The branch, master has been updated
via bd5fe0a s3-perfcount: fix incorrect array length calculations
via a96a953 s3-perfcount: fix build for example perfcount daemon
from 69a67a1 s3: Check for the packet size before accessing it
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit bd5fe0a3333e5db49e74c982bcfef9737b65cc78
Author: David Disseldorp <[email protected]>
Date: Tue Jan 3 10:14:23 2012 +0100
s3-perfcount: fix incorrect array length calculations
As reported by Ismail Doenmez ([email protected]), sizeof() is
incorrectly used by _reg_perfcount_init_data_block() in an attempt to
determine the length of a talloced array.
Signed-off-by: Günther Deschner <[email protected]>
Autobuild-User: Günther Deschner <[email protected]>
Autobuild-Date: Wed Jan 4 16:54:37 CET 2012 on sn-devel-104
commit a96a9534ab688626232240fcb689c82d8f4c1902
Author: David Disseldorp <[email protected]>
Date: Tue Jan 3 10:13:02 2012 +0100
s3-perfcount: fix build for example perfcount daemon
Signed-off-by: Günther Deschner <[email protected]>
-----------------------------------------------------------------------
Summary of changes:
examples/perfcounter/Makefile | 2 +-
source3/registry/reg_perfcount.c | 26 +++++++++++++++++---------
2 files changed, 18 insertions(+), 10 deletions(-)
Changeset truncated at 500 lines:
diff --git a/examples/perfcounter/Makefile b/examples/perfcounter/Makefile
index bb7022e..86e2190 100644
--- a/examples/perfcounter/Makefile
+++ b/examples/perfcounter/Makefile
@@ -26,7 +26,7 @@ TDB_OBJ = $(TDB_SRC_DIR)/common/tdb.o
$(TDB_SRC_DIR)/common/dump.o \
$(TDB_SRC_DIR)/common/error.o $(TDB_SRC_DIR)/common/freelist.o \
$(TDB_SRC_DIR)/common/io.o $(TDB_SRC_DIR)/common/lock.o \
$(TDB_SRC_DIR)/common/open.o $(TDB_SRC_DIR)/common/transaction.o \
- $(TDB_SRC_DIR)/common/traverse.o
+ $(TDB_SRC_DIR)/common/traverse.o $(TDB_SRC_DIR)/common/hash.o
PERF_WRITER_OBJ = perf_writer.o perf_writer_mem.o perf_writer_util.o
perf_writer_cpu.o perf_writer_process.o perf_writer_disk.o
default: $(PROGS)
diff --git a/source3/registry/reg_perfcount.c b/source3/registry/reg_perfcount.c
index 64e3cbe..3203e09 100644
--- a/source3/registry/reg_perfcount.c
+++ b/source3/registry/reg_perfcount.c
@@ -919,13 +919,13 @@ static bool _reg_perfcount_init_data_block(struct
PERF_DATA_BLOCK *block,
bool bigendian_data)
{
smb_ucs2_t *temp = NULL;
+ TALLOC_CTX *tmp_ctx = talloc_new(mem_ctx);
time_t tm;
+ size_t sz;
- if (rpcstr_push_talloc(mem_ctx, &temp, "PERF")==(size_t)-1) {
- return false;
- }
- if (!temp) {
- return false;
+ sz = rpcstr_push_talloc(tmp_ctx, &temp, "PERF");
+ if ((sz == -1) || (temp == NULL)) {
+ goto err_out;
}
memcpy(block->Signature, temp, strlen_w(temp) *2);
@@ -942,12 +942,15 @@ static bool _reg_perfcount_init_data_block(struct
PERF_DATA_BLOCK *block,
tm = time(NULL);
make_systemtime(&(block->SystemTime), gmtime(&tm));
_reg_perfcount_init_data_block_perf(block, names);
- memset(temp, 0, sizeof(temp));
- rpcstr_push((void *)temp, lp_netbios_name(), sizeof(temp),
STR_TERMINATE);
+
+ sz = rpcstr_push_talloc(tmp_ctx, &temp, lp_netbios_name());
+ if ((sz == -1) || (temp == NULL)) {
+ goto err_out;
+ }
block->SystemNameLength = (strlen_w(temp) * 2) + 2;
block->data = talloc_zero_array(mem_ctx, uint8, block->SystemNameLength
+ (8 - (block->SystemNameLength % 8)));
if (block->data == NULL) {
- return False;
+ goto err_out;
}
memcpy(block->data, temp, block->SystemNameLength);
block->SystemNameOffset = sizeof(struct PERF_DATA_BLOCK) -
sizeof(block->objects) - sizeof(block->data);
@@ -955,8 +958,13 @@ static bool _reg_perfcount_init_data_block(struct
PERF_DATA_BLOCK *block,
/* Make sure to adjust for 64-bit alignment for when we finish writing
the system name,
so that the PERF_OBJECT_TYPE struct comes out 64-bit aligned */
block->HeaderLength += 8 - (block->HeaderLength % 8);
+ talloc_free(tmp_ctx);
- return True;
+ return true;
+
+err_out:
+ talloc_free(tmp_ctx);
+ return false;
}
/*********************************************************************
--
Samba Shared Repository
