Author: jra Date: 2007-05-04 22:15:33 +0000 (Fri, 04 May 2007) New Revision: 22676
WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=22676 Log: Fix zero alloc with create_rpc_blob(). Jeremy. Modified: branches/SAMBA_3_0/source/rpc_parse/parse_misc.c branches/SAMBA_3_0_25/source/rpc_parse/parse_misc.c branches/SAMBA_3_0_26/source/rpc_parse/parse_misc.c Changeset: Modified: branches/SAMBA_3_0/source/rpc_parse/parse_misc.c =================================================================== --- branches/SAMBA_3_0/source/rpc_parse/parse_misc.c 2007-05-04 22:01:26 UTC (rev 22675) +++ branches/SAMBA_3_0/source/rpc_parse/parse_misc.c 2007-05-04 22:15:33 UTC (rev 22676) @@ -483,12 +483,17 @@ Allocate the RPC_DATA_BLOB memory. ********************************************************************/ -size_t create_rpc_blob(RPC_DATA_BLOB *str, size_t len) +static void create_rpc_blob(RPC_DATA_BLOB *str, size_t len) { - str->buffer = (uint8 *)TALLOC_ZERO(get_talloc_ctx(), len); - if (str->buffer == NULL) - smb_panic("create_rpc_blob: talloc fail\n"); - return len; + if (len) { + str->buffer = (uint8 *)TALLOC_ZERO(get_talloc_ctx(), len); + if (str->buffer == NULL) + smb_panic("create_rpc_blob: talloc fail\n"); + str->buf_len = len; + } else { + str->buffer = NULL; + str->buf_len = 0; + } } /******************************************************************* @@ -500,7 +505,7 @@ ZERO_STRUCTP(str); /* set up string lengths. */ - str->buf_len = create_rpc_blob(str, sizeof(uint32)); + create_rpc_blob(str, sizeof(uint32)); SIVAL(str->buffer, 0, val); } @@ -513,9 +518,10 @@ ZERO_STRUCTP(str); /* set up string lengths. */ - str->buf_len = create_rpc_blob(str, len*2); - rpcstr_push(str->buffer, buf, (size_t)str->buf_len, STR_TERMINATE); - + if (len) { + create_rpc_blob(str, len*2); + rpcstr_push(str->buffer, buf, (size_t)str->buf_len, STR_TERMINATE); + } } /******************************************************************* @@ -525,8 +531,10 @@ void init_rpc_blob_hex(RPC_DATA_BLOB *str, const char *buf) { ZERO_STRUCTP(str); - str->buf_len = create_rpc_blob(str, strlen(buf)); - str->buf_len = strhex_to_str((char *)str->buffer, str->buf_len, buf); + if (buf && *buf) { + create_rpc_blob(str, strlen(buf)); + str->buf_len = strhex_to_str((char *)str->buffer, str->buf_len, buf); + } } /******************************************************************* @@ -538,8 +546,8 @@ ZERO_STRUCTP(str); /* max buffer size (allocated size) */ - if (buf != NULL) { - len = create_rpc_blob(str, len); + if (buf != NULL && len) { + create_rpc_blob(str, len); memcpy(str->buffer, buf, len); } str->buf_len = len; Modified: branches/SAMBA_3_0_25/source/rpc_parse/parse_misc.c =================================================================== --- branches/SAMBA_3_0_25/source/rpc_parse/parse_misc.c 2007-05-04 22:01:26 UTC (rev 22675) +++ branches/SAMBA_3_0_25/source/rpc_parse/parse_misc.c 2007-05-04 22:15:33 UTC (rev 22676) @@ -530,12 +530,17 @@ Allocate the RPC_DATA_BLOB memory. ********************************************************************/ -size_t create_rpc_blob(RPC_DATA_BLOB *str, size_t len) +static void create_rpc_blob(RPC_DATA_BLOB *str, size_t len) { - str->buffer = (uint8 *)TALLOC_ZERO(get_talloc_ctx(), len); - if (str->buffer == NULL) - smb_panic("create_rpc_blob: talloc fail\n"); - return len; + if (len) { + str->buffer = (uint8 *)TALLOC_ZERO(get_talloc_ctx(), len); + if (str->buffer == NULL) + smb_panic("create_rpc_blob: talloc fail\n"); + str->buf_len = len; + } else { + str->buffer = NULL; + str->buf_len = 0; + } } /******************************************************************* @@ -547,7 +552,7 @@ ZERO_STRUCTP(str); /* set up string lengths. */ - str->buf_len = create_rpc_blob(str, sizeof(uint32)); + create_rpc_blob(str, sizeof(uint32)); SIVAL(str->buffer, 0, val); } @@ -560,9 +565,10 @@ ZERO_STRUCTP(str); /* set up string lengths. */ - str->buf_len = create_rpc_blob(str, len*2); - rpcstr_push(str->buffer, buf, (size_t)str->buf_len, STR_TERMINATE); - + if (len) { + create_rpc_blob(str, len*2); + rpcstr_push(str->buffer, buf, (size_t)str->buf_len, STR_TERMINATE); + } } /******************************************************************* @@ -572,8 +578,10 @@ void init_rpc_blob_hex(RPC_DATA_BLOB *str, const char *buf) { ZERO_STRUCTP(str); - str->buf_len = create_rpc_blob(str, strlen(buf)); - str->buf_len = strhex_to_str((char *)str->buffer, str->buf_len, buf); + if (buf && *buf) { + create_rpc_blob(str, strlen(buf)); + str->buf_len = strhex_to_str((char *)str->buffer, str->buf_len, buf); + } } /******************************************************************* @@ -585,8 +593,8 @@ ZERO_STRUCTP(str); /* max buffer size (allocated size) */ - if (buf != NULL) { - len = create_rpc_blob(str, len); + if (buf != NULL && len) { + create_rpc_blob(str, len); memcpy(str->buffer, buf, len); } str->buf_len = len; Modified: branches/SAMBA_3_0_26/source/rpc_parse/parse_misc.c =================================================================== --- branches/SAMBA_3_0_26/source/rpc_parse/parse_misc.c 2007-05-04 22:01:26 UTC (rev 22675) +++ branches/SAMBA_3_0_26/source/rpc_parse/parse_misc.c 2007-05-04 22:15:33 UTC (rev 22676) @@ -530,12 +530,17 @@ Allocate the RPC_DATA_BLOB memory. ********************************************************************/ -size_t create_rpc_blob(RPC_DATA_BLOB *str, size_t len) +static void create_rpc_blob(RPC_DATA_BLOB *str, size_t len) { - str->buffer = (uint8 *)TALLOC_ZERO(get_talloc_ctx(), len); - if (str->buffer == NULL) - smb_panic("create_rpc_blob: talloc fail\n"); - return len; + if (len) { + str->buffer = (uint8 *)TALLOC_ZERO(get_talloc_ctx(), len); + if (str->buffer == NULL) + smb_panic("create_rpc_blob: talloc fail\n"); + str->buf_len = len; + } else { + str->buffer = NULL; + str->buf_len = 0; + } } /******************************************************************* @@ -547,7 +552,7 @@ ZERO_STRUCTP(str); /* set up string lengths. */ - str->buf_len = create_rpc_blob(str, sizeof(uint32)); + create_rpc_blob(str, sizeof(uint32)); SIVAL(str->buffer, 0, val); } @@ -560,9 +565,10 @@ ZERO_STRUCTP(str); /* set up string lengths. */ - str->buf_len = create_rpc_blob(str, len*2); - rpcstr_push(str->buffer, buf, (size_t)str->buf_len, STR_TERMINATE); - + if (len) { + create_rpc_blob(str, len*2); + rpcstr_push(str->buffer, buf, (size_t)str->buf_len, STR_TERMINATE); + } } /******************************************************************* @@ -572,8 +578,10 @@ void init_rpc_blob_hex(RPC_DATA_BLOB *str, const char *buf) { ZERO_STRUCTP(str); - str->buf_len = create_rpc_blob(str, strlen(buf)); - str->buf_len = strhex_to_str((char *)str->buffer, str->buf_len, buf); + if (buf && *buf) { + create_rpc_blob(str, strlen(buf)); + str->buf_len = strhex_to_str((char *)str->buffer, str->buf_len, buf); + } } /******************************************************************* @@ -585,8 +593,8 @@ ZERO_STRUCTP(str); /* max buffer size (allocated size) */ - if (buf != NULL) { - len = create_rpc_blob(str, len); + if (buf != NULL && len) { + create_rpc_blob(str, len); memcpy(str->buffer, buf, len); } str->buf_len = len;