1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-23 17:34:34 +03:00

Lots of fixes for error paths where tdb_fetch() data need freeing.

Found via a post from Arcady Chernyak <Arcady.Chernyak@efi.com>.
Jeremy.
(This used to be commit 19f86f1f72)
This commit is contained in:
Jeremy Allison 2002-11-23 02:52:38 +00:00
parent 823f8507cb
commit f023d6129b
14 changed files with 112 additions and 58 deletions

View File

@ -498,8 +498,9 @@ BOOL remove_privilege(PRIVILEGE_SET *priv_set, LUID_ATTR set)
}
/****************************************************************************
return the sid and the type of the unix group
Return the sid and the type of the unix group.
****************************************************************************/
BOOL get_group_map_from_sid(DOM_SID sid, GROUP_MAP *map, BOOL with_priv)
{
TDB_DATA kbuf, dbuf;
@ -523,7 +524,8 @@ BOOL get_group_map_from_sid(DOM_SID sid, GROUP_MAP *map, BOOL with_priv)
kbuf.dsize = strlen(key)+1;
dbuf = tdb_fetch(tdb, kbuf);
if (!dbuf.dptr) return False;
if (!dbuf.dptr)
return False;
ret = tdb_unpack(dbuf.dptr, dbuf.dsize, "ddffd",
&map->gid, &map->sid_name_use, &map->nt_name, &map->comment, &map->systemaccount);
@ -559,10 +561,10 @@ BOOL get_group_map_from_sid(DOM_SID sid, GROUP_MAP *map, BOOL with_priv)
return True;
}
/****************************************************************************
return the sid and the type of the unix group
Return the sid and the type of the unix group.
****************************************************************************/
BOOL get_group_map_from_gid(gid_t gid, GROUP_MAP *map, BOOL with_priv)
{
TDB_DATA kbuf, dbuf, newkey;
@ -585,7 +587,8 @@ BOOL get_group_map_from_gid(gid_t gid, GROUP_MAP *map, BOOL with_priv)
if (strncmp(kbuf.dptr, GROUP_PREFIX, strlen(GROUP_PREFIX)) != 0) continue;
dbuf = tdb_fetch(tdb, kbuf);
if (!dbuf.dptr) continue;
if (!dbuf.dptr)
continue;
fstrcpy(string_sid, kbuf.dptr+strlen(GROUP_PREFIX));
@ -624,8 +627,9 @@ BOOL get_group_map_from_gid(gid_t gid, GROUP_MAP *map, BOOL with_priv)
}
/****************************************************************************
return the sid and the type of the unix group
Return the sid and the type of the unix group.
****************************************************************************/
BOOL get_group_map_from_ntname(char *name, GROUP_MAP *map, BOOL with_priv)
{
TDB_DATA kbuf, dbuf, newkey;
@ -648,7 +652,8 @@ BOOL get_group_map_from_ntname(char *name, GROUP_MAP *map, BOOL with_priv)
if (strncmp(kbuf.dptr, GROUP_PREFIX, strlen(GROUP_PREFIX)) != 0) continue;
dbuf = tdb_fetch(tdb, kbuf);
if (!dbuf.dptr) continue;
if (!dbuf.dptr)
continue;
fstrcpy(string_sid, kbuf.dptr+strlen(GROUP_PREFIX));
@ -689,8 +694,9 @@ BOOL get_group_map_from_ntname(char *name, GROUP_MAP *map, BOOL with_priv)
}
/****************************************************************************
remove a group mapping entry
Remove a group mapping entry.
****************************************************************************/
BOOL group_map_remove(DOM_SID sid)
{
TDB_DATA kbuf, dbuf;
@ -711,7 +717,8 @@ BOOL group_map_remove(DOM_SID sid)
kbuf.dsize = strlen(key)+1;
dbuf = tdb_fetch(tdb, kbuf);
if (!dbuf.dptr) return False;
if (!dbuf.dptr)
return False;
SAFE_FREE(dbuf.dptr);
@ -721,10 +728,10 @@ BOOL group_map_remove(DOM_SID sid)
return True;
}
/****************************************************************************
enumerate the group mapping
Enumerate the group mapping.
****************************************************************************/
BOOL enum_group_mapping(enum SID_NAME_USE sid_name_use, GROUP_MAP **rmap,
int *num_entries, BOOL unix_only, BOOL with_priv)
{

View File

@ -176,7 +176,8 @@ const char *lang_msg(const char *msgid)
/* if the message isn't found then we still need to return a pointer
that can be freed. Pity. */
if (!data.dptr) return strdup(msgid);
if (!data.dptr)
return strdup(msgid);
return (const char *)data.dptr;
}

View File

@ -238,16 +238,18 @@ BOOL gencache_get(const char *keystr, char **valstr, time_t *timeout)
/* fail completely if get null pointers passed */
SMB_ASSERT(keystr && valstr && timeout);
if (!gencache_init()) return False;
if (!gencache_init())
return False;
keybuf.dptr = strdup(keystr);
keybuf.dsize = strlen(keystr);
databuf = tdb_fetch(cache, keybuf);
if (databuf.dptr) {
if (databuf.dptr && databuf.dsize > TIMEOUT_LEN) {
char* entry_buf = strndup(databuf.dptr, databuf.dsize);
*valstr = (char*)malloc(sizeof(char) * (databuf.dsize - TIMEOUT_LEN));
SAFE_FREE(databuf.dptr);
sscanf(entry_buf, CACHE_DATA_FMT, (int*)timeout, *valstr);
SAFE_FREE(entry_buf);
@ -256,6 +258,7 @@ BOOL gencache_get(const char *keystr, char **valstr, time_t *timeout)
ctime(timeout)));
return *timeout > time(NULL);
} else {
SAFE_FREE(databuf.dptr);
*valstr = NULL;
timeout = NULL;
DEBUG(10, ("Cache entry with key = %s couldn't be found\n", keystr));
@ -300,7 +303,12 @@ void gencache_iterate(void (*fn)(const char* key, const char *value, time_t time
* all of the entries. Validity verification is up to fn routine.
*/
databuf = tdb_fetch(cache, node->node_key);
if (!databuf.dptr || databuf.dsize <= TIMEOUT_LEN) {
SAFE_FREE(databuf.dptr);
continue;
}
entry = strndup(databuf.dptr, databuf.dsize);
SAFE_FREE(databuf.dptr);
valstr = (char*)malloc(sizeof(char) * (databuf.dsize - TIMEOUT_LEN));
sscanf(entry, CACHE_DATA_FMT, (int*)(&timeout), valstr);
@ -315,5 +323,3 @@ void gencache_iterate(void (*fn)(const char* key, const char *value, time_t time
tdb_search_list_free(first_node);
}

View File

@ -180,10 +180,12 @@ BOOL message_send_pid(pid_t pid, int msg_type, const void *buf, size_t len,
if (!dbuf.dptr) {
/* its a new record */
p = (void *)malloc(len + sizeof(rec));
if (!p) goto failed;
if (!p)
goto failed;
memcpy(p, &rec, sizeof(rec));
if (len > 0) memcpy((void *)((char*)p+sizeof(rec)), buf, len);
if (len > 0)
memcpy((void *)((char*)p+sizeof(rec)), buf, len);
dbuf.dptr = p;
dbuf.dsize = len + sizeof(rec);
@ -218,11 +220,13 @@ BOOL message_send_pid(pid_t pid, int msg_type, const void *buf, size_t len,
/* we're adding to an existing entry */
p = (void *)malloc(dbuf.dsize + len + sizeof(rec));
if (!p) goto failed;
if (!p)
goto failed;
memcpy(p, dbuf.dptr, dbuf.dsize);
memcpy((void *)((char*)p+dbuf.dsize), &rec, sizeof(rec));
if (len > 0) memcpy((void *)((char*)p+dbuf.dsize+sizeof(rec)), buf, len);
if (len > 0)
memcpy((void *)((char*)p+dbuf.dsize+sizeof(rec)), buf, len);
SAFE_FREE(dbuf.dptr);
dbuf.dptr = p;
@ -256,7 +260,8 @@ static BOOL message_recv(int *msg_type, pid_t *src, void **buf, size_t *len)
tdb_chainlock(tdb, kbuf);
dbuf = tdb_fetch(tdb, kbuf);
if (dbuf.dptr == NULL || dbuf.dsize == 0) goto failed;
if (dbuf.dptr == NULL || dbuf.dsize == 0)
goto failed;
memcpy(&rec, dbuf.dptr, sizeof(rec));
@ -267,7 +272,8 @@ static BOOL message_recv(int *msg_type, pid_t *src, void **buf, size_t *len)
if (rec.len > 0) {
(*buf) = (void *)malloc(rec.len);
if (!(*buf)) goto failed;
if (!(*buf))
goto failed;
memcpy(*buf, dbuf.dptr+sizeof(rec), rec.len);
} else {
@ -293,6 +299,7 @@ static BOOL message_recv(int *msg_type, pid_t *src, void **buf, size_t *len)
failed:
tdb_chainunlock(tdb, kbuf);
SAFE_FREE(dbuf.dptr);
return False;
}

View File

@ -196,6 +196,7 @@ BOOL namecache_fetch(const char *name, int name_type, struct in_addr **ip_list,
tdb_delete(namecache_tdb, key);
SAFE_FREE(value.dptr);
value = tdb_null;
goto done;
@ -210,6 +211,7 @@ BOOL namecache_fetch(const char *name, int name_type, struct in_addr **ip_list,
tdb_delete(namecache_tdb, key);
SAFE_FREE(value.dptr);
value = tdb_null;
goto done;

View File

@ -129,7 +129,8 @@ uint32* uni_group_cache_fetch(DOM_SID *domain, uint32 user_rid,
/* There is no cached universal groups in netlogon_unigrp.tdb */
/* for this user. */
if (!data.dptr) return NULL;
if (!data.dptr)
return NULL;
/* Transfer data to receiver's memory context */
group_count = IVAL(&((uint32*)data.dptr)[0],0);

View File

@ -652,8 +652,10 @@ BOOL set_share_mode(files_struct *fsp, uint16 port, uint16 op_type)
size = dbuf.dsize + sizeof(share_mode_entry);
p = malloc(size);
if (!p)
if (!p) {
SAFE_FREE(dbuf.dptr);
return False;
}
memcpy(p, dbuf.dptr, sizeof(*data));
fill_share_mode(p + sizeof(*data), fsp, port, op_type);
memcpy(p + sizeof(*data) + sizeof(share_mode_entry), dbuf.dptr + sizeof(*data),

View File

@ -149,7 +149,7 @@ static size_t get_posix_pending_close_entries(files_struct *fsp, int **entries)
dbuf = tdb_fetch(posix_pending_close_tdb, kbuf);
if (!dbuf.dptr) {
if (!dbuf.dptr) {
return 0;
}
@ -176,7 +176,7 @@ static size_t get_posix_lock_entries(files_struct *fsp, struct posix_lock **entr
dbuf = tdb_fetch(posix_lock_tdb, kbuf);
if (!dbuf.dptr) {
if (!dbuf.dptr) {
return 0;
}
@ -338,8 +338,9 @@ static BOOL delete_posix_lock_entry_by_index(files_struct *fsp, size_t entry)
return True;
fail:
SAFE_FREE(dbuf.dptr);
return False;
SAFE_FREE(dbuf.dptr);
return False;
}
/****************************************************************************
@ -385,17 +386,18 @@ static BOOL add_posix_lock_entry(files_struct *fsp, SMB_OFF_T start, SMB_OFF_T s
goto fail;
}
SAFE_FREE(dbuf.dptr);
SAFE_FREE(dbuf.dptr);
DEBUG(10,("add_posix_lock: File %s: type = %s: start=%.0f size=%.0f: dev=%.0f inode=%.0f\n",
fsp->fsp_name, posix_lock_type_name(lock_type), (double)start, (double)size,
(double)fsp->dev, (double)fsp->inode ));
return True;
return True;
fail:
SAFE_FREE(dbuf.dptr);
return False;
SAFE_FREE(dbuf.dptr);
return False;
}
/****************************************************************************
@ -492,13 +494,14 @@ static int delete_posix_lock_entry(files_struct *fsp, SMB_OFF_T start, SMB_OFF_T
posix_lock_type_name(pl->lock_type), (double)pl->start, (double)pl->size,
(unsigned int)num_overlapping_records ));
SAFE_FREE(dbuf.dptr);
SAFE_FREE(dbuf.dptr);
return num_overlapping_records;
fail:
SAFE_FREE(dbuf.dptr);
return -1;
SAFE_FREE(dbuf.dptr);
return -1;
}
/****************************************************************************

View File

@ -266,7 +266,8 @@ BOOL initialise_wins(void)
continue;
dbuf = tdb_fetch(tdb, kbuf);
if (!dbuf.dptr) continue;
if (!dbuf.dptr)
continue;
fstrcpy(name_type, kbuf.dptr+strlen(ENTRY_PREFIX));
@ -284,15 +285,20 @@ BOOL initialise_wins(void)
wins_ip=*interpret_addr2(ip_str);
/* Don't reload replica records */
if (!ip_equal(wins_ip, our_fake_ip))
if (!ip_equal(wins_ip, our_fake_ip)) {
SAFE_FREE(dbuf.dptr);
continue;
}
/* Don't reload released or tombstoned records */
if ((wins_flags&WINS_STATE_MASK) != WINS_ACTIVE)
if ((wins_flags&WINS_STATE_MASK) != WINS_ACTIVE) {
SAFE_FREE(dbuf.dptr);
continue;
}
/* Allocate the space for the ip_list. */
if((ip_list = (struct in_addr *)malloc( num_ips * sizeof(struct in_addr))) == NULL) {
SAFE_FREE(dbuf.dptr);
DEBUG(0,("initialise_wins: Malloc fail !\n"));
return False;
}
@ -324,6 +330,7 @@ BOOL initialise_wins(void)
name, type, ttl, inet_ntoa(ip_list[0]), nb_flags));
}
SAFE_FREE(dbuf.dptr);
SAFE_FREE(ip_list);
}

View File

@ -212,10 +212,12 @@ static BOOL upgrade_to_version_3(void)
if (strncmp(kbuf.dptr, FORMS_PREFIX, strlen(FORMS_PREFIX)) == 0) {
DEBUG(0,("upgrade_to_version_3:moving form\n"));
if (tdb_store(tdb_forms, kbuf, dbuf, TDB_REPLACE) != 0) {
SAFE_FREE(dbuf.dptr);
DEBUG(0,("upgrade_to_version_3: failed to move form. Error (%s).\n", tdb_errorstr(tdb_forms)));
return False;
}
if (tdb_delete(tdb_drivers, kbuf) != 0) {
SAFE_FREE(dbuf.dptr);
DEBUG(0,("upgrade_to_version_3: failed to delete form. Error (%s)\n", tdb_errorstr(tdb_drivers)));
return False;
}
@ -224,10 +226,12 @@ static BOOL upgrade_to_version_3(void)
if (strncmp(kbuf.dptr, PRINTERS_PREFIX, strlen(PRINTERS_PREFIX)) == 0) {
DEBUG(0,("upgrade_to_version_3:moving printer\n"));
if (tdb_store(tdb_printers, kbuf, dbuf, TDB_REPLACE) != 0) {
SAFE_FREE(dbuf.dptr);
DEBUG(0,("upgrade_to_version_3: failed to move printer. Error (%s)\n", tdb_errorstr(tdb_printers)));
return False;
}
if (tdb_delete(tdb_drivers, kbuf) != 0) {
SAFE_FREE(dbuf.dptr);
DEBUG(0,("upgrade_to_version_3: failed to delete printer. Error (%s)\n", tdb_errorstr(tdb_drivers)));
return False;
}
@ -236,10 +240,12 @@ static BOOL upgrade_to_version_3(void)
if (strncmp(kbuf.dptr, SECDESC_PREFIX, strlen(SECDESC_PREFIX)) == 0) {
DEBUG(0,("upgrade_to_version_3:moving secdesc\n"));
if (tdb_store(tdb_printers, kbuf, dbuf, TDB_REPLACE) != 0) {
SAFE_FREE(dbuf.dptr);
DEBUG(0,("upgrade_to_version_3: failed to move secdesc. Error (%s)\n", tdb_errorstr(tdb_printers)));
return False;
}
if (tdb_delete(tdb_drivers, kbuf) != 0) {
SAFE_FREE(dbuf.dptr);
DEBUG(0,("upgrade_to_version_3: failed to delete secdesc. Error (%s)\n", tdb_errorstr(tdb_drivers)));
return False;
}
@ -1771,8 +1777,7 @@ static WERROR get_a_printer_driver_3(NT_PRINTER_DRIVER_INFO_LEVEL_3 **info_ptr,
driver.defaultdatatype);
i=0;
while (len < dbuf.dsize)
{
while (len < dbuf.dsize) {
fstring *tddfs;
tddfs = (fstring *)Realloc(driver.dependentfiles,
@ -1793,8 +1798,7 @@ static WERROR get_a_printer_driver_3(NT_PRINTER_DRIVER_INFO_LEVEL_3 **info_ptr,
SAFE_FREE(dbuf.dptr);
if (len != dbuf.dsize)
{
if (len != dbuf.dsize) {
SAFE_FREE(driver.dependentfiles);
return get_a_printer_driver_3_default(info_ptr, drivername, arch);
@ -2918,8 +2922,7 @@ static WERROR get_a_printer_2(NT_PRINTER_INFO_LEVEL_2 **info_ptr, fstring sharen
* See comments in get_a_printer_2_default()
*/
if (lp_default_devmode(lp_servicenumber(sharename)) && !info.devmode)
{
if (lp_default_devmode(lp_servicenumber(sharename)) && !info.devmode) {
DEBUG(8,("get_a_printer_2: Constructing a default device mode for [%s]\n",
printername));
info.devmode = construct_nt_devicemode(printername);
@ -3160,8 +3163,8 @@ static BOOL set_driver_init_2( NT_PRINTER_INFO_LEVEL_2 *info_ptr )
*/
if ( info.devmode ) {
ZERO_STRUCT(info.devmode->devicename);
fstrcpy(info.devmode->devicename, info_ptr->printername);
ZERO_STRUCT(info.devmode->devicename);
fstrcpy(info.devmode->devicename, info_ptr->printername);
}
/*

View File

@ -71,6 +71,7 @@ uint16 pjobid_to_rap(int snum, uint32 jobid)
SAFE_FREE(data.dptr);
return rap_jobid;
}
SAFE_FREE(data.dptr);
/* Not found - create and store mapping. */
rap_jobid = ++next_rap_jobid;
if (rap_jobid == 0)
@ -99,6 +100,7 @@ BOOL rap_to_pjobid(uint16 rap_jobid, int *psnum, uint32 *pjobid)
SAFE_FREE(data.dptr);
return True;
}
SAFE_FREE(data.dptr);
return False;
}
@ -117,8 +119,10 @@ static void rap_jobid_delete(int snum, uint32 jobid)
key.dptr = (char *)&jinfo;
key.dsize = sizeof(jinfo);
data = tdb_fetch(rap_tdb, key);
if (!data.dptr || (data.dsize != sizeof(uint16)))
if (!data.dptr || (data.dsize != sizeof(uint16))) {
SAFE_FREE(data.dptr);
return;
}
memcpy(&rap_jobid, data.dptr, sizeof(uint16));
SAFE_FREE(data.dptr);
@ -404,8 +408,10 @@ static struct printjob *print_job_find(int snum, uint32 jobid)
ZERO_STRUCT( pjob );
if ( unpack_pjob( ret.dptr, ret.dsize, &pjob ) == -1 )
if ( unpack_pjob( ret.dptr, ret.dsize, &pjob ) == -1 ) {
SAFE_FREE(ret.dptr);
return NULL;
}
SAFE_FREE(ret.dptr);
return &pjob;
@ -580,8 +586,7 @@ static BOOL pjob_store(int snum, uint32 jobid, struct printjob *pjob)
len += pack_devicemode(pjob->nt_devmode, buf+len, buflen-len);
if (buflen != len)
{
if (buflen != len) {
char *tb;
tb = (char *)Realloc(buf, len);
@ -593,8 +598,7 @@ static BOOL pjob_store(int snum, uint32 jobid, struct printjob *pjob)
buf = tb;
newlen = len;
}
}
while ( buflen != len );
} while ( buflen != len );
/* Store new data */
@ -833,8 +837,10 @@ static pid_t get_updating_pid(fstring printer_name)
data = tdb_fetch(pdb->tdb, key);
release_print_db(pdb);
if (!data.dptr || data.dsize != sizeof(pid_t))
if (!data.dptr || data.dsize != sizeof(pid_t)) {
SAFE_FREE(data.dptr);
return (pid_t)-1;
}
memcpy(&updating_pid, data.dptr, sizeof(pid_t));
SAFE_FREE(data.dptr);
@ -1065,6 +1071,7 @@ static TDB_DATA get_printer_notify_pid_list(TDB_CONTEXT *tdb, const char *printe
if (data.dsize % 8) {
DEBUG(0,("get_printer_notify_pid_list: Size of record for printer %s not a multiple of 8 !\n", printer_name ));
tdb_delete_by_string(tdb, NOTIFY_PID_LIST_KEY );
SAFE_FREE(data.dptr);
ZERO_STRUCT(data);
return data;
}

View File

@ -1274,7 +1274,8 @@ int tdb_prs_fetch(TDB_CONTEXT *tdb, char *keystr, prs_struct *ps, TALLOC_CTX *me
kbuf.dsize = strlen(keystr)+1;
dbuf = tdb_fetch(tdb, kbuf);
if (!dbuf.dptr) return -1;
if (!dbuf.dptr)
return -1;
ZERO_STRUCTP(ps);
prs_init(ps, 0, mem_ctx, UNMARSHALL);

View File

@ -139,9 +139,11 @@ int32 tdb_fetch_int32_byblob(TDB_CONTEXT *tdb, char *keyval, size_t len)
key.dptr = keyval;
key.dsize = len;
data = tdb_fetch(tdb, key);
if (!data.dptr || data.dsize != sizeof(int32))
if (!data.dptr || data.dsize != sizeof(int32)) {
SAFE_FREE(data.dptr);
return -1;
}
ret = IVAL(data.dptr,0);
SAFE_FREE(data.dptr);
return ret;
@ -198,9 +200,11 @@ BOOL tdb_fetch_uint32_byblob(TDB_CONTEXT *tdb, char *keyval, size_t len, uint32
key.dptr = keyval;
key.dsize = len;
data = tdb_fetch(tdb, key);
if (!data.dptr || data.dsize != sizeof(uint32))
if (!data.dptr || data.dsize != sizeof(uint32)) {
SAFE_FREE(data.dptr);
return False;
}
*value = IVAL(data.dptr,0);
SAFE_FREE(data.dptr);
return True;

View File

@ -540,6 +540,7 @@ static void send_entry_request(GENERIC_PACKET *q, GENERIC_PACKET *r)
/* Allocate the space for the ip_list. */
if((ip_list = (struct in_addr *)talloc(mem_ctx, num_ips * sizeof(struct in_addr))) == NULL) {
SAFE_FREE(dbuf.dptr);
DEBUG(0,("initialise_wins: talloc fail !\n"));
return;
}
@ -549,6 +550,8 @@ static void send_entry_request(GENERIC_PACKET *q, GENERIC_PACKET *r)
ip_list[i] = *interpret_addr2(ip_str);
}
SAFE_FREE(dbuf.dptr);
/* add all entries that have 60 seconds or more to live */
if ((ttl - 60) > time_now || ttl == PERMANENT_TTL) {
if(ttl != PERMANENT_TTL)