2007-11-29 13:24:14 -08:00
/*
2002-01-30 06:08:46 +00:00
Unix SMB / CIFS implementation .
2000-04-25 14:04:06 +00:00
client directory list routines
Copyright ( C ) Andrew Tridgell 1994 - 1998
2007-11-29 13:24:14 -08:00
2000-04-25 14:04:06 +00:00
This program is free software ; you can redistribute it and / or modify
it under the terms of the GNU General Public License as published by
2007-07-09 19:25:36 +00:00
the Free Software Foundation ; either version 3 of the License , or
2000-04-25 14:04:06 +00:00
( at your option ) any later version .
2007-11-29 13:24:14 -08:00
2000-04-25 14:04:06 +00:00
This program is distributed in the hope that it will be useful ,
but WITHOUT ANY WARRANTY ; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE . See the
GNU General Public License for more details .
2007-11-29 13:24:14 -08:00
2000-04-25 14:04:06 +00:00
You should have received a copy of the GNU General Public License
2007-07-10 00:52:41 +00:00
along with this program . If not , see < http : //www.gnu.org/licenses/>.
2000-04-25 14:04:06 +00:00
*/
# include "includes.h"
2007-11-29 13:24:14 -08:00
/****************************************************************************
Calculate a safe next_entry_offset .
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
static size_t calc_next_entry_offset ( const char * base , const char * pdata_end )
{
size_t next_entry_offset = ( size_t ) IVAL ( base , 0 ) ;
if ( next_entry_offset = = 0 | |
base + next_entry_offset < base | |
base + next_entry_offset > pdata_end ) {
next_entry_offset = pdata_end - base ;
}
return next_entry_offset ;
}
2000-04-25 14:04:06 +00:00
/****************************************************************************
2002-09-25 15:19:00 +00:00
Interpret a long filename structure - this is mostly guesses at the moment .
The length of the structure is returned
The structure of a long filename depends on the info level . 260 is used
by NT and 2 is used by OS / 2
2000-04-25 14:04:06 +00:00
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
2002-09-25 15:19:00 +00:00
2007-12-06 10:10:16 -08:00
static size_t interpret_long_filename ( TALLOC_CTX * ctx ,
struct cli_state * cli ,
2007-11-29 13:24:14 -08:00
int level ,
const char * p ,
const char * pdata_end ,
file_info * finfo ,
uint32 * p_resume_key ,
DATA_BLOB * p_last_name_raw )
2000-04-25 14:04:06 +00:00
{
2001-07-07 21:23:32 +00:00
int len ;
2007-12-06 10:10:16 -08:00
size_t ret ;
2007-11-29 13:24:14 -08:00
const char * base = p ;
data_blob_free ( p_last_name_raw ) ;
2000-04-25 14:04:06 +00:00
2005-05-31 19:06:52 +00:00
if ( p_resume_key ) {
* p_resume_key = 0 ;
}
2007-12-06 10:10:16 -08:00
ZERO_STRUCTP ( finfo ) ;
2007-03-08 23:54:57 +00:00
finfo - > cli = cli ;
2000-04-25 14:04:06 +00:00
2002-09-25 15:19:00 +00:00
switch ( level ) {
2000-04-25 14:04:06 +00:00
case 1 : /* OS/2 understands this */
2001-07-07 21:23:32 +00:00
/* these dates are converted to GMT by
make_unix_date */
2007-11-29 13:24:14 -08:00
if ( pdata_end - base < 27 ) {
return pdata_end - base ;
}
2006-08-24 16:44:00 +00:00
finfo - > ctime_ts = convert_time_t_to_timespec ( cli_make_unix_date2 ( cli , p + 4 ) ) ;
finfo - > atime_ts = convert_time_t_to_timespec ( cli_make_unix_date2 ( cli , p + 8 ) ) ;
finfo - > mtime_ts = convert_time_t_to_timespec ( cli_make_unix_date2 ( cli , p + 12 ) ) ;
2002-12-10 23:44:33 +00:00
finfo - > size = IVAL ( p , 16 ) ;
2001-07-07 21:23:32 +00:00
finfo - > mode = CVAL ( p , 24 ) ;
len = CVAL ( p , 26 ) ;
p + = 27 ;
p + = clistr_align_in ( cli , p , 0 ) ;
2008-02-08 19:02:49 -08:00
/* We can safely use +1 here (which is required by OS/2)
* instead of + 2 as the STR_TERMINATE flag below is
* actually used as the length calculation .
* The len + 2 is merely an upper bound .
2008-02-08 22:02:00 -08:00
* Due to the explicit 2 byte null termination
* in cli_receive_trans / cli_receive_nt_trans
* we know this is safe . JRA + kukks
*/
2008-02-08 19:02:49 -08:00
if ( p + len + 1 > pdata_end ) {
2007-11-29 13:24:14 -08:00
return pdata_end - base ;
}
2008-02-08 19:02:49 -08:00
2002-07-15 10:35:28 +00:00
/* the len+2 below looks strange but it is
important to cope with the differences
between win2000 and win9x for this call
( tridge ) */
2007-12-06 10:10:16 -08:00
ret = clistr_pull_talloc ( ctx ,
cli ,
& finfo - > name ,
p ,
len + 2 ,
STR_TERMINATE ) ;
if ( ret = = ( size_t ) - 1 ) {
return pdata_end - base ;
}
p + = ret ;
2001-07-07 21:23:32 +00:00
return PTR_DIFF ( p , base ) ;
2000-04-25 14:04:06 +00:00
case 2 : /* this is what OS/2 uses mostly */
2001-07-07 21:23:32 +00:00
/* these dates are converted to GMT by
make_unix_date */
2007-11-29 13:24:14 -08:00
if ( pdata_end - base < 31 ) {
return pdata_end - base ;
}
2006-08-24 16:44:00 +00:00
finfo - > ctime_ts = convert_time_t_to_timespec ( cli_make_unix_date2 ( cli , p + 4 ) ) ;
finfo - > atime_ts = convert_time_t_to_timespec ( cli_make_unix_date2 ( cli , p + 8 ) ) ;
finfo - > mtime_ts = convert_time_t_to_timespec ( cli_make_unix_date2 ( cli , p + 12 ) ) ;
2002-12-10 23:44:33 +00:00
finfo - > size = IVAL ( p , 16 ) ;
2001-07-07 21:23:32 +00:00
finfo - > mode = CVAL ( p , 24 ) ;
len = CVAL ( p , 30 ) ;
p + = 31 ;
2001-08-24 04:53:39 +00:00
/* check for unisys! */
2007-11-29 13:24:14 -08:00
if ( p + len + 1 > pdata_end ) {
return pdata_end - base ;
}
2007-12-06 10:10:16 -08:00
ret = clistr_pull_talloc ( ctx ,
cli ,
& finfo - > name ,
p ,
len ,
STR_NOALIGN ) ;
if ( ret = = ( size_t ) - 1 ) {
return pdata_end - base ;
}
p + = ret ;
2001-07-07 21:23:32 +00:00
return PTR_DIFF ( p , base ) + 1 ;
2007-11-29 13:24:14 -08:00
2000-04-25 14:04:06 +00:00
case 260 : /* NT uses this, but also accepts 2 */
2001-07-07 21:23:32 +00:00
{
2003-10-29 21:28:00 +00:00
size_t namelen , slen ;
2007-11-29 13:24:14 -08:00
if ( pdata_end - base < 94 ) {
return pdata_end - base ;
}
2001-07-07 21:23:32 +00:00
p + = 4 ; /* next entry offset */
2005-05-26 19:39:40 +00:00
2005-05-31 19:06:52 +00:00
if ( p_resume_key ) {
* p_resume_key = IVAL ( p , 0 ) ;
}
2001-07-07 21:23:32 +00:00
p + = 4 ; /* fileindex */
2007-11-29 13:24:14 -08:00
2006-08-23 22:33:50 +00:00
/* Offset zero is "create time", not "change time". */
2003-07-30 18:57:37 +00:00
p + = 8 ;
2006-08-24 16:44:00 +00:00
finfo - > atime_ts = interpret_long_date ( p ) ;
2003-07-30 18:57:37 +00:00
p + = 8 ;
2006-08-24 16:44:00 +00:00
finfo - > mtime_ts = interpret_long_date ( p ) ;
2003-07-30 18:57:37 +00:00
p + = 8 ;
2006-08-24 16:44:00 +00:00
finfo - > ctime_ts = interpret_long_date ( p ) ;
2003-07-30 18:57:37 +00:00
p + = 8 ;
finfo - > size = IVAL2_TO_SMB_BIG_UINT ( p , 0 ) ;
p + = 8 ;
2001-07-07 21:23:32 +00:00
p + = 8 ; /* alloc size */
2003-07-30 18:57:37 +00:00
finfo - > mode = CVAL ( p , 0 ) ;
p + = 4 ;
namelen = IVAL ( p , 0 ) ;
p + = 4 ;
2001-07-07 21:23:32 +00:00
p + = 4 ; /* EA size */
slen = SVAL ( p , 0 ) ;
2007-11-29 13:24:14 -08:00
if ( slen > 24 ) {
/* Bad short name length. */
return pdata_end - base ;
}
p + = 2 ;
2001-07-07 21:23:32 +00:00
{
/* stupid NT bugs. grr */
int flags = 0 ;
if ( p [ 1 ] = = 0 & & namelen > 1 ) flags | = STR_UNICODE ;
clistr_pull ( cli , finfo - > short_name , p ,
sizeof ( finfo - > short_name ) ,
2001-08-24 04:53:39 +00:00
slen , flags ) ;
2000-04-25 14:04:06 +00:00
}
2007-11-29 13:24:14 -08:00
p + = 24 ; /* short name? */
if ( p + namelen < p | | p + namelen > pdata_end ) {
return pdata_end - base ;
}
2007-12-06 10:10:16 -08:00
ret = clistr_pull_talloc ( ctx ,
cli ,
& finfo - > name ,
p ,
namelen ,
0 ) ;
if ( ret = = ( size_t ) - 1 ) {
return pdata_end - base ;
}
2005-05-31 19:06:52 +00:00
/* To be robust in the face of unicode conversion failures
we need to copy the raw bytes of the last name seen here .
Namelen doesn ' t include the terminating unicode null , so
copy it here . */
2007-11-29 13:24:14 -08:00
if ( p_last_name_raw ) {
* p_last_name_raw = data_blob ( NULL , namelen + 2 ) ;
memcpy ( p_last_name_raw - > data , p , namelen ) ;
SSVAL ( p_last_name_raw - > data , namelen , 0 ) ;
2005-05-31 19:06:52 +00:00
}
2007-11-29 13:24:14 -08:00
return calc_next_entry_offset ( base , pdata_end ) ;
2001-07-07 21:23:32 +00:00
}
2002-09-25 15:19:00 +00:00
}
2007-11-29 13:24:14 -08:00
2000-04-25 14:04:06 +00:00
DEBUG ( 1 , ( " Unknown long filename format %d \n " , level ) ) ;
2007-11-29 13:24:14 -08:00
return calc_next_entry_offset ( base , pdata_end ) ;
2000-04-25 14:04:06 +00:00
}
/****************************************************************************
2002-09-25 15:19:00 +00:00
Do a directory listing , calling fn on each file found .
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
2007-11-29 13:24:14 -08:00
int cli_list_new ( struct cli_state * cli , const char * Mask , uint16 attribute ,
2005-02-26 14:42:55 +00:00
void ( * fn ) ( const char * , file_info * , const char * , void * ) , void * state )
2000-04-25 14:04:06 +00:00
{
2006-02-03 22:19:41 +00:00
# if 1
int max_matches = 1366 ; /* Match W2k - was 512. */
# else
int max_matches = 512 ;
# endif
2001-02-26 06:53:42 +00:00
int info_level ;
2007-11-29 13:24:14 -08:00
char * p , * p2 , * rdata_end ;
char * mask = NULL ;
2000-04-25 14:04:06 +00:00
file_info finfo ;
int i ;
r13915: Fixed a very interesting class of realloc() bugs found by Coverity.
realloc can return NULL in one of two cases - (1) the realloc failed,
(2) realloc succeeded but the new size requested was zero, in which
case this is identical to a free() call.
The error paths dealing with these two cases should be different,
but mostly weren't. Secondly the standard idiom for dealing with
realloc when you know the new size is non-zero is the following :
tmp = realloc(p, size);
if (!tmp) {
SAFE_FREE(p);
return error;
} else {
p = tmp;
}
However, there were *many* *many* places in Samba where we were
using the old (broken) idiom of :
p = realloc(p, size)
if (!p) {
return error;
}
which will leak the memory pointed to by p on realloc fail.
This commit (hopefully) fixes all these cases by moving to
a standard idiom of :
p = SMB_REALLOC(p, size)
if (!p) {
return error;
}
Where if the realloc returns null due to the realloc failing
or size == 0 we *guarentee* that the storage pointed to by p
has been freed. This allows me to remove a lot of code that
was dealing with the standard (more verbose) method that required
a tmp pointer. This is almost always what you want. When a
realloc fails you never usually want the old memory, you
want to free it and get into your error processing asap.
For the 11 remaining cases where we really do need to keep the
old pointer I have invented the new macro SMB_REALLOC_KEEP_OLD_ON_ERROR,
which can be used as follows :
tmp = SMB_REALLOC_KEEP_OLD_ON_ERROR(p, size);
if (!tmp) {
SAFE_FREE(p);
return error;
} else {
p = tmp;
}
SMB_REALLOC_KEEP_OLD_ON_ERROR guarentees never to free the
pointer p, even on size == 0 or realloc fail. All this is
done by a hidden extra argument to Realloc(), BOOL free_old_on_error
which is set appropriately by the SMB_REALLOC and SMB_REALLOC_KEEP_OLD_ON_ERROR
macros (and their array counterparts).
It remains to be seen what this will do to our Coverity bug count :-).
Jeremy.
(This used to be commit 1d710d06a214f3f1740e80e0bffd6aab44aac2b0)
2006-03-07 06:31:04 +00:00
char * dirlist = NULL ;
2000-04-25 14:04:06 +00:00
int dirlist_len = 0 ;
int total_received = - 1 ;
2007-10-18 17:40:25 -07:00
bool First = True ;
2000-04-25 14:04:06 +00:00
int ff_searchcount = 0 ;
int ff_eos = 0 ;
int ff_dir_handle = 0 ;
int loop_count = 0 ;
char * rparam = NULL , * rdata = NULL ;
2007-11-29 13:24:14 -08:00
unsigned int param_len , data_len ;
2000-04-25 14:04:06 +00:00
uint16 setup ;
2007-12-05 16:56:19 -08:00
char * param ;
2005-03-23 03:55:02 +00:00
const char * mnt ;
2005-05-26 19:39:40 +00:00
uint32 resume_key = 0 ;
2007-12-06 10:10:16 -08:00
TALLOC_CTX * frame = talloc_stackframe ( ) ;
2007-11-29 13:24:14 -08:00
DATA_BLOB last_name_raw = data_blob ( NULL , 0 ) ;
2001-02-25 23:46:28 +00:00
2001-02-26 06:53:42 +00:00
/* NT uses 260, OS/2 uses 2. Both accept 1. */
info_level = ( cli - > capabilities & CAP_NT_SMBS ) ? 260 : 1 ;
2007-11-29 13:24:14 -08:00
mask = SMB_STRDUP ( Mask ) ;
if ( ! mask ) {
2007-12-06 10:10:16 -08:00
TALLOC_FREE ( frame ) ;
2007-11-29 13:24:14 -08:00
return - 1 ;
}
2000-04-25 14:04:06 +00:00
while ( ff_eos = = 0 ) {
2007-12-05 16:56:19 -08:00
size_t nlen = 2 * ( strlen ( mask ) + 1 ) ;
2000-04-25 14:04:06 +00:00
loop_count + + ;
if ( loop_count > 200 ) {
DEBUG ( 0 , ( " Error: Looping in FIND_NEXT?? \n " ) ) ;
break ;
}
2007-12-08 11:21:08 +01:00
param = SMB_MALLOC_ARRAY ( char , 12 + nlen + last_name_raw . length + 2 ) ;
2007-12-05 16:56:19 -08:00
if ( ! param ) {
break ;
}
2000-04-25 14:04:06 +00:00
if ( First ) {
setup = TRANSACT2_FINDFIRST ;
SSVAL ( param , 0 , attribute ) ; /* attribute */
SSVAL ( param , 2 , max_matches ) ; /* max count */
2005-03-10 02:00:24 +00:00
SSVAL ( param , 4 , ( FLAG_TRANS2_FIND_REQUIRE_RESUME | FLAG_TRANS2_FIND_CLOSE_IF_END ) ) ; /* resume required + close on end */
2007-11-29 13:24:14 -08:00
SSVAL ( param , 6 , info_level ) ;
2000-04-25 14:04:06 +00:00
SIVAL ( param , 8 , 0 ) ;
2001-03-14 12:42:43 +00:00
p = param + 12 ;
2007-12-05 16:56:19 -08:00
p + = clistr_push ( cli , param + 12 , mask ,
nlen , STR_TERMINATE ) ;
2000-04-25 14:04:06 +00:00
} else {
setup = TRANSACT2_FINDNEXT ;
SSVAL ( param , 0 , ff_dir_handle ) ;
SSVAL ( param , 2 , max_matches ) ; /* max count */
2007-11-29 13:24:14 -08:00
SSVAL ( param , 4 , info_level ) ;
2005-05-26 19:39:40 +00:00
/* For W2K servers serving out FAT filesystems we *must* set the
resume key . If it ' s not FAT then it ' s returned as zero . */
SIVAL ( param , 6 , resume_key ) ; /* ff_resume_key */
2005-03-10 02:00:24 +00:00
/* NB. *DON'T* use continue here. If you do it seems that W2K and bretheren
can miss filenames . Use last filename continue instead . JRA */
2005-03-22 20:54:19 +00:00
SSVAL ( param , 10 , ( FLAG_TRANS2_FIND_REQUIRE_RESUME | FLAG_TRANS2_FIND_CLOSE_IF_END ) ) ; /* resume required + close on end */
2001-03-14 12:42:43 +00:00
p = param + 12 ;
2007-12-05 16:56:19 -08:00
if ( last_name_raw . length ) {
2007-11-29 13:24:14 -08:00
memcpy ( p , last_name_raw . data , last_name_raw . length ) ;
p + = last_name_raw . length ;
2005-05-31 19:06:52 +00:00
} else {
2007-12-05 16:56:19 -08:00
p + = clistr_push ( cli , param + 12 , mask ,
nlen , STR_TERMINATE ) ;
2005-05-31 19:06:52 +00:00
}
2000-04-25 14:04:06 +00:00
}
2001-03-14 12:42:43 +00:00
param_len = PTR_DIFF ( p , param ) ;
2007-11-29 13:24:14 -08:00
if ( ! cli_send_trans ( cli , SMBtrans2 ,
2001-02-20 10:11:40 +00:00
NULL , /* Name */
2000-04-25 14:04:06 +00:00
- 1 , 0 , /* fid, flags */
& setup , 1 , 0 , /* setup, length, max */
param , param_len , 10 , /* param, length, max */
2007-11-29 13:24:14 -08:00
NULL , 0 ,
2003-08-02 00:29:45 +00:00
#if 0
/* w2k value. */
MIN ( 16384 , cli - > max_xmit ) /* data, length, max. */
# else
cli - > max_xmit /* data, length, max. */
# endif
2000-04-25 14:04:06 +00:00
) ) {
2007-12-05 16:56:19 -08:00
SAFE_FREE ( param ) ;
2007-12-06 10:10:16 -08:00
TALLOC_FREE ( frame ) ;
2000-04-25 14:04:06 +00:00
break ;
}
2007-12-05 16:56:19 -08:00
SAFE_FREE ( param ) ;
2007-11-29 13:24:14 -08:00
if ( ! cli_receive_trans ( cli , SMBtrans2 ,
2000-04-25 14:04:06 +00:00
& rparam , & param_len ,
2001-08-10 06:00:33 +00:00
& rdata , & data_len ) & &
cli_is_dos_error ( cli ) ) {
2008-02-28 02:22:13 -08:00
/* We need to work around a Win95 bug - sometimes
2000-04-25 14:04:06 +00:00
it gives ERRSRV / ERRerror temprarily */
uint8 eclass ;
uint32 ecode ;
2005-12-16 00:10:59 +00:00
SAFE_FREE ( rdata ) ;
SAFE_FREE ( rparam ) ;
2001-08-10 06:00:33 +00:00
cli_dos_error ( cli , & eclass , & ecode ) ;
2008-02-28 02:22:13 -08:00
/*
* OS / 2 might return " no more files " ,
* which just tells us , that searchcount is zero
* in this search .
* Guenter Kukkukk < linux @ kukkukk . com >
*/
if ( eclass = = ERRDOS & & ecode = = ERRnofiles ) {
ff_searchcount = 0 ;
cli_reset_error ( cli ) ;
break ;
}
2003-07-30 18:57:37 +00:00
if ( eclass ! = ERRSRV | | ecode ! = ERRerror )
break ;
2004-02-23 02:54:03 +00:00
smb_msleep ( 100 ) ;
2000-04-25 14:04:06 +00:00
continue ;
}
2005-12-16 00:10:59 +00:00
if ( cli_is_error ( cli ) | | ! rdata | | ! rparam ) {
SAFE_FREE ( rdata ) ;
SAFE_FREE ( rparam ) ;
2001-08-22 02:47:38 +00:00
break ;
2005-12-16 00:10:59 +00:00
}
2001-08-12 23:53:26 +00:00
2003-07-30 18:57:37 +00:00
if ( total_received = = - 1 )
total_received = 0 ;
2000-04-25 14:04:06 +00:00
/* parse out some important return info */
p = rparam ;
if ( First ) {
ff_dir_handle = SVAL ( p , 0 ) ;
ff_searchcount = SVAL ( p , 2 ) ;
ff_eos = SVAL ( p , 4 ) ;
} else {
ff_searchcount = SVAL ( p , 0 ) ;
ff_eos = SVAL ( p , 2 ) ;
}
2005-12-16 00:10:59 +00:00
if ( ff_searchcount = = 0 ) {
SAFE_FREE ( rdata ) ;
SAFE_FREE ( rparam ) ;
2000-04-25 14:04:06 +00:00
break ;
2005-12-16 00:10:59 +00:00
}
2000-04-25 14:04:06 +00:00
/* point to the data bytes */
p = rdata ;
2007-11-29 13:24:14 -08:00
rdata_end = rdata + data_len ;
2000-04-25 14:04:06 +00:00
2005-03-22 21:43:51 +00:00
/* we might need the lastname for continuations */
2007-11-29 13:24:14 -08:00
for ( p2 = p , i = 0 ; i < ff_searchcount & & p2 < rdata_end ; i + + ) {
2005-03-23 03:55:02 +00:00
if ( ( info_level = = 260 ) & & ( i = = ff_searchcount - 1 ) ) {
/* Last entry - fixup the last offset length. */
SIVAL ( p2 , 0 , PTR_DIFF ( ( rdata + data_len ) , p2 ) ) ;
}
2007-12-06 10:10:16 -08:00
p2 + = interpret_long_filename ( frame ,
cli ,
2007-11-29 13:24:14 -08:00
info_level ,
p2 ,
rdata_end ,
& finfo ,
& resume_key ,
& last_name_raw ) ;
2005-06-01 00:00:07 +00:00
2008-02-08 18:44:33 -08:00
if ( ! finfo . name ) {
DEBUG ( 0 , ( " cli_list_new: Error: unable to parse name from info level %d \n " ,
info_level ) ) ;
ff_eos = 1 ;
break ;
}
2005-06-01 00:00:07 +00:00
if ( ! First & & * mask & & strcsequal ( finfo . name , mask ) ) {
DEBUG ( 0 , ( " Error: Looping in FIND_NEXT as name %s has already been seen? \n " ,
finfo . name ) ) ;
ff_eos = 1 ;
break ;
}
2005-03-09 00:06:27 +00:00
}
2000-04-25 14:04:06 +00:00
2007-11-29 13:24:14 -08:00
SAFE_FREE ( mask ) ;
2006-06-02 00:52:11 +00:00
if ( ff_searchcount > 0 ) {
2007-11-29 13:24:14 -08:00
mask = SMB_STRDUP ( finfo . name ) ;
2005-03-09 00:06:27 +00:00
} else {
2007-11-29 13:24:14 -08:00
mask = SMB_STRDUP ( " " ) ;
}
if ( ! mask ) {
SAFE_FREE ( rdata ) ;
SAFE_FREE ( rparam ) ;
break ;
2005-03-09 00:06:27 +00:00
}
2000-04-25 14:04:06 +00:00
/* grab the data for later use */
2005-03-22 22:04:01 +00:00
/* and add them to the dirlist pool */
2006-07-31 03:53:39 +00:00
dirlist = ( char * ) SMB_REALLOC ( dirlist , dirlist_len + data_len ) ;
2005-03-22 22:04:01 +00:00
r13915: Fixed a very interesting class of realloc() bugs found by Coverity.
realloc can return NULL in one of two cases - (1) the realloc failed,
(2) realloc succeeded but the new size requested was zero, in which
case this is identical to a free() call.
The error paths dealing with these two cases should be different,
but mostly weren't. Secondly the standard idiom for dealing with
realloc when you know the new size is non-zero is the following :
tmp = realloc(p, size);
if (!tmp) {
SAFE_FREE(p);
return error;
} else {
p = tmp;
}
However, there were *many* *many* places in Samba where we were
using the old (broken) idiom of :
p = realloc(p, size)
if (!p) {
return error;
}
which will leak the memory pointed to by p on realloc fail.
This commit (hopefully) fixes all these cases by moving to
a standard idiom of :
p = SMB_REALLOC(p, size)
if (!p) {
return error;
}
Where if the realloc returns null due to the realloc failing
or size == 0 we *guarentee* that the storage pointed to by p
has been freed. This allows me to remove a lot of code that
was dealing with the standard (more verbose) method that required
a tmp pointer. This is almost always what you want. When a
realloc fails you never usually want the old memory, you
want to free it and get into your error processing asap.
For the 11 remaining cases where we really do need to keep the
old pointer I have invented the new macro SMB_REALLOC_KEEP_OLD_ON_ERROR,
which can be used as follows :
tmp = SMB_REALLOC_KEEP_OLD_ON_ERROR(p, size);
if (!tmp) {
SAFE_FREE(p);
return error;
} else {
p = tmp;
}
SMB_REALLOC_KEEP_OLD_ON_ERROR guarentees never to free the
pointer p, even on size == 0 or realloc fail. All this is
done by a hidden extra argument to Realloc(), BOOL free_old_on_error
which is set appropriately by the SMB_REALLOC and SMB_REALLOC_KEEP_OLD_ON_ERROR
macros (and their array counterparts).
It remains to be seen what this will do to our Coverity bug count :-).
Jeremy.
(This used to be commit 1d710d06a214f3f1740e80e0bffd6aab44aac2b0)
2006-03-07 06:31:04 +00:00
if ( ! dirlist ) {
2005-03-22 22:04:01 +00:00
DEBUG ( 0 , ( " cli_list_new: Failed to expand dirlist \n " ) ) ;
2005-12-16 00:10:59 +00:00
SAFE_FREE ( rdata ) ;
SAFE_FREE ( rparam ) ;
2005-03-22 22:04:01 +00:00
break ;
}
2000-04-25 14:04:06 +00:00
memcpy ( dirlist + dirlist_len , p , data_len ) ;
dirlist_len + = data_len ;
total_received + = ff_searchcount ;
2001-09-17 03:33:37 +00:00
SAFE_FREE ( rdata ) ;
SAFE_FREE ( rparam ) ;
2000-04-25 14:04:06 +00:00
DEBUG ( 3 , ( " received %d entries (eos=%d) \n " ,
ff_searchcount , ff_eos ) ) ;
2003-07-30 18:57:37 +00:00
if ( ff_searchcount > 0 )
loop_count = 0 ;
2000-04-25 14:04:06 +00:00
First = False ;
}
2005-03-23 03:55:02 +00:00
mnt = cli_cm_get_mntpoint ( cli ) ;
2006-09-03 00:50:34 +00:00
/* see if the server disconnected or the connection otherwise failed */
if ( cli_is_error ( cli ) ) {
total_received = - 1 ;
} else {
/* no connection problem. let user function add each entry */
2007-11-29 13:24:14 -08:00
rdata_end = dirlist + dirlist_len ;
2006-09-03 00:50:34 +00:00
for ( p = dirlist , i = 0 ; i < total_received ; i + + ) {
2007-12-06 10:10:16 -08:00
p + = interpret_long_filename ( frame ,
cli ,
2007-11-29 13:24:14 -08:00
info_level ,
p ,
rdata_end ,
& finfo ,
NULL ,
NULL ) ;
2008-02-08 18:44:33 -08:00
if ( ! finfo . name ) {
DEBUG ( 0 , ( " cli_list_new: unable to parse name from info level %d \n " ,
info_level ) ) ;
break ;
}
2007-12-06 10:10:16 -08:00
fn ( mnt , & finfo , Mask , state ) ;
2006-09-03 00:50:34 +00:00
}
}
2000-04-25 14:04:06 +00:00
2005-05-31 19:06:52 +00:00
/* free up the dirlist buffer and last name raw blob */
2001-09-17 03:33:37 +00:00
SAFE_FREE ( dirlist ) ;
2005-05-31 19:06:52 +00:00
data_blob_free ( & last_name_raw ) ;
2007-11-29 13:24:14 -08:00
SAFE_FREE ( mask ) ;
2007-12-06 10:10:16 -08:00
TALLOC_FREE ( frame ) ;
2000-04-25 14:04:06 +00:00
return ( total_received ) ;
}
2000-04-30 12:34:26 +00:00
/****************************************************************************
2002-09-25 15:19:00 +00:00
Interpret a short filename structure .
The length of the structure is returned .
2000-04-30 12:34:26 +00:00
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
2002-09-25 15:19:00 +00:00
2008-02-08 11:22:53 -08:00
static bool interpret_short_filename ( TALLOC_CTX * ctx ,
2007-12-06 10:10:16 -08:00
struct cli_state * cli ,
char * p ,
file_info * finfo )
2000-04-30 12:34:26 +00:00
{
2008-02-08 11:22:53 -08:00
size_t ret ;
2007-12-06 10:10:16 -08:00
ZERO_STRUCTP ( finfo ) ;
2000-04-30 12:34:26 +00:00
2007-03-08 23:54:57 +00:00
finfo - > cli = cli ;
2000-04-30 12:34:26 +00:00
finfo - > mode = CVAL ( p , 21 ) ;
2007-11-29 13:24:14 -08:00
2000-04-30 12:34:26 +00:00
/* this date is converted to GMT by make_unix_date */
2006-08-24 16:44:00 +00:00
finfo - > ctime_ts . tv_sec = cli_make_unix_date ( cli , p + 22 ) ;
finfo - > ctime_ts . tv_nsec = 0 ;
finfo - > mtime_ts . tv_sec = finfo - > atime_ts . tv_sec = finfo - > ctime_ts . tv_sec ;
finfo - > mtime_ts . tv_nsec = finfo - > atime_ts . tv_nsec = 0 ;
2002-12-10 23:44:33 +00:00
finfo - > size = IVAL ( p , 26 ) ;
2008-02-08 11:22:53 -08:00
ret = clistr_pull_talloc ( ctx ,
2007-12-06 10:10:16 -08:00
cli ,
& finfo - > name ,
p + 30 ,
12 ,
STR_ASCII ) ;
2008-02-08 11:22:53 -08:00
if ( ret = = ( size_t ) - 1 ) {
return false ;
2003-01-15 17:22:48 +00:00
}
2003-01-15 18:57:41 +00:00
2008-02-08 11:22:53 -08:00
if ( finfo - > name ) {
strlcpy ( finfo - > short_name ,
finfo - > name ,
sizeof ( finfo - > short_name ) ) ;
}
return true ;
2000-04-30 12:34:26 +00:00
return ( DIR_STRUCT_SIZE ) ;
}
/****************************************************************************
2002-09-25 15:19:00 +00:00
Do a directory listing , calling fn on each file found .
this uses the old SMBsearch interface . It is needed for testing Samba ,
but should otherwise not be used .
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
2007-11-29 13:24:14 -08:00
int cli_list_old ( struct cli_state * cli , const char * Mask , uint16 attribute ,
2005-02-26 14:42:55 +00:00
void ( * fn ) ( const char * , file_info * , const char * , void * ) , void * state )
2000-04-30 12:34:26 +00:00
{
char * p ;
int received = 0 ;
2007-10-18 17:40:25 -07:00
bool first = True ;
2000-04-30 12:34:26 +00:00
char status [ 21 ] ;
int num_asked = ( cli - > max_xmit - 100 ) / DIR_STRUCT_SIZE ;
int num_received = 0 ;
int i ;
r13915: Fixed a very interesting class of realloc() bugs found by Coverity.
realloc can return NULL in one of two cases - (1) the realloc failed,
(2) realloc succeeded but the new size requested was zero, in which
case this is identical to a free() call.
The error paths dealing with these two cases should be different,
but mostly weren't. Secondly the standard idiom for dealing with
realloc when you know the new size is non-zero is the following :
tmp = realloc(p, size);
if (!tmp) {
SAFE_FREE(p);
return error;
} else {
p = tmp;
}
However, there were *many* *many* places in Samba where we were
using the old (broken) idiom of :
p = realloc(p, size)
if (!p) {
return error;
}
which will leak the memory pointed to by p on realloc fail.
This commit (hopefully) fixes all these cases by moving to
a standard idiom of :
p = SMB_REALLOC(p, size)
if (!p) {
return error;
}
Where if the realloc returns null due to the realloc failing
or size == 0 we *guarentee* that the storage pointed to by p
has been freed. This allows me to remove a lot of code that
was dealing with the standard (more verbose) method that required
a tmp pointer. This is almost always what you want. When a
realloc fails you never usually want the old memory, you
want to free it and get into your error processing asap.
For the 11 remaining cases where we really do need to keep the
old pointer I have invented the new macro SMB_REALLOC_KEEP_OLD_ON_ERROR,
which can be used as follows :
tmp = SMB_REALLOC_KEEP_OLD_ON_ERROR(p, size);
if (!tmp) {
SAFE_FREE(p);
return error;
} else {
p = tmp;
}
SMB_REALLOC_KEEP_OLD_ON_ERROR guarentees never to free the
pointer p, even on size == 0 or realloc fail. All this is
done by a hidden extra argument to Realloc(), BOOL free_old_on_error
which is set appropriately by the SMB_REALLOC and SMB_REALLOC_KEEP_OLD_ON_ERROR
macros (and their array counterparts).
It remains to be seen what this will do to our Coverity bug count :-).
Jeremy.
(This used to be commit 1d710d06a214f3f1740e80e0bffd6aab44aac2b0)
2006-03-07 06:31:04 +00:00
char * dirlist = NULL ;
2007-11-29 13:24:14 -08:00
char * mask = NULL ;
2007-12-06 10:10:16 -08:00
TALLOC_CTX * frame = NULL ;
2007-11-29 13:24:14 -08:00
2000-04-30 12:34:26 +00:00
ZERO_ARRAY ( status ) ;
2007-11-29 13:24:14 -08:00
mask = SMB_STRDUP ( Mask ) ;
if ( ! mask ) {
return - 1 ;
}
2000-04-30 12:34:26 +00:00
while ( 1 ) {
memset ( cli - > outbuf , ' \0 ' , smb_size ) ;
memset ( cli - > inbuf , ' \0 ' , smb_size ) ;
2007-12-26 17:12:36 -08:00
cli_set_message ( cli - > outbuf , 2 , 0 , True ) ;
2000-04-30 12:34:26 +00:00
2002-01-11 19:10:25 +00:00
SCVAL ( cli - > outbuf , smb_com , SMBsearch ) ;
2000-04-30 12:34:26 +00:00
SSVAL ( cli - > outbuf , smb_tid , cli - > cnum ) ;
cli_setup_packet ( cli ) ;
SSVAL ( cli - > outbuf , smb_vwv0 , num_asked ) ;
SSVAL ( cli - > outbuf , smb_vwv1 , attribute ) ;
2007-11-29 13:24:14 -08:00
2000-04-30 12:34:26 +00:00
p = smb_buf ( cli - > outbuf ) ;
* p + + = 4 ;
2007-11-29 13:24:14 -08:00
2007-12-06 10:10:16 -08:00
p + = clistr_push ( cli , p , first ? mask : " " ,
cli - > bufsize - PTR_DIFF ( p , cli - > outbuf ) ,
STR_TERMINATE ) ;
2000-04-30 12:34:26 +00:00
* p + + = 5 ;
if ( first ) {
SSVAL ( p , 0 , 0 ) ;
2001-02-21 03:40:20 +00:00
p + = 2 ;
2000-04-30 12:34:26 +00:00
} else {
SSVAL ( p , 0 , 21 ) ;
p + = 2 ;
memcpy ( p , status , 21 ) ;
2001-02-21 03:40:20 +00:00
p + = 21 ;
2000-04-30 12:34:26 +00:00
}
2001-02-21 03:40:20 +00:00
cli_setup_bcc ( cli , p ) ;
2000-04-30 12:34:26 +00:00
cli_send_smb ( cli ) ;
if ( ! cli_receive_smb ( cli ) ) break ;
received = SVAL ( cli - > inbuf , smb_vwv0 ) ;
if ( received < = 0 ) break ;
2008-02-08 11:22:53 -08:00
/* Ensure we received enough data. */
if ( ( cli - > inbuf + 4 + smb_len ( cli - > inbuf ) - ( smb_buf ( cli - > inbuf ) + 3 ) ) <
received * DIR_STRUCT_SIZE ) {
break ;
}
2000-04-30 12:34:26 +00:00
first = False ;
2006-07-31 03:53:39 +00:00
dirlist = ( char * ) SMB_REALLOC (
dirlist , ( num_received + received ) * DIR_STRUCT_SIZE ) ;
r13915: Fixed a very interesting class of realloc() bugs found by Coverity.
realloc can return NULL in one of two cases - (1) the realloc failed,
(2) realloc succeeded but the new size requested was zero, in which
case this is identical to a free() call.
The error paths dealing with these two cases should be different,
but mostly weren't. Secondly the standard idiom for dealing with
realloc when you know the new size is non-zero is the following :
tmp = realloc(p, size);
if (!tmp) {
SAFE_FREE(p);
return error;
} else {
p = tmp;
}
However, there were *many* *many* places in Samba where we were
using the old (broken) idiom of :
p = realloc(p, size)
if (!p) {
return error;
}
which will leak the memory pointed to by p on realloc fail.
This commit (hopefully) fixes all these cases by moving to
a standard idiom of :
p = SMB_REALLOC(p, size)
if (!p) {
return error;
}
Where if the realloc returns null due to the realloc failing
or size == 0 we *guarentee* that the storage pointed to by p
has been freed. This allows me to remove a lot of code that
was dealing with the standard (more verbose) method that required
a tmp pointer. This is almost always what you want. When a
realloc fails you never usually want the old memory, you
want to free it and get into your error processing asap.
For the 11 remaining cases where we really do need to keep the
old pointer I have invented the new macro SMB_REALLOC_KEEP_OLD_ON_ERROR,
which can be used as follows :
tmp = SMB_REALLOC_KEEP_OLD_ON_ERROR(p, size);
if (!tmp) {
SAFE_FREE(p);
return error;
} else {
p = tmp;
}
SMB_REALLOC_KEEP_OLD_ON_ERROR guarentees never to free the
pointer p, even on size == 0 or realloc fail. All this is
done by a hidden extra argument to Realloc(), BOOL free_old_on_error
which is set appropriately by the SMB_REALLOC and SMB_REALLOC_KEEP_OLD_ON_ERROR
macros (and their array counterparts).
It remains to be seen what this will do to our Coverity bug count :-).
Jeremy.
(This used to be commit 1d710d06a214f3f1740e80e0bffd6aab44aac2b0)
2006-03-07 06:31:04 +00:00
if ( ! dirlist ) {
2001-08-12 17:30:01 +00:00
DEBUG ( 0 , ( " cli_list_old: failed to expand dirlist " ) ) ;
2007-11-29 13:24:14 -08:00
SAFE_FREE ( mask ) ;
2000-04-30 12:34:26 +00:00
return 0 ;
2001-08-12 17:30:01 +00:00
}
2000-04-30 12:34:26 +00:00
p = smb_buf ( cli - > inbuf ) + 3 ;
memcpy ( dirlist + num_received * DIR_STRUCT_SIZE ,
p , received * DIR_STRUCT_SIZE ) ;
2007-11-29 13:24:14 -08:00
2000-04-30 12:34:26 +00:00
memcpy ( status , p + ( ( received - 1 ) * DIR_STRUCT_SIZE ) , 21 ) ;
2007-11-29 13:24:14 -08:00
2000-04-30 12:34:26 +00:00
num_received + = received ;
2007-11-29 13:24:14 -08:00
2001-09-05 11:32:59 +00:00
if ( cli_is_error ( cli ) ) break ;
2000-04-30 12:34:26 +00:00
}
if ( ! first ) {
memset ( cli - > outbuf , ' \0 ' , smb_size ) ;
memset ( cli - > inbuf , ' \0 ' , smb_size ) ;
2007-12-26 17:12:36 -08:00
cli_set_message ( cli - > outbuf , 2 , 0 , True ) ;
2002-01-11 19:10:25 +00:00
SCVAL ( cli - > outbuf , smb_com , SMBfclose ) ;
2000-04-30 12:34:26 +00:00
SSVAL ( cli - > outbuf , smb_tid , cli - > cnum ) ;
cli_setup_packet ( cli ) ;
2000-04-30 14:26:59 +00:00
SSVAL ( cli - > outbuf , smb_vwv0 , 0 ) ; /* find count? */
SSVAL ( cli - > outbuf , smb_vwv1 , attribute ) ;
2000-04-30 12:34:26 +00:00
p = smb_buf ( cli - > outbuf ) ;
* p + + = 4 ;
2000-04-30 14:26:59 +00:00
fstrcpy ( p , " " ) ;
2000-04-30 12:34:26 +00:00
p + = strlen ( p ) + 1 ;
* p + + = 5 ;
2000-04-30 14:26:59 +00:00
SSVAL ( p , 0 , 21 ) ;
2000-04-30 12:34:26 +00:00
p + = 2 ;
memcpy ( p , status , 21 ) ;
2001-02-21 03:40:20 +00:00
p + = 21 ;
2007-11-29 13:24:14 -08:00
2001-02-21 03:40:20 +00:00
cli_setup_bcc ( cli , p ) ;
2000-04-30 12:34:26 +00:00
cli_send_smb ( cli ) ;
if ( ! cli_receive_smb ( cli ) ) {
2001-09-05 11:32:59 +00:00
DEBUG ( 0 , ( " Error closing search: %s \n " , cli_errstr ( cli ) ) ) ;
2000-04-30 12:34:26 +00:00
}
}
2007-12-06 10:10:16 -08:00
frame = talloc_stackframe ( ) ;
2000-04-30 12:34:26 +00:00
for ( p = dirlist , i = 0 ; i < num_received ; i + + ) {
file_info finfo ;
2008-02-08 11:22:53 -08:00
if ( ! interpret_short_filename ( frame , cli , p , & finfo ) ) {
break ;
}
p + = DIR_STRUCT_SIZE ;
2005-02-26 14:42:55 +00:00
fn ( " \\ " , & finfo , Mask , state ) ;
2000-04-30 12:34:26 +00:00
}
2007-12-06 10:10:16 -08:00
TALLOC_FREE ( frame ) ;
2000-04-30 12:34:26 +00:00
2007-11-29 13:24:14 -08:00
SAFE_FREE ( mask ) ;
2001-09-17 03:33:37 +00:00
SAFE_FREE ( dirlist ) ;
2000-04-30 12:34:26 +00:00
return ( num_received ) ;
}
2001-02-26 05:10:44 +00:00
/****************************************************************************
2002-09-25 15:19:00 +00:00
Do a directory listing , calling fn on each file found .
This auto - switches between old and new style .
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
2007-11-29 13:24:14 -08:00
int cli_list ( struct cli_state * cli , const char * Mask , uint16 attribute ,
2005-02-26 14:42:55 +00:00
void ( * fn ) ( const char * , file_info * , const char * , void * ) , void * state )
2001-02-26 05:10:44 +00:00
{
2002-09-25 15:19:00 +00:00
if ( cli - > protocol < = PROTOCOL_LANMAN1 )
2001-02-26 05:10:44 +00:00
return cli_list_old ( cli , Mask , attribute , fn , state ) ;
return cli_list_new ( cli , Mask , attribute , fn , state ) ;
}