@ -1216,10 +1243,6 @@ NTSTATUS _lsa_lookup_names3(pipes_struct *p, LSA_Q_LOOKUP_NAMES3 *q_u, LSA_R_LOO goto done; } - if (!ref || !trans_sids) { - return NT_STATUS_NO_MEMORY; - } - /* set up the LSA Lookup SIDs response */ become_root(); /* lookup_name can require root privs */ r_u->status = lookup_lsa_sids(p->mem_ctx, ref, trans_sids, num_entries, @@ -1271,12 +1294,19 @@ NTSTATUS _lsa_lookup_names4(pipes_struct *p, LSA_Q_LOOKUP_NAMES4 *q_u, LSA_R_LOO } ref = TALLOC_ZERO_P(p->mem_ctx, DOM_R_REF); - trans_sids = TALLOC_ZERO_ARRAY(p->mem_ctx, LSA_TRANSLATED_SID3, num_entries); - - if (!ref || !trans_sids) { + if (!ref) { return NT_STATUS_NO_MEMORY; } + if (num_entries) { + trans_sids = TALLOC_ZERO_ARRAY(p->mem_ctx, LSA_TRANSLATED_SID3, num_entries); + if (!trans_sids) { + return NT_STATUS_NO_MEMORY; + } + } else { + trans_sids = NULL; + } + /* set up the LSA Lookup SIDs response */ become_root(); /* lookup_name can require root privs */ r_u->status = lookup_lsa_sids(p->mem_ctx, ref, trans_sids, num_entries, @@ -1387,8 +1417,12 @@ NTSTATUS _lsa_enum_privs(pipes_struct *p, LSA_Q_ENUM_PRIVS *q_u, LSA_R_ENUM_PRIV if (!(handle->access & POLICY_VIEW_LOCAL_INFORMATION)) return NT_STATUS_ACCESS_DENIED; - if ( !(entries = TALLOC_ZERO_ARRAY(p->mem_ctx, LSA_PRIV_ENTRY, num_privs )) ) - return NT_STATUS_NO_MEMORY; + if (num_privs) { + if ( !(entries = TALLOC_ZERO_ARRAY(p->mem_ctx, LSA_PRIV_ENTRY, num_privs )) ) + return NT_STATUS_NO_MEMORY; + } else { + entries = NULL; + } for (i = 0; i < num_privs; i++) { if( i < enum_context) { @@ -1492,12 +1526,17 @@ NTSTATUS _lsa_enum_accounts(pipes_struct *p, LSA_Q_ENUM_ACCOUNTS *q_u, LSA_R_ENU if (q_u->enum_context >= num_entries) return NT_STATUS_NO_MORE_ENTRIES; - sids->ptr_sid = TALLOC_ZERO_ARRAY(p->mem_ctx, uint32, num_entries-q_u->enum_context); - sids->sid = TALLOC_ZERO_ARRAY(p->mem_ctx, DOM_SID2, num_entries-q_u->enum_context); + if (num_entries-q_u->enum_context) { + sids->ptr_sid = TALLOC_ZERO_ARRAY(p->mem_ctx, uint32, num_entries-q_u->enum_context); + sids->sid = TALLOC_ZERO_ARRAY(p->mem_ctx, DOM_SID2, num_entries-q_u->enum_context); - if (sids->ptr_sid==NULL || sids->sid==NULL) { - SAFE_FREE(sid_list); - return NT_STATUS_NO_MEMORY; + if (sids->ptr_sid==NULL || sids->sid==NULL) { + SAFE_FREE(sid_list); + return NT_STATUS_NO_MEMORY; + } + } else { + sids->ptr_sid = NULL; + sids->sid = NULL; } for (i = q_u->enum_context, j = 0; i < num_entries; i++, j++) { @@ -1505,7 +1544,7 @@ NTSTATUS _lsa_enum_accounts(pipes_struct *p, LSA_Q_ENUM_ACCOUNTS *q_u, LSA_R_ENU (*sids).ptr_sid[j] = 1; } - SAFE_FREE(sid_list); + talloc_free(sid_list); init_lsa_r_enum_accounts(r_u, num_entries); diff --git a/source/rpc_server/srv_samr_nt.c b/source/rpc_server/srv_samr_nt.c index db0dc7f5e8a..c924c75453d 100644 --- a/source/rpc_server/srv_samr_nt.c +++ b/source/rpc_server/srv_samr_nt.c @@ -869,7 +869,7 @@ static NTSTATUS make_user_sam_entry_list(TALLOC_CTX *ctx, SAM_ENTRY **sam_pp, uni_name = TALLOC_ZERO_ARRAY(ctx, UNISTR2, num_entries); if (sam == NULL || uni_name == NULL) { - DEBUG(0, ("make_user_sam_entry_list: talloc_zero failed!\n")); + DEBUG(0, ("make_user_sam_entry_list: TALLOC_ZERO failed!\n")); return NT_STATUS_NO_MEMORY; } @@ -964,6 +964,7 @@ NTSTATUS _samr_enum_dom_users(pipes_struct *p, SAMR_Q_ENUM_DOM_USERS *q_u, if (num_account == 0) { DEBUG(5, ("_samr_enum_dom_users: enumeration handle over " "total entries\n")); + init_samr_r_enum_dom_users(r_u, q_u->start_idx, 0); return NT_STATUS_OK; } @@ -1723,7 +1724,7 @@ NTSTATUS _samr_lookup_rids(pipes_struct *p, SAMR_Q_LOOKUP_RIDS *q_u, SAMR_R_LOOK UNIHDR *hdr_name = NULL; UNISTR2 *uni_name = NULL; DOM_SID pol_sid; - int num_rids = q_u->num_rids1; + int num_rids = (int)q_u->num_rids1; uint32 acc_granted; int i; @@ -1741,12 +1742,18 @@ NTSTATUS _samr_lookup_rids(pipes_struct *p, SAMR_Q_LOOKUP_RIDS *q_u, SAMR_R_LOOK return NT_STATUS_UNSUCCESSFUL; } - names = TALLOC_ZERO_ARRAY(p->mem_ctx, const char *, num_rids); - attrs = TALLOC_ZERO_ARRAY(p->mem_ctx, enum lsa_SidType, num_rids); - wire_attrs = TALLOC_ZERO_ARRAY(p->mem_ctx, uint32, num_rids); + if (num_rids) { + names = TALLOC_ZERO_ARRAY(p->mem_ctx, const char *, num_rids); + attrs = TALLOC_ZERO_ARRAY(p->mem_ctx, enum lsa_SidType, num_rids); + wire_attrs = TALLOC_ZERO_ARRAY(p->mem_ctx, uint32, num_rids); - if ((num_rids != 0) && ((names == NULL) || (attrs == NULL) || (wire_attrs==NULL))) - return NT_STATUS_NO_MEMORY; + if ((names == NULL) || (attrs == NULL) || (wire_attrs==NULL)) + return NT_STATUS_NO_MEMORY; + } else { + names = NULL; + attrs = NULL; + wire_attrs = NULL; + } become_root(); /* lookup_sid can require root privs */ r_u->status = pdb_lookup_rids(&pol_sid, num_rids, q_u->rid, @@ -3818,10 +3825,14 @@ NTSTATUS _samr_query_useraliases(pipes_struct *p, SAMR_Q_QUERY_USERALIASES *q_u, !sid_check_is_builtin(&info->sid)) return NT_STATUS_OBJECT_TYPE_MISMATCH; - members = TALLOC_ARRAY(p->mem_ctx, DOM_SID, q_u->num_sids1); + if (q_u->num_sids1) { + members = TALLOC_ARRAY(p->mem_ctx, DOM_SID, q_u->num_sids1); - if (members == NULL) - return NT_STATUS_NO_MEMORY; + if (members == NULL) + return NT_STATUS_NO_MEMORY; + } else { + members = NULL; + } for (i=0; i<q_u->num_sids1; i++) sid_copy(&members[i], &q_u->sid[i].sid); @@ -3879,10 +3890,14 @@ NTSTATUS _samr_query_aliasmem(pipes_struct *p, SAMR_Q_QUERY_ALIASMEM *q_u, SAMR_ return status; } - sid = TALLOC_ZERO_ARRAY(p->mem_ctx, DOM_SID2, num_sids); - if (num_sids!=0 && sid == NULL) { - SAFE_FREE(sids); - return NT_STATUS_NO_MEMORY; + if (num_sids) { + sid = TALLOC_ZERO_ARRAY(p->mem_ctx, DOM_SID2, num_sids); + if (sid == NULL) { + SAFE_FREE(sids); + return NT_STATUS_NO_MEMORY; + } + } else { + sid = NULL; } for (i = 0; i < num_sids; i++) { @@ -3939,10 +3954,14 @@ NTSTATUS _samr_query_groupmem(pipes_struct *p, SAMR_Q_QUERY_GROUPMEM *q_u, SAMR_ if (!NT_STATUS_IS_OK(result)) return result; - attr=TALLOC_ZERO_ARRAY(p->mem_ctx, uint32, num_members); - - if ((num_members!=0) && (attr==NULL)) - return NT_STATUS_NO_MEMORY; + if (num_members) { + attr=TALLOC_ZERO_ARRAY(p->mem_ctx, uint32, num_members); + if (attr == NULL) { + return NT_STATUS_NO_MEMORY; + } + } else { + attr = NULL; + } for (i=0; i<num_members; i++) attr[i] = SID_NAME_USER; diff --git a/source/rpc_server/srv_spoolss_nt.c b/source/rpc_server/srv_spoolss_nt.c index 6b6306337cc..03a407ad557 100644 --- a/source/rpc_server/srv_spoolss_nt.c +++ b/source/rpc_server/srv_spoolss_nt.c @@ -715,15 +715,18 @@ static void notify_system_time(struct spoolss_notify_msg *msg, } data->notify_data.data.length = prs_offset(&ps); - data->notify_data.data.string = (uint16 *) - TALLOC(mem_ctx, prs_offset(&ps)); - if (!data->notify_data.data.string) { - prs_mem_free(&ps); - return; + if (prs_offset(&ps)) { + data->notify_data.data.string = (uint16 *) + TALLOC(mem_ctx, prs_offset(&ps)); + if (!data->notify_data.data.string) { + prs_mem_free(&ps); + return; + } + prs_copy_all_data_out((char *)data->notify_data.data.string, &ps); + } else { + data->notify_data.data.string = NULL; } - prs_copy_all_data_out((char *)data->notify_data.data.string, &ps); - prs_mem_free(&ps); } @@ -1408,11 +1411,15 @@ static DEVICEMODE* dup_devicemode(TALLOC_CTX *ctx, DEVICEMODE *devmode) return NULL; } - d->dev_private = (uint8 *)TALLOC_MEMDUP(ctx, devmode->dev_private, + if (devmode->driverextra) { + d->dev_private = (uint8 *)TALLOC_MEMDUP(ctx, devmode->dev_private, devmode->driverextra); - if (!d->dev_private) { - return NULL; - } + if (!d->dev_private) { + return NULL; + } + } else { + d->dev_private = NULL; + } return d; } @@ -2496,9 +2503,8 @@ done: if ( printer ) free_a_printer( &printer, 2 ); return WERR_NOMEM; - } - } - else { + } + } else { *data = NULL; } } @@ -2706,14 +2712,17 @@ void spoolss_notify_server_name(int snum, len = rpcstr_push(temp, printer->info_2->servername, sizeof(temp)-2, STR_TERMINATE); data->notify_data.data.length = len; - data->notify_data.data.string = (uint16 *)TALLOC(mem_ctx, len); - - if (!data->notify_data.data.string) { - data->notify_data.data.length = 0; - return; - } + if (len) { + data->notify_data.data.string = (uint16 *)TALLOC(mem_ctx, len); + if (!data->notify_data.data.string) { + data->notify_data.data.length = 0; + return; + } - memcpy(data->notify_data.data.string, temp, len); + memcpy(data->notify_data.data.string, temp, len); + } else { + data->notify_data.data.string = NULL; + } } /******************************************************************* @@ -2741,14 +2750,16 @@ void spoolss_notify_printer_name(int snum, len = rpcstr_push(temp, p, sizeof(temp)-2, STR_TERMINATE); data->notify_data.data.length = len; - data->notify_data.data.string = (uint16 *)TALLOC(mem_ctx, len); - - if (!data->notify_data.data.string) { - data->notify_data.data.length = 0; - return; + if (len) { + data->notify_data.data.string = (uint16 *)TALLOC(mem_ctx, len); + if (!data->notify_data.data.string) { + data->notify_data.data.length = 0; + return; + } + memcpy(data->notify_data.data.string, temp, len); + } else { + data->notify_data.data.string = NULL; } - - memcpy(data->notify_data.data.string, temp, len); } /******************************************************************* @@ -2767,14 +2778,17 @@ void spoolss_notify_share_name(int snum, len = rpcstr_push(temp, lp_servicename(snum), sizeof(temp)-2, STR_TERMINATE); data->notify_data.data.length = len; - data->notify_data.data.string = (uint16 *)TALLOC(mem_ctx, len); - - if (!data->notify_data.data.string) { - data->notify_data.data.length = 0; - return; + if (len) { + data->notify_data.data.string = (uint16 *)TALLOC(mem_ctx, len); + if (!data->notify_data.data.string) { + data->notify_data.data.length = 0; + return; + } + memcpy(data->notify_data.data.string, temp, len); + } else { + data->notify_data.data.string = NULL; } - memcpy(data->notify_data.data.string, temp, len); } /******************************************************************* @@ -2795,14 +2809,18 @@ void spoolss_notify_port_name(int snum, len = rpcstr_push(temp, printer->info_2->portname, sizeof(temp)-2, STR_TERMINATE); data->notify_data.data.length = len; - data->notify_data.data.string = (uint16 *)TALLOC(mem_ctx, len); + if (len) { + data->notify_data.data.string = (uint16 *)TALLOC(mem_ctx, len); - if (!data->notify_data.data.string) { - data->notify_data.data.length = 0; - return; - } + if (!data->notify_data.data.string) { + data->notify_data.data.length = 0; + return; + } - memcpy(data->notify_data.data.string, temp, len); + memcpy(data->notify_data.data.string, temp, len); + } else { + data->notify_data.data.string = NULL; + } } /******************************************************************* @@ -2822,14 +2840,18 @@ void spoolss_notify_driver_name(int snum, len = rpcstr_push(temp, printer->info_2->drivername, sizeof(temp)-2, STR_TERMINATE); data->notify_data.data.length = len; - data->notify_data.data.string = (uint16 *)TALLOC(mem_ctx, len); + if (len) { + data->notify_data.data.string = (uint16 *)TALLOC(mem_ctx, len); - if (!data->notify_data.data.string) { - data->notify_data.data.length = 0; - return; - } + if (!data->notify_data.data.string) { + data->notify_data.data.length = 0; + return; + } - memcpy(data->notify_data.data.string, temp, len); + memcpy(data->notify_data.data.string, temp, len); + } else { + data->notify_data.data.string = NULL; + } } /******************************************************************* @@ -2851,14 +2873,18 @@ void spoolss_notify_comment(int snum, len = rpcstr_push(temp, printer->info_2->comment, sizeof(temp)-2, STR_TERMINATE); data->notify_data.data.length = len; - data->notify_data.data.string = (uint16 *)TALLOC(mem_ctx, len); + if (len) { + data->notify_data.data.string = (uint16 *)TALLOC(mem_ctx, len); - if (!data->notify_data.data.string) { - data->notify_data.data.length = 0; - return; - } + if (!data->notify_data.data.string) { + data->notify_data.data.length = 0; + return; + } - memcpy(data->notify_data.data.string, temp, len); + memcpy(data->notify_data.data.string, temp, len); + } else { + data->notify_data.data.string = NULL; + } } /******************************************************************* @@ -2878,14 +2904,18 @@ void spoolss_notify_location(int snum, len = rpcstr_push(temp, printer->info_2->location,sizeof(temp)-2, STR_TERMINATE); data->notify_data.data.length = len; - data->notify_data.data.string = (uint16 *)TALLOC(mem_ctx, len); + if (len) { + data->notify_data.data.string = (uint16 *)TALLOC(mem_ctx, len); - if (!data->notify_data.data.string) { - data->notify_data.data.length = 0; - return; - } + if (!data->notify_data.data.string) { + data->notify_data.data.length = 0; + return; + } - memcpy(data->notify_data.data.string, temp, len); + memcpy(data->notify_data.data.string, temp, len); + } else { + data->notify_data.data.string = NULL; + } } /******************************************************************* @@ -2920,14 +2950,18 @@ void spoolss_notify_sepfile(int snum, len = rpcstr_push(temp, printer->info_2->sepfile, sizeof(temp)-2, STR_TERMINATE); data->notify_data.data.length = len; - data->notify_data.data.string = (uint16 *)TALLOC(mem_ctx, len); + if (len) { + data->notify_data.data.string = (uint16 *)TALLOC(mem_ctx, len); - if (!data->notify_data.data.string) { - data->notify_data.data.length = 0; - return; - } + if (!data->notify_data.data.string) { + data->notify_data.data.length = 0; + return; + } - memcpy(data->notify_data.data.string, temp, len); + memcpy(data->notify_data.data.string, temp, len); + } else { + data->notify_data.data.string = NULL; + } } /******************************************************************* @@ -2947,14 +2981,18 @@ void spoolss_notify_print_processor(int snum, len = rpcstr_push(temp, printer->info_2->printprocessor, sizeof(temp)-2, STR_TERMINATE); data->notify_data.data.length = len; - data->notify_data.data.string = (uint16 *)TALLOC(mem_ctx, len); + if (len) { + data->notify_data.data.string = (uint16 *)TALLOC(mem_ctx, len); - if (!data->notify_data.data.string) { - data->notify_data.data.length = 0; - return; - } + if (!data->notify_data.data.string) { + data->notify_data.data.length = 0; + return; + } - memcpy(data->notify_data.data.string, temp, len); + memcpy(data->notify_data.data.string, temp, len); + } else { + data->notify_data.data.string = NULL; + } } /******************************************************************* @@ -2974,14 +3012,18 @@ void spoolss_notify_parameters(int snum, len = rpcstr_push(temp, printer->info_2->parameters, sizeof(temp)-2, STR_TERMINATE); data->notify_data.data.length = len; - data->notify_data.data.string = (uint16 *)TALLOC(mem_ctx, len); + if (len) { + data->notify_data.data.string = (uint16 *)TALLOC(mem_ctx, len); - if (!data->notify_data.data.string) { - data->notify_data.data.length = 0; - return; - } + if (!data->notify_data.data.string) { + data->notify_data.data.length = 0; + return; + } - memcpy(data->notify_data.data.string, temp, len); + memcpy(data->notify_data.data.string, temp, len); + } else { + data->notify_data.data.string = NULL; + } } /******************************************************************* @@ -3001,14 +3043,18 @@ void spoolss_notify_datatype(int snum, len = rpcstr_push(temp, printer->info_2->datatype, sizeof(pstring)-2, STR_TERMINATE); data->notify_data.data.length = len; - data->notify_data.data.string = (uint16 *)TALLOC(mem_ctx, len); + if (len) { + data->notify_data.data.string = (uint16 *)TALLOC(mem_ctx, len); - if (!data->notify_data.data.string) { - data->notify_data.data.length = 0; - return; - } + if (!data->notify_data.data.string) { + data->notify_data.data.length = 0; + return; + } - memcpy(data->notify_data.data.string, temp, len); + memcpy(data->notify_data.data.string, temp, len); + } else { + data->notify_data.data.string = NULL; + } } /******************************************************************* @@ -3161,14 +3207,18 @@ static void spoolss_notify_username(int snum, len = rpcstr_push(temp, queue->fs_user, sizeof(temp)-2, STR_TERMINATE); data->notify_data.data.length = len; - data->notify_data.data.string = (uint16 *)TALLOC(mem_ctx, len); + if (len) { + data->notify_data.data.string = (uint16 *)TALLOC(mem_ctx, len); - if (!data->notify_data.data.string) { - data->notify_data.data.length = 0; - return; - } + if (!data->notify_data.data.string) { + data->notify_data.data.length = 0; + return; + } - memcpy(data->notify_data.data.string, temp, len); + memcpy(data->notify_data.data.string, temp, len); + } else { + data->notify_data.data.string = NULL; + } } /******************************************************************* @@ -3201,14 +3251,18 @@ static void spoolss_notify_job_name(int snum, len = rpcstr_push(temp, queue->fs_file, sizeof(temp)-2, STR_TERMINATE); data->notify_data.data.length = len; - data->notify_data.data.string = (uint16 *)TALLOC(mem_ctx, len); + if (len) { + data->notify_data.data.string = (uint16 *)TALLOC(mem_ctx, len); - if (!data->notify_data.data.string) { - data->notify_data.data.length = 0; - return; - } + if (!data->notify_data.data.string) { + data->notify_data.data.length = 0; + return; + } - memcpy(data->notify_data.data.string, temp, len); + memcpy(data->notify_data.data.string, temp, len); + } else { + data->notify_data.data.string = NULL; + } } /******************************************************************* @@ -3251,14 +3305,18 @@ static void spoolss_notify_job_status_string(int snum, len = rpcstr_push(temp, p, sizeof(temp) - 2, STR_TERMINATE); data->notify_data.data.length = len; - data->notify_data.data.string = (uint16 *)TALLOC(mem_ctx, len); + if (len) { + data->notify_data.data.string = (uint16 *)TALLOC(mem_ctx, len); - if (!data->notify_data.data.string) { - data->notify_data.data.length = 0; - return; - } + if (!data->notify_data.data.string) { + data->notify_data.data.length = 0; + return; + } - memcpy(data->notify_data.data.string, temp, len); + memcpy(data->notify_data.data.string, temp, len); + } else { + data->notify_data.data.string = NULL; + } } /******************************************************************* @@ -7984,14 +8042,18 @@ WERROR _spoolss_enumprinterdata(pipes_struct *p, SPOOL_Q_ENUMPRINTERDATA *q_u, S *out_max_value_len=(in_value_len/sizeof(uint16)); - if((*out_value=(uint16 *)TALLOC_ZERO(p->mem_ctx, in_value_len*sizeof(uint8))) == NULL) - { - result = WERR_NOMEM; - goto done; + if (in_value_len) { + if((*out_value=(uint16 *)TALLOC_ZERO(p->mem_ctx, in_value_len*sizeof(uint8))) == NULL) + { + result = WERR_NOMEM; + goto done; + } + *out_value_len = (uint32)rpcstr_push((char *)*out_value, "", in_value_len, 0); + } else { + *out_value=NULL; + *out_value_len = 0; } - *out_value_len = (uint32)rpcstr_push((char *)*out_value, "", in_value_len, 0); - /* the data is counted in bytes */ *out_max_data_len = in_data_len; @@ -8020,13 +8082,18 @@ WERROR _spoolss_enumprinterdata(pipes_struct *p, SPOOL_Q_ENUMPRINTERDATA *q_u, S /* name */ *out_max_value_len=(in_value_len/sizeof(uint16)); - if ( (*out_value = (uint16 *)TALLOC_ZERO(p->mem_ctx, in_value_len*sizeof(uint8))) == NULL ) - { - result = WERR_NOMEM; - goto done; - } + if (in_value_len) { + if ( (*out_value = (uint16 *)TALLOC_ZERO(p->mem_ctx, in_value_len*sizeof(uint8))) == NULL ) + { + result = WERR_NOMEM; + goto done; + } - *out_value_len = (uint32)rpcstr_push((char *)*out_value, regval_name(val), (size_t)in_value_len, 0); + *out_value_len = (uint32)rpcstr_push((char *)*out_value, regval_name(val), (size_t)in_value_len, 0); + } else { + *out_value = NULL; + *out_value_len = 0; + } /* type */ @@ -8041,7 +8108,7 @@ WERROR _spoolss_enumprinterdata(pipes_struct *p, SPOOL_Q_ENUMPRINTERDATA *q_u, S goto done; } data_len = regval_size(val); - if ( *data_out ) + if ( *data_out && data_len ) memcpy( *data_out, regval_data_p(val), data_len ); *out_data_len = data_len; } @@ -8982,10 +9049,9 @@ done: status = WERR_NOMEM; goto done; } - } - else { + } else { *data = NULL; - } + } } if ( printer ) @@ -9371,7 +9437,7 @@ WERROR _spoolss_enumprinterdataex(pipes_struct *p, SPOOL_Q_ENUMPRINTERDATAEX *q_ if ( data_len ) { if ( !(enum_values[i].data = TALLOC_MEMDUP(p->mem_ctx, regval_data_p(val), data_len)) ) { - DEBUG(0,("talloc_memdup failed to allocate memory [data_len=%d] for data!\n", + DEBUG(0,("TALLOC_MEMDUP failed to allocate memory [data_len=%d] for data!\n", data_len )); result = WERR_NOMEM; goto done; diff --git a/source/rpcclient/cmd_samr.c b/source/rpcclient/cmd_samr.c index 676d84835de..dd55e65fb97 100644 --- a/source/rpcclient/cmd_samr.c +++ b/source/rpcclient/cmd_samr.c @@ -700,9 +700,13 @@ static NTSTATUS cmd_samr_query_useraliases(struct rpc_pipe_client *cli, } } - sid2 = TALLOC_ARRAY(mem_ctx, DOM_SID2, num_sids); - if (sid2 == NULL) - return NT_STATUS_NO_MEMORY; + if (num_sids) { + sid2 = TALLOC_ARRAY(mem_ctx, DOM_SID2, num_sids); + if (sid2 == NULL) + return NT_STATUS_NO_MEMORY; + } else { + sid2 = NULL; + } for (i=0; i<num_sids; i++) { sid_copy(&sid2[i].sid, &sids[i]); @@ -1665,11 +1669,15 @@ static NTSTATUS cmd_samr_lookup_names(struct rpc_pipe_client *cli, /* Look up names */ num_names = argc - 2; - if ((names = TALLOC_ARRAY(mem_ctx, const char *, num_names)) == NULL) { - rpccli_samr_close(cli, mem_ctx, &domain_pol); - rpccli_samr_close(cli, mem_ctx, &connect_pol); - result = NT_STATUS_NO_MEMORY; - goto done; + if (num_names) { + if ((names = TALLOC_ARRAY(mem_ctx, const char *, num_names)) == NULL) { + rpccli_samr_close(cli, mem_ctx, &domain_pol); + rpccli_samr_close(cli, mem_ctx, &connect_pol); + result = NT_STATUS_NO_MEMORY; + goto done; + } + } else { + names = NULL; } for (i = 0; i < argc - 2; i++) @@ -1736,12 +1744,15 @@ static NTSTATUS cmd_samr_lookup_rids(struct rpc_pipe_client *cli, /* Look up rids */ num_rids = argc - 2; - rids = TALLOC_ARRAY(mem_ctx, uint32, num_rids); - if ((rids = TALLOC_ARRAY(mem_ctx, uint32, num_rids)) == NULL) { - rpccli_samr_close(cli, mem_ctx, &domain_pol); - rpccli_samr_close(cli, mem_ctx, &connect_pol); - result = NT_STATUS_NO_MEMORY; - goto done; + if (num_rids) { + if ((rids = TALLOC_ARRAY(mem_ctx, uint32, num_rids)) == NULL) { + rpccli_samr_close(cli, mem_ctx, &domain_pol); + rpccli_samr_close(cli, mem_ctx, &connect_pol); + result = NT_STATUS_NO_MEMORY; + goto done; + } + } else { + rids = NULL; } for (i = 0; i < argc - 2; i++) diff --git a/source/rpcclient/cmd_spoolss.c b/source/rpcclient/cmd_spoolss.c index 2665a30dc3a..41e27c16822 100644 --- a/source/rpcclient/cmd_spoolss.c +++ b/source/rpcclient/cmd_spoolss.c @@ -2022,15 +2022,23 @@ static WERROR cmd_spoolss_setprinterdata(struct rpc_pipe_client *cli, UNISTR2 data; init_unistr2(&data, argv[4], UNI_STR_TERMINATE); value.size = data.uni_str_len * 2; - value.data_p = (uint8 *)TALLOC_MEMDUP(mem_ctx, data.buffer, + if (value.size) { + value.data_p = (uint8 *)TALLOC_MEMDUP(mem_ctx, data.buffer, value.size); + } else { + value.data_p = NULL; + } break; } case REG_DWORD: { uint32 data = strtoul(argv[4], NULL, 10); value.size = sizeof(data); - value.data_p = (uint8 *)TALLOC_MEMDUP(mem_ctx, &data, + if (sizeof(data)) { + value.data_p = (uint8 *)TALLOC_MEMDUP(mem_ctx, &data, sizeof(data)); + } else { + value.data_p = NULL; + } break; } case REG_BINARY: { diff --git a/source/smbd/conn.c b/source/smbd/conn.c index 44888b777f2..282a82ce049 100644 --- a/source/smbd/conn.c +++ b/source/smbd/conn.c @@ -148,7 +148,7 @@ find_again: if (!(conn=TALLOC_ZERO_P(mem_ctx, connection_struct)) || !(conn->params = TALLOC_P(mem_ctx, struct share_params))) { - DEBUG(0,("talloc_zero() failed!\n")); + DEBUG(0,("TALLOC_ZERO() failed!\n")); TALLOC_FREE(mem_ctx); return NULL; } diff --git a/source/smbd/fake_file.c b/source/smbd/fake_file.c index 208b3256673..5333742ba81 100644 --- a/source/smbd/fake_file.c +++ b/source/smbd/fake_file.c @@ -49,7 +49,7 @@ static struct _FAKE_FILE_HANDLE *init_fake_file_handle(enum FAKE_FILE_TYPE type) } if ((fh =TALLOC_ZERO_P(mem_ctx, FAKE_FILE_HANDLE))==NULL) { - DEBUG(0,("talloc_zero() failed.\n")); + DEBUG(0,("TALLOC_ZERO() failed.\n")); talloc_destroy(mem_ctx); return NULL; } diff --git a/source/smbd/lanman.c b/source/smbd/lanman.c index 79aea8544f2..ff2044b2eb9 100644 --- a/source/smbd/lanman.c +++ b/source/smbd/lanman.c @@ -4189,7 +4189,7 @@ static BOOL api_RNetSessionEnum(connection_struct *conn, uint16 vuid, char *p = skip_string(param,tpscnt,str2); int uLevel; struct pack_desc desc; - struct sessionid *session_list; + struct sessionid *session_list = NULL; int i, num_sessions; if (!str1 || !str2 || !p) { @@ -4217,6 +4217,7 @@ static BOOL api_RNetSessionEnum(connection_struct *conn, uint16 vuid, if (mdrcnt > 0) { *rdata = SMB_REALLOC_LIMIT(*rdata,mdrcnt); if (!*rdata) { + SAFE_FREE(session_list); return False; } } @@ -4225,6 +4226,7 @@ static BOOL api_RNetSessionEnum(connection_struct *conn, uint16 vuid, desc.buflen = mdrcnt; desc.format = str2; if (!init_package(&desc,num_sessions,0)) { + SAFE_FREE(session_list); return False; } @@ -4245,6 +4247,7 @@ static BOOL api_RNetSessionEnum(connection_struct *conn, uint16 vuid, *rparam_len = 8; *rparam = SMB_REALLOC_LIMIT(*rparam,*rparam_len); if (!*rparam) { + SAFE_FREE(session_list); return False; } SSVALS(*rparam,0,desc.errcode); @@ -4253,6 +4256,7 @@ static BOOL api_RNetSessionEnum(connection_struct *conn, uint16 vuid, DEBUG(4,("RNetSessionEnum: errorcode %d\n",desc.errcode)); + SAFE_FREE(session_list); return True; } diff --git a/source/smbd/msdfs.c b/source/smbd/msdfs.c index 6fa81ddc29b..7b660899d55 100644 --- a/source/smbd/msdfs.c +++ b/source/smbd/msdfs.c @@ -264,10 +264,14 @@ static BOOL parse_msdfs_symlink(TALLOC_CTX *ctx, DEBUG(10,("parse_msdfs_symlink: count=%d\n", count)); - reflist = *preflist = TALLOC_ZERO_ARRAY(ctx, struct referral, count); - if(reflist == NULL) { - DEBUG(0,("parse_msdfs_symlink: talloc failed!\n")); - return False; + if (count) { + reflist = *preflist = TALLOC_ZERO_ARRAY(ctx, struct referral, count); + if(reflist == NULL) { + DEBUG(0,("parse_msdfs_symlink: talloc failed!\n")); + return False; + } + } else { + reflist = *preflist = NULL; } for(i=0;i<count;i++) { diff --git a/source/smbd/notify_inotify.c b/source/smbd/notify_inotify.c index ff17d455f39..1b1bad7e966 100644 --- a/source/smbd/notify_inotify.c +++ b/source/smbd/notify_inotify.c @@ -235,7 +235,7 @@ static void inotify_handler(struct event_context *ev, struct fd_event *fde, return; } - e0 = e = (struct inotify_event *)talloc_size(in, bufsize); + e0 = e = (struct inotify_event *)TALLOC_SIZE(in, bufsize); if (e == NULL) return; if (read(in->fd, e0, bufsize) != bufsize) { diff --git a/source/smbd/notify_internal.c b/source/smbd/notify_internal.c index 72b96049350..d2b69c9d9e6 100644 --- a/source/smbd/notify_internal.c +++ b/source/smbd/notify_internal.c @@ -156,7 +156,7 @@ static NTSTATUS notify_load(struct notify_context *notify) notify->seqnum = seqnum; talloc_free(notify->array); - notify->array = talloc_zero(notify, struct notify_array); + notify->array = TALLOC_ZERO_P(notify, struct notify_array); NT_STATUS_HAVE_NO_MEMORY(notify->array); dbuf = tdb_fetch_bystring(notify->w->tdb, NOTIFY_KEY); @@ -385,7 +385,7 @@ NTSTATUS notify_add(struct notify_context *notify, struct notify_entry *e0, depth = count_chars(e.path, '/'); - listel = talloc_zero(notify, struct notify_list); + listel = TALLOC_ZERO_P(notify, struct notify_list); if (listel == NULL) { status = NT_STATUS_NO_MEMORY; goto done; diff --git a/source/smbd/ntquotas.c b/source/smbd/ntquotas.c index e754583312f..df851a2ca89 100644 --- a/source/smbd/ntquotas.c +++ b/source/smbd/ntquotas.c @@ -197,14 +197,14 @@ int vfs_get_user_ntquota_list(files_struct *fsp, SMB_NTQUOTA_LIST **qt_list) sid_string_static(&sid),fsp->conn->connectpath)); if ((tmp_list_ent=TALLOC_ZERO_P(mem_ctx,SMB_NTQUOTA_LIST))==NULL) { - DEBUG(0,("talloc_zero() failed\n")); + DEBUG(0,("TALLOC_ZERO() failed\n")); *qt_list = NULL; talloc_destroy(mem_ctx); return (-1); } if ((tmp_list_ent->quotas=TALLOC_ZERO_P(mem_ctx,SMB_NTQUOTA_STRUCT))==NULL) { - DEBUG(0,("talloc_zero() failed\n")); + DEBUG(0,("TALLOC_ZERO() failed\n")); *qt_list = NULL; talloc_destroy(mem_ctx); return (-1); @@ -231,7 +231,7 @@ void *init_quota_handle(TALLOC_CTX *mem_ctx) qt_handle = TALLOC_ZERO_P(mem_ctx,SMB_NTQUOTA_HANDLE); if (qt_handle==NULL) { - DEBUG(0,("talloc_zero() failed\n")); + DEBUG(0,("TALLOC_ZERO() failed\n")); return NULL; } diff --git a/source/smbd/nttrans.c b/source/smbd/nttrans.c index fe2cb05bf3e..40d323c75cf 100644 --- a/source/smbd/nttrans.c +++ b/source/smbd/nttrans.c @@ -2348,7 +2348,7 @@ static int call_nt_transact_ioctl(connection_struct *conn, char *inbuf, char *ou shadow_data = TALLOC_ZERO_P(shadow_mem_ctx,SHADOW_COPY_DATA); if (shadow_data == NULL) { - DEBUG(0,("talloc_zero() failed!\n")); + DEBUG(0,("TALLOC_ZERO() failed!\n")); talloc_destroy(shadow_mem_ctx); return ERROR_NT(NT_STATUS_NO_MEMORY); } diff --git a/source/smbd/posix_acls.c b/source/smbd/posix_acls.c index cdb60a23e72..7eda998547e 100644 --- a/source/smbd/posix_acls.c +++ b/source/smbd/posix_acls.c @@ -1413,6 +1413,7 @@ static BOOL create_canon_ace_lists(files_struct *fsp, SMB_STRUCT_STAT *pst, if (non_mappable_sid(&psa->trustee)) { DEBUG(10,("create_canon_ace_lists: ignoring non-mappable SID %s\n", sid_to_string(str, &psa->trustee) )); + SAFE_FREE(current_ace); continue; } diff --git a/source/smbd/trans2.c b/source/smbd/trans2.c index 09faebccc86..2ac90beba98 100644 --- a/source/smbd/trans2.c +++ b/source/smbd/trans2.c @@ -3377,7 +3377,7 @@ total_data=%u (should be %u)\n", (unsigned int)total_data, (unsigned int)IVAL(pd } /* Copy the lock range data. */ - lock_data = (char *)talloc_memdup( + lock_data = (char *)TALLOC_MEMDUP( data_ctx, pdata, total_data); if (!lock_data) { talloc_destroy(data_ctx); @@ -3718,7 +3718,6 @@ total_data=%u (should be %u)\n", (unsigned int)total_data, (unsigned int)IVAL(pd SIVAL(pdata,4,byte_len); /* Byte length of unicode string ::$DATA */ SOFF_T(pdata,8,file_size); SOFF_T(pdata,16,allocation_size); - SIVAL(pdata,20,0); /* ??? */ data_size = 24 + byte_len; } break; diff --git a/source/smbd/vfs.c b/source/smbd/vfs.c index 0803ffb7e70..2fd448061e4 100644 --- a/source/smbd/vfs.c +++ b/source/smbd/vfs.c @@ -159,7 +159,7 @@ BOOL vfs_init_custom(connection_struct *conn, const char *vfs_object) handle = TALLOC_ZERO_P(conn->mem_ctx,vfs_handle_struct); if (!handle) { - DEBUG(0,("talloc_zero() failed!\n")); + DEBUG(0,("TALLOC_ZERO() failed!\n")); SAFE_FREE(module_name); return False; } diff --git a/source/utils/net_rpc_printer.c b/source/utils/net_rpc_printer.c index 8808d549ac5..1f277338521 100644 --- a/source/utils/net_rpc_printer.c +++ b/source/utils/net_rpc_printer.c @@ -2327,7 +2327,11 @@ NTSTATUS rpc_printer_migrate_settings_internals(const DOM_SID *domain_sid, value.type = REG_SZ; value.size = data.uni_str_len * 2; - value.data_p = TALLOC_MEMDUP(mem_ctx, data.buffer, value.size); + if (value.size) { + value.data_p = TALLOC_MEMDUP(mem_ctx, data.buffer, value.size); + } else { + value.data_p = NULL; + } if (opt_verbose) display_reg_value(subkey, value); diff --git a/source/utils/net_rpc_samsync.c b/source/utils/net_rpc_samsync.c index 3e19a12ac52..d8ddff20bc6 100644 --- a/source/utils/net_rpc_samsync.c +++ b/source/utils/net_rpc_samsync.c @@ -670,10 +670,14 @@ static NTSTATUS fetch_group_mem_info(uint32 rid, SAM_GROUP_MEM_INFO *delta) return NT_STATUS_NO_MEMORY; } - if ((nt_members = TALLOC_ZERO_ARRAY(t, char *, delta->num_members)) == NULL) { - DEBUG(0, ("talloc failed\n")); - talloc_free(t); - return NT_STATUS_NO_MEMORY; + if (delta->num_members) { + if ((nt_members = TALLOC_ZERO_ARRAY(t, char *, delta->num_members)) == NULL) { + DEBUG(0, ("talloc failed\n")); + talloc_free(t); + return NT_STATUS_NO_MEMORY; + } + } else { + nt_members = NULL; } for (i=0; i<delta->num_members; i++) { |