1
0
mirror of https://github.com/samba-team/samba.git synced 2025-01-19 10:03:58 +03:00

128 Commits

Author SHA1 Message Date
Jeremy Allison
894358a8f3 r13915: Fixed a very interesting class of realloc() bugs found by Coverity.
realloc can return NULL in one of two cases - (1) the realloc failed,
(2) realloc succeeded but the new size requested was zero, in which
case this is identical to a free() call.

The error paths dealing with these two cases should be different,
but mostly weren't. Secondly the standard idiom for dealing with
realloc when you know the new size is non-zero is the following :

 tmp = realloc(p, size);
 if (!tmp) {
    SAFE_FREE(p);
    return error;
 } else {
    p = tmp;
 }

However, there were *many* *many* places in Samba where we were
using the old (broken) idiom of :

 p = realloc(p, size)
 if (!p) {
    return error;
 }

which will leak the memory pointed to by p on realloc fail.

This commit (hopefully) fixes all these cases by moving to
a standard idiom of :

 p = SMB_REALLOC(p, size)
 if (!p) {
    return error;
 }

Where if the realloc returns null due to the realloc failing
or size == 0 we *guarentee* that the storage pointed to by p
has been freed. This allows me to remove a lot of code that
was dealing with the standard (more verbose) method that required
a tmp pointer. This is almost always what you want. When a
realloc fails you never usually want the old memory, you
want to free it and get into your error processing asap.

For the 11 remaining cases where we really do need to keep the
old pointer I have invented the new macro SMB_REALLOC_KEEP_OLD_ON_ERROR,
which can be used as follows :

 tmp = SMB_REALLOC_KEEP_OLD_ON_ERROR(p, size);
 if (!tmp) {
    SAFE_FREE(p);
    return error;
 } else {
    p = tmp;
 }

SMB_REALLOC_KEEP_OLD_ON_ERROR guarentees never to free the
pointer p, even on size == 0 or realloc fail. All this is
done by a hidden extra argument to Realloc(), BOOL free_old_on_error
which is set appropriately by the SMB_REALLOC and SMB_REALLOC_KEEP_OLD_ON_ERROR
macros (and their array counterparts).

It remains to be seen what this will do to our Coverity bug count :-).

Jeremy.
(This used to be commit 1d710d06a214f3f1740e80e0bffd6aab44aac2b0)
2007-10-10 11:10:59 -05:00
Jeremy Allison
5a4881bf39 r12522: Try and fix bug #2926 by removing setlocale(LC_ALL, "C")
and replace calls to isupper/islower/toupper/tolower with
ASCII equivalents (mapping into _w variants).
Jeremy.
(This used to be commit c2752347eb2deeb2798c580ec7fc751a847717e9)
2007-10-10 11:05:58 -05:00
Jeremy Allison
d1f91f7c72 r12043: It's amazing the warnings you find when compiling on a 64-bit
box with gcc4 and -O6...
Fix a bunch of C99 dereferencing type-punned pointer will break
strict-aliasing rules errors. Also added prs_int32 (not uint32...)
as it's needed in one place. Find places where prs_uint32 was being
used to marshall/unmarshall a time_t (a big no no on 64-bits).
More warning fixes to come.
Thanks to Volker for nudging me to compile like this.
Jeremy.
(This used to be commit c65b752604f8f58abc4e7ae8514dc2c7f086271c)
2007-10-10 11:05:42 -05:00
Jeremy Allison
442b9f3e87 r5933: We were handling setting of EA's incorrectly - we should be able to set
a list. Also not converting names from DOS CP to UNIX CP correctly. This
code doesn't quite work yet but it's a work in progress to be fixed
tomorrow (don't want to lose it).
Jeremy.
(This used to be commit 22fca746576810c5408540031a9603625a66cd75)
2007-10-10 10:56:09 -05:00
Jeremy Allison
92a7eb69d3 r4126: Fix from Björn Jacke <bjoern@j3e.de> for bugid #2040 - ensure the locale
is reset to C to get ASCII-compatible toupper/lower functions.
Jeremy.
(This used to be commit 8e1b1693abf1e6eb46b23a5fa56776fc2ede7982)
2007-10-10 10:53:35 -05:00
Jeremy Allison
acf9d61421 r4088: Get medieval on our ass about malloc.... :-). Take control of all our allocation
functions so we can funnel through some well known functions. Should help greatly with
malloc checking.
HEAD patch to follow.
Jeremy.
(This used to be commit 620f2e608f70ba92f032720c031283d295c5c06a)
2007-10-10 10:53:32 -05:00
Jeremy Allison
b74b9c5037 r3857: Shut up gcc about erroneous "used uninitialised" warning.
Jeremy.
(This used to be commit ac9b91d805c3ee68119d4b25ab05ed043f0ab8f1)
2007-10-10 10:53:21 -05:00
Jeremy Allison
17ab9e8db1 r2610: Even if we only use the fast-path (ascii only) then
we still need to set errno = E2BIG when we overflow.
Jeremy.
(This used to be commit 7b0560dcccbd44f1f7b67ba1d46f6a5680b6b47c)
2007-10-10 10:52:48 -05:00
Jeremy Allison
fb4c421f1b r2392: Steal the nicer error message from Samba4 :-).
Jeremy.
(This used to be commit afa88868b76a6e825bc45f8d405d4b3f557fdfdb)
2007-10-10 10:52:42 -05:00
Jeremy Allison
651daa4b42 r2114: Shameless theft of iconv commit from Samba4 to keep the two libs more in sync :-).
try to cope with a wider range of UTF-16 characters when we are using
an external libiconv library.
Jeremy.
(This used to be commit 5d04cd6804f6fc3b556e7c3b53fa0d7af39797c1)
2007-10-10 10:52:32 -05:00
Jeremy Allison
16de9d9711 r1684: Patch for bug #1578 based on fix from Alexander E. Patrakov,
<patrakov@ums.usu.ru>. Main change, hardcode replacement char
to '_' as I really don't want a new parameter.
Jeremy.
(This used to be commit db3dde026b84aa28c2d7a32249488f203e362497)
2007-10-10 10:52:18 -05:00
Gerald Carter
5a3bc12683 r907: fixing browse.dat bug -- don't include the resouce byte from the netbios name when pulling a string from a packet (jra, please double check this
(This used to be commit c9bef86b8b422c5cbb6e3e5d2abb96c6e4560c1e)
2007-10-10 10:51:48 -05:00
Jeremy Allison
fe160f5b72 "Fixing my FORTRAN". Ensure we always have some valid char converter for the
neccessary types before we will run at all. If we can't get one, use ASCII
but complain mightily.
Jeremy.
(This used to be commit 37dd5e52f61e7ba1facb726ac70fc75e22608103)
2004-04-01 19:42:36 +00:00
Jeremy Allison
c66f52a5ac Correctness patch from fumiya@miraclelinux.com to count characters correctly,
doesn't affect what got put on the wire.
Jeremy.
(This used to be commit e8b68ef965ea2e3bed41cb397ef32df05c631e92)
2004-03-18 17:58:50 +00:00
Jeremy Allison
41ea0d35ae Remove excess logging when probing for the length of the next mb char.
Jeremy.
(This used to be commit 6339c4690aef7692571dd4c65dd0a12d56a7ffab)
2004-03-17 19:23:48 +00:00
Jeremy Allison
aa2e306a01 Change check_path_syntax() to use the new next_mb_char_size() function
to make it generic. Remove the mb-codepage "blacklist". Alexander, please
check this fix as it reverts your blacklist changes, but I'm hoping it
fixes the problem in a more generic way for all charsets. I'm not trying
to trample on your (excellent!) work here, just make things more generic
without special cases.
Jeremy.
(This used to be commit 5a9324525acc02e6bf14528679816b35929a564e)
2004-03-17 02:08:31 +00:00
Jeremy Allison
acad182a3f Add function next_mb_char_size() that returns a size_t of the number of
bytes in the mb character at a pointer. Will be useful in fixing check_path_syntax()
to not use a "blacklist". Also re-added my (C) to reply.c. I mean, really - I've
been adding code to the file for over 10 years and I recognise many of the
fuctions as mine ! :-).
Jeremy.
(This used to be commit d2b2a39fd2f2e06cc4aebf081876985f0b28b477)
2004-03-16 21:59:11 +00:00
Alexander Bokovoy
e2fd98af57 Fix check_path_syntax() for multibyte encodings which have no '\' as second byte.
This is intermediate fix as discussed with Jeremy until we move check_path_syntax() to UCS2 internally where all
ambiguity is resolved. Please add other encodings into charcnv.c with such property.'
'
(This used to be commit 2c404f6ba988d68c6f44df9409c0de319553de10)
2004-03-16 17:18:57 +00:00
Jeremy Allison
a0034d3586 Ensure we don't truncate strcmps to nstring anymore...
Jeremy.
(This used to be commit d7cf64b1e4e501bcd01ddc8279babc65d894a4b3)
2004-03-13 02:47:21 +00:00
Jeremy Allison
6b9dbbcd24 Modified fix for bugid #784. Based on a patch from moriyama@miraclelinux.com (MORIYAMA Masayuki).
Don't use nstrings to hold workgroup and netbios names. The problem with them is that MB netbios
and workgroup names in unix charset (particularly utf8) may be up to 3x bigger than the name
when represented in dos charset (ie. cp932). So go back to using fstrings for these but
translate into nstrings (ie. 16 byte length values) for transport on the wire.
Jeremy.
(This used to be commit b4ea493599ab414f7828b83f40a5a8b43479ff64)
2004-03-13 02:16:21 +00:00
Jeremy Allison
fd2d4f87d4 First part of patch from moriyama@miraclelinux.com (MORIYAMA Masayuki) to
fix up netbios names with mb strings. Includes reformat of libsmb/nmblib.c
so it's readable.
Jeremy.
(This used to be commit 966e49a48c352563cdd7f75fe2768f2d6612ec7e)
2004-03-13 00:28:53 +00:00
Jeremy Allison
e3f5b54270 Restore the contract on all convert_stringXX() interfaces. Add a "allow_bad_conv"
boolean parameter that allows broken iconv conversions to work. Gets rid of the
nasty errno checks in mangle_hash2 and check_path_syntax and allows correct
return code checking.
Jeremy.
(This used to be commit 7b96765c23637613f079d37566d95d5edd511f05)
2004-03-11 22:48:24 +00:00
Jeremy Allison
ef743c0641 Fixup the allocate version of the function to do "crap" conversions too.
Embarrassing number of goto's in this :-(. Fixes #830 I think.
Jeremy.
(This used to be commit 4c182d3220e87ea74d9c977b8ab1d740ef4cc30f)
2004-02-04 19:13:45 +00:00
Jeremy Allison
39f8afa866 Working on #830. Cope with bad conversions better - don't just memcpy but
try a crap conversion instead. Next this needs to be done to the convert_alloc
function.
Actually fixes some valgrind warnings as well - cool !
Jeremy.
(This used to be commit 6a7919f2544a689840fe46f3c58ed66f69aca65a)
2004-02-04 02:09:41 +00:00
Andrew Tridgell
423ad90974 the conversion from int to size_t in charcnv did not take into account
one place where we checked "if (src_len > 0)".

I actually would greatly prefer to switch back to int for src_len. The
type *can* be negative, which means an unsigned type is
inappropriate. There is absolutely no reason why "int" should not be
used for a parameter like this.

I didn't change back to int as we are close to a release and I wanted
a mininal change, but please don't go changing types like this in
future without very careful testing and a damn good reason.

this bug broke pull_ucs2(), I would not be surprised if it caused all
sorts of nastiness. Thanks to vl for noticing the symptoms!
(This used to be commit 8b8f0c527959c707f274b435fc59156e37232981)
2004-02-02 12:02:43 +00:00
Gerald Carter
b20f1a95a9 * BUG 446
- setup_logging() in smbclient to be interactive (remove the timestamps)
  - Fix bad return value in pull_ucs2( needs more testing to make sure this
    didn't break something else) that caused clistr_pull() to always read
    the same string from the buffer (pull_usc2() could return -1 if the original
    source length was given as -1)
  - increment some debugging messages to avoid printing them out so often
(This used to be commit 79fe75dcdf6cc38e18ca1231e4357893db4d4a08)
2004-01-15 19:03:18 +00:00
Andrew Bartlett
5eee23cc64 auth/auth_util.c:
- Fill in the 'backup' idea of a domain, if the DC didn't supply one.  This
   doesn't seem to occour in reality, hence why we missed the typo.

lib/charcnv.c:
lib/smbldap.c:
libads/ldap.c:
libsmb/libsmbclient.c:
printing/nt_printing.c:
 - all the callers to pull_utf8_allocate() pass a char ** as the first
   parammeter, so don't make them all cast it to a void **

nsswitch/winbind_util.c:
 - Allow for a more 'correct' view of when usernames should be qualified
   in winbindd.  If we are a PDC, or have 'winbind trusted domains only',
   then for the authentication returns stip the domain portion.
 - Fix valgrind warning about use of free()ed name when looking up our
   local domain.  lp_workgroup() is maniplated inside a procedure that
   uses it's former value.  Instead, use the fact that our local domain is
   always the first in the list.

Andrew Bartlett
(This used to be commit 494781f628683d6e68e8ba21ae54f738727e8c21)
2003-12-31 00:31:43 +00:00
Jeremy Allison
c4167baca1 Get a little paranoid about memfree use in convert_string_allocate..
Looking at crash bugs #809 and others.
Jeremy.
(This used to be commit cd2075580b0f35c8a414c995f03834c01efaa9be)
2003-12-01 22:46:46 +00:00
Richard Sharpe
e6994778ec Fix a couple of warnings with casts.
(This used to be commit 58d7a51c5762a444aae6a795a3703269134423d7)
2003-11-13 17:27:21 +00:00
Jeremy Allison
bb0598faf5 Put strcasecmp/strncasecmp on the banned list (except for needed calls
in iconv.c and nsswitch/). Using them means you're not thinking about multibyte at
all and I really want to discourage that.
Jeremy.
(This used to be commit d7e35dfb9283d560d0ed2ab231f36ed92767dace)
2003-10-22 23:38:20 +00:00
Jeremy Allison
cba653c30a Fix for MacOS/X which uses STUPID BROKEN UNICODE COMPOSE CHARACTERS !
(rant off :-). Inspired by work from Benjamin Riefenstahl <Benjamin.Riefenstahl@epost.de>.
Also add MacOSX/Darwin configure fixes.
Jerry - can we put this in 3.0 release ? :-).
Jeremy.
(This used to be commit f23acb4ca5feac8ad2acfa1baf7df31283aba3ea)
2003-09-13 22:41:21 +00:00
Jeremy Allison
ee51d6aabe Fix mb bug in fast path code. strlen_w() returns number of *characters*
not number of bytes. Reproduce this by trying to rename the file named :
sibrseau -> sibrseaU
from Windows 2000 explorer.
Jeremy.
(This used to be commit 035f59599514491609078ac0fe5804278c43a9b3)
2003-09-10 02:21:24 +00:00
Jeremy Allison
16e6d22408 Fix valgrind-found read of uninit variable (ensure length is right).
Jeremy.
(This used to be commit 6fc0e529f70253244628017a372257e8dc053294)
2003-09-08 21:26:30 +00:00
Jeremy Allison
966b0fc7c9 More cachegrind tuning, plus fix an error message.
Jeremy.
(This used to be commit 8cb9ec5d533085d40fc6bfe4ca9647d80bf41ac7)
2003-09-05 21:30:50 +00:00
Jeremy Allison
94f59f5492 More tuning from cachegrind. Change most trim_string() calls to trim_char(0,
as that's what they do. Fix string_replace() to fast-path ascii.
Jeremy.
(This used to be commit f35e9a8b909d3c74be47083ccc4a4e91a14938db)
2003-09-05 19:59:55 +00:00
Jeremy Allison
0e8c2a4133 More hand-tuning of the fastpath. Don't do strlen() when we're doing
to walk to the end anyway.
Jeremy.
(This used to be commit 467cafdb1f7ddfb4278824f385b732975246a4f5)
2003-09-04 23:03:58 +00:00
Jeremy Allison
22831019dc Remove convert_string_internal completely from fast path when processing
NBENCH calls. Requires fixed buffer size for strdup_upper().
Jeremy.
(This used to be commit e98fbfaf384bd2d3ebb002b0b981366377fb5ac0)
2003-09-04 18:40:55 +00:00
Jeremy Allison
245fbf7efb Used cachegrind to track down some bottlenecks.
Removed calls to clobber_region when not compiling with developer as
they were hiding speed problems.
Added fast path to convert_string() when dealing with ascii -> ascii,
ucs2-le to ascii and ascii to ucs2-le with values <= 0x7F. This
gives a speedup of 22% on my nbench tests.
Next I will do this on convert_string_allocate.
Jeremy.
(This used to be commit ef140d15ea0d76a3e7cdcadbfd3e917c210a9411)
2003-09-04 01:12:39 +00:00
Jeremy Allison
dac11b890b Half-way though the big conversion of all nmbd access to wire elements being
converted to pull/push_ascii. This will not work right at the moment for non
English codepages, but compiles - I will finish the work over the weekend.
Then nmbd should be completely codepage correct.
Jeremy.
(This used to be commit 236d6adadf32397b28028ea82ae2ec027366f7c8)
2003-08-23 01:59:14 +00:00
Jeremy Allison
a8eda05d75 Shut conversion errors up when initialising tables.
Jeremy.
(This used to be commit 94d0f888c9abd52e26ef5fc597ade5426a521227)
2003-08-21 23:55:29 +00:00
Jeremy Allison
ecddae8bf0 Attempt to fix the charcnv issues causing nmbd to crash. If we get a failed
conversion simply copy as is. Also fixed the horrid malloc-twice-copy code
in the convert alloc path.
Jeremy.
(This used to be commit cfde7477fd12caef943a9422b52174438092a135)
2003-08-20 22:06:19 +00:00
Andrew Bartlett
4b3e0268b5 Use push_ucs2_allocate(), rather than convert_string_allocate() directly.
Remove strdup_upper/strdup_lower from their old file, now that they have
been moved to charcnv.c

Note that string_replace assumes that s is a pstring.  (doco change only)

Andrew Bartlett
(This used to be commit 6c9056029bb3dfadb244f301598e12e69493fff9)
2003-07-27 02:40:06 +00:00
Andrew Bartlett
455bb6de90 Some small fixes to our charset conversion code:
- Treat the NMB names in the 'session request' packet as 'ASCII'.  This means
   that we do not get invalid multibyte from the wire, even if we truncate
   in the conversion.  (Otherwise we panic when we try to strupper_m it).

 - Remove acnv_uxu2(), as it was duplicated by push_ucs2_allocate()
 - Remove acnv_dosu2(), as it is not used.

 - In push_ucs2(), with the STR_UPPER flag, do the case conversion *after*
   the UCS2 conversion, when it we know that the length can't change.  Also
   faster, as we don't need to do another 2 UCS2 conversions.

Andrew Bartlett
(This used to be commit 912035af1178424583d0bf887a391a0cac2acd87)
2003-07-27 02:28:25 +00:00
Tim Potter
7d833de662 More printf portability fixes. Got caught out by some gcc'isms last
time.  )-:
(This used to be commit 59dae1da66a5eb7e128263bd578f167d8746e9f0)
2003-07-25 04:24:40 +00:00
Tim Potter
77373f1f8e More printf fixes - size_t is long on some architectures.
(This used to be commit ba4d334b822248d8ab929c9568533431603d967e)
2003-07-24 23:46:27 +00:00
Jeremy Allison
ce72beb2b5 Removed strupper/strlower macros that automatically map to strupper_m/strlower_m.
I really want people to think about when they're using multibyte strings.
Jeremy.
(This used to be commit ff222716a08af65d26ad842ce4c2841cc6540959)
2003-07-03 19:11:31 +00:00
Andrew Tridgell
0a4959d48d - added LOCALE patch from vorlon@debian.org (Steve Langasek) (bug #122)
- changed --enable-developer debug to use -gstabs as it makes the
  samba binaries about 10x smaller and is still quite functional for
  samba debugging
(This used to be commit 53bfcd478a193d4def8da872e92d7ed8f46aa4b9)
2003-06-30 02:11:13 +00:00
Andrew Tridgell
8cd67d7668 reverted locale patch put in by jht (originally from vorlon).
There are lots of things wrong with this patch, including:

1) it overrides a user chosen configuration option

2) it adds lots of complexity inside a loop when a tiny piece of code
   outside the loop would do the same thing

3) it does no error checking, and is sure to crash on some systems

If you want this functionality then try something like this at the end
of charset_name():

#ifdef HAVE_NL_LANGINFO
	if (strcasecmp(ret, "LOCALE") == 0) {
		const char *ln = nl_langinfo(CODESET);
		if (ln) {
			DEBUG(5,("Substituting charset '%s' for LOCALE\n", ln));
			return ln;
		}
	}
#endif

then users can set 'display charset = LOCALE' to get the locale based
charset. You could even make that the default for systems that have
nl_langinfo().
(This used to be commit 382b9b806b1ecd227b1ea247e3825d6848090462)
2003-06-16 02:22:52 +00:00
John Terpstra
489956c823 Patch from vorlon@debian.org, see bugzilal #122
Samba should preferentially use the locale information from the native system,
and only fall back on 'display charset' if this is unavailable or unsupported.
(This used to be commit 1e445fb4220cdf4700dd9d1850a42746a1065c5a)
2003-06-15 06:07:53 +00:00
Jeremy Allison
0bbbe382a5 Fix for valgrind - when doing a srvstr_push we must zero fill
any extra bytes, not clobber region them - otherwise valgrind
thinks they are invalid on send() or write().
Jeremy.
(This used to be commit 8aa5f7a65c71fb89ed05e71a2465e61385e80c2b)
2003-06-06 07:56:23 +00:00