From 94f11e9d168931018125a1552f22b786ba290dd0 Mon Sep 17 00:00:00 2001 From: Andreas Schneider Date: Fri, 21 Dec 2012 16:03:51 +0100 Subject: [PATCH] s3-net: Fix rpc_service_list_internal() null pointer passing. MIME-Version: 1.0 Content-Type: text/plain; charset=utf8 Content-Transfer-Encoding: 8bit Signed-off-by: Andreas Schneider Reviewed-by: Günther Deschner Found by Coverity. Autobuild-User(master): Günther Deschner Autobuild-Date(master): Wed Jan 2 14:19:50 CET 2013 on sn-devel-104 --- source3/utils/net_rpc_service.c | 15 +++++++++++++-- 1 file changed, 13 insertions(+), 2 deletions(-) diff --git a/source3/utils/net_rpc_service.c b/source3/utils/net_rpc_service.c index 523eafd6533..0c0995a1dcb 100644 --- a/source3/utils/net_rpc_service.c +++ b/source3/utils/net_rpc_service.c @@ -289,7 +289,7 @@ static NTSTATUS rpc_service_list_internal(struct net_context *c, int i; struct dcerpc_binding_handle *b = pipe_hnd->binding_handle; - uint8_t *buffer = NULL; + uint8_t *buffer; uint32_t buf_size = 0; uint32_t bytes_needed = 0; uint32_t num_services = 0; @@ -307,6 +307,12 @@ static NTSTATUS rpc_service_list_internal(struct net_context *c, return werror_to_ntstatus(result); } + buffer = talloc_array(mem_ctx, uint8_t, buf_size); + if (buffer == NULL) { + status = NT_STATUS_NO_MEMORY; + goto done; + } + do { status = dcerpc_svcctl_EnumServicesStatusW(b, mem_ctx, &hSCM, @@ -327,8 +333,12 @@ static NTSTATUS rpc_service_list_internal(struct net_context *c, } if (W_ERROR_EQUAL(result, WERR_MORE_DATA) && bytes_needed > 0) { - buffer = talloc_array(mem_ctx, uint8_t, bytes_needed); buf_size = bytes_needed; + buffer = talloc_realloc(mem_ctx, buffer, uint8_t, bytes_needed); + if (buffer == NULL) { + status = NT_STATUS_NO_MEMORY; + break; + } continue; } @@ -381,6 +391,7 @@ static NTSTATUS rpc_service_list_internal(struct net_context *c, } while (W_ERROR_EQUAL(result, WERR_MORE_DATA)); +done: if (is_valid_policy_hnd(&hSCM)) { WERROR _result; dcerpc_svcctl_CloseServiceHandle(b, mem_ctx, &hSCM, &_result); -- 2.11.4.GIT