Author: jra Date: 2007-05-04 22:01:26 +0000 (Fri, 04 May 2007) New Revision: 22675
WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=22675 Log: Simo's patch for 0 size allocation. Still need to examine parse_misc.c fix. Jeremy. Modified: branches/SAMBA_3_0/source/modules/vfs_afsacl.c branches/SAMBA_3_0/source/nsswitch/idmap.c branches/SAMBA_3_0/source/nsswitch/winbindd_async.c branches/SAMBA_3_0/source/rpc_client/cli_svcctl.c branches/SAMBA_3_0/source/rpc_server/srv_lsa_nt.c branches/SAMBA_3_0_25/source/modules/vfs_afsacl.c branches/SAMBA_3_0_25/source/nsswitch/idmap.c branches/SAMBA_3_0_25/source/nsswitch/winbindd_async.c branches/SAMBA_3_0_25/source/rpc_client/cli_svcctl.c branches/SAMBA_3_0_25/source/rpc_server/srv_lsa_nt.c branches/SAMBA_3_0_26/source/modules/vfs_afsacl.c branches/SAMBA_3_0_26/source/nsswitch/idmap.c branches/SAMBA_3_0_26/source/nsswitch/winbindd_async.c branches/SAMBA_3_0_26/source/rpc_client/cli_svcctl.c branches/SAMBA_3_0_26/source/rpc_server/srv_lsa_nt.c Changeset: Modified: branches/SAMBA_3_0/source/modules/vfs_afsacl.c =================================================================== --- branches/SAMBA_3_0/source/modules/vfs_afsacl.c 2007-05-04 19:44:30 UTC (rev 22674) +++ branches/SAMBA_3_0/source/modules/vfs_afsacl.c 2007-05-04 22:01:26 UTC (rev 22675) @@ -616,7 +616,7 @@ uid_to_sid(&owner_sid, sbuf.st_uid); gid_to_sid(&group_sid, sbuf.st_gid); - if (num_aces) { + if (afs_acl->num_aces) { nt_ace_list = TALLOC_ARRAY(mem_ctx, SEC_ACE, afs_acl->num_aces); if (nt_ace_list == NULL) Modified: branches/SAMBA_3_0/source/nsswitch/idmap.c =================================================================== --- branches/SAMBA_3_0/source/nsswitch/idmap.c 2007-05-04 19:44:30 UTC (rev 22674) +++ branches/SAMBA_3_0/source/nsswitch/idmap.c 2007-05-04 22:01:26 UTC (rev 22675) @@ -1025,17 +1025,16 @@ DEBUG(10, ("Query backends to map sids->ids\n")); /* split list per domain */ - - if (num_domains) { - dom_ids = TALLOC_ZERO_ARRAY(ctx, struct id_map **, num_domains); - IDMAP_CHECK_ALLOC(dom_ids); - counters = TALLOC_ZERO_ARRAY(ctx, int, num_domains); - IDMAP_CHECK_ALLOC(counters); - } else { - dom_ids = NULL; - counters = NULL; + if (num_domains == 0) { + DEBUG(1, ("No domains available?\n")); + return NT_STATUS_UNSUCCESSFUL; } + dom_ids = TALLOC_ZERO_ARRAY(ctx, struct id_map **, num_domains); + IDMAP_CHECK_ALLOC(dom_ids); + counters = TALLOC_ZERO_ARRAY(ctx, int, num_domains); + IDMAP_CHECK_ALLOC(counters); + /* partition the requests by domain */ for (i = 0; ids[i]; i++) { Modified: branches/SAMBA_3_0/source/nsswitch/winbindd_async.c =================================================================== --- branches/SAMBA_3_0/source/nsswitch/winbindd_async.c 2007-05-04 19:44:30 UTC (rev 22674) +++ branches/SAMBA_3_0/source/nsswitch/winbindd_async.c 2007-05-04 22:01:26 UTC (rev 22675) @@ -273,6 +273,11 @@ DEBUG(3, ("[%5lu]: sids to unix ids\n", (unsigned long)state->pid)); + if (state->request.extra_len == 0) { + DEBUG(0, ("Invalid buffer size!\n")); + return WINBINDD_ERROR; + } + sids = (DOM_SID *)state->request.extra_data.data; num = state->request.extra_len / sizeof(DOM_SID); Modified: branches/SAMBA_3_0/source/rpc_client/cli_svcctl.c =================================================================== --- branches/SAMBA_3_0/source/rpc_client/cli_svcctl.c 2007-05-04 19:44:30 UTC (rev 22674) +++ branches/SAMBA_3_0/source/rpc_client/cli_svcctl.c 2007-05-04 22:01:26 UTC (rev 22675) @@ -209,8 +209,12 @@ return out.status; /* pull out the data */ - if ( !(services = TALLOC_ARRAY( mem_ctx, ENUM_SERVICES_STATUS, out.returned )) ) - return WERR_NOMEM; + if (out.returned) { + if ( !(services = TALLOC_ARRAY( mem_ctx, ENUM_SERVICES_STATUS, out.returned )) ) + return WERR_NOMEM; + } else { + services = NULL; + } for ( i=0; i<out.returned; i++ ) { svcctl_io_enum_services_status( "", &services[i], &out.buffer, 0 ); Modified: branches/SAMBA_3_0/source/rpc_server/srv_lsa_nt.c =================================================================== --- branches/SAMBA_3_0/source/rpc_server/srv_lsa_nt.c 2007-05-04 19:44:30 UTC (rev 22674) +++ branches/SAMBA_3_0/source/rpc_server/srv_lsa_nt.c 2007-05-04 22:01:26 UTC (rev 22675) @@ -825,7 +825,11 @@ *pp_mapped_count = 0; *pp_ref = NULL; *pp_names = NULL; - + + if (num_sids == 0) { + return NT_STATUS_OK; + } + names = TALLOC_ZERO_P(p->mem_ctx, LSA_TRANS_NAME_ENUM2); sids = TALLOC_ARRAY(p->mem_ctx, const DOM_SID *, num_sids); ref = TALLOC_ZERO_P(p->mem_ctx, DOM_R_REF); @@ -845,12 +849,10 @@ return status; } - if (num_sids > 0) { - names->name = TALLOC_ARRAY(names, LSA_TRANS_NAME2, num_sids); - names->uni_name = TALLOC_ARRAY(names, UNISTR2, num_sids); - if ((names->name == NULL) || (names->uni_name == NULL)) { - return NT_STATUS_NO_MEMORY; - } + names->name = TALLOC_ARRAY(names, LSA_TRANS_NAME2, num_sids); + names->uni_name = TALLOC_ARRAY(names, UNISTR2, num_sids); + if ((names->name == NULL) || (names->uni_name == NULL)) { + return NT_STATUS_NO_MEMORY; } for (i=0; i<MAX_REF_DOMAINS; i++) { Modified: branches/SAMBA_3_0_25/source/modules/vfs_afsacl.c =================================================================== --- branches/SAMBA_3_0_25/source/modules/vfs_afsacl.c 2007-05-04 19:44:30 UTC (rev 22674) +++ branches/SAMBA_3_0_25/source/modules/vfs_afsacl.c 2007-05-04 22:01:26 UTC (rev 22675) @@ -616,7 +616,7 @@ uid_to_sid(&owner_sid, sbuf.st_uid); gid_to_sid(&group_sid, sbuf.st_gid); - if (num_aces) { + if (afs_acl->num_aces) { nt_ace_list = TALLOC_ARRAY(mem_ctx, SEC_ACE, afs_acl->num_aces); if (nt_ace_list == NULL) Modified: branches/SAMBA_3_0_25/source/nsswitch/idmap.c =================================================================== --- branches/SAMBA_3_0_25/source/nsswitch/idmap.c 2007-05-04 19:44:30 UTC (rev 22674) +++ branches/SAMBA_3_0_25/source/nsswitch/idmap.c 2007-05-04 22:01:26 UTC (rev 22675) @@ -1025,17 +1025,16 @@ DEBUG(10, ("Query backends to map sids->ids\n")); /* split list per domain */ - - if (num_domains) { - dom_ids = TALLOC_ZERO_ARRAY(ctx, struct id_map **, num_domains); - IDMAP_CHECK_ALLOC(dom_ids); - counters = TALLOC_ZERO_ARRAY(ctx, int, num_domains); - IDMAP_CHECK_ALLOC(counters); - } else { - dom_ids = NULL; - counters = NULL; + if (num_domains == 0) { + DEBUG(1, ("No domains available?\n")); + return NT_STATUS_UNSUCCESSFUL; } + dom_ids = TALLOC_ZERO_ARRAY(ctx, struct id_map **, num_domains); + IDMAP_CHECK_ALLOC(dom_ids); + counters = TALLOC_ZERO_ARRAY(ctx, int, num_domains); + IDMAP_CHECK_ALLOC(counters); + /* partition the requests by domain */ for (i = 0; ids[i]; i++) { Modified: branches/SAMBA_3_0_25/source/nsswitch/winbindd_async.c =================================================================== --- branches/SAMBA_3_0_25/source/nsswitch/winbindd_async.c 2007-05-04 19:44:30 UTC (rev 22674) +++ branches/SAMBA_3_0_25/source/nsswitch/winbindd_async.c 2007-05-04 22:01:26 UTC (rev 22675) @@ -273,6 +273,11 @@ DEBUG(3, ("[%5lu]: sids to unix ids\n", (unsigned long)state->pid)); + if (state->request.extra_len == 0) { + DEBUG(0, ("Invalid buffer size!\n")); + return WINBINDD_ERROR; + } + sids = (DOM_SID *)state->request.extra_data.data; num = state->request.extra_len / sizeof(DOM_SID); Modified: branches/SAMBA_3_0_25/source/rpc_client/cli_svcctl.c =================================================================== --- branches/SAMBA_3_0_25/source/rpc_client/cli_svcctl.c 2007-05-04 19:44:30 UTC (rev 22674) +++ branches/SAMBA_3_0_25/source/rpc_client/cli_svcctl.c 2007-05-04 22:01:26 UTC (rev 22675) @@ -209,8 +209,12 @@ return out.status; /* pull out the data */ - if ( !(services = TALLOC_ARRAY( mem_ctx, ENUM_SERVICES_STATUS, out.returned )) ) - return WERR_NOMEM; + if (out.returned) { + if ( !(services = TALLOC_ARRAY( mem_ctx, ENUM_SERVICES_STATUS, out.returned )) ) + return WERR_NOMEM; + } else { + services = NULL; + } for ( i=0; i<out.returned; i++ ) { svcctl_io_enum_services_status( "", &services[i], &out.buffer, 0 ); Modified: branches/SAMBA_3_0_25/source/rpc_server/srv_lsa_nt.c =================================================================== --- branches/SAMBA_3_0_25/source/rpc_server/srv_lsa_nt.c 2007-05-04 19:44:30 UTC (rev 22674) +++ branches/SAMBA_3_0_25/source/rpc_server/srv_lsa_nt.c 2007-05-04 22:01:26 UTC (rev 22675) @@ -826,7 +826,11 @@ *pp_mapped_count = 0; *pp_ref = NULL; *pp_names = NULL; - + + if (num_sids == 0) { + return NT_STATUS_OK; + } + names = TALLOC_ZERO_P(p->mem_ctx, LSA_TRANS_NAME_ENUM2); sids = TALLOC_ARRAY(p->mem_ctx, const DOM_SID *, num_sids); ref = TALLOC_ZERO_P(p->mem_ctx, DOM_R_REF); @@ -846,12 +850,10 @@ return status; } - if (num_sids > 0) { - names->name = TALLOC_ARRAY(names, LSA_TRANS_NAME2, num_sids); - names->uni_name = TALLOC_ARRAY(names, UNISTR2, num_sids); - if ((names->name == NULL) || (names->uni_name == NULL)) { - return NT_STATUS_NO_MEMORY; - } + names->name = TALLOC_ARRAY(names, LSA_TRANS_NAME2, num_sids); + names->uni_name = TALLOC_ARRAY(names, UNISTR2, num_sids); + if ((names->name == NULL) || (names->uni_name == NULL)) { + return NT_STATUS_NO_MEMORY; } for (i=0; i<MAX_REF_DOMAINS; i++) { Modified: branches/SAMBA_3_0_26/source/modules/vfs_afsacl.c =================================================================== --- branches/SAMBA_3_0_26/source/modules/vfs_afsacl.c 2007-05-04 19:44:30 UTC (rev 22674) +++ branches/SAMBA_3_0_26/source/modules/vfs_afsacl.c 2007-05-04 22:01:26 UTC (rev 22675) @@ -616,7 +616,7 @@ uid_to_sid(&owner_sid, sbuf.st_uid); gid_to_sid(&group_sid, sbuf.st_gid); - if (num_aces) { + if (afs_acl->num_aces) { nt_ace_list = TALLOC_ARRAY(mem_ctx, SEC_ACE, afs_acl->num_aces); if (nt_ace_list == NULL) Modified: branches/SAMBA_3_0_26/source/nsswitch/idmap.c =================================================================== --- branches/SAMBA_3_0_26/source/nsswitch/idmap.c 2007-05-04 19:44:30 UTC (rev 22674) +++ branches/SAMBA_3_0_26/source/nsswitch/idmap.c 2007-05-04 22:01:26 UTC (rev 22675) @@ -1025,17 +1025,16 @@ DEBUG(10, ("Query backends to map sids->ids\n")); /* split list per domain */ - - if (num_domains) { - dom_ids = TALLOC_ZERO_ARRAY(ctx, struct id_map **, num_domains); - IDMAP_CHECK_ALLOC(dom_ids); - counters = TALLOC_ZERO_ARRAY(ctx, int, num_domains); - IDMAP_CHECK_ALLOC(counters); - } else { - dom_ids = NULL; - counters = NULL; + if (num_domains == 0) { + DEBUG(1, ("No domains available?\n")); + return NT_STATUS_UNSUCCESSFUL; } + dom_ids = TALLOC_ZERO_ARRAY(ctx, struct id_map **, num_domains); + IDMAP_CHECK_ALLOC(dom_ids); + counters = TALLOC_ZERO_ARRAY(ctx, int, num_domains); + IDMAP_CHECK_ALLOC(counters); + /* partition the requests by domain */ for (i = 0; ids[i]; i++) { Modified: branches/SAMBA_3_0_26/source/nsswitch/winbindd_async.c =================================================================== --- branches/SAMBA_3_0_26/source/nsswitch/winbindd_async.c 2007-05-04 19:44:30 UTC (rev 22674) +++ branches/SAMBA_3_0_26/source/nsswitch/winbindd_async.c 2007-05-04 22:01:26 UTC (rev 22675) @@ -273,6 +273,11 @@ DEBUG(3, ("[%5lu]: sids to unix ids\n", (unsigned long)state->pid)); + if (state->request.extra_len == 0) { + DEBUG(0, ("Invalid buffer size!\n")); + return WINBINDD_ERROR; + } + sids = (DOM_SID *)state->request.extra_data.data; num = state->request.extra_len / sizeof(DOM_SID); Modified: branches/SAMBA_3_0_26/source/rpc_client/cli_svcctl.c =================================================================== --- branches/SAMBA_3_0_26/source/rpc_client/cli_svcctl.c 2007-05-04 19:44:30 UTC (rev 22674) +++ branches/SAMBA_3_0_26/source/rpc_client/cli_svcctl.c 2007-05-04 22:01:26 UTC (rev 22675) @@ -209,8 +209,12 @@ return out.status; /* pull out the data */ - if ( !(services = TALLOC_ARRAY( mem_ctx, ENUM_SERVICES_STATUS, out.returned )) ) - return WERR_NOMEM; + if (out.returned) { + if ( !(services = TALLOC_ARRAY( mem_ctx, ENUM_SERVICES_STATUS, out.returned )) ) + return WERR_NOMEM; + } else { + services = NULL; + } for ( i=0; i<out.returned; i++ ) { svcctl_io_enum_services_status( "", &services[i], &out.buffer, 0 ); Modified: branches/SAMBA_3_0_26/source/rpc_server/srv_lsa_nt.c =================================================================== --- branches/SAMBA_3_0_26/source/rpc_server/srv_lsa_nt.c 2007-05-04 19:44:30 UTC (rev 22674) +++ branches/SAMBA_3_0_26/source/rpc_server/srv_lsa_nt.c 2007-05-04 22:01:26 UTC (rev 22675) @@ -826,7 +826,11 @@ *pp_mapped_count = 0; *pp_ref = NULL; *pp_names = NULL; - + + if (num_sids == 0) { + return NT_STATUS_OK; + } + names = TALLOC_ZERO_P(p->mem_ctx, LSA_TRANS_NAME_ENUM2); sids = TALLOC_ARRAY(p->mem_ctx, const DOM_SID *, num_sids); ref = TALLOC_ZERO_P(p->mem_ctx, DOM_R_REF); @@ -846,12 +850,10 @@ return status; } - if (num_sids > 0) { - names->name = TALLOC_ARRAY(names, LSA_TRANS_NAME2, num_sids); - names->uni_name = TALLOC_ARRAY(names, UNISTR2, num_sids); - if ((names->name == NULL) || (names->uni_name == NULL)) { - return NT_STATUS_NO_MEMORY; - } + names->name = TALLOC_ARRAY(names, LSA_TRANS_NAME2, num_sids); + names->uni_name = TALLOC_ARRAY(names, UNISTR2, num_sids); + if ((names->name == NULL) || (names->uni_name == NULL)) { + return NT_STATUS_NO_MEMORY; } for (i=0; i<MAX_REF_DOMAINS; i++) {
