The branch, v4-0-test has been updated via 51e2615 s4-libcli: Check return value of smbcli_request_setup(). Reviewed-by: Alexander Bokovoy <a...@samba.org> via f589262 pyauth: Check return value of lpcfg_from_py_object(). Reviewed-by: Alexander Bokovoy <a...@samba.org> via 56af551 s4-libcli: Check return code of smbcli_request_setup(). Reviewed-by: Alexander Bokovoy <a...@samba.org> via dc04531 librpc: Add NULL check for ndr functions for epm bindings. via a925c14 s3-tldap: Make sure we don't deref a null pointer. Reviewed-by: Alexander Bokovoy <a...@samba.org> via 5114983 nmbd: Fix request data data processing. via 5d401e5 libsmb: Fix possible null pointer dereference. Reviewed-by: Alexander Bokovoy <a...@samba.org> via 72e902a pdb: Fix array overrun by one. Reviewed-by: Alexander Bokovoy <a...@samba.org> via 55fdc89 s3-spoolss: Don't leak memory. Reviewed-by: Alexander Bokovoy <a...@samba.org> via 5eaca8f s3-rpc_server: Make sure that fd is really closed on error. Reviewed-by: Alexander Bokovoy <a...@samba.org> via bd76950 lib-util: Don't leak file descriptor on error. Reviewed-by: Alexander Bokovoy <a...@samba.org> via 22928b0 s3-vfs: Don't leak file descriptor on error. Reviewed-by: Alexander Bokovoy <a...@samba.org> via 7e9cfa8 s3-libsmb: Don't leak memory on error. Reviewed-by: Alexander Bokovoy <a...@samba.org> via 53538f6 winbind: Don't leak centry memory. Reviewed-by: Alexander Bokovoy <a...@samba.org> via 7d2d82a winbind: Don't leak memory on return. Reviewed-by: Alexander Bokovoy <a...@samba.org> via 2805032 s3-smbd: Don't leak subcntarr array. Reviewed-by: Alexander Bokovoy <a...@samba.org> via 6b9a239 s3-vfs: Don't leak file descriptor. Reviewed-by: Alexander Bokovoy <a...@samba.org> via 3461b09 s3-param: Don't leak file descriptor. Reviewed-by: Alexander Bokovoy <a...@samba.org> via 2b19732 s3-lsasd: Don't leak file descriptors. Reviewed-by: Alexander Bokovoy <a...@samba.org> from 20cb7de Fix bug #9674 - Samba denies owner Read Control when there is a DENY entry while W2K08 does not.
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v4-0-test - Log ----------------------------------------------------------------- commit 51e2615473110637f574f11f96c6ce2483eaf021 Author: Andreas Schneider <a...@samba.org> Date: Tue Feb 19 09:00:51 2013 +0100 s4-libcli: Check return value of smbcli_request_setup(). Reviewed-by: Alexander Bokovoy <a...@samba.org> The last 7 patches address bug #9687 - Fix several possible null pointer dereferences. Autobuild-User(v4-0-test): Karolin Seeger <ksee...@samba.org> Autobuild-Date(v4-0-test): Wed Feb 27 13:21:07 CET 2013 on sn-devel-104 commit f58926214da4e974d27b7a478e077848bce7982a Author: Andreas Schneider <a...@samba.org> Date: Tue Feb 19 08:58:00 2013 +0100 pyauth: Check return value of lpcfg_from_py_object(). Reviewed-by: Alexander Bokovoy <a...@samba.org> commit 56af551da8066c5b21a0c3fba705543f76900355 Author: Andreas Schneider <a...@samba.org> Date: Mon Feb 18 18:00:38 2013 +0100 s4-libcli: Check return code of smbcli_request_setup(). Reviewed-by: Alexander Bokovoy <a...@samba.org> commit dc04531aabbd4e965e156e3650860efe6a1ebb34 Author: Andreas Schneider <a...@samba.org> Date: Mon Feb 18 17:32:28 2013 +0100 librpc: Add NULL check for ndr functions for epm bindings. Reviewed-by: Alexander Bokovoy <a...@samba.org> commit a925c141ca753a67b480618f1ab8481de9f6d68a Author: Andreas Schneider <a...@samba.org> Date: Mon Feb 18 17:30:19 2013 +0100 s3-tldap: Make sure we don't deref a null pointer. Reviewed-by: Alexander Bokovoy <a...@samba.org> commit 511498348417ed5957c7d11463721f6cfc4f7b4b Author: Andreas Schneider <a...@samba.org> Date: Mon Feb 18 17:21:31 2013 +0100 nmbd: Fix request data data processing. answers->rdata is an array and will never be NULL. Reviewed-by: Alexander Bokovoy <a...@samba.org> commit 5d401e55b772648cce0e96d8e6a2c8e6ebbd7875 Author: Andreas Schneider <a...@samba.org> Date: Mon Feb 18 17:11:15 2013 +0100 libsmb: Fix possible null pointer dereference. Reviewed-by: Alexander Bokovoy <a...@samba.org> commit 72e902a8c70955709c91af51083471cae76b3672 Author: Andreas Schneider <a...@samba.org> Date: Tue Feb 19 09:23:53 2013 +0100 pdb: Fix array overrun by one. Reviewed-by: Alexander Bokovoy <a...@samba.org> Signed-off-by: Andreas Schneider <a...@samba.org> Fix bug #9686 - Fix a possible buffer overrun in pdb_smbpasswd. commit 55fdc89aac7a5344e77759821579d40cc67aa67b Author: Andreas Schneider <a...@samba.org> Date: Wed Feb 20 09:06:51 2013 +0100 s3-spoolss: Don't leak memory. Reviewed-by: Alexander Bokovoy <a...@samba.org> Fix bug #9685 - Fix a memory leak in spoolss rpc server. commit 5eaca8f645398877a96aaff98783bf618e6e8bc6 Author: Andreas Schneider <a...@samba.org> Date: Wed Feb 20 10:52:37 2013 +0100 s3-rpc_server: Make sure that fd is really closed on error. Reviewed-by: Alexander Bokovoy <a...@samba.org> The last 10 patches address bug #bug 9683 - Fix several resource (fd) leaks. commit bd769506ab2caf2ad0740f2d59a15fce881b4c77 Author: Andreas Schneider <a...@samba.org> Date: Wed Feb 20 10:48:05 2013 +0100 lib-util: Don't leak file descriptor on error. Reviewed-by: Alexander Bokovoy <a...@samba.org> commit 22928b0cea0fce41efd211d28a14cbdbdb0c0d06 Author: Andreas Schneider <a...@samba.org> Date: Wed Feb 20 10:45:06 2013 +0100 s3-vfs: Don't leak file descriptor on error. Reviewed-by: Alexander Bokovoy <a...@samba.org> commit 7e9cfa83506b79e226067a9b7322665f40e9c594 Author: Andreas Schneider <a...@samba.org> Date: Wed Feb 20 10:38:13 2013 +0100 s3-libsmb: Don't leak memory on error. Reviewed-by: Alexander Bokovoy <a...@samba.org> commit 53538f66293c5d70ea03567dd229ecfecae9359e Author: Andreas Schneider <a...@samba.org> Date: Wed Feb 20 09:51:43 2013 +0100 winbind: Don't leak centry memory. Reviewed-by: Alexander Bokovoy <a...@samba.org> commit 7d2d82a0841d04568eef36d6f40aecaa08d87fcf Author: Andreas Schneider <a...@samba.org> Date: Wed Feb 20 09:41:55 2013 +0100 winbind: Don't leak memory on return. Reviewed-by: Alexander Bokovoy <a...@samba.org> commit 28050328554bcec999b2f97b501322be7661abd1 Author: Andreas Schneider <a...@samba.org> Date: Wed Feb 20 09:31:17 2013 +0100 s3-smbd: Don't leak subcntarr array. Reviewed-by: Alexander Bokovoy <a...@samba.org> commit 6b9a239c472ddbfcf04d6f5248c2ea23d1cb7454 Author: Andreas Schneider <a...@samba.org> Date: Wed Feb 20 09:16:25 2013 +0100 s3-vfs: Don't leak file descriptor. Reviewed-by: Alexander Bokovoy <a...@samba.org> commit 3461b095b0038e542ad0112f004c3eabafb8cc73 Author: Andreas Schneider <a...@samba.org> Date: Wed Feb 20 09:15:26 2013 +0100 s3-param: Don't leak file descriptor. Reviewed-by: Alexander Bokovoy <a...@samba.org> commit 2b19732d8306959790285e5407e231ed0b9e6a3c Author: Andreas Schneider <a...@samba.org> Date: Wed Feb 20 09:11:48 2013 +0100 s3-lsasd: Don't leak file descriptors. Reviewed-by: Alexander Bokovoy <a...@samba.org> ----------------------------------------------------------------------- Summary of changes: lib/util/become_daemon.c | 1 + librpc/rpc/binding.c | 7 +++++- source3/lib/tldap.c | 3 ++ source3/libsmb/libsmb_server.c | 1 + source3/libsmb/libsmb_xattr.c | 4 +- source3/modules/vfs_aio_fork.c | 3 +- source3/modules/vfs_crossrename.c | 4 ++- source3/nmbd/nmbd_browsesync.c | 4 +- source3/param/loadparm.c | 1 + source3/passdb/pdb_smbpasswd.c | 7 +++-- source3/rpc_server/lsasd.c | 29 ++++++++++++++++---------- source3/rpc_server/rpc_sock_helper.c | 6 +++++ source3/rpc_server/spoolss/srv_spoolss_nt.c | 4 ++- source3/smbd/lanman.c | 2 +- source3/winbindd/winbindd_cache.c | 1 + source3/winbindd/winbindd_cm.c | 3 ++ source4/auth/pyauth.c | 4 +++ source4/libcli/climessage.c | 9 ++++++++ source4/libcli/raw/clioplock.c | 3 ++ source4/libcli/raw/clitree.c | 3 ++ source4/libcli/raw/rawfsinfo.c | 3 ++ 21 files changed, 78 insertions(+), 24 deletions(-) Changeset truncated at 500 lines: diff --git a/lib/util/become_daemon.c b/lib/util/become_daemon.c index 373927c..2ca0478 100644 --- a/lib/util/become_daemon.c +++ b/lib/util/become_daemon.c @@ -62,6 +62,7 @@ _PUBLIC_ void close_low_fds(bool stdin_too, bool stdout_too, bool stderr_too) } if (fd != i) { DEBUG(0,("Didn't get file descriptor %d\n",i)); + close(fd); return; } } diff --git a/librpc/rpc/binding.c b/librpc/rpc/binding.c index f7fbbbc..2fa325f 100644 --- a/librpc/rpc/binding.c +++ b/librpc/rpc/binding.c @@ -424,7 +424,12 @@ _PUBLIC_ NTSTATUS dcerpc_floor_get_lhs_data(const struct epm_floor *epm_floor, static DATA_BLOB dcerpc_floor_pack_lhs_data(TALLOC_CTX *mem_ctx, const struct ndr_syntax_id *syntax) { DATA_BLOB blob; - struct ndr_push *ndr = ndr_push_init_ctx(mem_ctx); + struct ndr_push *ndr; + + ndr = ndr_push_init_ctx(mem_ctx); + if (ndr == NULL) { + return data_blob_null; + } ndr->flags |= LIBNDR_FLAG_NOALIGN; diff --git a/source3/lib/tldap.c b/source3/lib/tldap.c index 8b04d00..3782708 100644 --- a/source3/lib/tldap.c +++ b/source3/lib/tldap.c @@ -1370,6 +1370,9 @@ static bool tldap_push_filter_basic(struct tldap_context *ld, dn++; rule = strchr(dn, ':'); + if (rule == NULL) { + return false; + } if ((rule == dn + 1) || rule + 1 == e) { /* malformed filter, contains "::" */ return false; diff --git a/source3/libsmb/libsmb_server.c b/source3/libsmb/libsmb_server.c index 99aa74c..3f86d50 100644 --- a/source3/libsmb/libsmb_server.c +++ b/source3/libsmb/libsmb_server.c @@ -812,6 +812,7 @@ SMBC_attr_server(TALLOC_CTX *ctx, if (!NT_STATUS_IS_OK(nt_status)) { errno = SMBC_errno(context, ipc_srv->cli); cli_shutdown(ipc_srv->cli); + free(ipc_srv); return NULL; } diff --git a/source3/libsmb/libsmb_xattr.c b/source3/libsmb/libsmb_xattr.c index 03cdc34..c2ba61f 100644 --- a/source3/libsmb/libsmb_xattr.c +++ b/source3/libsmb/libsmb_xattr.c @@ -351,7 +351,7 @@ parse_ace(struct cli_state *ipc_cli, goto done; } - for (v = standard_values; v->perm; v++) { + for (v = standard_values; v != NULL; v++) { if (strcmp(tok, v->perm) == 0) { amask = v->mask; goto done; @@ -363,7 +363,7 @@ parse_ace(struct cli_state *ipc_cli, while(*p) { bool found = False; - for (v = special_values; v->perm; v++) { + for (v = special_values; v != NULL; v++) { if (v->perm[0] == *p) { amask |= v->mask; found = True; diff --git a/source3/modules/vfs_aio_fork.c b/source3/modules/vfs_aio_fork.c index 3db336f..0e7259b 100644 --- a/source3/modules/vfs_aio_fork.c +++ b/source3/modules/vfs_aio_fork.c @@ -68,13 +68,12 @@ static struct mmap_area *mmap_area_init(TALLOC_CTX *mem_ctx, size_t size) result->ptr = mmap(NULL, size, PROT_READ|PROT_WRITE, MAP_SHARED|MAP_FILE, fd, 0); + close(fd); if (result->ptr == MAP_FAILED) { DEBUG(1, ("mmap failed: %s\n", strerror(errno))); goto fail; } - close(fd); - result->size = size; talloc_set_destructor(result, mmap_area_destructor); diff --git a/source3/modules/vfs_crossrename.c b/source3/modules/vfs_crossrename.c index 19a182c..9bb42b9 100644 --- a/source3/modules/vfs_crossrename.c +++ b/source3/modules/vfs_crossrename.c @@ -73,8 +73,10 @@ static int copy_reg(const char *source, const char *dest) if((ifd = open (source, O_RDONLY, 0)) < 0) return -1; - if (unlink (dest) && errno != ENOENT) + if (unlink (dest) && errno != ENOENT) { + close(ifd); return -1; + } #ifdef O_NOFOLLOW if((ofd = open (dest, O_WRONLY | O_CREAT | O_TRUNC | O_NOFOLLOW, 0600)) < 0 ) diff --git a/source3/nmbd/nmbd_browsesync.c b/source3/nmbd/nmbd_browsesync.c index b56baed..03d0ada 100644 --- a/source3/nmbd/nmbd_browsesync.c +++ b/source3/nmbd/nmbd_browsesync.c @@ -194,7 +194,7 @@ static void domain_master_node_status_success(struct subnet_record *subrec, /* Go through the list of names found at answers->rdata and look for the first SERVER<0x20> name. */ - if(answers->rdata != NULL) { + if (answers->rdlength > 0) { char *p = answers->rdata; int numnames = CVAL(p, 0); @@ -417,7 +417,7 @@ static void get_domain_master_name_node_status_success(struct subnet_record *sub * the first WORKGROUP<0x1b> name. */ - if(answers->rdata != NULL) { + if (answers->rdlength > 0) { char *p = answers->rdata; int numnames = CVAL(p, 0); diff --git a/source3/param/loadparm.c b/source3/param/loadparm.c index 0e1b019..cbcab78 100644 --- a/source3/param/loadparm.c +++ b/source3/param/loadparm.c @@ -4399,6 +4399,7 @@ static int process_usershare_file(const char *dir_name, const char *file_name, i /* This must be a regular file, not a symlink, directory or other strange filetype. */ if (!check_usershare_stat(fname, &sbuf)) { + close(fd); goto out; } diff --git a/source3/passdb/pdb_smbpasswd.c b/source3/passdb/pdb_smbpasswd.c index 0703ea4..83785c6 100644 --- a/source3/passdb/pdb_smbpasswd.c +++ b/source3/passdb/pdb_smbpasswd.c @@ -737,7 +737,8 @@ static bool mod_smbfilepwd_entry(struct smbpasswd_privates *smbpasswd_state, con fstring user_name; char *status; - char linebuf[256]; +#define LINEBUF_SIZE 255 + char linebuf[LINEBUF_SIZE + 1]; char readbuf[1024]; int c; fstring ascii_p16; @@ -792,7 +793,7 @@ static bool mod_smbfilepwd_entry(struct smbpasswd_privates *smbpasswd_state, con linebuf[0] = '\0'; - status = fgets(linebuf, sizeof(linebuf), fp); + status = fgets(linebuf, LINEBUF_SIZE, fp); if (status == NULL && ferror(fp)) { pw_file_unlock(lockfd, &smbpasswd_state->pw_file_lock_depth); fclose(fp); @@ -1021,7 +1022,7 @@ This is no longer supported.!\n", pwd->smb_name)); dump_data(100, (uint8 *)ascii_p16, wr_len); #endif - if(wr_len > sizeof(linebuf)) { + if(wr_len > LINEBUF_SIZE) { DEBUG(0, ("mod_smbfilepwd_entry: line to write (%d) is too long.\n", wr_len+1)); pw_file_unlock(lockfd,&smbpasswd_state->pw_file_lock_depth); fclose(fp); diff --git a/source3/rpc_server/lsasd.c b/source3/rpc_server/lsasd.c index fd6c248..fc6823f 100644 --- a/source3/rpc_server/lsasd.c +++ b/source3/rpc_server/lsasd.c @@ -597,7 +597,7 @@ static bool lsasd_create_sockets(struct tevent_context *ev_ctx, TALLOC_CTX *tmp_ctx; NTSTATUS status; uint32_t i; - int fd; + int fd = -1; int rc; bool ok = true; @@ -640,8 +640,6 @@ static bool lsasd_create_sockets(struct tevent_context *ev_ctx, ok = false; goto done; } - listen_fd[*listen_fd_size] = fd; - (*listen_fd_size)++; rc = listen(fd, pf_lsasd_cfg.max_allowed_clients); if (rc == -1) { @@ -650,14 +648,14 @@ static bool lsasd_create_sockets(struct tevent_context *ev_ctx, ok = false; goto done; } + listen_fd[*listen_fd_size] = fd; + (*listen_fd_size)++; fd = create_named_pipe_socket("lsass"); if (fd < 0) { ok = false; goto done; } - listen_fd[*listen_fd_size] = fd; - (*listen_fd_size)++; rc = listen(fd, pf_lsasd_cfg.max_allowed_clients); if (rc == -1) { @@ -666,14 +664,14 @@ static bool lsasd_create_sockets(struct tevent_context *ev_ctx, ok = false; goto done; } + listen_fd[*listen_fd_size] = fd; + (*listen_fd_size)++; fd = create_dcerpc_ncalrpc_socket("lsarpc"); if (fd < 0) { ok = false; goto done; } - listen_fd[*listen_fd_size] = fd; - (*listen_fd_size)++; rc = listen(fd, pf_lsasd_cfg.max_allowed_clients); if (rc == -1) { @@ -682,6 +680,9 @@ static bool lsasd_create_sockets(struct tevent_context *ev_ctx, ok = false; goto done; } + listen_fd[*listen_fd_size] = fd; + (*listen_fd_size)++; + fd = -1; v = dcerpc_binding_vector_dup(tmp_ctx, v_orig); if (v == NULL) { @@ -734,8 +735,6 @@ static bool lsasd_create_sockets(struct tevent_context *ev_ctx, ok = false; goto done; } - listen_fd[*listen_fd_size] = fd; - (*listen_fd_size)++; rc = listen(fd, pf_lsasd_cfg.max_allowed_clients); if (rc == -1) { @@ -744,6 +743,9 @@ static bool lsasd_create_sockets(struct tevent_context *ev_ctx, ok = false; goto done; } + listen_fd[*listen_fd_size] = fd; + (*listen_fd_size)++; + fd = -1; v = dcerpc_binding_vector_dup(tmp_ctx, v_orig); if (v == NULL) { @@ -796,16 +798,18 @@ static bool lsasd_create_sockets(struct tevent_context *ev_ctx, ok = false; goto done; } - listen_fd[*listen_fd_size] = fd; - (*listen_fd_size)++; rc = listen(fd, pf_lsasd_cfg.max_allowed_clients); if (rc == -1) { DEBUG(0, ("Failed to listen on netlogon ncalrpc - %s\n", strerror(errno))); + close(fd); ok = false; goto done; } + listen_fd[*listen_fd_size] = fd; + (*listen_fd_size)++; + fd = -1; v = dcerpc_binding_vector_dup(tmp_ctx, v_orig); if (v == NULL) { @@ -837,6 +841,9 @@ static bool lsasd_create_sockets(struct tevent_context *ev_ctx, } done: + if (fd != -1) { + close(fd); + } talloc_free(tmp_ctx); return ok; } diff --git a/source3/rpc_server/rpc_sock_helper.c b/source3/rpc_server/rpc_sock_helper.c index 198df90..dc88f25 100644 --- a/source3/rpc_server/rpc_sock_helper.c +++ b/source3/rpc_server/rpc_sock_helper.c @@ -63,6 +63,9 @@ NTSTATUS rpc_create_tcpip_sockets(const struct ndr_interface_table *iface, fd = create_tcpip_socket(ifss, &p); if (fd < 0 || p == 0) { status = NT_STATUS_UNSUCCESSFUL; + if (fd != -1) { + close(fd); + } goto done; } listen_fd[*listen_fd_size] = fd; @@ -124,6 +127,9 @@ NTSTATUS rpc_create_tcpip_sockets(const struct ndr_interface_table *iface, fd = create_tcpip_socket(&ss, &p); if (fd < 0 || p == 0) { status = NT_STATUS_UNSUCCESSFUL; + if (fd != -1) { + close(fd); + } goto done; } listen_fd[*listen_fd_size] = fd; diff --git a/source3/rpc_server/spoolss/srv_spoolss_nt.c b/source3/rpc_server/spoolss/srv_spoolss_nt.c index 1b3a16f..ae3e991 100644 --- a/source3/rpc_server/spoolss/srv_spoolss_nt.c +++ b/source3/rpc_server/spoolss/srv_spoolss_nt.c @@ -4857,8 +4857,10 @@ static WERROR string_array_from_driver_info(TALLOC_CTX *mem_ctx, &array, &num_strings); } - if (presult) { + if (presult != NULL) { *presult = array; + } else { + talloc_free(array); } return WERR_OK; diff --git a/source3/smbd/lanman.c b/source3/smbd/lanman.c index d54e1d5..b5598a4 100644 --- a/source3/smbd/lanman.c +++ b/source3/smbd/lanman.c @@ -1159,8 +1159,8 @@ static bool api_DosPrintQEnum(struct smbd_server_connection *sconn, } } - SAFE_FREE(subcntarr); out: + SAFE_FREE(subcntarr); *rdata_len = desc.usedlen; *rparam_len = 8; *rparam = smb_realloc_limit(*rparam,*rparam_len); diff --git a/source3/winbindd/winbindd_cache.c b/source3/winbindd/winbindd_cache.c index 517a302..6ae46db 100644 --- a/source3/winbindd/winbindd_cache.c +++ b/source3/winbindd/winbindd_cache.c @@ -2140,6 +2140,7 @@ static NTSTATUS rids_to_names(struct winbindd_domain *domain, } else { /* something's definitely wrong */ result = centry->status; + centry_free(centry); goto error; } diff --git a/source3/winbindd/winbindd_cm.c b/source3/winbindd/winbindd_cm.c index 33eeb32..38c2f7d 100644 --- a/source3/winbindd/winbindd_cm.c +++ b/source3/winbindd/winbindd_cm.c @@ -1013,6 +1013,9 @@ static NTSTATUS cm_prepare_connection(const struct winbindd_domain *domain, if ( !(*cli)->domain[0] ) { result = cli_set_domain((*cli), domain->name); if (!NT_STATUS_IS_OK(result)) { + SAFE_FREE(ipc_username); + SAFE_FREE(ipc_domain); + SAFE_FREE(ipc_password); return result; } } diff --git a/source4/auth/pyauth.c b/source4/auth/pyauth.c index f07fa78..437e671 100644 --- a/source4/auth/pyauth.c +++ b/source4/auth/pyauth.c @@ -245,6 +245,10 @@ static PyObject *py_auth_context_new(PyTypeObject *type, PyObject *args, PyObjec } lp_ctx = lpcfg_from_py_object(mem_ctx, py_lp_ctx); + if (lp_ctx == NULL) { + PyErr_NoMemory(); + return NULL; + } ev = s4_event_context_init(mem_ctx); if (ev == NULL) { diff --git a/source4/libcli/climessage.c b/source4/libcli/climessage.c index 5ed0e8e..3e9808c 100644 --- a/source4/libcli/climessage.c +++ b/source4/libcli/climessage.c @@ -33,6 +33,9 @@ bool smbcli_message_start(struct smbcli_tree *tree, const char *host, const char struct smbcli_request *req; req = smbcli_request_setup(tree, SMBsendstrt, 0, 0); + if (req == NULL) { + return false; + } smbcli_req_append_string(req, username, STR_TERMINATE); smbcli_req_append_string(req, host, STR_TERMINATE); if (!smbcli_request_send(req) || @@ -57,6 +60,9 @@ bool smbcli_message_text(struct smbcli_tree *tree, char *msg, int len, int grp) struct smbcli_request *req; req = smbcli_request_setup(tree, SMBsendtxt, 1, 0); + if (req == NULL) { + return false; + } SSVAL(req->out.vwv, VWV(0), grp); smbcli_req_append_bytes(req, (const uint8_t *)msg, len); @@ -80,6 +86,9 @@ bool smbcli_message_end(struct smbcli_tree *tree, int grp) struct smbcli_request *req; req = smbcli_request_setup(tree, SMBsendend, 1, 0); + if (req == NULL) { + return false; + } SSVAL(req->out.vwv, VWV(0), grp); if (!smbcli_request_send(req) || diff --git a/source4/libcli/raw/clioplock.c b/source4/libcli/raw/clioplock.c index 396ab96..6c04843 100644 --- a/source4/libcli/raw/clioplock.c +++ b/source4/libcli/raw/clioplock.c @@ -30,6 +30,9 @@ _PUBLIC_ bool smbcli_oplock_ack(struct smbcli_tree *tree, uint16_t fnum, uint16_ struct smbcli_request *req; req = smbcli_request_setup(tree, SMBlockingX, 8, 0); + if (req == NULL) { + return false; + } SSVAL(req->out.vwv,VWV(0),0xFF); SSVAL(req->out.vwv,VWV(1),0); diff --git a/source4/libcli/raw/clitree.c b/source4/libcli/raw/clitree.c index 1c3321e..11be548 100644 --- a/source4/libcli/raw/clitree.c +++ b/source4/libcli/raw/clitree.c @@ -168,6 +168,9 @@ _PUBLIC_ NTSTATUS smb_tree_disconnect(struct smbcli_tree *tree) if (!tree) return NT_STATUS_OK; req = smbcli_request_setup(tree, SMBtdis, 0, 0); + if (req == NULL) { + return NT_STATUS_NO_MEMORY; + } if (smbcli_request_send(req)) { (void) smbcli_request_receive(req); diff --git a/source4/libcli/raw/rawfsinfo.c b/source4/libcli/raw/rawfsinfo.c index 08f68dd..9c03e14 100644 --- a/source4/libcli/raw/rawfsinfo.c +++ b/source4/libcli/raw/rawfsinfo.c @@ -33,6 +33,9 @@ static struct smbcli_request *smb_raw_dskattr_send(struct smbcli_tree *tree, struct smbcli_request *req; req = smbcli_request_setup(tree, SMBdskattr, 0, 0); + if (req == NULL) { + return NULL; + } if (!smbcli_request_send(req)) { smbcli_request_destroy(req); -- Samba Shared Repository