The branch, v3-3-test has been updated via ba576efa8f884f3dd37bb5035fbb47ae0305c0b0 (commit) from b7d6536b323df9c5503b6a225e03a47ae2112e5c (commit)
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-3-test - Log ----------------------------------------------------------------- commit ba576efa8f884f3dd37bb5035fbb47ae0305c0b0 Author: todd stecher <todd.stec...@gmail.com> Date: Thu Jan 22 10:17:37 2009 -0800 Memory leaks and other fixes found by Coverity ----------------------------------------------------------------------- Summary of changes: source/auth/pampass.c | 4 ++- source/include/proto.h | 2 +- source/lib/dprintf.c | 26 ++++++++------ source/libsmb/clikrb5.c | 10 +++--- source/nmbd/nmbd_incomingrequests.c | 4 +- source/nmbd/nmbd_serverlistdb.c | 2 +- source/passdb/pdb_interface.c | 6 +++ source/passdb/pdb_ldap.c | 1 + source/rpc_client/cli_spoolss.c | 66 +++++++++++++++++++++++----------- source/rpc_parse/parse_buffer.c | 11 +++--- source/rpc_server/srv_pipe.c | 4 ++- source/rpc_server/srv_spoolss_nt.c | 3 +- source/rpc_server/srv_svcctl_nt.c | 1 - source/utils/net_rpc.c | 12 +++++- source/winbindd/winbindd_group.c | 8 ++++- source/winbindd/winbindd_user.c | 8 ++++- source/winbindd/winbindd_util.c | 12 +++++- source/winbindd/winbindd_wins.c | 10 ++++- 18 files changed, 131 insertions(+), 59 deletions(-) Changeset truncated at 500 lines: diff --git a/source/auth/pampass.c b/source/auth/pampass.c index 9345eed..4312b77 100644 --- a/source/auth/pampass.c +++ b/source/auth/pampass.c @@ -462,7 +462,9 @@ static bool smb_pam_end(pam_handle_t *pamh, struct pam_conv *smb_pam_conv_ptr) static bool smb_pam_start(pam_handle_t **pamh, const char *user, const char *rhost, struct pam_conv *pconv) { int pam_error; +#ifdef PAM_RHOST const char *our_rhost; +#endif char addr[INET6_ADDRSTRLEN]; *pamh = (pam_handle_t *)NULL; @@ -475,6 +477,7 @@ static bool smb_pam_start(pam_handle_t **pamh, const char *user, const char *rho return False; } +#ifdef PAM_RHOST if (rhost == NULL) { our_rhost = client_name(get_client_fd()); if (strequal(our_rhost,"UNKNOWN")) @@ -483,7 +486,6 @@ static bool smb_pam_start(pam_handle_t **pamh, const char *user, const char *rho our_rhost = rhost; } -#ifdef PAM_RHOST DEBUG(4,("smb_pam_start: PAM: setting rhost to: %s\n", our_rhost)); pam_error = pam_set_item(*pamh, PAM_RHOST, our_rhost); if(!smb_pam_error_handler(*pamh, pam_error, "set rhost failed", 0)) { diff --git a/source/include/proto.h b/source/include/proto.h index 6b7291f..b1e3a08 100644 --- a/source/include/proto.h +++ b/source/include/proto.h @@ -7632,7 +7632,7 @@ NTSTATUS cli_do_rpc_ndr(struct rpc_pipe_client *cli, /* The following definitions come from rpc_parse/parse_buffer.c */ -void rpcbuf_init(RPC_BUFFER *buffer, uint32 size, TALLOC_CTX *ctx); +bool rpcbuf_init(RPC_BUFFER *buffer, uint32 size, TALLOC_CTX *ctx); bool prs_rpcbuffer(const char *desc, prs_struct *ps, int depth, RPC_BUFFER *buffer); bool prs_rpcbuffer_p(const char *desc, prs_struct *ps, int depth, RPC_BUFFER **buffer); bool rpcbuf_alloc_size(RPC_BUFFER *buffer, uint32 buffer_size); diff --git a/source/lib/dprintf.c b/source/lib/dprintf.c index a3bb5be..34cc92a 100644 --- a/source/lib/dprintf.c +++ b/source/lib/dprintf.c @@ -32,24 +32,27 @@ int d_vfprintf(FILE *f, const char *format, va_list ap) { - char *p, *p2; + char *p = NULL, *p2 = NULL; int ret, maxlen, clen; const char *msgstr; va_list ap2; + VA_COPY(ap2, ap); + /* do any message translations */ msgstr = lang_msg(format); - if (!msgstr) return -1; - - VA_COPY(ap2, ap); + if (!msgstr) { + ret = -1; + goto out; + } ret = vasprintf(&p, msgstr, ap2); lang_msg_free(msgstr); if (ret <= 0) { - va_end(ap2); - return ret; + ret = -1; + goto out; } /* now we have the string in unix format, convert it to the display @@ -58,10 +61,10 @@ again: p2 = (char *)SMB_MALLOC(maxlen); if (!p2) { - SAFE_FREE(p); - va_end(ap2); - return -1; + ret = -1; + goto out; } + clen = convert_string(CH_UNIX, CH_DISPLAY, p, ret, p2, maxlen, True); if (clen >= maxlen) { @@ -72,10 +75,11 @@ again: } /* good, its converted OK */ - SAFE_FREE(p); ret = fwrite(p2, 1, clen, f); - SAFE_FREE(p2); +out: + SAFE_FREE(p); + SAFE_FREE(p2); va_end(ap2); return ret; diff --git a/source/libsmb/clikrb5.c b/source/libsmb/clikrb5.c index b8afb57..da76c46 100644 --- a/source/libsmb/clikrb5.c +++ b/source/libsmb/clikrb5.c @@ -1407,7 +1407,7 @@ done: addrs = (krb5_address **)SMB_MALLOC(sizeof(krb5_address *) * num_addr); if (addrs == NULL) { - SAFE_FREE(kerb_addr); + SAFE_FREE(*kerb_addr); return ENOMEM; } @@ -1416,7 +1416,7 @@ done: addrs[0] = (krb5_address *)SMB_MALLOC(sizeof(krb5_address)); if (addrs[0] == NULL) { SAFE_FREE(addrs); - SAFE_FREE(kerb_addr); + SAFE_FREE(*kerb_addr); return ENOMEM; } @@ -1427,7 +1427,7 @@ done: if (addrs[0]->contents == NULL) { SAFE_FREE(addrs[0]); SAFE_FREE(addrs); - SAFE_FREE(kerb_addr); + SAFE_FREE(*kerb_addr); return ENOMEM; } @@ -1439,7 +1439,7 @@ done: { addrs = (krb5_addresses *)SMB_MALLOC(sizeof(krb5_addresses)); if (addrs == NULL) { - SAFE_FREE(kerb_addr); + SAFE_FREE(*kerb_addr); return ENOMEM; } @@ -1459,7 +1459,7 @@ done: if (addrs->val[0].address.data == NULL) { SAFE_FREE(addrs->val); SAFE_FREE(addrs); - SAFE_FREE(kerb_addr); + SAFE_FREE(*kerb_addr); return ENOMEM; } diff --git a/source/nmbd/nmbd_incomingrequests.c b/source/nmbd/nmbd_incomingrequests.c index ebe1948..63f9a3a 100644 --- a/source/nmbd/nmbd_incomingrequests.c +++ b/source/nmbd/nmbd_incomingrequests.c @@ -314,14 +314,14 @@ void process_node_status_request(struct subnet_record *subrec, struct packet_str char rdata[MAX_DGRAM_SIZE]; char *countptr, *buf, *bufend, *buf0; int names_added,i; - struct name_record *namerec; + struct name_record *namerec = NULL; pull_ascii_nstring(qname, sizeof(qname), nmb->question.question_name.name); DEBUG(3,("process_node_status_request: status request for name %s from IP %s on \ subnet %s.\n", nmb_namestr(&nmb->question.question_name), inet_ntoa(p->ip), subrec->subnet_name)); - if((namerec = find_name_on_subnet(subrec, &nmb->question.question_name, FIND_SELF_NAME)) == 0) { + if(find_name_on_subnet(subrec, &nmb->question.question_name, FIND_SELF_NAME) == 0) { DEBUG(1,("process_node_status_request: status request for name %s from IP %s on \ subnet %s - name not found.\n", nmb_namestr(&nmb->question.question_name), inet_ntoa(p->ip), subrec->subnet_name)); diff --git a/source/nmbd/nmbd_serverlistdb.c b/source/nmbd/nmbd_serverlistdb.c index 349c3f4..b35d8bb 100644 --- a/source/nmbd/nmbd_serverlistdb.c +++ b/source/nmbd/nmbd_serverlistdb.c @@ -128,7 +128,7 @@ struct server_record *create_server_on_workgroup(struct work_record *work, return (NULL); } - if((servrec = find_server_in_workgroup(work, name)) != NULL) { + if(find_server_in_workgroup(work, name) != NULL) { DEBUG(0,("create_server_on_workgroup: Server %s already exists on \ workgroup %s. This is a bug.\n", name, work->work_group)); return NULL; diff --git a/source/passdb/pdb_interface.c b/source/passdb/pdb_interface.c index b13644b..486b5b1 100644 --- a/source/passdb/pdb_interface.c +++ b/source/passdb/pdb_interface.c @@ -605,6 +605,9 @@ static NTSTATUS pdb_default_delete_dom_group(struct pdb_methods *methods, struct group *grp; const char *grp_name; + /* coverity */ + map.gid = (gid_t) -1; + sid_compose(&group_sid, get_global_sam_sid(), rid); if (!get_domain_group_from_sid(group_sid, &map)) { @@ -780,6 +783,9 @@ static NTSTATUS pdb_default_add_groupmem(struct pdb_methods *methods, const char *group_name; uid_t uid; + /* coverity */ + map.gid = (gid_t) -1; + sid_compose(&group_sid, get_global_sam_sid(), group_rid); sid_compose(&member_sid, get_global_sam_sid(), member_rid); diff --git a/source/passdb/pdb_ldap.c b/source/passdb/pdb_ldap.c index f031483..043b620 100644 --- a/source/passdb/pdb_ldap.c +++ b/source/passdb/pdb_ldap.c @@ -4221,6 +4221,7 @@ const char **talloc_attrs(TALLOC_CTX *mem_ctx, ...) result[i] = talloc_strdup(result, va_arg(ap, const char*)); if (result[i] == NULL) { talloc_free(result); + va_end(ap); return NULL; } } diff --git a/source/rpc_client/cli_spoolss.c b/source/rpc_client/cli_spoolss.c index 69cee6c..30a707f 100644 --- a/source/rpc_client/cli_spoolss.c +++ b/source/rpc_client/cli_spoolss.c @@ -521,7 +521,8 @@ WERROR rpccli_spoolss_enum_printers(struct rpc_pipe_client *cli, TALLOC_CTX *mem ZERO_STRUCT(out); offered = 0; - rpcbuf_init(&buffer, offered, mem_ctx); + if (!rpcbuf_init(&buffer, offered, mem_ctx)) + return WERR_NOMEM; make_spoolss_q_enumprinters( &in, flags, name, level, &buffer, offered ); CLI_DO_RPC_WERR( cli, mem_ctx, &syntax_spoolss, SPOOLSS_ENUMPRINTERS, @@ -537,7 +538,8 @@ WERROR rpccli_spoolss_enum_printers(struct rpc_pipe_client *cli, TALLOC_CTX *mem ZERO_STRUCT(in); ZERO_STRUCT(out); - rpcbuf_init(&buffer, offered, mem_ctx); + if (!rpcbuf_init(&buffer, offered, mem_ctx)) + return WERR_NOMEM; make_spoolss_q_enumprinters( &in, flags, name, level, &buffer, offered ); CLI_DO_RPC_WERR( cli, mem_ctx, &syntax_spoolss, SPOOLSS_ENUMPRINTERS, @@ -601,7 +603,8 @@ WERROR rpccli_spoolss_enum_ports(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ct strupper_m(server); offered = 0; - rpcbuf_init(&buffer, offered, mem_ctx); + if (!rpcbuf_init(&buffer, offered, mem_ctx)) + return WERR_NOMEM; make_spoolss_q_enumports( &in, server, level, &buffer, offered ); CLI_DO_RPC_WERR( cli, mem_ctx, &syntax_spoolss, SPOOLSS_ENUMPORTS, @@ -617,7 +620,8 @@ WERROR rpccli_spoolss_enum_ports(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ct ZERO_STRUCT(in); ZERO_STRUCT(out); - rpcbuf_init(&buffer, offered, mem_ctx); + if (!rpcbuf_init(&buffer, offered, mem_ctx)) + return WERR_NOMEM; make_spoolss_q_enumports( &in, server, level, &buffer, offered ); CLI_DO_RPC_WERR( cli, mem_ctx, &syntax_spoolss, SPOOLSS_ENUMPORTS, @@ -670,7 +674,8 @@ WERROR rpccli_spoolss_getprinter(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ct /* Initialise input parameters */ offered = 0; - rpcbuf_init(&buffer, offered, mem_ctx); + if (!rpcbuf_init(&buffer, offered, mem_ctx)) + return WERR_NOMEM; make_spoolss_q_getprinter( mem_ctx, &in, pol, level, &buffer, offered ); CLI_DO_RPC_WERR( cli, mem_ctx, &syntax_spoolss, SPOOLSS_GETPRINTER, @@ -686,7 +691,8 @@ WERROR rpccli_spoolss_getprinter(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ct ZERO_STRUCT(in); ZERO_STRUCT(out); - rpcbuf_init(&buffer, offered, mem_ctx); + if (!rpcbuf_init(&buffer, offered, mem_ctx)) + return WERR_NOMEM; make_spoolss_q_getprinter( mem_ctx, &in, pol, level, &buffer, offered ); CLI_DO_RPC_WERR( cli, mem_ctx, &syntax_spoolss, SPOOLSS_GETPRINTER, @@ -781,7 +787,8 @@ WERROR rpccli_spoolss_getprinterdriver(struct rpc_pipe_client *cli, strupper_m(server); offered = 0; - rpcbuf_init(&buffer, offered, mem_ctx); + if (!rpcbuf_init(&buffer, offered, mem_ctx)) + return WERR_NOMEM; make_spoolss_q_getprinterdriver2( &in, pol, env, level, version, 2, &buffer, offered); @@ -798,7 +805,8 @@ WERROR rpccli_spoolss_getprinterdriver(struct rpc_pipe_client *cli, ZERO_STRUCT(in); ZERO_STRUCT(out); - rpcbuf_init(&buffer, offered, mem_ctx); + if (!rpcbuf_init(&buffer, offered, mem_ctx)) + return WERR_NOMEM; make_spoolss_q_getprinterdriver2( &in, pol, env, level, version, 2, &buffer, offered); @@ -859,7 +867,8 @@ WERROR rpccli_spoolss_enumprinterdrivers (struct rpc_pipe_client *cli, strupper_m(server); offered = 0; - rpcbuf_init(&buffer, offered, mem_ctx); + if (!rpcbuf_init(&buffer, offered, mem_ctx)) + return WERR_NOMEM; make_spoolss_q_enumprinterdrivers( &in, server, env, level, &buffer, offered); @@ -876,7 +885,8 @@ WERROR rpccli_spoolss_enumprinterdrivers (struct rpc_pipe_client *cli, ZERO_STRUCT(in); ZERO_STRUCT(out); - rpcbuf_init(&buffer, offered, mem_ctx); + if (!rpcbuf_init(&buffer, offered, mem_ctx)) + return WERR_NOMEM; make_spoolss_q_enumprinterdrivers( &in, server, env, level, &buffer, offered); @@ -942,7 +952,8 @@ WERROR rpccli_spoolss_getprinterdriverdir (struct rpc_pipe_client *cli, strupper_m(server); offered = 0; - rpcbuf_init(&buffer, offered, mem_ctx); + if (!rpcbuf_init(&buffer, offered, mem_ctx)) + return WERR_NOMEM; make_spoolss_q_getprinterdriverdir( &in, server, env, level, &buffer, offered ); @@ -959,7 +970,8 @@ WERROR rpccli_spoolss_getprinterdriverdir (struct rpc_pipe_client *cli, ZERO_STRUCT(in); ZERO_STRUCT(out); - rpcbuf_init(&buffer, offered, mem_ctx); + if (!rpcbuf_init(&buffer, offered, mem_ctx)) + return WERR_NOMEM; make_spoolss_q_getprinterdriverdir( &in, server, env, level, &buffer, offered ); @@ -1125,7 +1137,8 @@ WERROR rpccli_spoolss_getprintprocessordirectory(struct rpc_pipe_client *cli, ZERO_STRUCT(out); offered = 0; - rpcbuf_init(&buffer, offered, mem_ctx); + if (!rpcbuf_init(&buffer, offered, mem_ctx)) + return WERR_NOMEM; make_spoolss_q_getprintprocessordirectory( &in, name, environment, level, &buffer, offered ); @@ -1142,7 +1155,8 @@ WERROR rpccli_spoolss_getprintprocessordirectory(struct rpc_pipe_client *cli, ZERO_STRUCT(in); ZERO_STRUCT(out); - rpcbuf_init(&buffer, offered, mem_ctx); + if (!rpcbuf_init(&buffer, offered, mem_ctx)) + return WERR_NOMEM; make_spoolss_q_getprintprocessordirectory( &in, name, environment, level, &buffer, offered ); @@ -1230,7 +1244,8 @@ WERROR rpccli_spoolss_getform(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx, ZERO_STRUCT(out); offered = 0; - rpcbuf_init(&buffer, offered, mem_ctx); + if (!rpcbuf_init(&buffer, offered, mem_ctx)) + return WERR_NOMEM; make_spoolss_q_getform( &in, handle, formname, level, &buffer, offered ); CLI_DO_RPC_WERR( cli, mem_ctx, &syntax_spoolss, SPOOLSS_GETFORM, @@ -1246,7 +1261,8 @@ WERROR rpccli_spoolss_getform(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx, ZERO_STRUCT(in); ZERO_STRUCT(out); - rpcbuf_init(&buffer, offered, mem_ctx); + if (!rpcbuf_init(&buffer, offered, mem_ctx)) + return WERR_NOMEM; make_spoolss_q_getform( &in, handle, formname, level, &buffer, offered ); CLI_DO_RPC_WERR( cli, mem_ctx, &syntax_spoolss, SPOOLSS_GETFORM, @@ -1309,7 +1325,8 @@ WERROR rpccli_spoolss_enumforms(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx ZERO_STRUCT(out); offered = 0; - rpcbuf_init(&buffer, offered, mem_ctx); + if (!rpcbuf_init(&buffer, offered, mem_ctx)) + return WERR_NOMEM; make_spoolss_q_enumforms( &in, handle, level, &buffer, offered ); CLI_DO_RPC_WERR( cli, mem_ctx, &syntax_spoolss, SPOOLSS_ENUMFORMS, @@ -1325,7 +1342,8 @@ WERROR rpccli_spoolss_enumforms(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx ZERO_STRUCT(in); ZERO_STRUCT(out); - rpcbuf_init(&buffer, offered, mem_ctx); + if (!rpcbuf_init(&buffer, offered, mem_ctx)) + return WERR_NOMEM; make_spoolss_q_enumforms( &in, handle, level, &buffer, offered ); CLI_DO_RPC_WERR( cli, mem_ctx, &syntax_spoolss, SPOOLSS_ENUMFORMS, @@ -1365,7 +1383,8 @@ WERROR rpccli_spoolss_enumjobs(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx, ZERO_STRUCT(out); offered = 0; - rpcbuf_init(&buffer, offered, mem_ctx); + if (!rpcbuf_init(&buffer, offered, mem_ctx)) + return WERR_NOMEM; make_spoolss_q_enumjobs( &in, hnd, firstjob, num_jobs, level, &buffer, offered ); @@ -1382,7 +1401,8 @@ WERROR rpccli_spoolss_enumjobs(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx, ZERO_STRUCT(in); ZERO_STRUCT(out); - rpcbuf_init(&buffer, offered, mem_ctx); + if (!rpcbuf_init(&buffer, offered, mem_ctx)) + return WERR_NOMEM; make_spoolss_q_enumjobs( &in, hnd, firstjob, num_jobs, level, &buffer, offered ); @@ -1461,7 +1481,8 @@ WERROR rpccli_spoolss_getjob(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx, ZERO_STRUCT(out); offered = 0; - rpcbuf_init(&buffer, offered, mem_ctx); + if (!rpcbuf_init(&buffer, offered, mem_ctx)) + return WERR_NOMEM; make_spoolss_q_getjob( &in, hnd, jobid, level, &buffer, offered ); CLI_DO_RPC_WERR( cli, mem_ctx, &syntax_spoolss, SPOOLSS_GETJOB, @@ -1477,7 +1498,8 @@ WERROR rpccli_spoolss_getjob(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx, ZERO_STRUCT(in); ZERO_STRUCT(out); - rpcbuf_init(&buffer, offered, mem_ctx); + if (!rpcbuf_init(&buffer, offered, mem_ctx)) + return WERR_NOMEM; make_spoolss_q_getjob( &in, hnd, jobid, level, &buffer, offered ); CLI_DO_RPC_WERR( cli, mem_ctx, &syntax_spoolss, SPOOLSS_GETJOB, diff --git a/source/rpc_parse/parse_buffer.c b/source/rpc_parse/parse_buffer.c index 63a73c4..296c487 100644 --- a/source/rpc_parse/parse_buffer.c +++ b/source/rpc_parse/parse_buffer.c @@ -30,14 +30,15 @@ /********************************************************************** Initialize a new spoolss buff for use by a client rpc **********************************************************************/ -void rpcbuf_init(RPC_BUFFER *buffer, uint32 size, TALLOC_CTX *ctx) +bool rpcbuf_init(RPC_BUFFER *buffer, uint32 size, TALLOC_CTX *ctx) { buffer->size = size; buffer->string_at_end = size; - if (prs_init(&buffer->prs, size, ctx, MARSHALL)) - buffer->struct_start = prs_offset(&buffer->prs); - else - buffer->struct_start = 0; + if (!prs_init(&buffer->prs, size, ctx, MARSHALL)) + return false; + + buffer->struct_start = prs_offset(&buffer->prs); + return true; } /******************************************************************* diff --git a/source/rpc_server/srv_pipe.c b/source/rpc_server/srv_pipe.c index be7d3db..705add6 100644 --- a/source/rpc_server/srv_pipe.c +++ b/source/rpc_server/srv_pipe.c @@ -732,7 +732,7 @@ static int rpc_lookup_size; bool api_pipe_bind_auth3(pipes_struct *p, prs_struct *rpc_in_p) { RPC_HDR_AUTH auth_info; - uint32 pad; + uint32 pad = 0; DATA_BLOB blob; ZERO_STRUCT(blob); @@ -1871,6 +1871,8 @@ bool api_pipe_alter_context(pipes_struct *p, prs_struct *rpc_in_p) return False; } + ZERO_STRUCT(hdr_rb); + DEBUG(5,("api_pipe_alter_context: decode request. %d\n", __LINE__)); /* decode the alter context request */ diff --git a/source/rpc_server/srv_spoolss_nt.c b/source/rpc_server/srv_spoolss_nt.c -- Samba Shared Repository