Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
View | Details | Raw Unified | Return to bug 73943 | Differences between
and this patch

Collapse All | Expand All

(-)samba-3.0.9-orig/examples/VFS/shadow_copy_test.c (-1 / +1 lines)
Lines 58-64 Link Here
58
	shadow_copy_data->num_volumes = num;
58
	shadow_copy_data->num_volumes = num;
59
	
59
	
60
	if (labels) {	
60
	if (labels) {	
61
		shadow_copy_data->labels = (SHADOW_COPY_LABEL *)talloc_zero(shadow_copy_data->mem_ctx,(num)*sizeof(SHADOW_COPY_LABEL));
61
		shadow_copy_data->labels = TALLOC_ZERO_ARRAY(shadow_copy_data->mem_ctx,SHADOW_COPY_LABEL,num);
62
		for (i=0;i<num;i++) {
62
		for (i=0;i<num;i++) {
63
			snprintf(shadow_copy_data->labels[i], sizeof(SHADOW_COPY_LABEL), "@GMT-2003.08.05-12.%02u.00",i);
63
			snprintf(shadow_copy_data->labels[i], sizeof(SHADOW_COPY_LABEL), "@GMT-2003.08.05-12.%02u.00",i);
64
		}
64
		}
(-)samba-3.0.9-orig/source/auth/auth.c (-2 / +2 lines)
Lines 49-55 Link Here
49
		return NT_STATUS_OBJECT_NAME_COLLISION;
49
		return NT_STATUS_OBJECT_NAME_COLLISION;
50
	}
50
	}
51
	
51
	
52
	entry = smb_xmalloc(sizeof(struct auth_init_function_entry));
52
	entry = SMB_XMALLOC_P(struct auth_init_function_entry);
53
	entry->name = smb_xstrdup(name);
53
	entry->name = smb_xstrdup(name);
54
	entry->init = init;
54
	entry->init = init;
55
55
Lines 347-353 Link Here
347
347
348
	mem_ctx = talloc_init("authentication context");
348
	mem_ctx = talloc_init("authentication context");
349
	
349
	
350
	*auth_context = talloc(mem_ctx, sizeof(**auth_context));
350
	*auth_context = TALLOC_P(mem_ctx, struct auth_context);
351
	if (!*auth_context) {
351
	if (!*auth_context) {
352
		DEBUG(0,("make_auth_context: talloc failed!\n"));
352
		DEBUG(0,("make_auth_context: talloc failed!\n"));
353
		talloc_destroy(mem_ctx);
353
		talloc_destroy(mem_ctx);
(-)samba-3.0.9-orig/source/auth/auth_ntlmssp.c (-1 / +1 lines)
Lines 135-141 Link Here
135
135
136
	mem_ctx = talloc_init("AUTH NTLMSSP context");
136
	mem_ctx = talloc_init("AUTH NTLMSSP context");
137
	
137
	
138
	*auth_ntlmssp_state = talloc_zero(mem_ctx, sizeof(**auth_ntlmssp_state));
138
	*auth_ntlmssp_state = TALLOC_ZERO_P(mem_ctx, AUTH_NTLMSSP_STATE);
139
	if (!*auth_ntlmssp_state) {
139
	if (!*auth_ntlmssp_state) {
140
		DEBUG(0,("auth_ntlmssp_start: talloc failed!\n"));
140
		DEBUG(0,("auth_ntlmssp_start: talloc failed!\n"));
141
		talloc_destroy(mem_ctx);
141
		talloc_destroy(mem_ctx);
(-)samba-3.0.9-orig/source/auth/auth_util.c (-16 / +16 lines)
Lines 132-138 Link Here
132
132
133
	DEBUG(5,("attempting to make a user_info for %s (%s)\n", internal_username, smb_name));
133
	DEBUG(5,("attempting to make a user_info for %s (%s)\n", internal_username, smb_name));
134
134
135
	*user_info = malloc(sizeof(**user_info));
135
	*user_info = SMB_MALLOC_P(auth_usersupplied_info);
136
	if (!user_info) {
136
	if (!user_info) {
137
		DEBUG(0,("malloc failed for user_info (size %lu)\n", (unsigned long)sizeof(*user_info)));
137
		DEBUG(0,("malloc failed for user_info (size %lu)\n", (unsigned long)sizeof(*user_info)));
138
		return NT_STATUS_NO_MEMORY;
138
		return NT_STATUS_NO_MEMORY;
Lines 142-148 Link Here
142
142
143
	DEBUG(5,("making strings for %s's user_info struct\n", internal_username));
143
	DEBUG(5,("making strings for %s's user_info struct\n", internal_username));
144
144
145
	(*user_info)->smb_name.str = strdup(smb_name);
145
	(*user_info)->smb_name.str = SMB_STRDUP(smb_name);
146
	if ((*user_info)->smb_name.str) { 
146
	if ((*user_info)->smb_name.str) { 
147
		(*user_info)->smb_name.len = strlen(smb_name);
147
		(*user_info)->smb_name.len = strlen(smb_name);
148
	} else {
148
	} else {
Lines 150-156 Link Here
150
		return NT_STATUS_NO_MEMORY;
150
		return NT_STATUS_NO_MEMORY;
151
	}
151
	}
152
	
152
	
153
	(*user_info)->internal_username.str = strdup(internal_username);
153
	(*user_info)->internal_username.str = SMB_STRDUP(internal_username);
154
	if ((*user_info)->internal_username.str) { 
154
	if ((*user_info)->internal_username.str) { 
155
		(*user_info)->internal_username.len = strlen(internal_username);
155
		(*user_info)->internal_username.len = strlen(internal_username);
156
	} else {
156
	} else {
Lines 158-164 Link Here
158
		return NT_STATUS_NO_MEMORY;
158
		return NT_STATUS_NO_MEMORY;
159
	}
159
	}
160
160
161
	(*user_info)->domain.str = strdup(domain);
161
	(*user_info)->domain.str = SMB_STRDUP(domain);
162
	if ((*user_info)->domain.str) { 
162
	if ((*user_info)->domain.str) { 
163
		(*user_info)->domain.len = strlen(domain);
163
		(*user_info)->domain.len = strlen(domain);
164
	} else {
164
	} else {
Lines 166-172 Link Here
166
		return NT_STATUS_NO_MEMORY;
166
		return NT_STATUS_NO_MEMORY;
167
	}
167
	}
168
168
169
	(*user_info)->client_domain.str = strdup(client_domain);
169
	(*user_info)->client_domain.str = SMB_STRDUP(client_domain);
170
	if ((*user_info)->client_domain.str) { 
170
	if ((*user_info)->client_domain.str) { 
171
		(*user_info)->client_domain.len = strlen(client_domain);
171
		(*user_info)->client_domain.len = strlen(client_domain);
172
	} else {
172
	} else {
Lines 174-180 Link Here
174
		return NT_STATUS_NO_MEMORY;
174
		return NT_STATUS_NO_MEMORY;
175
	}
175
	}
176
176
177
	(*user_info)->wksta_name.str = strdup(wksta_name);
177
	(*user_info)->wksta_name.str = SMB_STRDUP(wksta_name);
178
	if ((*user_info)->wksta_name.str) { 
178
	if ((*user_info)->wksta_name.str) { 
179
		(*user_info)->wksta_name.len = strlen(wksta_name);
179
		(*user_info)->wksta_name.len = strlen(wksta_name);
180
	} else {
180
	} else {
Lines 523-529 Link Here
523
	int i;
523
	int i;
524
	int sid_ndx;
524
	int sid_ndx;
525
	
525
	
526
	if ((ptoken = malloc( sizeof(NT_USER_TOKEN) ) ) == NULL) {
526
	if ((ptoken = SMB_MALLOC_P(NT_USER_TOKEN)) == NULL) {
527
		DEBUG(0, ("create_nt_token: Out of memory allocating token\n"));
527
		DEBUG(0, ("create_nt_token: Out of memory allocating token\n"));
528
		nt_status = NT_STATUS_NO_MEMORY;
528
		nt_status = NT_STATUS_NO_MEMORY;
529
		return nt_status;
529
		return nt_status;
Lines 533-539 Link Here
533
533
534
	ptoken->num_sids = n_groupSIDs + 5;
534
	ptoken->num_sids = n_groupSIDs + 5;
535
535
536
	if ((ptoken->user_sids = (DOM_SID *)malloc( sizeof(DOM_SID) * ptoken->num_sids )) == NULL) {
536
	if ((ptoken->user_sids = SMB_MALLOC_ARRAY( DOM_SID, ptoken->num_sids )) == NULL) {
537
		DEBUG(0, ("create_nt_token: Out of memory allocating SIDs\n"));
537
		DEBUG(0, ("create_nt_token: Out of memory allocating SIDs\n"));
538
		nt_status = NT_STATUS_NO_MEMORY;
538
		nt_status = NT_STATUS_NO_MEMORY;
539
		return nt_status;
539
		return nt_status;
Lines 610-616 Link Here
610
		return NULL;
610
		return NULL;
611
	}
611
	}
612
612
613
	group_sids = malloc(sizeof(DOM_SID) * ngroups);
613
	group_sids = SMB_MALLOC_ARRAY(DOM_SID, ngroups);
614
	if (!group_sids) {
614
	if (!group_sids) {
615
		DEBUG(0, ("create_nt_token: malloc() failed for DOM_SID list!\n"));
615
		DEBUG(0, ("create_nt_token: malloc() failed for DOM_SID list!\n"));
616
		return NULL;
616
		return NULL;
Lines 674-680 Link Here
674
		
674
		
675
		n_unix_groups = groups_max();
675
		n_unix_groups = groups_max();
676
		
676
		
677
		if ((*unix_groups = malloc( sizeof(gid_t) * n_unix_groups ) ) == NULL) {
677
		if ((*unix_groups = SMB_MALLOC_ARRAY( gid_t, n_unix_groups ) ) == NULL) {
678
			DEBUG(0, ("get_user_groups: Out of memory allocating unix group list\n"));
678
			DEBUG(0, ("get_user_groups: Out of memory allocating unix group list\n"));
679
			return NT_STATUS_NO_MEMORY;
679
			return NT_STATUS_NO_MEMORY;
680
		}
680
		}
Lines 683-689 Link Here
683
		
683
		
684
			gid_t *groups_tmp;
684
			gid_t *groups_tmp;
685
			
685
			
686
			groups_tmp = Realloc(*unix_groups, sizeof(gid_t) * n_unix_groups);
686
			groups_tmp = SMB_REALLOC_ARRAY(*unix_groups, gid_t, n_unix_groups);
687
			
687
			
688
			if (!groups_tmp) {
688
			if (!groups_tmp) {
689
				SAFE_FREE(*unix_groups);
689
				SAFE_FREE(*unix_groups);
Lines 705-711 Link Here
705
	
705
	
706
	if (n_unix_groups > 0) {
706
	if (n_unix_groups > 0) {
707
	
707
	
708
		*groups   = malloc(sizeof(DOM_SID) * n_unix_groups);
708
		*groups   = SMB_MALLOC_ARRAY(DOM_SID, n_unix_groups);
709
		
709
		
710
		if (!*groups) {
710
		if (!*groups) {
711
			DEBUG(0, ("get_user_group: malloc() failed for DOM_SID list!\n"));
711
			DEBUG(0, ("get_user_group: malloc() failed for DOM_SID list!\n"));
Lines 735-741 Link Here
735
735
736
static NTSTATUS make_server_info(auth_serversupplied_info **server_info)
736
static NTSTATUS make_server_info(auth_serversupplied_info **server_info)
737
{
737
{
738
	*server_info = malloc(sizeof(**server_info));
738
	*server_info = SMB_MALLOC_P(auth_serversupplied_info);
739
	if (!*server_info) {
739
	if (!*server_info) {
740
		DEBUG(0,("make_server_info: malloc failed!\n"));
740
		DEBUG(0,("make_server_info: malloc failed!\n"));
741
		return NT_STATUS_NO_MEMORY;
741
		return NT_STATUS_NO_MEMORY;
Lines 1221-1227 Link Here
1221
	
1221
	
1222
	/* Create a 'combined' list of all SIDs we might want in the SD */
1222
	/* Create a 'combined' list of all SIDs we might want in the SD */
1223
	
1223
	
1224
	all_group_SIDs = malloc(sizeof(DOM_SID) * (info3->num_groups2 + info3->num_other_sids + n_lgroupSIDs));
1224
	all_group_SIDs = SMB_MALLOC_ARRAY(DOM_SID,info3->num_groups2 + info3->num_other_sids + n_lgroupSIDs);
1225
	
1225
	
1226
	if (!all_group_SIDs) {
1226
	if (!all_group_SIDs) {
1227
		DEBUG(0, ("malloc() failed for DOM_SID list!\n"));
1227
		DEBUG(0, ("malloc() failed for DOM_SID list!\n"));
Lines 1370-1376 Link Here
1370
		smb_panic("make_auth_methods: pointer to auth_method pointer is NULL!\n");
1370
		smb_panic("make_auth_methods: pointer to auth_method pointer is NULL!\n");
1371
	}
1371
	}
1372
1372
1373
	*auth_method = talloc(auth_context->mem_ctx, sizeof(**auth_method));
1373
	*auth_method = TALLOC_P(auth_context->mem_ctx, auth_methods);
1374
	if (!*auth_method) {
1374
	if (!*auth_method) {
1375
		DEBUG(0,("make_auth_method: malloc failed!\n"));
1375
		DEBUG(0,("make_auth_method: malloc failed!\n"));
1376
		return False;
1376
		return False;
Lines 1405-1411 Link Here
1405
	if (!ptoken)
1405
	if (!ptoken)
1406
		return NULL;
1406
		return NULL;
1407
1407
1408
    if ((token = (NT_USER_TOKEN *)malloc( sizeof(NT_USER_TOKEN) ) ) == NULL)
1408
    if ((token = SMB_MALLOC_P(NT_USER_TOKEN)) == NULL)
1409
        return NULL;
1409
        return NULL;
1410
1410
1411
    ZERO_STRUCTP(token);
1411
    ZERO_STRUCTP(token);
(-)samba-3.0.9-orig/source/client/client.c (-14 / +14 lines)
Lines 387-393 Link Here
387
{
387
{
388
	reset_do_list_queue();
388
	reset_do_list_queue();
389
	do_list_queue_size = 1024;
389
	do_list_queue_size = 1024;
390
	do_list_queue = malloc(do_list_queue_size);
390
	do_list_queue = SMB_MALLOC(do_list_queue_size);
391
	if (do_list_queue == 0) { 
391
	if (do_list_queue == 0) { 
392
		d_printf("malloc fail for size %d\n",
392
		d_printf("malloc fail for size %d\n",
393
			 (int)do_list_queue_size);
393
			 (int)do_list_queue_size);
Lines 425-431 Link Here
425
		do_list_queue_size *= 2;
425
		do_list_queue_size *= 2;
426
		DEBUG(4,("enlarging do_list_queue to %d\n",
426
		DEBUG(4,("enlarging do_list_queue to %d\n",
427
			 (int)do_list_queue_size));
427
			 (int)do_list_queue_size));
428
		dlq = Realloc(do_list_queue, do_list_queue_size);
428
		dlq = SMB_REALLOC(do_list_queue, do_list_queue_size);
429
		if (! dlq) {
429
		if (! dlq) {
430
			d_printf("failure enlarging do_list_queue to %d bytes\n",
430
			d_printf("failure enlarging do_list_queue to %d bytes\n",
431
				 (int)do_list_queue_size);
431
				 (int)do_list_queue_size);
Lines 704-710 Link Here
704
	DEBUG(1,("getting file %s of size %.0f as %s ", 
704
	DEBUG(1,("getting file %s of size %.0f as %s ", 
705
		 rname, (double)size, lname));
705
		 rname, (double)size, lname));
706
706
707
	if(!(data = (char *)malloc(read_size))) { 
707
	if(!(data = (char *)SMB_MALLOC(read_size))) { 
708
		d_printf("malloc fail for size %d\n", read_size);
708
		d_printf("malloc fail for size %d\n", read_size);
709
		cli_close(cli, fnum);
709
		cli_close(cli, fnum);
710
		return 1;
710
		return 1;
Lines 1112-1118 Link Here
1112
	DEBUG(1,("putting file %s as %s ",lname,
1112
	DEBUG(1,("putting file %s as %s ",lname,
1113
		 rname));
1113
		 rname));
1114
  
1114
  
1115
	buf = (char *)malloc(maxwrite);
1115
	buf = (char *)SMB_MALLOC(maxwrite);
1116
	if (!buf) {
1116
	if (!buf) {
1117
		d_printf("ERROR: Not enough memory!\n");
1117
		d_printf("ERROR: Not enough memory!\n");
1118
		return 1;
1118
		return 1;
Lines 1325-1331 Link Here
1325
					return -1;
1325
					return -1;
1326
				}
1326
				}
1327
			}
1327
			}
1328
			entry = (struct file_list *) malloc(sizeof (struct file_list));
1328
			entry = SMB_MALLOC_P(struct file_list);
1329
			if (!entry) {
1329
			if (!entry) {
1330
				d_printf("Out of memory in file_find\n");
1330
				d_printf("Out of memory in file_find\n");
1331
				closedir(dir);
1331
				closedir(dir);
Lines 2521-2527 Link Here
2521
2521
2522
	if ((info->count < MAX_COMPLETIONS - 1) && (strncmp(info->text, f->name, info->len) == 0) && (strcmp(f->name, ".") != 0) && (strcmp(f->name, "..") != 0)) {
2522
	if ((info->count < MAX_COMPLETIONS - 1) && (strncmp(info->text, f->name, info->len) == 0) && (strcmp(f->name, ".") != 0) && (strcmp(f->name, "..") != 0)) {
2523
		if ((info->dirmask[0] == 0) && !(f->mode & aDIR))
2523
		if ((info->dirmask[0] == 0) && !(f->mode & aDIR))
2524
			info->matches[info->count] = strdup(f->name);
2524
			info->matches[info->count] = SMB_STRDUP(f->name);
2525
		else {
2525
		else {
2526
			pstring tmp;
2526
			pstring tmp;
2527
2527
Lines 2532-2538 Link Here
2532
			pstrcat(tmp, f->name);
2532
			pstrcat(tmp, f->name);
2533
			if (f->mode & aDIR)
2533
			if (f->mode & aDIR)
2534
				pstrcat(tmp, "/");
2534
				pstrcat(tmp, "/");
2535
			info->matches[info->count] = strdup(tmp);
2535
			info->matches[info->count] = SMB_STRDUP(tmp);
2536
		}
2536
		}
2537
		if (info->matches[info->count] == NULL)
2537
		if (info->matches[info->count] == NULL)
2538
			return;
2538
			return;
Lines 2563-2569 Link Here
2563
	if (len >= PATH_MAX)
2563
	if (len >= PATH_MAX)
2564
		return(NULL);
2564
		return(NULL);
2565
2565
2566
	info.matches = (char **)malloc(sizeof(info.matches[0])*MAX_COMPLETIONS);
2566
	info.matches = SMB_MALLOC_ARRAY(char *,MAX_COMPLETIONS);
2567
	if (!info.matches) return NULL;
2567
	if (!info.matches) return NULL;
2568
	info.matches[0] = NULL;
2568
	info.matches[0] = NULL;
2569
2569
Lines 2584-2592 Link Here
2584
		goto cleanup;
2584
		goto cleanup;
2585
2585
2586
	if (info.count == 2)
2586
	if (info.count == 2)
2587
		info.matches[0] = strdup(info.matches[1]);
2587
		info.matches[0] = SMB_STRDUP(info.matches[1]);
2588
	else {
2588
	else {
2589
		info.matches[0] = malloc(info.samelen+1);
2589
		info.matches[0] = SMB_MALLOC(info.samelen+1);
2590
		if (!info.matches[0])
2590
		if (!info.matches[0])
2591
			goto cleanup;
2591
			goto cleanup;
2592
		strncpy(info.matches[0], info.matches[1], info.samelen);
2592
		strncpy(info.matches[0], info.matches[1], info.samelen);
Lines 2641-2654 Link Here
2641
		char **matches;
2641
		char **matches;
2642
		int i, len, samelen, count=1;
2642
		int i, len, samelen, count=1;
2643
2643
2644
		matches = (char **)malloc(sizeof(matches[0])*MAX_COMPLETIONS);
2644
		matches = SMB_MALLOC_ARRAY(char *, MAX_COMPLETIONS);
2645
		if (!matches) return NULL;
2645
		if (!matches) return NULL;
2646
		matches[0] = NULL;
2646
		matches[0] = NULL;
2647
2647
2648
		len = strlen(text);
2648
		len = strlen(text);
2649
		for (i=0;commands[i].fn && count < MAX_COMPLETIONS-1;i++) {
2649
		for (i=0;commands[i].fn && count < MAX_COMPLETIONS-1;i++) {
2650
			if (strncmp(text, commands[i].name, len) == 0) {
2650
			if (strncmp(text, commands[i].name, len) == 0) {
2651
				matches[count] = strdup(commands[i].name);
2651
				matches[count] = SMB_STRDUP(commands[i].name);
2652
				if (!matches[count])
2652
				if (!matches[count])
2653
					goto cleanup;
2653
					goto cleanup;
2654
				if (count == 1)
2654
				if (count == 1)
Lines 2665-2674 Link Here
2665
		case 1:
2665
		case 1:
2666
			goto cleanup;
2666
			goto cleanup;
2667
		case 2:
2667
		case 2:
2668
			matches[0] = strdup(matches[1]);
2668
			matches[0] = SMB_STRDUP(matches[1]);
2669
			break;
2669
			break;
2670
		default:
2670
		default:
2671
			matches[0] = malloc(samelen+1);
2671
			matches[0] = SMB_MALLOC(samelen+1);
2672
			if (!matches[0])
2672
			if (!matches[0])
2673
				goto cleanup;
2673
				goto cleanup;
2674
			strncpy(matches[0], matches[1], samelen);
2674
			strncpy(matches[0], matches[1], samelen);
(-)samba-3.0.9-orig/source/client/clitar.c (-11 / +11 lines)
Lines 146-152 Link Here
146
{
146
{
147
	char *tmp;
147
	char *tmp;
148
148
149
	tmp = (char *)malloc(size+1);
149
	tmp = (char *)SMB_MALLOC(size+1);
150
150
151
	if (tmp == NULL) {
151
	if (tmp == NULL) {
152
		DEBUG(0, ("Out of memory in string_create_s\n"));
152
		DEBUG(0, ("Out of memory in string_create_s\n"));
Lines 177-183 Link Here
177
	if (l+2 >= NAMSIZ) {
177
	if (l+2 >= NAMSIZ) {
178
		/* write a GNU tar style long header */
178
		/* write a GNU tar style long header */
179
		char *b;
179
		char *b;
180
		b = (char *)malloc(l+TBLOCK+100);
180
		b = (char *)SMB_MALLOC(l+TBLOCK+100);
181
		if (!b) {
181
		if (!b) {
182
			DEBUG(0,("out of memory\n"));
182
			DEBUG(0,("out of memory\n"));
183
			exit(1);
183
			exit(1);
Lines 385-391 Link Here
385
{
385
{
386
	/* initialize tar buffer */
386
	/* initialize tar buffer */
387
	tbufsiz=blocksize*TBLOCK;
387
	tbufsiz=blocksize*TBLOCK;
388
	tarbuf=malloc(tbufsiz);      /* FIXME: We might not get the buffer */
388
	tarbuf=SMB_MALLOC(tbufsiz);      /* FIXME: We might not get the buffer */
389
389
390
	/* reset tar buffer pointer and tar file counter and total dumped */
390
	/* reset tar buffer pointer and tar file counter and total dumped */
391
	tp=0; ntarf=0; ttarf=0;
391
	tp=0; ntarf=0; ttarf=0;
Lines 1059-1065 Link Here
1059
	/* finfo.size here is the length of the filename as written by the "/./@LongLink" name
1059
	/* finfo.size here is the length of the filename as written by the "/./@LongLink" name
1060
	 * header call. */
1060
	 * header call. */
1061
	int namesize = finfo.size + strlen(cur_dir) + 2;
1061
	int namesize = finfo.size + strlen(cur_dir) + 2;
1062
	char *longname = malloc(namesize);
1062
	char *longname = SMB_MALLOC(namesize);
1063
	int offset = 0, left = finfo.size;
1063
	int offset = 0, left = finfo.size;
1064
	BOOL first = True;
1064
	BOOL first = True;
1065
1065
Lines 1506-1512 Link Here
1506
	while ((! error) && (x_fgets(buf, sizeof(buf)-1, inclusion))) {
1506
	while ((! error) && (x_fgets(buf, sizeof(buf)-1, inclusion))) {
1507
		if (inclusion_buffer == NULL) {
1507
		if (inclusion_buffer == NULL) {
1508
			inclusion_buffer_size = 1024;
1508
			inclusion_buffer_size = 1024;
1509
			if ((inclusion_buffer = malloc(inclusion_buffer_size)) == NULL) {
1509
			if ((inclusion_buffer = SMB_MALLOC(inclusion_buffer_size)) == NULL) {
1510
				DEBUG(0,("failure allocating buffer to read inclusion file\n"));
1510
				DEBUG(0,("failure allocating buffer to read inclusion file\n"));
1511
				error = 1;
1511
				error = 1;
1512
				break;
1512
				break;
Lines 1520-1526 Link Here
1520
		if ((strlen(buf) + 1 + inclusion_buffer_sofar) >= inclusion_buffer_size) {
1520
		if ((strlen(buf) + 1 + inclusion_buffer_sofar) >= inclusion_buffer_size) {
1521
			char *ib;
1521
			char *ib;
1522
			inclusion_buffer_size *= 2;
1522
			inclusion_buffer_size *= 2;
1523
			ib = Realloc(inclusion_buffer,inclusion_buffer_size);
1523
			ib = SMB_REALLOC(inclusion_buffer,inclusion_buffer_size);
1524
			if (! ib) {
1524
			if (! ib) {
1525
				DEBUG(0,("failure enlarging inclusion buffer to %d bytes\n",
1525
				DEBUG(0,("failure enlarging inclusion buffer to %d bytes\n",
1526
						inclusion_buffer_size));
1526
						inclusion_buffer_size));
Lines 1539-1545 Link Here
1539
1539
1540
	if (! error) {
1540
	if (! error) {
1541
		/* Allocate an array of clipn + 1 char*'s for cliplist */
1541
		/* Allocate an array of clipn + 1 char*'s for cliplist */
1542
		cliplist = malloc((clipn + 1) * sizeof(char *));
1542
		cliplist = SMB_MALLOC_ARRAY(char *, clipn + 1);
1543
		if (cliplist == NULL) {
1543
		if (cliplist == NULL) {
1544
			DEBUG(0,("failure allocating memory for cliplist\n"));
1544
			DEBUG(0,("failure allocating memory for cliplist\n"));
1545
			error = 1;
1545
			error = 1;
Lines 1550-1556 Link Here
1550
				/* set current item to NULL so array will be null-terminated even if
1550
				/* set current item to NULL so array will be null-terminated even if
1551
						* malloc fails below. */
1551
						* malloc fails below. */
1552
				cliplist[i] = NULL;
1552
				cliplist[i] = NULL;
1553
				if ((tmpstr = (char *)malloc(strlen(p)+1)) == NULL) {
1553
				if ((tmpstr = (char *)SMB_MALLOC(strlen(p)+1)) == NULL) {
1554
					DEBUG(0, ("Could not allocate space for a cliplist item, # %i\n", i));
1554
					DEBUG(0, ("Could not allocate space for a cliplist item, # %i\n", i));
1555
					error = 1;
1555
					error = 1;
1556
				} else {
1556
				} else {
Lines 1720-1726 Link Here
1720
		clipn=argc-Optind-1;
1720
		clipn=argc-Optind-1;
1721
		clipcount = clipn;
1721
		clipcount = clipn;
1722
1722
1723
		if ((tmplist=malloc(clipn*sizeof(char *))) == NULL) {
1723
		if ((tmplist=SMB_MALLOC_ARRAY(char *,clipn)) == NULL) {
1724
			DEBUG(0, ("Could not allocate space to process cliplist, count = %i\n", clipn));
1724
			DEBUG(0, ("Could not allocate space to process cliplist, count = %i\n", clipn));
1725
			return 0;
1725
			return 0;
1726
		}
1726
		}
Lines 1729-1735 Link Here
1729
1729
1730
			DEBUG(5, ("Processing an item, %s\n", cliplist[clipcount]));
1730
			DEBUG(5, ("Processing an item, %s\n", cliplist[clipcount]));
1731
1731
1732
			if ((tmpstr = (char *)malloc(strlen(cliplist[clipcount])+1)) == NULL) {
1732
			if ((tmpstr = (char *)SMB_MALLOC(strlen(cliplist[clipcount])+1)) == NULL) {
1733
				DEBUG(0, ("Could not allocate space for a cliplist item, # %i\n", clipcount));
1733
				DEBUG(0, ("Could not allocate space for a cliplist item, # %i\n", clipcount));
1734
				return 0;
1734
				return 0;
1735
			}
1735
			}
Lines 1751-1757 Link Here
1751
#ifdef HAVE_REGEX_H
1751
#ifdef HAVE_REGEX_H
1752
		int errcode;
1752
		int errcode;
1753
1753
1754
		if ((preg = (regex_t *)malloc(65536)) == NULL) {
1754
		if ((preg = (regex_t *)SMB_MALLOC(65536)) == NULL) {
1755
1755
1756
			DEBUG(0, ("Could not allocate buffer for regular expression search\n"));
1756
			DEBUG(0, ("Could not allocate buffer for regular expression search\n"));
1757
			return;
1757
			return;
(-)samba-3.0.9-orig/source/groupdb/mapping.c (-4 / +4 lines)
Lines 469-475 Link Here
469
		decode_sid_name_use(group_type, map.sid_name_use);
469
		decode_sid_name_use(group_type, map.sid_name_use);
470
		DEBUG(11,("enum_group_mapping: returning group %s of type %s\n", map.nt_name ,group_type));
470
		DEBUG(11,("enum_group_mapping: returning group %s of type %s\n", map.nt_name ,group_type));
471
471
472
		mapt=(GROUP_MAP *)Realloc((*rmap), (entries+1)*sizeof(GROUP_MAP));
472
		mapt= SMB_REALLOC_ARRAY((*rmap), GROUP_MAP, entries+1);
473
		if (!mapt) {
473
		if (!mapt) {
474
			DEBUG(0,("enum_group_mapping: Unable to enlarge group map!\n"));
474
			DEBUG(0,("enum_group_mapping: Unable to enlarge group map!\n"));
475
			SAFE_FREE(*rmap);
475
			SAFE_FREE(*rmap);
Lines 599-605 Link Here
599
		asprintf(&new_memberstring, "%s %s", (char *)(dbuf.dptr),
599
		asprintf(&new_memberstring, "%s %s", (char *)(dbuf.dptr),
600
			 string_sid);
600
			 string_sid);
601
	} else {
601
	} else {
602
		new_memberstring = strdup(string_sid);
602
		new_memberstring = SMB_STRDUP(string_sid);
603
	}
603
	}
604
604
605
	if (new_memberstring == NULL)
605
	if (new_memberstring == NULL)
Lines 739-745 Link Here
739
		return tdb_delete(tdb, kbuf) == 0 ?
739
		return tdb_delete(tdb, kbuf) == 0 ?
740
			NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL;
740
			NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL;
741
741
742
	member_string = strdup("");
742
	member_string = SMB_STRDUP("");
743
743
744
	if (member_string == NULL) {
744
	if (member_string == NULL) {
745
		SAFE_FREE(sids);
745
		SAFE_FREE(sids);
Lines 1278-1284 Link Here
1278
	if (*num_aliases > max_entries)
1278
	if (*num_aliases > max_entries)
1279
		*num_aliases = max_entries;
1279
		*num_aliases = max_entries;
1280
1280
1281
	*info = malloc(sizeof(struct acct_info) * (*num_aliases));
1281
	*info = SMB_MALLOC_ARRAY(struct acct_info, *num_aliases);
1282
1282
1283
	for (i=0; i<*num_aliases; i++) {
1283
	for (i=0; i<*num_aliases; i++) {
1284
		fstrcpy((*info)[i].acct_name, map[i+start_idx].nt_name);
1284
		fstrcpy((*info)[i].acct_name, map[i+start_idx].nt_name);
(-)samba-3.0.9-orig/source/include/smb.h (-4 / +1 lines)
Lines 53-61 Link Here
53
#define _BOOL       /* So we don't typedef BOOL again in vfs.h */
53
#define _BOOL       /* So we don't typedef BOOL again in vfs.h */
54
#endif
54
#endif
55
55
56
/* limiting size of ipc replies */
57
#define REALLOC(ptr,size) Realloc(ptr,MAX((size),4*1024))
58
59
#define SIZEOFWORD 2
56
#define SIZEOFWORD 2
60
57
61
#ifndef DEF_CREATE_MASK
58
#ifndef DEF_CREATE_MASK
Lines 1656-1662 Link Here
1656
#define SAFE_NETBIOS_CHARS ". -_"
1653
#define SAFE_NETBIOS_CHARS ". -_"
1657
1654
1658
/* generic iconv conversion structure */
1655
/* generic iconv conversion structure */
1659
typedef struct {
1656
typedef struct _smb_iconv_t {
1660
	size_t (*direct)(void *cd, const char **inbuf, size_t *inbytesleft,
1657
	size_t (*direct)(void *cd, const char **inbuf, size_t *inbytesleft,
1661
			 char **outbuf, size_t *outbytesleft);
1658
			 char **outbuf, size_t *outbytesleft);
1662
	size_t (*pull)(void *cd, const char **inbuf, size_t *inbytesleft,
1659
	size_t (*pull)(void *cd, const char **inbuf, size_t *inbytesleft,
(-)samba-3.0.9-orig/source/include/smb_macros.h (+88 lines)
Lines 261-264 Link Here
261
261
262
#define IS_DC  (lp_server_role()==ROLE_DOMAIN_PDC || lp_server_role()==ROLE_DOMAIN_BDC) 
262
#define IS_DC  (lp_server_role()==ROLE_DOMAIN_PDC || lp_server_role()==ROLE_DOMAIN_BDC) 
263
263
264
/*****************************************************************************
265
 Safe allocation macros.
266
*****************************************************************************/
267
268
#define SMB_MALLOC_ARRAY(type,count) (type *)malloc_array(sizeof(type),(count))
269
#define SMB_REALLOC(p,s) Realloc((p),(s))
270
#define SMB_REALLOC_ARRAY(p,type,count) (type *)realloc_array((p),sizeof(type),(count))
271
#define SMB_CALLOC_ARRAY(type,count) (type *)calloc_array(sizeof(type),(count))
272
#define SMB_XMALLOC_P(type) (type *)smb_xmalloc_array(sizeof(type),1)
273
#define SMB_XMALLOC_ARRAY(type,count) (type *)smb_xmalloc_array(sizeof(type),(count))
274
275
/* limiting size of ipc replies */
276
#define SMB_REALLOC_LIMIT(ptr,size) SMB_REALLOC(ptr,MAX((size),4*1024))
277
278
/* #define PARANOID_MALLOC_CHECKER 1 */
279
280
#if defined(PARANOID_MALLOC_CHECKER)
281
282
#define TALLOC(ctx, size) talloc_((ctx),(size))
283
#define TALLOC_P(ctx, type) (type *)talloc_((ctx),sizeof(type))
284
#define TALLOC_ARRAY(ctx, type, count) (type *)talloc_array_((ctx),sizeof(type),(count))
285
#define TALLOC_MEMDUP(ctx, ptr, size) talloc_memdup_((ctx),(ptr),(size))
286
#define TALLOC_ZERO(ctx, size) talloc_zero_((ctx),(size))
287
#define TALLOC_ZERO_P(ctx, type) (type *)talloc_zero_((ctx),sizeof(type))
288
#define TALLOC_ZERO_ARRAY(ctx, type, count) (type *)talloc_zero_array_((ctx),sizeof(type),(count))
289
#define TALLOC_REALLOC(ctx, ptr, count) talloc_realloc_((ctx),(ptr),(count))
290
#define TALLOC_REALLOC_ARRAY(ctx, ptr, type, count) (type *)talloc_realloc_array_((ctx),(ptr),sizeof(type),(count))
291
292
#define PRS_ALLOC_MEM(ps, type, count) (type *)prs_alloc_mem_((ps),sizeof(type),(count))
293
294
/* Get medieval on our ass about malloc.... */
295
296
/* Restrictions on malloc/realloc/calloc. */
297
#ifdef malloc
298
#undef malloc
299
#endif
300
#define malloc(s) __ERROR_DONT_USE_MALLOC_DIRECTLY
301
302
#ifdef realloc
303
#undef realloc
304
#endif
305
#define realloc(p,s) __ERROR_DONT_USE_REALLOC_DIRECTLY
306
307
#ifdef calloc
308
#undef calloc
309
#endif
310
#define calloc(n,s) __ERROR_DONT_USE_CALLOC_DIRECTLY
311
312
#ifdef strndup
313
#undef strndup
314
#endif
315
#define strndup(s,n) __ERROR_DONT_USE_STRNDUP_DIRECTLY
316
317
#ifdef strdup
318
#undef strdup
319
#endif
320
#define strdup(s) __ERROR_DONT_USE_STRDUP_DIRECTLY
321
322
#define SMB_MALLOC(s) malloc_(s)
323
#define SMB_MALLOC_P(type) (type *)malloc_(sizeof(type))
324
325
#define SMB_STRDUP(s) smb_xstrdup(s)
326
#define SMB_STRNDUP(s,n) smb_xstrndup(s,n)
327
328
#else
329
330
#define TALLOC(ctx, size) talloc((ctx),(size))
331
#define TALLOC_P(ctx, type) (type *)talloc((ctx),sizeof(type))
332
#define TALLOC_ARRAY(ctx, type, count) (type *)talloc_array((ctx),sizeof(type),(count))
333
#define TALLOC_MEMDUP(ctx, ptr, size) talloc_memdup((ctx),(ptr),(size))
334
#define TALLOC_ZERO(ctx, size) talloc_zero((ctx),(size))
335
#define TALLOC_ZERO_P(ctx, type) (type *)talloc_zero((ctx),sizeof(type))
336
#define TALLOC_ZERO_ARRAY(ctx, type, count) (type *)talloc_zero_array((ctx),sizeof(type),(count))
337
#define TALLOC_REALLOC(ctx, ptr, count) talloc_realloc((ctx),(ptr),(count))
338
#define TALLOC_REALLOC_ARRAY(ctx, ptr, type, count) (type *)talloc_realloc_array((ctx),(ptr),sizeof(type),(count))
339
340
#define PRS_ALLOC_MEM(ps, type, count) (type *)prs_alloc_mem((ps),sizeof(type),(count))
341
342
/* Regular malloc code. */
343
344
#define SMB_MALLOC(s) malloc(s)
345
#define SMB_MALLOC_P(type) (type *)malloc(sizeof(type))
346
347
#define SMB_STRDUP(s) strdup(s)
348
#define SMB_STRNDUP(s,n) strndup(s,n)
349
350
#endif
351
264
#endif /* _SMB_MACROS_H */
352
#endif /* _SMB_MACROS_H */
(-)samba-3.0.9-orig/source/intl/lang_tdb.c (-4 / +4 lines)
Lines 148-154 Link Here
148
				   strerror(errno)));
148
				   strerror(errno)));
149
			goto done;
149
			goto done;
150
		}
150
		}
151
		current_lang = strdup(lang);
151
		current_lang = SMB_STRDUP(lang);
152
		result = True;
152
		result = True;
153
		goto done;
153
		goto done;
154
	}
154
	}
Lines 160-166 Link Here
160
		tdb_store_int32(tdb, "/LOADTIME/", (int)time(NULL));
160
		tdb_store_int32(tdb, "/LOADTIME/", (int)time(NULL));
161
	}
161
	}
162
162
163
	current_lang = strdup(lang);
163
	current_lang = SMB_STRDUP(lang);
164
	result = True;
164
	result = True;
165
165
166
 done:
166
 done:
Lines 194-200 Link Here
194
			count++;
194
			count++;
195
	}
195
	}
196
196
197
	if (!(msgid_quoted = malloc(strlen(msgid) + count + 1)))
197
	if (!(msgid_quoted = SMB_MALLOC(strlen(msgid) + count + 1)))
198
		return msgid;
198
		return msgid;
199
199
200
	/* string_sub() is unsuitable here as it replaces some punctuation
200
	/* string_sub() is unsuitable here as it replaces some punctuation
Lines 221-227 Link Here
221
	/* if the message isn't found then we still need to return a pointer
221
	/* if the message isn't found then we still need to return a pointer
222
	   that can be freed. Pity. */
222
	   that can be freed. Pity. */
223
	if (!data.dptr)
223
	if (!data.dptr)
224
		return strdup(msgid);
224
		return SMB_STRDUP(msgid);
225
225
226
	return (const char *)data.dptr;
226
	return (const char *)data.dptr;
227
}
227
}
(-)samba-3.0.9-orig/source/lib/access.c (-1 / +1 lines)
Lines 86-92 Link Here
86
			DEBUG(0,("Unable to get default yp domain.\n"));
86
			DEBUG(0,("Unable to get default yp domain.\n"));
87
			return False;
87
			return False;
88
		}
88
		}
89
		if (!(hostname = strdup(s))) {
89
		if (!(hostname = SMB_STRDUP(s))) {
90
			DEBUG(1,("out of memory for strdup!\n"));
90
			DEBUG(1,("out of memory for strdup!\n"));
91
			return False;
91
			return False;
92
		}
92
		}
(-)samba-3.0.9-orig/source/lib/account_pol.c (-1 / +1 lines)
Lines 88-94 Link Here
88
		len += strlen(account_policy_names[i].string) + 1;
88
		len += strlen(account_policy_names[i].string) + 1;
89
	}
89
	}
90
	len++;
90
	len++;
91
	nl = malloc(len);
91
	nl = SMB_MALLOC(len);
92
	if (!nl) {
92
	if (!nl) {
93
		return NULL;
93
		return NULL;
94
	}
94
	}
(-)samba-3.0.9-orig/source/lib/adt_tree.c (-8 / +8 lines)
Lines 59-65 Link Here
59
{
59
{
60
	SORTED_TREE *tree = NULL;
60
	SORTED_TREE *tree = NULL;
61
	
61
	
62
	if ( !(tree = (SORTED_TREE*)malloc( sizeof(SORTED_TREE) )) )
62
	if ( !(tree = SMB_MALLOC_P(SORTED_TREE)) )
63
		return NULL;
63
		return NULL;
64
		
64
		
65
	ZERO_STRUCTP( tree );
65
	ZERO_STRUCTP( tree );
Lines 67-73 Link Here
67
	tree->compare = cmp_fn;
67
	tree->compare = cmp_fn;
68
	tree->free_func    = free_fn;
68
	tree->free_func    = free_fn;
69
	
69
	
70
	if ( !(tree->root = (TREE_NODE*)malloc( sizeof(TREE_NODE) )) ) {
70
	if ( !(tree->root = SMB_MALLOC_P(TREE_NODE)) ) {
71
		SAFE_FREE( tree );
71
		SAFE_FREE( tree );
72
		return NULL;
72
		return NULL;
73
	}
73
	}
Lines 126-140 Link Here
126
	TREE_NODE **siblings;
126
	TREE_NODE **siblings;
127
	int i;
127
	int i;
128
	
128
	
129
	if ( !(infant = (TREE_NODE*)malloc( sizeof(TREE_NODE) )) )
129
	if ( !(infant = SMB_MALLOC_P(TREE_NODE)) )
130
		return NULL;
130
		return NULL;
131
	
131
	
132
	ZERO_STRUCTP( infant );
132
	ZERO_STRUCTP( infant );
133
		
133
		
134
	infant->key = strdup( key );
134
	infant->key = SMB_STRDUP( key );
135
	infant->parent = node;
135
	infant->parent = node;
136
	
136
	
137
	siblings = Realloc( node->children, sizeof(TREE_NODE*)*(node->num_children+1) );
137
	siblings = SMB_REALLOC_ARRAY( node->children, TREE_NODE *, node->num_children+1 );
138
	
138
	
139
	if ( siblings )
139
	if ( siblings )
140
		node->children = siblings;
140
		node->children = siblings;
Lines 260-266 Link Here
260
	/* move past the first '/' */
260
	/* move past the first '/' */
261
	
261
	
262
	path++;	
262
	path++;	
263
	path2 = strdup( path );
263
	path2 = SMB_STRDUP( path );
264
	if ( !path2 ) {
264
	if ( !path2 ) {
265
		DEBUG(0,("sorted_tree_add: strdup() failed on string [%s]!?!?!\n", path));
265
		DEBUG(0,("sorted_tree_add: strdup() failed on string [%s]!?!?!\n", path));
266
		return False;
266
		return False;
Lines 405-413 Link Here
405
	/* make a copy to play with */
405
	/* make a copy to play with */
406
	
406
	
407
	if ( *key == '/' )
407
	if ( *key == '/' )
408
		keystr = strdup( key+1 );
408
		keystr = SMB_STRDUP( key+1 );
409
	else
409
	else
410
		keystr = strdup( key );
410
		keystr = SMB_STRDUP( key );
411
	
411
	
412
	if ( !keystr ) {
412
	if ( !keystr ) {
413
		DEBUG(0,("sorted_tree_find: strdup() failed on string [%s]!?!?!\n", key));
413
		DEBUG(0,("sorted_tree_find: strdup() failed on string [%s]!?!?!\n", key));
(-)samba-3.0.9-orig/source/lib/bitmap.c (-4 / +4 lines)
Lines 30-41 Link Here
30
{
30
{
31
	struct bitmap *bm;
31
	struct bitmap *bm;
32
32
33
	bm = (struct bitmap *)malloc(sizeof(*bm));
33
	bm = SMB_MALLOC_P(struct bitmap);
34
34
35
	if (!bm) return NULL;
35
	if (!bm) return NULL;
36
	
36
	
37
	bm->n = n;
37
	bm->n = n;
38
	bm->b = (uint32 *)malloc(sizeof(bm->b[0])*(n+31)/32);
38
	bm->b = SMB_MALLOC_ARRAY(uint32, (n+31)/32);
39
	if (!bm->b) {
39
	if (!bm->b) {
40
		SAFE_FREE(bm);
40
		SAFE_FREE(bm);
41
		return NULL;
41
		return NULL;
Lines 68-79 Link Here
68
68
69
	if (!mem_ctx) return NULL;
69
	if (!mem_ctx) return NULL;
70
70
71
	bm = (struct bitmap *)talloc(mem_ctx, sizeof(*bm));
71
	bm = TALLOC_P(mem_ctx, struct bitmap);
72
72
73
	if (!bm) return NULL;
73
	if (!bm) return NULL;
74
	
74
	
75
	bm->n = n;
75
	bm->n = n;
76
	bm->b = (uint32 *)talloc(mem_ctx, sizeof(bm->b[0])*(n+31)/32);
76
	bm->b = TALLOC_ARRAY(mem_ctx, uint32, (n+31)/32);
77
	if (!bm->b) {
77
	if (!bm->b) {
78
		return NULL;
78
		return NULL;
79
	}
79
	}
(-)samba-3.0.9-orig/source/lib/charcnv.c (-5 / +5 lines)
Lines 538-546 Link Here
538
	}
538
	}
539
539
540
	if (ctx)
540
	if (ctx)
541
		ob = (char *)talloc_realloc(ctx, ob, destlen);
541
		ob = (char *)TALLOC_REALLOC(ctx, ob, destlen);
542
	else
542
	else
543
		ob = (char *)Realloc(ob, destlen);
543
		ob = (char *)SMB_REALLOC(ob, destlen);
544
544
545
	if (!ob) {
545
	if (!ob) {
546
		DEBUG(0, ("convert_string_allocate: realloc failed!\n"));
546
		DEBUG(0, ("convert_string_allocate: realloc failed!\n"));
Lines 588-596 Link Here
588
588
589
	destlen = destlen - o_len;
589
	destlen = destlen - o_len;
590
	if (ctx)
590
	if (ctx)
591
		*dest = (char *)talloc_realloc(ctx,ob,destlen);
591
		*dest = (char *)TALLOC_REALLOC(ctx,ob,destlen);
592
	else
592
	else
593
		*dest = (char *)Realloc(ob,destlen);
593
		*dest = (char *)SMB_REALLOC(ob,destlen);
594
	if (destlen && !*dest) {
594
	if (destlen && !*dest) {
595
		DEBUG(0, ("convert_string_allocate: out of memory!\n"));
595
		DEBUG(0, ("convert_string_allocate: out of memory!\n"));
596
		if (!ctx)
596
		if (!ctx)
Lines 763-769 Link Here
763
		}
763
		}
764
	}
764
	}
765
765
766
	return strdup(out_buffer);
766
	return SMB_STRDUP(out_buffer);
767
}
767
}
768
768
769
size_t unix_strlower(const char *src, size_t srclen, char *dest, size_t destlen)
769
size_t unix_strlower(const char *src, size_t srclen, char *dest, size_t destlen)
(-)samba-3.0.9-orig/source/lib/data_blob.c (-3 / +3 lines)
Lines 47-53 Link Here
47
	if (p) {
47
	if (p) {
48
		ret.data = smb_xmemdup(p, length);
48
		ret.data = smb_xmemdup(p, length);
49
	} else {
49
	} else {
50
		ret.data = smb_xmalloc(length);
50
		ret.data = SMB_XMALLOC_ARRAY(char, length);
51
	}
51
	}
52
	ret.length = length;
52
	ret.length = length;
53
	ret.free = free_data_blob;
53
	ret.free = free_data_blob;
Lines 67-77 Link Here
67
	}
67
	}
68
68
69
	if (p) {
69
	if (p) {
70
		ret.data = talloc_memdup(mem_ctx, p, length);
70
		ret.data = TALLOC_MEMDUP(mem_ctx, p, length);
71
		if (ret.data == NULL)
71
		if (ret.data == NULL)
72
			smb_panic("data_blob_talloc: talloc_memdup failed.\n");
72
			smb_panic("data_blob_talloc: talloc_memdup failed.\n");
73
	} else {
73
	} else {
74
		ret.data = talloc(mem_ctx, length);
74
		ret.data = TALLOC(mem_ctx, length);
75
		if (ret.data == NULL)
75
		if (ret.data == NULL)
76
			smb_panic("data_blob_talloc: talloc failed.\n");
76
			smb_panic("data_blob_talloc: talloc failed.\n");
77
	}
77
	}
(-)samba-3.0.9-orig/source/lib/debug.c (-7 / +6 lines)
Lines 192-198 Link Here
192
	if (DEBUGLEVEL_CLASS == &debug_all_class_hack)
192
	if (DEBUGLEVEL_CLASS == &debug_all_class_hack)
193
		return NULL;
193
		return NULL;
194
194
195
	list = calloc(debug_num_classes + 1, sizeof(char *));
195
	list = SMB_CALLOC_ARRAY(char *, debug_num_classes + 1);
196
	if (!list)
196
	if (!list)
197
		return NULL;
197
		return NULL;
198
198
Lines 210-216 Link Here
210
	}
210
	}
211
211
212
	/* create single string list - add space for newline */
212
	/* create single string list - add space for newline */
213
	b = buf = malloc(dim+1);
213
	b = buf = SMB_MALLOC(dim+1);
214
	if (!buf) {
214
	if (!buf) {
215
		err = True;
215
		err = True;
216
		goto done;
216
		goto done;
Lines 292-298 Link Here
292
		/* Initial loading... */
292
		/* Initial loading... */
293
		new_ptr = NULL;
293
		new_ptr = NULL;
294
	}
294
	}
295
	new_ptr = Realloc(new_ptr, sizeof(int) * (debug_num_classes + 1));
295
	new_ptr = SMB_REALLOC_ARRAY(new_ptr, int, debug_num_classes + 1);
296
	if (!new_ptr)
296
	if (!new_ptr)
297
		return -1;
297
		return -1;
298
	DEBUGLEVEL_CLASS = new_ptr;
298
	DEBUGLEVEL_CLASS = new_ptr;
Lines 309-327 Link Here
309
	if (new_ptr == &debug_all_class_isset_hack) {
309
	if (new_ptr == &debug_all_class_isset_hack) {
310
		new_ptr = NULL;
310
		new_ptr = NULL;
311
	}
311
	}
312
	new_ptr = Realloc(new_ptr, sizeof(BOOL) * (debug_num_classes + 1));
312
	new_ptr = SMB_REALLOC_ARRAY(new_ptr, BOOL, debug_num_classes + 1);
313
	if (!new_ptr)
313
	if (!new_ptr)
314
		return -1;
314
		return -1;
315
	DEBUGLEVEL_CLASS_ISSET = new_ptr;
315
	DEBUGLEVEL_CLASS_ISSET = new_ptr;
316
	DEBUGLEVEL_CLASS_ISSET[ndx] = False;
316
	DEBUGLEVEL_CLASS_ISSET[ndx] = False;
317
317
318
	new_ptr = Realloc(classname_table,
318
	new_ptr = SMB_REALLOC_ARRAY(classname_table, char *, debug_num_classes + 1);
319
			  sizeof(char *) * (debug_num_classes + 1));
320
	if (!new_ptr)
319
	if (!new_ptr)
321
		return -1;
320
		return -1;
322
	classname_table = new_ptr;
321
	classname_table = new_ptr;
323
322
324
	classname_table[ndx] = strdup(classname);
323
	classname_table[ndx] = SMB_STRDUP(classname);
325
	if (! classname_table[ndx])
324
	if (! classname_table[ndx])
326
		return -1;
325
		return -1;
327
	
326
	
(-)samba-3.0.9-orig/source/lib/dprintf.c (-1 / +1 lines)
Lines 54-60 Link Here
54
	   charset, but beware of it growing */
54
	   charset, but beware of it growing */
55
	maxlen = ret*2;
55
	maxlen = ret*2;
56
again:
56
again:
57
	p2 = malloc(maxlen);
57
	p2 = SMB_MALLOC(maxlen);
58
	if (!p2) {
58
	if (!p2) {
59
		SAFE_FREE(p);
59
		SAFE_FREE(p);
60
		return -1;
60
		return -1;
(-)samba-3.0.9-orig/source/lib/gencache.c (-12 / +11 lines)
Lines 117-125 Link Here
117
	if (!valstr)
117
	if (!valstr)
118
		return False;
118
		return False;
119
119
120
	keybuf.dptr = strdup(keystr);
120
	keybuf.dptr = SMB_STRDUP(keystr);
121
	keybuf.dsize = strlen(keystr)+1;
121
	keybuf.dsize = strlen(keystr)+1;
122
	databuf.dptr = strdup(valstr);
122
	databuf.dptr = SMB_STRDUP(valstr);
123
	databuf.dsize = strlen(valstr)+1;
123
	databuf.dsize = strlen(valstr)+1;
124
	DEBUG(10, ("Adding cache entry with key = %s; value = %s and timeout ="
124
	DEBUG(10, ("Adding cache entry with key = %s; value = %s and timeout ="
125
	           " %s (%d seconds %s)\n", keybuf.dptr, value,ctime(&timeout),
125
	           " %s (%d seconds %s)\n", keybuf.dptr, value,ctime(&timeout),
Lines 170-178 Link Here
170
	           = %s\n", keystr, old_valstr, ctime(&old_timeout)));
170
	           = %s\n", keystr, old_valstr, ctime(&old_timeout)));
171
171
172
	asprintf(&datastr, CACHE_DATA_FMT, (int)timeout, valstr);
172
	asprintf(&datastr, CACHE_DATA_FMT, (int)timeout, valstr);
173
	keybuf.dptr = strdup(keystr);
173
	keybuf.dptr = SMB_STRDUP(keystr);
174
	keybuf.dsize = strlen(keystr)+1;
174
	keybuf.dsize = strlen(keystr)+1;
175
	databuf.dptr = strdup(datastr);
175
	databuf.dptr = SMB_STRDUP(datastr);
176
	databuf.dsize = strlen(datastr)+1;
176
	databuf.dsize = strlen(datastr)+1;
177
	DEBUGADD(10, ("New value = %s, new timeout = %s (%d seconds %s)", valstr,
177
	DEBUGADD(10, ("New value = %s, new timeout = %s (%d seconds %s)", valstr,
178
	              ctime(&timeout), (int)(timeout - time(NULL)),
178
	              ctime(&timeout), (int)(timeout - time(NULL)),
Lines 209-215 Link Here
209
209
210
	if (!gencache_init()) return False;	
210
	if (!gencache_init()) return False;	
211
	
211
	
212
	keybuf.dptr = strdup(keystr);
212
	keybuf.dptr = SMB_STRDUP(keystr);
213
	keybuf.dsize = strlen(keystr)+1;
213
	keybuf.dsize = strlen(keystr)+1;
214
	DEBUG(10, ("Deleting cache entry (key = %s)\n", keystr));
214
	DEBUG(10, ("Deleting cache entry (key = %s)\n", keystr));
215
	ret = tdb_delete(cache, keybuf);
215
	ret = tdb_delete(cache, keybuf);
Lines 242-259 Link Here
242
	if (!gencache_init())
242
	if (!gencache_init())
243
		return False;
243
		return False;
244
	
244
	
245
	keybuf.dptr = strdup(keystr);
245
	keybuf.dptr = SMB_STRDUP(keystr);
246
	keybuf.dsize = strlen(keystr)+1;
246
	keybuf.dsize = strlen(keystr)+1;
247
	databuf = tdb_fetch(cache, keybuf);
247
	databuf = tdb_fetch(cache, keybuf);
248
	SAFE_FREE(keybuf.dptr);
248
	SAFE_FREE(keybuf.dptr);
249
	
249
	
250
	if (databuf.dptr && databuf.dsize > TIMEOUT_LEN) {
250
	if (databuf.dptr && databuf.dsize > TIMEOUT_LEN) {
251
		char* entry_buf = strndup(databuf.dptr, databuf.dsize);
251
		char* entry_buf = SMB_STRNDUP(databuf.dptr, databuf.dsize);
252
		char *v;
252
		char *v;
253
		time_t t;
253
		time_t t;
254
254
255
		v = (char*)malloc(sizeof(char) * 
255
		v = SMB_MALLOC(databuf.dsize - TIMEOUT_LEN);
256
				  (databuf.dsize - TIMEOUT_LEN));
257
				
256
				
258
		SAFE_FREE(databuf.dptr);
257
		SAFE_FREE(databuf.dptr);
259
		sscanf(entry_buf, CACHE_DATA_FMT, (int*)&t, v);
258
		sscanf(entry_buf, CACHE_DATA_FMT, (int*)&t, v);
Lines 320-326 Link Here
320
	
319
	
321
	while (node) {
320
	while (node) {
322
		/* ensure null termination of the key string */
321
		/* ensure null termination of the key string */
323
		keystr = strndup(node->node_key.dptr, node->node_key.dsize);
322
		keystr = SMB_STRNDUP(node->node_key.dptr, node->node_key.dsize);
324
		
323
		
325
		/* 
324
		/* 
326
		 * We don't use gencache_get function, because we need to iterate through
325
		 * We don't use gencache_get function, because we need to iterate through
Lines 333-341 Link Here
333
			node = node->next;
332
			node = node->next;
334
			continue;
333
			continue;
335
		}
334
		}
336
		entry = strndup(databuf.dptr, databuf.dsize);
335
		entry = SMB_STRNDUP(databuf.dptr, databuf.dsize);
337
		SAFE_FREE(databuf.dptr);
336
		SAFE_FREE(databuf.dptr);
338
		valstr = (char*)malloc(sizeof(char) * (databuf.dsize - TIMEOUT_LEN));
337
		valstr = SMB_MALLOC(databuf.dsize - TIMEOUT_LEN);
339
		sscanf(entry, CACHE_DATA_FMT, (int*)(&timeout), valstr);
338
		sscanf(entry, CACHE_DATA_FMT, (int*)(&timeout), valstr);
340
		
339
		
341
		DEBUG(10, ("Calling function with arguments (key = %s, value = %s, timeout = %s)\n",
340
		DEBUG(10, ("Calling function with arguments (key = %s, value = %s, timeout = %s)\n",
(-)samba-3.0.9-orig/source/lib/iconv.c (-4 / +4 lines)
Lines 209-223 Link Here
209
	from = charsets;
209
	from = charsets;
210
	to = charsets;
210
	to = charsets;
211
211
212
	ret = (smb_iconv_t)malloc(sizeof(*ret));
212
	ret = SMB_MALLOC_P(struct _smb_iconv_t);
213
	if (!ret) {
213
	if (!ret) {
214
		errno = ENOMEM;
214
		errno = ENOMEM;
215
		return (smb_iconv_t)-1;
215
		return (smb_iconv_t)-1;
216
	}
216
	}
217
	memset(ret, 0, sizeof(*ret));
217
	memset(ret, 0, sizeof(struct _smb_iconv_t));
218
218
219
	ret->from_name = strdup(fromcode);
219
	ret->from_name = SMB_STRDUP(fromcode);
220
	ret->to_name = strdup(tocode);
220
	ret->to_name = SMB_STRDUP(tocode);
221
221
222
	/* check for the simplest null conversion */
222
	/* check for the simplest null conversion */
223
	if (strcasecmp(fromcode, tocode) == 0) {
223
	if (strcasecmp(fromcode, tocode) == 0) {
(-)samba-3.0.9-orig/source/lib/interface.c (-2 / +2 lines)
Lines 65-71 Link Here
65
		return;
65
		return;
66
	}
66
	}
67
67
68
	iface = (struct interface *)malloc(sizeof(*iface));
68
	iface = SMB_MALLOC_P(struct interface);
69
	if (!iface) return;
69
	if (!iface) return;
70
	
70
	
71
	ZERO_STRUCTPN(iface);
71
	ZERO_STRUCTPN(iface);
Lines 207-213 Link Here
207
207
208
	if (ptr) {
208
	if (ptr) {
209
		while (*ptr) {
209
		while (*ptr) {
210
			char *ptr_cpy = strdup(*ptr);
210
			char *ptr_cpy = SMB_STRDUP(*ptr);
211
			if (ptr_cpy) {
211
			if (ptr_cpy) {
212
				interpret_interface(ptr_cpy);
212
				interpret_interface(ptr_cpy);
213
				free(ptr_cpy);
213
				free(ptr_cpy);
(-)samba-3.0.9-orig/source/lib/ldap_escape.c (-2 / +2 lines)
Lines 36-42 Link Here
36
char *escape_ldap_string_alloc(const char *s)
36
char *escape_ldap_string_alloc(const char *s)
37
{
37
{
38
	size_t len = strlen(s)+1;
38
	size_t len = strlen(s)+1;
39
	char *output = malloc(len);
39
	char *output = SMB_MALLOC(len);
40
	char *output_tmp;
40
	char *output_tmp;
41
	const char *sub;
41
	const char *sub;
42
	int i = 0;
42
	int i = 0;
Lines 65-71 Link Here
65
		
65
		
66
		if (sub) {
66
		if (sub) {
67
			len = len + 3;
67
			len = len + 3;
68
			output_tmp = realloc(output, len);
68
			output_tmp = SMB_REALLOC(output, len);
69
			if (!output_tmp) { 
69
			if (!output_tmp) { 
70
				SAFE_FREE(output);
70
				SAFE_FREE(output);
71
				return NULL;
71
				return NULL;
(-)samba-3.0.9-orig/source/lib/messages.c (-2 / +2 lines)
Lines 190-196 Link Here
190
190
191
	kbuf = message_key_pid(pid);
191
	kbuf = message_key_pid(pid);
192
192
193
	dbuf.dptr = (void *)malloc(len + sizeof(rec));
193
	dbuf.dptr = (void *)SMB_MALLOC(len + sizeof(rec));
194
	if (!dbuf.dptr)
194
	if (!dbuf.dptr)
195
		return False;
195
		return False;
196
196
Lines 468-474 Link Here
468
{
468
{
469
	struct dispatch_fns *dfn;
469
	struct dispatch_fns *dfn;
470
470
471
	dfn = (struct dispatch_fns *)malloc(sizeof(*dfn));
471
	dfn = SMB_MALLOC_P(struct dispatch_fns);
472
472
473
	if (dfn != NULL) {
473
	if (dfn != NULL) {
474
474
(-)samba-3.0.9-orig/source/lib/module.c (-2 / +2 lines)
Lines 172-178 Link Here
172
		return SMB_EVENT_ID_INVALID;
172
		return SMB_EVENT_ID_INVALID;
173
	}
173
	}
174
174
175
	event = (struct smb_idle_list_ent *)malloc(sizeof(struct smb_idle_list_ent));
175
	event = SMB_MALLOC_P(struct smb_idle_list_ent);
176
	if (!event) {
176
	if (!event) {
177
		DEBUG(0,("malloc() failed!\n"));
177
		DEBUG(0,("malloc() failed!\n"));
178
		return SMB_EVENT_ID_INVALID;
178
		return SMB_EVENT_ID_INVALID;
Lines 254-260 Link Here
254
		return SMB_EVENT_ID_INVALID;
254
		return SMB_EVENT_ID_INVALID;
255
	}
255
	}
256
256
257
	event = (struct smb_exit_list_ent *)malloc(sizeof(struct smb_exit_list_ent));
257
	event = SMB_MALLOC_P(struct smb_exit_list_ent);
258
	if (!event) {
258
	if (!event) {
259
		DEBUG(0,("malloc() failed!\n"));
259
		DEBUG(0,("malloc() failed!\n"));
260
		return SMB_EVENT_ID_INVALID;
260
		return SMB_EVENT_ID_INVALID;
(-)samba-3.0.9-orig/source/lib/ms_fnmatch.c (-1 / +1 lines)
Lines 195-201 Link Here
195
	}
195
	}
196
196
197
	if (count != 0) {
197
	if (count != 0) {
198
		max_n = calloc(sizeof(struct max_n), count);
198
		max_n = SMB_CALLOC_ARRAY(struct max_n, count);
199
		if (!max_n) {
199
		if (!max_n) {
200
			return -1;
200
			return -1;
201
		}
201
		}
(-)samba-3.0.9-orig/source/lib/privileges.c (-6 / +6 lines)
Lines 75-81 Link Here
75
	if ( !old_la )
75
	if ( !old_la )
76
		return NT_STATUS_OK;
76
		return NT_STATUS_OK;
77
77
78
	*new_la = (LUID_ATTR *)talloc(mem_ctx, sizeof(LUID_ATTR));
78
	*new_la = TALLOC_P(mem_ctx, LUID_ATTR);
79
	ALLOC_CHECK(new_la, ret, done, "dupalloc_luid_attr");
79
	ALLOC_CHECK(new_la, ret, done, "dupalloc_luid_attr");
80
80
81
	(*new_la)->luid.high = old_la->luid.high;
81
	(*new_la)->luid.high = old_la->luid.high;
Lines 97-103 Link Here
97
	TALLOC_CTX *mem_ctx = talloc_init("privilege set");
97
	TALLOC_CTX *mem_ctx = talloc_init("privilege set");
98
	ALLOC_CHECK(mem_ctx, ret, done, "init_privilege");
98
	ALLOC_CHECK(mem_ctx, ret, done, "init_privilege");
99
99
100
	*priv_set = talloc_zero(mem_ctx, sizeof(PRIVILEGE_SET));
100
	*priv_set = TALLOC_ZERO_P(mem_ctx, PRIVILEGE_SET);
101
	ALLOC_CHECK(*priv_set, ret, done, "init_privilege");
101
	ALLOC_CHECK(*priv_set, ret, done, "init_privilege");
102
102
103
	(*priv_set)->mem_ctx = mem_ctx;
103
	(*priv_set)->mem_ctx = mem_ctx;
Lines 112-118 Link Here
112
{
112
{
113
	NTSTATUS ret;
113
	NTSTATUS ret;
114
114
115
	*priv_set = talloc_zero(mem_ctx, sizeof(PRIVILEGE_SET));
115
	*priv_set = TALLOC_ZERO_P(mem_ctx, PRIVILEGE_SET);
116
	ALLOC_CHECK(*priv_set, ret, done, "init_privilege");
116
	ALLOC_CHECK(*priv_set, ret, done, "init_privilege");
117
117
118
	(*priv_set)->mem_ctx = mem_ctx;
118
	(*priv_set)->mem_ctx = mem_ctx;
Lines 154-160 Link Here
154
154
155
	/* we can allocate memory to add the new privilege */
155
	/* we can allocate memory to add the new privilege */
156
156
157
	new_set = (LUID_ATTR *)talloc_realloc(priv_set->mem_ctx, priv_set->set, (priv_set->count + 1) * (sizeof(LUID_ATTR)));
157
	new_set = TALLOC_REALLOC_ARRAY(priv_set->mem_ctx, priv_set->set, LUID_ATTR, priv_set->count + 1);
158
	ALLOC_CHECK(new_set, ret, done, "add_privilege");
158
	ALLOC_CHECK(new_set, ret, done, "add_privilege");
159
159
160
	new_set[priv_set->count].luid.high = set.luid.high;
160
	new_set[priv_set->count].luid.high = set.luid.high;
Lines 269-275 Link Here
269
269
270
	old_set = priv_set->set;
270
	old_set = priv_set->set;
271
271
272
	new_set = (LUID_ATTR *)talloc(priv_set->mem_ctx, (priv_set->count - 1) * (sizeof(LUID_ATTR)));
272
	new_set = TALLOC_ARRAY(priv_set->mem_ctx, LUID_ATTR, priv_set->count - 1);
273
	ALLOC_CHECK(new_set, ret, done, "remove_privilege");
273
	ALLOC_CHECK(new_set, ret, done, "remove_privilege");
274
274
275
	for (i=0, j=0; i < priv_set->count; i++) {
275
	for (i=0, j=0; i < priv_set->count; i++) {
Lines 329-335 Link Here
329
329
330
	old_set = priv_set->set;
330
	old_set = priv_set->set;
331
331
332
	new_set = (LUID_ATTR *)talloc(new_priv_set->mem_ctx, (priv_set->count - 1) * (sizeof(LUID_ATTR)));
332
	new_set = TALLOC_ARRAY(new_priv_set->mem_ctx, LUID_ATTR, priv_set->count - 1);
333
	ALLOC_CHECK(new_set, ret, done, "dup_priv_set");
333
	ALLOC_CHECK(new_set, ret, done, "dup_priv_set");
334
334
335
	for (i=0; i < priv_set->count; i++) {
335
	for (i=0; i < priv_set->count; i++) {
(-)samba-3.0.9-orig/source/lib/secace.c (-2 / +2 lines)
Lines 80-86 Link Here
80
80
81
	*num += 1;
81
	*num += 1;
82
	
82
	
83
	if((new[0] = (SEC_ACE *) talloc_zero(ctx, (*num) * sizeof(SEC_ACE))) == 0)
83
	if((new[0] = TALLOC_ZERO_ARRAY(ctx, SEC_ACE, *num )) == 0)
84
		return NT_STATUS_NO_MEMORY;
84
		return NT_STATUS_NO_MEMORY;
85
85
86
	for (i = 0; i < *num - 1; i ++)
86
	for (i = 0; i < *num - 1; i ++)
Lines 124-130 Link Here
124
124
125
	if (!ctx || !new || !old || !sid || !num)  return NT_STATUS_INVALID_PARAMETER;
125
	if (!ctx || !new || !old || !sid || !num)  return NT_STATUS_INVALID_PARAMETER;
126
126
127
	if((new[0] = (SEC_ACE *) talloc_zero(ctx, (*num) * sizeof(SEC_ACE))) == 0)
127
	if((new[0] = TALLOC_ZERO_ARRAY(ctx, SEC_ACE, *num )) == 0)
128
		return NT_STATUS_NO_MEMORY;
128
		return NT_STATUS_NO_MEMORY;
129
129
130
	for (i = 0; i < *num; i ++) {
130
	for (i = 0; i < *num; i ++) {
(-)samba-3.0.9-orig/source/lib/secacl.c (-2 / +2 lines)
Lines 32-38 Link Here
32
	SEC_ACL *dst;
32
	SEC_ACL *dst;
33
	int i;
33
	int i;
34
34
35
	if((dst = (SEC_ACL *)talloc_zero(ctx,sizeof(SEC_ACL))) == NULL)
35
	if((dst = TALLOC_ZERO_P(ctx,SEC_ACL)) == NULL)
36
		return NULL;
36
		return NULL;
37
37
38
	dst->revision = revision;
38
	dst->revision = revision;
Lines 46-52 Link Here
46
	   positive number. */
46
	   positive number. */
47
47
48
	if ((num_aces) && 
48
	if ((num_aces) && 
49
            ((dst->ace = (SEC_ACE *)talloc(ctx, sizeof(SEC_ACE) * num_aces)) 
49
            ((dst->ace = TALLOC_ARRAY(ctx, SEC_ACE, num_aces)) 
50
             == NULL)) {
50
             == NULL)) {
51
		return NULL;
51
		return NULL;
52
	}
52
	}
(-)samba-3.0.9-orig/source/lib/secdesc.c (-3 / +3 lines)
Lines 187-193 Link Here
187
187
188
	*sd_size = 0;
188
	*sd_size = 0;
189
189
190
	if(( dst = (SEC_DESC *)talloc_zero(ctx, sizeof(SEC_DESC))) == NULL)
190
	if(( dst = TALLOC_ZERO_P(ctx, SEC_DESC)) == NULL)
191
		return NULL;
191
		return NULL;
192
192
193
	dst->revision = revision;
193
	dst->revision = revision;
Lines 284-290 Link Here
284
{
284
{
285
	SEC_DESC_BUF *dst;
285
	SEC_DESC_BUF *dst;
286
286
287
	if((dst = (SEC_DESC_BUF *)talloc_zero(ctx, sizeof(SEC_DESC_BUF))) == NULL)
287
	if((dst = TALLOC_ZERO_P(ctx, SEC_DESC_BUF)) == NULL)
288
		return NULL;
288
		return NULL;
289
289
290
	/* max buffer size (allocated size) */
290
	/* max buffer size (allocated size) */
Lines 417-423 Link Here
417
417
418
	the_acl = parent_ctr->dacl;
418
	the_acl = parent_ctr->dacl;
419
419
420
	if (!(new_ace_list = talloc(ctx, sizeof(SEC_ACE) * the_acl->num_aces))) 
420
	if (!(new_ace_list = TALLOC_ARRAY(ctx, SEC_ACE, the_acl->num_aces))) 
421
		return NULL;
421
		return NULL;
422
422
423
	for (i = 0; the_acl && i < the_acl->num_aces; i++) {
423
	for (i = 0; the_acl && i < the_acl->num_aces; i++) {
(-)samba-3.0.9-orig/source/lib/server_mutex.c (-1 / +1 lines)
Lines 33-39 Link Here
33
33
34
BOOL grab_server_mutex(const char *name)
34
BOOL grab_server_mutex(const char *name)
35
{
35
{
36
	mutex_server_name = strdup(name);
36
	mutex_server_name = SMB_STRDUP(name);
37
	if (!mutex_server_name) {
37
	if (!mutex_server_name) {
38
		DEBUG(0,("grab_server_mutex: malloc failed for %s\n", name));
38
		DEBUG(0,("grab_server_mutex: malloc failed for %s\n", name));
39
		return False;
39
		return False;
(-)samba-3.0.9-orig/source/lib/smbldap.c (-13 / +12 lines)
Lines 239-245 Link Here
239
		i++;
239
		i++;
240
	i++;
240
	i++;
241
241
242
	names = (char**)malloc( sizeof(char*)*i );
242
	names = SMB_MALLOC_ARRAY( char*, i );
243
	if ( !names ) {
243
	if ( !names ) {
244
		DEBUG(0,("get_attr_list: out of memory\n"));
244
		DEBUG(0,("get_attr_list: out of memory\n"));
245
		return NULL;
245
		return NULL;
Lines 247-253 Link Here
247
247
248
	i = 0;
248
	i = 0;
249
	while ( table[i].attrib != LDAP_ATTR_LIST_END ) {
249
	while ( table[i].attrib != LDAP_ATTR_LIST_END ) {
250
		names[i] = strdup( table[i].name );
250
		names[i] = SMB_STRDUP( table[i].name );
251
		i++;
251
		i++;
252
	}
252
	}
253
	names[i] = NULL;
253
	names[i] = NULL;
Lines 295-301 Link Here
295
	if (!size) {
295
	if (!size) {
296
		/* Upgrade 2.2 style entry */
296
		/* Upgrade 2.2 style entry */
297
		char *p;
297
		char *p;
298
	        char* old_style_key = strdup(*dn);
298
	        char* old_style_key = SMB_STRDUP(*dn);
299
		char *data;
299
		char *data;
300
		fstring old_style_pw;
300
		fstring old_style_pw;
301
		
301
		
Lines 408-414 Link Here
408
#endif
408
#endif
409
409
410
	if (mods == NULL) {
410
	if (mods == NULL) {
411
		mods = (LDAPMod **) malloc(sizeof(LDAPMod *));
411
		mods = SMB_MALLOC_P(LDAPMod *);
412
		if (mods == NULL) {
412
		if (mods == NULL) {
413
			DEBUG(0, ("make_a_mod: out of memory!\n"));
413
			DEBUG(0, ("make_a_mod: out of memory!\n"));
414
			return;
414
			return;
Lines 422-440 Link Here
422
	}
422
	}
423
423
424
	if (mods[i] == NULL) {
424
	if (mods[i] == NULL) {
425
		mods = (LDAPMod **) Realloc (mods, (i + 2) * sizeof (LDAPMod *));
425
		mods = SMB_REALLOC_ARRAY (mods, LDAPMod *, i + 2);
426
		if (mods == NULL) {
426
		if (mods == NULL) {
427
			DEBUG(0, ("make_a_mod: out of memory!\n"));
427
			DEBUG(0, ("make_a_mod: out of memory!\n"));
428
			return;
428
			return;
429
		}
429
		}
430
		mods[i] = (LDAPMod *) malloc(sizeof(LDAPMod));
430
		mods[i] = SMB_MALLOC_P(LDAPMod);
431
		if (mods[i] == NULL) {
431
		if (mods[i] == NULL) {
432
			DEBUG(0, ("make_a_mod: out of memory!\n"));
432
			DEBUG(0, ("make_a_mod: out of memory!\n"));
433
			return;
433
			return;
434
		}
434
		}
435
		mods[i]->mod_op = modop;
435
		mods[i]->mod_op = modop;
436
		mods[i]->mod_values = NULL;
436
		mods[i]->mod_values = NULL;
437
		mods[i]->mod_type = strdup(attribute);
437
		mods[i]->mod_type = SMB_STRDUP(attribute);
438
		mods[i + 1] = NULL;
438
		mods[i + 1] = NULL;
439
	}
439
	}
440
440
Lines 445-452 Link Here
445
		if (mods[i]->mod_values != NULL) {
445
		if (mods[i]->mod_values != NULL) {
446
			for (; mods[i]->mod_values[j] != NULL; j++);
446
			for (; mods[i]->mod_values[j] != NULL; j++);
447
		}
447
		}
448
		mods[i]->mod_values = (char **)Realloc(mods[i]->mod_values,
448
		mods[i]->mod_values = SMB_REALLOC_ARRAY(mods[i]->mod_values, char *, j + 2);
449
					       (j + 2) * sizeof (char *));
450
					       
449
					       
451
		if (mods[i]->mod_values == NULL) {
450
		if (mods[i]->mod_values == NULL) {
452
			DEBUG (0, ("make_a_mod: Memory allocation failure!\n"));
451
			DEBUG (0, ("make_a_mod: Memory allocation failure!\n"));
Lines 574-580 Link Here
574
		return;
573
		return;
575
	}
574
	}
576
575
577
	t = smb_xmalloc(sizeof(*t));
576
	t = SMB_XMALLOC_P(struct smbldap_state_lookup);
578
	ZERO_STRUCTP(t);
577
	ZERO_STRUCTP(t);
579
	
578
	
580
	DLIST_ADD_END(smbldap_state_lookup_list, t, tmp);
579
	DLIST_ADD_END(smbldap_state_lookup_list, t, tmp);
Lines 718-728 Link Here
718
		DEBUG(5,("rebind_proc_with_state: Rebinding as \"%s\"\n", 
717
		DEBUG(5,("rebind_proc_with_state: Rebinding as \"%s\"\n", 
719
			  ldap_state->bind_dn));
718
			  ldap_state->bind_dn));
720
719
721
		*whop = strdup(ldap_state->bind_dn);
720
		*whop = SMB_STRDUP(ldap_state->bind_dn);
722
		if (!*whop) {
721
		if (!*whop) {
723
			return LDAP_NO_MEMORY;
722
			return LDAP_NO_MEMORY;
724
		}
723
		}
725
		*credp = strdup(ldap_state->bind_secret);
724
		*credp = SMB_STRDUP(ldap_state->bind_secret);
726
		if (!*credp) {
725
		if (!*credp) {
727
			SAFE_FREE(*whop);
726
			SAFE_FREE(*whop);
728
			return LDAP_NO_MEMORY;
727
			return LDAP_NO_MEMORY;
Lines 1207-1213 Link Here
1207
1206
1208
NTSTATUS smbldap_init(TALLOC_CTX *mem_ctx, const char *location, struct smbldap_state **smbldap_state) 
1207
NTSTATUS smbldap_init(TALLOC_CTX *mem_ctx, const char *location, struct smbldap_state **smbldap_state) 
1209
{
1208
{
1210
	*smbldap_state = talloc_zero(mem_ctx, sizeof(**smbldap_state));
1209
	*smbldap_state = TALLOC_ZERO_P(mem_ctx, struct smbldap_state);
1211
	if (!*smbldap_state) {
1210
	if (!*smbldap_state) {
1212
		DEBUG(0, ("talloc() failed for ldapsam private_data!\n"));
1211
		DEBUG(0, ("talloc() failed for ldapsam private_data!\n"));
1213
		return NT_STATUS_NO_MEMORY;
1212
		return NT_STATUS_NO_MEMORY;
(-)samba-3.0.9-orig/source/lib/substitute.c (-5 / +5 lines)
Lines 224-230 Link Here
224
224
225
	r = p + 3;
225
	r = p + 3;
226
	copylen = q - r;
226
	copylen = q - r;
227
	envname = (char *)malloc(copylen + 1 + 4); /* reserve space for use later add %$() chars */
227
	envname = (char *)SMB_MALLOC(copylen + 1 + 4); /* reserve space for use later add %$() chars */
228
	if (envname == NULL) return NULL;
228
	if (envname == NULL) return NULL;
229
	strncpy(envname,r,copylen);
229
	strncpy(envname,r,copylen);
230
	envname[copylen] = '\0';
230
	envname[copylen] = '\0';
Lines 508-514 Link Here
508
		return NULL;
508
		return NULL;
509
	}
509
	}
510
	
510
	
511
	a_string = strdup(str);
511
	a_string = SMB_STRDUP(str);
512
	if (a_string == NULL) {
512
	if (a_string == NULL) {
513
		DEBUG(0, ("alloc_sub_specified: Out of memory!\n"));
513
		DEBUG(0, ("alloc_sub_specified: Out of memory!\n"));
514
		return NULL;
514
		return NULL;
Lines 526-532 Link Here
526
			t = realloc_string_sub(t, "%U", r);
526
			t = realloc_string_sub(t, "%U", r);
527
			break;
527
			break;
528
		case 'G' :
528
		case 'G' :
529
			r = strdup(smb_name);
529
			r = SMB_STRDUP(smb_name);
530
			if (r == NULL) goto error;
530
			if (r == NULL) goto error;
531
			if ((pass = Get_Pwnam(r))!=NULL) {
531
			if ((pass = Get_Pwnam(r))!=NULL) {
532
				t = realloc_string_sub(t, "%G", gidtoname(pass->pw_gid));
532
				t = realloc_string_sub(t, "%G", gidtoname(pass->pw_gid));
Lines 623-629 Link Here
623
	char *a_string, *ret_string;
623
	char *a_string, *ret_string;
624
	char *b, *p, *s, *t;
624
	char *b, *p, *s, *t;
625
625
626
	a_string = strdup(input_string);
626
	a_string = SMB_STRDUP(input_string);
627
	if (a_string == NULL) {
627
	if (a_string == NULL) {
628
		DEBUG(0, ("alloc_sub_specified: Out of memory!\n"));
628
		DEBUG(0, ("alloc_sub_specified: Out of memory!\n"));
629
		return NULL;
629
		return NULL;
Lines 700-706 Link Here
700
	char *a_string, *ret_string;
700
	char *a_string, *ret_string;
701
	char *b, *p, *s, *t, *h;
701
	char *b, *p, *s, *t, *h;
702
702
703
	a_string = strdup(str);
703
	a_string = SMB_STRDUP(str);
704
	if (a_string == NULL) {
704
	if (a_string == NULL) {
705
		DEBUG(0, ("alloc_sub_specified: Out of memory!\n"));
705
		DEBUG(0, ("alloc_sub_specified: Out of memory!\n"));
706
		return NULL;
706
		return NULL;
(-)samba-3.0.9-orig/source/lib/system.c (-2 / +2 lines)
Lines 1031-1037 Link Here
1031
	for( argcl = 1; ptr; ptr = strtok(NULL, " \t"))
1031
	for( argcl = 1; ptr; ptr = strtok(NULL, " \t"))
1032
		argcl++;
1032
		argcl++;
1033
1033
1034
	if((argl = (char **)malloc((argcl + 1) * sizeof(char *))) == NULL)
1034
	if((argl = (char **)SMB_MALLOC((argcl + 1) * sizeof(char *))) == NULL)
1035
		return NULL;
1035
		return NULL;
1036
1036
1037
	/*
1037
	/*
Lines 1113-1119 Link Here
1113
		goto err_exit;
1113
		goto err_exit;
1114
	}
1114
	}
1115
1115
1116
	if((entry = (popen_list *)malloc(sizeof(popen_list))) == NULL)
1116
	if((entry = SMB_MALLOC_P(popen_list)) == NULL)
1117
		goto err_exit;
1117
		goto err_exit;
1118
1118
1119
	ZERO_STRUCTP(entry);
1119
	ZERO_STRUCTP(entry);
(-)samba-3.0.9-orig/source/lib/system_smbd.c (-1 / +1 lines)
Lines 53-59 Link Here
53
		return -1;
53
		return -1;
54
	}
54
	}
55
	
55
	
56
	gids_saved = (gid_t *)malloc(sizeof(gid_t) * (ngrp_saved+1));
56
	gids_saved = SMB_MALLOC_ARRAY(gid_t, ngrp_saved+1);
57
	if (!gids_saved) {
57
	if (!gids_saved) {
58
		errno = ENOMEM;
58
		errno = ENOMEM;
59
		return -1;
59
		return -1;
(-)samba-3.0.9-orig/source/lib/talloc.c (-11 / +73 lines)
Lines 54-59 Link Here
54
54
55
#include "includes.h"
55
#include "includes.h"
56
56
57
/* Max allowable allococation - 256mb - 0x10000000 */
58
#define MAX_TALLOC_SIZE (1024*1024*256)
57
59
58
/**
60
/**
59
 * Start of linked list of all talloc pools.
61
 * Start of linked list of all talloc pools.
Lines 100-106 Link Here
100
{
102
{
101
	TALLOC_CTX *t;
103
	TALLOC_CTX *t;
102
104
103
	t = (TALLOC_CTX *)malloc(sizeof(TALLOC_CTX));
105
	t = (TALLOC_CTX *)SMB_MALLOC(sizeof(TALLOC_CTX));
104
	if (t) {
106
	if (t) {
105
		t->list = NULL;
107
		t->list = NULL;
106
		t->total_alloc_size = 0;
108
		t->total_alloc_size = 0;
Lines 143-158 Link Here
143
145
144
146
145
/** Allocate a bit of memory from the specified pool **/
147
/** Allocate a bit of memory from the specified pool **/
148
#if defined(PARANOID_MALLOC_CHECKER)
149
void *talloc_(TALLOC_CTX *t, size_t size)
150
#else
146
void *talloc(TALLOC_CTX *t, size_t size)
151
void *talloc(TALLOC_CTX *t, size_t size)
152
#endif
147
{
153
{
148
	void *p;
154
	void *p;
149
	struct talloc_chunk *tc;
155
	struct talloc_chunk *tc;
150
156
151
	if (!t || size == 0) return NULL;
157
	if (!t || size == 0) return NULL;
152
158
153
	p = malloc(size);
159
	p = SMB_MALLOC(size);
154
	if (p) {
160
	if (p) {
155
		tc = malloc(sizeof(*tc));
161
		tc = SMB_MALLOC(sizeof(*tc));
156
		if (tc) {
162
		if (tc) {
157
			tc->ptr = p;
163
			tc->ptr = p;
158
			tc->size = size;
164
			tc->size = size;
Lines 167-174 Link Here
167
	return p;
173
	return p;
168
}
174
}
169
175
176
/** Allocate an array of count elements of size x */
177
#if defined(PARANOID_MALLOC_CHECKER)
178
void *talloc_array_(TALLOC_CTX *ctx, size_t el_size, unsigned int count)
179
#else
180
void *talloc_array(TALLOC_CTX *ctx, size_t el_size, unsigned int count)
181
#endif
182
{
183
        if (count >= MAX_TALLOC_SIZE/el_size) {
184
                return NULL;
185
        }
186
	return TALLOC(ctx, el_size * count);
187
}
188
170
/** A talloc version of realloc */
189
/** A talloc version of realloc */
190
#if defined(PARANOID_MALLOC_CHECKER)
191
void *talloc_realloc_(TALLOC_CTX *t, void *ptr, size_t size)
192
#else
171
void *talloc_realloc(TALLOC_CTX *t, void *ptr, size_t size)
193
void *talloc_realloc(TALLOC_CTX *t, void *ptr, size_t size)
194
#endif
172
{
195
{
173
	struct talloc_chunk *tc;
196
	struct talloc_chunk *tc;
174
	void *new_ptr;
197
	void *new_ptr;
Lines 179-189 Link Here
179
202
180
	/* realloc(NULL) is equavalent to malloc() */
203
	/* realloc(NULL) is equavalent to malloc() */
181
	if (ptr == NULL)
204
	if (ptr == NULL)
182
		return talloc(t, size);
205
		return TALLOC(t, size);
183
206
184
	for (tc=t->list; tc; tc=tc->next) {
207
	for (tc=t->list; tc; tc=tc->next) {
185
		if (tc->ptr == ptr) {
208
		if (tc->ptr == ptr) {
186
			new_ptr = Realloc(ptr, size);
209
			new_ptr = SMB_REALLOC(ptr, size);
187
			if (new_ptr) {
210
			if (new_ptr) {
188
				t->total_alloc_size += (size - tc->size);
211
				t->total_alloc_size += (size - tc->size);
189
				tc->size = size;
212
				tc->size = size;
Lines 195-200 Link Here
195
	return NULL;
218
	return NULL;
196
}
219
}
197
220
221
/** Re-allocate an array of count elements of size x */
222
#if defined(PARANOID_MALLOC_CHECKER)
223
void *talloc_realloc_array_(TALLOC_CTX *ctx, void *ptr, size_t el_size, unsigned int count)
224
#else
225
void *talloc_realloc_array(TALLOC_CTX *ctx, void *ptr, size_t el_size, unsigned int count)
226
#endif
227
{
228
        if (count >= MAX_TALLOC_SIZE/el_size) {
229
                return NULL;
230
        }
231
	return TALLOC_REALLOC(ctx, ptr, el_size * count);
232
}
233
198
/** Destroy all the memory allocated inside @p t, but not @p t
234
/** Destroy all the memory allocated inside @p t, but not @p t
199
 * itself. */
235
 * itself. */
200
void talloc_destroy_pool(TALLOC_CTX *t)
236
void talloc_destroy_pool(TALLOC_CTX *t)
Lines 246-254 Link Here
246
282
247
283
248
/** talloc and zero memory. */
284
/** talloc and zero memory. */
285
#if defined(PARANOID_MALLOC_CHECKER)
286
void *talloc_zero_(TALLOC_CTX *t, size_t size)
287
#else
249
void *talloc_zero(TALLOC_CTX *t, size_t size)
288
void *talloc_zero(TALLOC_CTX *t, size_t size)
289
#endif
250
{
290
{
251
	void *p = talloc(t, size);
291
	void *p = TALLOC(t, size);
252
292
253
	if (p)
293
	if (p)
254
		memset(p, '\0', size);
294
		memset(p, '\0', size);
Lines 256-265 Link Here
256
	return p;
296
	return p;
257
}
297
}
258
298
299
#if defined(PARANOID_MALLOC_CHECKER)
300
void *talloc_zero_array_(TALLOC_CTX *t, size_t el_size, unsigned int count)
301
#else
302
void *talloc_zero_array(TALLOC_CTX *t, size_t el_size, unsigned int count)
303
#endif
304
{
305
#if defined(PARANOID_MALLOC_CHECKER)
306
	void *p = talloc_array_(t, el_size, count);
307
#else
308
	void *p = talloc_array(t, el_size, count);
309
#endif
310
311
	if (p)
312
		memset(p, '\0', el_size*count);
313
314
	return p;
315
}
316
259
/** memdup with a talloc. */
317
/** memdup with a talloc. */
318
#if defined(PARANOID_MALLOC_CHECKER)
319
void *talloc_memdup_(TALLOC_CTX *t, const void *p, size_t size)
320
#else
260
void *talloc_memdup(TALLOC_CTX *t, const void *p, size_t size)
321
void *talloc_memdup(TALLOC_CTX *t, const void *p, size_t size)
322
#endif
261
{
323
{
262
	void *newp = talloc(t,size);
324
	void *newp = TALLOC(t,size);
263
325
264
	if (newp)
326
	if (newp)
265
		memcpy(newp, p, size);
327
		memcpy(newp, p, size);
Lines 271-277 Link Here
271
char *talloc_strdup(TALLOC_CTX *t, const char *p)
333
char *talloc_strdup(TALLOC_CTX *t, const char *p)
272
{
334
{
273
	if (p)
335
	if (p)
274
		return talloc_memdup(t, p, strlen(p) + 1);
336
		return TALLOC_MEMDUP(t, p, strlen(p) + 1);
275
	else
337
	else
276
		return NULL;
338
		return NULL;
277
}
339
}
Lines 298-304 Link Here
298
smb_ucs2_t *talloc_strdup_w(TALLOC_CTX *t, const smb_ucs2_t *p)
360
smb_ucs2_t *talloc_strdup_w(TALLOC_CTX *t, const smb_ucs2_t *p)
299
{
361
{
300
	if (p)
362
	if (p)
301
		return talloc_memdup(t, p, (strlen_w(p) + 1) * sizeof(smb_ucs2_t));
363
		return TALLOC_MEMDUP(t, p, (strlen_w(p) + 1) * sizeof(smb_ucs2_t));
302
	else
364
	else
303
		return NULL;
365
		return NULL;
304
}
366
}
Lines 329-335 Link Here
329
391
330
	len = vsnprintf(NULL, 0, fmt, ap2);
392
	len = vsnprintf(NULL, 0, fmt, ap2);
331
393
332
	ret = talloc(t, len+1);
394
	ret = TALLOC(t, len+1);
333
	if (ret) {
395
	if (ret) {
334
		VA_COPY(ap2, ap);
396
		VA_COPY(ap2, ap);
335
		vsnprintf(ret, len+1, fmt, ap2);
397
		vsnprintf(ret, len+1, fmt, ap2);
Lines 373-379 Link Here
373
	s_len = strlen(s);
435
	s_len = strlen(s);
374
	len = vsnprintf(NULL, 0, fmt, ap2);
436
	len = vsnprintf(NULL, 0, fmt, ap2);
375
437
376
	s = talloc_realloc(t, s, s_len + len+1);
438
	s = TALLOC_REALLOC(t, s, s_len + len+1);
377
	if (!s) return NULL;
439
	if (!s) return NULL;
378
440
379
	VA_COPY(ap2, ap);
441
	VA_COPY(ap2, ap);
(-)samba-3.0.9-orig/source/lib/time.c (-2 / +1 lines)
Lines 190-197 Link Here
190
    time_t low,high;
190
    time_t low,high;
191
191
192
    zone = TimeZone(t);
192
    zone = TimeZone(t);
193
    tdt = (struct dst_table *)Realloc(dst_table,
193
    tdt = SMB_REALLOC_ARRAY(dst_table, struct dst_table, i+1);
194
					      sizeof(dst_table[0])*(i+1));
195
    if (!tdt) {
194
    if (!tdt) {
196
      DEBUG(0,("TimeZoneFaster: out of memory!\n"));
195
      DEBUG(0,("TimeZoneFaster: out of memory!\n"));
197
      SAFE_FREE(dst_table);
196
      SAFE_FREE(dst_table);
(-)samba-3.0.9-orig/source/lib/util.c (-27 / +131 lines)
Lines 23-28 Link Here
23
23
24
#include "includes.h"
24
#include "includes.h"
25
25
26
/* Max allowable allococation - 256mb - 0x10000000 */
27
#define MAX_ALLOC_SIZE (1024*1024*256)
28
26
#if (defined(HAVE_NETGROUP) && defined (WITH_AUTOMOUNT))
29
#if (defined(HAVE_NETGROUP) && defined (WITH_AUTOMOUNT))
27
#ifdef WITH_NISPLUS_HOME
30
#ifdef WITH_NISPLUS_HOME
28
#ifdef BROKEN_NISPLUS_INCLUDE_FILES
31
#ifdef BROKEN_NISPLUS_INCLUDE_FILES
Lines 79-85 Link Here
79
BOOL set_global_myname(const char *myname)
82
BOOL set_global_myname(const char *myname)
80
{
83
{
81
	SAFE_FREE(smb_myname);
84
	SAFE_FREE(smb_myname);
82
	smb_myname = strdup(myname);
85
	smb_myname = SMB_STRDUP(myname);
83
	if (!smb_myname)
86
	if (!smb_myname)
84
		return False;
87
		return False;
85
	strupper_m(smb_myname);
88
	strupper_m(smb_myname);
Lines 98-104 Link Here
98
BOOL set_global_myworkgroup(const char *myworkgroup)
101
BOOL set_global_myworkgroup(const char *myworkgroup)
99
{
102
{
100
	SAFE_FREE(smb_myworkgroup);
103
	SAFE_FREE(smb_myworkgroup);
101
	smb_myworkgroup = strdup(myworkgroup);
104
	smb_myworkgroup = SMB_STRDUP(myworkgroup);
102
	if (!smb_myworkgroup)
105
	if (!smb_myworkgroup)
103
		return False;
106
		return False;
104
	strupper_m(smb_myworkgroup);
107
	strupper_m(smb_myworkgroup);
Lines 117-123 Link Here
117
BOOL set_global_scope(const char *scope)
120
BOOL set_global_scope(const char *scope)
118
{
121
{
119
	SAFE_FREE(smb_scope);
122
	SAFE_FREE(smb_scope);
120
	smb_scope = strdup(scope);
123
	smb_scope = SMB_STRDUP(scope);
121
	if (!smb_scope)
124
	if (!smb_scope)
122
		return False;
125
		return False;
123
	strupper_m(smb_scope);
126
	strupper_m(smb_scope);
Lines 151-157 Link Here
151
	free_netbios_names_array();
154
	free_netbios_names_array();
152
155
153
	smb_num_netbios_names = number + 1;
156
	smb_num_netbios_names = number + 1;
154
	smb_my_netbios_names = (char **)malloc( sizeof(char *) * smb_num_netbios_names );
157
	smb_my_netbios_names = SMB_MALLOC_ARRAY( char *, smb_num_netbios_names );
155
158
156
	if (!smb_my_netbios_names)
159
	if (!smb_my_netbios_names)
157
		return False;
160
		return False;
Lines 164-170 Link Here
164
{
167
{
165
	SAFE_FREE(smb_my_netbios_names[i]);
168
	SAFE_FREE(smb_my_netbios_names[i]);
166
169
167
	smb_my_netbios_names[i] = strdup(name);
170
	smb_my_netbios_names[i] = SMB_STRDUP(name);
168
	if (!smb_my_netbios_names[i])
171
	if (!smb_my_netbios_names[i])
169
		return False;
172
		return False;
170
	strupper_m(smb_my_netbios_names[i]);
173
	strupper_m(smb_my_netbios_names[i]);
Lines 301-307 Link Here
301
			return;
304
			return;
302
	}
305
	}
303
	
306
	
304
	*gids = Realloc(*gids, (*num+1) * sizeof(gid_t));
307
	*gids = SMB_REALLOC_ARRAY(*gids, gid_t, *num+1);
305
308
306
	if (*gids == NULL)
309
	if (*gids == NULL)
307
		return;
310
		return;
Lines 351-357 Link Here
351
	while ((p = Atoic(p, &val, ":,")) != NULL && (*p) != ':') {
354
	while ((p = Atoic(p, &val, ":,")) != NULL && (*p) != ':') {
352
		uint32 *tn;
355
		uint32 *tn;
353
		
356
		
354
		tn = Realloc((*num), ((*count)+1) * sizeof(uint32));
357
		tn = SMB_REALLOC_ARRAY((*num), uint32, (*count)+1);
355
		if (tn == NULL) {
358
		if (tn == NULL) {
356
			SAFE_FREE(*num);
359
			SAFE_FREE(*num);
357
			return NULL;
360
			return NULL;
Lines 727-733 Link Here
727
	size_t num_to_read_thistime;
730
	size_t num_to_read_thistime;
728
	size_t num_written = 0;
731
	size_t num_written = 0;
729
732
730
	if ((buf = malloc(TRANSFER_BUF_SIZE)) == NULL)
733
	if ((buf = SMB_MALLOC(TRANSFER_BUF_SIZE)) == NULL)
731
		return -1;
734
		return -1;
732
735
733
	while (total < n) {
736
	while (total < n) {
Lines 855-860 Link Here
855
	return(False);
858
	return(False);
856
}
859
}
857
860
861
#if defined(PARANOID_MALLOC_CHECKER)
862
863
/****************************************************************************
864
 Internal malloc wrapper. Externally visible.
865
****************************************************************************/
866
867
void *malloc_(size_t size)
868
{
869
#undef malloc
870
	/* If we don't add an amount here the glibc memset seems to write
871
	   one byte over. */
872
	return malloc(size+16);
873
#define malloc(s) __ERROR_DONT_USE_MALLOC_DIRECTLY
874
}
875
876
/****************************************************************************
877
 Internal calloc wrapper. Not externally visible.
878
****************************************************************************/
879
880
static void *calloc_(size_t count, size_t size)
881
{
882
#undef calloc
883
	/* If we don't add an amount here the glibc memset seems to write
884
	   one byte over. */
885
	return calloc(count+1, size);
886
#define calloc(n,s) __ERROR_DONT_USE_CALLOC_DIRECTLY
887
}
888
889
/****************************************************************************
890
 Internal realloc wrapper. Not externally visible.
891
****************************************************************************/
892
893
static void *realloc_(void *ptr, size_t size)
894
{
895
#undef realloc
896
	/* If we don't add an amount here the glibc memset seems to write
897
	   one byte over. */
898
	return realloc(ptr, size+16);
899
#define realloc(p,s) __ERROR_DONT_USE_RELLOC_DIRECTLY
900
}
901
902
#endif /* PARANOID_MALLOC_CHECKER */
903
904
/****************************************************************************
905
 Type-safe malloc.
906
****************************************************************************/
907
908
void *malloc_array(size_t el_size, unsigned int count)
909
{
910
	if (count >= MAX_ALLOC_SIZE/el_size) {
911
		return NULL;
912
	}
913
914
#if defined(PARANOID_MALLOC_CHECKER)
915
	return malloc_(el_size*count);
916
#else
917
	return malloc(el_size*count);
918
#endif
919
}
920
921
/****************************************************************************
922
 Type-safe calloc.
923
****************************************************************************/
924
925
void *calloc_array(size_t size, size_t nmemb)
926
{
927
	if (nmemb >= MAX_ALLOC_SIZE/size) {
928
		return NULL;
929
	}
930
#if defined(PARANOID_MALLOC_CHECKER)
931
	return calloc_(nmemb, size);
932
#else
933
	return calloc(nmemb, size);
934
#endif
935
}
936
858
/****************************************************************************
937
/****************************************************************************
859
 Expand a pointer to be a particular size.
938
 Expand a pointer to be a particular size.
860
****************************************************************************/
939
****************************************************************************/
Lines 869-878 Link Here
869
		return NULL;
948
		return NULL;
870
	}
949
	}
871
950
951
#if defined(PARANOID_MALLOC_CHECKER)
952
	if (!p)
953
		ret = (void *)malloc_(size);
954
	else
955
		ret = (void *)realloc_(p,size);
956
#else
872
	if (!p)
957
	if (!p)
873
		ret = (void *)malloc(size);
958
		ret = (void *)malloc(size);
874
	else
959
	else
875
		ret = (void *)realloc(p,size);
960
		ret = (void *)realloc(p,size);
961
#endif
876
962
877
	if (!ret)
963
	if (!ret)
878
		DEBUG(0,("Memory allocation error: failed to expand to %d bytes\n",(int)size));
964
		DEBUG(0,("Memory allocation error: failed to expand to %d bytes\n",(int)size));
Lines 880-896 Link Here
880
	return(ret);
966
	return(ret);
881
}
967
}
882
968
883
void *Realloc_zero(void *ptr, size_t size)
969
/****************************************************************************
884
{
970
 Type-safe realloc.
885
	void *tptr = NULL;
971
****************************************************************************/
886
		
972
		
887
	tptr = Realloc(ptr, size);
973
void *realloc_array(void *p,size_t el_size, unsigned int count)
888
	if(tptr == NULL)
974
{
975
	if (count >= MAX_ALLOC_SIZE/el_size) {
889
		return NULL;
976
		return NULL;
890
977
	}
891
	memset((char *)tptr,'\0',size);
978
	return Realloc(p,el_size*count);
892
893
	return tptr;
894
}
979
}
895
980
896
/****************************************************************************
981
/****************************************************************************
Lines 1595-1602 Link Here
1595
	if(num_entries == 0)
1680
	if(num_entries == 0)
1596
		return;
1681
		return;
1597
1682
1598
	if(( (*ppname_array) = (name_compare_entry *)malloc(
1683
	if(( (*ppname_array) = SMB_MALLOC_ARRAY(name_compare_entry, num_entries + 1)) == NULL) {
1599
					(num_entries + 1) * sizeof(name_compare_entry))) == NULL) {
1600
		DEBUG(0,("set_namearray: malloc fail\n"));
1684
		DEBUG(0,("set_namearray: malloc fail\n"));
1601
		return;
1685
		return;
1602
	}
1686
	}
Lines 1619-1625 Link Here
1619
			break;
1703
			break;
1620
1704
1621
		(*ppname_array)[i].is_wild = ms_has_wild(nameptr);
1705
		(*ppname_array)[i].is_wild = ms_has_wild(nameptr);
1622
		if(((*ppname_array)[i].name = strdup(nameptr)) == NULL) {
1706
		if(((*ppname_array)[i].name = SMB_STRDUP(nameptr)) == NULL) {
1623
			DEBUG(0,("set_namearray: malloc fail (1)\n"));
1707
			DEBUG(0,("set_namearray: malloc fail (1)\n"));
1624
			return;
1708
			return;
1625
		}
1709
		}
Lines 2115-2128 Link Here
2115
 malloc that aborts with smb_panic on fail or zero size.
2199
 malloc that aborts with smb_panic on fail or zero size.
2116
 *****************************************************************/  
2200
 *****************************************************************/  
2117
2201
2118
void *smb_xmalloc(size_t size)
2202
void *smb_xmalloc_array(size_t size, unsigned int count)
2119
{
2203
{
2120
	void *p;
2204
	void *p;
2121
	if (size == 0)
2205
	if (size == 0)
2122
		smb_panic("smb_xmalloc: called with zero size.\n");
2206
		smb_panic("smb_xmalloc_array: called with zero size.\n");
2123
	if ((p = malloc(size)) == NULL) {
2207
        if (count >= MAX_ALLOC_SIZE/size) {
2124
		DEBUG(0, ("smb_xmalloc() failed to allocate %lu bytes\n", (unsigned long)size));
2208
                smb_panic("smb_xmalloc: alloc size too large.\n");
2125
		smb_panic("smb_xmalloc: malloc fail.\n");
2209
        }
2210
	if ((p = SMB_MALLOC(size*count)) == NULL) {
2211
		DEBUG(0, ("smb_xmalloc_array failed to allocate %lu * %lu bytes\n",
2212
			(unsigned long)size, (unsigned long)count));
2213
		smb_panic("smb_xmalloc_array: malloc fail.\n");
2126
	}
2214
	}
2127
	return p;
2215
	return p;
2128
}
2216
}
Lines 2134-2140 Link Here
2134
void *smb_xmemdup(const void *p, size_t size)
2222
void *smb_xmemdup(const void *p, size_t size)
2135
{
2223
{
2136
	void *p2;
2224
	void *p2;
2137
	p2 = smb_xmalloc(size);
2225
	p2 = SMB_XMALLOC_ARRAY(unsigned char,size);
2138
	memcpy(p2, p, size);
2226
	memcpy(p2, p, size);
2139
	return p2;
2227
	return p2;
2140
}
2228
}
Lines 2145-2151 Link Here
2145
2233
2146
char *smb_xstrdup(const char *s)
2234
char *smb_xstrdup(const char *s)
2147
{
2235
{
2236
#if defined(PARANOID_MALLOC_CHECKER)
2237
#ifdef strdup
2238
#undef strdup
2239
#endif
2240
#endif
2148
	char *s1 = strdup(s);
2241
	char *s1 = strdup(s);
2242
#if defined(PARANOID_MALLOC_CHECKER)
2243
#define strdup(s) __ERROR_DONT_USE_STRDUP_DIRECTLY
2244
#endif
2149
	if (!s1)
2245
	if (!s1)
2150
		smb_panic("smb_xstrdup: malloc fail\n");
2246
		smb_panic("smb_xstrdup: malloc fail\n");
2151
	return s1;
2247
	return s1;
Lines 2157-2163 Link Here
2157
2254
2158
char *smb_xstrndup(const char *s, size_t n)
2255
char *smb_xstrndup(const char *s, size_t n)
2159
{
2256
{
2257
#if defined(PARANOID_MALLOC_CHECKER)
2258
#ifdef strndup
2259
#undef strndup
2260
#endif
2261
#endif
2160
	char *s1 = strndup(s, n);
2262
	char *s1 = strndup(s, n);
2263
#if defined(PARANOID_MALLOC_CHECKER)
2264
#define strndup(s,n) __ERROR_DONT_USE_STRNDUP_DIRECTLY
2265
#endif
2161
	if (!s1)
2266
	if (!s1)
2162
		smb_panic("smb_xstrndup: malloc fail\n");
2267
		smb_panic("smb_xstrndup: malloc fail\n");
2163
	return s1;
2268
	return s1;
Lines 2189-2195 Link Here
2189
	void *p2;
2294
	void *p2;
2190
	if (size == 0)
2295
	if (size == 0)
2191
		return NULL;
2296
		return NULL;
2192
	p2 = malloc(size);
2297
	p2 = SMB_MALLOC(size);
2193
	if (!p2)
2298
	if (!p2)
2194
		return NULL;
2299
		return NULL;
2195
	memcpy(p2, p, size);
2300
	memcpy(p2, p, size);
(-)samba-3.0.9-orig/source/lib/util_file.c (-5 / +5 lines)
Lines 282-288 Link Here
282
282
283
	if (!s2) {
283
	if (!s2) {
284
		maxlen = MIN(maxlen,8);
284
		maxlen = MIN(maxlen,8);
285
		s = (char *)malloc(maxlen);
285
		s = (char *)SMB_MALLOC(maxlen);
286
	}
286
	}
287
287
288
	if (!s) {
288
	if (!s) {
Lines 325-331 Link Here
325
			char *t;
325
			char *t;
326
	  
326
	  
327
			maxlen *= 2;
327
			maxlen *= 2;
328
			t = (char *)Realloc(s,maxlen);
328
			t = (char *)SMB_REALLOC(s,maxlen);
329
			if (!t) {
329
			if (!t) {
330
				DEBUG(0,("fgets_slash: failed to expand buffer!\n"));
330
				DEBUG(0,("fgets_slash: failed to expand buffer!\n"));
331
				SAFE_FREE(s);
331
				SAFE_FREE(s);
Lines 358-364 Link Here
358
	total = 0;
358
	total = 0;
359
359
360
	while ((n = read(fd, buf, sizeof(buf))) > 0) {
360
	while ((n = read(fd, buf, sizeof(buf))) > 0) {
361
		tp = Realloc(p, total + n + 1);
361
		tp = SMB_REALLOC(p, total + n + 1);
362
		if (!tp) {
362
		if (!tp) {
363
		        DEBUG(0,("file_pload: failed to expand buffer!\n"));
363
		        DEBUG(0,("file_pload: failed to expand buffer!\n"));
364
			close(fd);
364
			close(fd);
Lines 397-403 Link Here
397
		return NULL;
397
		return NULL;
398
	}
398
	}
399
399
400
	p = (char *)malloc(sbuf.st_size+1);
400
	p = (char *)SMB_MALLOC(sbuf.st_size+1);
401
	if (!p) {
401
	if (!p) {
402
		return NULL;
402
		return NULL;
403
	}
403
	}
Lines 492-498 Link Here
492
		if (s[0] == '\n') i++;
492
		if (s[0] == '\n') i++;
493
	}
493
	}
494
494
495
	ret = (char **)malloc(sizeof(ret[0])*(i+2));
495
	ret = SMB_MALLOC_ARRAY(char *, i+2);
496
	if (!ret) {
496
	if (!ret) {
497
		SAFE_FREE(p);
497
		SAFE_FREE(p);
498
		return NULL;
498
		return NULL;
(-)samba-3.0.9-orig/source/lib/util_getent.c (-15 / +15 lines)
Lines 33-39 Link Here
33
	struct sys_grent *gent;
33
	struct sys_grent *gent;
34
	struct group *grp;
34
	struct group *grp;
35
	
35
	
36
	gent = (struct sys_grent *) malloc(sizeof(struct sys_grent));
36
	gent = SMB_MALLOC_P(struct sys_grent);
37
	if (gent == NULL) {
37
	if (gent == NULL) {
38
		DEBUG (0, ("Out of memory in getgrent_list!\n"));
38
		DEBUG (0, ("Out of memory in getgrent_list!\n"));
39
		return NULL;
39
		return NULL;
Lines 53-63 Link Here
53
		int i,num;
53
		int i,num;
54
		
54
		
55
		if (grp->gr_name) {
55
		if (grp->gr_name) {
56
			if ((gent->gr_name = strdup(grp->gr_name)) == NULL)
56
			if ((gent->gr_name = SMB_STRDUP(grp->gr_name)) == NULL)
57
				goto err;
57
				goto err;
58
		}
58
		}
59
		if (grp->gr_passwd) {
59
		if (grp->gr_passwd) {
60
			if ((gent->gr_passwd = strdup(grp->gr_passwd)) == NULL)
60
			if ((gent->gr_passwd = SMB_STRDUP(grp->gr_passwd)) == NULL)
61
				goto err;
61
				goto err;
62
		}
62
		}
63
		gent->gr_gid = grp->gr_gid;
63
		gent->gr_gid = grp->gr_gid;
Lines 67-86 Link Here
67
			;
67
			;
68
		
68
		
69
		/* alloc space for gr_mem string pointers */
69
		/* alloc space for gr_mem string pointers */
70
		if ((gent->gr_mem = (char **) malloc((num+1) * sizeof(char *))) == NULL)
70
		if ((gent->gr_mem = SMB_MALLOC_ARRAY(char *, num+1)) == NULL)
71
			goto err;
71
			goto err;
72
72
73
		memset(gent->gr_mem, '\0', (num+1) * sizeof(char *));
73
		memset(gent->gr_mem, '\0', (num+1) * sizeof(char *));
74
74
75
		for (i=0; i < num; i++) {
75
		for (i=0; i < num; i++) {
76
			if ((gent->gr_mem[i] = strdup(grp->gr_mem[i])) == NULL)
76
			if ((gent->gr_mem[i] = SMB_STRDUP(grp->gr_mem[i])) == NULL)
77
				goto err;
77
				goto err;
78
		}
78
		}
79
		gent->gr_mem[num] = NULL;
79
		gent->gr_mem[num] = NULL;
80
		
80
		
81
		grp = getgrent();
81
		grp = getgrent();
82
		if (grp) {
82
		if (grp) {
83
			gent->next = (struct sys_grent *) malloc(sizeof(struct sys_grent));
83
			gent->next = SMB_MALLOC_P(struct sys_grent);
84
			if (gent->next == NULL)
84
			if (gent->next == NULL)
85
				goto err;
85
				goto err;
86
			gent = gent->next;
86
			gent = gent->next;
Lines 134-140 Link Here
134
	struct sys_pwent *pent;
134
	struct sys_pwent *pent;
135
	struct passwd *pwd;
135
	struct passwd *pwd;
136
	
136
	
137
	pent = (struct sys_pwent *) malloc(sizeof(struct sys_pwent));
137
	pent = SMB_MALLOC_P(struct sys_pwent);
138
	if (pent == NULL) {
138
	if (pent == NULL) {
139
		DEBUG (0, ("Out of memory in getpwent_list!\n"));
139
		DEBUG (0, ("Out of memory in getpwent_list!\n"));
140
		return NULL;
140
		return NULL;
Lines 146-176 Link Here
146
	while (pwd != NULL) {
146
	while (pwd != NULL) {
147
		memset(pent, '\0', sizeof(struct sys_pwent));
147
		memset(pent, '\0', sizeof(struct sys_pwent));
148
		if (pwd->pw_name) {
148
		if (pwd->pw_name) {
149
			if ((pent->pw_name = strdup(pwd->pw_name)) == NULL)
149
			if ((pent->pw_name = SMB_STRDUP(pwd->pw_name)) == NULL)
150
				goto err;
150
				goto err;
151
		}
151
		}
152
		if (pwd->pw_passwd) {
152
		if (pwd->pw_passwd) {
153
			if ((pent->pw_passwd = strdup(pwd->pw_passwd)) == NULL)
153
			if ((pent->pw_passwd = SMB_STRDUP(pwd->pw_passwd)) == NULL)
154
				goto err;
154
				goto err;
155
		}
155
		}
156
		pent->pw_uid = pwd->pw_uid;
156
		pent->pw_uid = pwd->pw_uid;
157
		pent->pw_gid = pwd->pw_gid;
157
		pent->pw_gid = pwd->pw_gid;
158
		if (pwd->pw_gecos) {
158
		if (pwd->pw_gecos) {
159
			if ((pent->pw_gecos = strdup(pwd->pw_gecos)) == NULL)
159
			if ((pent->pw_gecos = SMB_STRDUP(pwd->pw_gecos)) == NULL)
160
				goto err;
160
				goto err;
161
		}
161
		}
162
		if (pwd->pw_dir) {
162
		if (pwd->pw_dir) {
163
			if ((pent->pw_dir = strdup(pwd->pw_dir)) == NULL)
163
			if ((pent->pw_dir = SMB_STRDUP(pwd->pw_dir)) == NULL)
164
				goto err;
164
				goto err;
165
		}
165
		}
166
		if (pwd->pw_shell) {
166
		if (pwd->pw_shell) {
167
			if ((pent->pw_shell = strdup(pwd->pw_shell)) == NULL)
167
			if ((pent->pw_shell = SMB_STRDUP(pwd->pw_shell)) == NULL)
168
				goto err;
168
				goto err;
169
		}
169
		}
170
170
171
		pwd = getpwent();
171
		pwd = getpwent();
172
		if (pwd) {
172
		if (pwd) {
173
			pent->next = (struct sys_pwent *) malloc(sizeof(struct sys_pwent));
173
			pent->next = SMB_MALLOC_P(struct sys_pwent);
174
			if (pent->next == NULL)
174
			if (pent->next == NULL)
175
				goto err;
175
				goto err;
176
			pent = pent->next;
176
			pent = pent->next;
Lines 223-234 Link Here
223
		;
223
		;
224
224
225
	for (i = 0; i < num_users; i++) {
225
	for (i = 0; i < num_users; i++) {
226
		struct sys_userlist *entry = (struct sys_userlist *)malloc(sizeof(*entry));
226
		struct sys_userlist *entry = SMB_MALLOC_P(struct sys_userlist);
227
		if (entry == NULL) {
227
		if (entry == NULL) {
228
			free_userlist(list_head);
228
			free_userlist(list_head);
229
			return NULL;
229
			return NULL;
230
		}
230
		}
231
		entry->unix_name = (char *)strdup(grp->gr_mem[i]);
231
		entry->unix_name = (char *)SMB_STRDUP(grp->gr_mem[i]);
232
		if (entry->unix_name == NULL) {
232
		if (entry->unix_name == NULL) {
233
			SAFE_FREE(entry);
233
			SAFE_FREE(entry);
234
			free_userlist(list_head);
234
			free_userlist(list_head);
(-)samba-3.0.9-orig/source/lib/util_pw.c (-1 / +1 lines)
Lines 24-30 Link Here
24
24
25
static struct passwd *alloc_copy_passwd(const struct passwd *from) 
25
static struct passwd *alloc_copy_passwd(const struct passwd *from) 
26
{
26
{
27
	struct passwd *ret = smb_xmalloc(sizeof(struct passwd));
27
	struct passwd *ret = SMB_XMALLOC_P(struct passwd);
28
	ZERO_STRUCTP(ret);
28
	ZERO_STRUCTP(ret);
29
	ret->pw_name = smb_xstrdup(from->pw_name);
29
	ret->pw_name = smb_xstrdup(from->pw_name);
30
	ret->pw_passwd = smb_xstrdup(from->pw_passwd);
30
	ret->pw_passwd = smb_xstrdup(from->pw_passwd);
(-)samba-3.0.9-orig/source/lib/util_sid.c (-3 / +3 lines)
Lines 304-310 Link Here
304
304
305
	memset((char *)sidout, '\0', sizeof(DOM_SID));
305
	memset((char *)sidout, '\0', sizeof(DOM_SID));
306
306
307
	p = q = strdup(sidstr + 2);
307
	p = q = SMB_STRDUP(sidstr + 2);
308
	if (p == NULL) {
308
	if (p == NULL) {
309
		DEBUG(0, ("string_to_sid: out of memory!\n"));
309
		DEBUG(0, ("string_to_sid: out of memory!\n"));
310
		return False;
310
		return False;
Lines 621-627 Link Here
621
{
621
{
622
	char *buf, *s;
622
	char *buf, *s;
623
	int len = sid_size(sid);
623
	int len = sid_size(sid);
624
	buf = malloc(len);
624
	buf = SMB_MALLOC(len);
625
	if (!buf)
625
	if (!buf)
626
		return NULL;
626
		return NULL;
627
	sid_linearize(buf, len, sid);
627
	sid_linearize(buf, len, sid);
Lines 641-647 Link Here
641
	if(!src)
641
	if(!src)
642
		return NULL;
642
		return NULL;
643
	
643
	
644
	if((dst = talloc_zero(ctx, sizeof(DOM_SID))) != NULL) {
644
	if((dst = TALLOC_ZERO_P(ctx, DOM_SID)) != NULL) {
645
		sid_copy( dst, src);
645
		sid_copy( dst, src);
646
	}
646
	}
647
	
647
	
(-)samba-3.0.9-orig/source/lib/util_smbd.c (-2 / +2 lines)
Lines 49-55 Link Here
49
	if (!pwd) return False;
49
	if (!pwd) return False;
50
50
51
	max_grp = groups_max();
51
	max_grp = groups_max();
52
	temp_groups = (gid_t *)malloc(sizeof(gid_t) * max_grp);
52
	temp_groups = SMB_MALLOC_ARRAY(gid_t, max_grp);
53
	if (! temp_groups) {
53
	if (! temp_groups) {
54
		passwd_free(&pwd);
54
		passwd_free(&pwd);
55
		return False;
55
		return False;
Lines 59-65 Link Here
59
		
59
		
60
		gid_t *groups_tmp;
60
		gid_t *groups_tmp;
61
		
61
		
62
		groups_tmp = Realloc(temp_groups, sizeof(gid_t) * max_grp);
62
		groups_tmp = SMB_REALLOC_ARRAY(temp_groups, gid_t, max_grp);
63
		
63
		
64
		if (!groups_tmp) {
64
		if (!groups_tmp) {
65
			SAFE_FREE(temp_groups);
65
			SAFE_FREE(temp_groups);
(-)samba-3.0.9-orig/source/lib/util_str.c (-19 / +19 lines)
Lines 134-140 Link Here
134
	*ctok=ictok;
134
	*ctok=ictok;
135
	s=(char *)last_ptr;
135
	s=(char *)last_ptr;
136
	
136
	
137
	if (!(ret=iret=malloc((ictok+1)*sizeof(char *))))
137
	if (!(ret=iret=SMB_MALLOC_ARRAY(char *,ictok+1)))
138
		return NULL;
138
		return NULL;
139
	
139
	
140
	while(ictok--) {    
140
	while(ictok--) {    
Lines 815-821 Link Here
815
	int i;
815
	int i;
816
	char *hex_buffer;
816
	char *hex_buffer;
817
817
818
	*out_hex_buffer = smb_xmalloc((len*2)+1);
818
	*out_hex_buffer = SMB_XMALLOC_ARRAY(char, (len*2)+1);
819
	hex_buffer = *out_hex_buffer;
819
	hex_buffer = *out_hex_buffer;
820
820
821
	for (i = 0; i < len; i++)
821
	for (i = 0; i < len; i++)
Lines 863-869 Link Here
863
863
864
	if (l == 0) {
864
	if (l == 0) {
865
		if (!null_string) {
865
		if (!null_string) {
866
			if((null_string = (char *)malloc(1)) == NULL) {
866
			if((null_string = (char *)SMB_MALLOC(1)) == NULL) {
867
				DEBUG(0,("string_init: malloc fail for null_string.\n"));
867
				DEBUG(0,("string_init: malloc fail for null_string.\n"));
868
				return False;
868
				return False;
869
			}
869
			}
Lines 871-877 Link Here
871
		}
871
		}
872
		*dest = null_string;
872
		*dest = null_string;
873
	} else {
873
	} else {
874
		(*dest) = strdup(src);
874
		(*dest) = SMB_STRDUP(src);
875
		if ((*dest) == NULL) {
875
		if ((*dest) == NULL) {
876
			DEBUG(0,("Out of memory in string_init\n"));
876
			DEBUG(0,("Out of memory in string_init\n"));
877
			return False;
877
			return False;
Lines 990-996 Link Here
990
990
991
	s = string;
991
	s = string;
992
992
993
	in = strdup(insert);
993
	in = SMB_STRDUP(insert);
994
	if (!in) {
994
	if (!in) {
995
		DEBUG(0, ("realloc_string_sub: out of memory!\n"));
995
		DEBUG(0, ("realloc_string_sub: out of memory!\n"));
996
		return NULL;
996
		return NULL;
Lines 1019-1025 Link Here
1019
	while ((p = strstr_m(s,pattern))) {
1019
	while ((p = strstr_m(s,pattern))) {
1020
		if (ld > 0) {
1020
		if (ld > 0) {
1021
			int offset = PTR_DIFF(s,string);
1021
			int offset = PTR_DIFF(s,string);
1022
			char *t = Realloc(string, ls + ld + 1);
1022
			char *t = SMB_REALLOC(string, ls + ld + 1);
1023
			if (!t) {
1023
			if (!t) {
1024
				DEBUG(0, ("realloc_string_sub: out of memory!\n"));
1024
				DEBUG(0, ("realloc_string_sub: out of memory!\n"));
1025
				SAFE_FREE(in);
1025
				SAFE_FREE(in);
Lines 1110-1116 Link Here
1110
		}
1110
		}
1111
	}
1111
	}
1112
1112
1113
	r = rp = (smb_ucs2_t *)malloc((lt + 1)*(sizeof(smb_ucs2_t)));
1113
	r = rp = SMB_MALLOC_ARRAY(smb_ucs2_t, lt + 1);
1114
	if (!r) {
1114
	if (!r) {
1115
		DEBUG(0, ("all_string_sub_w: out of memory!\n"));
1115
		DEBUG(0, ("all_string_sub_w: out of memory!\n"));
1116
		return NULL;
1116
		return NULL;
Lines 1478-1484 Link Here
1478
	char *s;
1478
	char *s;
1479
	int i, j;
1479
	int i, j;
1480
	const char *hex = "0123456789ABCDEF";
1480
	const char *hex = "0123456789ABCDEF";
1481
	s = malloc(len * 3 + 1);
1481
	s = SMB_MALLOC(len * 3 + 1);
1482
	if (!s)
1482
	if (!s)
1483
		return NULL;
1483
		return NULL;
1484
	for (j=i=0;i<len;i++) {
1484
	for (j=i=0;i<len;i++) {
Lines 1533-1539 Link Here
1533
	char *ret;
1533
	char *ret;
1534
	
1534
	
1535
	n = strnlen(s, n);
1535
	n = strnlen(s, n);
1536
	ret = malloc(n+1);
1536
	ret = SMB_MALLOC(n+1);
1537
	if (!ret)
1537
	if (!ret)
1538
		return NULL;
1538
		return NULL;
1539
	memcpy(ret, s, n);
1539
	memcpy(ret, s, n);
Lines 1573-1579 Link Here
1573
	
1573
	
1574
	if (!string || !*string)
1574
	if (!string || !*string)
1575
		return NULL;
1575
		return NULL;
1576
	s = strdup(string);
1576
	s = SMB_STRDUP(string);
1577
	if (!s) {
1577
	if (!s) {
1578
		DEBUG(0,("str_list_make: Unable to allocate memory"));
1578
		DEBUG(0,("str_list_make: Unable to allocate memory"));
1579
		return NULL;
1579
		return NULL;
Lines 1587-1593 Link Here
1587
	while (next_token(&str, tok, sep, sizeof(tok))) {		
1587
	while (next_token(&str, tok, sep, sizeof(tok))) {		
1588
		if (num == lsize) {
1588
		if (num == lsize) {
1589
			lsize += S_LIST_ABS;
1589
			lsize += S_LIST_ABS;
1590
			rlist = (char **)Realloc(list, ((sizeof(char **)) * (lsize +1)));
1590
			rlist = SMB_REALLOC_ARRAY(list, char *, lsize +1);
1591
			if (!rlist) {
1591
			if (!rlist) {
1592
				DEBUG(0,("str_list_make: Unable to allocate memory"));
1592
				DEBUG(0,("str_list_make: Unable to allocate memory"));
1593
				str_list_free(&list);
1593
				str_list_free(&list);
Lines 1598-1604 Link Here
1598
			memset (&list[num], 0, ((sizeof(char**)) * (S_LIST_ABS +1)));
1598
			memset (&list[num], 0, ((sizeof(char**)) * (S_LIST_ABS +1)));
1599
		}
1599
		}
1600
		
1600
		
1601
		list[num] = strdup(tok);
1601
		list[num] = SMB_STRDUP(tok);
1602
		if (!list[num]) {
1602
		if (!list[num]) {
1603
			DEBUG(0,("str_list_make: Unable to allocate memory"));
1603
			DEBUG(0,("str_list_make: Unable to allocate memory"));
1604
			str_list_free(&list);
1604
			str_list_free(&list);
Lines 1628-1634 Link Here
1628
	while (src[num]) {
1628
	while (src[num]) {
1629
		if (num == lsize) {
1629
		if (num == lsize) {
1630
			lsize += S_LIST_ABS;
1630
			lsize += S_LIST_ABS;
1631
			rlist = (char **)Realloc(list, ((sizeof(char **)) * (lsize +1)));
1631
			rlist = SMB_REALLOC_ARRAY(list, char *, lsize +1);
1632
			if (!rlist) {
1632
			if (!rlist) {
1633
				DEBUG(0,("str_list_copy: Unable to re-allocate memory"));
1633
				DEBUG(0,("str_list_copy: Unable to re-allocate memory"));
1634
				str_list_free(&list);
1634
				str_list_free(&list);
Lines 1638-1644 Link Here
1638
			memset (&list[num], 0, ((sizeof(char **)) * (S_LIST_ABS +1)));
1638
			memset (&list[num], 0, ((sizeof(char **)) * (S_LIST_ABS +1)));
1639
		}
1639
		}
1640
		
1640
		
1641
		list[num] = strdup(src[num]);
1641
		list[num] = SMB_STRDUP(src[num]);
1642
		if (!list[num]) {
1642
		if (!list[num]) {
1643
			DEBUG(0,("str_list_copy: Unable to allocate memory"));
1643
			DEBUG(0,("str_list_copy: Unable to allocate memory"));
1644
			str_list_free(&list);
1644
			str_list_free(&list);
Lines 1740-1746 Link Here
1740
			t = *list;
1740
			t = *list;
1741
			d = p -t;
1741
			d = p -t;
1742
			if (ld) {
1742
			if (ld) {
1743
				t = (char *) malloc(ls +ld +1);
1743
				t = (char *) SMB_MALLOC(ls +ld +1);
1744
				if (!t) {
1744
				if (!t) {
1745
					DEBUG(0,("str_list_substitute: Unable to allocate memory"));
1745
					DEBUG(0,("str_list_substitute: Unable to allocate memory"));
1746
					return False;
1746
					return False;
Lines 1863-1869 Link Here
1863
		return 0;
1863
		return 0;
1864
	
1864
	
1865
	count = count_chars(ipstr_list, IPSTR_LIST_CHAR) + 1;
1865
	count = count_chars(ipstr_list, IPSTR_LIST_CHAR) + 1;
1866
	if ( (*ip_list = (struct ip_service*)malloc(count * sizeof(struct ip_service))) == NULL ) {
1866
	if ( (*ip_list = SMB_MALLOC_ARRAY(struct ip_service, count)) == NULL ) {
1867
		DEBUG(0,("ipstr_list_parse: malloc failed for %lu entries\n", (unsigned long)count));
1867
		DEBUG(0,("ipstr_list_parse: malloc failed for %lu entries\n", (unsigned long)count));
1868
		return 0;
1868
		return 0;
1869
	}
1869
	}
Lines 2011-2017 Link Here
2011
	size_t out_cnt = 0;
2011
	size_t out_cnt = 0;
2012
	size_t len = data.length;
2012
	size_t len = data.length;
2013
	size_t output_len = data.length * 2;
2013
	size_t output_len = data.length * 2;
2014
	char *result = malloc(output_len); /* get us plenty of space */
2014
	char *result = SMB_MALLOC(output_len); /* get us plenty of space */
2015
2015
2016
	while (len-- && out_cnt < (data.length * 2) - 5) {
2016
	while (len-- && out_cnt < (data.length * 2) - 5) {
2017
		int c = (unsigned char) *(data.data++);
2017
		int c = (unsigned char) *(data.data++);
Lines 2072-2082 Link Here
2072
	int new_len = strlen(right) + 1;
2072
	int new_len = strlen(right) + 1;
2073
2073
2074
	if (*left == NULL) {
2074
	if (*left == NULL) {
2075
		*left = malloc(new_len);
2075
		*left = SMB_MALLOC(new_len);
2076
		*left[0] = '\0';
2076
		*left[0] = '\0';
2077
	} else {
2077
	} else {
2078
		new_len += strlen(*left);
2078
		new_len += strlen(*left);
2079
		*left = Realloc(*left, new_len);
2079
		*left = SMB_REALLOC(*left, new_len);
2080
	}
2080
	}
2081
2081
2082
	if (*left == NULL)
2082
	if (*left == NULL)
(-)samba-3.0.9-orig/source/lib/util_unistr.c (-7 / +7 lines)
Lines 61-67 Link Here
61
	   not available */
61
	   not available */
62
	if (!upcase_table) {
62
	if (!upcase_table) {
63
		DEBUG(1,("creating lame upcase table\n"));
63
		DEBUG(1,("creating lame upcase table\n"));
64
		upcase_table = malloc(0x20000);
64
		upcase_table = SMB_MALLOC(0x20000);
65
		for (i=0;i<0x10000;i++) {
65
		for (i=0;i<0x10000;i++) {
66
			smb_ucs2_t v;
66
			smb_ucs2_t v;
67
			SSVAL(&v, 0, i);
67
			SSVAL(&v, 0, i);
Lines 76-82 Link Here
76
76
77
	if (!lowcase_table) {
77
	if (!lowcase_table) {
78
		DEBUG(1,("creating lame lowcase table\n"));
78
		DEBUG(1,("creating lame lowcase table\n"));
79
		lowcase_table = malloc(0x20000);
79
		lowcase_table = SMB_MALLOC(0x20000);
80
		for (i=0;i<0x10000;i++) {
80
		for (i=0;i<0x10000;i++) {
81
			smb_ucs2_t v;
81
			smb_ucs2_t v;
82
			SSVAL(&v, 0, i);
82
			SSVAL(&v, 0, i);
Lines 175-181 Link Here
175
	if (valid_table) free(valid_table);
175
	if (valid_table) free(valid_table);
176
176
177
	DEBUG(2,("creating default valid table\n"));
177
	DEBUG(2,("creating default valid table\n"));
178
	valid_table = malloc(0x10000);
178
	valid_table = SMB_MALLOC(0x10000);
179
	for (i=0;i<128;i++)
179
	for (i=0;i<128;i++)
180
		valid_table[i] = isalnum(i) || strchr(allowed,i);
180
		valid_table[i] = isalnum(i) || strchr(allowed,i);
181
	
181
	
Lines 302-308 Link Here
302
	char *s;
302
	char *s;
303
	int maxlen = (str->uni_str_len+1)*4;
303
	int maxlen = (str->uni_str_len+1)*4;
304
	if (!str->buffer) return NULL;
304
	if (!str->buffer) return NULL;
305
	s = (char *)talloc(ctx, maxlen); /* convervative */
305
	s = (char *)TALLOC(ctx, maxlen); /* convervative */
306
	if (!s) return NULL;
306
	if (!s) return NULL;
307
	pull_ucs2(NULL, s, str->buffer, maxlen, str->uni_str_len*2, 
307
	pull_ucs2(NULL, s, str->buffer, maxlen, str->uni_str_len*2, 
308
		  STR_NOALIGN);
308
		  STR_NOALIGN);
Lines 586-592 Link Here
586
	smb_ucs2_t *dest;
586
	smb_ucs2_t *dest;
587
	
587
	
588
	if (!len) len = strlen_w(src);
588
	if (!len) len = strlen_w(src);
589
	dest = (smb_ucs2_t *)malloc((len + 1) * sizeof(smb_ucs2_t));
589
	dest = SMB_MALLOC_ARRAY(smb_ucs2_t, len + 1);
590
	if (!dest) {
590
	if (!dest) {
591
		DEBUG(0,("strdup_w: out of memory!\n"));
591
		DEBUG(0,("strdup_w: out of memory!\n"));
592
		return NULL;
592
		return NULL;
Lines 825-836 Link Here
825
	
825
	
826
	/* allocate UNISTR2 destination if not given */
826
	/* allocate UNISTR2 destination if not given */
827
	if (!dst) {
827
	if (!dst) {
828
		dst = (UNISTR2*) talloc(ctx, sizeof(UNISTR2));
828
		dst = TALLOC_P(ctx, UNISTR2);
829
		if (!dst)
829
		if (!dst)
830
			return NULL;
830
			return NULL;
831
	}
831
	}
832
	if (!dst->buffer) {
832
	if (!dst->buffer) {
833
		dst->buffer = (uint16*) talloc(ctx, sizeof(uint16) * (len + 1));
833
		dst->buffer = TALLOC_ARRAY(ctx, uint16, len + 1);
834
		if (!dst->buffer)
834
		if (!dst->buffer)
835
			return NULL;
835
			return NULL;
836
	}
836
	}
(-)samba-3.0.9-orig/source/lib/wins_srv.c (-6 / +6 lines)
Lines 72-79 Link Here
72
{
72
{
73
	char *keystr = NULL, *wins_ip_addr = NULL, *src_ip_addr = NULL;
73
	char *keystr = NULL, *wins_ip_addr = NULL, *src_ip_addr = NULL;
74
74
75
	wins_ip_addr = strdup(inet_ntoa(wins_ip));
75
	wins_ip_addr = SMB_STRDUP(inet_ntoa(wins_ip));
76
	src_ip_addr = strdup(inet_ntoa(src_ip));
76
	src_ip_addr = SMB_STRDUP(inet_ntoa(src_ip));
77
77
78
	if ( !wins_ip_addr || !src_ip_addr ) {
78
	if ( !wins_ip_addr || !src_ip_addr ) {
79
		DEBUG(0,("wins_srv_keystr: malloc error\n"));
79
		DEBUG(0,("wins_srv_keystr: malloc error\n"));
Lines 212-220 Link Here
212
	if (lp_wins_support()) {
212
	if (lp_wins_support()) {
213
		/* give the caller something to chew on. This makes
213
		/* give the caller something to chew on. This makes
214
		   the rest of the logic simpler (ie. less special cases) */
214
		   the rest of the logic simpler (ie. less special cases) */
215
		ret = (char **)malloc(sizeof(char *)*2);
215
		ret = SMB_MALLOC_ARRAY(char *, 2);
216
		if (!ret) return NULL;
216
		if (!ret) return NULL;
217
		ret[0] = strdup("*");
217
		ret[0] = SMB_STRDUP("*");
218
		ret[1] = NULL;
218
		ret[1] = NULL;
219
		return ret;
219
		return ret;
220
	}
220
	}
Lines 242-249 Link Here
242
		}
242
		}
243
243
244
		/* add it to the list */
244
		/* add it to the list */
245
		ret = (char **)Realloc(ret, (count+2) * sizeof(char *));
245
		ret = SMB_REALLOC_ARRAY(ret, char *, count+2);
246
		ret[count] = strdup(t_ip.tag);
246
		ret[count] = SMB_STRDUP(t_ip.tag);
247
		if (!ret[count]) break;
247
		if (!ret[count]) break;
248
		count++;
248
		count++;
249
	}
249
	}
(-)samba-3.0.9-orig/source/lib/xfile.c (-2 / +2 lines)
Lines 80-86 Link Here
80
{
80
{
81
	if (f->buf) return 1;
81
	if (f->buf) return 1;
82
	if (f->bufsize == 0) return 0;
82
	if (f->bufsize == 0) return 0;
83
	f->buf = malloc(f->bufsize);
83
	f->buf = SMB_MALLOC(f->bufsize);
84
	if (!f->buf) return 0;
84
	if (!f->buf) return 0;
85
	f->next = f->buf;
85
	f->next = f->buf;
86
	return 1;
86
	return 1;
Lines 95-101 Link Here
95
{
95
{
96
	XFILE *ret;
96
	XFILE *ret;
97
97
98
	ret = (XFILE *)malloc(sizeof(XFILE));
98
	ret = SMB_MALLOC_P(XFILE);
99
	if (!ret) return NULL;
99
	if (!ret) return NULL;
100
100
101
	memset(ret, 0, sizeof(XFILE));
101
	memset(ret, 0, sizeof(XFILE));
(-)samba-3.0.9-orig/source/libads/ads_struct.c (-6 / +6 lines)
Lines 31-37 Link Here
31
	char *ret;
31
	char *ret;
32
	int len;
32
	int len;
33
	
33
	
34
	r = strdup(realm);
34
	r = SMB_STRDUP(realm);
35
35
36
	if (!r || !*r)
36
	if (!r || !*r)
37
		return r;
37
		return r;
Lines 42-48 Link Here
42
42
43
	len = (numbits+1)*(strlen(field)+1) + strlen(r) + 1;
43
	len = (numbits+1)*(strlen(field)+1) + strlen(r) + 1;
44
44
45
	ret = malloc(len);
45
	ret = SMB_MALLOC(len);
46
	if (!ret)
46
	if (!ret)
47
		return NULL;
47
		return NULL;
48
48
Lines 87-98 Link Here
87
{
87
{
88
	ADS_STRUCT *ads;
88
	ADS_STRUCT *ads;
89
	
89
	
90
	ads = (ADS_STRUCT *)smb_xmalloc(sizeof(*ads));
90
	ads = SMB_XMALLOC_P(ADS_STRUCT);
91
	ZERO_STRUCTP(ads);
91
	ZERO_STRUCTP(ads);
92
	
92
	
93
	ads->server.realm = realm? strdup(realm) : NULL;
93
	ads->server.realm = realm? SMB_STRDUP(realm) : NULL;
94
	ads->server.workgroup = workgroup ? strdup(workgroup) : NULL;
94
	ads->server.workgroup = workgroup ? SMB_STRDUP(workgroup) : NULL;
95
	ads->server.ldap_server = ldap_server? strdup(ldap_server) : NULL;
95
	ads->server.ldap_server = ldap_server? SMB_STRDUP(ldap_server) : NULL;
96
96
97
	/* we need to know if this is a foreign realm */
97
	/* we need to know if this is a foreign realm */
98
	if (realm && *realm && !strequal(lp_realm(), realm)) {
98
	if (realm && *realm && !strequal(lp_realm(), realm)) {
(-)samba-3.0.9-orig/source/libads/authdata.c (-22 / +12 lines)
Lines 59-65 Link Here
59
		return False;
59
		return False;
60
60
61
	if (UNMARSHALLING(ps) && type_10->len) {
61
	if (UNMARSHALLING(ps) && type_10->len) {
62
		type_10->username = (uint16 *) prs_alloc_mem(ps, type_10->len);
62
		type_10->username = PRS_ALLOC_MEM(ps, uint16, type_10->len);
63
		if (!type_10->username) {
63
		if (!type_10->username) {
64
			DEBUG(3, ("No memory available\n"));
64
			DEBUG(3, ("No memory available\n"));
65
			return False;
65
			return False;
Lines 85-92 Link Here
85
	depth++;
85
	depth++;
86
86
87
	if (UNMARSHALLING(ps)) {
87
	if (UNMARSHALLING(ps)) {
88
		sid_and_attr->sid = 
88
		sid_and_attr->sid = PRS_ALLOC_MEM(ps, DOM_SID2, 1);
89
			(DOM_SID2 * ) prs_alloc_mem(ps, sizeof(DOM_SID2));
90
		if (!sid_and_attr->sid) {
89
		if (!sid_and_attr->sid) {
91
			DEBUG(3, ("No memory available\n"));
90
			DEBUG(3, ("No memory available\n"));
92
			return False;
91
			return False;
Lines 135-142 Link Here
135
		return False;
134
		return False;
136
135
137
	if (UNMARSHALLING(ps)) {
136
	if (UNMARSHALLING(ps)) {
138
		array->krb_sid_and_attrs = (KRB_SID_AND_ATTRS *)
137
		array->krb_sid_and_attrs = PRS_ALLOC_MEM(ps, KRB_SID_AND_ATTRS, num);
139
			prs_alloc_mem(ps, sizeof(KRB_SID_AND_ATTRS) * num);
140
		if (!array->krb_sid_and_attrs) {
138
		if (!array->krb_sid_and_attrs) {
141
			DEBUG(3, ("No memory available\n"));
139
			DEBUG(3, ("No memory available\n"));
142
			return False;
140
			return False;
Lines 199-206 Link Here
199
		return False;
197
		return False;
200
198
201
	if (UNMARSHALLING(ps)) {
199
	if (UNMARSHALLING(ps)) {
202
		array->group_membership = (GROUP_MEMBERSHIP *)
200
		array->group_membership = PRS_ALLOC_MEM(ps, GROUP_MEMBERSHIP, num);
203
			prs_alloc_mem(ps, sizeof(GROUP_MEMBERSHIP) * num);
204
		if (!array->group_membership) {
201
		if (!array->group_membership) {
205
			DEBUG(3, ("No memory available\n"));
202
			DEBUG(3, ("No memory available\n"));
206
			return False;
203
			return False;
Lines 423-429 Link Here
423
	if (!prs_uint32("type", ps, depth, &data->type))
420
	if (!prs_uint32("type", ps, depth, &data->type))
424
		return False;
421
		return False;
425
	if (UNMARSHALLING(ps)) {
422
	if (UNMARSHALLING(ps)) {
426
		data->signature = (unsigned char *)prs_alloc_mem(ps, siglen);
423
		data->signature = PRS_ALLOC_MEM(ps, unsigned char, siglen);
427
		if (!data->signature) {
424
		if (!data->signature) {
428
			DEBUG(3, ("No memory available\n"));
425
			DEBUG(3, ("No memory available\n"));
429
			return False;
426
			return False;
Lines 454-461 Link Here
454
	}
451
	}
455
452
456
	if (UNMARSHALLING(ps) && hdr->size > 0) {
453
	if (UNMARSHALLING(ps) && hdr->size > 0) {
457
		hdr->ctr = (PAC_INFO_CTR *) 
454
		hdr->ctr = PRS_ALLOC_MEM(ps, PAC_INFO_CTR, 1);
458
			prs_alloc_mem(ps, sizeof(PAC_INFO_CTR));
459
		if (!hdr->ctr) {
455
		if (!hdr->ctr) {
460
			DEBUG(3, ("No memory available\n"));
456
			DEBUG(3, ("No memory available\n"));
461
			return False;
457
			return False;
Lines 466-473 Link Here
466
	case PAC_TYPE_LOGON_INFO:
462
	case PAC_TYPE_LOGON_INFO:
467
		DEBUG(5, ("PAC_TYPE_LOGON_INFO\n"));
463
		DEBUG(5, ("PAC_TYPE_LOGON_INFO\n"));
468
		if (UNMARSHALLING(ps))
464
		if (UNMARSHALLING(ps))
469
			hdr->ctr->pac.logon_info = (PAC_LOGON_INFO *)
465
			hdr->ctr->pac.logon_info = PRS_ALLOC_MEM(ps, PAC_LOGON_INFO, 1);
470
				prs_alloc_mem(ps, sizeof(PAC_LOGON_INFO));
471
		if (!hdr->ctr->pac.logon_info) {
466
		if (!hdr->ctr->pac.logon_info) {
472
			DEBUG(3, ("No memory available\n"));
467
			DEBUG(3, ("No memory available\n"));
473
			return False;
468
			return False;
Lines 480-487 Link Here
480
	case PAC_TYPE_SERVER_CHECKSUM:
475
	case PAC_TYPE_SERVER_CHECKSUM:
481
		DEBUG(5, ("PAC_TYPE_SERVER_CHECKSUM\n"));
476
		DEBUG(5, ("PAC_TYPE_SERVER_CHECKSUM\n"));
482
		if (UNMARSHALLING(ps))
477
		if (UNMARSHALLING(ps))
483
			hdr->ctr->pac.srv_cksum = (PAC_SIGNATURE_DATA *)
478
			hdr->ctr->pac.srv_cksum = PRS_ALLOC_MEM(ps, PAC_SIGNATURE_DATA, 1);
484
				prs_alloc_mem(ps, sizeof(PAC_SIGNATURE_DATA));
485
		if (!hdr->ctr->pac.srv_cksum) {
479
		if (!hdr->ctr->pac.srv_cksum) {
486
			DEBUG(3, ("No memory available\n"));
480
			DEBUG(3, ("No memory available\n"));
487
			return False;
481
			return False;
Lines 494-501 Link Here
494
	case PAC_TYPE_PRIVSVR_CHECKSUM:
488
	case PAC_TYPE_PRIVSVR_CHECKSUM:
495
		DEBUG(5, ("PAC_TYPE_PRIVSVR_CHECKSUM\n"));
489
		DEBUG(5, ("PAC_TYPE_PRIVSVR_CHECKSUM\n"));
496
		if (UNMARSHALLING(ps))
490
		if (UNMARSHALLING(ps))
497
			hdr->ctr->pac.privsrv_cksum = (PAC_SIGNATURE_DATA *)
491
			hdr->ctr->pac.privsrv_cksum = PRS_ALLOC_MEM(ps, PAC_SIGNATURE_DATA, 1);
498
				prs_alloc_mem(ps, sizeof(PAC_SIGNATURE_DATA));
499
		if (!hdr->ctr->pac.privsrv_cksum) {
492
		if (!hdr->ctr->pac.privsrv_cksum) {
500
			DEBUG(3, ("No memory available\n"));
493
			DEBUG(3, ("No memory available\n"));
501
			return False;
494
			return False;
Lines 509-516 Link Here
509
	case PAC_TYPE_UNKNOWN_10:
502
	case PAC_TYPE_UNKNOWN_10:
510
		DEBUG(5, ("PAC_TYPE_UNKNOWN_10\n"));
503
		DEBUG(5, ("PAC_TYPE_UNKNOWN_10\n"));
511
		if (UNMARSHALLING(ps))
504
		if (UNMARSHALLING(ps))
512
			hdr->ctr->pac.type_10 = (UNKNOWN_TYPE_10 *)
505
			hdr->ctr->pac.type_10 = PRS_ALLOC_MEM(ps, UNKNOWN_TYPE_10, 1);
513
				prs_alloc_mem(ps, sizeof(UNKNOWN_TYPE_10));
514
		if (!hdr->ctr->pac.type_10) {
506
		if (!hdr->ctr->pac.type_10) {
515
			DEBUG(3, ("No memory available\n"));
507
			DEBUG(3, ("No memory available\n"));
516
			return False;
508
			return False;
Lines 571-579 Link Here
571
		return False;
563
		return False;
572
564
573
	if (UNMARSHALLING(ps) && data->num_buffers > 0) {
565
	if (UNMARSHALLING(ps) && data->num_buffers > 0) {
574
		if ((data->pac_info_hdr_ptr = (PAC_INFO_HDR *) 
566
		if ((data->pac_info_hdr_ptr = PRS_ALLOC_MEM(ps, PAC_INFO_HDR, data->num_buffers)) == NULL) {
575
		     prs_alloc_mem(ps, sizeof(PAC_INFO_HDR) * 
576
				   data->num_buffers)) == NULL) {
577
			return False;
567
			return False;
578
		}
568
		}
579
	}
569
	}
Lines 606-612 Link Here
606
596
607
	data_blob_free(&pac_data_blob);
597
	data_blob_free(&pac_data_blob);
608
598
609
	pac_data = (PAC_DATA *) talloc_zero(ctx, sizeof(PAC_DATA));
599
	pac_data = TALLOC_ZERO_P(ctx, PAC_DATA);
610
	pac_io_pac_data("pac data", pac_data, &ps, 0);
600
	pac_io_pac_data("pac data", pac_data, &ps, 0);
611
601
612
	prs_mem_free(&ps);
602
	prs_mem_free(&ps);
(-)samba-3.0.9-orig/source/libads/kerberos_keytab.c (-1 / +1 lines)
Lines 546-552 Link Here
546
	if (!found) {
546
	if (!found) {
547
		goto done;
547
		goto done;
548
	}
548
	}
549
	oldEntries = (char **) malloc(found * sizeof(char *));
549
	oldEntries = SMB_MALLOC_ARRAY(char *, found );
550
	if (!oldEntries) {
550
	if (!oldEntries) {
551
		DEBUG(1,("ads_keytab_create_default: Failed to allocate space to store the old keytab entries (malloc failed?).\n"));
551
		DEBUG(1,("ads_keytab_create_default: Failed to allocate space to store the old keytab entries (malloc failed?).\n"));
552
		ret = -1;
552
		ret = -1;
(-)samba-3.0.9-orig/source/libads/kerberos_verify.c (-1 / +1 lines)
Lines 174-180 Link Here
174
	for (i=0;enctypes[i];i++) {
174
	for (i=0;enctypes[i];i++) {
175
		krb5_keyblock *key = NULL;
175
		krb5_keyblock *key = NULL;
176
176
177
		if (!(key = (krb5_keyblock *)malloc(sizeof(*key)))) {
177
		if (!(key = SMB_MALLOC_P(krb5_keyblock))) {
178
			goto out;
178
			goto out;
179
		}
179
		}
180
	
180
	
(-)samba-3.0.9-orig/source/libads/krb5_setpw.c (-4 / +4 lines)
Lines 54-60 Link Here
54
	DATA_BLOB ret;
54
	DATA_BLOB ret;
55
55
56
56
57
	princ = strdup(principal);
57
	princ = SMB_STRDUP(principal);
58
58
59
	if ((c = strchr_m(princ, '/')) == NULL) {
59
	if ((c = strchr_m(princ, '/')) == NULL) {
60
	    c = princ; 
60
	    c = princ; 
Lines 156-162 Link Here
156
		return ret;
156
		return ret;
157
	}
157
	}
158
158
159
	packet->data = (char *)malloc(ap_req->length + cipherpw.length + 6);
159
	packet->data = (char *)SMB_MALLOC(ap_req->length + cipherpw.length + 6);
160
	if (!packet->data)
160
	if (!packet->data)
161
		return -1;
161
		return -1;
162
162
Lines 407-413 Link Here
407
	free(chpw_req.data);
407
	free(chpw_req.data);
408
408
409
	chpw_rep.length = 1500;
409
	chpw_rep.length = 1500;
410
	chpw_rep.data = (char *) malloc(chpw_rep.length);
410
	chpw_rep.data = (char *) SMB_MALLOC(chpw_rep.length);
411
	if (!chpw_rep.data) {
411
	if (!chpw_rep.data) {
412
	        close(sock);
412
	        close(sock);
413
	        free(ap_req.data);
413
	        free(ap_req.data);
Lines 631-637 Link Here
631
    /* We have to obtain an INITIAL changepw ticket for changing password */
631
    /* We have to obtain an INITIAL changepw ticket for changing password */
632
    asprintf(&chpw_princ, "kadmin/changepw@%s",
632
    asprintf(&chpw_princ, "kadmin/changepw@%s",
633
				(char *) krb5_princ_realm(context, princ));
633
				(char *) krb5_princ_realm(context, princ));
634
    password = strdup(oldpw);
634
    password = SMB_STRDUP(oldpw);
635
    ret = krb5_get_init_creds_password(context, &creds, princ, password,
635
    ret = krb5_get_init_creds_password(context, &creds, princ, password,
636
					   kerb_prompter, NULL, 
636
					   kerb_prompter, NULL, 
637
					   0, chpw_princ, &opts);
637
					   0, chpw_princ, &opts);
(-)samba-3.0.9-orig/source/libads/ldap.c (-30 / +30 lines)
Lines 85-91 Link Here
85
	DEBUG(5,("ads_try_connect: trying ldap server '%s' port %u\n", server, port));
85
	DEBUG(5,("ads_try_connect: trying ldap server '%s' port %u\n", server, port));
86
86
87
	/* this copes with inet_ntoa brokenness */
87
	/* this copes with inet_ntoa brokenness */
88
	srv = strdup(server);
88
	srv = SMB_STRDUP(server);
89
89
90
	ads->ld = ldap_open_with_timeout(srv, port, lp_ldap_timeout());
90
	ads->ld = ldap_open_with_timeout(srv, port, lp_ldap_timeout());
91
	if (!ads->ld) {
91
	if (!ads->ld) {
Lines 262-272 Link Here
262
	}
262
	}
263
263
264
	if (!ads->auth.realm) {
264
	if (!ads->auth.realm) {
265
		ads->auth.realm = strdup(ads->config.realm);
265
		ads->auth.realm = SMB_STRDUP(ads->config.realm);
266
	}
266
	}
267
267
268
	if (!ads->auth.kdc_server) {
268
	if (!ads->auth.kdc_server) {
269
		ads->auth.kdc_server = strdup(inet_ntoa(ads->ldap_ip));
269
		ads->auth.kdc_server = SMB_STRDUP(inet_ntoa(ads->ldap_ip));
270
	}
270
	}
271
271
272
#if KRB5_DNS_HACK
272
#if KRB5_DNS_HACK
Lines 304-316 Link Here
304
304
305
	if (!in_val) return NULL;
305
	if (!in_val) return NULL;
306
306
307
	value = talloc_zero(ctx, sizeof(struct berval));
307
	value = TALLOC_ZERO_P(ctx, struct berval);
308
	if (value == NULL)
308
	if (value == NULL)
309
		return NULL;
309
		return NULL;
310
	if (in_val->bv_len == 0) return value;
310
	if (in_val->bv_len == 0) return value;
311
311
312
	value->bv_len = in_val->bv_len;
312
	value->bv_len = in_val->bv_len;
313
	value->bv_val = talloc_memdup(ctx, in_val->bv_val, in_val->bv_len);
313
	value->bv_val = TALLOC_MEMDUP(ctx, in_val->bv_val, in_val->bv_len);
314
	return value;
314
	return value;
315
}
315
}
316
316
Lines 324-332 Link Here
324
	int i;
324
	int i;
325
       
325
       
326
	if (!in_vals) return NULL;
326
	if (!in_vals) return NULL;
327
	for (i=0; in_vals[i]; i++); /* count values */
327
	for (i=0; in_vals[i]; i++)
328
	values = (struct berval **) talloc_zero(ctx, 
328
		; /* count values */
329
						(i+1)*sizeof(struct berval *));
329
	values = TALLOC_ZERO_ARRAY(ctx, struct berval *, i+1);
330
	if (!values) return NULL;
330
	if (!values) return NULL;
331
331
332
	for (i=0; in_vals[i]; i++) {
332
	for (i=0; in_vals[i]; i++) {
Lines 344-351 Link Here
344
	int i;
344
	int i;
345
       
345
       
346
	if (!in_vals) return NULL;
346
	if (!in_vals) return NULL;
347
	for (i=0; in_vals[i]; i++); /* count values */
347
	for (i=0; in_vals[i]; i++)
348
	values = (char ** ) talloc_zero(ctx, (i+1)*sizeof(char *));
348
		; /* count values */
349
	values = TALLOC_ZERO_ARRAY(ctx, char *, i+1);
349
	if (!values) return NULL;
350
	if (!values) return NULL;
350
351
351
	for (i=0; in_vals[i]; i++) {
352
	for (i=0; in_vals[i]; i++) {
Lines 363-370 Link Here
363
	int i;
364
	int i;
364
       
365
       
365
	if (!in_vals) return NULL;
366
	if (!in_vals) return NULL;
366
	for (i=0; in_vals[i]; i++); /* count values */
367
	for (i=0; in_vals[i]; i++)
367
	values = (char **) talloc_zero(ctx, (i+1)*sizeof(char *));
368
		; /* count values */
369
	values = TALLOC_ZERO_ARRAY(ctx, char *, i+1);
368
	if (!values) return NULL;
370
	if (!values) return NULL;
369
371
370
	for (i=0; in_vals[i]; i++) {
372
	for (i=0; in_vals[i]; i++) {
Lines 787-794 Link Here
787
#define ADS_MODLIST_ALLOC_SIZE 10
789
#define ADS_MODLIST_ALLOC_SIZE 10
788
	LDAPMod **mods;
790
	LDAPMod **mods;
789
	
791
	
790
	if ((mods = (LDAPMod **) talloc_zero(ctx, sizeof(LDAPMod *) * 
792
	if ((mods = TALLOC_ZERO_ARRAY(ctx, LDAPMod *, ADS_MODLIST_ALLOC_SIZE + 1)))
791
					     (ADS_MODLIST_ALLOC_SIZE + 1))))
792
		/* -1 is safety to make sure we don't go over the end.
793
		/* -1 is safety to make sure we don't go over the end.
793
		   need to reset it to NULL before doing ldap modify */
794
		   need to reset it to NULL before doing ldap modify */
794
		mods[ADS_MODLIST_ALLOC_SIZE] = (LDAPMod *) -1;
795
		mods[ADS_MODLIST_ALLOC_SIZE] = (LDAPMod *) -1;
Lines 824-831 Link Here
824
	for (curmod=0; modlist[curmod] && modlist[curmod] != (LDAPMod *) -1;
825
	for (curmod=0; modlist[curmod] && modlist[curmod] != (LDAPMod *) -1;
825
	     curmod++);
826
	     curmod++);
826
	if (modlist[curmod] == (LDAPMod *) -1) {
827
	if (modlist[curmod] == (LDAPMod *) -1) {
827
		if (!(modlist = talloc_realloc(ctx, modlist, 
828
		if (!(modlist = TALLOC_REALLOC_ARRAY(ctx, modlist, LDAPMod *,
828
			(curmod+ADS_MODLIST_ALLOC_SIZE+1)*sizeof(LDAPMod *))))
829
				curmod+ADS_MODLIST_ALLOC_SIZE+1)))
829
			return ADS_ERROR(LDAP_NO_MEMORY);
830
			return ADS_ERROR(LDAP_NO_MEMORY);
830
		memset(&modlist[curmod], 0, 
831
		memset(&modlist[curmod], 0, 
831
		       ADS_MODLIST_ALLOC_SIZE*sizeof(LDAPMod *));
832
		       ADS_MODLIST_ALLOC_SIZE*sizeof(LDAPMod *));
Lines 833-839 Link Here
833
		*mods = modlist;
834
		*mods = modlist;
834
	}
835
	}
835
		
836
		
836
	if (!(modlist[curmod] = talloc_zero(ctx, sizeof(LDAPMod))))
837
	if (!(modlist[curmod] = TALLOC_ZERO_P(ctx, LDAPMod)))
837
		return ADS_ERROR(LDAP_NO_MEMORY);
838
		return ADS_ERROR(LDAP_NO_MEMORY);
838
	modlist[curmod]->mod_type = talloc_strdup(ctx, name);
839
	modlist[curmod]->mod_type = talloc_strdup(ctx, name);
839
	if (mod_op & LDAP_MOD_BVALUES) {
840
	if (mod_op & LDAP_MOD_BVALUES) {
Lines 1009-1019 Link Here
1009
		ret = ads_default_ou_string(ads, WELL_KNOWN_GUID_COMPUTERS);
1010
		ret = ads_default_ou_string(ads, WELL_KNOWN_GUID_COMPUTERS);
1010
1011
1011
		/* samba4 might not yet respond to a wellknownobject-query */
1012
		/* samba4 might not yet respond to a wellknownobject-query */
1012
		return ret ? ret : strdup("cn=Computers");
1013
		return ret ? ret : SMB_STRDUP("cn=Computers");
1013
	}
1014
	}
1014
	
1015
	
1015
	if (strequal(org_unit, "Computers")) {
1016
	if (strequal(org_unit, "Computers")) {
1016
		return strdup("cn=Computers");
1017
		return SMB_STRDUP("cn=Computers");
1017
	}
1018
	}
1018
1019
1019
	return ads_build_path(org_unit, "\\/", "ou=", 1);
1020
	return ads_build_path(org_unit, "\\/", "ou=", 1);
Lines 1070-1076 Link Here
1070
	for (i=1; i < new_ln; i++) {
1071
	for (i=1; i < new_ln; i++) {
1071
		char *s;
1072
		char *s;
1072
		asprintf(&s, "%s,%s", ret, wkn_dn_exp[i]);
1073
		asprintf(&s, "%s,%s", ret, wkn_dn_exp[i]);
1073
		ret = strdup(s);
1074
		ret = SMB_STRDUP(s);
1074
		free(s);
1075
		free(s);
1075
	}
1076
	}
1076
1077
Lines 1704-1710 Link Here
1704
	char *machine;
1705
	char *machine;
1705
1706
1706
	/* machine name must be lowercase */
1707
	/* machine name must be lowercase */
1707
	machine = strdup(machine_name);
1708
	machine = SMB_STRDUP(machine_name);
1708
	strlower_m(machine);
1709
	strlower_m(machine);
1709
1710
1710
	/*
1711
	/*
Lines 1754-1760 Link Here
1754
	int rc;
1755
	int rc;
1755
1756
1756
	/* hostname must be lowercase */
1757
	/* hostname must be lowercase */
1757
	host = strdup(hostname);
1758
	host = SMB_STRDUP(hostname);
1758
	strlower_m(host);
1759
	strlower_m(host);
1759
1760
1760
	status = ads_find_machine_acct(ads, &res, host);
1761
	status = ads_find_machine_acct(ads, &res, host);
Lines 1878-1884 Link Here
1878
	if (!(mods = ads_init_mods(ctx))) return ADS_ERROR(LDAP_NO_MEMORY);
1879
	if (!(mods = ads_init_mods(ctx))) return ADS_ERROR(LDAP_NO_MEMORY);
1879
1880
1880
	bval.bv_len = prs_offset(&ps_wire);
1881
	bval.bv_len = prs_offset(&ps_wire);
1881
	bval.bv_val = talloc(ctx, bval.bv_len);
1882
	bval.bv_val = TALLOC(ctx, bval.bv_len);
1882
	if (!bval.bv_val) {
1883
	if (!bval.bv_val) {
1883
		ret = ADS_ERROR(LDAP_NO_MEMORY);
1884
		ret = ADS_ERROR(LDAP_NO_MEMORY);
1884
		goto ads_set_sd_error;
1885
		goto ads_set_sd_error;
Lines 1978-1984 Link Here
1978
1979
1979
	*num_values = ldap_count_values(values);
1980
	*num_values = ldap_count_values(values);
1980
1981
1981
	ret = talloc(mem_ctx, sizeof(char *) * (*num_values+1));
1982
	ret = TALLOC_ARRAY(mem_ctx, char *, *num_values + 1);
1982
	if (!ret) {
1983
	if (!ret) {
1983
		ldap_value_free(values);
1984
		ldap_value_free(values);
1984
		return NULL;
1985
		return NULL;
Lines 2089-2097 Link Here
2089
		return NULL;
2090
		return NULL;
2090
	}
2091
	}
2091
2092
2092
	strings = talloc_realloc(mem_ctx, current_strings,
2093
	strings = TALLOC_REALLOC_ARRAY(mem_ctx, current_strings, char *,
2093
				 sizeof(*current_strings) *
2094
				 *num_strings + num_new_strings);
2094
				 (*num_strings + num_new_strings));
2095
	
2095
	
2096
	if (strings == NULL) {
2096
	if (strings == NULL) {
2097
		ldap_memfree(range_attr);
2097
		ldap_memfree(range_attr);
Lines 2228-2234 Link Here
2228
	for (i=0; values[i]; i++)
2228
	for (i=0; values[i]; i++)
2229
		/* nop */ ;
2229
		/* nop */ ;
2230
2230
2231
	(*sids) = talloc(mem_ctx, sizeof(DOM_SID) * i);
2231
	(*sids) = TALLOC_ARRAY(mem_ctx, DOM_SID, i);
2232
	if (!(*sids)) {
2232
	if (!(*sids)) {
2233
		ldap_value_free_len(values);
2233
		ldap_value_free_len(values);
2234
		return 0;
2234
		return 0;
Lines 2409-2415 Link Here
2409
2409
2410
	SAFE_FREE(ads->config.ldap_server_name);
2410
	SAFE_FREE(ads->config.ldap_server_name);
2411
2411
2412
	ads->config.ldap_server_name = strdup(p+1);
2412
	ads->config.ldap_server_name = SMB_STRDUP(p+1);
2413
	p = strchr(ads->config.ldap_server_name, '$');
2413
	p = strchr(ads->config.ldap_server_name, '$');
2414
	if (!p || p[1] != '@') {
2414
	if (!p || p[1] != '@') {
2415
		talloc_destroy(ctx);
2415
		talloc_destroy(ctx);
Lines 2424-2430 Link Here
2424
	SAFE_FREE(ads->config.realm);
2424
	SAFE_FREE(ads->config.realm);
2425
	SAFE_FREE(ads->config.bind_path);
2425
	SAFE_FREE(ads->config.bind_path);
2426
2426
2427
	ads->config.realm = strdup(p+2);
2427
	ads->config.realm = SMB_STRDUP(p+2);
2428
	ads->config.bind_path = ads_build_dn(ads->config.realm);
2428
	ads->config.bind_path = ads_build_dn(ads->config.realm);
2429
2429
2430
	DEBUG(3,("got ldap server name %s@%s, using bind path: %s\n", 
2430
	DEBUG(3,("got ldap server name %s@%s, using bind path: %s\n", 
(-)samba-3.0.9-orig/source/libads/ldap_printer.c (-3 / +2 lines)
Lines 161-170 Link Here
161
	};
161
	};
162
162
163
	if (num_vals) {
163
	if (num_vals) {
164
		str_values = talloc(ctx, 
164
		str_values = TALLOC_ARRAY(ctx, char *, num_vals + 1);
165
				    (num_vals + 1) * sizeof(smb_ucs2_t *));
166
		memset(str_values, '\0', 
165
		memset(str_values, '\0', 
167
		       (num_vals + 1) * sizeof(smb_ucs2_t *));
166
		       (num_vals + 1) * sizeof(char *));
168
167
169
		cur_str = (smb_ucs2_t *) value->data_p;
168
		cur_str = (smb_ucs2_t *) value->data_p;
170
		for (i=0; i < num_vals; i++)
169
		for (i=0; i < num_vals; i++)
(-)samba-3.0.9-orig/source/libads/ldap_utils.c (-1 / +1 lines)
Lines 42-48 Link Here
42
		return ADS_ERROR(LDAP_SERVER_DOWN);
42
		return ADS_ERROR(LDAP_SERVER_DOWN);
43
	}
43
	}
44
44
45
	bp = strdup(bind_path);
45
	bp = SMB_STRDUP(bind_path);
46
46
47
	if (!bp) {
47
	if (!bp) {
48
		return ADS_ERROR_NT(NT_STATUS_NO_MEMORY);
48
		return ADS_ERROR_NT(NT_STATUS_NO_MEMORY);
(-)samba-3.0.9-orig/source/libads/sasl.c (-1 / +1 lines)
Lines 374-380 Link Here
374
374
375
	gss_release_buffer(&minor_status, &output_token);
375
	gss_release_buffer(&minor_status, &output_token);
376
376
377
	output_token.value = malloc(strlen(ads->config.bind_path) + 8);
377
	output_token.value = SMB_MALLOC(strlen(ads->config.bind_path) + 8);
378
	p = output_token.value;
378
	p = output_token.value;
379
379
380
	*p++ = 1; /* no sign & seal selection */
380
	*p++ = 1; /* no sign & seal selection */
(-)samba-3.0.9-orig/source/libsmb/asn1.c (-5 / +5 lines)
Lines 32-38 Link Here
32
	if (data->has_error) return False;
32
	if (data->has_error) return False;
33
	if (data->length < data->ofs+len) {
33
	if (data->length < data->ofs+len) {
34
		uint8 *newp;
34
		uint8 *newp;
35
		newp = Realloc(data->data, data->ofs+len);
35
		newp = SMB_REALLOC(data->data, data->ofs+len);
36
		if (!newp) {
36
		if (!newp) {
37
			SAFE_FREE(data->data);
37
			SAFE_FREE(data->data);
38
			data->has_error = True;
38
			data->has_error = True;
Lines 58-64 Link Here
58
	struct nesting *nesting;
58
	struct nesting *nesting;
59
59
60
	asn1_write_uint8(data, tag);
60
	asn1_write_uint8(data, tag);
61
	nesting = (struct nesting *)malloc(sizeof(struct nesting));
61
	nesting = SMB_MALLOC_P(struct nesting);
62
	if (!nesting) {
62
	if (!nesting) {
63
		data->has_error = True;
63
		data->has_error = True;
64
		return False;
64
		return False;
Lines 255-261 Link Here
255
		data->has_error = True;
255
		data->has_error = True;
256
		return False;
256
		return False;
257
	}
257
	}
258
	nesting = (struct nesting *)malloc(sizeof(struct nesting));
258
	nesting = SMB_MALLOC_P(struct nesting);
259
	if (!nesting) {
259
	if (!nesting) {
260
		data->has_error = True;
260
		data->has_error = True;
261
		return False;
261
		return False;
Lines 350-356 Link Here
350
350
351
	asn1_end_tag(data);
351
	asn1_end_tag(data);
352
352
353
	*OID = strdup(oid_str);
353
	*OID = SMB_STRDUP(oid_str);
354
354
355
	return !data->has_error;
355
	return !data->has_error;
356
}
356
}
Lines 380-386 Link Here
380
		data->has_error = True;
380
		data->has_error = True;
381
		return False;
381
		return False;
382
	}
382
	}
383
	*s = malloc(len+1);
383
	*s = SMB_MALLOC(len+1);
384
	if (! *s) {
384
	if (! *s) {
385
		data->has_error = True;
385
		data->has_error = True;
386
		return False;
386
		return False;
(-)samba-3.0.9-orig/source/libsmb/clientgen.c (-3 / +3 lines)
Lines 253-259 Link Here
253
	}
253
	}
254
254
255
	if (!cli) {
255
	if (!cli) {
256
		cli = (struct cli_state *)malloc(sizeof(*cli));
256
		cli = SMB_MALLOC_P(struct cli_state);
257
		if (!cli)
257
		if (!cli)
258
			return NULL;
258
			return NULL;
259
		ZERO_STRUCTP(cli);
259
		ZERO_STRUCTP(cli);
Lines 275-282 Link Here
275
	cli->timeout = 20000; /* Timeout is in milliseconds. */
275
	cli->timeout = 20000; /* Timeout is in milliseconds. */
276
	cli->bufsize = CLI_BUFFER_SIZE+4;
276
	cli->bufsize = CLI_BUFFER_SIZE+4;
277
	cli->max_xmit = cli->bufsize;
277
	cli->max_xmit = cli->bufsize;
278
	cli->outbuf = (char *)malloc(cli->bufsize+SAFETY_MARGIN);
278
	cli->outbuf = (char *)SMB_MALLOC(cli->bufsize+SAFETY_MARGIN);
279
	cli->inbuf = (char *)malloc(cli->bufsize+SAFETY_MARGIN);
279
	cli->inbuf = (char *)SMB_MALLOC(cli->bufsize+SAFETY_MARGIN);
280
	cli->oplock_handler = cli_oplock_ack;
280
	cli->oplock_handler = cli_oplock_ack;
281
	cli->case_sensitive = False;
281
	cli->case_sensitive = False;
282
282
(-)samba-3.0.9-orig/source/libsmb/clifile.c (-3 / +3 lines)
Lines 1302-1308 Link Here
1302
		pstring path2;
1302
		pstring path2;
1303
		clistr_pull(cli, path2, p, 
1303
		clistr_pull(cli, path2, p, 
1304
			    sizeof(path2), len, STR_ASCII);
1304
			    sizeof(path2), len, STR_ASCII);
1305
		*tmp_path = strdup(path2);
1305
		*tmp_path = SMB_STRDUP(path2);
1306
	}
1306
	}
1307
1307
1308
	return SVAL(cli->inbuf,smb_vwv0);
1308
	return SVAL(cli->inbuf,smb_vwv0);
Lines 1353-1359 Link Here
1353
	size_t ea_namelen = strlen(ea_name);
1353
	size_t ea_namelen = strlen(ea_name);
1354
1354
1355
	data_len = 4 + 4 + ea_namelen + 1 + ea_len;
1355
	data_len = 4 + 4 + ea_namelen + 1 + ea_len;
1356
	data = malloc(data_len);
1356
	data = SMB_MALLOC(data_len);
1357
	if (!data) {
1357
	if (!data) {
1358
		return False;
1358
		return False;
1359
	}
1359
	}
Lines 1509-1515 Link Here
1509
		goto out;
1509
		goto out;
1510
	}
1510
	}
1511
1511
1512
	ea_list = (struct ea_struct *)talloc(ctx, num_eas*sizeof(struct ea_struct));
1512
	ea_list = TALLOC_ARRAY(ctx, struct ea_struct, num_eas);
1513
	if (!ea_list) {
1513
	if (!ea_list) {
1514
		goto out;
1514
		goto out;
1515
	}
1515
	}
(-)samba-3.0.9-orig/source/libsmb/clilist.c (-2 / +2 lines)
Lines 282-288 Link Here
282
		}
282
		}
283
 
283
 
284
		/* and add them to the dirlist pool */
284
		/* and add them to the dirlist pool */
285
		tdl = Realloc(dirlist,dirlist_len + data_len);
285
		tdl = SMB_REALLOC(dirlist,dirlist_len + data_len);
286
286
287
		if (!tdl) {
287
		if (!tdl) {
288
			DEBUG(0,("cli_list_new: Failed to expand dirlist\n"));
288
			DEBUG(0,("cli_list_new: Failed to expand dirlist\n"));
Lines 413-419 Link Here
413
413
414
		first = False;
414
		first = False;
415
415
416
		tdl = Realloc(dirlist,(num_received + received)*DIR_STRUCT_SIZE);
416
		tdl = SMB_REALLOC(dirlist,(num_received + received)*DIR_STRUCT_SIZE);
417
417
418
		if (!tdl) {
418
		if (!tdl) {
419
			DEBUG(0,("cli_list_old: failed to expand dirlist"));
419
			DEBUG(0,("cli_list_old: failed to expand dirlist"));
(-)samba-3.0.9-orig/source/libsmb/cliquota.c (-4 / +4 lines)
Lines 321-332 Link Here
321
			goto cleanup;
321
			goto cleanup;
322
		}
322
		}
323
323
324
		if ((tmp_list_ent=(SMB_NTQUOTA_LIST *)talloc_zero(mem_ctx,sizeof(SMB_NTQUOTA_LIST)))==NULL) {
324
		if ((tmp_list_ent=TALLOC_ZERO_P(mem_ctx,SMB_NTQUOTA_LIST))==NULL) {
325
			DEBUG(0,("talloc_zero() failed\n"));
325
			DEBUG(0,("talloc_zero() failed\n"));
326
			return (-1);
326
			return (-1);
327
		}
327
		}
328
328
329
		if ((tmp_list_ent->quotas=(SMB_NTQUOTA_STRUCT *)talloc_zero(mem_ctx,sizeof(SMB_NTQUOTA_STRUCT)))==NULL) {
329
		if ((tmp_list_ent->quotas=TALLOC_ZERO_P(mem_ctx,SMB_NTQUOTA_STRUCT))==NULL) {
330
			DEBUG(0,("talloc_zero() failed\n"));
330
			DEBUG(0,("talloc_zero() failed\n"));
331
			return (-1);
331
			return (-1);
332
		}
332
		}
Lines 379-391 Link Here
379
				goto cleanup;
379
				goto cleanup;
380
			}
380
			}
381
381
382
			if ((tmp_list_ent=(SMB_NTQUOTA_LIST *)talloc_zero(mem_ctx,sizeof(SMB_NTQUOTA_LIST)))==NULL) {
382
			if ((tmp_list_ent=TALLOC_ZERO_P(mem_ctx,SMB_NTQUOTA_LIST))==NULL) {
383
				DEBUG(0,("talloc_zero() failed\n"));
383
				DEBUG(0,("talloc_zero() failed\n"));
384
				talloc_destroy(mem_ctx);
384
				talloc_destroy(mem_ctx);
385
				goto cleanup;
385
				goto cleanup;
386
			}
386
			}
387
	
387
	
388
			if ((tmp_list_ent->quotas=(SMB_NTQUOTA_STRUCT *)talloc_zero(mem_ctx,sizeof(SMB_NTQUOTA_STRUCT)))==NULL) {
388
			if ((tmp_list_ent->quotas=TALLOC_ZERO_P(mem_ctx,SMB_NTQUOTA_STRUCT))==NULL) {
389
				DEBUG(0,("talloc_zero() failed\n"));
389
				DEBUG(0,("talloc_zero() failed\n"));
390
				talloc_destroy(mem_ctx);
390
				talloc_destroy(mem_ctx);
391
				goto cleanup;
391
				goto cleanup;
(-)samba-3.0.9-orig/source/libsmb/clireadwrite.c (-2 / +2 lines)
Lines 256-263 Link Here
256
	BOOL bigoffset = False;
256
	BOOL bigoffset = False;
257
257
258
	if (size > cli->bufsize) {
258
	if (size > cli->bufsize) {
259
		cli->outbuf = realloc(cli->outbuf, size + 1024);
259
		cli->outbuf = SMB_REALLOC(cli->outbuf, size + 1024);
260
		cli->inbuf = realloc(cli->inbuf, size + 1024);
260
		cli->inbuf = SMB_REALLOC(cli->inbuf, size + 1024);
261
		if (cli->outbuf == NULL || cli->inbuf == NULL)
261
		if (cli->outbuf == NULL || cli->inbuf == NULL)
262
			return False;
262
			return False;
263
		cli->bufsize = size + 1024;
263
		cli->bufsize = size + 1024;
(-)samba-3.0.9-orig/source/libsmb/clitrans.c (-4 / +4 lines)
Lines 210-216 Link Here
210
210
211
	/* allocate it */
211
	/* allocate it */
212
	if (total_data!=0) {
212
	if (total_data!=0) {
213
		tdata = Realloc(*data,total_data);
213
		tdata = SMB_REALLOC(*data,total_data);
214
		if (!tdata) {
214
		if (!tdata) {
215
			DEBUG(0,("cli_receive_trans: failed to enlarge data buffer\n"));
215
			DEBUG(0,("cli_receive_trans: failed to enlarge data buffer\n"));
216
			cli_signing_trans_stop(cli);
216
			cli_signing_trans_stop(cli);
Lines 221-227 Link Here
221
	}
221
	}
222
222
223
	if (total_param!=0) {
223
	if (total_param!=0) {
224
		tparam = Realloc(*param,total_param);
224
		tparam = SMB_REALLOC(*param,total_param);
225
		if (!tparam) {
225
		if (!tparam) {
226
			DEBUG(0,("cli_receive_trans: failed to enlarge param buffer\n"));
226
			DEBUG(0,("cli_receive_trans: failed to enlarge param buffer\n"));
227
			cli_signing_trans_stop(cli);
227
			cli_signing_trans_stop(cli);
Lines 527-533 Link Here
527
527
528
	/* allocate it */
528
	/* allocate it */
529
	if (total_data) {
529
	if (total_data) {
530
		tdata = Realloc(*data,total_data);
530
		tdata = SMB_REALLOC(*data,total_data);
531
		if (!tdata) {
531
		if (!tdata) {
532
			DEBUG(0,("cli_receive_nt_trans: failed to enlarge data buffer to %d\n",total_data));
532
			DEBUG(0,("cli_receive_nt_trans: failed to enlarge data buffer to %d\n",total_data));
533
			cli_signing_trans_stop(cli);
533
			cli_signing_trans_stop(cli);
Lines 538-544 Link Here
538
	}
538
	}
539
539
540
	if (total_param) {
540
	if (total_param) {
541
		tparam = Realloc(*param,total_param);
541
		tparam = SMB_REALLOC(*param,total_param);
542
		if (!tparam) {
542
		if (!tparam) {
543
			DEBUG(0,("cli_receive_nt_trans: failed to enlarge param buffer to %d\n", total_param));
543
			DEBUG(0,("cli_receive_nt_trans: failed to enlarge param buffer to %d\n", total_param));
544
			cli_signing_trans_stop(cli);
544
			cli_signing_trans_stop(cli);
(-)samba-3.0.9-orig/source/libsmb/conncache.c (-2 / +1 lines)
Lines 115-122 Link Here
115
115
116
	/* Create negative lookup cache entry for this domain and controller */
116
	/* Create negative lookup cache entry for this domain and controller */
117
117
118
	if ( !(fcc = (struct failed_connection_cache *)malloc(sizeof(struct failed_connection_cache))) ) 
118
	if ( !(fcc = SMB_MALLOC_P(struct failed_connection_cache)) ) {
119
	{
120
		DEBUG(0, ("malloc failed in add_failed_connection_entry!\n"));
119
		DEBUG(0, ("malloc failed in add_failed_connection_entry!\n"));
121
		return;
120
		return;
122
	}
121
	}
(-)samba-3.0.9-orig/source/libsmb/libsmb_cache.c (-5 / +5 lines)
Lines 55-61 Link Here
55
{
55
{
56
	struct smbc_server_cache * srvcache = NULL;
56
	struct smbc_server_cache * srvcache = NULL;
57
57
58
	if (!(srvcache = malloc(sizeof(*srvcache)))) {
58
	if (!(srvcache = SMB_MALLOC_P(struct smbc_server_cache))) {
59
		errno = ENOMEM;
59
		errno = ENOMEM;
60
		DEBUG(3, ("Not enough space for server cache allocation\n"));
60
		DEBUG(3, ("Not enough space for server cache allocation\n"));
61
		return 1;
61
		return 1;
Lines 65-89 Link Here
65
65
66
	srvcache->server = new;
66
	srvcache->server = new;
67
67
68
	srvcache->server_name = strdup(server);
68
	srvcache->server_name = SMB_STRDUP(server);
69
	if (!srvcache->server_name) {
69
	if (!srvcache->server_name) {
70
		errno = ENOMEM;
70
		errno = ENOMEM;
71
		goto failed;
71
		goto failed;
72
	}
72
	}
73
73
74
	srvcache->share_name = strdup(share);
74
	srvcache->share_name = SMB_STRDUP(share);
75
	if (!srvcache->share_name) {
75
	if (!srvcache->share_name) {
76
		errno = ENOMEM;
76
		errno = ENOMEM;
77
		goto failed;
77
		goto failed;
78
	}
78
	}
79
79
80
	srvcache->workgroup = strdup(workgroup);
80
	srvcache->workgroup = SMB_STRDUP(workgroup);
81
	if (!srvcache->workgroup) {
81
	if (!srvcache->workgroup) {
82
		errno = ENOMEM;
82
		errno = ENOMEM;
83
		goto failed;
83
		goto failed;
84
	}
84
	}
85
85
86
	srvcache->username = strdup(username);
86
	srvcache->username = SMB_STRDUP(username);
87
	if (!srvcache->username) {
87
	if (!srvcache->username) {
88
		errno = ENOMEM;
88
		errno = ENOMEM;
89
		goto failed;
89
		goto failed;
(-)samba-3.0.9-orig/source/libsmb/libsmbclient.c (-23 / +23 lines)
Lines 99-105 Link Here
99
    }
99
    }
100
100
101
    /* make a copy of the old one */
101
    /* make a copy of the old one */
102
    new_usegment = (char*)malloc( old_length * 3 + 1 );
102
    new_usegment = (char*)SMB_MALLOC( old_length * 3 + 1 );
103
103
104
    while( i < old_length ) {
104
    while( i < old_length ) {
105
	int bReencode = False;
105
	int bReencode = False;
Lines 671-677 Link Here
671
	 * Let's find a free server_fd 
671
	 * Let's find a free server_fd 
672
	 */
672
	 */
673
673
674
	srv = (SMBCSRV *)malloc(sizeof(*srv));
674
	srv = SMB_MALLOC_P(SMBCSRV);
675
	if (!srv) {
675
	if (!srv) {
676
		errno = ENOMEM;
676
		errno = ENOMEM;
677
		goto failed;
677
		goto failed;
Lines 776-782 Link Here
776
                        return NULL;
776
                        return NULL;
777
                }
777
                }
778
778
779
                ipc_srv = (SMBCSRV *)malloc(sizeof(*ipc_srv));
779
                ipc_srv = SMB_MALLOC_P(SMBCSRV);
780
                if (!ipc_srv) {
780
                if (!ipc_srv) {
781
                        errno = ENOMEM;
781
                        errno = ENOMEM;
782
                        cli_shutdown(ipc_cli);
782
                        cli_shutdown(ipc_cli);
Lines 871-877 Link Here
871
	}
871
	}
872
	else {
872
	else {
873
	  
873
	  
874
		file = malloc(sizeof(SMBCFILE));
874
		file = SMB_MALLOC_P(SMBCFILE);
875
875
876
		if (!file) {
876
		if (!file) {
877
877
Lines 895-901 Link Here
895
		/* Fill in file struct */
895
		/* Fill in file struct */
896
896
897
		file->cli_fd  = fd;
897
		file->cli_fd  = fd;
898
		file->fname   = strdup(fname);
898
		file->fname   = SMB_STRDUP(fname);
899
		file->srv     = srv;
899
		file->srv     = srv;
900
		file->offset  = 0;
900
		file->offset  = 0;
901
		file->file    = True;
901
		file->file    = True;
Lines 1629-1635 Link Here
1629
1629
1630
	size = sizeof(struct smbc_dirent) + u_name_len + u_comment_len + 1;
1630
	size = sizeof(struct smbc_dirent) + u_name_len + u_comment_len + 1;
1631
    
1631
    
1632
	dirent = malloc(size);
1632
	dirent = SMB_MALLOC(size);
1633
1633
1634
	if (!dirent) {
1634
	if (!dirent) {
1635
1635
Lines 1642-1648 Link Here
1642
1642
1643
	if (dir->dir_list == NULL) {
1643
	if (dir->dir_list == NULL) {
1644
1644
1645
		dir->dir_list = malloc(sizeof(struct smbc_dir_list));
1645
		dir->dir_list = SMB_MALLOC_P(struct smbc_dir_list);
1646
		if (!dir->dir_list) {
1646
		if (!dir->dir_list) {
1647
1647
1648
			SAFE_FREE(dirent);
1648
			SAFE_FREE(dirent);
Lines 1656-1662 Link Here
1656
	}
1656
	}
1657
	else {
1657
	else {
1658
1658
1659
		dir->dir_end->next = malloc(sizeof(struct smbc_dir_list));
1659
		dir->dir_end->next = SMB_MALLOC_P(struct smbc_dir_list);
1660
		
1660
		
1661
		if (!dir->dir_end->next) {
1661
		if (!dir->dir_end->next) {
1662
			
1662
			
Lines 1835-1841 Link Here
1835
1835
1836
	pstrcpy(workgroup, context->workgroup);
1836
	pstrcpy(workgroup, context->workgroup);
1837
1837
1838
	dir = malloc(sizeof(*dir));
1838
	dir = SMB_MALLOC_P(SMBCFILE);
1839
1839
1840
	if (!dir) {
1840
	if (!dir) {
1841
1841
Lines 1847-1853 Link Here
1847
	ZERO_STRUCTP(dir);
1847
	ZERO_STRUCTP(dir);
1848
1848
1849
	dir->cli_fd   = 0;
1849
	dir->cli_fd   = 0;
1850
	dir->fname    = strdup(fname);
1850
	dir->fname    = SMB_STRDUP(fname);
1851
	dir->srv      = NULL;
1851
	dir->srv      = NULL;
1852
	dir->offset   = 0;
1852
	dir->offset   = 0;
1853
	dir->file     = False;
1853
	dir->file     = False;
Lines 3110-3116 Link Here
3110
		return True;
3110
		return True;
3111
	}
3111
	}
3112
3112
3113
	aces = calloc(1+(*the_acl)->num_aces,sizeof(SEC_ACE));
3113
	aces = SMB_CALLOC_ARRAY(SEC_ACE, 1+(*the_acl)->num_aces);
3114
	memcpy(aces, (*the_acl)->ace, (*the_acl)->num_aces * sizeof(SEC_ACE));
3114
	memcpy(aces, (*the_acl)->ace, (*the_acl)->num_aces * sizeof(SEC_ACE));
3115
	memcpy(aces+(*the_acl)->num_aces, ace, sizeof(SEC_ACE));
3115
	memcpy(aces+(*the_acl)->num_aces, ace, sizeof(SEC_ACE));
3116
	new = make_sec_acl(ctx,(*the_acl)->revision,1+(*the_acl)->num_aces, aces);
3116
	new = make_sec_acl(ctx,(*the_acl)->revision,1+(*the_acl)->num_aces, aces);
Lines 3143-3149 Link Here
3143
		}
3143
		}
3144
3144
3145
		if (StrnCaseCmp(tok,"OWNER:", 6) == 0) {
3145
		if (StrnCaseCmp(tok,"OWNER:", 6) == 0) {
3146
			owner_sid = (DOM_SID *)calloc(1, sizeof(DOM_SID));
3146
			owner_sid = SMB_CALLOC_ARRAY(DOM_SID, 1);
3147
			if (!owner_sid ||
3147
			if (!owner_sid ||
3148
			    !convert_string_to_sid(ipc_cli, pol,
3148
			    !convert_string_to_sid(ipc_cli, pol,
3149
                                                   numeric,
3149
                                                   numeric,
Lines 3155-3161 Link Here
3155
		}
3155
		}
3156
3156
3157
		if (StrnCaseCmp(tok,"OWNER+:", 7) == 0) {
3157
		if (StrnCaseCmp(tok,"OWNER+:", 7) == 0) {
3158
			owner_sid = (DOM_SID *)calloc(1, sizeof(DOM_SID));
3158
			owner_sid = SMB_CALLOC_ARRAY(DOM_SID, 1);
3159
			if (!owner_sid ||
3159
			if (!owner_sid ||
3160
			    !convert_string_to_sid(ipc_cli, pol,
3160
			    !convert_string_to_sid(ipc_cli, pol,
3161
                                                   False,
3161
                                                   False,
Lines 3167-3173 Link Here
3167
		}
3167
		}
3168
3168
3169
		if (StrnCaseCmp(tok,"GROUP:", 6) == 0) {
3169
		if (StrnCaseCmp(tok,"GROUP:", 6) == 0) {
3170
			grp_sid = (DOM_SID *)calloc(1, sizeof(DOM_SID));
3170
			grp_sid = SMB_CALLOC_ARRAY(DOM_SID, 1);
3171
			if (!grp_sid ||
3171
			if (!grp_sid ||
3172
			    !convert_string_to_sid(ipc_cli, pol,
3172
			    !convert_string_to_sid(ipc_cli, pol,
3173
                                                   numeric,
3173
                                                   numeric,
Lines 3179-3185 Link Here
3179
		}
3179
		}
3180
3180
3181
		if (StrnCaseCmp(tok,"GROUP+:", 7) == 0) {
3181
		if (StrnCaseCmp(tok,"GROUP+:", 7) == 0) {
3182
			grp_sid = (DOM_SID *)calloc(1, sizeof(DOM_SID));
3182
			grp_sid = SMB_CALLOC_ARRAY(DOM_SID, 1);
3183
			if (!grp_sid ||
3183
			if (!grp_sid ||
3184
			    !convert_string_to_sid(ipc_cli, pol,
3184
			    !convert_string_to_sid(ipc_cli, pol,
3185
                                                   False,
3185
                                                   False,
Lines 4273-4279 Link Here
4273
{
4273
{
4274
        SMBCCTX * context;
4274
        SMBCCTX * context;
4275
4275
4276
        context = malloc(sizeof(SMBCCTX));
4276
        context = SMB_MALLOC_P(SMBCCTX);
4277
        if (!context) {
4277
        if (!context) {
4278
                errno = ENOMEM;
4278
                errno = ENOMEM;
4279
                return NULL;
4279
                return NULL;
Lines 4281-4287 Link Here
4281
4281
4282
        ZERO_STRUCTP(context);
4282
        ZERO_STRUCTP(context);
4283
4283
4284
        context->internal = malloc(sizeof(struct smbc_internal_data));
4284
        context->internal = SMB_MALLOC_P(struct smbc_internal_data);
4285
        if (!context->internal) {
4285
        if (!context->internal) {
4286
                errno = ENOMEM;
4286
                errno = ENOMEM;
4287
                return NULL;
4287
                return NULL;
Lines 4488-4495 Link Here
4488
                 */
4488
                 */
4489
                user = getenv("USER");
4489
                user = getenv("USER");
4490
                /* walk around as "guest" if no username can be found */
4490
                /* walk around as "guest" if no username can be found */
4491
                if (!user) context->user = strdup("guest");
4491
                if (!user) context->user = SMB_STRDUP("guest");
4492
                else context->user = strdup(user);
4492
                else context->user = SMB_STRDUP(user);
4493
        }
4493
        }
4494
4494
4495
        if (!context->netbios_name) {
4495
        if (!context->netbios_name) {
Lines 4498-4511 Link Here
4498
                 * back on constructing our netbios name from our hostname etc
4498
                 * back on constructing our netbios name from our hostname etc
4499
                 */
4499
                 */
4500
                if (global_myname()) {
4500
                if (global_myname()) {
4501
                        context->netbios_name = strdup(global_myname());
4501
                        context->netbios_name = SMB_STRDUP(global_myname());
4502
                }
4502
                }
4503
                else {
4503
                else {
4504
                        /*
4504
                        /*
4505
                         * Hmmm, I want to get hostname as well, but I am too lazy for the moment
4505
                         * Hmmm, I want to get hostname as well, but I am too lazy for the moment
4506
                         */
4506
                         */
4507
                        pid = sys_getpid();
4507
                        pid = sys_getpid();
4508
                        context->netbios_name = malloc(17);
4508
                        context->netbios_name = SMB_MALLOC(17);
4509
                        if (!context->netbios_name) {
4509
                        if (!context->netbios_name) {
4510
                                errno = ENOMEM;
4510
                                errno = ENOMEM;
4511
                                return NULL;
4511
                                return NULL;
Lines 4518-4528 Link Here
4518
4518
4519
        if (!context->workgroup) {
4519
        if (!context->workgroup) {
4520
                if (lp_workgroup()) {
4520
                if (lp_workgroup()) {
4521
                        context->workgroup = strdup(lp_workgroup());
4521
                        context->workgroup = SMB_STRDUP(lp_workgroup());
4522
                }
4522
                }
4523
                else {
4523
                else {
4524
                        /* TODO: Think about a decent default workgroup */
4524
                        /* TODO: Think about a decent default workgroup */
4525
                        context->workgroup = strdup("samba");
4525
                        context->workgroup = SMB_STRDUP("samba");
4526
                }
4526
                }
4527
        }
4527
        }
4528
4528
(-)samba-3.0.9-orig/source/libsmb/libsmb_compat.c (-1 / +1 lines)
Lines 73-79 Link Here
73
                        return -1;
73
                        return -1;
74
                }
74
                }
75
75
76
                f = malloc(sizeof(struct smbc_compat_fdlist));
76
                f = SMB_MALLOC_P(struct smbc_compat_fdlist);
77
                if (!f) {
77
                if (!f) {
78
                        errno = ENOMEM;
78
                        errno = ENOMEM;
79
                        return -1;
79
                        return -1;
(-)samba-3.0.9-orig/source/libsmb/namequery.c (-11 / +10 lines)
Lines 55-61 Link Here
55
	if (*num_names == 0)
55
	if (*num_names == 0)
56
		return NULL;
56
		return NULL;
57
57
58
	ret = (struct node_status *)malloc(sizeof(struct node_status)* (*num_names));
58
	ret = SMB_MALLOC_ARRAY(struct node_status,*num_names);
59
	if (!ret)
59
	if (!ret)
60
		return NULL;
60
		return NULL;
61
61
Lines 478-485 Link Here
478
				continue;
478
				continue;
479
			}
479
			}
480
			
480
			
481
			tmp_ip_list = (struct in_addr *)Realloc( ip_list, sizeof( ip_list[0] )
481
			tmp_ip_list = SMB_REALLOC_ARRAY( ip_list, struct in_addr,
482
								 * ( (*count) + nmb2->answers->rdlength/6 ) );
482
						(*count) + nmb2->answers->rdlength/6 );
483
			
483
			
484
			if (!tmp_ip_list) {
484
			if (!tmp_ip_list) {
485
				DEBUG(0,("name_query: Realloc failed.\n"));
485
				DEBUG(0,("name_query: Realloc failed.\n"));
Lines 655-661 Link Here
655
		return False;
655
		return False;
656
		
656
		
657
	/* copy the ip address; port will be PORT_NONE */
657
	/* copy the ip address; port will be PORT_NONE */
658
	if ( (*return_iplist = (struct ip_service*)malloc(count*sizeof(struct ip_service))) == NULL ) {
658
	if ( (*return_iplist = SMB_MALLOC_ARRAY(struct ip_service, count)) == NULL ) {
659
		DEBUG(0,("convert_ip2service: malloc failed for %d enetries!\n", count ));
659
		DEBUG(0,("convert_ip2service: malloc failed for %d enetries!\n", count ));
660
		return False;
660
		return False;
661
	}
661
	}
Lines 868-875 Link Here
868
		if ((name_type2 != -1) && (name_type != name_type2))
868
		if ((name_type2 != -1) && (name_type != name_type2))
869
			continue;
869
			continue;
870
870
871
		*return_iplist = (struct ip_service *)realloc((*return_iplist),
871
		*return_iplist = SMB_REALLOC_ARRAY((*return_iplist), struct ip_service,
872
			sizeof(struct ip_service) * ((*return_count)+1));
872
					(*return_count)+1);
873
873
874
		if ((*return_iplist) == NULL) {
874
		if ((*return_iplist) == NULL) {
875
			DEBUG(3,("resolve_lmhosts: malloc fail !\n"));
875
			DEBUG(3,("resolve_lmhosts: malloc fail !\n"));
Lines 919-925 Link Here
919
	if (((hp = sys_gethostbyname(name)) != NULL) && (hp->h_addr != NULL)) {
919
	if (((hp = sys_gethostbyname(name)) != NULL) && (hp->h_addr != NULL)) {
920
		struct in_addr return_ip;
920
		struct in_addr return_ip;
921
		putip((char *)&return_ip,(char *)hp->h_addr);
921
		putip((char *)&return_ip,(char *)hp->h_addr);
922
		*return_iplist = (struct ip_service *)malloc(sizeof(struct ip_service));
922
		*return_iplist = SMB_MALLOC_P(struct ip_service);
923
		if(*return_iplist == NULL) {
923
		if(*return_iplist == NULL) {
924
			DEBUG(3,("resolve_hosts: malloc fail !\n"));
924
			DEBUG(3,("resolve_hosts: malloc fail !\n"));
925
			return False;
925
			return False;
Lines 958-964 Link Here
958
			return False;
958
			return False;
959
				
959
				
960
		count = count_chars(list, ' ') + 1;
960
		count = count_chars(list, ' ') + 1;
961
		if ( (*return_iplist = malloc(count * sizeof(struct ip_service))) == NULL ) {
961
		if ( (*return_iplist = SMB_MALLOC_ARRAY(struct ip_service, count)) == NULL ) {
962
			DEBUG(0,("resolve_hosts: malloc failed for %d entries\n", count ));
962
			DEBUG(0,("resolve_hosts: malloc failed for %d entries\n", count ));
963
			return False;
963
			return False;
964
		}
964
		}
Lines 1029-1035 Link Here
1029
1029
1030
	if (allzeros || allones || is_address) {
1030
	if (allzeros || allones || is_address) {
1031
  
1031
  
1032
		if ( (*return_iplist = (struct ip_service *)malloc(sizeof(struct ip_service))) == NULL ) {
1032
		if ( (*return_iplist = SMB_MALLOC_P(struct ip_service)) == NULL ) {
1033
			DEBUG(0,("internal_resolve_name: malloc fail !\n"));
1033
			DEBUG(0,("internal_resolve_name: malloc fail !\n"));
1034
			return False;
1034
			return False;
1035
		}
1035
		}
Lines 1333-1340 Link Here
1333
			return False;
1333
			return False;
1334
		}
1334
		}
1335
		
1335
		
1336
		if ( (return_iplist = (struct ip_service *)
1336
		if ( (return_iplist = SMB_MALLOC_ARRAY(struct ip_service, num_addresses)) == NULL ) {
1337
				malloc(num_addresses * sizeof(struct ip_service))) == NULL ) {
1338
			DEBUG(3,("get_dc_list: malloc fail !\n"));
1337
			DEBUG(3,("get_dc_list: malloc fail !\n"));
1339
			return False;
1338
			return False;
1340
		}
1339
		}
(-)samba-3.0.9-orig/source/libsmb/nmblib.c (-10 / +7 lines)
Lines 354-360 Link Here
354
{
354
{
355
	int i;
355
	int i;
356
356
357
	*recs = (struct res_rec *)malloc(sizeof(**recs)*count);
357
	*recs = SMB_MALLOC_ARRAY(struct res_rec, count);
358
	if (!*recs)
358
	if (!*recs)
359
		return(False);
359
		return(False);
360
360
Lines 557-563 Link Here
557
	struct nmb_packet *copy_nmb;
557
	struct nmb_packet *copy_nmb;
558
	struct packet_struct *pkt_copy;
558
	struct packet_struct *pkt_copy;
559
559
560
	if(( pkt_copy = (struct packet_struct *)malloc(sizeof(*packet))) == NULL) {
560
	if(( pkt_copy = SMB_MALLOC_P(struct packet_struct)) == NULL) {
561
		DEBUG(0,("copy_nmb_packet: malloc fail.\n"));
561
		DEBUG(0,("copy_nmb_packet: malloc fail.\n"));
562
		return NULL;
562
		return NULL;
563
	}
563
	}
Lines 580-601 Link Here
580
	/* Now copy any resource records. */
580
	/* Now copy any resource records. */
581
581
582
	if (nmb->answers) {
582
	if (nmb->answers) {
583
		if((copy_nmb->answers = (struct res_rec *)
583
		if((copy_nmb->answers = SMB_MALLOC_ARRAY(struct res_rec,nmb->header.ancount)) == NULL)
584
					malloc(nmb->header.ancount * sizeof(struct res_rec))) == NULL)
585
			goto free_and_exit;
584
			goto free_and_exit;
586
		memcpy((char *)copy_nmb->answers, (char *)nmb->answers, 
585
		memcpy((char *)copy_nmb->answers, (char *)nmb->answers, 
587
				nmb->header.ancount * sizeof(struct res_rec));
586
				nmb->header.ancount * sizeof(struct res_rec));
588
	}
587
	}
589
	if (nmb->nsrecs) {
588
	if (nmb->nsrecs) {
590
		if((copy_nmb->nsrecs = (struct res_rec *)
589
		if((copy_nmb->nsrecs = SMB_MALLOC_ARRAY(struct res_rec, nmb->header.nscount)) == NULL)
591
					malloc(nmb->header.nscount * sizeof(struct res_rec))) == NULL)
592
			goto free_and_exit;
590
			goto free_and_exit;
593
		memcpy((char *)copy_nmb->nsrecs, (char *)nmb->nsrecs, 
591
		memcpy((char *)copy_nmb->nsrecs, (char *)nmb->nsrecs, 
594
				nmb->header.nscount * sizeof(struct res_rec));
592
				nmb->header.nscount * sizeof(struct res_rec));
595
	}
593
	}
596
	if (nmb->additional) {
594
	if (nmb->additional) {
597
		if((copy_nmb->additional = (struct res_rec *)
595
		if((copy_nmb->additional = SMB_MALLOC_ARRAY(struct res_rec, nmb->header.arcount)) == NULL)
598
					malloc(nmb->header.arcount * sizeof(struct res_rec))) == NULL)
599
			goto free_and_exit;
596
			goto free_and_exit;
600
		memcpy((char *)copy_nmb->additional, (char *)nmb->additional, 
597
		memcpy((char *)copy_nmb->additional, (char *)nmb->additional, 
601
				nmb->header.arcount * sizeof(struct res_rec));
598
				nmb->header.arcount * sizeof(struct res_rec));
Lines 622-628 Link Here
622
{ 
619
{ 
623
	struct packet_struct *pkt_copy;
620
	struct packet_struct *pkt_copy;
624
621
625
	if(( pkt_copy = (struct packet_struct *)malloc(sizeof(*packet))) == NULL) {
622
	if(( pkt_copy = SMB_MALLOC_P(struct packet_struct)) == NULL) {
626
		DEBUG(0,("copy_dgram_packet: malloc fail.\n"));
623
		DEBUG(0,("copy_dgram_packet: malloc fail.\n"));
627
		return NULL;
624
		return NULL;
628
	}
625
	}
Lines 700-706 Link Here
700
	struct packet_struct *p;
697
	struct packet_struct *p;
701
	BOOL ok=False;
698
	BOOL ok=False;
702
699
703
	p = (struct packet_struct *)malloc(sizeof(*p));
700
	p = SMB_MALLOC_P(struct packet_struct);
704
	if (!p)
701
	if (!p)
705
		return(NULL);
702
		return(NULL);
706
703
(-)samba-3.0.9-orig/source/libsmb/ntlmssp.c (-2 / +2 lines)
Lines 766-772 Link Here
766
766
767
	mem_ctx = talloc_init("NTLMSSP context");
767
	mem_ctx = talloc_init("NTLMSSP context");
768
	
768
	
769
	*ntlmssp_state = talloc_zero(mem_ctx, sizeof(**ntlmssp_state));
769
	*ntlmssp_state = TALLOC_ZERO_P(mem_ctx, NTLMSSP_STATE);
770
	if (!*ntlmssp_state) {
770
	if (!*ntlmssp_state) {
771
		DEBUG(0,("ntlmssp_server_start: talloc failed!\n"));
771
		DEBUG(0,("ntlmssp_server_start: talloc failed!\n"));
772
		talloc_destroy(mem_ctx);
772
		talloc_destroy(mem_ctx);
Lines 1075-1081 Link Here
1075
1075
1076
	mem_ctx = talloc_init("NTLMSSP Client context");
1076
	mem_ctx = talloc_init("NTLMSSP Client context");
1077
	
1077
	
1078
	*ntlmssp_state = talloc_zero(mem_ctx, sizeof(**ntlmssp_state));
1078
	*ntlmssp_state = TALLOC_ZERO_P(mem_ctx, NTLMSSP_STATE);
1079
	if (!*ntlmssp_state) {
1079
	if (!*ntlmssp_state) {
1080
		DEBUG(0,("ntlmssp_client_start: talloc failed!\n"));
1080
		DEBUG(0,("ntlmssp_client_start: talloc failed!\n"));
1081
		talloc_destroy(mem_ctx);
1081
		talloc_destroy(mem_ctx);
(-)samba-3.0.9-orig/source/libsmb/samlogon_cache.c (-1 / +1 lines)
Lines 188-194 Link Here
188
	
188
	
189
	if ( data.dptr ) {
189
	if ( data.dptr ) {
190
		
190
		
191
		if ( (user = (NET_USER_INFO_3*)malloc(sizeof(NET_USER_INFO_3))) == NULL )
191
		if ( (user = SMB_MALLOC_P(NET_USER_INFO_3)) == NULL )
192
			return NULL;
192
			return NULL;
193
			
193
			
194
		prs_init( &ps, 0, mem_ctx, UNMARSHALL );
194
		prs_init( &ps, 0, mem_ctx, UNMARSHALL );
(-)samba-3.0.9-orig/source/libsmb/smb_signing.c (-5 / +5 lines)
Lines 54-60 Link Here
54
		}
54
		}
55
	}
55
	}
56
56
57
	t = smb_xmalloc(sizeof(*t));
57
	t = SMB_XMALLOC_P(struct outstanding_packet_lookup);
58
	ZERO_STRUCTP(t);
58
	ZERO_STRUCTP(t);
59
59
60
	t->mid = mid;
60
	t->mid = mid;
Lines 459-465 Link Here
459
		return False;
459
		return False;
460
	}
460
	}
461
461
462
	data = smb_xmalloc(sizeof(*data));
462
	data = SMB_XMALLOC_P(struct smb_basic_signing_context);
463
	memset(data, '\0', sizeof(*data));
463
	memset(data, '\0', sizeof(*data));
464
464
465
	cli->sign_info.signing_context = data;
465
	cli->sign_info.signing_context = data;
Lines 509-515 Link Here
509
	if (!cli->sign_info.doing_signing || !data)
509
	if (!cli->sign_info.doing_signing || !data)
510
		return;
510
		return;
511
511
512
	data->trans_info = smb_xmalloc(sizeof(struct trans_info_context));
512
	data->trans_info = SMB_XMALLOC_P(struct trans_info_context);
513
	ZERO_STRUCTP(data->trans_info);
513
	ZERO_STRUCTP(data->trans_info);
514
514
515
	/* This ensures the sequence is pulled off the outstanding packet list */
515
	/* This ensures the sequence is pulled off the outstanding packet list */
Lines 982-988 Link Here
982
	if (!data)
982
	if (!data)
983
		return;
983
		return;
984
984
985
	data->trans_info = smb_xmalloc(sizeof(struct trans_info_context));
985
	data->trans_info = SMB_XMALLOC_P(struct trans_info_context);
986
	ZERO_STRUCTP(data->trans_info);
986
	ZERO_STRUCTP(data->trans_info);
987
987
988
	data->trans_info->reply_seq_num = data->send_seq_num-1;
988
	data->trans_info->reply_seq_num = data->send_seq_num-1;
Lines 1051-1057 Link Here
1051
	
1051
	
1052
	srv_sign_info.doing_signing = True;
1052
	srv_sign_info.doing_signing = True;
1053
1053
1054
	data = smb_xmalloc(sizeof(*data));
1054
	data = SMB_XMALLOC_P(struct smb_basic_signing_context);
1055
	memset(data, '\0', sizeof(*data));
1055
	memset(data, '\0', sizeof(*data));
1056
1056
1057
	srv_sign_info.signing_context = data;
1057
	srv_sign_info.signing_context = data;
(-)samba-3.0.9-orig/source/libsmb/spnego.c (-3 / +2 lines)
Lines 42-53 Link Here
42
			asn1_start_tag(asn1, ASN1_CONTEXT(0));
42
			asn1_start_tag(asn1, ASN1_CONTEXT(0));
43
			asn1_start_tag(asn1, ASN1_SEQUENCE(0));
43
			asn1_start_tag(asn1, ASN1_SEQUENCE(0));
44
44
45
			token->mechTypes = malloc(sizeof(*token->mechTypes));
45
			token->mechTypes = SMB_MALLOC_P(char *);
46
			for (i = 0; !asn1->has_error &&
46
			for (i = 0; !asn1->has_error &&
47
				     0 < asn1_tag_remaining(asn1); i++) {
47
				     0 < asn1_tag_remaining(asn1); i++) {
48
				token->mechTypes = 
48
				token->mechTypes = 
49
					realloc(token->mechTypes, (i + 2) *
49
					SMB_REALLOC_ARRAY(token->mechTypes, char *, i + 2);
50
						sizeof(*token->mechTypes));
51
				asn1_read_OID(asn1, token->mechTypes + i);
50
				asn1_read_OID(asn1, token->mechTypes + i);
52
			}
51
			}
53
			token->mechTypes[i] = NULL;
52
			token->mechTypes[i] = NULL;
(-)samba-3.0.9-orig/source/locking/brlock.c (-1 / +1 lines)
Lines 407-413 Link Here
407
	}
407
	}
408
408
409
	/* no conflicts - add it to the list of locks */
409
	/* no conflicts - add it to the list of locks */
410
	tp = Realloc(dbuf.dptr, dbuf.dsize + sizeof(*locks));
410
	tp = SMB_REALLOC(dbuf.dptr, dbuf.dsize + sizeof(*locks));
411
	if (!tp) {
411
	if (!tp) {
412
		status = NT_STATUS_NO_MEMORY;
412
		status = NT_STATUS_NO_MEMORY;
413
		goto fail;
413
		goto fail;
(-)samba-3.0.9-orig/source/locking/locking.c (-4 / +4 lines)
Lines 679-685 Link Here
679
		pstrcat(fname, fsp->fsp_name);
679
		pstrcat(fname, fsp->fsp_name);
680
680
681
		size = sizeof(*data) + sizeof(share_mode_entry) + strlen(fname) + 1;
681
		size = sizeof(*data) + sizeof(share_mode_entry) + strlen(fname) + 1;
682
		p = (char *)malloc(size);
682
		p = (char *)SMB_MALLOC(size);
683
		if (!p)
683
		if (!p)
684
			return False;
684
			return False;
685
		data = (struct locking_data *)p;
685
		data = (struct locking_data *)p;
Lines 711-717 Link Here
711
		fsp->fsp_name, data->u.num_share_mode_entries ));
711
		fsp->fsp_name, data->u.num_share_mode_entries ));
712
712
713
	size = dbuf.dsize + sizeof(share_mode_entry);
713
	size = dbuf.dsize + sizeof(share_mode_entry);
714
	p = malloc(size);
714
	p = SMB_MALLOC(size);
715
	if (!p) {
715
	if (!p) {
716
		SAFE_FREE(dbuf.dptr);
716
		SAFE_FREE(dbuf.dptr);
717
		return False;
717
		return False;
Lines 1161-1167 Link Here
1161
		/* we'll need to create a new record */
1161
		/* we'll need to create a new record */
1162
1162
1163
		size = sizeof(*data) + sizeof(deferred_open_entry) + strlen(fname) + 1;
1163
		size = sizeof(*data) + sizeof(deferred_open_entry) + strlen(fname) + 1;
1164
		p = (char *)malloc(size);
1164
		p = (char *)SMB_MALLOC(size);
1165
		if (!p)
1165
		if (!p)
1166
			return False;
1166
			return False;
1167
		data = (struct deferred_open_data *)p;
1167
		data = (struct deferred_open_data *)p;
Lines 1193-1199 Link Here
1193
		fname, data->u.num_deferred_open_entries ));
1193
		fname, data->u.num_deferred_open_entries ));
1194
1194
1195
	size = dbuf.dsize + sizeof(deferred_open_entry);
1195
	size = dbuf.dsize + sizeof(deferred_open_entry);
1196
	p = malloc(size);
1196
	p = SMB_MALLOC(size);
1197
	if (!p) {
1197
	if (!p) {
1198
		SAFE_FREE(dbuf.dptr);
1198
		SAFE_FREE(dbuf.dptr);
1199
		return False;
1199
		return False;
(-)samba-3.0.9-orig/source/locking/posix.c (-6 / +5 lines)
Lines 102-108 Link Here
102
102
103
	dbuf = tdb_fetch(posix_pending_close_tdb, kbuf);
103
	dbuf = tdb_fetch(posix_pending_close_tdb, kbuf);
104
104
105
	tp = Realloc(dbuf.dptr, dbuf.dsize + sizeof(int));
105
	tp = SMB_REALLOC(dbuf.dptr, dbuf.dsize + sizeof(int));
106
	if (!tp) {
106
	if (!tp) {
107
		DEBUG(0,("add_fd_to_close_entry: Realloc fail !\n"));
107
		DEBUG(0,("add_fd_to_close_entry: Realloc fail !\n"));
108
		SAFE_FREE(dbuf.dptr);
108
		SAFE_FREE(dbuf.dptr);
Lines 371-377 Link Here
371
	pl.size = size;
371
	pl.size = size;
372
	pl.lock_type = lock_type;
372
	pl.lock_type = lock_type;
373
373
374
	tp = Realloc(dbuf.dptr, dbuf.dsize + sizeof(pl));
374
	tp = SMB_REALLOC(dbuf.dptr, dbuf.dsize + sizeof(pl));
375
	if (!tp) {
375
	if (!tp) {
376
		DEBUG(0,("add_posix_lock_entry: Realloc fail !\n"));
376
		DEBUG(0,("add_posix_lock_entry: Realloc fail !\n"));
377
		goto fail;
377
		goto fail;
Lines 896-903 Link Here
896
        | l_curr|         | l_new   |
896
        | l_curr|         | l_new   |
897
        +-------+         +---------+
897
        +-------+         +---------+
898
**********************************************/
898
**********************************************/
899
				struct lock_list *l_new = (struct lock_list *)talloc(ctx,
899
				struct lock_list *l_new = TALLOC_P(ctx, struct lock_list);
900
													sizeof(struct lock_list));
901
900
902
				if(l_new == NULL) {
901
				if(l_new == NULL) {
903
					DEBUG(0,("posix_lock_list: talloc fail.\n"));
902
					DEBUG(0,("posix_lock_list: talloc fail.\n"));
Lines 1002-1008 Link Here
1002
		return True; /* Not a fatal error. */
1001
		return True; /* Not a fatal error. */
1003
	}
1002
	}
1004
1003
1005
	if ((ll = (struct lock_list *)talloc(l_ctx, sizeof(struct lock_list))) == NULL) {
1004
	if ((ll = TALLOC_P(l_ctx, struct lock_list)) == NULL) {
1006
		DEBUG(0,("set_posix_lock: unable to talloc unlock list.\n"));
1005
		DEBUG(0,("set_posix_lock: unable to talloc unlock list.\n"));
1007
		talloc_destroy(l_ctx);
1006
		talloc_destroy(l_ctx);
1008
		return True; /* Not a fatal error. */
1007
		return True; /* Not a fatal error. */
Lines 1148-1154 Link Here
1148
		return True; /* Not a fatal error. */
1147
		return True; /* Not a fatal error. */
1149
	}
1148
	}
1150
1149
1151
	if ((ul = (struct lock_list *)talloc(ul_ctx, sizeof(struct lock_list))) == NULL) {
1150
	if ((ul = TALLOC_P(ul_ctx, struct lock_list)) == NULL) {
1152
		DEBUG(0,("release_posix_lock: unable to talloc unlock list.\n"));
1151
		DEBUG(0,("release_posix_lock: unable to talloc unlock list.\n"));
1153
		talloc_destroy(ul_ctx);
1152
		talloc_destroy(ul_ctx);
1154
		return True; /* Not a fatal error. */
1153
		return True; /* Not a fatal error. */
(-)samba-3.0.9-orig/source/modules/vfs_netatalk.c (-4 / +3 lines)
Lines 126-141 Link Here
126
		}
126
		}
127
	}
127
	}
128
128
129
	if (!(new_list = calloc(1, 
129
	if (!(new_list = SMB_CALLOC_ARRAY(name_compare_entry, (count == 0 ? 1 : count + 1))))
130
	  (count == 0 ? 1 : count + 1) * sizeof(name_compare_entry))))
131
		return;
130
		return;
132
131
133
	for (i = 0; i < count; i ++) {
132
	for (i = 0; i < count; i ++) {
134
		new_list[i].name    = strdup(cur_list[i].name);
133
		new_list[i].name    = SMB_STRDUP(cur_list[i].name);
135
		new_list[i].is_wild = cur_list[i].is_wild;
134
		new_list[i].is_wild = cur_list[i].is_wild;
136
	}
135
	}
137
136
138
	new_list[i].name    = strdup(APPLEDOUBLE);
137
	new_list[i].name    = SMB_STRDUP(APPLEDOUBLE);
139
	new_list[i].is_wild = False;
138
	new_list[i].is_wild = False;
140
139
141
	free_namearray(*list);
140
	free_namearray(*list);
(-)samba-3.0.9-orig/source/modules/vfs_recycle.c (-5 / +5 lines)
Lines 215-226 Link Here
215
215
216
	mode = S_IRUSR | S_IWUSR | S_IXUSR;
216
	mode = S_IRUSR | S_IWUSR | S_IXUSR;
217
217
218
	tmp_str = strdup(dname);
218
	tmp_str = SMB_STRDUP(dname);
219
	ALLOC_CHECK(tmp_str, done);
219
	ALLOC_CHECK(tmp_str, done);
220
	tok_str = tmp_str;
220
	tok_str = tmp_str;
221
221
222
	len = strlen(dname)+1;
222
	len = strlen(dname)+1;
223
	new_dir = (char *)malloc(len + 1);
223
	new_dir = (char *)SMB_MALLOC(len + 1);
224
	ALLOC_CHECK(new_dir, done);
224
	ALLOC_CHECK(new_dir, done);
225
	*new_dir = '\0';
225
	*new_dir = '\0';
226
226
Lines 389-399 Link Here
389
	base = strrchr(file_name, '/');
389
	base = strrchr(file_name, '/');
390
	if (base == NULL) {
390
	if (base == NULL) {
391
		base = file_name;
391
		base = file_name;
392
		path_name = strdup("/");
392
		path_name = SMB_STRDUP("/");
393
		ALLOC_CHECK(path_name, done);
393
		ALLOC_CHECK(path_name, done);
394
	}
394
	}
395
	else {
395
	else {
396
		path_name = strdup(file_name);
396
		path_name = SMB_STRDUP(file_name);
397
		ALLOC_CHECK(path_name, done);
397
		ALLOC_CHECK(path_name, done);
398
		path_name[base - file_name] = '\0';
398
		path_name[base - file_name] = '\0';
399
		base++;
399
		base++;
Lines 422-428 Link Here
422
	if (recycle_keep_dir_tree(handle) == True) {
422
	if (recycle_keep_dir_tree(handle) == True) {
423
		asprintf(&temp_name, "%s/%s", repository, path_name);
423
		asprintf(&temp_name, "%s/%s", repository, path_name);
424
	} else {
424
	} else {
425
		temp_name = strdup(repository);
425
		temp_name = SMB_STRDUP(repository);
426
	}
426
	}
427
	ALLOC_CHECK(temp_name, done);
427
	ALLOC_CHECK(temp_name, done);
428
428
(-)samba-3.0.9-orig/source/modules/vfs_shadow_copy.c (-3 / +3 lines)
Lines 82-88 Link Here
82
		return NULL;
82
		return NULL;
83
	}
83
	}
84
84
85
	dirp = (shadow_copy_Dir *)malloc(sizeof(shadow_copy_Dir));
85
	dirp = SMB_MALLOC_P(shadow_copy_Dir);
86
	if (!dirp) {
86
	if (!dirp) {
87
		DEBUG(0,("shadow_copy_opendir: Out of memory\n"));
87
		DEBUG(0,("shadow_copy_opendir: Out of memory\n"));
88
		SMB_VFS_NEXT_CLOSEDIR(handle,conn,p);
88
		SMB_VFS_NEXT_CLOSEDIR(handle,conn,p);
Lines 108-114 Link Here
108
108
109
		DEBUG(10,("shadow_copy_opendir: not hide [%s]\n",d->d_name));
109
		DEBUG(10,("shadow_copy_opendir: not hide [%s]\n",d->d_name));
110
110
111
		r = (struct dirent *)Realloc(dirp->dirs,(dirp->num+1)*sizeof(struct dirent));
111
		r = SMB_REALLOC_ARRAY(dirp->dirs, struct dirent, dirp->num+1);
112
		if (!r) {
112
		if (!r) {
113
			DEBUG(0,("shadow_copy_opendir: Out of memory\n"));
113
			DEBUG(0,("shadow_copy_opendir: Out of memory\n"));
114
			break;
114
			break;
Lines 176-182 Link Here
176
			continue;
176
			continue;
177
		}
177
		}
178
178
179
		tlabels = (SHADOW_COPY_LABEL *)talloc_realloc(shadow_copy_data->mem_ctx,
179
		tlabels = (SHADOW_COPY_LABEL *)TALLOC_REALLOC(shadow_copy_data->mem_ctx,
180
									shadow_copy_data->labels,
180
									shadow_copy_data->labels,
181
									(shadow_copy_data->num_volumes+1)*sizeof(SHADOW_COPY_LABEL));
181
									(shadow_copy_data->num_volumes+1)*sizeof(SHADOW_COPY_LABEL));
182
		if (tlabels == NULL) {
182
		if (tlabels == NULL) {
(-)samba-3.0.9-orig/source/nmbd/nmbd_become_lmb.c (-2 / +2 lines)
Lines 206-212 Link Here
206
		struct userdata_struct *userdata;
206
		struct userdata_struct *userdata;
207
		size_t size = sizeof(struct userdata_struct) + sizeof(BOOL);
207
		size_t size = sizeof(struct userdata_struct) + sizeof(BOOL);
208
208
209
		if((userdata = (struct userdata_struct *)malloc(size)) == NULL) {
209
		if((userdata = (struct userdata_struct *)SMB_MALLOC(size)) == NULL) {
210
			DEBUG(0,("release_1d_name: malloc fail.\n"));
210
			DEBUG(0,("release_1d_name: malloc fail.\n"));
211
			return;
211
			return;
212
		}
212
		}
Lines 545-551 Link Here
545
	subrec->work_changed = True;
545
	subrec->work_changed = True;
546
546
547
	/* Setup the userdata_struct. */
547
	/* Setup the userdata_struct. */
548
	if((userdata = (struct userdata_struct *)malloc(size)) == NULL) {
548
	if((userdata = (struct userdata_struct *)SMB_MALLOC(size)) == NULL) {
549
		DEBUG(0,("become_local_master_browser: malloc fail.\n"));
549
		DEBUG(0,("become_local_master_browser: malloc fail.\n"));
550
		return;
550
		return;
551
	}
551
	}
(-)samba-3.0.9-orig/source/nmbd/nmbd_browserdb.c (-1 / +1 lines)
Lines 87-93 Link Here
87
	struct browse_cache_record *browc;
87
	struct browse_cache_record *browc;
88
	time_t now = time( NULL );
88
	time_t now = time( NULL );
89
89
90
	browc = (struct browse_cache_record *)malloc( sizeof( *browc ) );
90
	browc = SMB_MALLOC_P(struct browse_cache_record);
91
91
92
	if( NULL == browc ) {
92
	if( NULL == browc ) {
93
		DEBUG( 0, ("create_browser_in_lmb_cache: malloc fail !\n") );
93
		DEBUG( 0, ("create_browser_in_lmb_cache: malloc fail !\n") );
(-)samba-3.0.9-orig/source/nmbd/nmbd_browsesync.c (-1 / +1 lines)
Lines 324-330 Link Here
324
	/* Setup the userdata_struct - this is copied so we can use
324
	/* Setup the userdata_struct - this is copied so we can use
325
	a stack variable for this. */
325
	a stack variable for this. */
326
326
327
	if((userdata = (struct userdata_struct *)malloc(size)) == NULL) {
327
	if((userdata = (struct userdata_struct *)SMB_MALLOC(size)) == NULL) {
328
		DEBUG(0, ("find_domain_master_name_query_success: malloc fail.\n"));
328
		DEBUG(0, ("find_domain_master_name_query_success: malloc fail.\n"));
329
		return;
329
		return;
330
	}
330
	}
(-)samba-3.0.9-orig/source/nmbd/nmbd_incomingrequests.c (-1 / +1 lines)
Lines 516-522 Link Here
516
			if (namerec->data.num_ips == 1) {
516
			if (namerec->data.num_ips == 1) {
517
				prdata = rdata;
517
				prdata = rdata;
518
			} else {
518
			} else {
519
				if ((prdata = (char *)malloc( namerec->data.num_ips * 6 )) == NULL) {
519
				if ((prdata = (char *)SMB_MALLOC( namerec->data.num_ips * 6 )) == NULL) {
520
					DEBUG(0,("process_name_query_request: malloc fail !\n"));
520
					DEBUG(0,("process_name_query_request: malloc fail !\n"));
521
					return;
521
					return;
522
				}
522
				}
(-)samba-3.0.9-orig/source/nmbd/nmbd_namelistdb.c (-4 / +4 lines)
Lines 181-194 Link Here
181
	struct name_record *namerec;
181
	struct name_record *namerec;
182
	time_t time_now = time(NULL);
182
	time_t time_now = time(NULL);
183
183
184
	namerec = (struct name_record *)malloc( sizeof(*namerec) );
184
	namerec = SMB_MALLOC_P(struct name_record);
185
	if( NULL == namerec ) {
185
	if( NULL == namerec ) {
186
		DEBUG( 0, ( "add_name_to_subnet: malloc fail.\n" ) );
186
		DEBUG( 0, ( "add_name_to_subnet: malloc fail.\n" ) );
187
		return( NULL );
187
		return( NULL );
188
	}
188
	}
189
189
190
	memset( (char *)namerec, '\0', sizeof(*namerec) );
190
	memset( (char *)namerec, '\0', sizeof(*namerec) );
191
	namerec->data.ip = (struct in_addr *)malloc( sizeof(struct in_addr) * num_ips );
191
	namerec->data.ip = SMB_MALLOC_ARRAY( struct in_addr, num_ips );
192
	if( NULL == namerec->data.ip ) {
192
	if( NULL == namerec->data.ip ) {
193
		DEBUG( 0, ( "add_name_to_subnet: malloc fail when creating ip_flgs.\n" ) );
193
		DEBUG( 0, ( "add_name_to_subnet: malloc fail when creating ip_flgs.\n" ) );
194
		ZERO_STRUCTP(namerec);
194
		ZERO_STRUCTP(namerec);
Lines 329-335 Link Here
329
	if( find_ip_in_name_record( namerec, new_ip ) )
329
	if( find_ip_in_name_record( namerec, new_ip ) )
330
		return;
330
		return;
331
  
331
  
332
	new_list = (struct in_addr *)malloc( (namerec->data.num_ips + 1) * sizeof(struct in_addr) );
332
	new_list = SMB_MALLOC_ARRAY( struct in_addr, namerec->data.num_ips + 1);
333
	if( NULL == new_list ) {
333
	if( NULL == new_list ) {
334
		DEBUG(0,("add_ip_to_name_record: Malloc fail !\n"));
334
		DEBUG(0,("add_ip_to_name_record: Malloc fail !\n"));
335
		return;
335
		return;
Lines 460-466 Link Here
460
		/* Create an IP list containing all our known subnets. */
460
		/* Create an IP list containing all our known subnets. */
461
461
462
		num_ips = iface_count();
462
		num_ips = iface_count();
463
		iplist = (struct in_addr *)malloc( num_ips * sizeof(struct in_addr) );
463
		iplist = SMB_MALLOC_ARRAY( struct in_addr, num_ips);
464
		if( NULL == iplist ) {
464
		if( NULL == iplist ) {
465
			DEBUG(0,("add_samba_names_to_subnet: Malloc fail !\n"));
465
			DEBUG(0,("add_samba_names_to_subnet: Malloc fail !\n"));
466
			return;
466
			return;
(-)samba-3.0.9-orig/source/nmbd/nmbd_nameregister.c (-2 / +2 lines)
Lines 306-312 Link Here
306
	struct in_addr wins_ip = wins_srv_ip_tag(tag, ip);
306
	struct in_addr wins_ip = wins_srv_ip_tag(tag, ip);
307
	fstring ip_str;
307
	fstring ip_str;
308
308
309
	userdata = (struct userdata_struct *)malloc(sizeof(*userdata) + strlen(tag) + 1);
309
	userdata = (struct userdata_struct *)SMB_MALLOC(sizeof(*userdata) + strlen(tag) + 1);
310
	if (!userdata) {
310
	if (!userdata) {
311
		DEBUG(0,("Failed to allocate userdata structure!\n"));
311
		DEBUG(0,("Failed to allocate userdata structure!\n"));
312
		return;
312
		return;
Lines 423-429 Link Here
423
	for(subrec = FIRST_SUBNET; subrec; subrec = NEXT_SUBNET_EXCLUDING_UNICAST(subrec) )
423
	for(subrec = FIRST_SUBNET; subrec; subrec = NEXT_SUBNET_EXCLUDING_UNICAST(subrec) )
424
		num_ips++;
424
		num_ips++;
425
	
425
	
426
	if((ip_list = (struct in_addr *)malloc(num_ips * sizeof(struct in_addr)))==NULL) {
426
	if((ip_list = SMB_MALLOC_ARRAY(struct in_addr, num_ips))==NULL) {
427
		DEBUG(0,("multihomed_register_name: malloc fail !\n"));
427
		DEBUG(0,("multihomed_register_name: malloc fail !\n"));
428
		return;
428
		return;
429
	}
429
	}
(-)samba-3.0.9-orig/source/nmbd/nmbd_packets.c (-5 / +5 lines)
Lines 184-190 Link Here
184
	struct nmb_packet *nmb = NULL;
184
	struct nmb_packet *nmb = NULL;
185
185
186
	/* Allocate the packet_struct we will return. */
186
	/* Allocate the packet_struct we will return. */
187
	if((packet = (struct packet_struct *)malloc(sizeof(*packet))) == NULL) {
187
	if((packet = SMB_MALLOC_P(struct packet_struct)) == NULL) {
188
		DEBUG(0,("create_and_init_netbios_packet: malloc fail (1) for packet struct.\n"));
188
		DEBUG(0,("create_and_init_netbios_packet: malloc fail (1) for packet struct.\n"));
189
		return NULL;
189
		return NULL;
190
	}
190
	}
Lines 230-236 Link Here
230
{
230
{
231
	struct nmb_packet *nmb = &packet->packet.nmb;
231
	struct nmb_packet *nmb = &packet->packet.nmb;
232
232
233
	if((nmb->additional = (struct res_rec *)malloc(sizeof(struct res_rec))) == NULL) {
233
	if((nmb->additional = SMB_MALLOC_P(struct res_rec)) == NULL) {
234
		DEBUG(0,("initiate_name_register_packet: malloc fail for additional record.\n"));
234
		DEBUG(0,("initiate_name_register_packet: malloc fail for additional record.\n"));
235
		return False;
235
		return False;
236
	}
236
	}
Lines 534-540 Link Here
534
	DEBUG(6,("Refreshing name %s IP %s with WINS server %s using tag '%s'\n",
534
	DEBUG(6,("Refreshing name %s IP %s with WINS server %s using tag '%s'\n",
535
		 nmb_namestr(nmbname), ip_str, inet_ntoa(wins_ip), tag));
535
		 nmb_namestr(nmbname), ip_str, inet_ntoa(wins_ip), tag));
536
536
537
	userdata = (struct userdata_struct *)malloc(sizeof(*userdata) + strlen(tag) + 1);
537
	userdata = (struct userdata_struct *)SMB_MALLOC(sizeof(*userdata) + strlen(tag) + 1);
538
	if (!userdata) {
538
	if (!userdata) {
539
		DEBUG(0,("Failed to allocate userdata structure!\n"));
539
		DEBUG(0,("Failed to allocate userdata structure!\n"));
540
		return;
540
		return;
Lines 1645-1651 Link Here
1645
	struct subnet_record *subrec = NULL;
1645
	struct subnet_record *subrec = NULL;
1646
	int count = 0;
1646
	int count = 0;
1647
	int num = 0;
1647
	int num = 0;
1648
	fd_set *pset = (fd_set *)malloc(sizeof(fd_set));
1648
	fd_set *pset = SMB_MALLOC_P(fd_set);
1649
1649
1650
	if(pset == NULL) {
1650
	if(pset == NULL) {
1651
		DEBUG(0,("create_listen_fdset: malloc fail !\n"));
1651
		DEBUG(0,("create_listen_fdset: malloc fail !\n"));
Lines 1662-1668 Link Here
1662
		return True;
1662
		return True;
1663
	}
1663
	}
1664
1664
1665
	if((sock_array = (int *)malloc(((count*2) + 2)*sizeof(int))) == NULL) {
1665
	if((sock_array = SMB_MALLOC_ARRAY(int, (count*2) + 2)) == NULL) {
1666
		DEBUG(0,("create_listen_fdset: malloc fail for socket array.\n"));
1666
		DEBUG(0,("create_listen_fdset: malloc fail for socket array.\n"));
1667
		return True;
1667
		return True;
1668
	}
1668
	}
(-)samba-3.0.9-orig/source/nmbd/nmbd_processlogon.c (-2 / +1 lines)
Lines 577-584 Link Here
577
					return;
577
					return;
578
				}
578
				}
579
579
580
				db_info = (struct sam_database_info *)
580
				db_info = SMB_MALLOC_ARRAY(struct sam_database_info, db_count);
581
						malloc(sizeof(struct sam_database_info) * db_count);
582
581
583
				if (db_info == NULL) {
582
				if (db_info == NULL) {
584
					DEBUG(3, ("out of memory allocating info for %d databases\n", db_count));
583
					DEBUG(3, ("out of memory allocating info for %d databases\n", db_count));
(-)samba-3.0.9-orig/source/nmbd/nmbd_responserecordsdb.c (-2 / +2 lines)
Lines 105-111 Link Here
105
	struct response_record *rrec;
105
	struct response_record *rrec;
106
	struct nmb_packet *nmb = &p->packet.nmb;
106
	struct nmb_packet *nmb = &p->packet.nmb;
107
107
108
	if (!(rrec = (struct response_record *)malloc(sizeof(*rrec)))) {
108
	if (!(rrec = SMB_MALLOC_P(struct response_record))) {
109
		DEBUG(0,("make_response_queue_record: malloc fail for response_record.\n"));
109
		DEBUG(0,("make_response_queue_record: malloc fail for response_record.\n"));
110
		return NULL;
110
		return NULL;
111
	}
111
	}
Lines 133-139 Link Here
133
		} else {
133
		} else {
134
			/* Primitive userdata, do a memcpy. */
134
			/* Primitive userdata, do a memcpy. */
135
			if((rrec->userdata = (struct userdata_struct *)
135
			if((rrec->userdata = (struct userdata_struct *)
136
					malloc(sizeof(struct userdata_struct)+userdata->userdata_len)) == NULL) {
136
					SMB_MALLOC(sizeof(struct userdata_struct)+userdata->userdata_len)) == NULL) {
137
				DEBUG(0,("make_response_queue_record: malloc fail for userdata.\n"));
137
				DEBUG(0,("make_response_queue_record: malloc fail for userdata.\n"));
138
				ZERO_STRUCTP(rrec);
138
				ZERO_STRUCTP(rrec);
139
				SAFE_FREE(rrec);
139
				SAFE_FREE(rrec);
(-)samba-3.0.9-orig/source/nmbd/nmbd_serverlistdb.c (-1 / +1 lines)
Lines 137-143 Link Here
137
		return NULL;
137
		return NULL;
138
	}
138
	}
139
  
139
  
140
	if((servrec = (struct server_record *)malloc(sizeof(*servrec))) == NULL) {
140
	if((servrec = SMB_MALLOC_P(struct server_record)) == NULL) {
141
		DEBUG(0,("create_server_entry_on_workgroup: malloc fail !\n"));
141
		DEBUG(0,("create_server_entry_on_workgroup: malloc fail !\n"));
142
		return NULL;
142
		return NULL;
143
	}
143
	}
(-)samba-3.0.9-orig/source/nmbd/nmbd_subnetdb.c (-2 / +2 lines)
Lines 147-153 Link Here
147
		set_socket_options(dgram_sock,"SO_BROADCAST");
147
		set_socket_options(dgram_sock,"SO_BROADCAST");
148
	}
148
	}
149
149
150
	subrec = (struct subnet_record *)malloc(sizeof(*subrec));
150
	subrec = SMB_MALLOC_P(struct subnet_record);
151
	if (!subrec) {
151
	if (!subrec) {
152
		DEBUG(0,("make_subnet: malloc fail !\n"));
152
		DEBUG(0,("make_subnet: malloc fail !\n"));
153
		close(nmb_sock);
153
		close(nmb_sock);
Lines 160-166 Link Here
160
			namelist_entry_compare,
160
			namelist_entry_compare,
161
			ubi_trOVERWRITE );
161
			ubi_trOVERWRITE );
162
162
163
	if((subrec->subnet_name = strdup(name)) == NULL) {
163
	if((subrec->subnet_name = SMB_STRDUP(name)) == NULL) {
164
		DEBUG(0,("make_subnet: malloc fail for subnet name !\n"));
164
		DEBUG(0,("make_subnet: malloc fail for subnet name !\n"));
165
		close(nmb_sock);
165
		close(nmb_sock);
166
		close(dgram_sock);
166
		close(dgram_sock);
(-)samba-3.0.9-orig/source/nmbd/nmbd_synclists.c (-1 / +1 lines)
Lines 143-149 Link Here
143
		return;
143
		return;
144
	}
144
	}
145
145
146
	s = (struct sync_record *)malloc(sizeof(*s));
146
	s = SMB_MALLOC_P(struct sync_record);
147
	if (!s) goto done;
147
	if (!s) goto done;
148
148
149
	ZERO_STRUCTP(s);
149
	ZERO_STRUCTP(s);
(-)samba-3.0.9-orig/source/nmbd/nmbd_winsproxy.c (-2 / +2 lines)
Lines 59-65 Link Here
59
	if(num_ips == 1) {
59
	if(num_ips == 1) {
60
		iplist = &ip;
60
		iplist = &ip;
61
	} else {
61
	} else {
62
		if((iplist = (struct in_addr *)malloc( num_ips * sizeof(struct in_addr) )) == NULL) {
62
		if((iplist = SMB_MALLOC_ARRAY( struct in_addr, num_ips )) == NULL) {
63
			DEBUG(0,("wins_proxy_name_query_request_success: malloc fail !\n"));
63
			DEBUG(0,("wins_proxy_name_query_request_success: malloc fail !\n"));
64
			return;
64
			return;
65
		}
65
		}
Lines 131-137 Link Here
131
static struct userdata_struct *wins_proxy_userdata_copy_fn(struct userdata_struct *userdata)
131
static struct userdata_struct *wins_proxy_userdata_copy_fn(struct userdata_struct *userdata)
132
{
132
{
133
	struct packet_struct *p, *copy_of_p;
133
	struct packet_struct *p, *copy_of_p;
134
	struct userdata_struct *new_userdata = (struct userdata_struct *)malloc( userdata->userdata_len );
134
	struct userdata_struct *new_userdata = (struct userdata_struct *)SMB_MALLOC( userdata->userdata_len );
135
135
136
	if(new_userdata == NULL)
136
	if(new_userdata == NULL)
137
		return NULL;
137
		return NULL;
(-)samba-3.0.9-orig/source/nmbd/nmbd_winsserver.c (-3 / +3 lines)
Lines 318-324 Link Here
318
		}
318
		}
319
319
320
		/* Allocate the space for the ip_list. */
320
		/* Allocate the space for the ip_list. */
321
		if((ip_list = (struct in_addr *)malloc( num_ips * sizeof(struct in_addr))) == NULL) {
321
		if((ip_list = SMB_MALLOC_ARRAY( struct in_addr, num_ips)) == NULL) {
322
			DEBUG(0,("initialise_wins: Malloc fail !\n"));
322
			DEBUG(0,("initialise_wins: Malloc fail !\n"));
323
			return False;
323
			return False;
324
		}
324
		}
Lines 1379-1385 Link Here
1379
		return;
1379
		return;
1380
	}
1380
	}
1381
1381
1382
	if((prdata = (char *)malloc( num_ips * 6 )) == NULL) {
1382
	if((prdata = (char *)SMB_MALLOC( num_ips * 6 )) == NULL) {
1383
		DEBUG(0,("process_wins_dmb_query_request: Malloc fail !.\n"));
1383
		DEBUG(0,("process_wins_dmb_query_request: Malloc fail !.\n"));
1384
		return;
1384
		return;
1385
	}
1385
	}
Lines 1442-1448 Link Here
1442
		if( namerec->data.num_ips == 1 ) {
1442
		if( namerec->data.num_ips == 1 ) {
1443
			prdata = rdata;
1443
			prdata = rdata;
1444
		} else {
1444
		} else {
1445
			if((prdata = (char *)malloc( namerec->data.num_ips * 6 )) == NULL) {
1445
			if((prdata = (char *)SMB_MALLOC( namerec->data.num_ips * 6 )) == NULL) {
1446
				DEBUG(0,("send_wins_name_query_response: malloc fail !\n"));
1446
				DEBUG(0,("send_wins_name_query_response: malloc fail !\n"));
1447
				return;
1447
				return;
1448
			}
1448
			}
(-)samba-3.0.9-orig/source/nmbd/nmbd_workgroupdb.c (-1 / +1 lines)
Lines 71-77 Link Here
71
	struct subnet_record *subrec;
71
	struct subnet_record *subrec;
72
	int t = -1;
72
	int t = -1;
73
  
73
  
74
	if((work = (struct work_record *)malloc(sizeof(*work))) == NULL) {
74
	if((work = SMB_MALLOC_P(struct work_record)) == NULL) {
75
		DEBUG(0,("create_workgroup: malloc fail !\n"));
75
		DEBUG(0,("create_workgroup: malloc fail !\n"));
76
		return NULL;
76
		return NULL;
77
	}
77
	}
(-)samba-3.0.9-orig/source/nsswitch/wb_client.c (-1 / +1 lines)
Lines 326-332 Link Here
326
		/* Add group to list if necessary */
326
		/* Add group to list if necessary */
327
327
328
		if (!is_member) {
328
		if (!is_member) {
329
			tgr = (gid_t *)Realloc(groups, sizeof(gid_t) * ngroups + 1);
329
			tgr = SMB_REALLOC_ARRAY(groups, gid_t, ngroups + 1);
330
			
330
			
331
			if (!tgr) {
331
			if (!tgr) {
332
				errno = ENOMEM;
332
				errno = ENOMEM;
(-)samba-3.0.9-orig/source/nsswitch/winbindd_acct.c (-4 / +4 lines)
Lines 219-225 Link Here
219
		if ( num_gr_members ) {
219
		if ( num_gr_members ) {
220
			fstring buffer;
220
			fstring buffer;
221
			
221
			
222
			gr_members = (char**)smb_xmalloc(sizeof(char*)*(num_gr_members+1));
222
			gr_members = SMB_XMALLOC_ARRAY(char*, num_gr_members+1);
223
			
223
			
224
			i = 0;
224
			i = 0;
225
			while ( next_token(&str, buffer, ",", sizeof(buffer)) && i<num_gr_members ) {
225
			while ( next_token(&str, buffer, ",", sizeof(buffer)) && i<num_gr_members ) {
Lines 284-290 Link Here
284
			member = grp->gr_mem[num_members];
284
			member = grp->gr_mem[num_members];
285
		}
285
		}
286
		
286
		
287
		gr_mem_str = smb_xmalloc(size);
287
		gr_mem_str = SMB_XMALLOC_ARRAY(char, size);
288
	
288
	
289
		for ( i=0; i<num_members; i++ ) {
289
		for ( i=0; i<num_members; i++ ) {
290
			snprintf( &gr_mem_str[idx], size-idx, "%s,", grp->gr_mem[i] );
290
			snprintf( &gr_mem_str[idx], size-idx, "%s,", grp->gr_mem[i] );
Lines 295-301 Link Here
295
	}
295
	}
296
	else {
296
	else {
297
		/* no members */
297
		/* no members */
298
		gr_mem_str = smb_xmalloc(sizeof(fstring));
298
		gr_mem_str = SMB_XMALLOC_ARRAY(char, sizeof(fstring));
299
		fstrcpy( gr_mem_str, "" );
299
		fstrcpy( gr_mem_str, "" );
300
	}
300
	}
301
301
Lines 639-645 Link Here
639
	}
639
	}
640
	
640
	
641
	/* add one new slot and keep an extra for the terminating NULL */
641
	/* add one new slot and keep an extra for the terminating NULL */
642
	members = Realloc( grp->gr_mem, (grp->num_gr_mem+2)*sizeof(char*) );
642
	members = SMB_REALLOC_ARRAY( grp->gr_mem, char *, grp->num_gr_mem+2);
643
	if ( !members )
643
	if ( !members )
644
		return False;
644
		return False;
645
		
645
		
(-)samba-3.0.9-orig/source/nsswitch/winbindd_ads.c (-17 / +17 lines)
Lines 72-78 Link Here
72
	ads->auth.password = secrets_fetch_machine_password(lp_workgroup(), NULL, NULL);
72
	ads->auth.password = secrets_fetch_machine_password(lp_workgroup(), NULL, NULL);
73
73
74
	SAFE_FREE(ads->auth.realm);
74
	SAFE_FREE(ads->auth.realm);
75
	ads->auth.realm = strdup(lp_realm());
75
	ads->auth.realm = SMB_STRDUP(lp_realm());
76
76
77
	status = ads_connect(ads);
77
	status = ads_connect(ads);
78
	if (!ADS_ERR_OK(status) || !ads->config.realm) {
78
	if (!ADS_ERR_OK(status) || !ads->config.realm) {
Lines 146-152 Link Here
146
		goto done;
146
		goto done;
147
	}
147
	}
148
148
149
	(*info) = talloc_zero(mem_ctx, count * sizeof(**info));
149
	(*info) = TALLOC_ZERO_ARRAY(mem_ctx, WINBIND_USERINFO, count);
150
	if (!*info) {
150
	if (!*info) {
151
		status = NT_STATUS_NO_MEMORY;
151
		status = NT_STATUS_NO_MEMORY;
152
		goto done;
152
		goto done;
Lines 179-185 Link Here
179
			continue;
179
			continue;
180
		}
180
		}
181
181
182
		sid2 = talloc(mem_ctx, sizeof(*sid2));
182
		sid2 = TALLOC_P(mem_ctx, DOM_SID);
183
		if (!sid2) {
183
		if (!sid2) {
184
			status = NT_STATUS_NO_MEMORY;
184
			status = NT_STATUS_NO_MEMORY;
185
			goto done;
185
			goto done;
Lines 248-254 Link Here
248
		goto done;
248
		goto done;
249
	}
249
	}
250
250
251
	(*info) = talloc_zero(mem_ctx, count * sizeof(**info));
251
	(*info) = TALLOC_ZERO_ARRAY(mem_ctx, struct acct_info, count);
252
	if (!*info) {
252
	if (!*info) {
253
		status = NT_STATUS_NO_MEMORY;
253
		status = NT_STATUS_NO_MEMORY;
254
		goto done;
254
		goto done;
Lines 421-427 Link Here
421
		goto done;
421
		goto done;
422
	}
422
	}
423
	
423
	
424
	sid2 = talloc(mem_ctx, sizeof(*sid2));
424
	sid2 = TALLOC_P(mem_ctx, DOM_SID);
425
	if (!sid2) {
425
	if (!sid2) {
426
		status = NT_STATUS_NO_MEMORY;
426
		status = NT_STATUS_NO_MEMORY;
427
		goto done;
427
		goto done;
Lines 501-507 Link Here
501
		goto done;
501
		goto done;
502
	}
502
	}
503
	
503
	
504
	(*user_gids) = talloc_zero(mem_ctx, sizeof(**user_gids) * (count + 1));
504
	(*user_gids) = TALLOC_ZERO_ARRAY(mem_ctx, DOM_SID *, count + 1);
505
	(*user_gids)[0] = primary_group;
505
	(*user_gids)[0] = primary_group;
506
	
506
	
507
	*num_groups = 1;
507
	*num_groups = 1;
Lines 516-522 Link Here
516
		
516
		
517
		if (sid_equal(&group_sid, primary_group)) continue;
517
		if (sid_equal(&group_sid, primary_group)) continue;
518
		
518
		
519
		(*user_gids)[*num_groups] = talloc(mem_ctx, sizeof(***user_gids));
519
		(*user_gids)[*num_groups] = TALLOC_P(mem_ctx, DOM_SID);
520
		if (!(*user_gids)[*num_groups]) {
520
		if (!(*user_gids)[*num_groups]) {
521
			status = NT_STATUS_NO_MEMORY;
521
			status = NT_STATUS_NO_MEMORY;
522
			goto done;
522
			goto done;
Lines 610-616 Link Here
610
					     num_groups, user_gids);
610
					     num_groups, user_gids);
611
	}
611
	}
612
612
613
	(*user_gids) = talloc_zero(mem_ctx, sizeof(**user_gids) * (count + 1));
613
	(*user_gids) = TALLOC_ZERO_ARRAY(mem_ctx, DOM_SID *, count + 1);
614
	(*user_gids)[0] = primary_group;
614
	(*user_gids)[0] = primary_group;
615
	
615
	
616
	*num_groups = 1;
616
	*num_groups = 1;
Lines 618-624 Link Here
618
	for (i=0;i<count;i++) {
618
	for (i=0;i<count;i++) {
619
		if (sid_equal(&sids[i], primary_group)) continue;
619
		if (sid_equal(&sids[i], primary_group)) continue;
620
		
620
		
621
		(*user_gids)[*num_groups] = talloc(mem_ctx, sizeof(***user_gids));
621
		(*user_gids)[*num_groups] = TALLOC_P(mem_ctx, DOM_SID);
622
		if (!(*user_gids)[*num_groups]) {
622
		if (!(*user_gids)[*num_groups]) {
623
			status = NT_STATUS_NO_MEMORY;
623
			status = NT_STATUS_NO_MEMORY;
624
			goto done;
624
			goto done;
Lines 685-691 Link Here
685
	members = NULL;
685
	members = NULL;
686
	num_members = 0;
686
	num_members = 0;
687
687
688
	attrs = talloc(mem_ctx, 3 * sizeof(*attrs));
688
	attrs = TALLOC_ARRAY(mem_ctx, const char *, 3);
689
	attrs[1] = talloc_strdup(mem_ctx, "usnChanged");
689
	attrs[1] = talloc_strdup(mem_ctx, "usnChanged");
690
	attrs[2] = NULL;
690
	attrs[2] = NULL;
691
		
691
		
Lines 751-759 Link Here
751
	   the problem is that the members are in the form of distinguised names
751
	   the problem is that the members are in the form of distinguised names
752
	*/
752
	*/
753
753
754
	(*sid_mem) = talloc_zero(mem_ctx, sizeof(**sid_mem) * num_members);
754
	(*sid_mem) = TALLOC_ZERO_ARRAY(mem_ctx, DOM_SID *, num_members);
755
	(*name_types) = talloc_zero(mem_ctx, sizeof(**name_types) * num_members);
755
	(*name_types) = TALLOC_ZERO_ARRAY(mem_ctx, uint32, num_members);
756
	(*names) = talloc_zero(mem_ctx, sizeof(**names) * num_members);
756
	(*names) = TALLOC_ZERO_ARRAY(mem_ctx, char *, num_members);
757
757
758
	for (i=0;i<num_members;i++) {
758
	for (i=0;i<num_members;i++) {
759
		uint32 name_type;
759
		uint32 name_type;
Lines 763-769 Link Here
763
		if (dn_lookup(ads, mem_ctx, members[i], &name, &name_type, &sid)) {
763
		if (dn_lookup(ads, mem_ctx, members[i], &name, &name_type, &sid)) {
764
		    (*names)[*num_names] = name;
764
		    (*names)[*num_names] = name;
765
		    (*name_types)[*num_names] = name_type;
765
		    (*name_types)[*num_names] = name_type;
766
		    (*sid_mem)[*num_names] = talloc(mem_ctx, sizeof(***sid_mem));
766
		    (*sid_mem)[*num_names] = TALLOC_P(mem_ctx, DOM_SID);
767
		    if (!(*sid_mem)[*num_names]) {
767
		    if (!(*sid_mem)[*num_names]) {
768
			    status = NT_STATUS_NO_MEMORY;
768
			    status = NT_STATUS_NO_MEMORY;
769
			    goto done;
769
			    goto done;
Lines 850-868 Link Here
850
	
850
	
851
		/* Allocate memory for trusted domain names and sids */
851
		/* Allocate memory for trusted domain names and sids */
852
852
853
		if ( !(*names = (char **)talloc(mem_ctx, sizeof(char *) * count)) ) {
853
		if ( !(*names = TALLOC_ARRAY(mem_ctx, char *, count)) ) {
854
			DEBUG(0, ("trusted_domains: out of memory\n"));
854
			DEBUG(0, ("trusted_domains: out of memory\n"));
855
			result = NT_STATUS_NO_MEMORY;
855
			result = NT_STATUS_NO_MEMORY;
856
			goto done;
856
			goto done;
857
		}
857
		}
858
858
859
		if ( !(*alt_names = (char **)talloc(mem_ctx, sizeof(char *) * count)) ) {
859
		if ( !(*alt_names = TALLOC_ARRAY(mem_ctx, char *, count)) ) {
860
			DEBUG(0, ("trusted_domains: out of memory\n"));
860
			DEBUG(0, ("trusted_domains: out of memory\n"));
861
			result = NT_STATUS_NO_MEMORY;
861
			result = NT_STATUS_NO_MEMORY;
862
			goto done;
862
			goto done;
863
		}
863
		}
864
864
865
		if ( !(*dom_sids = (DOM_SID *)talloc(mem_ctx, sizeof(DOM_SID) * count)) ) {
865
		if ( !(*dom_sids = TALLOC_ARRAY(mem_ctx, DOM_SID, count)) ) {
866
			DEBUG(0, ("trusted_domains: out of memory\n"));
866
			DEBUG(0, ("trusted_domains: out of memory\n"));
867
			result = NT_STATUS_NO_MEMORY;
867
			result = NT_STATUS_NO_MEMORY;
868
			goto done;
868
			goto done;
(-)samba-3.0.9-orig/source/nsswitch/winbindd.c (-2 / +1 lines)
Lines 357-364 Link Here
357
	
357
	
358
	/* Create new connection structure */
358
	/* Create new connection structure */
359
	
359
	
360
	if ((state = (struct winbindd_cli_state *) 
360
	if ((state = SMB_MALLOC_P(struct winbindd_cli_state)) == NULL)
361
             malloc(sizeof(*state))) == NULL)
362
		return;
361
		return;
363
	
362
	
364
	ZERO_STRUCTP(state);
363
	ZERO_STRUCTP(state);
(-)samba-3.0.9-orig/source/nsswitch/winbindd_cache.c (-14 / +14 lines)
Lines 136-142 Link Here
136
	if (ret)
136
	if (ret)
137
		return ret;
137
		return ret;
138
	
138
	
139
	ret = smb_xmalloc(sizeof(*ret));
139
	ret = SMB_XMALLOC_P(struct winbind_cache);
140
	ZERO_STRUCTP(ret);
140
	ZERO_STRUCTP(ret);
141
141
142
	wcache = ret;
142
	wcache = ret;
Lines 209-215 Link Here
209
		smb_panic("centry_string");
209
		smb_panic("centry_string");
210
	}
210
	}
211
211
212
	ret = talloc(mem_ctx, len+1);
212
	ret = TALLOC(mem_ctx, len+1);
213
	if (!ret) {
213
	if (!ret) {
214
		smb_panic("centry_string out of memory\n");
214
		smb_panic("centry_string out of memory\n");
215
	}
215
	}
Lines 227-233 Link Here
227
	DOM_SID *sid;
227
	DOM_SID *sid;
228
	char *sid_string;
228
	char *sid_string;
229
229
230
	sid = talloc(mem_ctx, sizeof(*sid));
230
	sid = TALLOC_P(mem_ctx, DOM_SID);
231
	if (!sid)
231
	if (!sid)
232
		return NULL;
232
		return NULL;
233
	
233
	
Lines 450-456 Link Here
450
		return NULL;
450
		return NULL;
451
	}
451
	}
452
452
453
	centry = smb_xmalloc(sizeof(*centry));
453
	centry = SMB_XMALLOC_P(struct cache_entry);
454
	centry->data = (unsigned char *)data.dptr;
454
	centry->data = (unsigned char *)data.dptr;
455
	centry->len = data.dsize;
455
	centry->len = data.dsize;
456
	centry->ofs = 0;
456
	centry->ofs = 0;
Lines 501-507 Link Here
501
	if (centry->len - centry->ofs >= len)
501
	if (centry->len - centry->ofs >= len)
502
		return;
502
		return;
503
	centry->len *= 2;
503
	centry->len *= 2;
504
	p = realloc(centry->data, centry->len);
504
	p = SMB_REALLOC(centry->data, centry->len);
505
	if (!p) {
505
	if (!p) {
506
		DEBUG(0,("out of memory: needed %d bytes in centry_expand\n", centry->len));
506
		DEBUG(0,("out of memory: needed %d bytes in centry_expand\n", centry->len));
507
		smb_panic("out of memory in centry_expand");
507
		smb_panic("out of memory in centry_expand");
Lines 568-577 Link Here
568
	if (!wcache->tdb)
568
	if (!wcache->tdb)
569
		return NULL;
569
		return NULL;
570
570
571
	centry = smb_xmalloc(sizeof(*centry));
571
	centry = SMB_XMALLOC_P(struct cache_entry);
572
572
573
	centry->len = 8192; /* reasonable default */
573
	centry->len = 8192; /* reasonable default */
574
	centry->data = smb_xmalloc(centry->len);
574
	centry->data = SMB_XMALLOC_ARRAY(char, centry->len);
575
	centry->ofs = 0;
575
	centry->ofs = 0;
576
	centry->sequence_number = domain->sequence_number;
576
	centry->sequence_number = domain->sequence_number;
577
	centry_put_uint32(centry, NT_STATUS_V(status));
577
	centry_put_uint32(centry, NT_STATUS_V(status));
Lines 684-690 Link Here
684
	if (*num_entries == 0)
684
	if (*num_entries == 0)
685
		goto do_cached;
685
		goto do_cached;
686
686
687
	(*info) = talloc(mem_ctx, sizeof(**info) * (*num_entries));
687
	(*info) = TALLOC_ARRAY(mem_ctx, WINBIND_USERINFO, *num_entries);
688
	if (! (*info))
688
	if (! (*info))
689
		smb_panic("query_user_list out of memory");
689
		smb_panic("query_user_list out of memory");
690
	for (i=0; i<(*num_entries); i++) {
690
	for (i=0; i<(*num_entries); i++) {
Lines 793-799 Link Here
793
	if (*num_entries == 0)
793
	if (*num_entries == 0)
794
		goto do_cached;
794
		goto do_cached;
795
795
796
	(*info) = talloc(mem_ctx, sizeof(**info) * (*num_entries));
796
	(*info) = TALLOC_ARRAY(mem_ctx, struct acct_info, *num_entries);
797
	if (! (*info))
797
	if (! (*info))
798
		smb_panic("enum_dom_groups out of memory");
798
		smb_panic("enum_dom_groups out of memory");
799
	for (i=0; i<(*num_entries); i++) {
799
	for (i=0; i<(*num_entries); i++) {
Lines 866-872 Link Here
866
	if (*num_entries == 0)
866
	if (*num_entries == 0)
867
		goto do_cached;
867
		goto do_cached;
868
868
869
	(*info) = talloc(mem_ctx, sizeof(**info) * (*num_entries));
869
	(*info) = TALLOC_ARRAY(mem_ctx, struct acct_info, *num_entries);
870
	if (! (*info))
870
	if (! (*info))
871
		smb_panic("enum_dom_groups out of memory");
871
		smb_panic("enum_dom_groups out of memory");
872
	for (i=0; i<(*num_entries); i++) {
872
	for (i=0; i<(*num_entries); i++) {
Lines 1156-1162 Link Here
1156
	if (*num_groups == 0)
1156
	if (*num_groups == 0)
1157
		goto do_cached;
1157
		goto do_cached;
1158
1158
1159
	(*user_gids) = talloc(mem_ctx, sizeof(**user_gids) * (*num_groups));
1159
	(*user_gids) = TALLOC_ARRAY(mem_ctx, DOM_SID *, *num_groups);
1160
	if (! (*user_gids))
1160
	if (! (*user_gids))
1161
		smb_panic("lookup_usergroups out of memory");
1161
		smb_panic("lookup_usergroups out of memory");
1162
	for (i=0; i<(*num_groups); i++) {
1162
	for (i=0; i<(*num_groups); i++) {
Lines 1227-1235 Link Here
1227
	if (*num_names == 0)
1227
	if (*num_names == 0)
1228
		goto do_cached;
1228
		goto do_cached;
1229
1229
1230
	(*sid_mem) = talloc(mem_ctx, sizeof(**sid_mem) * (*num_names));
1230
	(*sid_mem) = TALLOC_ARRAY(mem_ctx, DOM_SID *, *num_names);
1231
	(*names) = talloc(mem_ctx, sizeof(**names) * (*num_names));
1231
	(*names) = TALLOC_ARRAY(mem_ctx, char *, *num_names);
1232
	(*name_types) = talloc(mem_ctx, sizeof(**name_types) * (*num_names));
1232
	(*name_types) = TALLOC_ARRAY(mem_ctx, uint32, *num_names);
1233
1233
1234
	if (! (*sid_mem) || ! (*names) || ! (*name_types)) {
1234
	if (! (*sid_mem) || ! (*names) || ! (*name_types)) {
1235
		smb_panic("lookup_groupmem out of memory");
1235
		smb_panic("lookup_groupmem out of memory");
(-)samba-3.0.9-orig/source/nsswitch/winbindd_cm.c (-1 / +1 lines)
Lines 489-495 Link Here
489
	struct winbindd_cm_conn *conn;
489
	struct winbindd_cm_conn *conn;
490
	NTSTATUS result;
490
	NTSTATUS result;
491
491
492
	if (!(conn = malloc(sizeof(*conn))))
492
	if (!(conn = SMB_MALLOC_P(struct winbindd_cm_conn)))
493
		return NT_STATUS_NO_MEMORY;
493
		return NT_STATUS_NO_MEMORY;
494
		
494
		
495
	ZERO_STRUCTP(conn);
495
	ZERO_STRUCTP(conn);
(-)samba-3.0.9-orig/source/nsswitch/winbindd_dual.c (-1 / +1 lines)
Lines 117-123 Link Here
117
117
118
	if (!background_process) return;
118
	if (!background_process) return;
119
119
120
	list = malloc(sizeof(*list));
120
	list = SMB_MALLOC_P(struct dual_list);
121
	if (!list) return;
121
	if (!list) return;
122
122
123
	list->next = NULL;
123
	list->next = NULL;
(-)samba-3.0.9-orig/source/nsswitch/winbindd_group.c (-16 / +12 lines)
Lines 47-53 Link Here
47
	for ( i=0; i<num_members; i++ )
47
	for ( i=0; i<num_members; i++ )
48
		len += strlen(members[i])+1;
48
		len += strlen(members[i])+1;
49
49
50
	*buffer = (char*)smb_xmalloc(len);
50
	*buffer = SMB_XMALLOC_ARRAY(char, len);
51
	for ( i=0; i<num_members; i++ ) {
51
	for ( i=0; i<num_members; i++ ) {
52
		snprintf( &(*buffer)[idx], len-idx, "%s,", members[i]);
52
		snprintf( &(*buffer)[idx], len-idx, "%s,", members[i]);
53
		idx += strlen(members[i])+1;
53
		idx += strlen(members[i])+1;
Lines 194-200 Link Here
194
	/* Allocate buffer */
194
	/* Allocate buffer */
195
195
196
	if (!buf && buf_len != 0) {
196
	if (!buf && buf_len != 0) {
197
		if (!(buf = malloc(buf_len))) {
197
		if (!(buf = SMB_MALLOC(buf_len))) {
198
			DEBUG(1, ("out of memory\n"));
198
			DEBUG(1, ("out of memory\n"));
199
			result = False;
199
			result = False;
200
			goto done;
200
			goto done;
Lines 457-464 Link Here
457
		}
457
		}
458
						
458
						
459
		
459
		
460
		if ((domain_state = (struct getent_state *)
460
		if ((domain_state = SMB_MALLOC_P(struct getent_state)) == NULL) {
461
		     malloc(sizeof(struct getent_state))) == NULL) {
462
			DEBUG(1, ("winbindd_setgrent: malloc failed for domain_state!\n"));
461
			DEBUG(1, ("winbindd_setgrent: malloc failed for domain_state!\n"));
463
			return WINBINDD_ERROR;
462
			return WINBINDD_ERROR;
464
		}
463
		}
Lines 542-548 Link Here
542
	/* Copy entries into return buffer */
541
	/* Copy entries into return buffer */
543
542
544
	if (num_entries) {
543
	if (num_entries) {
545
		if ( !(name_list = malloc(sizeof(struct acct_info) * num_entries)) ) {
544
		if ( !(name_list = SMB_MALLOC_ARRAY(struct acct_info, num_entries)) ) {
546
			DEBUG(0,("get_sam_group_entries: Failed to malloc memory for %d domain groups!\n", 
545
			DEBUG(0,("get_sam_group_entries: Failed to malloc memory for %d domain groups!\n", 
547
				num_entries));
546
				num_entries));
548
			result = False;
547
			result = False;
Lines 573-579 Link Here
573
		/* Copy entries into return buffer */
572
		/* Copy entries into return buffer */
574
573
575
		if ( num_entries ) {
574
		if ( num_entries ) {
576
			if ( !(tmp_name_list = Realloc( name_list, sizeof(struct acct_info) * (ent->num_sam_entries+num_entries))) )
575
			if ( !(tmp_name_list = SMB_REALLOC_ARRAY( name_list, struct acct_info, ent->num_sam_entries+num_entries)) )
577
			{
576
			{
578
				DEBUG(0,("get_sam_group_entries: Failed to realloc more memory for %d local groups!\n", 
577
				DEBUG(0,("get_sam_group_entries: Failed to realloc more memory for %d local groups!\n", 
579
					num_entries));
578
					num_entries));
Lines 625-632 Link Here
625
624
626
	num_groups = MIN(MAX_GETGRENT_GROUPS, state->request.data.num_entries);
625
	num_groups = MIN(MAX_GETGRENT_GROUPS, state->request.data.num_entries);
627
626
628
	if ((state->response.extra_data = 
627
	if ((state->response.extra_data = SMB_MALLOC_ARRAY(struct winbindd_gr, num_groups)) == NULL)
629
	     malloc(num_groups * sizeof(struct winbindd_gr))) == NULL)
630
		return WINBINDD_ERROR;
628
		return WINBINDD_ERROR;
631
629
632
	memset(state->response.extra_data, '\0',
630
	memset(state->response.extra_data, '\0',
Lines 746-754 Link Here
746
744
747
		if (result) {
745
		if (result) {
748
			/* Append to group membership list */
746
			/* Append to group membership list */
749
			new_gr_mem_list = Realloc(
747
			new_gr_mem_list = SMB_REALLOC( gr_mem_list, gr_mem_list_len + gr_mem_len);
750
				gr_mem_list,
751
				gr_mem_list_len + gr_mem_len);
752
748
753
			if (!new_gr_mem_list && (group_list[group_list_ndx].num_gr_mem != 0)) {
749
			if (!new_gr_mem_list && (group_list[group_list_ndx].num_gr_mem != 0)) {
754
				DEBUG(0, ("out of memory\n"));
750
				DEBUG(0, ("out of memory\n"));
Lines 799-805 Link Here
799
	if (group_list_ndx == 0)
795
	if (group_list_ndx == 0)
800
		goto done;
796
		goto done;
801
797
802
	new_extra_data = Realloc(
798
	new_extra_data = SMB_REALLOC(
803
		state->response.extra_data,
799
		state->response.extra_data,
804
		group_list_ndx * sizeof(struct winbindd_gr) + gr_mem_list_len);
800
		group_list_ndx * sizeof(struct winbindd_gr) + gr_mem_list_len);
805
801
Lines 880-886 Link Here
880
		
876
		
881
		/* Allocate some memory for extra data.  Note that we limit
877
		/* Allocate some memory for extra data.  Note that we limit
882
		   account names to sizeof(fstring) = 128 characters.  */		
878
		   account names to sizeof(fstring) = 128 characters.  */		
883
                ted = Realloc(extra_data, sizeof(fstring) * total_entries);
879
                ted = SMB_REALLOC(extra_data, sizeof(fstring) * total_entries);
884
 
880
 
885
		if (!ted) {
881
		if (!ted) {
886
			DEBUG(0,("failed to enlarge buffer!\n"));
882
			DEBUG(0,("failed to enlarge buffer!\n"));
Lines 1156-1167 Link Here
1156
			return;
1152
			return;
1157
	}
1153
	}
1158
1154
1159
	*sids = talloc_realloc(mem_ctx, *sids, sizeof(**sids) * (*num_sids+1));
1155
	*sids = TALLOC_REALLOC_ARRAY(mem_ctx, *sids, DOM_SID *, *num_sids+1);
1160
1156
1161
	if (*sids == NULL)
1157
	if (*sids == NULL)
1162
		return;
1158
		return;
1163
1159
1164
	(*sids)[*num_sids] = talloc(mem_ctx, sizeof(DOM_SID));
1160
	(*sids)[*num_sids] = TALLOC_P(mem_ctx, DOM_SID);
1165
	sid_copy((*sids)[*num_sids], sid);
1161
	sid_copy((*sids)[*num_sids], sid);
1166
	*num_sids += 1;
1162
	*num_sids += 1;
1167
	return;
1163
	return;
Lines 1264-1270 Link Here
1264
	}
1260
	}
1265
1261
1266
	/* build the reply */
1262
	/* build the reply */
1267
	ret = malloc(ret_size);
1263
	ret = SMB_MALLOC(ret_size);
1268
	if (!ret) goto done;
1264
	if (!ret) goto done;
1269
	ofs = 0;
1265
	ofs = 0;
1270
	for (i = 0; i < num_groups; i++) {
1266
	for (i = 0; i < num_groups; i++) {
(-)samba-3.0.9-orig/source/nsswitch/winbindd_misc.c (-3 / +3 lines)
Lines 128-134 Link Here
128
		/* Add domain to list */
128
		/* Add domain to list */
129
129
130
		total_entries++;
130
		total_entries++;
131
		ted = Realloc(extra_data, sizeof(fstring) * 
131
		ted = SMB_REALLOC(extra_data, sizeof(fstring) * 
132
                              total_entries);
132
                              total_entries);
133
133
134
		if (!ted) {
134
		if (!ted) {
Lines 168-174 Link Here
168
	state->request.domain_name[sizeof(state->request.domain_name)-1]='\0';	
168
	state->request.domain_name[sizeof(state->request.domain_name)-1]='\0';	
169
	which_domain = state->request.domain_name;
169
	which_domain = state->request.domain_name;
170
170
171
	extra_data = strdup("");
171
	extra_data = SMB_STRDUP("");
172
172
173
	/* this makes for a very simple data format, and is easily parsable as well
173
	/* this makes for a very simple data format, and is easily parsable as well
174
	   if that is ever needed */
174
	   if that is ever needed */
Lines 296-302 Link Here
296
296
297
	DEBUG(3, ("[%5lu]: request location of privileged pipe\n", (unsigned long)state->pid));
297
	DEBUG(3, ("[%5lu]: request location of privileged pipe\n", (unsigned long)state->pid));
298
	
298
	
299
	state->response.extra_data = strdup(get_winbind_priv_pipe_dir());
299
	state->response.extra_data = SMB_STRDUP(get_winbind_priv_pipe_dir());
300
	if (!state->response.extra_data)
300
	if (!state->response.extra_data)
301
		return WINBINDD_ERROR;
301
		return WINBINDD_ERROR;
302
302
(-)samba-3.0.9-orig/source/nsswitch/winbindd_pam.c (-4 / +4 lines)
Lines 43-49 Link Here
43
	}
43
	}
44
44
45
	size = prs_data_size(&ps);
45
	size = prs_data_size(&ps);
46
	state->response.extra_data = malloc(size);
46
	state->response.extra_data = SMB_MALLOC(size);
47
	if (!state->response.extra_data) {
47
	if (!state->response.extra_data) {
48
		prs_mem_free(&ps);
48
		prs_mem_free(&ps);
49
		return NT_STATUS_NO_MEMORY;
49
		return NT_STATUS_NO_MEMORY;
Lines 78-84 Link Here
78
		return NT_STATUS_INVALID_PARAMETER;
78
		return NT_STATUS_INVALID_PARAMETER;
79
	}
79
	}
80
80
81
	all_sids = talloc(mem_ctx, sizeof(DOM_SID) * num_all_sids);
81
	all_sids = TALLOC_ARRAY(mem_ctx, DOM_SID, num_all_sids);
82
	if (!all_sids)
82
	if (!all_sids)
83
		return NT_STATUS_NO_MEMORY;
83
		return NT_STATUS_NO_MEMORY;
84
84
Lines 363-369 Link Here
363
	if ( NT_STATUS_IS_OK(result) &&
363
	if ( NT_STATUS_IS_OK(result) &&
364
	     (state->request.flags & WBFLAG_PAM_AFS_TOKEN) ) {
364
	     (state->request.flags & WBFLAG_PAM_AFS_TOKEN) ) {
365
365
366
		char *afsname = strdup(lp_afs_username_map());
366
		char *afsname = SMB_STRDUP(lp_afs_username_map());
367
		char *cell;
367
		char *cell;
368
368
369
		if (afsname == NULL) goto no_token;
369
		if (afsname == NULL) goto no_token;
Lines 600-606 Link Here
600
600
601
			DEBUG(5, ("Setting unix username to [%s]\n", username_out));
601
			DEBUG(5, ("Setting unix username to [%s]\n", username_out));
602
602
603
			state->response.extra_data = strdup(username_out);
603
			state->response.extra_data = SMB_STRDUP(username_out);
604
			if (!state->response.extra_data) {
604
			if (!state->response.extra_data) {
605
				result = NT_STATUS_NO_MEMORY;
605
				result = NT_STATUS_NO_MEMORY;
606
				goto done;
606
				goto done;
(-)samba-3.0.9-orig/source/nsswitch/winbindd_passdb.c (-11 / +7 lines)
Lines 217-224 Link Here
217
		return NT_STATUS_OK;
217
		return NT_STATUS_OK;
218
	}
218
	}
219
219
220
	talloced_info =	(struct acct_info *)
220
	talloced_info =	(struct acct_info *)TALLOC_MEMDUP(mem_ctx, *info,
221
		talloc_memdup(mem_ctx, *info,
222
			      *num_entries * sizeof(struct acct_info));
221
			      *num_entries * sizeof(struct acct_info));
223
222
224
	SAFE_FREE(*info);
223
	SAFE_FREE(*info);
Lines 332-346 Link Here
332
		nt_status = secrets_get_trusted_domains(mem_ctx, &enum_ctx, 1,
331
		nt_status = secrets_get_trusted_domains(mem_ctx, &enum_ctx, 1,
333
							&num_sec_domains,
332
							&num_sec_domains,
334
							&domains);
333
							&domains);
335
		*names = talloc_realloc(mem_ctx, *names,
334
		*names = TALLOC_REALLOC_ARRAY(mem_ctx, *names, char *,
336
					sizeof(*names) *
335
					num_sec_domains + *num_domains);
337
					(num_sec_domains + *num_domains));
336
		*alt_names = TALLOC_REALLOC_ARRAY(mem_ctx, *alt_names, char *,
338
		*alt_names = talloc_realloc(mem_ctx, *alt_names,
337
					    num_sec_domains + *num_domains);
339
					    sizeof(*alt_names) *
338
		*dom_sids = TALLOC_REALLOC_ARRAY(mem_ctx, *dom_sids, DOM_SID,
340
					    (num_sec_domains + *num_domains));
339
					   num_sec_domains + *num_domains);
341
		*dom_sids = talloc_realloc(mem_ctx, *dom_sids,
342
					   sizeof(**dom_sids) *
343
					   (num_sec_domains + *num_domains));
344
340
345
		for (i=0; i< num_sec_domains; i++) {
341
		for (i=0; i< num_sec_domains; i++) {
346
			if (pull_ucs2_talloc(mem_ctx, &(*names)[*num_domains],
342
			if (pull_ucs2_talloc(mem_ctx, &(*names)[*num_domains],
(-)samba-3.0.9-orig/source/nsswitch/winbindd_rpc.c (-11 / +8 lines)
Lines 98-105 Link Here
98
98
99
		*num_entries += num_dom_users;
99
		*num_entries += num_dom_users;
100
100
101
		*info = talloc_realloc( mem_ctx, *info, 
101
		*info = TALLOC_REALLOC_ARRAY( mem_ctx, *info, WINBIND_USERINFO, *num_entries);
102
			(*num_entries) * sizeof(WINBIND_USERINFO));
103
102
104
		if (!(*info)) {
103
		if (!(*info)) {
105
			result = NT_STATUS_NO_MEMORY;
104
			result = NT_STATUS_NO_MEMORY;
Lines 192-199 Link Here
192
			break;
191
			break;
193
		}
192
		}
194
193
195
		(*info) = talloc_realloc(mem_ctx, *info, 
194
		(*info) = TALLOC_REALLOC_ARRAY(mem_ctx, *info, struct acct_info, (*num_entries) + count);
196
					 sizeof(**info) * ((*num_entries) + count));
197
		if (! *info) {
195
		if (! *info) {
198
			talloc_destroy(mem_ctx2);
196
			talloc_destroy(mem_ctx2);
199
			cli_samr_close(hnd->cli, mem_ctx, &dom_pol);
197
			cli_samr_close(hnd->cli, mem_ctx, &dom_pol);
Lines 255-262 Link Here
255
			break;
253
			break;
256
		}
254
		}
257
255
258
		(*info) = talloc_realloc(mem_ctx, *info, 
256
		(*info) = TALLOC_REALLOC_ARRAY(mem_ctx, *info, struct acct_info, (*num_entries) + count);
259
					 sizeof(**info) * ((*num_entries) + count));
260
		if (! *info) {
257
		if (! *info) {
261
			talloc_destroy(mem_ctx2);
258
			talloc_destroy(mem_ctx2);
262
			cli_samr_close(hnd->cli, mem_ctx, &dom_pol);
259
			cli_samr_close(hnd->cli, mem_ctx, &dom_pol);
Lines 491-497 Link Here
491
			
488
			
492
		*num_groups = user->num_groups;
489
		*num_groups = user->num_groups;
493
				
490
				
494
		(*user_grpsids) = talloc(mem_ctx, sizeof(DOM_SID*) * (*num_groups));
491
		(*user_grpsids) = TALLOC_ARRAY(mem_ctx, DOM_SID*, *num_groups);
495
		for (i=0;i<(*num_groups);i++) {
492
		for (i=0;i<(*num_groups);i++) {
496
			(*user_grpsids)[i] = rid_to_talloced_sid(domain, mem_ctx, user->gids[i].g_rid);
493
			(*user_grpsids)[i] = rid_to_talloced_sid(domain, mem_ctx, user->gids[i].g_rid);
497
		}
494
		}
Lines 543-549 Link Here
543
	if (!NT_STATUS_IS_OK(result) || (*num_groups) == 0)
540
	if (!NT_STATUS_IS_OK(result) || (*num_groups) == 0)
544
		goto done;
541
		goto done;
545
542
546
	(*user_grpsids) = talloc(mem_ctx, sizeof(DOM_SID*) * (*num_groups));
543
	(*user_grpsids) = TALLOC_ARRAY(mem_ctx, DOM_SID *, *num_groups);
547
	if (!(*user_grpsids)) {
544
	if (!(*user_grpsids)) {
548
		result = NT_STATUS_NO_MEMORY;
545
		result = NT_STATUS_NO_MEMORY;
549
		goto done;
546
		goto done;
Lines 643-651 Link Here
643
640
644
#define MAX_LOOKUP_RIDS 900
641
#define MAX_LOOKUP_RIDS 900
645
642
646
        *names = talloc_zero(mem_ctx, *num_names * sizeof(char *));
643
        *names = TALLOC_ZERO_ARRAY(mem_ctx, char *, *num_names);
647
        *name_types = talloc_zero(mem_ctx, *num_names * sizeof(uint32));
644
        *name_types = TALLOC_ZERO_ARRAY(mem_ctx, uint32, *num_names);
648
        *sid_mem = talloc_zero(mem_ctx, *num_names * sizeof(DOM_SID *));
645
        *sid_mem = TALLOC_ZERO_ARRAY(mem_ctx, DOM_SID *, *num_names);
649
646
650
	for (j=0;j<(*num_names);j++) {
647
	for (j=0;j<(*num_names);j++) {
651
		(*sid_mem)[j] = rid_to_talloced_sid(domain, mem_ctx, (rid_mem)[j]);
648
		(*sid_mem)[j] = rid_to_talloced_sid(domain, mem_ctx, (rid_mem)[j]);
(-)samba-3.0.9-orig/source/nsswitch/winbindd_user.c (-9 / +4 lines)
Lines 351-358 Link Here
351
						
351
						
352
		/* Create a state record for this domain */
352
		/* Create a state record for this domain */
353
                
353
                
354
		if ((domain_state = (struct getent_state *)
354
		if ((domain_state = SMB_MALLOC_P(struct getent_state)) == NULL)
355
		     malloc(sizeof(struct getent_state))) == NULL)
356
			return WINBINDD_ERROR;
355
			return WINBINDD_ERROR;
357
                
356
                
358
		ZERO_STRUCTP(domain_state);
357
		ZERO_STRUCTP(domain_state);
Lines 429-438 Link Here
429
	if (num_entries) {
428
	if (num_entries) {
430
		struct getpwent_user *tnl;
429
		struct getpwent_user *tnl;
431
		
430
		
432
		tnl = (struct getpwent_user *)Realloc(name_list, 
431
		tnl = SMB_REALLOC_ARRAY(name_list, struct getpwent_user, ent->num_sam_entries + num_entries);
433
						      sizeof(struct getpwent_user) *
434
						      (ent->num_sam_entries + 
435
						       num_entries));
436
		
432
		
437
		if (!tnl) {
433
		if (!tnl) {
438
			DEBUG(0,("get_sam_user_entries realloc failed.\n"));
434
			DEBUG(0,("get_sam_user_entries realloc failed.\n"));
Lines 498-505 Link Here
498
494
499
	num_users = MIN(MAX_GETPWENT_USERS, state->request.data.num_entries);
495
	num_users = MIN(MAX_GETPWENT_USERS, state->request.data.num_entries);
500
	
496
	
501
	if ((state->response.extra_data = 
497
	if ((state->response.extra_data = SMB_MALLOC_ARRAY(struct winbindd_pw, num_users)) == NULL)
502
	     malloc(num_users * sizeof(struct winbindd_pw))) == NULL)
503
		return WINBINDD_ERROR;
498
		return WINBINDD_ERROR;
504
499
505
	memset(state->response.extra_data, 0, num_users * 
500
	memset(state->response.extra_data, 0, num_users * 
Lines 624-630 Link Here
624
		/* Allocate some memory for extra data */
619
		/* Allocate some memory for extra data */
625
		total_entries += num_entries;
620
		total_entries += num_entries;
626
			
621
			
627
		ted = Realloc(extra_data, sizeof(fstring) * total_entries);
622
		ted = SMB_REALLOC(extra_data, sizeof(fstring) * total_entries);
628
			
623
			
629
		if (!ted) {
624
		if (!ted) {
630
			DEBUG(0,("failed to enlarge buffer!\n"));
625
			DEBUG(0,("failed to enlarge buffer!\n"));
(-)samba-3.0.9-orig/source/nsswitch/winbindd_util.c (-2 / +2 lines)
Lines 139-145 Link Here
139
        
139
        
140
	/* Create new domain entry */
140
	/* Create new domain entry */
141
141
142
	if ((domain = (struct winbindd_domain *)malloc(sizeof(*domain))) == NULL)
142
	if ((domain = SMB_MALLOC_P(struct winbindd_domain)) == NULL)
143
		return NULL;
143
		return NULL;
144
144
145
	/* Fill in fields */
145
	/* Fill in fields */
Lines 777-783 Link Here
777
				    uint32 rid) 
777
				    uint32 rid) 
778
{
778
{
779
	DOM_SID *sid;
779
	DOM_SID *sid;
780
	sid = talloc(mem_ctx, sizeof(*sid));
780
	sid = TALLOC_P(mem_ctx, DOM_SID);
781
	if (!sid) {
781
	if (!sid) {
782
		smb_panic("rid_to_to_talloced_sid: talloc for DOM_SID failed!\n");
782
		smb_panic("rid_to_to_talloced_sid: talloc for DOM_SID failed!\n");
783
	}
783
	}
(-)samba-3.0.9-orig/source/nsswitch/winbindd_wins.c (-1 / +1 lines)
Lines 97-103 Link Here
97
	if (resolve_wins(name,0x20,&ret,count)) {
97
	if (resolve_wins(name,0x20,&ret,count)) {
98
		if ( count == 0 )
98
		if ( count == 0 )
99
			return NULL;
99
			return NULL;
100
		if ( (return_ip = (struct in_addr *)malloc((*count)*sizeof(struct in_addr))) == NULL ) {
100
		if ( (return_ip = SMB_MALLOC_ARRAY(struct in_addr, *count)) == NULL ) {
101
			free( ret );
101
			free( ret );
102
			return NULL;
102
			return NULL;
103
		}
103
		}
(-)samba-3.0.9-orig/source/nsswitch/wins.c (-1 / +1 lines)
Lines 101-107 Link Here
101
101
102
	/* always try with wins first */
102
	/* always try with wins first */
103
	if (resolve_wins(name,0x00,&address,count)) {
103
	if (resolve_wins(name,0x00,&address,count)) {
104
		if ( (ret = (struct in_addr *)malloc(sizeof(struct in_addr))) == NULL ) {
104
		if ( (ret = SMB_MALLOC_P(struct in_addr)) == NULL ) {
105
			free( address );
105
			free( address );
106
			return NULL;
106
			return NULL;
107
		}
107
		}
(-)samba-3.0.9-orig/source/param/loadparm.c (-21 / +18 lines)
Lines 2267-2275 Link Here
2267
	if (i == iNumServices) {
2267
	if (i == iNumServices) {
2268
		service **tsp;
2268
		service **tsp;
2269
		
2269
		
2270
		tsp = (service **) Realloc(ServicePtrs,
2270
		tsp = SMB_REALLOC_ARRAY(ServicePtrs, service *, num_to_alloc);
2271
					   sizeof(service *) *
2272
					   num_to_alloc);
2273
					   
2271
					   
2274
		if (!tsp) {
2272
		if (!tsp) {
2275
			DEBUG(0,("add_a_service: failed to enlarge ServicePtrs!\n"));
2273
			DEBUG(0,("add_a_service: failed to enlarge ServicePtrs!\n"));
Lines 2277-2284 Link Here
2277
		}
2275
		}
2278
		else {
2276
		else {
2279
			ServicePtrs = tsp;
2277
			ServicePtrs = tsp;
2280
			ServicePtrs[iNumServices] =
2278
			ServicePtrs[iNumServices] = SMB_MALLOC_P(service);
2281
				(service *) malloc(sizeof(service));
2282
		}
2279
		}
2283
		if (!ServicePtrs[iNumServices]) {
2280
		if (!ServicePtrs[iNumServices]) {
2284
			DEBUG(0,("add_a_service: out of memory!\n"));
2281
			DEBUG(0,("add_a_service: out of memory!\n"));
Lines 2570-2585 Link Here
2570
			if (strcmp(pdata->key, data->key) == 0) {
2567
			if (strcmp(pdata->key, data->key) == 0) {
2571
				string_free(&pdata->value);
2568
				string_free(&pdata->value);
2572
				str_list_free(&data->list);
2569
				str_list_free(&data->list);
2573
				pdata->value = strdup(data->value);
2570
				pdata->value = SMB_STRDUP(data->value);
2574
				not_added = False;
2571
				not_added = False;
2575
				break;
2572
				break;
2576
			}
2573
			}
2577
			pdata = pdata->next;
2574
			pdata = pdata->next;
2578
		}
2575
		}
2579
		if (not_added) {
2576
		if (not_added) {
2580
		    paramo = smb_xmalloc(sizeof(param_opt_struct));
2577
		    paramo = SMB_XMALLOC_P(param_opt_struct);
2581
		    paramo->key = strdup(data->key);
2578
		    paramo->key = SMB_STRDUP(data->key);
2582
		    paramo->value = strdup(data->value);
2579
		    paramo->value = SMB_STRDUP(data->value);
2583
		    paramo->list = NULL;
2580
		    paramo->list = NULL;
2584
		    DLIST_ADD(pserviceDest->param_opt, paramo);
2581
		    DLIST_ADD(pserviceDest->param_opt, paramo);
2585
		}
2582
		}
Lines 2654-2669 Link Here
2654
	}
2651
	}
2655
2652
2656
	if (!f) {
2653
	if (!f) {
2657
		f = (struct file_lists *)malloc(sizeof(file_lists[0]));
2654
		f = SMB_MALLOC_P(struct file_lists);
2658
		if (!f)
2655
		if (!f)
2659
			return;
2656
			return;
2660
		f->next = file_lists;
2657
		f->next = file_lists;
2661
		f->name = strdup(fname);
2658
		f->name = SMB_STRDUP(fname);
2662
		if (!f->name) {
2659
		if (!f->name) {
2663
			SAFE_FREE(f);
2660
			SAFE_FREE(f);
2664
			return;
2661
			return;
2665
		}
2662
		}
2666
		f->subfname = strdup(subfname);
2663
		f->subfname = SMB_STRDUP(subfname);
2667
		if (!f->subfname) {
2664
		if (!f->subfname) {
2668
			SAFE_FREE(f);
2665
			SAFE_FREE(f);
2669
			return;
2666
			return;
Lines 2713-2719 Link Here
2713
				  ctime(&mod_time)));
2710
				  ctime(&mod_time)));
2714
			f->modtime = mod_time;
2711
			f->modtime = mod_time;
2715
			SAFE_FREE(f->subfname);
2712
			SAFE_FREE(f->subfname);
2716
			f->subfname = strdup(n2);
2713
			f->subfname = SMB_STRDUP(n2);
2717
			return (True);
2714
			return (True);
2718
		}
2715
		}
2719
		f = f->next;
2716
		f = f->next;
Lines 3055-3061 Link Here
3055
{
3052
{
3056
	int i;
3053
	int i;
3057
	SAFE_FREE(pservice->copymap);
3054
	SAFE_FREE(pservice->copymap);
3058
	pservice->copymap = (BOOL *)malloc(sizeof(BOOL) * NUMPARAMETERS);
3055
	pservice->copymap = SMB_MALLOC_ARRAY(BOOL,NUMPARAMETERS);
3059
	if (!pservice->copymap)
3056
	if (!pservice->copymap)
3060
		DEBUG(0,
3057
		DEBUG(0,
3061
		      ("Couldn't allocate copymap!! (size %d)\n",
3058
		      ("Couldn't allocate copymap!! (size %d)\n",
Lines 3109-3124 Link Here
3109
				if (strcmp(data->key, param_key) == 0) {
3106
				if (strcmp(data->key, param_key) == 0) {
3110
					string_free(&data->value);
3107
					string_free(&data->value);
3111
					str_list_free(&data->list);
3108
					str_list_free(&data->list);
3112
					data->value = strdup(pszParmValue);
3109
					data->value = SMB_STRDUP(pszParmValue);
3113
					not_added = False;
3110
					not_added = False;
3114
					break;
3111
					break;
3115
				}
3112
				}
3116
				data = data->next;
3113
				data = data->next;
3117
			}
3114
			}
3118
			if (not_added) {
3115
			if (not_added) {
3119
				paramo = smb_xmalloc(sizeof(param_opt_struct));
3116
				paramo = SMB_XMALLOC_P(param_opt_struct);
3120
				paramo->key = strdup(param_key);
3117
				paramo->key = SMB_STRDUP(param_key);
3121
				paramo->value = strdup(pszParmValue);
3118
				paramo->value = SMB_STRDUP(pszParmValue);
3122
				paramo->list = NULL;
3119
				paramo->list = NULL;
3123
				if (snum < 0) {
3120
				if (snum < 0) {
3124
					DLIST_ADD(Globals.param_opt, paramo);
3121
					DLIST_ADD(Globals.param_opt, paramo);
Lines 3661-3667 Link Here
3661
	if (!str)
3658
	if (!str)
3662
		return;
3659
		return;
3663
3660
3664
	s = strdup(str);
3661
	s = SMB_STRDUP(str);
3665
	if (!s)
3662
	if (!s)
3666
		return;
3663
		return;
3667
3664
Lines 3760-3766 Link Here
3760
			case P_STRING:
3757
			case P_STRING:
3761
			case P_USTRING:
3758
			case P_USTRING:
3762
				if (parm_table[i].ptr) {
3759
				if (parm_table[i].ptr) {
3763
					parm_table[i].def.svalue = strdup(*(char **)parm_table[i].ptr);
3760
					parm_table[i].def.svalue = SMB_STRDUP(*(char **)parm_table[i].ptr);
3764
				} else {
3761
				} else {
3765
					parm_table[i].def.svalue = NULL;
3762
					parm_table[i].def.svalue = NULL;
3766
				}
3763
				}
Lines 3768-3774 Link Here
3768
			case P_GSTRING:
3765
			case P_GSTRING:
3769
			case P_UGSTRING:
3766
			case P_UGSTRING:
3770
				if (parm_table[i].ptr) {
3767
				if (parm_table[i].ptr) {
3771
					parm_table[i].def.svalue = strdup((char *)parm_table[i].ptr);
3768
					parm_table[i].def.svalue = SMB_STRDUP((char *)parm_table[i].ptr);
3772
				} else {
3769
				} else {
3773
					parm_table[i].def.svalue = NULL;
3770
					parm_table[i].def.svalue = NULL;
3774
				}
3771
				}
(-)samba-3.0.9-orig/source/param/params.c (-5 / +5 lines)
Lines 238-244 Link Here
238
      {
238
      {
239
      char *tb;
239
      char *tb;
240
      
240
      
241
      tb = Realloc( bufr, bSize +BUFR_INC );
241
      tb = SMB_REALLOC( bufr, bSize +BUFR_INC );
242
      if( NULL == tb )
242
      if( NULL == tb )
243
        {
243
        {
244
        DEBUG(0, ("%s Memory re-allocation failure.", func) );
244
        DEBUG(0, ("%s Memory re-allocation failure.", func) );
Lines 335-341 Link Here
335
      {
335
      {
336
      char *tb;
336
      char *tb;
337
      
337
      
338
      tb = Realloc( bufr, bSize + BUFR_INC );
338
      tb = SMB_REALLOC( bufr, bSize + BUFR_INC );
339
      if( NULL == tb )
339
      if( NULL == tb )
340
        {
340
        {
341
        DEBUG(0, ("%s Memory re-allocation failure.", func) );
341
        DEBUG(0, ("%s Memory re-allocation failure.", func) );
Lines 403-409 Link Here
403
      {
403
      {
404
      char *tb;
404
      char *tb;
405
      
405
      
406
      tb = Realloc( bufr, bSize + BUFR_INC );
406
      tb = SMB_REALLOC( bufr, bSize + BUFR_INC );
407
      if( NULL == tb )
407
      if( NULL == tb )
408
        {
408
        {
409
        DEBUG(0, ("%s Memory re-allocation failure.", func) );
409
        DEBUG(0, ("%s Memory re-allocation failure.", func) );
Lines 521-527 Link Here
521
  int lvl = in_client?1:0;
521
  int lvl = in_client?1:0;
522
  myFILE *ret;
522
  myFILE *ret;
523
523
524
  ret = (myFILE *)malloc(sizeof(*ret));
524
  ret = SMB_MALLOC_P(myFILE);
525
  if (!ret) return NULL;
525
  if (!ret) return NULL;
526
526
527
  ret->buf = file_load(FileName, &ret->size);
527
  ret->buf = file_load(FileName, &ret->size);
Lines 572-578 Link Here
572
  else                                        /* If we don't have a buffer   */
572
  else                                        /* If we don't have a buffer   */
573
    {                                         /* allocate one, then parse,   */
573
    {                                         /* allocate one, then parse,   */
574
    bSize = BUFR_INC;                         /* then free.                  */
574
    bSize = BUFR_INC;                         /* then free.                  */
575
    bufr = (char *)malloc( bSize );
575
    bufr = (char *)SMB_MALLOC( bSize );
576
    if( NULL == bufr )
576
    if( NULL == bufr )
577
      {
577
      {
578
      DEBUG(0,("%s memory allocation failure.\n", func));
578
      DEBUG(0,("%s memory allocation failure.\n", func));
(-)samba-3.0.9-orig/source/passdb/login_cache.c (-5 / +5 lines)
Lines 72-78 Link Here
72
	if (!login_cache_init())
72
	if (!login_cache_init())
73
		return NULL;
73
		return NULL;
74
74
75
	keybuf.dptr = strdup(pdb_get_nt_username(sampass));
75
	keybuf.dptr = SMB_STRDUP(pdb_get_nt_username(sampass));
76
	if (!keybuf.dptr || !strlen(keybuf.dptr)) {
76
	if (!keybuf.dptr || !strlen(keybuf.dptr)) {
77
		SAFE_FREE(keybuf.dptr);
77
		SAFE_FREE(keybuf.dptr);
78
		return NULL;
78
		return NULL;
Lines 84-90 Link Here
84
	databuf = tdb_fetch(cache, keybuf);
84
	databuf = tdb_fetch(cache, keybuf);
85
	SAFE_FREE(keybuf.dptr);
85
	SAFE_FREE(keybuf.dptr);
86
86
87
	if (!(entry = malloc(sizeof(LOGIN_CACHE)))) {
87
	if (!(entry = SMB_MALLOC_P(LOGIN_CACHE))) {
88
		DEBUG(1, ("Unable to allocate cache entry buffer!\n"));
88
		DEBUG(1, ("Unable to allocate cache entry buffer!\n"));
89
		SAFE_FREE(databuf.dptr);
89
		SAFE_FREE(databuf.dptr);
90
		return NULL;
90
		return NULL;
Lines 117-123 Link Here
117
	if (!login_cache_init())
117
	if (!login_cache_init())
118
		return False;
118
		return False;
119
119
120
	keybuf.dptr = strdup(pdb_get_nt_username(sampass));
120
	keybuf.dptr = SMB_STRDUP(pdb_get_nt_username(sampass));
121
	if (!keybuf.dptr || !strlen(keybuf.dptr)) {
121
	if (!keybuf.dptr || !strlen(keybuf.dptr)) {
122
		SAFE_FREE(keybuf.dptr);
122
		SAFE_FREE(keybuf.dptr);
123
		return False;
123
		return False;
Lines 132-138 Link Here
132
			 entry.acct_ctrl,
132
			 entry.acct_ctrl,
133
			 entry.bad_password_count,
133
			 entry.bad_password_count,
134
			 entry.bad_password_time);
134
			 entry.bad_password_time);
135
	databuf.dptr = malloc(databuf.dsize);
135
	databuf.dptr = SMB_MALLOC(databuf.dsize);
136
	if (!databuf.dptr) {
136
	if (!databuf.dptr) {
137
		SAFE_FREE(keybuf.dptr);
137
		SAFE_FREE(keybuf.dptr);
138
		return False;
138
		return False;
Lines 163-169 Link Here
163
	if (!login_cache_init()) 
163
	if (!login_cache_init()) 
164
		return False;	
164
		return False;	
165
165
166
	keybuf.dptr = strdup(pdb_get_nt_username(sampass));
166
	keybuf.dptr = SMB_STRDUP(pdb_get_nt_username(sampass));
167
	if (!keybuf.dptr || !strlen(keybuf.dptr)) {
167
	if (!keybuf.dptr || !strlen(keybuf.dptr)) {
168
		SAFE_FREE(keybuf.dptr);
168
		SAFE_FREE(keybuf.dptr);
169
		return False;
169
		return False;
(-)samba-3.0.9-orig/source/passdb/lookup_sid.c (-2 / +2 lines)
Lines 201-207 Link Here
201
		}
201
		}
202
	}
202
	}
203
203
204
	pc = (struct uid_sid_cache *)malloc(sizeof(struct uid_sid_cache));
204
	pc = SMB_MALLOC_P(struct uid_sid_cache);
205
	if (!pc)
205
	if (!pc)
206
		return;
206
		return;
207
	pc->uid = uid;
207
	pc->uid = uid;
Lines 275-281 Link Here
275
		}
275
		}
276
	}
276
	}
277
277
278
	pc = (struct gid_sid_cache *)malloc(sizeof(struct gid_sid_cache));
278
	pc = SMB_MALLOC_P(struct gid_sid_cache);
279
	if (!pc)
279
	if (!pc)
280
		return;
280
		return;
281
	pc->gid = gid;
281
	pc->gid = gid;
(-)samba-3.0.9-orig/source/passdb/machine_sid.c (-1 / +1 lines)
Lines 83-89 Link Here
83
	BOOL is_dc = False;
83
	BOOL is_dc = False;
84
	DOM_SID *sam_sid;
84
	DOM_SID *sam_sid;
85
	
85
	
86
	if(!(sam_sid=(DOM_SID *)malloc(sizeof(DOM_SID))))
86
	if(!(sam_sid=SMB_MALLOC_P(DOM_SID)))
87
		return NULL;
87
		return NULL;
88
			
88
			
89
	generate_wellknown_sids();
89
	generate_wellknown_sids();
(-)samba-3.0.9-orig/source/passdb/passdb.c (-3 / +3 lines)
Lines 133-139 Link Here
133
		return NT_STATUS_UNSUCCESSFUL;
133
		return NT_STATUS_UNSUCCESSFUL;
134
	}
134
	}
135
135
136
	*user=(SAM_ACCOUNT *)talloc(mem_ctx, sizeof(SAM_ACCOUNT));
136
	*user=TALLOC_P(mem_ctx, SAM_ACCOUNT);
137
137
138
	if (*user==NULL) {
138
	if (*user==NULL) {
139
		DEBUG(0,("pdb_init_sam_talloc: error while allocating memory\n"));
139
		DEBUG(0,("pdb_init_sam_talloc: error while allocating memory\n"));
Lines 1885-1891 Link Here
1885
	/* Change from V1 is addition of password history field. */
1885
	/* Change from V1 is addition of password history field. */
1886
	account_policy_get(AP_PASSWORD_HISTORY, &pwHistLen);
1886
	account_policy_get(AP_PASSWORD_HISTORY, &pwHistLen);
1887
	if (pwHistLen) {
1887
	if (pwHistLen) {
1888
		char *pw_hist = malloc(pwHistLen * PW_HISTORY_ENTRY_LEN);
1888
		char *pw_hist = SMB_MALLOC(pwHistLen * PW_HISTORY_ENTRY_LEN);
1889
		if (!pw_hist) {
1889
		if (!pw_hist) {
1890
			ret = False;
1890
			ret = False;
1891
			goto done;
1891
			goto done;
Lines 2164-2170 Link Here
2164
	}
2164
	}
2165
2165
2166
	/* malloc the space needed */
2166
	/* malloc the space needed */
2167
	if ( (*buf=(uint8*)malloc(len)) == NULL) {
2167
	if ( (*buf=(uint8*)SMB_MALLOC(len)) == NULL) {
2168
		DEBUG(0,("init_buffer_from_sam_v2: Unable to malloc() memory for buffer!\n"));
2168
		DEBUG(0,("init_buffer_from_sam_v2: Unable to malloc() memory for buffer!\n"));
2169
		return (-1);
2169
		return (-1);
2170
	}
2170
	}
(-)samba-3.0.9-orig/source/passdb/pdb_get_set.c (-1 / +1 lines)
Lines 1224-1230 Link Here
1224
1224
1225
				if (current_history_len < pwHistLen) {
1225
				if (current_history_len < pwHistLen) {
1226
					/* Ensure we have space for the needed history. */
1226
					/* Ensure we have space for the needed history. */
1227
					uchar *new_history = talloc(sampass->mem_ctx,
1227
					uchar *new_history = TALLOC(sampass->mem_ctx,
1228
								pwHistLen*PW_HISTORY_ENTRY_LEN);
1228
								pwHistLen*PW_HISTORY_ENTRY_LEN);
1229
					/* And copy it into the new buffer. */
1229
					/* And copy it into the new buffer. */
1230
					if (current_history_len) {
1230
					if (current_history_len) {
(-)samba-3.0.9-orig/source/passdb/pdb_interface.c (-3 / +3 lines)
Lines 98-104 Link Here
98
		return NT_STATUS_OBJECT_NAME_COLLISION;
98
		return NT_STATUS_OBJECT_NAME_COLLISION;
99
	}
99
	}
100
100
101
	entry = smb_xmalloc(sizeof(struct pdb_init_function_entry));
101
	entry = SMB_XMALLOC_P(struct pdb_init_function_entry);
102
	entry->name = smb_xstrdup(name);
102
	entry->name = smb_xstrdup(name);
103
	entry->init = init;
103
	entry->init = init;
104
104
Lines 692-698 Link Here
692
		return NT_STATUS_NO_MEMORY;
692
		return NT_STATUS_NO_MEMORY;
693
	}		
693
	}		
694
694
695
	*context = talloc(mem_ctx, sizeof(**context));
695
	*context = TALLOC_P(mem_ctx, struct pdb_context);
696
	if (!*context) {
696
	if (!*context) {
697
		DEBUG(0, ("make_pdb_context: talloc failed!\n"));
697
		DEBUG(0, ("make_pdb_context: talloc failed!\n"));
698
		return NT_STATUS_NO_MEMORY;
698
		return NT_STATUS_NO_MEMORY;
Lines 1198-1204 Link Here
1198
1198
1199
NTSTATUS make_pdb_methods(TALLOC_CTX *mem_ctx, PDB_METHODS **methods) 
1199
NTSTATUS make_pdb_methods(TALLOC_CTX *mem_ctx, PDB_METHODS **methods) 
1200
{
1200
{
1201
	*methods = talloc(mem_ctx, sizeof(struct pdb_methods));
1201
	*methods = TALLOC_P(mem_ctx, struct pdb_methods);
1202
1202
1203
	if (!*methods) {
1203
	if (!*methods) {
1204
		return NT_STATUS_NO_MEMORY;
1204
		return NT_STATUS_NO_MEMORY;
(-)samba-3.0.9-orig/source/passdb/pdb_ldap.c (-5 / +5 lines)
Lines 730-736 Link Here
730
		/* We can only store (sizeof(pstring)-1)/64 password history entries. */
730
		/* We can only store (sizeof(pstring)-1)/64 password history entries. */
731
		pwHistLen = MIN(pwHistLen, ((sizeof(temp)-1)/64));
731
		pwHistLen = MIN(pwHistLen, ((sizeof(temp)-1)/64));
732
732
733
		if ((pwhist = malloc(pwHistLen * PW_HISTORY_ENTRY_LEN)) == NULL){
733
		if ((pwhist = SMB_MALLOC(pwHistLen * PW_HISTORY_ENTRY_LEN)) == NULL){
734
			DEBUG(0, ("init_sam_from_ldap: malloc failed!\n"));
734
			DEBUG(0, ("init_sam_from_ldap: malloc failed!\n"));
735
			return False;
735
			return False;
736
		}
736
		}
Lines 1266-1274 Link Here
1266
		;
1266
		;
1267
	}
1267
	}
1268
1268
1269
	(*attr_list) = Realloc((*attr_list), sizeof(**attr_list) * (i+2));
1269
	(*attr_list) = SMB_REALLOC_ARRAY((*attr_list), char *,  i+2);
1270
	SMB_ASSERT((*attr_list) != NULL);
1270
	SMB_ASSERT((*attr_list) != NULL);
1271
	(*attr_list)[i] = strdup(new_attr);
1271
	(*attr_list)[i] = SMB_STRDUP(new_attr);
1272
	(*attr_list)[i+1] = NULL;
1272
	(*attr_list)[i+1] = NULL;
1273
}
1273
}
1274
1274
Lines 2535-2541 Link Here
2535
			continue;
2535
			continue;
2536
		}
2536
		}
2537
2537
2538
		mapt=(GROUP_MAP *)Realloc((*rmap), (entries+1)*sizeof(GROUP_MAP));
2538
		mapt=SMB_REALLOC_ARRAY((*rmap), GROUP_MAP, entries+1);
2539
		if (!mapt) {
2539
		if (!mapt) {
2540
			DEBUG(0,("ldapsam_enum_group_mapping: Unable to enlarge group map!\n"));
2540
			DEBUG(0,("ldapsam_enum_group_mapping: Unable to enlarge group map!\n"));
2541
			SAFE_FREE(*rmap);
2541
			SAFE_FREE(*rmap);
Lines 2859-2865 Link Here
2859
2859
2860
	/* TODO: Setup private data and free */
2860
	/* TODO: Setup private data and free */
2861
2861
2862
	ldap_state = talloc_zero(pdb_context->mem_ctx, sizeof(*ldap_state));
2862
	ldap_state = TALLOC_ZERO_P(pdb_context->mem_ctx, struct ldapsam_privates);
2863
	if (!ldap_state) {
2863
	if (!ldap_state) {
2864
		DEBUG(0, ("pdb_init_ldapsam_common: talloc() failed for ldapsam private_data!\n"));
2864
		DEBUG(0, ("pdb_init_ldapsam_common: talloc() failed for ldapsam private_data!\n"));
2865
		return NT_STATUS_NO_MEMORY;
2865
		return NT_STATUS_NO_MEMORY;
(-)samba-3.0.9-orig/source/passdb/pdb_smbpasswd.c (-2 / +2 lines)
Lines 551-557 Link Here
551
	new_entry_length = strlen(newpwd->smb_name) + 1 + 15 + 1 + 32 + 1 + 32 + 1 + 
551
	new_entry_length = strlen(newpwd->smb_name) + 1 + 15 + 1 + 32 + 1 + 32 + 1 + 
552
				NEW_PW_FORMAT_SPACE_PADDED_LEN + 1 + 13 + 2;
552
				NEW_PW_FORMAT_SPACE_PADDED_LEN + 1 + 13 + 2;
553
553
554
	if((new_entry = (char *)malloc( new_entry_length )) == NULL) {
554
	if((new_entry = (char *)SMB_MALLOC( new_entry_length )) == NULL) {
555
		DEBUG(0, ("format_new_smbpasswd_entry: Malloc failed adding entry for user %s.\n",
555
		DEBUG(0, ("format_new_smbpasswd_entry: Malloc failed adding entry for user %s.\n",
556
			newpwd->smb_name ));
556
			newpwd->smb_name ));
557
		return NULL;
557
		return NULL;
Lines 1505-1511 Link Here
1505
1505
1506
	/* Setup private data and free function */
1506
	/* Setup private data and free function */
1507
1507
1508
	privates = talloc_zero(pdb_context->mem_ctx, sizeof(struct smbpasswd_privates));
1508
	privates = TALLOC_ZERO_P(pdb_context->mem_ctx, struct smbpasswd_privates);
1509
1509
1510
	if (!privates) {
1510
	if (!privates) {
1511
		DEBUG(0, ("talloc() failed for smbpasswd private_data!\n"));
1511
		DEBUG(0, ("talloc() failed for smbpasswd private_data!\n"));
(-)samba-3.0.9-orig/source/passdb/pdb_sql.c (-2 / +2 lines)
Lines 78-84 Link Here
78
78
79
char *sql_escape_string(const char *unesc)
79
char *sql_escape_string(const char *unesc)
80
{
80
{
81
	char *esc = malloc(strlen(unesc) * 2 + 3);
81
	char *esc = SMB_MALLOC(strlen(unesc) * 2 + 3);
82
	size_t pos_unesc = 0, pos_esc = 0;
82
	size_t pos_unesc = 0, pos_esc = 0;
83
83
84
	for(pos_unesc = 0; unesc[pos_unesc]; pos_unesc++) {
84
	for(pos_unesc = 0; unesc[pos_unesc]; pos_unesc++) {
Lines 472-478 Link Here
472
								   " VALUES (%s", query.part2);
472
								   " VALUES (%s", query.part2);
473
	}
473
	}
474
474
475
	ret = strdup(query.part1);
475
	ret = SMB_STRDUP(query.part1);
476
	talloc_destroy(query.mem_ctx);
476
	talloc_destroy(query.mem_ctx);
477
	return ret;
477
	return ret;
478
}
478
}
(-)samba-3.0.9-orig/source/passdb/pdb_tdb.c (-2 / +2 lines)
Lines 267-273 Link Here
267
	struct pwent_list *ptr;
267
	struct pwent_list *ptr;
268
	
268
	
269
	if ( strncmp(key.dptr, prefix, prefixlen) == 0 ) {
269
	if ( strncmp(key.dptr, prefix, prefixlen) == 0 ) {
270
		if ( !(ptr=(struct pwent_list*)malloc(sizeof(struct pwent_list))) ) {
270
		if ( !(ptr=SMB_MALLOC_P(struct pwent_list)) ) {
271
			DEBUG(0,("tdbsam_traverse_setpwent: Failed to malloc new entry for list\n"));
271
			DEBUG(0,("tdbsam_traverse_setpwent: Failed to malloc new entry for list\n"));
272
			
272
			
273
			/* just return 0 and let the traversal continue */
273
			/* just return 0 and let the traversal continue */
Lines 724-730 Link Here
724
	(*pdb_method)->update_sam_account = tdbsam_update_sam_account;
724
	(*pdb_method)->update_sam_account = tdbsam_update_sam_account;
725
	(*pdb_method)->delete_sam_account = tdbsam_delete_sam_account;
725
	(*pdb_method)->delete_sam_account = tdbsam_delete_sam_account;
726
726
727
	tdb_state = talloc_zero(pdb_context->mem_ctx, sizeof(struct tdbsam_privates));
727
	tdb_state = TALLOC_ZERO_P(pdb_context->mem_ctx, struct tdbsam_privates);
728
728
729
	if (!tdb_state) {
729
	if (!tdb_state) {
730
		DEBUG(0, ("talloc() failed for tdbsam private_data!\n"));
730
		DEBUG(0, ("talloc() failed for tdbsam private_data!\n"));
(-)samba-3.0.9-orig/source/passdb/privileges.c (-5 / +5 lines)
Lines 121-127 Link Here
121
	*count = i;
121
	*count = i;
122
122
123
	/* allocate and parse */
123
	/* allocate and parse */
124
	*sids = malloc(sizeof(DOM_SID) * *count);
124
	*sids = SMB_MALLOC_ARRAY(DOM_SID, *count);
125
	if (! *sids) {
125
	if (! *sids) {
126
		return NT_STATUS_NO_MEMORY;
126
		return NT_STATUS_NO_MEMORY;
127
	}
127
	}
Lines 154-160 Link Here
154
	}
154
	}
155
155
156
	/* allocate the maximum size that we might use */
156
	/* allocate the maximum size that we might use */
157
	data.dptr = malloc(count * ((MAXSUBAUTHS*11) + 30));
157
	data.dptr = SMB_MALLOC(count * ((MAXSUBAUTHS*11) + 30));
158
	if (!data.dptr) {
158
	if (!data.dptr) {
159
		return NT_STATUS_NO_MEMORY;
159
		return NT_STATUS_NO_MEMORY;
160
	}
160
	}
Lines 210-216 Link Here
210
	}
210
	}
211
211
212
	/* add it in */
212
	/* add it in */
213
	current_sids = Realloc(current_sids, sizeof(current_sids[0]) * (current_count+1));
213
	current_sids = SMB_REALLOC_ARRAY(current_sids, DOM_SID, current_count+1);
214
	if (!current_sids) {
214
	if (!current_sids) {
215
		privilege_unlock_right(right);
215
		privilege_unlock_right(right);
216
		return NT_STATUS_NO_MEMORY;
216
		return NT_STATUS_NO_MEMORY;
Lines 323-336 Link Here
323
		right = key.dptr;
323
		right = key.dptr;
324
		
324
		
325
		if (privilege_sid_has_right(sid, right)) {
325
		if (privilege_sid_has_right(sid, right)) {
326
			(*rights) = (char **)Realloc(*rights,sizeof(char *) * ((*count)+1));
326
			(*rights) = SMB_REALLOC_ARRAY(*rights,char *, (*count)+1);
327
			if (! *rights) {
327
			if (! *rights) {
328
				safe_free(nextkey.dptr);
328
				safe_free(nextkey.dptr);
329
				free(key.dptr);
329
				free(key.dptr);
330
				return NT_STATUS_NO_MEMORY;
330
				return NT_STATUS_NO_MEMORY;
331
			}
331
			}
332
332
333
			(*rights)[*count] = strdup(right);
333
			(*rights)[*count] = SMB_STRDUP(right);
334
			(*count)++;
334
			(*count)++;
335
		}
335
		}
336
336
(-)samba-3.0.9-orig/source/passdb/secrets.c (-5 / +5 lines)
Lines 346-352 Link Here
346
			
346
			
347
	/* the trust's password */	
347
	/* the trust's password */	
348
	if (pwd) {
348
	if (pwd) {
349
		*pwd = strdup(pass.pass);
349
		*pwd = SMB_STRDUP(pass.pass);
350
		if (!*pwd) {
350
		if (!*pwd) {
351
			return False;
351
			return False;
352
		}
352
		}
Lines 577-583 Link Here
577
	size_t size, packed_size = 0;
577
	size_t size, packed_size = 0;
578
	fstring dom_name;
578
	fstring dom_name;
579
	char *packed_pass;
579
	char *packed_pass;
580
	struct trusted_dom_pass *pass = talloc_zero(ctx, sizeof(struct trusted_dom_pass));
580
	struct trusted_dom_pass *pass = TALLOC_ZERO_P(ctx, struct trusted_dom_pass);
581
	NTSTATUS status;
581
	NTSTATUS status;
582
582
583
	if (!secrets_init()) return NT_STATUS_ACCESS_DENIED;
583
	if (!secrets_init()) return NT_STATUS_ACCESS_DENIED;
Lines 599-605 Link Here
599
	DEBUG(5, ("secrets_get_trusted_domains: looking for %d domains, starting at index %d\n", 
599
	DEBUG(5, ("secrets_get_trusted_domains: looking for %d domains, starting at index %d\n", 
600
		  max_num_domains, *enum_ctx));
600
		  max_num_domains, *enum_ctx));
601
601
602
	*domains = talloc_zero(ctx, sizeof(**domains)*max_num_domains);
602
	*domains = TALLOC_ZERO_ARRAY(ctx, TRUSTDOM *, max_num_domains);
603
603
604
	/* fetching trusted domains' data and collecting them in a list */
604
	/* fetching trusted domains' data and collecting them in a list */
605
	keys = tdb_search_keys(tdb, pattern);
605
	keys = tdb_search_keys(tdb, pattern);
Lines 615-621 Link Here
615
		char *secrets_key;
615
		char *secrets_key;
616
		
616
		
617
		/* important: ensure null-termination of the key string */
617
		/* important: ensure null-termination of the key string */
618
		secrets_key = strndup(k->node_key.dptr, k->node_key.dsize);
618
		secrets_key = SMB_STRNDUP(k->node_key.dptr, k->node_key.dsize);
619
		if (!secrets_key) {
619
		if (!secrets_key) {
620
			DEBUG(0, ("strndup failed!\n"));
620
			DEBUG(0, ("strndup failed!\n"));
621
			return NT_STATUS_NO_MEMORY;
621
			return NT_STATUS_NO_MEMORY;
Lines 638-644 Link Here
638
		SAFE_FREE(secrets_key);
638
		SAFE_FREE(secrets_key);
639
639
640
		if (idx >= start_idx && idx < start_idx + max_num_domains) {
640
		if (idx >= start_idx && idx < start_idx + max_num_domains) {
641
			dom = talloc_zero(ctx, sizeof(*dom));
641
			dom = TALLOC_ZERO_P(ctx, TRUSTDOM);
642
			if (!dom) {
642
			if (!dom) {
643
				/* free returned tdb record */
643
				/* free returned tdb record */
644
				return NT_STATUS_NO_MEMORY;
644
				return NT_STATUS_NO_MEMORY;
(-)samba-3.0.9-orig/source/passdb/util_sam_sid.c (-4 / +4 lines)
Lines 106-121 Link Here
106
		/* This is not lp_workgroup() for good reason:
106
		/* This is not lp_workgroup() for good reason:
107
		   it must stay around longer than the lp_*() 
107
		   it must stay around longer than the lp_*() 
108
		   strings do */
108
		   strings do */
109
		sid_name_map[i].name = strdup(lp_workgroup());
109
		sid_name_map[i].name = SMB_STRDUP(lp_workgroup());
110
		sid_name_map[i].known_users = NULL;
110
		sid_name_map[i].known_users = NULL;
111
		i++;
111
		i++;
112
		sid_name_map[i].sid = get_global_sam_sid();
112
		sid_name_map[i].sid = get_global_sam_sid();
113
		sid_name_map[i].name = strdup(global_myname());
113
		sid_name_map[i].name = SMB_STRDUP(global_myname());
114
		sid_name_map[i].known_users = NULL;
114
		sid_name_map[i].known_users = NULL;
115
		i++;
115
		i++;
116
	} else {
116
	} else {
117
		sid_name_map[i].sid = get_global_sam_sid();
117
		sid_name_map[i].sid = get_global_sam_sid();
118
		sid_name_map[i].name = strdup(global_myname());
118
		sid_name_map[i].name = SMB_STRDUP(global_myname());
119
		sid_name_map[i].known_users = NULL;
119
		sid_name_map[i].known_users = NULL;
120
		i++;
120
		i++;
121
	}
121
	}
Lines 317-323 Link Here
317
317
318
void add_sid_to_array(const DOM_SID *sid, DOM_SID **sids, int *num)
318
void add_sid_to_array(const DOM_SID *sid, DOM_SID **sids, int *num)
319
{
319
{
320
	*sids = Realloc(*sids, ((*num)+1) * sizeof(DOM_SID));
320
	*sids = SMB_REALLOC_ARRAY(*sids, DOM_SID, (*num)+1);
321
321
322
	if (*sids == NULL)
322
	if (*sids == NULL)
323
		return;
323
		return;
(-)samba-3.0.9-orig/source/printing/load.c (-1 / +1 lines)
Lines 40-46 Link Here
40
{
40
{
41
	const char *p;
41
	const char *p;
42
	int printers;
42
	int printers;
43
	char *str = strdup(lp_auto_services());
43
	char *str = SMB_STRDUP(lp_auto_services());
44
44
45
	if (!str) return;
45
	if (!str) return;
46
46
(-)samba-3.0.9-orig/source/printing/notify.c (-8 / +8 lines)
Lines 99-105 Link Here
99
				msg->len, msg->notify.data);
99
				msg->len, msg->notify.data);
100
100
101
	if (buflen != len) {
101
	if (buflen != len) {
102
		buf = talloc_realloc(send_ctx, buf, len);
102
		buf = TALLOC_REALLOC(send_ctx, buf, len);
103
		if (!buf)
103
		if (!buf)
104
			return False;
104
			return False;
105
		buflen = len;
105
		buflen = len;
Lines 140-146 Link Here
140
	}
140
	}
141
	offset += 4; /* For count. */
141
	offset += 4; /* For count. */
142
142
143
	buf = talloc(send_ctx, offset);
143
	buf = TALLOC(send_ctx, offset);
144
	if (!buf) {
144
	if (!buf) {
145
		DEBUG(0,("print_notify_send_messages: Out of memory\n"));
145
		DEBUG(0,("print_notify_send_messages: Out of memory\n"));
146
		talloc_destroy_pool(send_ctx);
146
		talloc_destroy_pool(send_ctx);
Lines 218-224 Link Here
218
	memcpy( to, from, sizeof(SPOOLSS_NOTIFY_MSG) );
218
	memcpy( to, from, sizeof(SPOOLSS_NOTIFY_MSG) );
219
	
219
	
220
	if ( from->len ) {
220
	if ( from->len ) {
221
		to->notify.data = talloc_memdup(send_ctx, from->notify.data, from->len );
221
		to->notify.data = TALLOC_MEMDUP(send_ctx, from->notify.data, from->len );
222
		if ( !to->notify.data ) {
222
		if ( !to->notify.data ) {
223
			DEBUG(0,("copy_notify2_msg: talloc_memdup() of size [%d] failed!\n", from->len ));
223
			DEBUG(0,("copy_notify2_msg: talloc_memdup() of size [%d] failed!\n", from->len ));
224
			return False;
224
			return False;
Lines 267-273 Link Here
267
267
268
	/* Store the message on the pending queue. */
268
	/* Store the message on the pending queue. */
269
269
270
	pnqueue = talloc(send_ctx, sizeof(*pnqueue));
270
	pnqueue = TALLOC_P(send_ctx, struct notify_queue);
271
	if (!pnqueue) {
271
	if (!pnqueue) {
272
		DEBUG(0,("send_spoolss_notify2_msg: Out of memory.\n"));
272
		DEBUG(0,("send_spoolss_notify2_msg: Out of memory.\n"));
273
		return;
273
		return;
Lines 275-281 Link Here
275
275
276
	/* allocate a new msg structure and copy the fields */
276
	/* allocate a new msg structure and copy the fields */
277
	
277
	
278
	if ( !(pnqueue->msg = (SPOOLSS_NOTIFY_MSG*)talloc(send_ctx, sizeof(SPOOLSS_NOTIFY_MSG))) ) {
278
	if ( !(pnqueue->msg = TALLOC_P(send_ctx, SPOOLSS_NOTIFY_MSG)) ) {
279
		DEBUG(0,("send_spoolss_notify2_msg: talloc() of size [%lu] failed!\n", 
279
		DEBUG(0,("send_spoolss_notify2_msg: talloc() of size [%lu] failed!\n", 
280
			(unsigned long)sizeof(SPOOLSS_NOTIFY_MSG)));
280
			(unsigned long)sizeof(SPOOLSS_NOTIFY_MSG)));
281
		return;
281
		return;
Lines 309-315 Link Here
309
	if (!create_send_ctx())
309
	if (!create_send_ctx())
310
		return;
310
		return;
311
311
312
	msg = (struct spoolss_notify_msg *)talloc(send_ctx, sizeof(struct spoolss_notify_msg));
312
	msg = TALLOC_P(send_ctx, struct spoolss_notify_msg);
313
	if (!msg)
313
	if (!msg)
314
		return;
314
		return;
315
315
Lines 338-344 Link Here
338
	if (!create_send_ctx())
338
	if (!create_send_ctx())
339
		return;
339
		return;
340
340
341
	msg = (struct spoolss_notify_msg *)talloc(send_ctx, sizeof(struct spoolss_notify_msg));
341
	msg = TALLOC_P(send_ctx, struct spoolss_notify_msg);
342
	if (!msg)
342
	if (!msg)
343
		return;
343
		return;
344
344
Lines 535-541 Link Here
535
535
536
	num_pids = data.dsize / 8;
536
	num_pids = data.dsize / 8;
537
537
538
	if ((pid_list = (pid_t *)talloc(mem_ctx, sizeof(pid_t) * num_pids)) == NULL) {
538
	if ((pid_list = TALLOC_ARRAY(mem_ctx, pid_t, num_pids)) == NULL) {
539
		ret = False;
539
		ret = False;
540
		goto done;
540
		goto done;
541
	}
541
	}
(-)samba-3.0.9-orig/source/printing/nt_printing.c (-23 / +27 lines)
Lines 531-537 Link Here
531
		if (ret != dbuf.dsize) 
531
		if (ret != dbuf.dsize) 
532
			continue;
532
			continue;
533
533
534
		tl = Realloc(*list, sizeof(nt_forms_struct)*(n+1));
534
		tl = SMB_REALLOC_ARRAY(*list, nt_forms_struct, n+1);
535
		if (!tl) {
535
		if (!tl) {
536
			DEBUG(0,("get_ntforms: Realloc fail.\n"));
536
			DEBUG(0,("get_ntforms: Realloc fail.\n"));
537
			return 0;
537
			return 0;
Lines 601-607 Link Here
601
	}
601
	}
602
602
603
	if (update==False) {
603
	if (update==False) {
604
		if((tl=Realloc(*list, (n+1)*sizeof(nt_forms_struct))) == NULL) {
604
		if((tl=SMB_REALLOC_ARRAY(*list, nt_forms_struct, n+1)) == NULL) {
605
			DEBUG(0,("add_a_form: failed to enlarge forms list!\n"));
605
			DEBUG(0,("add_a_form: failed to enlarge forms list!\n"));
606
			return False;
606
			return False;
607
		}
607
		}
Lines 710-716 Link Here
710
		if (strncmp(kbuf.dptr, key, strlen(key)) != 0)
710
		if (strncmp(kbuf.dptr, key, strlen(key)) != 0)
711
			continue;
711
			continue;
712
		
712
		
713
		if((fl = Realloc(*list, sizeof(fstring)*(total+1))) == NULL) {
713
		if((fl = SMB_REALLOC_ARRAY(*list, fstring, total+1)) == NULL) {
714
			DEBUG(0,("get_ntdrivers: failed to enlarge list!\n"));
714
			DEBUG(0,("get_ntdrivers: failed to enlarge list!\n"));
715
			return -1;
715
			return -1;
716
		}
716
		}
Lines 766-772 Link Here
766
	char    *buf = NULL;
766
	char    *buf = NULL;
767
	ssize_t byte_count;
767
	ssize_t byte_count;
768
768
769
	if ((buf=malloc(PE_HEADER_SIZE)) == NULL) {
769
	if ((buf=SMB_MALLOC(PE_HEADER_SIZE)) == NULL) {
770
		DEBUG(0,("get_file_version: PE file [%s] PE Header malloc failed bytes = %d\n",
770
		DEBUG(0,("get_file_version: PE file [%s] PE Header malloc failed bytes = %d\n",
771
				fname, PE_HEADER_SIZE));
771
				fname, PE_HEADER_SIZE));
772
		goto error_exit;
772
		goto error_exit;
Lines 822-828 Link Here
822
			goto error_exit;
822
			goto error_exit;
823
823
824
		SAFE_FREE(buf);
824
		SAFE_FREE(buf);
825
		if ((buf=malloc(section_table_bytes)) == NULL) {
825
		if ((buf=SMB_MALLOC(section_table_bytes)) == NULL) {
826
			DEBUG(0,("get_file_version: PE file [%s] section table malloc failed bytes = %d\n",
826
			DEBUG(0,("get_file_version: PE file [%s] section table malloc failed bytes = %d\n",
827
					fname, section_table_bytes));
827
					fname, section_table_bytes));
828
			goto error_exit;
828
			goto error_exit;
Lines 846-852 Link Here
846
					goto error_exit;
846
					goto error_exit;
847
847
848
				SAFE_FREE(buf);
848
				SAFE_FREE(buf);
849
				if ((buf=malloc(section_bytes)) == NULL) {
849
				if ((buf=SMB_MALLOC(section_bytes)) == NULL) {
850
					DEBUG(0,("get_file_version: PE file [%s] version malloc failed bytes = %d\n",
850
					DEBUG(0,("get_file_version: PE file [%s] version malloc failed bytes = %d\n",
851
							fname, section_bytes));
851
							fname, section_bytes));
852
					goto error_exit;
852
					goto error_exit;
Lines 906-912 Link Here
906
906
907
		/* Allocate a bit more space to speed up things */
907
		/* Allocate a bit more space to speed up things */
908
		SAFE_FREE(buf);
908
		SAFE_FREE(buf);
909
		if ((buf=malloc(VS_NE_BUF_SIZE)) == NULL) {
909
		if ((buf=SMB_MALLOC(VS_NE_BUF_SIZE)) == NULL) {
910
			DEBUG(0,("get_file_version: NE file [%s] malloc failed bytes  = %d\n",
910
			DEBUG(0,("get_file_version: NE file [%s] malloc failed bytes  = %d\n",
911
					fname, PE_HEADER_SIZE));
911
					fname, PE_HEADER_SIZE));
912
			goto error_exit;
912
			goto error_exit;
Lines 1728-1734 Link Here
1728
	if (len != buflen) {
1728
	if (len != buflen) {
1729
		char *tb;
1729
		char *tb;
1730
1730
1731
		tb = (char *)Realloc(buf, len);
1731
		tb = (char *)SMB_REALLOC(buf, len);
1732
		if (!tb) {
1732
		if (!tb) {
1733
			DEBUG(0,("add_a_printer_driver_3: failed to enlarge buffer\n!"));
1733
			DEBUG(0,("add_a_printer_driver_3: failed to enlarge buffer\n!"));
1734
			ret = -1;
1734
			ret = -1;
Lines 1793-1799 Link Here
1793
	fstrcpy(info.configfile, "");
1793
	fstrcpy(info.configfile, "");
1794
	fstrcpy(info.helpfile, "");
1794
	fstrcpy(info.helpfile, "");
1795
1795
1796
	if ((info.dependentfiles=(fstring *)malloc(2*sizeof(fstring))) == NULL)
1796
	if ((info.dependentfiles= SMB_MALLOC_ARRAY(fstring, 2)) == NULL)
1797
		return WERR_NOMEM;
1797
		return WERR_NOMEM;
1798
1798
1799
	memset(info.dependentfiles, '\0', 2*sizeof(fstring));
1799
	memset(info.dependentfiles, '\0', 2*sizeof(fstring));
Lines 1850-1857 Link Here
1850
	while (len < dbuf.dsize) {
1850
	while (len < dbuf.dsize) {
1851
		fstring *tddfs;
1851
		fstring *tddfs;
1852
1852
1853
		tddfs = (fstring *)Realloc(driver.dependentfiles,
1853
		tddfs = SMB_REALLOC_ARRAY(driver.dependentfiles, fstring, i+2);
1854
							 sizeof(fstring)*(i+2));
1855
		if (tddfs == NULL) {
1854
		if (tddfs == NULL) {
1856
			DEBUG(0,("get_a_printer_driver_3: failed to enlarge buffer!\n"));
1855
			DEBUG(0,("get_a_printer_driver_3: failed to enlarge buffer!\n"));
1857
			break;
1856
			break;
Lines 2133-2139 Link Here
2133
	if (buflen != len) {
2132
	if (buflen != len) {
2134
		char *tb;
2133
		char *tb;
2135
2134
2136
		tb = (char *)Realloc(buf, len);
2135
		tb = (char *)SMB_REALLOC(buf, len);
2137
		if (!tb) {
2136
		if (!tb) {
2138
			DEBUG(0,("update_a_printer_2: failed to enlarge buffer!\n"));
2137
			DEBUG(0,("update_a_printer_2: failed to enlarge buffer!\n"));
2139
			ret = WERR_NOMEM;
2138
			ret = WERR_NOMEM;
Lines 2175-2181 Link Here
2175
{
2174
{
2176
2175
2177
	char adevice[MAXDEVICENAME];
2176
	char adevice[MAXDEVICENAME];
2178
	NT_DEVICEMODE *nt_devmode = (NT_DEVICEMODE *)malloc(sizeof(NT_DEVICEMODE));
2177
	NT_DEVICEMODE *nt_devmode = SMB_MALLOC_P(NT_DEVICEMODE);
2179
2178
2180
	if (nt_devmode == NULL) {
2179
	if (nt_devmode == NULL) {
2181
		DEBUG(0,("construct_nt_devicemode: malloc fail.\n"));
2180
		DEBUG(0,("construct_nt_devicemode: malloc fail.\n"));
Lines 2395-2401 Link Here
2395
	
2394
	
2396
	/* allocate another slot in the NT_PRINTER_KEY array */
2395
	/* allocate another slot in the NT_PRINTER_KEY array */
2397
	
2396
	
2398
	d = Realloc( data->keys, sizeof(NT_PRINTER_KEY)*(data->num_keys+1) );
2397
	d = SMB_REALLOC_ARRAY( data->keys, NT_PRINTER_KEY, data->num_keys+1);
2399
	if ( d )
2398
	if ( d )
2400
		data->keys = d;
2399
		data->keys = d;
2401
	
2400
	
Lines 2404-2410 Link Here
2404
	/* initialze new key */
2403
	/* initialze new key */
2405
	
2404
	
2406
	data->num_keys++;
2405
	data->num_keys++;
2407
	data->keys[key_index].name = strdup( name );
2406
	data->keys[key_index].name = SMB_STRDUP( name );
2408
	
2407
	
2409
	ZERO_STRUCTP( &data->keys[key_index].values );
2408
	ZERO_STRUCTP( &data->keys[key_index].values );
2410
	
2409
	
Lines 2487-2493 Link Here
2487
2486
2488
			/* found a match, so allocate space and copy the name */
2487
			/* found a match, so allocate space and copy the name */
2489
			
2488
			
2490
			if ( !(ptr = Realloc( subkeys_ptr, (num_subkeys+2)*sizeof(fstring))) ) {
2489
			if ( !(ptr = SMB_REALLOC_ARRAY( subkeys_ptr, fstring, num_subkeys+2)) ) {
2491
				DEBUG(0,("get_printer_subkeys: Realloc failed for [%d] entries!\n", 
2490
				DEBUG(0,("get_printer_subkeys: Realloc failed for [%d] entries!\n", 
2492
					num_subkeys+1));
2491
					num_subkeys+1));
2493
				SAFE_FREE( subkeys );
2492
				SAFE_FREE( subkeys );
Lines 2550-2558 Link Here
2550
2549
2551
	/* a multi-sz has to have a null string terminator, i.e., the last
2550
	/* a multi-sz has to have a null string terminator, i.e., the last
2552
	   string must be followed by two nulls */
2551
	   string must be followed by two nulls */
2553
	str_size = (strlen(multi_sz) + 2) * sizeof(smb_ucs2_t);
2552
	str_size = strlen(multi_sz) + 2;
2554
	conv_strs = calloc(str_size, 1);
2553
	conv_strs = SMB_CALLOC_ARRAY(smb_ucs2_t, str_size);
2554
	if (!conv_strs) {
2555
		return;
2556
	}
2555
2557
2558
	/* Change to byte units. */
2559
	str_size *= sizeof(smb_ucs2_t);
2556
	push_ucs2(NULL, conv_strs, multi_sz, str_size, 
2560
	push_ucs2(NULL, conv_strs, multi_sz, str_size, 
2557
		  STR_TERMINATE | STR_NOALIGN);
2561
		  STR_TERMINATE | STR_NOALIGN);
2558
2562
Lines 3787-3793 Link Here
3787
	if (buflen < len) {
3791
	if (buflen < len) {
3788
		char *tb;
3792
		char *tb;
3789
3793
3790
		tb = (char *)Realloc(buf, len);
3794
		tb = (char *)SMB_REALLOC(buf, len);
3791
		if (!tb) {
3795
		if (!tb) {
3792
			DEBUG(0, ("update_driver_init_2: failed to enlarge buffer!\n"));
3796
			DEBUG(0, ("update_driver_init_2: failed to enlarge buffer!\n"));
3793
			ret = -1;
3797
			ret = -1;
Lines 3911-3917 Link Here
3911
		if ((ctx = talloc_init("save_driver_init_2")) == NULL)
3915
		if ((ctx = talloc_init("save_driver_init_2")) == NULL)
3912
			return WERR_NOMEM;
3916
			return WERR_NOMEM;
3913
3917
3914
		if ((nt_devmode = (NT_DEVICEMODE*)malloc(sizeof(NT_DEVICEMODE))) == NULL) {
3918
		if ((nt_devmode = SMB_MALLOC_P(NT_DEVICEMODE)) == NULL) {
3915
			status = WERR_NOMEM;
3919
			status = WERR_NOMEM;
3916
			goto done;
3920
			goto done;
3917
		}
3921
		}
Lines 4028-4034 Link Here
4028
	if ( !printer )
4032
	if ( !printer )
4029
		return NULL;
4033
		return NULL;
4030
	
4034
	
4031
	if ( !(copy = (NT_PRINTER_INFO_LEVEL_2 *)malloc(sizeof(NT_PRINTER_INFO_LEVEL_2))) )
4035
	if ( !(copy = SMB_MALLOC_P(NT_PRINTER_INFO_LEVEL_2)) )
4032
		return NULL;
4036
		return NULL;
4033
		
4037
		
4034
	memcpy( copy, printer, sizeof(NT_PRINTER_INFO_LEVEL_2) );
4038
	memcpy( copy, printer, sizeof(NT_PRINTER_INFO_LEVEL_2) );
Lines 4076-4082 Link Here
4076
4080
4077
	switch (level) {
4081
	switch (level) {
4078
		case 2:
4082
		case 2:
4079
			if ((printer = (NT_PRINTER_INFO_LEVEL *)malloc(sizeof(NT_PRINTER_INFO_LEVEL))) == NULL) {
4083
			if ((printer = SMB_MALLOC_P(NT_PRINTER_INFO_LEVEL)) == NULL) {
4080
				DEBUG(0,("get_a_printer: malloc fail.\n"));
4084
				DEBUG(0,("get_a_printer: malloc fail.\n"));
4081
				return WERR_NOMEM;
4085
				return WERR_NOMEM;
4082
			}
4086
			}
Lines 4137-4143 Link Here
4137
				/* save a copy in cache */
4141
				/* save a copy in cache */
4138
				if ( print_hnd && (print_hnd->printer_type==PRINTER_HANDLE_IS_PRINTER)) {
4142
				if ( print_hnd && (print_hnd->printer_type==PRINTER_HANDLE_IS_PRINTER)) {
4139
					if ( !print_hnd->printer_info )
4143
					if ( !print_hnd->printer_info )
4140
						print_hnd->printer_info = (NT_PRINTER_INFO_LEVEL *)malloc(sizeof(NT_PRINTER_INFO_LEVEL));
4144
						print_hnd->printer_info = SMB_MALLOC_P(NT_PRINTER_INFO_LEVEL);
4141
4145
4142
					if ( print_hnd->printer_info ) {
4146
					if ( print_hnd->printer_info ) {
4143
						/* make sure to use the handle's talloc ctx here since 
4147
						/* make sure to use the handle's talloc ctx here since 
(-)samba-3.0.9-orig/source/printing/print_cups.c (-1 / +1 lines)
Lines 931-937 Link Here
931
		{
931
		{
932
			qalloc += 16;
932
			qalloc += 16;
933
933
934
			temp = Realloc(queue, sizeof(print_queue_struct) * qalloc);
934
			temp = SMB_REALLOC_ARRAY(queue, print_queue_struct, qalloc);
935
935
936
			if (temp == NULL)
936
			if (temp == NULL)
937
			{
937
			{
(-)samba-3.0.9-orig/source/printing/print_generic.c (-1 / +1 lines)
Lines 194-200 Link Here
194
	qcount = 0;
194
	qcount = 0;
195
	ZERO_STRUCTP(status);
195
	ZERO_STRUCTP(status);
196
	if (numlines)
196
	if (numlines)
197
		queue = (print_queue_struct *)malloc(sizeof(print_queue_struct)*(numlines+1));
197
		queue = SMB_MALLOC_ARRAY(print_queue_struct, numlines+1);
198
198
199
	if (queue) {
199
	if (queue) {
200
		memset(queue, '\0', sizeof(print_queue_struct)*(numlines+1));
200
		memset(queue, '\0', sizeof(print_queue_struct)*(numlines+1));
(-)samba-3.0.9-orig/source/printing/printing.c (-4 / +4 lines)
Lines 529-535 Link Here
529
		if (buflen != len) {
529
		if (buflen != len) {
530
			char *tb;
530
			char *tb;
531
531
532
			tb = (char *)Realloc(buf, len);
532
			tb = (char *)SMB_REALLOC(buf, len);
533
			if (!tb) {
533
			if (!tb) {
534
				DEBUG(0,("pjob_store: failed to enlarge buffer!\n"));
534
				DEBUG(0,("pjob_store: failed to enlarge buffer!\n"));
535
				goto done;
535
				goto done;
Lines 923-929 Link Here
923
				queue[i].fs_file);
923
				queue[i].fs_file);
924
	}
924
	}
925
925
926
	if ((data.dptr = malloc(data.dsize)) == NULL)
926
	if ((data.dptr = SMB_MALLOC(data.dsize)) == NULL)
927
		return;
927
		return;
928
928
929
        len = 0;
929
        len = 0;
Lines 1362-1368 Link Here
1362
1362
1363
	if (i == data.dsize) {
1363
	if (i == data.dsize) {
1364
		/* We weren't in the list. Realloc. */
1364
		/* We weren't in the list. Realloc. */
1365
		data.dptr = Realloc(data.dptr, data.dsize + 8);
1365
		data.dptr = SMB_REALLOC(data.dptr, data.dsize + 8);
1366
		if (!data.dptr) {
1366
		if (!data.dptr) {
1367
			DEBUG(0,("print_notify_register_pid: Relloc fail for printer %s\n",
1367
			DEBUG(0,("print_notify_register_pid: Relloc fail for printer %s\n",
1368
						printername));
1368
						printername));
Lines 2357-2363 Link Here
2357
	if (qcount == 0 && extra_count == 0)
2357
	if (qcount == 0 && extra_count == 0)
2358
		goto out;
2358
		goto out;
2359
2359
2360
	if ((queue = (print_queue_struct *)malloc(sizeof(print_queue_struct)*(qcount + extra_count))) == NULL)
2360
	if ((queue = SMB_MALLOC_ARRAY(print_queue_struct, qcount + extra_count)) == NULL)
2361
		goto out;
2361
		goto out;
2362
2362
2363
	/* Retrieve the linearised queue data. */
2363
	/* Retrieve the linearised queue data. */
(-)samba-3.0.9-orig/source/printing/printing_db.c (-1 / +1 lines)
Lines 80-86 Link Here
80
       
80
       
81
	if (!p)	{
81
	if (!p)	{
82
		/* Create one. */
82
		/* Create one. */
83
		p = (struct tdb_print_db *)malloc(sizeof(struct tdb_print_db));
83
		p = SMB_MALLOC_P(struct tdb_print_db);
84
		if (!p) {
84
		if (!p) {
85
			DEBUG(0,("get_print_db: malloc fail !\n"));
85
			DEBUG(0,("get_print_db: malloc fail !\n"));
86
			return NULL;
86
			return NULL;
(-)samba-3.0.9-orig/source/registry/reg_cachehook.c (-1 / +1 lines)
Lines 78-84 Link Here
78
	/* prepend the string with a '\' character */
78
	/* prepend the string with a '\' character */
79
	
79
	
80
	len = strlen( keyname );
80
	len = strlen( keyname );
81
	if ( !(key = malloc( len + 2 )) ) {
81
	if ( !(key = SMB_MALLOC( len + 2 )) ) {
82
		DEBUG(0,("reghook_cache_find: malloc failed for string [%s] !?!?!\n",
82
		DEBUG(0,("reghook_cache_find: malloc failed for string [%s] !?!?!\n",
83
			keyname));
83
			keyname));
84
		return NULL;
84
		return NULL;
(-)samba-3.0.9-orig/source/registry/reg_db.c (-2 / +2 lines)
Lines 183-189 Link Here
183
	
183
	
184
	/* allocate some initial memory */
184
	/* allocate some initial memory */
185
		
185
		
186
	buffer = malloc(sizeof(pstring));
186
	buffer = SMB_MALLOC(sizeof(pstring));
187
	buflen = sizeof(pstring);
187
	buflen = sizeof(pstring);
188
	len = 0;
188
	len = 0;
189
	
189
	
Lines 197-203 Link Here
197
		len += tdb_pack( buffer+len, buflen-len, "f", regsubkey_ctr_specific_key(ctr, i) );
197
		len += tdb_pack( buffer+len, buflen-len, "f", regsubkey_ctr_specific_key(ctr, i) );
198
		if ( len > buflen ) {
198
		if ( len > buflen ) {
199
			/* allocate some extra space */
199
			/* allocate some extra space */
200
			if ((tmpbuf = Realloc( buffer, len*2 )) == NULL) {
200
			if ((tmpbuf = SMB_REALLOC( buffer, len*2 )) == NULL) {
201
				DEBUG(0,("regdb_store_reg_keys: Failed to realloc memory of size [%d]\n", len*2));
201
				DEBUG(0,("regdb_store_reg_keys: Failed to realloc memory of size [%d]\n", len*2));
202
				ret = False;
202
				ret = False;
203
				goto done;
203
				goto done;
(-)samba-3.0.9-orig/source/registry/reg_frontend.c (-1 / +1 lines)
Lines 154-160 Link Here
154
	if ( !(s = regsubkey_ctr_specific_key( &ctr, key_index )) )
154
	if ( !(s = regsubkey_ctr_specific_key( &ctr, key_index )) )
155
		return False;
155
		return False;
156
156
157
	*subkey = strdup( s );
157
	*subkey = SMB_STRDUP( s );
158
158
159
	return True;
159
	return True;
160
}
160
}
(-)samba-3.0.9-orig/source/registry/reg_objects.c (-12 / +12 lines)
Lines 52-67 Link Here
52
		/* allocate a space for the char* in the array */
52
		/* allocate a space for the char* in the array */
53
		
53
		
54
		if (  ctr->subkeys == 0 )
54
		if (  ctr->subkeys == 0 )
55
			ctr->subkeys = talloc( ctr->ctx, sizeof(char*) );
55
			ctr->subkeys = TALLOC_P( ctr->ctx, char *);
56
		else {
56
		else {
57
			pp = talloc_realloc( ctr->ctx, ctr->subkeys, sizeof(char*)*(ctr->num_subkeys+1) );
57
			pp = TALLOC_REALLOC_ARRAY( ctr->ctx, ctr->subkeys, char *, ctr->num_subkeys+1);
58
			if ( pp )
58
			if ( pp )
59
				ctr->subkeys = pp;
59
				ctr->subkeys = pp;
60
		}
60
		}
61
61
62
		/* allocate the string and save it in the array */
62
		/* allocate the string and save it in the array */
63
		
63
		
64
		ctr->subkeys[ctr->num_subkeys] = talloc( ctr->ctx, len+1 );
64
		ctr->subkeys[ctr->num_subkeys] = TALLOC( ctr->ctx, len+1 );
65
		strncpy( ctr->subkeys[ctr->num_subkeys], keyname, len+1 );
65
		strncpy( ctr->subkeys[ctr->num_subkeys], keyname, len+1 );
66
		ctr->num_subkeys++;
66
		ctr->num_subkeys++;
67
	}
67
	}
Lines 138-144 Link Here
138
	if ( !val )
138
	if ( !val )
139
		return NULL;
139
		return NULL;
140
	
140
	
141
	if ( !(copy = malloc( sizeof(REGISTRY_VALUE) )) ) {
141
	if ( !(copy = SMB_MALLOC_P( REGISTRY_VALUE)) ) {
142
		DEBUG(0,("dup_registry_value: malloc() failed!\n"));
142
		DEBUG(0,("dup_registry_value: malloc() failed!\n"));
143
		return NULL;
143
		return NULL;
144
	}
144
	}
Lines 244-265 Link Here
244
		/* allocate a slot in the array of pointers */
244
		/* allocate a slot in the array of pointers */
245
		
245
		
246
		if (  ctr->num_values == 0 )
246
		if (  ctr->num_values == 0 )
247
			ctr->values = talloc( ctr->ctx, sizeof(REGISTRY_VALUE*) );
247
			ctr->values = TALLOC_P( ctr->ctx, REGISTRY_VALUE *);
248
		else {
248
		else {
249
			ppreg = talloc_realloc( ctr->ctx, ctr->values, sizeof(REGISTRY_VALUE*)*(ctr->num_values+1) );
249
			ppreg = TALLOC_REALLOC_ARRAY( ctr->ctx, ctr->values, REGISTRY_VALUE *, ctr->num_values+1 );
250
			if ( ppreg )
250
			if ( ppreg )
251
				ctr->values = ppreg;
251
				ctr->values = ppreg;
252
		}
252
		}
253
253
254
		/* allocate a new value and store the pointer in the arrya */
254
		/* allocate a new value and store the pointer in the arrya */
255
		
255
		
256
		ctr->values[ctr->num_values] = talloc( ctr->ctx, sizeof(REGISTRY_VALUE) );
256
		ctr->values[ctr->num_values] = TALLOC_P( ctr->ctx, REGISTRY_VALUE);
257
257
258
		/* init the value */
258
		/* init the value */
259
	
259
	
260
		fstrcpy( ctr->values[ctr->num_values]->valuename, name );
260
		fstrcpy( ctr->values[ctr->num_values]->valuename, name );
261
		ctr->values[ctr->num_values]->type = type;
261
		ctr->values[ctr->num_values]->type = type;
262
		ctr->values[ctr->num_values]->data_p = talloc_memdup( ctr->ctx, data_p, size );
262
		ctr->values[ctr->num_values]->data_p = TALLOC_MEMDUP( ctr->ctx, data_p, size );
263
		ctr->values[ctr->num_values]->size = size;
263
		ctr->values[ctr->num_values]->size = size;
264
		ctr->num_values++;
264
		ctr->num_values++;
265
	}
265
	}
Lines 280-301 Link Here
280
		/* allocate a slot in the array of pointers */
280
		/* allocate a slot in the array of pointers */
281
		
281
		
282
		if (  ctr->num_values == 0 )
282
		if (  ctr->num_values == 0 )
283
			ctr->values = talloc( ctr->ctx, sizeof(REGISTRY_VALUE*) );
283
			ctr->values = TALLOC_P( ctr->ctx, REGISTRY_VALUE *);
284
		else {
284
		else {
285
			ppreg = talloc_realloc( ctr->ctx, ctr->values, sizeof(REGISTRY_VALUE*)*(ctr->num_values+1) );
285
			ppreg = TALLOC_REALLOC_ARRAY( ctr->ctx, ctr->values, REGISTRY_VALUE *, ctr->num_values+1 );
286
			if ( ppreg )
286
			if ( ppreg )
287
				ctr->values = ppreg;
287
				ctr->values = ppreg;
288
		}
288
		}
289
289
290
		/* allocate a new value and store the pointer in the arrya */
290
		/* allocate a new value and store the pointer in the arrya */
291
		
291
		
292
		ctr->values[ctr->num_values] = talloc( ctr->ctx, sizeof(REGISTRY_VALUE) );
292
		ctr->values[ctr->num_values] = TALLOC_P( ctr->ctx, REGISTRY_VALUE);
293
293
294
		/* init the value */
294
		/* init the value */
295
	
295
	
296
		fstrcpy( ctr->values[ctr->num_values]->valuename, val->valuename );
296
		fstrcpy( ctr->values[ctr->num_values]->valuename, val->valuename );
297
		ctr->values[ctr->num_values]->type = val->type;
297
		ctr->values[ctr->num_values]->type = val->type;
298
		ctr->values[ctr->num_values]->data_p = talloc_memdup( ctr->ctx, val->data_p, val->size );
298
		ctr->values[ctr->num_values]->data_p = TALLOC_MEMDUP( ctr->ctx, val->data_p, val->size );
299
		ctr->values[ctr->num_values]->size = val->size;
299
		ctr->values[ctr->num_values]->size = val->size;
300
		ctr->num_values++;
300
		ctr->num_values++;
301
	}
301
	}
(-)samba-3.0.9-orig/source/registry/reg_printing.c (-7 / +7 lines)
Lines 73-79 Link Here
73
		p++;
73
		p++;
74
	
74
	
75
	if ( *p )
75
	if ( *p )
76
		return strdup(p);
76
		return SMB_STRDUP(p);
77
	else
77
	else
78
		return NULL;
78
		return NULL;
79
}
79
}
Lines 136-142 Link Here
136
	
136
	
137
	/* we are dealing with a subkey of "Environments */
137
	/* we are dealing with a subkey of "Environments */
138
	
138
	
139
	key2 = strdup( key );
139
	key2 = SMB_STRDUP( key );
140
	keystr = key2;
140
	keystr = key2;
141
	reg_split_path( keystr, &base, &new_path );
141
	reg_split_path( keystr, &base, &new_path );
142
	
142
	
Lines 257-263 Link Here
257
	
257
	
258
	/* env */
258
	/* env */
259
	
259
	
260
	key2 = strdup( key );
260
	key2 = SMB_STRDUP( key );
261
	keystr = key2;
261
	keystr = key2;
262
	reg_split_path( keystr, &base, &new_path );
262
	reg_split_path( keystr, &base, &new_path );
263
	if ( !base || !new_path )
263
	if ( !base || !new_path )
Lines 322-328 Link Here
322
			
322
			
323
			length = strlen(filename);
323
			length = strlen(filename);
324
		
324
		
325
			buffer2 = Realloc( buffer, buffer_size + (length + 1)*sizeof(uint16) );
325
			buffer2 = SMB_REALLOC( buffer, buffer_size + (length + 1)*sizeof(uint16) );
326
			if ( !buffer2 )
326
			if ( !buffer2 )
327
				break;
327
				break;
328
			buffer = buffer2;
328
			buffer = buffer2;
Lines 335-341 Link Here
335
		
335
		
336
		/* terminated by double NULL.  Add the final one here */
336
		/* terminated by double NULL.  Add the final one here */
337
		
337
		
338
		buffer2 = Realloc( buffer, buffer_size + 2 );
338
		buffer2 = SMB_REALLOC( buffer, buffer_size + 2 );
339
		if ( !buffer2 ) {
339
		if ( !buffer2 ) {
340
			SAFE_FREE( buffer );
340
			SAFE_FREE( buffer );
341
			buffer_size = 0;
341
			buffer_size = 0;
Lines 492-498 Link Here
492
492
493
	/* get information for a specific printer */
493
	/* get information for a specific printer */
494
	
494
	
495
	key2 = strdup( key );
495
	key2 = SMB_STRDUP( key );
496
	keystr = key2;
496
	keystr = key2;
497
	reg_split_path( keystr, &base, &new_path );
497
	reg_split_path( keystr, &base, &new_path );
498
498
Lines 546-552 Link Here
546
		goto done;
546
		goto done;
547
	}
547
	}
548
	
548
	
549
	key2 = strdup( key );
549
	key2 = SMB_STRDUP( key );
550
	keystr = key2;
550
	keystr = key2;
551
	reg_split_path( keystr, &base, &new_path );
551
	reg_split_path( keystr, &base, &new_path );
552
	
552
	
(-)samba-3.0.9-orig/source/rpcclient/cmd_echo.c (-2 / +2 lines)
Lines 60-66 Link Here
60
	}
60
	}
61
61
62
	size = atoi(argv[1]);
62
	size = atoi(argv[1]);
63
	in_data = malloc(size);
63
	in_data = SMB_MALLOC(size);
64
64
65
	for (i = 0; i < size; i++)
65
	for (i = 0; i < size; i++)
66
		in_data[i] = i & 0xff;
66
		in_data[i] = i & 0xff;
Lines 129-135 Link Here
129
	}
129
	}
130
130
131
	size = atoi(argv[1]);
131
	size = atoi(argv[1]);
132
	in_data = malloc(size);
132
	in_data = SMB_MALLOC(size);
133
133
134
	for (i = 0; i < size; i++)
134
	for (i = 0; i < size; i++)
135
		in_data[i] = i & 0xff;
135
		in_data[i] = i & 0xff;
(-)samba-3.0.9-orig/source/rpcclient/cmd_lsarpc.c (-1 / +1 lines)
Lines 207-213 Link Here
207
207
208
	/* Convert arguments to sids */
208
	/* Convert arguments to sids */
209
209
210
	sids = (DOM_SID *)talloc(mem_ctx, sizeof(DOM_SID) * (argc - 1));
210
	sids = TALLOC_ARRAY(mem_ctx, DOM_SID, argc - 1);
211
211
212
	if (!sids) {
212
	if (!sids) {
213
		printf("could not allocate memory for %d sids\n", argc - 1);
213
		printf("could not allocate memory for %d sids\n", argc - 1);
(-)samba-3.0.9-orig/source/rpcclient/cmd_samr.c (-2 / +2 lines)
Lines 1238-1244 Link Here
1238
	/* Look up names */
1238
	/* Look up names */
1239
1239
1240
	num_names = argc - 2;
1240
	num_names = argc - 2;
1241
	names = (const char **)talloc(mem_ctx, sizeof(char *) * num_names);
1241
	names = TALLOC_ARRAY(mem_ctx, const char *, num_names);
1242
1242
1243
	for (i = 0; i < argc - 2; i++)
1243
	for (i = 0; i < argc - 2; i++)
1244
		names[i] = argv[i + 2];
1244
		names[i] = argv[i + 2];
Lines 1296-1302 Link Here
1296
	/* Look up rids */
1296
	/* Look up rids */
1297
1297
1298
	num_rids = argc - 1;
1298
	num_rids = argc - 1;
1299
	rids = (uint32 *)talloc(mem_ctx, sizeof(uint32) * num_rids);
1299
	rids = TALLOC_ARRAY(mem_ctx, uint32, num_rids);
1300
1300
1301
	for (i = 0; i < argc - 1; i++)
1301
	for (i = 0; i < argc - 1; i++)
1302
                sscanf(argv[i + 1], "%i", &rids[i]);
1302
                sscanf(argv[i + 1], "%i", &rids[i]);
(-)samba-3.0.9-orig/source/rpcclient/cmd_spoolss.c (-4 / +3 lines)
Lines 1333-1339 Link Here
1333
	/* allocate the space; add one extra slot for a terminating NULL.
1333
	/* allocate the space; add one extra slot for a terminating NULL.
1334
	   Each filename is NULL terminated and the end contains a double
1334
	   Each filename is NULL terminated and the end contains a double
1335
	   NULL */
1335
	   NULL */
1336
	if ((info->dependentfiles=(uint16*)talloc(mem_ctx, (len+1)*sizeof(uint16))) == NULL)
1336
	if ((info->dependentfiles=TALLOC_ARRAY(mem_ctx, uint16, len+1)) == NULL)
1337
	{
1337
	{
1338
		DEBUG(0,("init_drv_info_3_members: Unable to malloc memory for dependenfiles\n"));
1338
		DEBUG(0,("init_drv_info_3_members: Unable to malloc memory for dependenfiles\n"));
1339
		return False;
1339
		return False;
Lines 2035-2041 Link Here
2035
	fstrcpy(value.valuename, argv[2]);
2035
	fstrcpy(value.valuename, argv[2]);
2036
	value.type = REG_SZ;
2036
	value.type = REG_SZ;
2037
	value.size = data.uni_str_len * 2;
2037
	value.size = data.uni_str_len * 2;
2038
	value.data_p = talloc_memdup(mem_ctx, data.buffer, value.size);
2038
	value.data_p = TALLOC_MEMDUP(mem_ctx, data.buffer, value.size);
2039
2039
2040
	result = cli_spoolss_setprinterdata(cli, mem_ctx, &pol, &value);
2040
	result = cli_spoolss_setprinterdata(cli, mem_ctx, &pol, &value);
2041
		
2041
		
Lines 2417-2424 Link Here
2417
	option.option_type_ptr = 1;
2417
	option.option_type_ptr = 1;
2418
	option.count = option.ctr.count = 2;
2418
	option.count = option.ctr.count = 2;
2419
2419
2420
	option.ctr.type = (SPOOL_NOTIFY_OPTION_TYPE *)talloc(
2420
	option.ctr.type = TALLOC_ARRAY(mem_ctx, SPOOL_NOTIFY_OPTION_TYPE, 2);
2421
		mem_ctx, sizeof(SPOOL_NOTIFY_OPTION_TYPE) * 2);
2422
2421
2423
	ZERO_STRUCT(option.ctr.type[0]);
2422
	ZERO_STRUCT(option.ctr.type[0]);
2424
	option.ctr.type[0].type = PRINTER_NOTIFY_TYPE;
2423
	option.ctr.type[0].type = PRINTER_NOTIFY_TYPE;
(-)samba-3.0.9-orig/source/rpcclient/rpcclient.c (-5 / +5 lines)
Lines 59-68 Link Here
59
	if (!commands) 
59
	if (!commands) 
60
		return NULL;
60
		return NULL;
61
61
62
	matches = (char **)malloc(sizeof(matches[0])*MAX_COMPLETIONS);
62
	matches = SMB_MALLOC_ARRAY(char *, MAX_COMPLETIONS);
63
	if (!matches) return NULL;
63
	if (!matches) return NULL;
64
64
65
	matches[count++] = strdup(text);
65
	matches[count++] = SMB_STRDUP(text);
66
	if (!matches[0]) return NULL;
66
	if (!matches[0]) return NULL;
67
67
68
	while (commands && count < MAX_COMPLETIONS-1) 
68
	while (commands && count < MAX_COMPLETIONS-1) 
Lines 78-84 Link Here
78
                      ( commands->cmd_set[i].returntype == RPC_RTYPE_WERROR &&
78
                      ( commands->cmd_set[i].returntype == RPC_RTYPE_WERROR &&
79
                        commands->cmd_set[i].wfn)))
79
                        commands->cmd_set[i].wfn)))
80
			{
80
			{
81
				matches[count] = strdup(commands->cmd_set[i].name);
81
				matches[count] = SMB_STRDUP(commands->cmd_set[i].name);
82
				if (!matches[count]) 
82
				if (!matches[count]) 
83
					return NULL;
83
					return NULL;
84
				count++;
84
				count++;
Lines 91-97 Link Here
91
91
92
	if (count == 2) {
92
	if (count == 2) {
93
		SAFE_FREE(matches[0]);
93
		SAFE_FREE(matches[0]);
94
		matches[0] = strdup(matches[1]);
94
		matches[0] = SMB_STRDUP(matches[1]);
95
	}
95
	}
96
	matches[count] = NULL;
96
	matches[count] = NULL;
97
	return matches;
97
	return matches;
Lines 485-491 Link Here
485
{
485
{
486
	struct cmd_list *entry;
486
	struct cmd_list *entry;
487
487
488
	if (!(entry = (struct cmd_list *)malloc(sizeof(struct cmd_list)))) {
488
	if (!(entry = SMB_MALLOC_P(struct cmd_list))) {
489
		DEBUG(0, ("out of memory\n"));
489
		DEBUG(0, ("out of memory\n"));
490
		return;
490
		return;
491
	}
491
	}
(-)samba-3.0.9-orig/source/rpc_client/cli_ds.c (-6 / +16 lines)
Lines 39-46 Link Here
39
39
40
	/* Initialise parse structures */
40
	/* Initialise parse structures */
41
41
42
	prs_init(&qbuf, MAX_PDU_FRAG_LEN, mem_ctx, MARSHALL);
42
	if (!prs_init(&qbuf, MAX_PDU_FRAG_LEN, mem_ctx, MARSHALL)) {
43
	prs_init(&rbuf, 0, mem_ctx, UNMARSHALL);
43
		return NT_STATUS_NO_MEMORY;
44
	}
45
	if (!prs_init(&rbuf, 0, mem_ctx, UNMARSHALL)) {
46
		prs_mem_free(&qbuf);
47
		return NT_STATUS_NO_MEMORY;
48
	}
44
	
49
	
45
	q.level = level;
50
	q.level = level;
46
	
51
	
Lines 63-69 Link Here
63
	result = r.status;
68
	result = r.status;
64
69
65
	if ( r.ptr && ctr ) {
70
	if ( r.ptr && ctr ) {
66
		ctr->basic = talloc(mem_ctx, sizeof(DSROLE_PRIMARY_DOMAIN_INFO_BASIC));
71
		ctr->basic = TALLOC_P(mem_ctx, DSROLE_PRIMARY_DOMAIN_INFO_BASIC);
67
		if (!ctr->basic)
72
		if (!ctr->basic)
68
			goto done;
73
			goto done;
69
		memcpy(ctr->basic, r.info.basic, sizeof(DSROLE_PRIMARY_DOMAIN_INFO_BASIC));
74
		memcpy(ctr->basic, r.info.basic, sizeof(DSROLE_PRIMARY_DOMAIN_INFO_BASIC));
Lines 94-101 Link Here
94
99
95
	/* Initialise parse structures */
100
	/* Initialise parse structures */
96
101
97
	prs_init(&qbuf, MAX_PDU_FRAG_LEN, mem_ctx, MARSHALL);
102
	if (!prs_init(&qbuf, MAX_PDU_FRAG_LEN, mem_ctx, MARSHALL)) {
98
	prs_init(&rbuf, 0, mem_ctx, UNMARSHALL);
103
		return NT_STATUS_NO_MEMORY;;
104
	}
105
	if (!prs_init(&rbuf, 0, mem_ctx, UNMARSHALL)) {
106
		prs_mem_free(&qbuf);
107
		return NT_STATUS_NO_MEMORY;
108
	}
99
109
100
	init_q_ds_enum_domain_trusts( &q, server, flags );
110
	init_q_ds_enum_domain_trusts( &q, server, flags );
101
		
111
		
Lines 118-124 Link Here
118
		int i;
128
		int i;
119
	
129
	
120
		*num_domains = r.num_domains;
130
		*num_domains = r.num_domains;
121
		*trusts = (struct ds_domain_trust*)talloc(mem_ctx, r.num_domains*sizeof(**trusts));
131
		*trusts = TALLOC_ARRAY(mem_ctx, struct ds_domain_trust, r.num_domains);
122
132
123
		for ( i=0; i< *num_domains; i++ ) {
133
		for ( i=0; i< *num_domains; i++ ) {
124
			(*trusts)[i].flags = r.domains.trusts[i].flags;
134
			(*trusts)[i].flags = r.domains.trusts[i].flags;
(-)samba-3.0.9-orig/source/rpc_client/cli_echo.c (-9 / +29 lines)
Lines 35-42 Link Here
35
35
36
	/* Initialise parse structures */
36
	/* Initialise parse structures */
37
37
38
	prs_init(&qbuf, MAX_PDU_FRAG_LEN, mem_ctx, MARSHALL);
38
	if (!prs_init(&qbuf, MAX_PDU_FRAG_LEN, mem_ctx, MARSHALL)) {
39
	prs_init(&rbuf, 0, mem_ctx, UNMARSHALL);
39
		return NT_STATUS_NO_MEMORY;
40
	}
41
	if (!prs_init(&rbuf, 0, mem_ctx, UNMARSHALL)) {
42
		prs_mem_free(&qbuf);
43
		return NT_STATUS_NO_MEMORY;
44
	}
40
45
41
	/* Marshall data and send request */
46
	/* Marshall data and send request */
42
47
Lines 76-83 Link Here
76
81
77
	/* Initialise parse structures */
82
	/* Initialise parse structures */
78
83
79
	prs_init(&qbuf, MAX_PDU_FRAG_LEN, mem_ctx, MARSHALL);
84
	if (!prs_init(&qbuf, MAX_PDU_FRAG_LEN, mem_ctx, MARSHALL)) {
80
	prs_init(&rbuf, 0, mem_ctx, UNMARSHALL);
85
		return NT_STATUS_NO_MEMORY;
86
	}
87
	if (!prs_init(&rbuf, 0, mem_ctx, UNMARSHALL)) {
88
		prs_mem_free(&qbuf);
89
		return NT_STATUS_NO_MEMORY;
90
	}
81
91
82
	/* Marshall data and send request */
92
	/* Marshall data and send request */
83
93
Lines 95-101 Link Here
95
	result = True;
105
	result = True;
96
106
97
	if (out_data) {
107
	if (out_data) {
98
		*out_data = talloc(mem_ctx, size);
108
		*out_data = TALLOC(mem_ctx, size);
99
		memcpy(*out_data, r.data, size);
109
		memcpy(*out_data, r.data, size);
100
	}
110
	}
101
111
Lines 119-126 Link Here
119
129
120
	/* Initialise parse structures */
130
	/* Initialise parse structures */
121
131
122
	prs_init(&qbuf, MAX_PDU_FRAG_LEN, mem_ctx, MARSHALL);
132
	if (!prs_init(&qbuf, MAX_PDU_FRAG_LEN, mem_ctx, MARSHALL)) {
123
	prs_init(&rbuf, 0, mem_ctx, UNMARSHALL);
133
		return NT_STATUS_NO_MEMORY;
134
	}
135
	if (!prs_init(&rbuf, 0, mem_ctx, UNMARSHALL)) {
136
		prs_mem_free(&qbuf);
137
		return NT_STATUS_NO_MEMORY;
138
	}
124
139
125
	/* Marshall data and send request */
140
	/* Marshall data and send request */
126
141
Lines 159-166 Link Here
159
174
160
	/* Initialise parse structures */
175
	/* Initialise parse structures */
161
176
162
	prs_init(&qbuf, MAX_PDU_FRAG_LEN, mem_ctx, MARSHALL);
177
	if (!prs_init(&qbuf, MAX_PDU_FRAG_LEN, mem_ctx, MARSHALL)) {
163
	prs_init(&rbuf, 0, mem_ctx, UNMARSHALL);
178
		return NT_STATUS_NO_MEMORY;
179
	}
180
	if (!prs_init(&rbuf, 0, mem_ctx, UNMARSHALL)) {
181
		prs_mem_free(&qbuf);
182
		return NT_STATUS_NO_MEMORY;
183
	}
164
184
165
	/* Marshall data and send request */
185
	/* Marshall data and send request */
166
186
(-)samba-3.0.9-orig/source/rpc_client/cli_lsarpc.c (-25 / +18 lines)
Lines 88-94 Link Here
88
	if (NT_STATUS_IS_OK(result = r.status)) {
88
	if (NT_STATUS_IS_OK(result = r.status)) {
89
		*pol = r.pol;
89
		*pol = r.pol;
90
#ifdef __INSURE__
90
#ifdef __INSURE__
91
		pol->marker = malloc(1);
91
		pol->marker = MALLOC(1);
92
#endif
92
#endif
93
	}
93
	}
94
94
Lines 276-297 Link Here
276
		goto done;
276
		goto done;
277
	}
277
	}
278
278
279
	if (!((*domains) = (char **)talloc(mem_ctx, sizeof(char *) *
279
	if (!((*domains) = TALLOC_ARRAY(mem_ctx, char *, num_sids))) {
280
					   num_sids))) {
281
		DEBUG(0, ("cli_lsa_lookup_sids(): out of memory\n"));
280
		DEBUG(0, ("cli_lsa_lookup_sids(): out of memory\n"));
282
		result = NT_STATUS_UNSUCCESSFUL;
281
		result = NT_STATUS_UNSUCCESSFUL;
283
		goto done;
282
		goto done;
284
	}
283
	}
285
284
286
	if (!((*names) = (char **)talloc(mem_ctx, sizeof(char *) *
285
	if (!((*names) = TALLOC_ARRAY(mem_ctx, char *, num_sids))) {
287
					 num_sids))) {
288
		DEBUG(0, ("cli_lsa_lookup_sids(): out of memory\n"));
286
		DEBUG(0, ("cli_lsa_lookup_sids(): out of memory\n"));
289
		result = NT_STATUS_UNSUCCESSFUL;
287
		result = NT_STATUS_UNSUCCESSFUL;
290
		goto done;
288
		goto done;
291
	}
289
	}
292
290
293
	if (!((*types) = (uint32 *)talloc(mem_ctx, sizeof(uint32) *
291
	if (!((*types) = TALLOC_ARRAY(mem_ctx, uint32, num_sids))) {
294
					  num_sids))) {
295
		DEBUG(0, ("cli_lsa_lookup_sids(): out of memory\n"));
292
		DEBUG(0, ("cli_lsa_lookup_sids(): out of memory\n"));
296
		result = NT_STATUS_UNSUCCESSFUL;
293
		result = NT_STATUS_UNSUCCESSFUL;
297
		goto done;
294
		goto done;
Lines 393-407 Link Here
393
		goto done;
390
		goto done;
394
	}
391
	}
395
392
396
	if (!((*sids = (DOM_SID *)talloc(mem_ctx, sizeof(DOM_SID) *
393
	if (!((*sids = TALLOC_ARRAY(mem_ctx, DOM_SID, num_names)))) {
397
					 num_names)))) {
398
		DEBUG(0, ("cli_lsa_lookup_sids(): out of memory\n"));
394
		DEBUG(0, ("cli_lsa_lookup_sids(): out of memory\n"));
399
		result = NT_STATUS_UNSUCCESSFUL;
395
		result = NT_STATUS_UNSUCCESSFUL;
400
		goto done;
396
		goto done;
401
	}
397
	}
402
398
403
	if (!((*types = (uint32 *)talloc(mem_ctx, sizeof(uint32) *
399
	if (!((*types = TALLOC_ARRAY(mem_ctx, uint32, num_names)))) {
404
					 num_names)))) {
405
		DEBUG(0, ("cli_lsa_lookup_sids(): out of memory\n"));
400
		DEBUG(0, ("cli_lsa_lookup_sids(): out of memory\n"));
406
		result = NT_STATUS_UNSUCCESSFUL;
401
		result = NT_STATUS_UNSUCCESSFUL;
407
		goto done;
402
		goto done;
Lines 491-497 Link Here
491
		}
486
		}
492
487
493
		if (domain_sid && (r.dom.id3.buffer_dom_sid != 0)) {
488
		if (domain_sid && (r.dom.id3.buffer_dom_sid != 0)) {
494
			*domain_sid = talloc(mem_ctx, sizeof(**domain_sid));
489
			*domain_sid = TALLOC_P(mem_ctx, DOM_SID);
495
			if (*domain_sid) {
490
			if (*domain_sid) {
496
				sid_copy(*domain_sid, &r.dom.id3.dom_sid.sid);
491
				sid_copy(*domain_sid, &r.dom.id3.dom_sid.sid);
497
			}
492
			}
Lines 508-514 Link Here
508
		}
503
		}
509
			
504
			
510
		if (domain_sid && (r.dom.id5.buffer_dom_sid != 0)) {
505
		if (domain_sid && (r.dom.id5.buffer_dom_sid != 0)) {
511
			*domain_sid = talloc(mem_ctx, sizeof(**domain_sid));
506
			*domain_sid = TALLOC_P(mem_ctx, DOM_SID);
512
			if (*domain_sid) {
507
			if (*domain_sid) {
513
				sid_copy(*domain_sid, &r.dom.id5.dom_sid.sid);
508
				sid_copy(*domain_sid, &r.dom.id5.dom_sid.sid);
514
			}
509
			}
Lines 599-612 Link Here
599
	}
594
	}
600
	
595
	
601
	if (domain_guid) {
596
	if (domain_guid) {
602
		*domain_guid = talloc(mem_ctx, sizeof(**domain_guid));
597
		*domain_guid = TALLOC_P(mem_ctx, struct uuid);
603
		memcpy(*domain_guid, 
598
		memcpy(*domain_guid, 
604
		       &r.info.dns_dom_info.dom_guid, 
599
		       &r.info.dns_dom_info.dom_guid, 
605
		       sizeof(struct uuid));
600
		       sizeof(struct uuid));
606
	}
601
	}
607
602
608
	if (domain_sid && r.info.dns_dom_info.ptr_dom_sid != 0) {
603
	if (domain_sid && r.info.dns_dom_info.ptr_dom_sid != 0) {
609
		*domain_sid = talloc(mem_ctx, sizeof(**domain_sid));
604
		*domain_sid = TALLOC_P(mem_ctx, DOM_SID);
610
		if (*domain_sid) {
605
		if (*domain_sid) {
611
			sid_copy(*domain_sid, 
606
			sid_copy(*domain_sid, 
612
				 &r.info.dns_dom_info.dom_sid.sid);
607
				 &r.info.dns_dom_info.dom_sid.sid);
Lines 689-696 Link Here
689
684
690
		/* Allocate memory for trusted domain names and sids */
685
		/* Allocate memory for trusted domain names and sids */
691
686
692
		*domain_names = (char **)talloc(mem_ctx, sizeof(char *) *
687
		*domain_names = TALLOC_ARRAY(mem_ctx, char *, r.num_domains);
693
						r.num_domains);
694
688
695
		if (!*domain_names) {
689
		if (!*domain_names) {
696
			DEBUG(0, ("cli_lsa_enum_trust_dom(): out of memory\n"));
690
			DEBUG(0, ("cli_lsa_enum_trust_dom(): out of memory\n"));
Lines 698-705 Link Here
698
			goto done;
692
			goto done;
699
		}
693
		}
700
694
701
		*domain_sids = (DOM_SID *)talloc(mem_ctx, sizeof(DOM_SID) *
695
		*domain_sids = TALLOC_ARRAY(mem_ctx, DOM_SID, r.num_domains);
702
						 r.num_domains);
703
		if (!domain_sids) {
696
		if (!domain_sids) {
704
			DEBUG(0, ("cli_lsa_enum_trust_dom(): out of memory\n"));
697
			DEBUG(0, ("cli_lsa_enum_trust_dom(): out of memory\n"));
705
			result = NT_STATUS_NO_MEMORY;
698
			result = NT_STATUS_NO_MEMORY;
Lines 775-793 Link Here
775
	*enum_context = r.enum_context;
768
	*enum_context = r.enum_context;
776
	*count = r.count;
769
	*count = r.count;
777
770
778
	if (!((*privs_name = (char **)talloc(mem_ctx, sizeof(char *) * r.count)))) {
771
	if (!((*privs_name = TALLOC_ARRAY(mem_ctx, char *, r.count)))) {
779
		DEBUG(0, ("(cli_lsa_enum_privilege): out of memory\n"));
772
		DEBUG(0, ("(cli_lsa_enum_privilege): out of memory\n"));
780
		result = NT_STATUS_UNSUCCESSFUL;
773
		result = NT_STATUS_UNSUCCESSFUL;
781
		goto done;
774
		goto done;
782
	}
775
	}
783
776
784
	if (!((*privs_high = (uint32 *)talloc(mem_ctx, sizeof(uint32) * r.count)))) {
777
	if (!((*privs_high = TALLOC_ARRAY(mem_ctx, uint32, r.count)))) {
785
		DEBUG(0, ("(cli_lsa_enum_privilege): out of memory\n"));
778
		DEBUG(0, ("(cli_lsa_enum_privilege): out of memory\n"));
786
		result = NT_STATUS_UNSUCCESSFUL;
779
		result = NT_STATUS_UNSUCCESSFUL;
787
		goto done;
780
		goto done;
788
	}
781
	}
789
782
790
	if (!((*privs_low = (uint32 *)talloc(mem_ctx, sizeof(uint32) * r.count)))) {
783
	if (!((*privs_low = TALLOC_ARRAY(mem_ctx, uint32, r.count)))) {
791
		DEBUG(0, ("(cli_lsa_enum_privilege): out of memory\n"));
784
		DEBUG(0, ("(cli_lsa_enum_privilege): out of memory\n"));
792
		result = NT_STATUS_UNSUCCESSFUL;
785
		result = NT_STATUS_UNSUCCESSFUL;
793
		goto done;
786
		goto done;
Lines 912-918 Link Here
912
905
913
	/* Return output parameters */
906
	/* Return output parameters */
914
907
915
	*sids = (DOM_SID *)talloc(mem_ctx, sizeof(DOM_SID) * r.sids.num_entries);
908
	*sids = TALLOC_ARRAY(mem_ctx, DOM_SID, r.sids.num_entries);
916
	if (!*sids) {
909
	if (!*sids) {
917
		DEBUG(0, ("(cli_lsa_enum_sids): out of memory\n"));
910
		DEBUG(0, ("(cli_lsa_enum_sids): out of memory\n"));
918
		result = NT_STATUS_UNSUCCESSFUL;
911
		result = NT_STATUS_UNSUCCESSFUL;
Lines 1037-1043 Link Here
1037
	if (r.count == 0)
1030
	if (r.count == 0)
1038
		goto done;
1031
		goto done;
1039
1032
1040
	if (!((*set = (LUID_ATTR *)talloc(mem_ctx, sizeof(LUID_ATTR) * r.count)))) {
1033
	if (!((*set = TALLOC_ARRAY(mem_ctx, LUID_ATTR, r.count)))) {
1041
		DEBUG(0, ("(cli_lsa_enum_privsaccount): out of memory\n"));
1034
		DEBUG(0, ("(cli_lsa_enum_privsaccount): out of memory\n"));
1042
		result = NT_STATUS_UNSUCCESSFUL;
1035
		result = NT_STATUS_UNSUCCESSFUL;
1043
		goto done;
1036
		goto done;
Lines 1206-1212 Link Here
1206
		goto done;
1199
		goto done;
1207
	}
1200
	}
1208
1201
1209
	*privs_name = (char **)talloc(mem_ctx, (*count) * sizeof(char **));
1202
	*privs_name = TALLOC_ARRAY(mem_ctx, char *, *count);
1210
	for (i=0;i<*count;i++) {
1203
	for (i=0;i<*count;i++) {
1211
		pull_ucs2_talloc(mem_ctx, &(*privs_name)[i], r.rights.strings[i].string.buffer);
1204
		pull_ucs2_talloc(mem_ctx, &(*privs_name)[i], r.rights.strings[i].string.buffer);
1212
	}
1205
	}
(-)samba-3.0.9-orig/source/rpc_client/cli_samr.c (-11 / +9 lines)
Lines 853-865 Link Here
853
853
854
	if (r.num_entries2) {
854
	if (r.num_entries2) {
855
		/* allocate memory needed to return received data */	
855
		/* allocate memory needed to return received data */	
856
		*rids = (uint32*)talloc(mem_ctx, sizeof(uint32) * r.num_entries2);
856
		*rids = TALLOC_ARRAY(mem_ctx, uint32, r.num_entries2);
857
		if (!*rids) {
857
		if (!*rids) {
858
			DEBUG(0, ("Error in cli_samr_enum_dom_users(): out of memory\n"));
858
			DEBUG(0, ("Error in cli_samr_enum_dom_users(): out of memory\n"));
859
			return NT_STATUS_NO_MEMORY;
859
			return NT_STATUS_NO_MEMORY;
860
		}
860
		}
861
		
861
		
862
		*dom_users = (char**)talloc(mem_ctx, sizeof(char*) * r.num_entries2);
862
		*dom_users = TALLOC_ARRAY(mem_ctx, char*, r.num_entries2);
863
		if (!*dom_users) {
863
		if (!*dom_users) {
864
			DEBUG(0, ("Error in cli_samr_enum_dom_users(): out of memory\n"));
864
			DEBUG(0, ("Error in cli_samr_enum_dom_users(): out of memory\n"));
865
			return NT_STATUS_NO_MEMORY;
865
			return NT_STATUS_NO_MEMORY;
Lines 931-938 Link Here
931
	if (*num_dom_groups == 0)
931
	if (*num_dom_groups == 0)
932
		goto done;
932
		goto done;
933
933
934
	if (!((*dom_groups) = (struct acct_info *)
934
	if (!((*dom_groups) = TALLOC_ARRAY(mem_ctx, struct acct_info, *num_dom_groups))) {
935
	      talloc(mem_ctx, sizeof(struct acct_info) * *num_dom_groups))) {
936
		result = NT_STATUS_NO_MEMORY;
935
		result = NT_STATUS_NO_MEMORY;
937
		goto done;
936
		goto done;
938
	}
937
	}
Lines 1014-1021 Link Here
1014
	if (*num_dom_aliases == 0)
1013
	if (*num_dom_aliases == 0)
1015
		goto done;
1014
		goto done;
1016
1015
1017
	if (!((*dom_aliases) = (struct acct_info *)
1016
	if (!((*dom_aliases) = TALLOC_ARRAY(mem_ctx, struct acct_info, *num_dom_aliases))) {
1018
	      talloc(mem_ctx, sizeof(struct acct_info) * *num_dom_aliases))) {
1019
		result = NT_STATUS_NO_MEMORY;
1017
		result = NT_STATUS_NO_MEMORY;
1020
		goto done;
1018
		goto done;
1021
	}
1019
	}
Lines 1096-1102 Link Here
1096
		goto done;
1094
		goto done;
1097
	}
1095
	}
1098
1096
1099
	if (!(*sids = talloc(mem_ctx, sizeof(DOM_SID) * *num_mem))) {
1097
	if (!(*sids = TALLOC_ARRAY(mem_ctx, DOM_SID, *num_mem))) {
1100
		result = NT_STATUS_UNSUCCESSFUL;
1098
		result = NT_STATUS_UNSUCCESSFUL;
1101
		goto done;
1099
		goto done;
1102
	}
1100
	}
Lines 1654-1661 Link Here
1654
	}
1652
	}
1655
1653
1656
	*num_names = r.num_names1;
1654
	*num_names = r.num_names1;
1657
	*names = talloc(mem_ctx, sizeof(char *) * r.num_names1);
1655
	*names = TALLOC_ARRAY(mem_ctx, char *, r.num_names1);
1658
	*name_types = talloc(mem_ctx, sizeof(uint32) * r.num_names1);
1656
	*name_types = TALLOC_ARRAY(mem_ctx, uint32, r.num_names1);
1659
1657
1660
	for (i = 0; i < r.num_names1; i++) {
1658
	for (i = 0; i < r.num_names1; i++) {
1661
		fstring tmp;
1659
		fstring tmp;
Lines 1724-1731 Link Here
1724
	}
1722
	}
1725
1723
1726
	*num_rids = r.num_rids1;
1724
	*num_rids = r.num_rids1;
1727
	*rids = talloc(mem_ctx, sizeof(uint32) * r.num_rids1);
1725
	*rids = TALLOC_ARRAY(mem_ctx, uint32, r.num_rids1);
1728
	*rid_types = talloc(mem_ctx, sizeof(uint32) * r.num_rids1);
1726
	*rid_types = TALLOC_ARRAY(mem_ctx, uint32, r.num_rids1);
1729
1727
1730
	for (i = 0; i < r.num_rids1; i++) {
1728
	for (i = 0; i < r.num_rids1; i++) {
1731
		(*rids)[i] = r.rids[i];
1729
		(*rids)[i] = r.rids[i];
(-)samba-3.0.9-orig/source/rpc_client/cli_spoolss.c (-18 / +18 lines)
Lines 55-61 Link Here
55
        uint32 i;
55
        uint32 i;
56
        PRINTER_INFO_0  *inf;
56
        PRINTER_INFO_0  *inf;
57
57
58
        inf=(PRINTER_INFO_0 *)talloc(mem_ctx, returned*sizeof(PRINTER_INFO_0));
58
        inf=TALLOC_ARRAY(mem_ctx, PRINTER_INFO_0, returned);
59
	memset(inf, 0, returned*sizeof(PRINTER_INFO_0));
59
	memset(inf, 0, returned*sizeof(PRINTER_INFO_0));
60
60
61
	prs_set_offset(&buffer->prs,0);
61
	prs_set_offset(&buffer->prs,0);
Lines 75-81 Link Here
75
        uint32 i;
75
        uint32 i;
76
        PRINTER_INFO_1  *inf;
76
        PRINTER_INFO_1  *inf;
77
77
78
        inf=(PRINTER_INFO_1 *)talloc(mem_ctx, returned*sizeof(PRINTER_INFO_1));
78
        inf=TALLOC_ARRAY(mem_ctx, PRINTER_INFO_1, returned);
79
	memset(inf, 0, returned*sizeof(PRINTER_INFO_1));
79
	memset(inf, 0, returned*sizeof(PRINTER_INFO_1));
80
80
81
	prs_set_offset(&buffer->prs,0);
81
	prs_set_offset(&buffer->prs,0);
Lines 95-101 Link Here
95
        uint32 i;
95
        uint32 i;
96
        PRINTER_INFO_2  *inf;
96
        PRINTER_INFO_2  *inf;
97
97
98
        inf=(PRINTER_INFO_2 *)talloc(mem_ctx, returned*sizeof(PRINTER_INFO_2));
98
        inf=TALLOC_ARRAY(mem_ctx, PRINTER_INFO_2, returned);
99
	memset(inf, 0, returned*sizeof(PRINTER_INFO_2));
99
	memset(inf, 0, returned*sizeof(PRINTER_INFO_2));
100
100
101
	prs_set_offset(&buffer->prs,0);
101
	prs_set_offset(&buffer->prs,0);
Lines 117-123 Link Here
117
        uint32 i;
117
        uint32 i;
118
        PRINTER_INFO_3  *inf;
118
        PRINTER_INFO_3  *inf;
119
119
120
        inf=(PRINTER_INFO_3 *)talloc(mem_ctx, returned*sizeof(PRINTER_INFO_3));
120
        inf=TALLOC_ARRAY(mem_ctx, PRINTER_INFO_3, returned);
121
	memset(inf, 0, returned*sizeof(PRINTER_INFO_3));
121
	memset(inf, 0, returned*sizeof(PRINTER_INFO_3));
122
122
123
	prs_set_offset(&buffer->prs,0);
123
	prs_set_offset(&buffer->prs,0);
Lines 138-144 Link Here
138
	uint32 i;
138
	uint32 i;
139
	PRINTER_INFO_7  *inf;
139
	PRINTER_INFO_7  *inf;
140
140
141
	inf=(PRINTER_INFO_7 *)talloc(mem_ctx, returned*sizeof(PRINTER_INFO_7));
141
	inf=TALLOC_ARRAY(mem_ctx, PRINTER_INFO_7, returned);
142
	memset(inf, 0, returned*sizeof(PRINTER_INFO_7));
142
	memset(inf, 0, returned*sizeof(PRINTER_INFO_7));
143
143
144
	prs_set_offset(&buffer->prs,0);
144
	prs_set_offset(&buffer->prs,0);
Lines 159-165 Link Here
159
        uint32 i;
159
        uint32 i;
160
        PORT_INFO_1 *inf;
160
        PORT_INFO_1 *inf;
161
161
162
        inf=(PORT_INFO_1*)talloc(mem_ctx, returned*sizeof(PORT_INFO_1));
162
        inf=TALLOC_ARRAY(mem_ctx, PORT_INFO_1, returned);
163
	memset(inf, 0, returned*sizeof(PORT_INFO_1));
163
	memset(inf, 0, returned*sizeof(PORT_INFO_1));
164
164
165
        prs_set_offset(&buffer->prs, 0);
165
        prs_set_offset(&buffer->prs, 0);
Lines 179-185 Link Here
179
        uint32 i;
179
        uint32 i;
180
        PORT_INFO_2 *inf;
180
        PORT_INFO_2 *inf;
181
181
182
        inf=(PORT_INFO_2*)talloc(mem_ctx, returned*sizeof(PORT_INFO_2));
182
        inf=TALLOC_ARRAY(mem_ctx, PORT_INFO_2, returned);
183
	memset(inf, 0, returned*sizeof(PORT_INFO_2));
183
	memset(inf, 0, returned*sizeof(PORT_INFO_2));
184
184
185
        prs_set_offset(&buffer->prs, 0);
185
        prs_set_offset(&buffer->prs, 0);
Lines 199-205 Link Here
199
        uint32 i;
199
        uint32 i;
200
        DRIVER_INFO_1 *inf;
200
        DRIVER_INFO_1 *inf;
201
201
202
        inf=(DRIVER_INFO_1 *)talloc(mem_ctx, returned*sizeof(DRIVER_INFO_1));
202
        inf=TALLOC_ARRAY(mem_ctx, DRIVER_INFO_1, returned);
203
	memset(inf, 0, returned*sizeof(DRIVER_INFO_1));
203
	memset(inf, 0, returned*sizeof(DRIVER_INFO_1));
204
204
205
	prs_set_offset(&buffer->prs,0);
205
	prs_set_offset(&buffer->prs,0);
Lines 219-225 Link Here
219
        uint32 i;
219
        uint32 i;
220
        DRIVER_INFO_2 *inf;
220
        DRIVER_INFO_2 *inf;
221
221
222
        inf=(DRIVER_INFO_2 *)talloc(mem_ctx, returned*sizeof(DRIVER_INFO_2));
222
        inf=TALLOC_ARRAY(mem_ctx, DRIVER_INFO_2, returned);
223
	memset(inf, 0, returned*sizeof(DRIVER_INFO_2));
223
	memset(inf, 0, returned*sizeof(DRIVER_INFO_2));
224
224
225
	prs_set_offset(&buffer->prs,0);
225
	prs_set_offset(&buffer->prs,0);
Lines 239-245 Link Here
239
        uint32 i;
239
        uint32 i;
240
        DRIVER_INFO_3 *inf;
240
        DRIVER_INFO_3 *inf;
241
241
242
        inf=(DRIVER_INFO_3 *)talloc(mem_ctx, returned*sizeof(DRIVER_INFO_3));
242
        inf=TALLOC_ARRAY(mem_ctx, DRIVER_INFO_3, returned);
243
	memset(inf, 0, returned*sizeof(DRIVER_INFO_3));
243
	memset(inf, 0, returned*sizeof(DRIVER_INFO_3));
244
244
245
	prs_set_offset(&buffer->prs,0);
245
	prs_set_offset(&buffer->prs,0);
Lines 259-265 Link Here
259
{
259
{
260
	DRIVER_DIRECTORY_1 *inf;
260
	DRIVER_DIRECTORY_1 *inf;
261
 
261
 
262
        inf=(DRIVER_DIRECTORY_1 *)talloc(mem_ctx, sizeof(DRIVER_DIRECTORY_1));
262
        inf=TALLOC_P(mem_ctx, DRIVER_DIRECTORY_1);
263
	memset(inf, 0, sizeof(DRIVER_DIRECTORY_1));
263
	memset(inf, 0, sizeof(DRIVER_DIRECTORY_1));
264
264
265
        prs_set_offset(&buffer->prs, 0);
265
        prs_set_offset(&buffer->prs, 0);
Lines 1499-1505 Link Here
1499
{
1499
{
1500
	int i;
1500
	int i;
1501
1501
1502
	*forms = (FORM_1 *)talloc(mem_ctx, num_forms * sizeof(FORM_1));
1502
	*forms = TALLOC_ARRAY(mem_ctx, FORM_1, num_forms);
1503
	prs_set_offset(&buffer->prs,0);
1503
	prs_set_offset(&buffer->prs,0);
1504
1504
1505
	for (i = 0; i < num_forms; i++)
1505
	for (i = 0; i < num_forms; i++)
Lines 1581-1587 Link Here
1581
{
1581
{
1582
	uint32 i;
1582
	uint32 i;
1583
1583
1584
	*jobs = (JOB_INFO_1 *)talloc(mem_ctx, num_jobs * sizeof(JOB_INFO_1));
1584
	*jobs = TALLOC_ARRAY(mem_ctx, JOB_INFO_1, num_jobs);
1585
	prs_set_offset(&buffer->prs,0);
1585
	prs_set_offset(&buffer->prs,0);
1586
1586
1587
	for (i = 0; i < num_jobs; i++) 
1587
	for (i = 0; i < num_jobs; i++) 
Lines 1593-1599 Link Here
1593
{
1593
{
1594
	uint32 i;
1594
	uint32 i;
1595
1595
1596
	*jobs = (JOB_INFO_2 *)talloc(mem_ctx, num_jobs * sizeof(JOB_INFO_2));
1596
	*jobs = TALLOC_ARRAY(mem_ctx, JOB_INFO_2, num_jobs);
1597
	prs_set_offset(&buffer->prs,0);
1597
	prs_set_offset(&buffer->prs,0);
1598
1598
1599
	for (i = 0; i < num_jobs; i++) 
1599
	for (i = 0; i < num_jobs; i++) 
Lines 2016-2022 Link Here
2016
2016
2017
	/* Return output parameters */
2017
	/* Return output parameters */
2018
2018
2019
	value->data_p = talloc_memdup(mem_ctx, r.data, r.needed);
2019
	value->data_p = TALLOC_MEMDUP(mem_ctx, r.data, r.needed);
2020
	value->type = r.type;
2020
	value->type = r.type;
2021
	value->size = r.size;
2021
	value->size = r.size;
2022
2022
Lines 2071-2077 Link Here
2071
2071
2072
	/* Return output parameters */
2072
	/* Return output parameters */
2073
2073
2074
	value->data_p = talloc_memdup(mem_ctx, r.data, r.needed);
2074
	value->data_p = TALLOC_MEMDUP(mem_ctx, r.data, r.needed);
2075
	value->type = r.type;
2075
	value->type = r.type;
2076
	value->size = r.needed;
2076
	value->size = r.needed;
2077
2077
Lines 2226-2232 Link Here
2226
	if (value) {
2226
	if (value) {
2227
		rpcstr_pull(value->valuename, r.value, sizeof(value->valuename), -1,
2227
		rpcstr_pull(value->valuename, r.value, sizeof(value->valuename), -1,
2228
			    STR_TERMINATE);
2228
			    STR_TERMINATE);
2229
		value->data_p = talloc_memdup(mem_ctx, r.data, r.realdatasize);
2229
		value->data_p = TALLOC_MEMDUP(mem_ctx, r.data, r.realdatasize);
2230
		value->type = r.type;
2230
		value->type = r.type;
2231
		value->size = r.realdatasize;
2231
		value->size = r.realdatasize;
2232
	}
2232
	}
Lines 2483-2489 Link Here
2483
	/* Copy results */
2483
	/* Copy results */
2484
	
2484
	
2485
	if (keylist) {
2485
	if (keylist) {
2486
		*keylist = (uint16 *)malloc(r.keys.buf_len * 2);
2486
		*keylist = SMB_MALLOC_ARRAY(uint16, r.keys.buf_len);
2487
		memcpy(*keylist, r.keys.buffer, r.keys.buf_len * 2);
2487
		memcpy(*keylist, r.keys.buffer, r.keys.buf_len * 2);
2488
		if (len)
2488
		if (len)
2489
			*len = r.keys.buf_len * 2;
2489
			*len = r.keys.buf_len * 2;
(-)samba-3.0.9-orig/source/rpc_client/cli_srvsvc.c (-8 / +4 lines)
Lines 120-127 Link Here
120
120
121
	switch(info_level) {
121
	switch(info_level) {
122
	case 1:
122
	case 1:
123
		ctr->share.info1 = (SRV_SHARE_INFO_1 *)talloc(
123
		ctr->share.info1 = TALLOC_ARRAY(mem_ctx, SRV_SHARE_INFO_1, ctr->num_entries);
124
			mem_ctx, sizeof(SRV_SHARE_INFO_1) * ctr->num_entries);
125
		
124
		
126
		memset(ctr->share.info1, 0, sizeof(SRV_SHARE_INFO_1));
125
		memset(ctr->share.info1, 0, sizeof(SRV_SHARE_INFO_1));
127
126
Lines 148-155 Link Here
148
147
149
		break;
148
		break;
150
	case 2:
149
	case 2:
151
		ctr->share.info2 = (SRV_SHARE_INFO_2 *)talloc(
150
		ctr->share.info2 = TALLOC_ARRAY(mem_ctx, SRV_SHARE_INFO_2, ctr->num_entries);
152
			mem_ctx, sizeof(SRV_SHARE_INFO_2) * ctr->num_entries);
153
		
151
		
154
		memset(ctr->share.info2, 0, sizeof(SRV_SHARE_INFO_2));
152
		memset(ctr->share.info2, 0, sizeof(SRV_SHARE_INFO_2));
155
153
Lines 183-190 Link Here
183
		break;
181
		break;
184
	/* adding info-level 502 here */
182
	/* adding info-level 502 here */
185
	case 502:
183
	case 502:
186
		ctr->share.info502 = (SRV_SHARE_INFO_502 *)talloc(
184
		ctr->share.info502 = TALLOC_ARRAY(mem_ctx, SRV_SHARE_INFO_502, ctr->num_entries);
187
			mem_ctx, sizeof(SRV_SHARE_INFO_502) * ctr->num_entries);
188
		
185
		
189
		memset(ctr->share.info502, 0, sizeof(SRV_SHARE_INFO_502));
186
		memset(ctr->share.info502, 0, sizeof(SRV_SHARE_INFO_502));
190
187
Lines 492-499 Link Here
492
	
489
	
493
	switch(file_level) {
490
	switch(file_level) {
494
	case 3:
491
	case 3:
495
		ctr->file.info3 = (SRV_FILE_INFO_3 *)talloc(
492
		ctr->file.info3 = TALLOC_ARRAY(mem_ctx, SRV_FILE_INFO_3, ctr->num_entries);
496
			mem_ctx, sizeof(SRV_FILE_INFO_3) * ctr->num_entries);
497
493
498
		memset(ctr->file.info3, 0, 
494
		memset(ctr->file.info3, 0, 
499
		       sizeof(SRV_FILE_INFO_3) * ctr->num_entries);
495
		       sizeof(SRV_FILE_INFO_3) * ctr->num_entries);
(-)samba-3.0.9-orig/source/rpc_parse/parse_dfs.c (-4 / +4 lines)
Lines 374-380 Link Here
374
		depth++;
374
		depth++;
375
		/* should depend on whether marshalling or unmarshalling! */
375
		/* should depend on whether marshalling or unmarshalling! */
376
		if(UNMARSHALLING(ps)) {
376
		if(UNMARSHALLING(ps)) {
377
			ctr->dfs.info1 = (DFS_INFO_1 *)prs_alloc_mem(ps, sizeof(DFS_INFO_1)*num_entries);
377
			ctr->dfs.info1 = PRS_ALLOC_MEM(ps, DFS_INFO_1, num_entries);
378
			if (!ctr->dfs.info1)
378
			if (!ctr->dfs.info1)
379
				return False;
379
				return False;
380
		}
380
		}
Lines 394-400 Link Here
394
	case 2:
394
	case 2:
395
		depth++;
395
		depth++;
396
		if(UNMARSHALLING(ps)) {
396
		if(UNMARSHALLING(ps)) {
397
			ctr->dfs.info2 = (DFS_INFO_2 *)prs_alloc_mem(ps, num_entries*sizeof(DFS_INFO_2));
397
			ctr->dfs.info2 = PRS_ALLOC_MEM(ps, DFS_INFO_2, num_entries);
398
			if (!ctr->dfs.info2)
398
			if (!ctr->dfs.info2)
399
				return False;
399
				return False;
400
		}
400
		}
Lines 424-430 Link Here
424
	case 3:
424
	case 3:
425
		depth++;
425
		depth++;
426
		if(UNMARSHALLING(ps)) {
426
		if(UNMARSHALLING(ps)) {
427
			ctr->dfs.info3 = (DFS_INFO_3 *)prs_alloc_mem(ps, num_entries*sizeof(DFS_INFO_3));
427
			ctr->dfs.info3 = PRS_ALLOC_MEM(ps, DFS_INFO_3, num_entries);
428
			if (!ctr->dfs.info3)
428
			if (!ctr->dfs.info3)
429
				return False;
429
				return False;
430
		}
430
		}
Lines 517-523 Link Here
517
	depth++;
517
	depth++;
518
518
519
	if(UNMARSHALLING(ps)) {
519
	if(UNMARSHALLING(ps)) {
520
		info3->storages = (DFS_STORAGE_INFO *)prs_alloc_mem(ps, info3->num_storage_infos*sizeof(DFS_STORAGE_INFO));
520
		info3->storages = PRS_ALLOC_MEM(ps, DFS_STORAGE_INFO, info3->num_storage_infos);
521
		if (!info3->storages)
521
		if (!info3->storages)
522
			return False;
522
			return False;
523
	}
523
	}
(-)samba-3.0.9-orig/source/rpc_parse/parse_ds.c (-2 / +2 lines)
Lines 29-35 Link Here
29
	DSROLE_PRIMARY_DOMAIN_INFO_BASIC *p = *basic;
29
	DSROLE_PRIMARY_DOMAIN_INFO_BASIC *p = *basic;
30
	
30
	
31
	if ( UNMARSHALLING(ps) )
31
	if ( UNMARSHALLING(ps) )
32
		p = *basic = (DSROLE_PRIMARY_DOMAIN_INFO_BASIC *)prs_alloc_mem(ps, sizeof(DSROLE_PRIMARY_DOMAIN_INFO_BASIC));
32
		p = *basic = PRS_ALLOC_MEM(ps, DSROLE_PRIMARY_DOMAIN_INFO_BASIC, 1);
33
		
33
		
34
	if ( !p )
34
	if ( !p )
35
		return False;
35
		return False;
Lines 208-214 Link Here
208
	
208
	
209
	/* allocate the domain trusts array are parse it */
209
	/* allocate the domain trusts array are parse it */
210
	
210
	
211
	ctr->trusts = (DS_DOMAIN_TRUSTS*)talloc(ps->mem_ctx, sizeof(DS_DOMAIN_TRUSTS)*ctr->max_count);
211
	ctr->trusts = TALLOC_ARRAY(ps->mem_ctx, DS_DOMAIN_TRUSTS, ctr->max_count);
212
	
212
	
213
	if ( !ctr->trusts )
213
	if ( !ctr->trusts )
214
		return False;
214
		return False;
(-)samba-3.0.9-orig/source/rpc_parse/parse_echo.c (-4 / +4 lines)
Lines 67-73 Link Here
67
		return False;
67
		return False;
68
68
69
	if (UNMARSHALLING(ps)) {
69
	if (UNMARSHALLING(ps)) {
70
		q_d->data = prs_alloc_mem(ps, q_d->size);
70
		q_d->data = PRS_ALLOC_MEM(ps, char, q_d->size);
71
71
72
		if (!q_d->data)
72
		if (!q_d->data)
73
			return False;
73
			return False;
Lines 86-92 Link Here
86
		return False;
86
		return False;
87
87
88
	if (UNMARSHALLING(ps)) {
88
	if (UNMARSHALLING(ps)) {
89
		q_d->data = prs_alloc_mem(ps, q_d->size);
89
		q_d->data = PRS_ALLOC_MEM(ps, char, q_d->size);
90
90
91
		if (!q_d->data)
91
		if (!q_d->data)
92
			return False;
92
			return False;
Lines 114-120 Link Here
114
		return False;
114
		return False;
115
115
116
	if (UNMARSHALLING(ps)) {
116
	if (UNMARSHALLING(ps)) {
117
		q_d->data = prs_alloc_mem(ps, q_d->size);
117
		q_d->data = PRS_ALLOC_MEM(ps, char, q_d->size);
118
118
119
		if (!q_d->data)
119
		if (!q_d->data)
120
			return False;
120
			return False;
Lines 153-159 Link Here
153
		return False;
153
		return False;
154
154
155
	if (UNMARSHALLING(ps)) {
155
	if (UNMARSHALLING(ps)) {
156
		q_d->data = prs_alloc_mem(ps, q_d->size);
156
		q_d->data = PRS_ALLOC_MEM(ps, char, q_d->size);
157
157
158
		if (!q_d->data)
158
		if (!q_d->data)
159
			return False;
159
			return False;
(-)samba-3.0.9-orig/source/rpc_parse/parse_lsa.c (-35 / +23 lines)
Lines 251-257 Link Here
251
251
252
	if (attr->ptr_sec_qos != 0) {
252
	if (attr->ptr_sec_qos != 0) {
253
		if (UNMARSHALLING(ps))
253
		if (UNMARSHALLING(ps))
254
			if (!(attr->sec_qos = (LSA_SEC_QOS *)prs_alloc_mem(ps,sizeof(LSA_SEC_QOS))))
254
			if (!(attr->sec_qos = PRS_ALLOC_MEM(ps,LSA_SEC_QOS,1)))
255
				return False;
255
				return False;
256
256
257
		if(!lsa_io_sec_qos("sec_qos", attr->sec_qos, ps, depth))
257
		if(!lsa_io_sec_qos("sec_qos", attr->sec_qos, ps, depth))
Lines 540-556 Link Here
540
		 * allocating empty arrays of unicode headers, strings
540
		 * allocating empty arrays of unicode headers, strings
541
		 * and sids of enumerated trusted domains
541
		 * and sids of enumerated trusted domains
542
		 */
542
		 */
543
		if (!(r_e->hdr_domain_name = (UNIHDR2 *)talloc(ctx,sizeof(UNIHDR2) * num_domains))) {
543
		if (!(r_e->hdr_domain_name = TALLOC_ARRAY(ctx,UNIHDR2,num_domains))) {
544
			r_e->status = NT_STATUS_NO_MEMORY;
544
			r_e->status = NT_STATUS_NO_MEMORY;
545
			return;
545
			return;
546
		}
546
		}
547
		
547
		
548
		if (!(r_e->uni_domain_name = (UNISTR2 *)talloc(ctx,sizeof(UNISTR2) * num_domains))) {
548
		if (!(r_e->uni_domain_name = TALLOC_ARRAY(ctx,UNISTR2,num_domains))) {
549
			r_e->status = NT_STATUS_NO_MEMORY;
549
			r_e->status = NT_STATUS_NO_MEMORY;
550
			return;
550
			return;
551
		}
551
		}
552
552
553
		if (!(r_e->domain_sid = (DOM_SID2 *)talloc(ctx,sizeof(DOM_SID2) * num_domains))) {
553
		if (!(r_e->domain_sid = TALLOC_ARRAY(ctx,DOM_SID2,num_domains))) {
554
			r_e->status = NT_STATUS_NO_MEMORY;
554
			r_e->status = NT_STATUS_NO_MEMORY;
555
			return;
555
			return;
556
		}
556
		}
Lines 596-608 Link Here
596
		num_domains = r_e->num_domains2;
596
		num_domains = r_e->num_domains2;
597
597
598
		if (UNMARSHALLING(ps)) {
598
		if (UNMARSHALLING(ps)) {
599
			if (!(r_e->hdr_domain_name = (UNIHDR2 *)prs_alloc_mem(ps,sizeof(UNIHDR2) * num_domains)))
599
			if (!(r_e->hdr_domain_name = PRS_ALLOC_MEM(ps,UNIHDR2,num_domains)))
600
				return False;
600
				return False;
601
601
602
			if (!(r_e->uni_domain_name = (UNISTR2 *)prs_alloc_mem(ps,sizeof(UNISTR2) * num_domains)))
602
			if (!(r_e->uni_domain_name = PRS_ALLOC_MEM(ps,UNISTR2,num_domains)))
603
				return False;
603
				return False;
604
604
605
			if (!(r_e->domain_sid = (DOM_SID2 *)prs_alloc_mem(ps,sizeof(DOM_SID2) * num_domains)))
605
			if (!(r_e->domain_sid = PRS_ALLOC_MEM(ps,DOM_SID2,num_domains)))
606
				return False;
606
				return False;
607
		}
607
		}
608
608
Lines 697-703 Link Here
697
		return False;
697
		return False;
698
698
699
	if (UNMARSHALLING(ps)) {
699
	if (UNMARSHALLING(ps)) {
700
		d_q->auditsettings = (uint32 *)talloc_zero(ps->mem_ctx, d_q->count2 * sizeof(uint32));
700
		d_q->auditsettings = TALLOC_ZERO_ARRAY(ps->mem_ctx, uint32, d_q->count2);
701
	}
701
	}
702
702
703
	if (d_q->auditsettings == NULL) {
703
	if (d_q->auditsettings == NULL) {
Lines 818-831 Link Here
818
818
819
	if (num_entries == 0) return;
819
	if (num_entries == 0) return;
820
820
821
	if ((sen->ptr_sid = (uint32 *)talloc_zero(mem_ctx, num_entries * 
821
	if ((sen->ptr_sid = TALLOC_ZERO_ARRAY(mem_ctx, uint32, num_entries )) == NULL) {
822
					     sizeof(uint32))) == NULL) {
823
		DEBUG(3, ("init_lsa_sid_enum(): out of memory for ptr_sid\n"));
822
		DEBUG(3, ("init_lsa_sid_enum(): out of memory for ptr_sid\n"));
824
		return;
823
		return;
825
	}
824
	}
826
825
827
	if ((sen->sid = (DOM_SID2 *)talloc_zero(mem_ctx, num_entries * 
826
	if ((sen->sid = TALLOC_ZERO_ARRAY(mem_ctx, DOM_SID2, num_entries)) == NULL) {
828
					   sizeof(DOM_SID2))) == NULL) {
829
		DEBUG(3, ("init_lsa_sid_enum(): out of memory for sids\n"));
827
		DEBUG(3, ("init_lsa_sid_enum(): out of memory for sids\n"));
830
		return;
828
		return;
831
	}
829
	}
Lines 872-886 Link Here
872
	/* Mallocate memory if we're unpacking from the wire */
870
	/* Mallocate memory if we're unpacking from the wire */
873
871
874
	if (UNMARSHALLING(ps)) {
872
	if (UNMARSHALLING(ps)) {
875
		if ((sen->ptr_sid = (uint32 *)prs_alloc_mem( ps,
873
		if ((sen->ptr_sid = PRS_ALLOC_MEM( ps, uint32, sen->num_entries)) == NULL) {
876
			sen->num_entries * sizeof(uint32))) == NULL) {
877
			DEBUG(3, ("init_lsa_sid_enum(): out of memory for "
874
			DEBUG(3, ("init_lsa_sid_enum(): out of memory for "
878
				  "ptr_sid\n"));
875
				  "ptr_sid\n"));
879
			return False;
876
			return False;
880
		}
877
		}
881
878
882
		if ((sen->sid = (DOM_SID2 *)prs_alloc_mem( ps,
879
		if ((sen->sid = PRS_ALLOC_MEM( ps, DOM_SID2, sen->num_entries)) == NULL) {
883
			sen->num_entries * sizeof(DOM_SID2))) == NULL) {
884
			DEBUG(3, ("init_lsa_sid_enum(): out of memory for "
880
			DEBUG(3, ("init_lsa_sid_enum(): out of memory for "
885
				  "sids\n"));
881
				  "sids\n"));
886
			return False;
882
			return False;
Lines 980-994 Link Here
980
			return False;
976
			return False;
981
977
982
		if (UNMARSHALLING(ps)) {
978
		if (UNMARSHALLING(ps)) {
983
			if ((trn->name = (LSA_TRANS_NAME *)
979
			if ((trn->name = PRS_ALLOC_MEM(ps, LSA_TRANS_NAME, trn->num_entries)) == NULL) {
984
			     prs_alloc_mem(ps, trn->num_entries * 
985
				    sizeof(LSA_TRANS_NAME))) == NULL) {
986
				return False;
980
				return False;
987
			}
981
			}
988
982
989
			if ((trn->uni_name = (UNISTR2 *)
983
			if ((trn->uni_name = PRS_ALLOC_MEM(ps, UNISTR2, trn->num_entries)) == NULL) {
990
			     prs_alloc_mem(ps, trn->num_entries *
991
				    sizeof(UNISTR2))) == NULL) {
992
				return False;
984
				return False;
993
			}
985
			}
994
		}
986
		}
Lines 1068-1081 Link Here
1068
	q_l->num_entries2 = num_names;
1060
	q_l->num_entries2 = num_names;
1069
	q_l->lookup_level = 1;
1061
	q_l->lookup_level = 1;
1070
1062
1071
	if ((q_l->uni_name = (UNISTR2 *)talloc_zero(
1063
	if ((q_l->uni_name = TALLOC_ZERO_ARRAY(mem_ctx, UNISTR2, num_names)) == NULL) {
1072
		mem_ctx, num_names * sizeof(UNISTR2))) == NULL) {
1073
		DEBUG(3, ("init_q_lookup_names(): out of memory\n"));
1064
		DEBUG(3, ("init_q_lookup_names(): out of memory\n"));
1074
		return;
1065
		return;
1075
	}
1066
	}
1076
1067
1077
	if ((q_l->hdr_name = (UNIHDR *)talloc_zero(
1068
	if ((q_l->hdr_name = TALLOC_ZERO_ARRAY(mem_ctx, UNIHDR, num_names)) == NULL) {
1078
		mem_ctx, num_names * sizeof(UNIHDR))) == NULL) {
1079
		DEBUG(3, ("init_q_lookup_names(): out of memory\n"));
1069
		DEBUG(3, ("init_q_lookup_names(): out of memory\n"));
1080
		return;
1070
		return;
1081
	}
1071
	}
Lines 1113-1123 Link Here
1113
1103
1114
	if (UNMARSHALLING(ps)) {
1104
	if (UNMARSHALLING(ps)) {
1115
		if (q_r->num_entries) {
1105
		if (q_r->num_entries) {
1116
			if ((q_r->hdr_name = (UNIHDR *)prs_alloc_mem(ps,
1106
			if ((q_r->hdr_name = PRS_ALLOC_MEM(ps, UNIHDR, q_r->num_entries)) == NULL)
1117
					q_r->num_entries * sizeof(UNIHDR))) == NULL)
1118
				return False;
1107
				return False;
1119
			if ((q_r->uni_name = (UNISTR2 *)prs_alloc_mem(ps,
1108
			if ((q_r->uni_name = PRS_ALLOC_MEM(ps, UNISTR2, q_r->num_entries)) == NULL)
1120
					q_r->num_entries * sizeof(UNISTR2))) == NULL)
1121
				return False;
1109
				return False;
1122
		}
1110
		}
1123
	}
1111
	}
Lines 1187-1193 Link Here
1187
		}
1175
		}
1188
1176
1189
		if (UNMARSHALLING(ps)) {
1177
		if (UNMARSHALLING(ps)) {
1190
			if ((r_r->dom_rid = (DOM_RID2 *)prs_alloc_mem(ps, r_r->num_entries2 * sizeof(DOM_RID2)))
1178
			if ((r_r->dom_rid = PRS_ALLOC_MEM(ps, DOM_RID2, r_r->num_entries2))
1191
			    == NULL) {
1179
			    == NULL) {
1192
				DEBUG(3, ("lsa_io_r_lookup_names(): out of memory\n"));
1180
				DEBUG(3, ("lsa_io_r_lookup_names(): out of memory\n"));
1193
				return False;
1181
				return False;
Lines 1409-1415 Link Here
1409
			return False;
1397
			return False;
1410
1398
1411
		if (UNMARSHALLING(ps))
1399
		if (UNMARSHALLING(ps))
1412
			if (!(r_q->privs = (LSA_PRIV_ENTRY *)prs_alloc_mem(ps, sizeof(LSA_PRIV_ENTRY) * r_q->count1)))
1400
			if (!(r_q->privs = PRS_ALLOC_MEM(ps, LSA_PRIV_ENTRY, r_q->count1)))
1413
				return False;
1401
				return False;
1414
1402
1415
		if (!lsa_io_priv_entries("", r_q->privs, r_q->count1, ps, depth))
1403
		if (!lsa_io_priv_entries("", r_q->privs, r_q->count1, ps, depth))
Lines 1852-1858 Link Here
1852
			if (!NT_STATUS_IS_OK(init_priv_with_ctx(ps->mem_ctx, &(r_c->set))))
1840
			if (!NT_STATUS_IS_OK(init_priv_with_ctx(ps->mem_ctx, &(r_c->set))))
1853
				return False;
1841
				return False;
1854
1842
1855
			if (!(r_c->set->set = (LUID_ATTR *)prs_alloc_mem(ps,sizeof(LUID_ATTR) * r_c->count)))
1843
			if (!(r_c->set->set = PRS_ALLOC_MEM(ps,LUID_ATTR,r_c->count)))
1856
				return False;
1844
				return False;
1857
1845
1858
		}
1846
		}
Lines 2022-2028 Link Here
2022
		if (!NT_STATUS_IS_OK(init_priv_with_ctx(ps->mem_ctx, &(r_c->set))))
2010
		if (!NT_STATUS_IS_OK(init_priv_with_ctx(ps->mem_ctx, &(r_c->set))))
2023
			return False;
2011
			return False;
2024
		
2012
		
2025
		if (!(r_c->set->set = (LUID_ATTR *)prs_alloc_mem(ps, sizeof(LUID_ATTR) * r_c->count)))
2013
		if (!(r_c->set->set = PRS_ALLOC_MEM(ps, LUID_ATTR, r_c->count)))
2026
			return False;
2014
			return False;
2027
	}
2015
	}
2028
	
2016
	
Lines 2084-2090 Link Here
2084
			if (!NT_STATUS_IS_OK(init_priv_with_ctx(ps->mem_ctx, &(r_c->set))))
2072
			if (!NT_STATUS_IS_OK(init_priv_with_ctx(ps->mem_ctx, &(r_c->set))))
2085
				return False;
2073
				return False;
2086
2074
2087
			if (!(r_c->set->set = (LUID_ATTR *)prs_alloc_mem(ps, sizeof(LUID_ATTR) * r_c->count)))
2075
			if (!(r_c->set->set = PRS_ALLOC_MEM(ps, LUID_ATTR, r_c->count)))
2088
				return False;
2076
				return False;
2089
		}
2077
		}
2090
2078
(-)samba-3.0.9-orig/source/rpc_parse/parse_misc.c (-50 / +30 lines)
Lines 552-569 Link Here
552
		return;
552
		return;
553
	}
553
	}
554
		
554
		
555
556
	len = strlen(buf) + 1;
555
	len = strlen(buf) + 1;
556
	len = MAX(len,MAX_UNISTRLEN);
557
557
558
	if (len < MAX_UNISTRLEN)
558
	str->buffer = TALLOC_ZERO_ARRAY(get_talloc_ctx(), uint16, len);
559
		len = MAX_UNISTRLEN;
560
	len *= sizeof(uint16);
561
562
	str->buffer = (uint16 *)talloc_zero(get_talloc_ctx(), len);
563
	if (str->buffer == NULL)
559
	if (str->buffer == NULL)
564
		smb_panic("init_unistr: malloc fail\n");
560
		smb_panic("init_unistr: malloc fail\n");
565
561
566
	rpcstr_push(str->buffer, buf, len, STR_TERMINATE);
562
	rpcstr_push(str->buffer, buf, len*sizeof(uint16), STR_TERMINATE);
567
}
563
}
568
564
569
/*******************************************************************
565
/*******************************************************************
Lines 591-600 Link Here
591
587
592
static void create_buffer3(BUFFER3 *str, size_t len)
588
static void create_buffer3(BUFFER3 *str, size_t len)
593
{
589
{
594
	if (len < MAX_BUFFERLEN)
590
	len = MAX(len,MAX_BUFFERLEN);
595
		len = MAX_BUFFERLEN;
596
591
597
    str->buffer = talloc_zero(get_talloc_ctx(), len);
592
	str->buffer = TALLOC_ZERO(get_talloc_ctx(), len);
598
	if (str->buffer == NULL)
593
	if (str->buffer == NULL)
599
		smb_panic("create_buffer3: talloc fail\n");
594
		smb_panic("create_buffer3: talloc fail\n");
600
595
Lines 683-689 Link Here
683
		return False;
678
		return False;
684
679
685
	if (UNMARSHALLING(ps)) {
680
	if (UNMARSHALLING(ps)) {
686
		buf3->buffer = (unsigned char *)prs_alloc_mem(ps, buf3->buf_max_len);
681
		buf3->buffer = PRS_ALLOC_MEM(ps, unsigned char, buf3->buf_max_len);
687
		if (buf3->buffer == NULL)
682
		if (buf3->buffer == NULL)
688
			return False;
683
			return False;
689
	}
684
	}
Lines 735-743 Link Here
735
	str->buf_len = buf != NULL ? len : 0;
730
	str->buf_len = buf != NULL ? len : 0;
736
731
737
	if (buf != NULL) {
732
	if (buf != NULL) {
738
		if (len < MAX_BUFFERLEN)
733
		len = MAX(len,MAX_BUFFERLEN);
739
			len = MAX_BUFFERLEN;
734
		str->buffer = TALLOC_ZERO(get_talloc_ctx(), len);
740
		str->buffer = talloc_zero(get_talloc_ctx(), len);
741
		if (str->buffer == NULL)
735
		if (str->buffer == NULL)
742
			smb_panic("init_buffer2: talloc fail\n");
736
			smb_panic("init_buffer2: talloc fail\n");
743
		memcpy(str->buffer, buf, MIN(str->buf_len, len));
737
		memcpy(str->buffer, buf, MIN(str->buf_len, len));
Lines 819-832 Link Here
819
	   (the the length of the source string) to prevent
813
	   (the the length of the source string) to prevent
820
	   reallocation of memory. */
814
	   reallocation of memory. */
821
	if (str->buffer == NULL) {
815
	if (str->buffer == NULL) {
822
		size_t len = from->uni_max_len * sizeof(uint16);
816
		size_t alloc_len = MAX(from->uni_max_len,MAX_UNISTRLEN);
823
817
   		str->buffer = (uint16 *)TALLOC_ZERO_ARRAY(get_talloc_ctx(), uint16, alloc_len);
824
		if (len < MAX_UNISTRLEN)
818
		if ((str->buffer == NULL)) {
825
			len = MAX_UNISTRLEN;
826
		len *= sizeof(uint16);
827
828
   		str->buffer = (uint16 *)talloc_zero(get_talloc_ctx(), len);
829
		if ((str->buffer == NULL) && (len > 0 )) {
830
			smb_panic("copy_unistr2: talloc fail\n");
819
			smb_panic("copy_unistr2: talloc fail\n");
831
			return;
820
			return;
832
		}
821
		}
Lines 842-849 Link Here
842
831
843
void init_string2(STRING2 *str, const char *buf, int max_len, int str_len)
832
void init_string2(STRING2 *str, const char *buf, int max_len, int str_len)
844
{
833
{
845
	int alloc_len = 0;
846
847
	/* set up string lengths. */
834
	/* set up string lengths. */
848
	str->str_max_len = max_len;
835
	str->str_max_len = max_len;
849
	str->offset = 0;
836
	str->offset = 0;
Lines 851-859 Link Here
851
838
852
	/* store the string */
839
	/* store the string */
853
	if(str_len != 0) {
840
	if(str_len != 0) {
854
		if (str_len < MAX_STRINGLEN)
841
		int alloc_len = MAX(str_len, MAX_STRINGLEN);
855
			alloc_len = MAX_STRINGLEN;
842
		str->buffer = TALLOC_ZERO(get_talloc_ctx(), alloc_len);
856
		str->buffer = talloc_zero(get_talloc_ctx(), alloc_len);
857
		if (str->buffer == NULL)
843
		if (str->buffer == NULL)
858
			smb_panic("init_string2: malloc fail\n");
844
			smb_panic("init_string2: malloc fail\n");
859
		memcpy(str->buffer, buf, str_len);
845
		memcpy(str->buffer, buf, str_len);
Lines 917-932 Link Here
917
		len = strlen(buf) + 1;
903
		len = strlen(buf) + 1;
918
	}
904
	}
919
905
920
	if (len < MAX_UNISTRLEN)
906
	len = MAX(len,MAX_UNISTRLEN);
921
		len = MAX_UNISTRLEN;
922
	len *= sizeof(uint16);
923
907
924
	str->buffer = (uint16 *)talloc_zero(get_talloc_ctx(), len);
908
	str->buffer = TALLOC_ZERO_ARRAY(get_talloc_ctx(), uint16, len);
925
	if ((str->buffer == NULL) && (len > 0)) {
909
	if (str->buffer == NULL) {
926
		smb_panic("init_unistr2: malloc fail\n");
910
		smb_panic("init_unistr2: malloc fail\n");
927
		return;
911
		return;
928
	}
912
	}
929
913
914
	/* Ensure len is the length in *bytes* */
915
	len *= sizeof(uint16);
916
930
	/*
917
	/*
931
	 * The UNISTR2 must be initialized !!!
918
	 * The UNISTR2 must be initialized !!!
932
	 * jfm, 7/7/2001.
919
	 * jfm, 7/7/2001.
Lines 956-962 Link Here
956
void init_unistr2_w(TALLOC_CTX *ctx, UNISTR2 *str, const smb_ucs2_t *buf)
943
void init_unistr2_w(TALLOC_CTX *ctx, UNISTR2 *str, const smb_ucs2_t *buf)
957
{
944
{
958
	uint32 len = strlen_w(buf);
945
	uint32 len = strlen_w(buf);
959
	uint32 max_len = len;
960
	uint32 alloc_len;
946
	uint32 alloc_len;
961
947
962
	ZERO_STRUCTP(str);
948
	ZERO_STRUCTP(str);
Lines 966-978 Link Here
966
	str->offset = 0;
952
	str->offset = 0;
967
	str->uni_str_len = len;
953
	str->uni_str_len = len;
968
954
969
	if (max_len < MAX_UNISTRLEN)
955
	alloc_len = MAX((len + 1), MAX_UNISTRLEN);
970
		max_len = MAX_UNISTRLEN;
971
972
	alloc_len = (max_len + 1) * sizeof(uint16);
973
956
974
	str->buffer = (uint16 *)talloc_zero(ctx, alloc_len);
957
	str->buffer = TALLOC_ZERO_ARRAY(ctx, uint16, alloc_len);
975
	if ((str->buffer == NULL) && (alloc_len > 0)) {
958
	if (str->buffer == NULL) {
976
		smb_panic("init_unistr2_w: malloc fail\n");
959
		smb_panic("init_unistr2_w: malloc fail\n");
977
		return;
960
		return;
978
	}
961
	}
Lines 1021-1030 Link Here
1021
	to->uni_str_len = i;
1004
	to->uni_str_len = i;
1022
1005
1023
	/* allocate the space and copy the string buffer */
1006
	/* allocate the space and copy the string buffer */
1024
	to->buffer = (uint16 *)talloc_zero(get_talloc_ctx(), sizeof(uint16)*(to->uni_str_len));
1007
	to->buffer = TALLOC_ZERO_ARRAY(get_talloc_ctx(), uint16, i);
1025
	if (to->buffer == NULL)
1008
	if (to->buffer == NULL)
1026
		smb_panic("init_unistr2_from_unistr: malloc fail\n");
1009
		smb_panic("init_unistr2_from_unistr: malloc fail\n");
1027
	memcpy(to->buffer, from->buffer, to->uni_max_len*sizeof(uint16));
1010
	memcpy(to->buffer, from->buffer, i*sizeof(uint16));
1028
	return;
1011
	return;
1029
}
1012
}
1030
1013
Lines 1111-1117 Link Here
1111
		return True;
1094
		return True;
1112
	}
1095
	}
1113
1096
1114
	array->strings = (UNISTR2_ARRAY_EL *)talloc_zero(get_talloc_ctx(), count * sizeof(UNISTR2_ARRAY_EL));
1097
	array->strings = TALLOC_ZERO_ARRAY(get_talloc_ctx(), UNISTR2_ARRAY_EL, count );
1115
	if (!array->strings) {
1098
	if (!array->strings) {
1116
		return False;
1099
		return False;
1117
	}
1100
	}
Lines 1151-1157 Link Here
1151
	}
1134
	}
1152
1135
1153
	if (UNMARSHALLING(ps)) {
1136
	if (UNMARSHALLING(ps)) {
1154
		array->strings = talloc_zero(get_talloc_ctx(), array->count * sizeof(array->strings[0]));
1137
		array->strings = TALLOC_ZERO_ARRAY(get_talloc_ctx(), UNISTR2_ARRAY_EL, array->count );
1155
	}
1138
	}
1156
	if (! array->strings) {
1139
	if (! array->strings) {
1157
		return False;
1140
		return False;
Lines 1637-1643 Link Here
1637
1620
1638
void init_unistr3(UNISTR3 *str, const char *buf)
1621
void init_unistr3(UNISTR3 *str, const char *buf)
1639
{
1622
{
1640
	size_t len;
1623
	size_t len, alloc_len;
1641
1624
1642
	if (buf == NULL) {
1625
	if (buf == NULL) {
1643
		str->uni_str_len=0;
1626
		str->uni_str_len=0;
Lines 1649-1664 Link Here
1649
1632
1650
	str->uni_str_len=len;
1633
	str->uni_str_len=len;
1651
1634
1652
	if (len < MAX_UNISTRLEN)
1635
	alloc_len = MAX(len, MAX_UNISTRLEN);
1653
		len = MAX_UNISTRLEN;
1654
1655
	len *= sizeof(uint16);
1656
1636
1657
	str->str.buffer = (uint16 *)talloc_zero(get_talloc_ctx(), len);
1637
	str->str.buffer = TALLOC_ZERO_ARRAY(get_talloc_ctx(), uint16, alloc_len);
1658
	if (str->str.buffer == NULL)
1638
	if (str->str.buffer == NULL)
1659
		smb_panic("init_unistr3: malloc fail\n");
1639
		smb_panic("init_unistr3: malloc fail\n");
1660
1640
1661
	rpcstr_push((char *)str->str.buffer, buf, len, STR_TERMINATE);
1641
	rpcstr_push((char *)str->str.buffer, buf, len * sizeof(uint16), STR_TERMINATE);
1662
}
1642
}
1663
1643
1664
/*******************************************************************
1644
/*******************************************************************
(-)samba-3.0.9-orig/source/rpc_parse/parse_net.c (-32 / +17 lines)
Lines 1019-1025 Link Here
1019
		}
1019
		}
1020
1020
1021
		/* Now allocate space for them. */
1021
		/* Now allocate space for them. */
1022
		*ppsids = (DOM_SID2 *)talloc_zero(ctx, count * sizeof(DOM_SID2));
1022
		*ppsids = TALLOC_ZERO_ARRAY(ctx, DOM_SID2, count);
1023
		if (*ppsids == NULL)
1023
		if (*ppsids == NULL)
1024
			return 0;
1024
			return 0;
1025
1025
Lines 1310-1316 Link Here
1310
	depth++;
1310
	depth++;
1311
1311
1312
	if (UNMARSHALLING(ps)) {
1312
	if (UNMARSHALLING(ps)) {
1313
		ctr = *pp_ctr = (NET_ID_INFO_CTR *)prs_alloc_mem(ps, sizeof(NET_ID_INFO_CTR));
1313
		ctr = *pp_ctr = PRS_ALLOC_MEM(ps, NET_ID_INFO_CTR, 1);
1314
		if (ctr == NULL)
1314
		if (ctr == NULL)
1315
			return False;
1315
			return False;
1316
	}
1316
	}
Lines 1481-1487 Link Here
1481
1481
1482
	usr->num_groups2 = num_groups;
1482
	usr->num_groups2 = num_groups;
1483
1483
1484
	usr->gids = (DOM_GID *)talloc_zero(ctx,sizeof(DOM_GID) * (num_groups));
1484
	usr->gids = TALLOC_ZERO_ARRAY(ctx,DOM_GID,num_groups);
1485
	if (usr->gids == NULL && num_groups>0)
1485
	if (usr->gids == NULL && num_groups>0)
1486
		return;
1486
		return;
1487
1487
Lines 1614-1620 Link Here
1614
		return False;
1614
		return False;
1615
1615
1616
	if (UNMARSHALLING(ps) && usr->num_groups2 > 0) {
1616
	if (UNMARSHALLING(ps) && usr->num_groups2 > 0) {
1617
		usr->gids = (DOM_GID *)prs_alloc_mem(ps, sizeof(DOM_GID)*usr->num_groups2);
1617
		usr->gids = PRS_ALLOC_MEM(ps, DOM_GID, usr->num_groups2);
1618
		if (usr->gids == NULL)
1618
		if (usr->gids == NULL)
1619
			return False;
1619
			return False;
1620
	}
1620
	}
Lines 1635-1641 Link Here
1635
	if (usr->num_other_sids) {
1635
	if (usr->num_other_sids) {
1636
1636
1637
		if (UNMARSHALLING(ps)) {
1637
		if (UNMARSHALLING(ps)) {
1638
			usr->other_sids = (DOM_SID2 *)prs_alloc_mem(ps, sizeof(DOM_SID2)*usr->num_other_sids);
1638
			usr->other_sids = PRS_ALLOC_MEM(ps, DOM_SID2, usr->num_other_sids);
1639
			if (usr->other_sids == NULL)
1639
			if (usr->other_sids == NULL)
1640
				return False;
1640
				return False;
1641
		}
1641
		}
Lines 1644-1650 Link Here
1644
			return False;
1644
			return False;
1645
1645
1646
		if (UNMARSHALLING(ps) && usr->num_other_groups > 0) {
1646
		if (UNMARSHALLING(ps) && usr->num_other_groups > 0) {
1647
			usr->other_gids = (DOM_GID *)prs_alloc_mem(ps, sizeof(DOM_GID)*usr->num_other_groups);
1647
			usr->other_gids = PRS_ALLOC_MEM(ps, DOM_GID, usr->num_other_groups);
1648
			if (usr->other_gids == NULL)
1648
			if (usr->other_gids == NULL)
1649
				return False;
1649
				return False;
1650
		}
1650
		}
Lines 2322-2329 Link Here
2322
			return False;
2322
			return False;
2323
		}
2323
		}
2324
2324
2325
                info->rids = talloc(ps->mem_ctx, sizeof(uint32) *
2325
                info->rids = TALLOC_ARRAY(ps->mem_ctx, uint32, info->num_members2);
2326
                                    info->num_members2);
2327
2326
2328
                if (info->rids == NULL) {
2327
                if (info->rids == NULL) {
2329
                        DEBUG(0, ("out of memory allocating %d rids\n",
2328
                        DEBUG(0, ("out of memory allocating %d rids\n",
Lines 2350-2357 Link Here
2350
			return False;
2349
			return False;
2351
		}
2350
		}
2352
2351
2353
                info->attribs = talloc(ps->mem_ctx, sizeof(uint32) *
2352
                info->attribs = TALLOC_ARRAY(ps->mem_ctx, uint32, info->num_members3);
2354
                                       info->num_members3);
2355
2353
2356
                if (info->attribs == NULL) {
2354
                if (info->attribs == NULL) {
2357
                        DEBUG(0, ("out of memory allocating %d attribs\n",
2355
                        DEBUG(0, ("out of memory allocating %d attribs\n",
Lines 2438-2445 Link Here
2438
			return False;
2436
			return False;
2439
		}
2437
		}
2440
2438
2441
                info->ptr_sids = talloc(ps->mem_ctx, sizeof(uint32) *
2439
                info->ptr_sids = TALLOC_ARRAY(ps->mem_ctx, uint32, info->num_sids);
2442
                                        info->num_sids);
2443
                
2440
                
2444
                if (info->ptr_sids == NULL) {
2441
                if (info->ptr_sids == NULL) {
2445
                        DEBUG(0, ("out of memory allocating %d ptr_sids\n",
2442
                        DEBUG(0, ("out of memory allocating %d ptr_sids\n",
Lines 2454-2461 Link Here
2454
                                return False;
2451
                                return False;
2455
		}
2452
		}
2456
2453
2457
                info->sids = talloc(ps->mem_ctx, sizeof(DOM_SID2) *
2454
                info->sids = TALLOC_ARRAY(ps->mem_ctx, DOM_SID2, info->num_sids);
2458
                                    info->num_sids);
2459
2455
2460
                if (info->sids == NULL) {
2456
                if (info->sids == NULL) {
2461
                        DEBUG(0, ("error allocating %d sids\n",
2457
                        DEBUG(0, ("error allocating %d sids\n",
Lines 2772-2778 Link Here
2772
	if(!prs_uint32("attribute_count", ps, depth, &info->attribute_count))
2768
	if(!prs_uint32("attribute_count", ps, depth, &info->attribute_count))
2773
                return False;
2769
                return False;
2774
2770
2775
	info->attributes = talloc(ps->mem_ctx, sizeof(uint32) * info->attribute_count);
2771
	info->attributes = TALLOC_ARRAY(ps->mem_ctx, uint32, info->attribute_count);
2776
2772
2777
	for (i=0; i<info->attribute_count; i++)
2773
	for (i=0; i<info->attribute_count; i++)
2778
		if(!prs_uint32("attributes", ps, depth, &info->attributes[i]))
2774
		if(!prs_uint32("attributes", ps, depth, &info->attributes[i]))
Lines 2781-2788 Link Here
2781
	if(!prs_uint32("privlist_count", ps, depth, &info->privlist_count))
2777
	if(!prs_uint32("privlist_count", ps, depth, &info->privlist_count))
2782
                return False;
2778
                return False;
2783
2779
2784
	info->hdr_privslist = talloc(ps->mem_ctx, sizeof(UNIHDR) * info->privlist_count);
2780
	info->hdr_privslist = TALLOC_ARRAY(ps->mem_ctx, UNIHDR, info->privlist_count);
2785
	info->uni_privslist = talloc(ps->mem_ctx, sizeof(UNISTR2) * info->privlist_count);
2781
	info->uni_privslist = TALLOC_ARRAY(ps->mem_ctx, UNISTR2, info->privlist_count);
2786
2782
2787
	for (i=0; i<info->privlist_count; i++)
2783
	for (i=0; i<info->privlist_count; i++)
2788
		if(!smb_io_unihdr("hdr_privslist", &info->hdr_privslist[i], ps, depth))
2784
		if(!smb_io_unihdr("hdr_privslist", &info->hdr_privslist[i], ps, depth))
Lines 2914-2923 Link Here
2914
			}
2910
			}
2915
2911
2916
                        if (r_s->num_deltas2 > 0) {
2912
                        if (r_s->num_deltas2 > 0) {
2917
                                r_s->hdr_deltas = (SAM_DELTA_HDR *)
2913
                                r_s->hdr_deltas = TALLOC_ARRAY(ps->mem_ctx, SAM_DELTA_HDR, r_s->num_deltas2);
2918
                                        talloc(ps->mem_ctx, r_s->num_deltas2 *
2919
                                               sizeof(SAM_DELTA_HDR));
2920
                          
2921
                                if (r_s->hdr_deltas == NULL) {
2914
                                if (r_s->hdr_deltas == NULL) {
2922
                                        DEBUG(0, ("error tallocating memory "
2915
                                        DEBUG(0, ("error tallocating memory "
2923
                                                  "for %d delta headers\n", 
2916
                                                  "for %d delta headers\n", 
Lines 2935-2944 Link Here
2935
			}
2928
			}
2936
2929
2937
                        if (r_s->num_deltas2 > 0) {
2930
                        if (r_s->num_deltas2 > 0) {
2938
                                r_s->deltas = (SAM_DELTA_CTR *)
2931
                                r_s->deltas = TALLOC_ARRAY(ps->mem_ctx, SAM_DELTA_CTR, r_s->num_deltas2);
2939
                                        talloc(ps->mem_ctx, r_s->num_deltas2 *
2940
                                               sizeof(SAM_DELTA_CTR));
2941
2942
                                if (r_s->deltas == NULL) {
2932
                                if (r_s->deltas == NULL) {
2943
                                        DEBUG(0, ("error tallocating memory "
2933
                                        DEBUG(0, ("error tallocating memory "
2944
                                                  "for %d deltas\n", 
2934
                                                  "for %d deltas\n", 
Lines 3050-3058 Link Here
3050
		if (r_s->ptr_deltas != 0)
3040
		if (r_s->ptr_deltas != 0)
3051
		{
3041
		{
3052
                        if (r_s->num_deltas > 0) {
3042
                        if (r_s->num_deltas > 0) {
3053
                                r_s->hdr_deltas = (SAM_DELTA_HDR *)
3043
                                r_s->hdr_deltas = TALLOC_ARRAY(ps->mem_ctx, SAM_DELTA_HDR, r_s->num_deltas);
3054
                                        talloc(ps->mem_ctx, r_s->num_deltas *
3055
                                               sizeof(SAM_DELTA_HDR));
3056
                                if (r_s->hdr_deltas == NULL) {
3044
                                if (r_s->hdr_deltas == NULL) {
3057
                                        DEBUG(0, ("error tallocating memory "
3045
                                        DEBUG(0, ("error tallocating memory "
3058
                                                  "for %d delta headers\n", 
3046
                                                  "for %d delta headers\n", 
Lines 3068-3077 Link Here
3068
			}
3056
			}
3069
                        
3057
                        
3070
                        if (r_s->num_deltas > 0) {
3058
                        if (r_s->num_deltas > 0) {
3071
                                r_s->deltas = (SAM_DELTA_CTR *)
3059
                                r_s->deltas = TALLOC_ARRAY(ps->mem_ctx, SAM_DELTA_CTR, r_s->num_deltas);
3072
                                        talloc(ps->mem_ctx, r_s->num_deltas *
3073
                                               sizeof(SAM_DELTA_CTR));
3074
3075
                                if (r_s->deltas == NULL) {
3060
                                if (r_s->deltas == NULL) {
3076
                                        DEBUG(0, ("error tallocating memory "
3061
                                        DEBUG(0, ("error tallocating memory "
3077
                                                  "for %d deltas\n", 
3062
                                                  "for %d deltas\n", 
(-)samba-3.0.9-orig/source/rpc_parse/parse_prs.c (-15 / +22 lines)
Lines 105-111 Link Here
105
105
106
	if (size != 0) {
106
	if (size != 0) {
107
		ps->buffer_size = size;
107
		ps->buffer_size = size;
108
		if((ps->data_p = (char *)malloc((size_t)size)) == NULL) {
108
		if((ps->data_p = (char *)SMB_MALLOC((size_t)size)) == NULL) {
109
			DEBUG(0,("prs_init: malloc fail for %u bytes.\n", (unsigned int)size));
109
			DEBUG(0,("prs_init: malloc fail for %u bytes.\n", (unsigned int)size));
110
			return False;
110
			return False;
111
		}
111
		}
Lines 143-156 Link Here
143
 Allocate memory when unmarshalling... Always zero clears.
143
 Allocate memory when unmarshalling... Always zero clears.
144
 ********************************************************************/
144
 ********************************************************************/
145
145
146
char *prs_alloc_mem(prs_struct *ps, size_t size)
146
#if defined(PARANOID_MALLOC_CHECKER)
147
char *prs_alloc_mem_(prs_struct *ps, size_t size, unsigned int count)
148
#else
149
char *prs_alloc_mem(prs_struct *ps, size_t size, unsigned int count)
150
#endif
147
{
151
{
148
	char *ret = NULL;
152
	char *ret = NULL;
149
153
150
	if (size) {
154
	if (size) {
151
		ret = talloc(ps->mem_ctx, size);
155
		/* We can't call the type-safe version here. */
152
		if (ret)
156
#if defined(PARANOID_MALLOC_CHECKER)
153
			memset(ret, '\0', size);
157
		ret = talloc_zero_array_(ps->mem_ctx, size, count);
158
#else
159
		ret = talloc_zero_array(ps->mem_ctx, size, count);
160
#endif
154
	}
161
	}
155
	return ret;
162
	return ret;
156
}
163
}
Lines 199-205 Link Here
199
		return prs_force_grow(ps, newsize - ps->buffer_size);
206
		return prs_force_grow(ps, newsize - ps->buffer_size);
200
207
201
	if (newsize < ps->buffer_size) {
208
	if (newsize < ps->buffer_size) {
202
		char *new_data_p = Realloc(ps->data_p, newsize);
209
		char *new_data_p = SMB_REALLOC(ps->data_p, newsize);
203
		/* if newsize is zero, Realloc acts like free() & returns NULL*/
210
		/* if newsize is zero, Realloc acts like free() & returns NULL*/
204
		if (new_data_p == NULL && newsize != 0) {
211
		if (new_data_p == NULL && newsize != 0) {
205
			DEBUG(0,("prs_set_buffer_size: Realloc failure for size %u.\n",
212
			DEBUG(0,("prs_set_buffer_size: Realloc failure for size %u.\n",
Lines 253-259 Link Here
253
260
254
		new_size = MAX(MAX_PDU_FRAG_LEN,extra_space);
261
		new_size = MAX(MAX_PDU_FRAG_LEN,extra_space);
255
262
256
		if((new_data = malloc(new_size)) == NULL) {
263
		if((new_data = SMB_MALLOC(new_size)) == NULL) {
257
			DEBUG(0,("prs_grow: Malloc failure for size %u.\n", (unsigned int)new_size));
264
			DEBUG(0,("prs_grow: Malloc failure for size %u.\n", (unsigned int)new_size));
258
			return False;
265
			return False;
259
		}
266
		}
Lines 265-271 Link Here
265
		 */
272
		 */
266
		new_size = MAX(ps->buffer_size*2, ps->buffer_size + extra_space);		
273
		new_size = MAX(ps->buffer_size*2, ps->buffer_size + extra_space);		
267
274
268
		if ((new_data = Realloc(ps->data_p, new_size)) == NULL) {
275
		if ((new_data = SMB_REALLOC(ps->data_p, new_size)) == NULL) {
269
			DEBUG(0,("prs_grow: Realloc failure for size %u.\n",
276
			DEBUG(0,("prs_grow: Realloc failure for size %u.\n",
270
				(unsigned int)new_size));
277
				(unsigned int)new_size));
271
			return False;
278
			return False;
Lines 296-302 Link Here
296
		return False;
303
		return False;
297
	}
304
	}
298
305
299
	if((new_data = Realloc(ps->data_p, new_size)) == NULL) {
306
	if((new_data = SMB_REALLOC(ps->data_p, new_size)) == NULL) {
300
		DEBUG(0,("prs_force_grow: Realloc failure for size %u.\n",
307
		DEBUG(0,("prs_force_grow: Realloc failure for size %u.\n",
301
			(unsigned int)new_size));
308
			(unsigned int)new_size));
302
		return False;
309
		return False;
Lines 886-892 Link Here
886
		return False;
893
		return False;
887
894
888
	if (UNMARSHALLING(ps)) {
895
	if (UNMARSHALLING(ps)) {
889
		str->buffer = (uint16 *)prs_alloc_mem(ps,str->buf_len * sizeof(uint16));
896
		str->buffer = PRS_ALLOC_MEM(ps,uint16,str->buf_len);
890
		if (str->buffer == NULL)
897
		if (str->buffer == NULL)
891
			return False;
898
			return False;
892
	}
899
	}
Lines 918-924 Link Here
918
925
919
	if (UNMARSHALLING(ps)) {
926
	if (UNMARSHALLING(ps)) {
920
		if ( str->buf_len ) {
927
		if ( str->buf_len ) {
921
			str->buffer = (uint16 *)prs_alloc_mem(ps,str->buf_len);
928
			str->buffer = PRS_ALLOC_MEM(ps, uint16, str->buf_len);
922
			if ( str->buffer == NULL )
929
			if ( str->buffer == NULL )
923
				return False;
930
				return False;
924
		}
931
		}
Lines 945-951 Link Here
945
		return False;
952
		return False;
946
953
947
	if (UNMARSHALLING(ps)) {
954
	if (UNMARSHALLING(ps)) {
948
		str->buffer = (unsigned char *)prs_alloc_mem(ps,str->str_max_len);
955
		str->buffer = PRS_ALLOC_MEM(ps,unsigned char, str->str_max_len);
949
		if (str->buffer == NULL)
956
		if (str->buffer == NULL)
950
			return False;
957
			return False;
951
	}
958
	}
Lines 989-995 Link Here
989
		return True;
996
		return True;
990
997
991
	if (UNMARSHALLING(ps)) {
998
	if (UNMARSHALLING(ps)) {
992
		str->buffer = (uint16 *)prs_alloc_mem(ps,str->uni_max_len * sizeof(uint16));
999
		str->buffer = PRS_ALLOC_MEM(ps,uint16,str->uni_max_len);
993
		if (str->buffer == NULL)
1000
		if (str->buffer == NULL)
994
			return False;
1001
			return False;
995
	}
1002
	}
Lines 1016-1022 Link Here
1016
		return False;
1023
		return False;
1017
1024
1018
	if (UNMARSHALLING(ps)) {
1025
	if (UNMARSHALLING(ps)) {
1019
		str->str.buffer = (uint16 *)prs_alloc_mem(ps,str->uni_str_len * sizeof(uint16));
1026
		str->str.buffer = PRS_ALLOC_MEM(ps,uint16,str->uni_str_len);
1020
		if (str->str.buffer == NULL)
1027
		if (str->str.buffer == NULL)
1021
			return False;
1028
			return False;
1022
	}
1029
	}
Lines 1109-1115 Link Here
1109
			alloc_len += 1;
1116
			alloc_len += 1;
1110
1117
1111
		/* should we allocate anything at all? */
1118
		/* should we allocate anything at all? */
1112
		str->buffer = (uint16 *)prs_alloc_mem(ps,alloc_len * sizeof(uint16));
1119
		str->buffer = PRS_ALLOC_MEM(ps,uint16,alloc_len);
1113
		if ((str->buffer == NULL) && (alloc_len > 0))
1120
		if ((str->buffer == NULL) && (alloc_len > 0))
1114
			return False;
1121
			return False;
1115
1122
(-)samba-3.0.9-orig/source/rpc_parse/parse_samr.c (-86 / +64 lines)
Lines 1401-1408 Link Here
1401
			return False;
1401
			return False;
1402
1402
1403
		if (UNMARSHALLING(ps) && (r_u->num_entries2 != 0)) {
1403
		if (UNMARSHALLING(ps) && (r_u->num_entries2 != 0)) {
1404
			r_u->sam = (SAM_ENTRY *)prs_alloc_mem(ps,sizeof(SAM_ENTRY)*r_u->num_entries2);
1404
			r_u->sam = PRS_ALLOC_MEM(ps,SAM_ENTRY, r_u->num_entries2);
1405
			r_u->uni_acct_name = (UNISTR2 *)prs_alloc_mem(ps,sizeof(UNISTR2)*r_u->num_entries2);
1405
			r_u->uni_acct_name = PRS_ALLOC_MEM(ps,UNISTR2, r_u->num_entries2);
1406
		}
1406
		}
1407
1407
1408
		if ((r_u->sam == NULL || r_u->uni_acct_name == NULL) && r_u->num_entries2 != 0) {
1408
		if ((r_u->sam == NULL || r_u->uni_acct_name == NULL) && r_u->num_entries2 != 0) {
Lines 1506-1516 Link Here
1506
	if (num_entries==0)
1506
	if (num_entries==0)
1507
		return NT_STATUS_OK;
1507
		return NT_STATUS_OK;
1508
1508
1509
	sam->sam=(SAM_ENTRY1 *)talloc(ctx, num_entries*sizeof(SAM_ENTRY1));
1509
	sam->sam=TALLOC_ARRAY(ctx, SAM_ENTRY1, num_entries);
1510
	if (!sam->sam)
1510
	if (!sam->sam)
1511
		return NT_STATUS_NO_MEMORY;
1511
		return NT_STATUS_NO_MEMORY;
1512
1512
1513
	sam->str=(SAM_STR1 *)talloc(ctx, num_entries*sizeof(SAM_STR1));
1513
	sam->str=TALLOC_ARRAY(ctx, SAM_STR1, num_entries);
1514
	if (!sam->str)
1514
	if (!sam->str)
1515
		return NT_STATUS_NO_MEMORY;
1515
		return NT_STATUS_NO_MEMORY;
1516
1516
Lines 1584-1599 Link Here
1584
1584
1585
	if (UNMARSHALLING(ps) && num_entries > 0) {
1585
	if (UNMARSHALLING(ps) && num_entries > 0) {
1586
1586
1587
		if ((sam->sam = (SAM_ENTRY1 *)
1587
		if ((sam->sam = PRS_ALLOC_MEM(ps, SAM_ENTRY1, num_entries)) == NULL) {
1588
		     prs_alloc_mem(ps, sizeof(SAM_ENTRY1) *
1589
				   num_entries)) == NULL) {
1590
			DEBUG(0, ("out of memory allocating SAM_ENTRY1\n"));
1588
			DEBUG(0, ("out of memory allocating SAM_ENTRY1\n"));
1591
			return False;
1589
			return False;
1592
		}
1590
		}
1593
1591
1594
		if ((sam->str = (SAM_STR1 *)
1592
		if ((sam->str = PRS_ALLOC_MEM(ps, SAM_STR1, num_entries)) == NULL) {
1595
		     prs_alloc_mem(ps, sizeof(SAM_STR1) * 
1596
				   num_entries)) == NULL) {
1597
			DEBUG(0, ("out of memory allocating SAM_STR1\n"));
1593
			DEBUG(0, ("out of memory allocating SAM_STR1\n"));
1598
			return False;
1594
			return False;
1599
		}
1595
		}
Lines 1633-1642 Link Here
1633
	if (num_entries==0)
1629
	if (num_entries==0)
1634
		return NT_STATUS_OK;
1630
		return NT_STATUS_OK;
1635
1631
1636
	if (!(sam->sam=(SAM_ENTRY2 *)talloc(ctx, num_entries*sizeof(SAM_ENTRY2))))
1632
	if (!(sam->sam=TALLOC_ARRAY(ctx, SAM_ENTRY2, num_entries)))
1637
		return NT_STATUS_NO_MEMORY;
1633
		return NT_STATUS_NO_MEMORY;
1638
1634
1639
	if (!(sam->str=(SAM_STR2 *)talloc(ctx, num_entries*sizeof(SAM_STR2))))
1635
	if (!(sam->str=TALLOC_ARRAY(ctx, SAM_STR2, num_entries)))
1640
		return NT_STATUS_NO_MEMORY;
1636
		return NT_STATUS_NO_MEMORY;
1641
1637
1642
	ZERO_STRUCTP(sam->sam);
1638
	ZERO_STRUCTP(sam->sam);
Lines 1697-1712 Link Here
1697
1693
1698
	if (UNMARSHALLING(ps) && num_entries > 0) {
1694
	if (UNMARSHALLING(ps) && num_entries > 0) {
1699
1695
1700
		if ((sam->sam = (SAM_ENTRY2 *)
1696
		if ((sam->sam = PRS_ALLOC_MEM(ps, SAM_ENTRY2, num_entries)) == NULL) {
1701
		     prs_alloc_mem(ps, sizeof(SAM_ENTRY2) *
1702
				   num_entries)) == NULL) {
1703
			DEBUG(0, ("out of memory allocating SAM_ENTRY2\n"));
1697
			DEBUG(0, ("out of memory allocating SAM_ENTRY2\n"));
1704
			return False;
1698
			return False;
1705
		}
1699
		}
1706
1700
1707
		if ((sam->str = (SAM_STR2 *)
1701
		if ((sam->str = PRS_ALLOC_MEM(ps, SAM_STR2, num_entries)) == NULL) {
1708
		     prs_alloc_mem(ps, sizeof(SAM_STR2) * 
1709
				   num_entries)) == NULL) {
1710
			DEBUG(0, ("out of memory allocating SAM_STR2\n"));
1702
			DEBUG(0, ("out of memory allocating SAM_STR2\n"));
1711
			return False;
1703
			return False;
1712
		}
1704
		}
Lines 1743-1752 Link Here
1743
	if (num_entries==0)
1735
	if (num_entries==0)
1744
		return NT_STATUS_OK;
1736
		return NT_STATUS_OK;
1745
1737
1746
	if (!(sam->sam=(SAM_ENTRY3 *)talloc(ctx, num_entries*sizeof(SAM_ENTRY3))))
1738
	if (!(sam->sam=TALLOC_ARRAY(ctx, SAM_ENTRY3, num_entries)))
1747
		return NT_STATUS_NO_MEMORY;
1739
		return NT_STATUS_NO_MEMORY;
1748
1740
1749
	if (!(sam->str=(SAM_STR3 *)talloc(ctx, num_entries*sizeof(SAM_STR3))))
1741
	if (!(sam->str=TALLOC_ARRAY(ctx, SAM_STR3, num_entries)))
1750
		return NT_STATUS_NO_MEMORY;
1742
		return NT_STATUS_NO_MEMORY;
1751
1743
1752
	ZERO_STRUCTP(sam->sam);
1744
	ZERO_STRUCTP(sam->sam);
Lines 1788-1803 Link Here
1788
1780
1789
	if (UNMARSHALLING(ps) && num_entries > 0) {
1781
	if (UNMARSHALLING(ps) && num_entries > 0) {
1790
1782
1791
		if ((sam->sam = (SAM_ENTRY3 *)
1783
		if ((sam->sam = PRS_ALLOC_MEM(ps, SAM_ENTRY3, num_entries)) == NULL) {
1792
		     prs_alloc_mem(ps, sizeof(SAM_ENTRY3) *
1793
				   num_entries)) == NULL) {
1794
			DEBUG(0, ("out of memory allocating SAM_ENTRY3\n"));
1784
			DEBUG(0, ("out of memory allocating SAM_ENTRY3\n"));
1795
			return False;
1785
			return False;
1796
		}
1786
		}
1797
1787
1798
		if ((sam->str = (SAM_STR3 *)
1788
		if ((sam->str = PRS_ALLOC_MEM(ps, SAM_STR3, num_entries)) == NULL) {
1799
		     prs_alloc_mem(ps, sizeof(SAM_STR3) * 
1800
				   num_entries)) == NULL) {
1801
			DEBUG(0, ("out of memory allocating SAM_STR3\n"));
1789
			DEBUG(0, ("out of memory allocating SAM_STR3\n"));
1802
			return False;
1790
			return False;
1803
		}
1791
		}
Lines 1836-1845 Link Here
1836
	if (num_entries==0)
1824
	if (num_entries==0)
1837
		return NT_STATUS_OK;
1825
		return NT_STATUS_OK;
1838
1826
1839
	if (!(sam->sam=(SAM_ENTRY4 *)talloc(ctx, num_entries*sizeof(SAM_ENTRY4))))
1827
	if (!(sam->sam=TALLOC_ARRAY(ctx, SAM_ENTRY4, num_entries)))
1840
		return NT_STATUS_NO_MEMORY;
1828
		return NT_STATUS_NO_MEMORY;
1841
1829
1842
	if (!(sam->str=(SAM_STR4 *)talloc(ctx, num_entries*sizeof(SAM_STR4))))
1830
	if (!(sam->str=TALLOC_ARRAY(ctx, SAM_STR4, num_entries)))
1843
		return NT_STATUS_NO_MEMORY;
1831
		return NT_STATUS_NO_MEMORY;
1844
1832
1845
	ZERO_STRUCTP(sam->sam);
1833
	ZERO_STRUCTP(sam->sam);
Lines 1880-1895 Link Here
1880
1868
1881
	if (UNMARSHALLING(ps) && num_entries > 0) {
1869
	if (UNMARSHALLING(ps) && num_entries > 0) {
1882
1870
1883
		if ((sam->sam = (SAM_ENTRY4 *)
1871
		if ((sam->sam = PRS_ALLOC_MEM(ps, SAM_ENTRY4, num_entries)) == NULL) {
1884
		     prs_alloc_mem(ps, sizeof(SAM_ENTRY4) *
1885
				   num_entries)) == NULL) {
1886
			DEBUG(0, ("out of memory allocating SAM_ENTRY4\n"));
1872
			DEBUG(0, ("out of memory allocating SAM_ENTRY4\n"));
1887
			return False;
1873
			return False;
1888
		}
1874
		}
1889
1875
1890
		if ((sam->str = (SAM_STR4 *)
1876
		if ((sam->str = PRS_ALLOC_MEM(ps, SAM_STR4, num_entries)) == NULL) {
1891
		     prs_alloc_mem(ps, sizeof(SAM_STR4) * 
1892
				   num_entries)) == NULL) {
1893
			DEBUG(0, ("out of memory allocating SAM_STR4\n"));
1877
			DEBUG(0, ("out of memory allocating SAM_STR4\n"));
1894
			return False;
1878
			return False;
1895
		}
1879
		}
Lines 1926-1935 Link Here
1926
	if (num_entries==0)
1910
	if (num_entries==0)
1927
		return NT_STATUS_OK;
1911
		return NT_STATUS_OK;
1928
1912
1929
	if (!(sam->sam=(SAM_ENTRY5 *)talloc(ctx, num_entries*sizeof(SAM_ENTRY5))))
1913
	if (!(sam->sam=TALLOC_ARRAY(ctx, SAM_ENTRY5, num_entries)))
1930
		return NT_STATUS_NO_MEMORY;
1914
		return NT_STATUS_NO_MEMORY;
1931
1915
1932
	if (!(sam->str=(SAM_STR5 *)talloc(ctx, num_entries*sizeof(SAM_STR5))))
1916
	if (!(sam->str=TALLOC_ARRAY(ctx, SAM_STR5, num_entries)))
1933
		return NT_STATUS_NO_MEMORY;
1917
		return NT_STATUS_NO_MEMORY;
1934
1918
1935
	ZERO_STRUCTP(sam->sam);
1919
	ZERO_STRUCTP(sam->sam);
Lines 1970-1985 Link Here
1970
1954
1971
	if (UNMARSHALLING(ps) && num_entries > 0) {
1955
	if (UNMARSHALLING(ps) && num_entries > 0) {
1972
1956
1973
		if ((sam->sam = (SAM_ENTRY5 *)
1957
		if ((sam->sam = PRS_ALLOC_MEM(ps, SAM_ENTRY5, num_entries)) == NULL) {
1974
		     prs_alloc_mem(ps, sizeof(SAM_ENTRY5) *
1975
				   num_entries)) == NULL) {
1976
			DEBUG(0, ("out of memory allocating SAM_ENTRY5\n"));
1958
			DEBUG(0, ("out of memory allocating SAM_ENTRY5\n"));
1977
			return False;
1959
			return False;
1978
		}
1960
		}
1979
1961
1980
		if ((sam->str = (SAM_STR5 *)
1962
		if ((sam->str = PRS_ALLOC_MEM(ps, SAM_STR5, num_entries)) == NULL) {
1981
		     prs_alloc_mem(ps, sizeof(SAM_STR5) * 
1982
				   num_entries)) == NULL) {
1983
			DEBUG(0, ("out of memory allocating SAM_STR5\n"));
1963
			DEBUG(0, ("out of memory allocating SAM_STR5\n"));
1984
			return False;
1964
			return False;
1985
		}
1965
		}
Lines 2354-2360 Link Here
2354
				prs_struct *ps, int depth)
2334
				prs_struct *ps, int depth)
2355
{
2335
{
2356
	if (UNMARSHALLING(ps))
2336
	if (UNMARSHALLING(ps))
2357
		*ctr = (GROUP_INFO_CTR *)prs_alloc_mem(ps,sizeof(GROUP_INFO_CTR));
2337
		*ctr = PRS_ALLOC_MEM(ps,GROUP_INFO_CTR,1);
2358
2338
2359
	if (*ctr == NULL)
2339
	if (*ctr == NULL)
2360
		return False;
2340
		return False;
Lines 2929-2935 Link Here
2929
			if(!prs_uint32("num_rids", ps, depth, &r_u->num_rids))
2909
			if(!prs_uint32("num_rids", ps, depth, &r_u->num_rids))
2930
				return False;
2910
				return False;
2931
			if (UNMARSHALLING(ps) && r_u->num_rids != 0) {
2911
			if (UNMARSHALLING(ps) && r_u->num_rids != 0) {
2932
				r_u->rid = (uint32 *)prs_alloc_mem(ps,sizeof(r_u->rid[0])*r_u->num_rids);
2912
				r_u->rid = PRS_ALLOC_MEM(ps,uint32,r_u->num_rids);
2933
				if (r_u->rid == NULL)
2913
				if (r_u->rid == NULL)
2934
					return False;
2914
					return False;
2935
			}
2915
			}
Lines 2945-2951 Link Here
2945
				return False;
2925
				return False;
2946
2926
2947
			if (UNMARSHALLING(ps) && r_u->num_attrs != 0) {
2927
			if (UNMARSHALLING(ps) && r_u->num_attrs != 0) {
2948
				r_u->attr = (uint32 *)prs_alloc_mem(ps,sizeof(r_u->attr[0])*r_u->num_attrs);
2928
				r_u->attr = PRS_ALLOC_MEM(ps,uint32,r_u->num_attrs);
2949
				if (r_u->attr == NULL)
2929
				if (r_u->attr == NULL)
2950
					return False;
2930
					return False;
2951
			}
2931
			}
Lines 3046-3052 Link Here
3046
3026
3047
	if ((*num_gids) != 0) {
3027
	if ((*num_gids) != 0) {
3048
		if (UNMARSHALLING(ps)) {
3028
		if (UNMARSHALLING(ps)) {
3049
			(*gid) = (DOM_GID *)prs_alloc_mem(ps,sizeof(DOM_GID)*(*num_gids));
3029
			(*gid) = PRS_ALLOC_MEM(ps,DOM_GID,*num_gids);
3050
		}
3030
		}
3051
3031
3052
		if ((*gid) == NULL) {
3032
		if ((*gid) == NULL) {
Lines 3201-3208 Link Here
3201
			return False;
3181
			return False;
3202
3182
3203
		if (UNMARSHALLING(ps)) {
3183
		if (UNMARSHALLING(ps)) {
3204
			r_u->sam = (SAM_ENTRY *)prs_alloc_mem(ps,sizeof(SAM_ENTRY)*r_u->num_entries2);
3184
			r_u->sam = PRS_ALLOC_MEM(ps,SAM_ENTRY,r_u->num_entries2);
3205
			r_u->uni_dom_name = (UNISTR2 *)prs_alloc_mem(ps,sizeof(UNISTR2)*r_u->num_entries2);
3185
			r_u->uni_dom_name = PRS_ALLOC_MEM(ps,UNISTR2,r_u->num_entries2);
3206
		}
3186
		}
3207
3187
3208
		if ((r_u->sam == NULL || r_u->uni_dom_name == NULL) && r_u->num_entries2 != 0) {
3188
		if ((r_u->sam == NULL || r_u->uni_dom_name == NULL) && r_u->num_entries2 != 0) {
Lines 3340-3347 Link Here
3340
			return False;
3320
			return False;
3341
3321
3342
		if (UNMARSHALLING(ps)) {
3322
		if (UNMARSHALLING(ps)) {
3343
			r_u->sam = (SAM_ENTRY *)prs_alloc_mem(ps,sizeof(SAM_ENTRY)*r_u->num_entries2);
3323
			r_u->sam = PRS_ALLOC_MEM(ps,SAM_ENTRY,r_u->num_entries2);
3344
			r_u->uni_grp_name = (UNISTR2 *)prs_alloc_mem(ps,sizeof(UNISTR2)*r_u->num_entries2);
3324
			r_u->uni_grp_name = PRS_ALLOC_MEM(ps,UNISTR2,r_u->num_entries2);
3345
		}
3325
		}
3346
3326
3347
		if ((r_u->sam == NULL || r_u->uni_grp_name == NULL) && r_u->num_entries2 != 0) {
3327
		if ((r_u->sam == NULL || r_u->uni_grp_name == NULL) && r_u->num_entries2 != 0) {
Lines 3474-3481 Link Here
3474
			return False;
3454
			return False;
3475
3455
3476
		if (UNMARSHALLING(ps) && (r_u->num_entries2 > 0)) {
3456
		if (UNMARSHALLING(ps) && (r_u->num_entries2 > 0)) {
3477
			r_u->sam = (SAM_ENTRY *)prs_alloc_mem(ps,sizeof(SAM_ENTRY)*r_u->num_entries2);
3457
			r_u->sam = PRS_ALLOC_MEM(ps,SAM_ENTRY,r_u->num_entries2);
3478
			r_u->uni_grp_name = (UNISTR2 *)prs_alloc_mem(ps,sizeof(UNISTR2)*r_u->num_entries2);
3458
			r_u->uni_grp_name = PRS_ALLOC_MEM(ps,UNISTR2,r_u->num_entries2);
3479
		}
3459
		}
3480
3460
3481
		if (r_u->num_entries2 != 0 && 
3461
		if (r_u->num_entries2 != 0 && 
Lines 3832-3842 Link Here
3832
		return False;
3812
		return False;
3833
3813
3834
	if (UNMARSHALLING(ps) && (q_u->num_sids2 != 0)) {
3814
	if (UNMARSHALLING(ps) && (q_u->num_sids2 != 0)) {
3835
		q_u->ptr_sid = (uint32 *)prs_alloc_mem(ps,sizeof(q_u->ptr_sid[0])*q_u->num_sids2);
3815
		q_u->ptr_sid = PRS_ALLOC_MEM(ps,uint32,q_u->num_sids2);
3836
		if (q_u->ptr_sid == NULL)
3816
		if (q_u->ptr_sid == NULL)
3837
			return False;
3817
			return False;
3838
3818
3839
		q_u->sid = (DOM_SID2 *)prs_alloc_mem(ps, sizeof(q_u->sid[0]) * q_u->num_sids2);
3819
		q_u->sid = PRS_ALLOC_MEM(ps, DOM_SID2, q_u->num_sids2);
3840
		if (q_u->sid == NULL)
3820
		if (q_u->sid == NULL)
3841
			return False;
3821
			return False;
3842
	}
3822
	}
Lines 3907-3913 Link Here
3907
	if ((*num_rids) != 0) {
3887
	if ((*num_rids) != 0) {
3908
		if (UNMARSHALLING(ps)) {
3888
		if (UNMARSHALLING(ps)) {
3909
			/* reading */
3889
			/* reading */
3910
			(*rid) = (uint32 *)prs_alloc_mem(ps,sizeof(uint32)*(*num_rids));
3890
			(*rid) = PRS_ALLOC_MEM(ps,uint32, *num_rids);
3911
		}
3891
		}
3912
		if ((*rid) == NULL)
3892
		if ((*rid) == NULL)
3913
			return False;
3893
			return False;
Lines 4038-4044 Link Here
4038
	q_u->flags = flags;
4018
	q_u->flags = flags;
4039
	q_u->ptr = 0;
4019
	q_u->ptr = 0;
4040
	q_u->num_rids2 = num_rids;
4020
	q_u->num_rids2 = num_rids;
4041
	q_u->rid = (uint32 *)talloc_zero(ctx, num_rids * sizeof(q_u->rid[0]));
4021
	q_u->rid = TALLOC_ZERO_ARRAY(ctx, uint32, num_rids );
4042
	if (q_u->rid == NULL) {
4022
	if (q_u->rid == NULL) {
4043
		q_u->num_rids1 = 0;
4023
		q_u->num_rids1 = 0;
4044
		q_u->num_rids2 = 0;
4024
		q_u->num_rids2 = 0;
Lines 4082-4088 Link Here
4082
		return False;
4062
		return False;
4083
4063
4084
	if (UNMARSHALLING(ps) && (q_u->num_rids2 != 0)) {
4064
	if (UNMARSHALLING(ps) && (q_u->num_rids2 != 0)) {
4085
		q_u->rid = (uint32 *)prs_alloc_mem(ps, sizeof(q_u->rid[0])*q_u->num_rids2);
4065
		q_u->rid = PRS_ALLOC_MEM(ps, uint32, q_u->num_rids2);
4086
		if (q_u->rid == NULL)
4066
		if (q_u->rid == NULL)
4087
			return False;
4067
			return False;
4088
	}
4068
	}
Lines 4163-4173 Link Here
4163
4143
4164
4144
4165
		if (UNMARSHALLING(ps) && (r_u->num_names2 != 0)) {
4145
		if (UNMARSHALLING(ps) && (r_u->num_names2 != 0)) {
4166
			r_u->hdr_name = (UNIHDR *) prs_alloc_mem(ps, r_u->num_names2 * sizeof(r_u->hdr_name[0]));
4146
			r_u->hdr_name = PRS_ALLOC_MEM(ps, UNIHDR, r_u->num_names2);
4167
			if (r_u->hdr_name == NULL)
4147
			if (r_u->hdr_name == NULL)
4168
				return False;
4148
				return False;
4169
4149
4170
			r_u->uni_name = (UNISTR2 *)prs_alloc_mem(ps, r_u->num_names2 * sizeof(r_u->uni_name[0]));
4150
			r_u->uni_name = PRS_ALLOC_MEM(ps, UNISTR2, r_u->num_names2);
4171
			if (r_u->uni_name == NULL)
4151
			if (r_u->uni_name == NULL)
4172
				return False;
4152
				return False;
4173
		}
4153
		}
Lines 4198-4204 Link Here
4198
			return False;
4178
			return False;
4199
4179
4200
		if (UNMARSHALLING(ps) && (r_u->num_types2 != 0)) {
4180
		if (UNMARSHALLING(ps) && (r_u->num_types2 != 0)) {
4201
			r_u->type = (uint32 *)prs_alloc_mem(ps, r_u->num_types2 * sizeof(r_u->type[0]));
4181
			r_u->type = PRS_ALLOC_MEM(ps, uint32, r_u->num_types2);
4202
			if (r_u->type == NULL)
4182
			if (r_u->type == NULL)
4203
				return False;
4183
				return False;
4204
		}
4184
		}
Lines 4624-4630 Link Here
4624
		if(!prs_uint32("num_sids1", ps, depth, &r_u->num_sids1))
4604
		if(!prs_uint32("num_sids1", ps, depth, &r_u->num_sids1))
4625
			return False;
4605
			return False;
4626
4606
4627
		ptr_sid = talloc(ps->mem_ctx, sizeof(uint32) * r_u->num_sids1);
4607
		ptr_sid = TALLOC_ARRAY(ps->mem_ctx, uint32, r_u->num_sids1);
4628
		if (!ptr_sid) {
4608
		if (!ptr_sid) {
4629
			return False;
4609
			return False;
4630
		}
4610
		}
Lines 4636-4642 Link Here
4636
		}
4616
		}
4637
		
4617
		
4638
		if (UNMARSHALLING(ps)) {
4618
		if (UNMARSHALLING(ps)) {
4639
			r_u->sid = talloc(ps->mem_ctx, r_u->num_sids1 * sizeof(DOM_SID2));
4619
			r_u->sid = TALLOC_ARRAY(ps->mem_ctx, DOM_SID2, r_u->num_sids1);
4640
		}
4620
		}
4641
		
4621
		
4642
		for (i = 0; i < r_u->num_sids1; i++) {
4622
		for (i = 0; i < r_u->num_sids1; i++) {
Lines 4674-4683 Link Here
4674
	q_u->ptr = 0;
4654
	q_u->ptr = 0;
4675
	q_u->num_names2 = num_names;
4655
	q_u->num_names2 = num_names;
4676
4656
4677
	if (!(q_u->hdr_name = (UNIHDR *)talloc_zero(ctx, num_names * sizeof(UNIHDR))))
4657
	if (!(q_u->hdr_name = TALLOC_ZERO_ARRAY(ctx, UNIHDR, num_names)))
4678
		return NT_STATUS_NO_MEMORY;
4658
		return NT_STATUS_NO_MEMORY;
4679
4659
4680
	if (!(q_u->uni_name = (UNISTR2 *)talloc_zero(ctx, num_names * sizeof(UNISTR2))))
4660
	if (!(q_u->uni_name = TALLOC_ZERO_ARRAY(ctx, UNISTR2, num_names)))
4681
		return NT_STATUS_NO_MEMORY;
4661
		return NT_STATUS_NO_MEMORY;
4682
4662
4683
	for (i = 0; i < num_names; i++) {
4663
	for (i = 0; i < num_names; i++) {
Lines 4722-4731 Link Here
4722
		return False;
4702
		return False;
4723
4703
4724
	if (UNMARSHALLING(ps) && (q_u->num_names2 != 0)) {
4704
	if (UNMARSHALLING(ps) && (q_u->num_names2 != 0)) {
4725
		q_u->hdr_name = (UNIHDR *)prs_alloc_mem(ps, sizeof(UNIHDR) *
4705
		q_u->hdr_name = PRS_ALLOC_MEM(ps, UNIHDR, q_u->num_names2);
4726
							q_u->num_names2);
4706
		q_u->uni_name = PRS_ALLOC_MEM(ps, UNISTR2, q_u->num_names2);
4727
		q_u->uni_name = (UNISTR2 *)prs_alloc_mem(ps, sizeof(UNISTR2) *
4728
							 q_u->num_names2);
4729
		if (!q_u->hdr_name || !q_u->uni_name)
4707
		if (!q_u->hdr_name || !q_u->uni_name)
4730
			return False;
4708
			return False;
4731
	}
4709
	}
Lines 4765-4773 Link Here
4765
		r_u->ptr_rids = 1;
4743
		r_u->ptr_rids = 1;
4766
		r_u->num_rids2 = num_rids;
4744
		r_u->num_rids2 = num_rids;
4767
4745
4768
		if (!(r_u->rids = (uint32 *)talloc_zero(ctx, sizeof(uint32)*num_rids)))
4746
		if (!(r_u->rids = TALLOC_ZERO_ARRAY(ctx, uint32, num_rids)))
4769
			return NT_STATUS_NO_MEMORY;
4747
			return NT_STATUS_NO_MEMORY;
4770
		if (!(r_u->types = (uint32 *)talloc_zero(ctx, sizeof(uint32)*num_rids)))
4748
		if (!(r_u->types = TALLOC_ZERO_ARRAY(ctx, uint32, num_rids)))
4771
			return NT_STATUS_NO_MEMORY;
4749
			return NT_STATUS_NO_MEMORY;
4772
4750
4773
		if (!r_u->rids || !r_u->types)
4751
		if (!r_u->rids || !r_u->types)
Lines 4834-4840 Link Here
4834
		}
4812
		}
4835
4813
4836
		if (UNMARSHALLING(ps))
4814
		if (UNMARSHALLING(ps))
4837
			r_u->rids = (uint32 *)prs_alloc_mem(ps, sizeof(uint32)*r_u->num_rids2);
4815
			r_u->rids = PRS_ALLOC_MEM(ps, uint32, r_u->num_rids2);
4838
4816
4839
		if (!r_u->rids) {
4817
		if (!r_u->rids) {
4840
			DEBUG(0, ("NULL rids in samr_io_r_lookup_names\n"));
4818
			DEBUG(0, ("NULL rids in samr_io_r_lookup_names\n"));
Lines 4863-4869 Link Here
4863
		}
4841
		}
4864
4842
4865
		if (UNMARSHALLING(ps))
4843
		if (UNMARSHALLING(ps))
4866
			r_u->types = (uint32 *)prs_alloc_mem(ps, sizeof(uint32)*r_u->num_types2);
4844
			r_u->types = PRS_ALLOC_MEM(ps, uint32, r_u->num_types2);
4867
4845
4868
		if (!r_u->types) {
4846
		if (!r_u->types) {
4869
			DEBUG(0, ("NULL types in samr_io_r_lookup_names\n"));
4847
			DEBUG(0, ("NULL types in samr_io_r_lookup_names\n"));
Lines 6282-6288 Link Here
6282
6260
6283
	switch (switch_value) {
6261
	switch (switch_value) {
6284
	case 0x10:
6262
	case 0x10:
6285
		ctr->info.id10 = (SAM_USER_INFO_10 *)talloc_zero(ctx,sizeof(SAM_USER_INFO_10));
6263
		ctr->info.id10 = TALLOC_ZERO_P(ctx,SAM_USER_INFO_10);
6286
		if (ctr->info.id10 == NULL)
6264
		if (ctr->info.id10 == NULL)
6287
			return NT_STATUS_NO_MEMORY;
6265
			return NT_STATUS_NO_MEMORY;
6288
6266
Lines 6298-6304 Link Here
6298
			expire.low = 0xffffffff;
6276
			expire.low = 0xffffffff;
6299
			expire.high = 0x7fffffff;
6277
			expire.high = 0x7fffffff;
6300
6278
6301
			ctr->info.id = (SAM_USER_INFO_11 *) talloc_zero(ctx,sizeof(*ctr->info.id11));
6279
			ctr->info.id = TALLOC_ZERO_P(ctx,SAM_USER_INFO_11);
6302
			init_sam_user_info11(ctr->info.id11, &expire,
6280
			init_sam_user_info11(ctr->info.id11, &expire,
6303
					     "BROOKFIELDS$",	/* name */
6281
					     "BROOKFIELDS$",	/* name */
6304
					     0x03ef,	/* user rid */
6282
					     0x03ef,	/* user rid */
Lines 6309-6315 Link Here
6309
		}
6287
		}
6310
#endif
6288
#endif
6311
	case 0x12:
6289
	case 0x12:
6312
		ctr->info.id12 = (SAM_USER_INFO_12 *)talloc_zero(ctx,sizeof(SAM_USER_INFO_12));
6290
		ctr->info.id12 = TALLOC_ZERO_P(ctx,SAM_USER_INFO_12);
6313
		if (ctr->info.id12 == NULL)
6291
		if (ctr->info.id12 == NULL)
6314
			return NT_STATUS_NO_MEMORY;
6292
			return NT_STATUS_NO_MEMORY;
6315
6293
Lines 6318-6324 Link Here
6318
	case 21:
6296
	case 21:
6319
		{
6297
		{
6320
			SAM_USER_INFO_21 *cusr;
6298
			SAM_USER_INFO_21 *cusr;
6321
			cusr = (SAM_USER_INFO_21 *)talloc_zero(ctx,sizeof(SAM_USER_INFO_21));
6299
			cusr = TALLOC_ZERO_P(ctx,SAM_USER_INFO_21);
6322
			ctr->info.id21 = cusr;
6300
			ctr->info.id21 = cusr;
6323
			if (ctr->info.id21 == NULL)
6301
			if (ctr->info.id21 == NULL)
6324
				return NT_STATUS_NO_MEMORY;
6302
				return NT_STATUS_NO_MEMORY;
Lines 6377-6383 Link Here
6377
	depth++;
6355
	depth++;
6378
6356
6379
	if (UNMARSHALLING(ps)) {
6357
	if (UNMARSHALLING(ps)) {
6380
		ctr = (SAM_USERINFO_CTR *)prs_alloc_mem(ps,sizeof(SAM_USERINFO_CTR));
6358
		ctr = PRS_ALLOC_MEM(ps,SAM_USERINFO_CTR,1);
6381
		if (ctr == NULL)
6359
		if (ctr == NULL)
6382
			return False;
6360
			return False;
6383
		*ppctr = ctr;
6361
		*ppctr = ctr;
Lines 6397-6403 Link Here
6397
	switch (ctr->switch_value) {
6375
	switch (ctr->switch_value) {
6398
	case 0x10:
6376
	case 0x10:
6399
		if (UNMARSHALLING(ps))
6377
		if (UNMARSHALLING(ps))
6400
			ctr->info.id10 = (SAM_USER_INFO_10 *)prs_alloc_mem(ps,sizeof(SAM_USER_INFO_10));
6378
			ctr->info.id10 = PRS_ALLOC_MEM(ps,SAM_USER_INFO_10,1);
6401
		if (ctr->info.id10 == NULL) {
6379
		if (ctr->info.id10 == NULL) {
6402
			DEBUG(2,("samr_io_userinfo_ctr: info pointer not initialised\n"));
6380
			DEBUG(2,("samr_io_userinfo_ctr: info pointer not initialised\n"));
6403
			return False;
6381
			return False;
Lines 6406-6412 Link Here
6406
		break;
6384
		break;
6407
	case 0x11:
6385
	case 0x11:
6408
		if (UNMARSHALLING(ps))
6386
		if (UNMARSHALLING(ps))
6409
			ctr->info.id11 = (SAM_USER_INFO_11 *)prs_alloc_mem(ps,sizeof(SAM_USER_INFO_11));
6387
			ctr->info.id11 = PRS_ALLOC_MEM(ps,SAM_USER_INFO_11,1);
6410
6388
6411
		if (ctr->info.id11 == NULL) {
6389
		if (ctr->info.id11 == NULL) {
6412
			DEBUG(2,("samr_io_userinfo_ctr: info pointer not initialised\n"));
6390
			DEBUG(2,("samr_io_userinfo_ctr: info pointer not initialised\n"));
Lines 6416-6422 Link Here
6416
		break;
6394
		break;
6417
	case 0x12:
6395
	case 0x12:
6418
		if (UNMARSHALLING(ps))
6396
		if (UNMARSHALLING(ps))
6419
			ctr->info.id12 = (SAM_USER_INFO_12 *)prs_alloc_mem(ps,sizeof(SAM_USER_INFO_12));
6397
			ctr->info.id12 = PRS_ALLOC_MEM(ps,SAM_USER_INFO_12,1);
6420
6398
6421
		if (ctr->info.id12 == NULL) {
6399
		if (ctr->info.id12 == NULL) {
6422
			DEBUG(2,("samr_io_userinfo_ctr: info pointer not initialised\n"));
6400
			DEBUG(2,("samr_io_userinfo_ctr: info pointer not initialised\n"));
Lines 6426-6432 Link Here
6426
		break;
6404
		break;
6427
	case 20:
6405
	case 20:
6428
		if (UNMARSHALLING(ps))
6406
		if (UNMARSHALLING(ps))
6429
			ctr->info.id20 = (SAM_USER_INFO_20 *)prs_alloc_mem(ps,sizeof(SAM_USER_INFO_20));
6407
			ctr->info.id20 = PRS_ALLOC_MEM(ps,SAM_USER_INFO_20,1);
6430
6408
6431
		if (ctr->info.id20 == NULL) {
6409
		if (ctr->info.id20 == NULL) {
6432
			DEBUG(2,("samr_io_userinfo_ctr: info pointer not initialised\n"));
6410
			DEBUG(2,("samr_io_userinfo_ctr: info pointer not initialised\n"));
Lines 6436-6442 Link Here
6436
		break;
6414
		break;
6437
	case 21:
6415
	case 21:
6438
		if (UNMARSHALLING(ps))
6416
		if (UNMARSHALLING(ps))
6439
			ctr->info.id21 = (SAM_USER_INFO_21 *)prs_alloc_mem(ps,sizeof(SAM_USER_INFO_21));
6417
			ctr->info.id21 = PRS_ALLOC_MEM(ps,SAM_USER_INFO_21,1);
6440
6418
6441
		if (ctr->info.id21 == NULL) {
6419
		if (ctr->info.id21 == NULL) {
6442
			DEBUG(2,("samr_io_userinfo_ctr: info pointer not initialised\n"));
6420
			DEBUG(2,("samr_io_userinfo_ctr: info pointer not initialised\n"));
Lines 6446-6452 Link Here
6446
		break;
6424
		break;
6447
	case 23:
6425
	case 23:
6448
		if (UNMARSHALLING(ps))
6426
		if (UNMARSHALLING(ps))
6449
			ctr->info.id23 = (SAM_USER_INFO_23 *)prs_alloc_mem(ps,sizeof(SAM_USER_INFO_23));
6427
			ctr->info.id23 = PRS_ALLOC_MEM(ps,SAM_USER_INFO_23,1);
6450
6428
6451
		if (ctr->info.id23 == NULL) {
6429
		if (ctr->info.id23 == NULL) {
6452
			DEBUG(2,("samr_io_userinfo_ctr: info pointer not initialised\n"));
6430
			DEBUG(2,("samr_io_userinfo_ctr: info pointer not initialised\n"));
Lines 6456-6462 Link Here
6456
		break;
6434
		break;
6457
	case 24:
6435
	case 24:
6458
		if (UNMARSHALLING(ps))
6436
		if (UNMARSHALLING(ps))
6459
			ctr->info.id24 = (SAM_USER_INFO_24 *)prs_alloc_mem(ps,sizeof(SAM_USER_INFO_24));
6437
			ctr->info.id24 = PRS_ALLOC_MEM(ps,SAM_USER_INFO_24,1);
6460
6438
6461
		if (ctr->info.id24 == NULL) {
6439
		if (ctr->info.id24 == NULL) {
6462
			DEBUG(2,("samr_io_userinfo_ctr: info pointer not initialised\n"));
6440
			DEBUG(2,("samr_io_userinfo_ctr: info pointer not initialised\n"));
Lines 6466-6472 Link Here
6466
		break;
6444
		break;
6467
	case 25:
6445
	case 25:
6468
		if (UNMARSHALLING(ps))
6446
		if (UNMARSHALLING(ps))
6469
			ctr->info.id25 = (SAM_USER_INFO_25 *)prs_alloc_mem(ps,sizeof(SAM_USER_INFO_25));
6447
			ctr->info.id25 = PRS_ALLOC_MEM(ps,SAM_USER_INFO_25,1);
6470
6448
6471
		if (ctr->info.id25 == NULL) {
6449
		if (ctr->info.id25 == NULL) {
6472
			DEBUG(2,("samr_io_userinfo_ctr: info pointer not initialised\n"));
6450
			DEBUG(2,("samr_io_userinfo_ctr: info pointer not initialised\n"));
Lines 7356-7362 Link Here
7356
	if(!prs_align(ps))
7334
	if(!prs_align(ps))
7357
		return False;
7335
		return False;
7358
7336
7359
	if ((q_u->ctr = (SAM_UNK_CTR *)prs_alloc_mem(ps, sizeof(SAM_UNK_CTR))) == NULL)
7337
	if ((q_u->ctr = PRS_ALLOC_MEM(ps, SAM_UNK_CTR, 1)) == NULL)
7360
		return False;
7338
		return False;
7361
	
7339
	
7362
	switch (q_u->switch_value) {
7340
	switch (q_u->switch_value) {
(-)samba-3.0.9-orig/source/rpc_parse/parse_sec.c (-6 / +6 lines)
Lines 129-135 Link Here
129
		/*
129
		/*
130
		 * This is a read and we must allocate the stuct to read into.
130
		 * This is a read and we must allocate the stuct to read into.
131
		 */
131
		 */
132
		if((psa = (SEC_ACL *)prs_alloc_mem(ps, sizeof(SEC_ACL))) == NULL)
132
		if((psa = PRS_ALLOC_MEM(ps, SEC_ACL, 1)) == NULL)
133
			return False;
133
			return False;
134
		*ppsa = psa;
134
		*ppsa = psa;
135
	}
135
	}
Lines 154-160 Link Here
154
		 * between a non-present DACL (allow all access) and a DACL with no ACE's
154
		 * between a non-present DACL (allow all access) and a DACL with no ACE's
155
		 * (allow no access).
155
		 * (allow no access).
156
		 */
156
		 */
157
		if((psa->ace = (SEC_ACE *)prs_alloc_mem(ps,sizeof(psa->ace[0]) * (psa->num_aces+1))) == NULL)
157
		if((psa->ace = PRS_ALLOC_MEM(ps, SEC_ACE, psa->num_aces+1)) == NULL)
158
			return False;
158
			return False;
159
	}
159
	}
160
160
Lines 191-197 Link Here
191
191
192
	if (psd == NULL) {
192
	if (psd == NULL) {
193
		if(UNMARSHALLING(ps)) {
193
		if(UNMARSHALLING(ps)) {
194
			if((psd = (SEC_DESC *)prs_alloc_mem(ps,sizeof(SEC_DESC))) == NULL)
194
			if((psd = PRS_ALLOC_MEM(ps,SEC_DESC,1)) == NULL)
195
				return False;
195
				return False;
196
			*ppsd = psd;
196
			*ppsd = psd;
197
		} else {
197
		} else {
Lines 244-250 Link Here
244
244
245
		if (UNMARSHALLING(ps)) {
245
		if (UNMARSHALLING(ps)) {
246
			/* reading */
246
			/* reading */
247
			if((psd->owner_sid = (DOM_SID *)prs_alloc_mem(ps,sizeof(*psd->owner_sid))) == NULL)
247
			if((psd->owner_sid = PRS_ALLOC_MEM(ps,DOM_SID,1)) == NULL)
248
				return False;
248
				return False;
249
		}
249
		}
250
250
Lines 265-271 Link Here
265
265
266
		if (UNMARSHALLING(ps)) {
266
		if (UNMARSHALLING(ps)) {
267
			/* reading */
267
			/* reading */
268
			if((psd->grp_sid = (DOM_SID *)prs_alloc_mem(ps,sizeof(*psd->grp_sid))) == NULL)
268
			if((psd->grp_sid = PRS_ALLOC_MEM(ps,DOM_SID,1)) == NULL)
269
				return False;
269
				return False;
270
		}
270
		}
271
271
Lines 324-330 Link Here
324
	psdb = *ppsdb;
324
	psdb = *ppsdb;
325
325
326
	if (UNMARSHALLING(ps) && psdb == NULL) {
326
	if (UNMARSHALLING(ps) && psdb == NULL) {
327
		if((psdb = (SEC_DESC_BUF *)prs_alloc_mem(ps,sizeof(SEC_DESC_BUF))) == NULL)
327
		if((psdb = PRS_ALLOC_MEM(ps,SEC_DESC_BUF,1)) == NULL)
328
			return False;
328
			return False;
329
		*ppsdb = psdb;
329
		*ppsdb = psdb;
330
	}
330
	}
(-)samba-3.0.9-orig/source/rpc_parse/parse_spoolss.c (-54 / +51 lines)
Lines 269-275 Link Here
269
269
270
	/* reading */
270
	/* reading */
271
	if (UNMARSHALLING(ps))
271
	if (UNMARSHALLING(ps))
272
		if((ctr->type=(SPOOL_NOTIFY_OPTION_TYPE *)prs_alloc_mem(ps,ctr->count*sizeof(SPOOL_NOTIFY_OPTION_TYPE))) == NULL)
272
		if((ctr->type=PRS_ALLOC_MEM(ps,SPOOL_NOTIFY_OPTION_TYPE,ctr->count)) == NULL)
273
			return False;
273
			return False;
274
		
274
		
275
	/* the option type struct */
275
	/* the option type struct */
Lines 421-440 Link Here
421
421
422
	case NOTIFY_STRING:
422
	case NOTIFY_STRING:
423
423
424
		if (UNMARSHALLING(ps)) {
425
			data->notify_data.data.string = 
426
				(uint16 *)prs_alloc_mem(ps, data->notify_data.data.length);
427
428
			if (!data->notify_data.data.string) 
429
				return False;
430
		}
431
432
		if (MARSHALLING(ps))
424
		if (MARSHALLING(ps))
433
			data->notify_data.data.length /= 2;
425
			data->notify_data.data.length /= 2;
434
426
435
		if(!prs_uint32("string length", ps, depth, &data->notify_data.data.length))
427
		if(!prs_uint32("string length", ps, depth, &data->notify_data.data.length))
436
			return False;
428
			return False;
437
429
430
		if (UNMARSHALLING(ps)) {
431
			data->notify_data.data.string = PRS_ALLOC_MEM(ps, uint16,
432
								data->notify_data.data.length);
433
434
			if (!data->notify_data.data.string) 
435
				return False;
436
		}
437
438
		if (!prs_uint16uni(True, "string", ps, depth, data->notify_data.data.string,
438
		if (!prs_uint16uni(True, "string", ps, depth, data->notify_data.data.string,
439
				   data->notify_data.data.length))
439
				   data->notify_data.data.length))
440
			return False;
440
			return False;
Lines 447-454 Link Here
447
	case NOTIFY_POINTER:
447
	case NOTIFY_POINTER:
448
448
449
		if (UNMARSHALLING(ps)) {
449
		if (UNMARSHALLING(ps)) {
450
			data->notify_data.data.string = 
450
			data->notify_data.data.string = PRS_ALLOC_MEM(ps, uint16,
451
				(uint16 *)prs_alloc_mem(ps, data->notify_data.data.length);
451
								data->notify_data.data.length);
452
452
453
			if (!data->notify_data.data.string) 
453
			if (!data->notify_data.data.string) 
454
				return False;
454
				return False;
Lines 506-512 Link Here
506
506
507
			/* Tallocate memory for string */
507
			/* Tallocate memory for string */
508
508
509
			data->notify_data.data.string = (uint16 *)prs_alloc_mem(ps, x * 2);
509
			data->notify_data.data.string = PRS_ALLOC_MEM(ps, uint16, x * 2);
510
			if (!data->notify_data.data.string) 
510
			if (!data->notify_data.data.string) 
511
				return False;
511
				return False;
512
512
Lines 679-685 Link Here
679
	depth++;
679
	depth++;
680
680
681
	if (UNMARSHALLING(ps)) {
681
	if (UNMARSHALLING(ps)) {
682
		devmode->devicename.buffer = (uint16 *)prs_alloc_mem(ps, 32 * sizeof(uint16) );
682
		devmode->devicename.buffer = PRS_ALLOC_MEM(ps, uint16, 32);
683
		if (devmode->devicename.buffer == NULL)
683
		if (devmode->devicename.buffer == NULL)
684
			return False;
684
			return False;
685
	}
685
	}
Lines 745-751 Link Here
745
		return False;
745
		return False;
746
746
747
	if (UNMARSHALLING(ps)) {
747
	if (UNMARSHALLING(ps)) {
748
		devmode->formname.buffer = (uint16 *)prs_alloc_mem(ps, 32 * sizeof(uint16) );
748
		devmode->formname.buffer = PRS_ALLOC_MEM(ps, uint16, 32);
749
		if (devmode->formname.buffer == NULL)
749
		if (devmode->formname.buffer == NULL)
750
			return False;
750
			return False;
751
	}
751
	}
Lines 810-816 Link Here
810
810
811
	if (devmode->driverextra!=0) {
811
	if (devmode->driverextra!=0) {
812
		if (UNMARSHALLING(ps)) {
812
		if (UNMARSHALLING(ps)) {
813
			devmode->private=(uint8 *)prs_alloc_mem(ps, devmode->driverextra*sizeof(uint8));
813
			devmode->private=PRS_ALLOC_MEM(ps, uint8, devmode->driverextra);
814
			if(devmode->private == NULL)
814
			if(devmode->private == NULL)
815
				return False;
815
				return False;
816
			DEBUG(7,("spoolss_io_devmode: allocated memory [%d] for private\n",devmode->driverextra)); 
816
			DEBUG(7,("spoolss_io_devmode: allocated memory [%d] for private\n",devmode->driverextra)); 
Lines 856-862 Link Here
856
	/* so we have a DEVICEMODE to follow */		
856
	/* so we have a DEVICEMODE to follow */		
857
	if (UNMARSHALLING(ps)) {
857
	if (UNMARSHALLING(ps)) {
858
		DEBUG(9,("Allocating memory for spoolss_io_devmode\n"));
858
		DEBUG(9,("Allocating memory for spoolss_io_devmode\n"));
859
		dm_c->devmode=(DEVICEMODE *)prs_alloc_mem(ps,sizeof(DEVICEMODE));
859
		dm_c->devmode=PRS_ALLOC_MEM(ps,DEVICEMODE,1);
860
		if(dm_c->devmode == NULL)
860
		if(dm_c->devmode == NULL)
861
			return False;
861
			return False;
862
	}
862
	}
Lines 1010-1016 Link Here
1010
	SPOOL_PRINTER_INFO_LEVEL_2 *inf;
1010
	SPOOL_PRINTER_INFO_LEVEL_2 *inf;
1011
1011
1012
	/* allocate the necessary memory */
1012
	/* allocate the necessary memory */
1013
	if (!(inf=(SPOOL_PRINTER_INFO_LEVEL_2*)talloc(mem_ctx, sizeof(SPOOL_PRINTER_INFO_LEVEL_2)))) {
1013
	if (!(inf=TALLOC_P(mem_ctx, SPOOL_PRINTER_INFO_LEVEL_2))) {
1014
		DEBUG(0,("make_spoolss_printer_info_2: Unable to allocate SPOOL_PRINTER_INFO_LEVEL_2 sruct!\n"));
1014
		DEBUG(0,("make_spoolss_printer_info_2: Unable to allocate SPOOL_PRINTER_INFO_LEVEL_2 sruct!\n"));
1015
		return False;
1015
		return False;
1016
	}
1016
	}
Lines 1064-1070 Link Here
1064
	SPOOL_PRINTER_INFO_LEVEL_3 *inf;
1064
	SPOOL_PRINTER_INFO_LEVEL_3 *inf;
1065
1065
1066
	/* allocate the necessary memory */
1066
	/* allocate the necessary memory */
1067
	if (!(inf=(SPOOL_PRINTER_INFO_LEVEL_3*)talloc(mem_ctx, sizeof(SPOOL_PRINTER_INFO_LEVEL_3)))) {
1067
	if (!(inf=TALLOC_P(mem_ctx, SPOOL_PRINTER_INFO_LEVEL_3))) {
1068
		DEBUG(0,("make_spoolss_printer_info_3: Unable to allocate SPOOL_PRINTER_INFO_LEVEL_3 sruct!\n"));
1068
		DEBUG(0,("make_spoolss_printer_info_3: Unable to allocate SPOOL_PRINTER_INFO_LEVEL_3 sruct!\n"));
1069
		return False;
1069
		return False;
1070
	}
1070
	}
Lines 1087-1093 Link Here
1087
	SPOOL_PRINTER_INFO_LEVEL_7 *inf;
1087
	SPOOL_PRINTER_INFO_LEVEL_7 *inf;
1088
1088
1089
	/* allocate the necessary memory */
1089
	/* allocate the necessary memory */
1090
	if (!(inf=(SPOOL_PRINTER_INFO_LEVEL_7*)talloc(mem_ctx, sizeof(SPOOL_PRINTER_INFO_LEVEL_7)))) {
1090
	if (!(inf=TALLOC_P(mem_ctx, SPOOL_PRINTER_INFO_LEVEL_7))) {
1091
		DEBUG(0,("make_spoolss_printer_info_7: Unable to allocate SPOOL_PRINTER_INFO_LEVEL_7 struct!\n"));
1091
		DEBUG(0,("make_spoolss_printer_info_7: Unable to allocate SPOOL_PRINTER_INFO_LEVEL_7 struct!\n"));
1092
		return False;
1092
		return False;
1093
	}
1093
	}
Lines 1444-1450 Link Here
1444
		return False;
1444
		return False;
1445
	
1445
	
1446
	if (UNMARSHALLING(ps) && r_u->size) {
1446
	if (UNMARSHALLING(ps) && r_u->size) {
1447
		r_u->data = (unsigned char *)prs_alloc_mem(ps, r_u->size);
1447
		r_u->data = PRS_ALLOC_MEM(ps, unsigned char, r_u->size);
1448
		if(!r_u->data)
1448
		if(!r_u->data)
1449
			return False;
1449
			return False;
1450
	}
1450
	}
Lines 1885-1891 Link Here
1885
	if (q_u->buffer_size!=0)
1885
	if (q_u->buffer_size!=0)
1886
	{
1886
	{
1887
		if (UNMARSHALLING(ps))
1887
		if (UNMARSHALLING(ps))
1888
			q_u->buffer=(uint8 *)prs_alloc_mem(ps,q_u->buffer_size*sizeof(uint8));
1888
			q_u->buffer=PRS_ALLOC_MEM(ps, uint8, q_u->buffer_size);
1889
		if(q_u->buffer == NULL)
1889
		if(q_u->buffer == NULL)
1890
			return False;	
1890
			return False;	
1891
		if(!prs_uint8s(True, "buffer", ps, depth, q_u->buffer, q_u->buffer_size))
1891
		if(!prs_uint8s(True, "buffer", ps, depth, q_u->buffer, q_u->buffer_size))
Lines 1952-1958 Link Here
1952
	if (q_u->option_ptr!=0) {
1952
	if (q_u->option_ptr!=0) {
1953
	
1953
	
1954
		if (UNMARSHALLING(ps))
1954
		if (UNMARSHALLING(ps))
1955
			if((q_u->option=(SPOOL_NOTIFY_OPTION *)prs_alloc_mem(ps,sizeof(SPOOL_NOTIFY_OPTION))) == NULL)
1955
			if((q_u->option=PRS_ALLOC_MEM(ps,SPOOL_NOTIFY_OPTION,1)) == NULL)
1956
				return False;
1956
				return False;
1957
	
1957
	
1958
		if(!smb_io_notify_option("notify option", q_u->option, ps, depth))
1958
		if(!smb_io_notify_option("notify option", q_u->option, ps, depth))
Lines 2003-2009 Link Here
2003
	if (q_u->option_ptr!=0) {
2003
	if (q_u->option_ptr!=0) {
2004
	
2004
	
2005
		if (UNMARSHALLING(ps))
2005
		if (UNMARSHALLING(ps))
2006
			if((q_u->option=(SPOOL_NOTIFY_OPTION *)prs_alloc_mem(ps,sizeof(SPOOL_NOTIFY_OPTION))) == NULL)
2006
			if((q_u->option=PRS_ALLOC_MEM(ps,SPOOL_NOTIFY_OPTION,1)) == NULL)
2007
				return False;
2007
				return False;
2008
	
2008
	
2009
		if(!smb_io_notify_option("notify option", q_u->option, ps, depth))
2009
		if(!smb_io_notify_option("notify option", q_u->option, ps, depth))
Lines 2229-2235 Link Here
2229
2229
2230
			/* Yes this should be malloc not talloc. Don't change. */
2230
			/* Yes this should be malloc not talloc. Don't change. */
2231
2231
2232
			chaine.buffer = malloc((q-p+1)*sizeof(uint16));
2232
			chaine.buffer = SMB_MALLOC((q-p+1)*sizeof(uint16));
2233
			if (chaine.buffer == NULL)
2233
			if (chaine.buffer == NULL)
2234
				return False;
2234
				return False;
2235
2235
Lines 2298-2304 Link Here
2298
2298
2299
				/* Yes this should be realloc - it's freed below. JRA */
2299
				/* Yes this should be realloc - it's freed below. JRA */
2300
2300
2301
				if((tc2=(uint16 *)Realloc(chaine2, realloc_size)) == NULL) {
2301
				if((tc2=(uint16 *)SMB_REALLOC(chaine2, realloc_size)) == NULL) {
2302
					SAFE_FREE(chaine2);
2302
					SAFE_FREE(chaine2);
2303
					return False;
2303
					return False;
2304
				}
2304
				}
Lines 2314-2320 Link Here
2314
		if (chaine2)
2314
		if (chaine2)
2315
		{
2315
		{
2316
			chaine2[l_chaine2] = '\0';
2316
			chaine2[l_chaine2] = '\0';
2317
			*string=(uint16 *)talloc_memdup(prs_get_mem_context(ps),chaine2,realloc_size);
2317
			*string=(uint16 *)TALLOC_MEMDUP(prs_get_mem_context(ps),chaine2,realloc_size);
2318
			SAFE_FREE(chaine2);
2318
			SAFE_FREE(chaine2);
2319
		}
2319
		}
2320
2320
Lines 2442-2448 Link Here
2442
			return False;
2442
			return False;
2443
2443
2444
		/* read the string */
2444
		/* read the string */
2445
		if((*devmode=(DEVICEMODE *)prs_alloc_mem(ps,sizeof(DEVICEMODE))) == NULL)
2445
		if((*devmode=PRS_ALLOC_MEM(ps,DEVICEMODE,1)) == NULL)
2446
			return False;
2446
			return False;
2447
		if (!spoolss_io_devmode(desc, ps, depth, *devmode))
2447
		if (!spoolss_io_devmode(desc, ps, depth, *devmode))
2448
			return False;
2448
			return False;
Lines 3114-3120 Link Here
3114
	depth++;
3114
	depth++;
3115
	
3115
	
3116
	if (UNMARSHALLING(ps))
3116
	if (UNMARSHALLING(ps))
3117
		buffer = *pp_buffer = (NEW_BUFFER *)prs_alloc_mem(ps, sizeof(NEW_BUFFER));
3117
		buffer = *pp_buffer = PRS_ALLOC_MEM(ps, NEW_BUFFER, 1);
3118
3118
3119
	if (buffer == NULL)
3119
	if (buffer == NULL)
3120
		return False;
3120
		return False;
Lines 4172-4178 Link Here
4172
		
4172
		
4173
		make_spoolss_printer_info_2 (mem_ctx, &q_u->info.info_2, info->printers_2);
4173
		make_spoolss_printer_info_2 (mem_ctx, &q_u->info.info_2, info->printers_2);
4174
#if 1	/* JERRY TEST */
4174
#if 1	/* JERRY TEST */
4175
		q_u->secdesc_ctr = (SEC_DESC_BUF*)malloc(sizeof(SEC_DESC_BUF));
4175
		q_u->secdesc_ctr = SMB_MALLOC_P(SEC_DESC_BUF);
4176
		if (!q_u->secdesc_ctr)
4176
		if (!q_u->secdesc_ctr)
4177
			return False;
4177
			return False;
4178
		q_u->secdesc_ctr->ptr = (secdesc != NULL) ? 1: 0;
4178
		q_u->secdesc_ctr->ptr = (secdesc != NULL) ? 1: 0;
Lines 4196-4202 Link Here
4196
		
4196
		
4197
		make_spoolss_printer_info_3 (mem_ctx, &q_u->info.info_3, info->printers_3);
4197
		make_spoolss_printer_info_3 (mem_ctx, &q_u->info.info_3, info->printers_3);
4198
		
4198
		
4199
		q_u->secdesc_ctr = (SEC_DESC_BUF*)malloc(sizeof(SEC_DESC_BUF));
4199
		q_u->secdesc_ctr = SMB_MALLOC_P(SEC_DESC_BUF);
4200
		if (!q_u->secdesc_ctr)
4200
		if (!q_u->secdesc_ctr)
4201
			return False;
4201
			return False;
4202
		q_u->secdesc_ctr->ptr = (secdesc != NULL) ? 1: 0;
4202
		q_u->secdesc_ctr->ptr = (secdesc != NULL) ? 1: 0;
Lines 5011-5017 Link Here
5011
		case 1:
5011
		case 1:
5012
		{
5012
		{
5013
			if (UNMARSHALLING(ps)) {
5013
			if (UNMARSHALLING(ps)) {
5014
				if ((il->info_1=(SPOOL_PRINTER_INFO_LEVEL_1 *)prs_alloc_mem(ps,sizeof(SPOOL_PRINTER_INFO_LEVEL_1))) == NULL)
5014
				if ((il->info_1=PRS_ALLOC_MEM(ps,SPOOL_PRINTER_INFO_LEVEL_1,1)) == NULL)
5015
					return False;
5015
					return False;
5016
			}
5016
			}
5017
			if (!spool_io_printer_info_level_1("", il->info_1, ps, depth))
5017
			if (!spool_io_printer_info_level_1("", il->info_1, ps, depth))
Lines 5024-5030 Link Here
5024
		 */	
5024
		 */	
5025
		case 2:
5025
		case 2:
5026
			if (UNMARSHALLING(ps)) {
5026
			if (UNMARSHALLING(ps)) {
5027
				if ((il->info_2=(SPOOL_PRINTER_INFO_LEVEL_2 *)prs_alloc_mem(ps,sizeof(SPOOL_PRINTER_INFO_LEVEL_2))) == NULL)
5027
				if ((il->info_2=PRS_ALLOC_MEM(ps,SPOOL_PRINTER_INFO_LEVEL_2,1)) == NULL)
5028
					return False;
5028
					return False;
5029
			}
5029
			}
5030
			if (!spool_io_printer_info_level_2("", il->info_2, ps, depth))
5030
			if (!spool_io_printer_info_level_2("", il->info_2, ps, depth))
Lines 5034-5040 Link Here
5034
		case 3:
5034
		case 3:
5035
		{
5035
		{
5036
			if (UNMARSHALLING(ps)) {
5036
			if (UNMARSHALLING(ps)) {
5037
				if ((il->info_3=(SPOOL_PRINTER_INFO_LEVEL_3 *)prs_alloc_mem(ps,sizeof(SPOOL_PRINTER_INFO_LEVEL_3))) == NULL)
5037
				if ((il->info_3=PRS_ALLOC_MEM(ps,SPOOL_PRINTER_INFO_LEVEL_3,1)) == NULL)
5038
					return False;
5038
					return False;
5039
			}
5039
			}
5040
			if (!spool_io_printer_info_level_3("", il->info_3, ps, depth))
5040
			if (!spool_io_printer_info_level_3("", il->info_3, ps, depth))
Lines 5043-5049 Link Here
5043
		}
5043
		}
5044
		case 7:
5044
		case 7:
5045
			if (UNMARSHALLING(ps))
5045
			if (UNMARSHALLING(ps))
5046
				if ((il->info_7=(SPOOL_PRINTER_INFO_LEVEL_7 *)prs_alloc_mem(ps,sizeof(SPOOL_PRINTER_INFO_LEVEL_7))) == NULL)
5046
				if ((il->info_7=PRS_ALLOC_MEM(ps,SPOOL_PRINTER_INFO_LEVEL_7,1)) == NULL)
5047
					return False;
5047
					return False;
5048
			if (!spool_io_printer_info_level_7("", il->info_7, ps, depth))
5048
			if (!spool_io_printer_info_level_7("", il->info_7, ps, depth))
5049
				return False;
5049
				return False;
Lines 5148-5154 Link Here
5148
		
5148
		
5149
	/* reading */
5149
	/* reading */
5150
	if (UNMARSHALLING(ps)) {
5150
	if (UNMARSHALLING(ps)) {
5151
		il=(SPOOL_PRINTER_DRIVER_INFO_LEVEL_3 *)prs_alloc_mem(ps,sizeof(SPOOL_PRINTER_DRIVER_INFO_LEVEL_3));
5151
		il=PRS_ALLOC_MEM(ps,SPOOL_PRINTER_DRIVER_INFO_LEVEL_3,1);
5152
		if(il == NULL)
5152
		if(il == NULL)
5153
			return False;
5153
			return False;
5154
		*q_u=il;
5154
		*q_u=il;
Lines 5226-5232 Link Here
5226
		
5226
		
5227
	/* reading */
5227
	/* reading */
5228
	if (UNMARSHALLING(ps)) {
5228
	if (UNMARSHALLING(ps)) {
5229
		il=(SPOOL_PRINTER_DRIVER_INFO_LEVEL_6 *)prs_alloc_mem(ps,sizeof(SPOOL_PRINTER_DRIVER_INFO_LEVEL_6));
5229
		il=PRS_ALLOC_MEM(ps,SPOOL_PRINTER_DRIVER_INFO_LEVEL_6,1);
5230
		if(il == NULL)
5230
		if(il == NULL)
5231
			return False;
5231
			return False;
5232
		*q_u=il;
5232
		*q_u=il;
Lines 5385-5391 Link Here
5385
	while (src < ((char *)buf5->buffer) + buf5->buf_len*2) {
5385
	while (src < ((char *)buf5->buffer) + buf5->buf_len*2) {
5386
		rpcstr_pull(f, src, sizeof(f)-1, -1, STR_TERMINATE);
5386
		rpcstr_pull(f, src, sizeof(f)-1, -1, STR_TERMINATE);
5387
		src = skip_unibuf(src, 2*buf5->buf_len - PTR_DIFF(src,buf5->buffer));
5387
		src = skip_unibuf(src, 2*buf5->buf_len - PTR_DIFF(src,buf5->buffer));
5388
		tar = (fstring *)Realloc(*ar, sizeof(fstring)*(n+2));
5388
		tar = SMB_REALLOC_ARRAY(*ar, fstring, n+2);
5389
		if (!tar)
5389
		if (!tar)
5390
			return False;
5390
			return False;
5391
		else
5391
		else
Lines 5499-5505 Link Here
5499
	BOOL		null_char = False;
5499
	BOOL		null_char = False;
5500
	SPOOL_PRINTER_DRIVER_INFO_LEVEL_3 *inf;
5500
	SPOOL_PRINTER_DRIVER_INFO_LEVEL_3 *inf;
5501
5501
5502
	if (!(inf=(SPOOL_PRINTER_DRIVER_INFO_LEVEL_3*)talloc_zero(mem_ctx, sizeof(SPOOL_PRINTER_DRIVER_INFO_LEVEL_3))))
5502
	if (!(inf=TALLOC_ZERO_P(mem_ctx, SPOOL_PRINTER_DRIVER_INFO_LEVEL_3)))
5503
		return False;
5503
		return False;
5504
	
5504
	
5505
	inf->cversion	= info3->version;
5505
	inf->cversion	= info3->version;
Lines 5562-5569 Link Here
5562
{
5562
{
5563
5563
5564
	buf5->buf_len = len;
5564
	buf5->buf_len = len;
5565
	if((buf5->buffer=(uint16*)talloc_memdup(mem_ctx, src, sizeof(uint16)*len)) == NULL)
5565
	if((buf5->buffer=(uint16*)TALLOC_MEMDUP(mem_ctx, src, sizeof(uint16)*len)) == NULL) {
5566
	{
5567
		DEBUG(0,("make_spoolss_buffer5: Unable to malloc memory for buffer!\n"));
5566
		DEBUG(0,("make_spoolss_buffer5: Unable to malloc memory for buffer!\n"));
5568
		return False;
5567
		return False;
5569
	}
5568
	}
Lines 5672-5678 Link Here
5672
	
5671
	
5673
	if (*asc==NULL)
5672
	if (*asc==NULL)
5674
	{
5673
	{
5675
		*asc=(NT_PRINTER_DRIVER_INFO_LEVEL_3 *)malloc(sizeof(NT_PRINTER_DRIVER_INFO_LEVEL_3));
5674
		*asc=SMB_MALLOC_P(NT_PRINTER_DRIVER_INFO_LEVEL_3);
5676
		if(*asc == NULL)
5675
		if(*asc == NULL)
5677
			return False;
5676
			return False;
5678
		ZERO_STRUCTP(*asc);
5677
		ZERO_STRUCTP(*asc);
Lines 5719-5725 Link Here
5719
	
5718
	
5720
	if (*asc==NULL)
5719
	if (*asc==NULL)
5721
	{
5720
	{
5722
		*asc=(NT_PRINTER_DRIVER_INFO_LEVEL_6 *)malloc(sizeof(NT_PRINTER_DRIVER_INFO_LEVEL_6));
5721
		*asc=SMB_MALLOC_P(NT_PRINTER_DRIVER_INFO_LEVEL_6);
5723
		if(*asc == NULL)
5722
		if(*asc == NULL)
5724
			return False;
5723
			return False;
5725
		ZERO_STRUCTP(*asc);
5724
		ZERO_STRUCTP(*asc);
Lines 5772-5778 Link Here
5772
	if (*asc==NULL) {
5771
	if (*asc==NULL) {
5773
		DEBUGADD(8,("allocating memory\n"));
5772
		DEBUGADD(8,("allocating memory\n"));
5774
5773
5775
		*asc=(NT_PRINTER_INFO_LEVEL_2 *)malloc(sizeof(NT_PRINTER_INFO_LEVEL_2));
5774
		*asc=SMB_MALLOC_P(NT_PRINTER_INFO_LEVEL_2);
5776
		if(*asc == NULL)
5775
		if(*asc == NULL)
5777
			return False;
5776
			return False;
5778
		ZERO_STRUCTP(*asc);
5777
		ZERO_STRUCTP(*asc);
Lines 6168-6174 Link Here
6168
		return False;
6167
		return False;
6169
6168
6170
	if (UNMARSHALLING(ps) && r_u->valuesize) {
6169
	if (UNMARSHALLING(ps) && r_u->valuesize) {
6171
		r_u->value = (uint16 *)prs_alloc_mem(ps, r_u->valuesize * 2);
6170
		r_u->value = PRS_ALLOC_MEM(ps, uint16, r_u->valuesize);
6172
		if (!r_u->value) {
6171
		if (!r_u->value) {
6173
			DEBUG(0, ("spoolss_io_r_enumprinterdata: out of memory for printerdata value\n"));
6172
			DEBUG(0, ("spoolss_io_r_enumprinterdata: out of memory for printerdata value\n"));
6174
			return False;
6173
			return False;
Lines 6191-6197 Link Here
6191
		return False;
6190
		return False;
6192
6191
6193
	if (UNMARSHALLING(ps) && r_u->datasize) {
6192
	if (UNMARSHALLING(ps) && r_u->datasize) {
6194
		r_u->data = (uint8 *)prs_alloc_mem(ps, r_u->datasize);
6193
		r_u->data = PRS_ALLOC_MEM(ps, uint8, r_u->datasize);
6195
		if (!r_u->data) {
6194
		if (!r_u->data) {
6196
			DEBUG(0, ("spoolss_io_r_enumprinterdata: out of memory for printerdata data\n"));
6195
			DEBUG(0, ("spoolss_io_r_enumprinterdata: out of memory for printerdata data\n"));
6197
			return False;
6196
			return False;
Lines 6326-6332 Link Here
6326
		case REG_MULTI_SZ:
6325
		case REG_MULTI_SZ:
6327
            if (q_u->max_len) {
6326
            if (q_u->max_len) {
6328
                if (UNMARSHALLING(ps))
6327
                if (UNMARSHALLING(ps))
6329
    				q_u->data=(uint8 *)prs_alloc_mem(ps, q_u->max_len * sizeof(uint8));
6328
    				q_u->data=PRS_ALLOC_MEM(ps, uint8, q_u->max_len);
6330
    			if(q_u->data == NULL)
6329
    			if(q_u->data == NULL)
6331
    				return False;
6330
    				return False;
6332
    			if(!prs_uint8s(False,"data", ps, depth, q_u->data, q_u->max_len))
6331
    			if(!prs_uint8s(False,"data", ps, depth, q_u->data, q_u->max_len))
Lines 6885-6891 Link Here
6885
		if (src->size != POINTER) 
6884
		if (src->size != POINTER) 
6886
			continue;
6885
			continue;
6887
		len = src->notify_data.data.length;
6886
		len = src->notify_data.data.length;
6888
		s = malloc(sizeof(uint16)*len);
6887
		s = SMB_MALLOC_ARRAY(uint16, len);
6889
		if (s == NULL) {
6888
		if (s == NULL) {
6890
			DEBUG(0,("copy_spool_notify_info_data: malloc() failed!\n"));
6889
			DEBUG(0,("copy_spool_notify_info_data: malloc() failed!\n"));
6891
			return False;
6890
			return False;
Lines 6914-6920 Link Here
6914
	
6913
	
6915
	if (dst->count) 
6914
	if (dst->count) 
6916
	{
6915
	{
6917
		dst->data = malloc(dst->count * sizeof(SPOOL_NOTIFY_INFO_DATA));
6916
		dst->data = SMB_MALLOC_ARRAY(SPOOL_NOTIFY_INFO_DATA, dst->count);
6918
		
6917
		
6919
		DEBUG(10,("copy_spool_notify_info: allocating space for [%d] PRINTER_NOTIFY_INFO_DATA entries\n",
6918
		DEBUG(10,("copy_spool_notify_info: allocating space for [%d] PRINTER_NOTIFY_INFO_DATA entries\n",
6920
			dst->count));
6919
			dst->count));
Lines 7084-7090 Link Here
7084
		return False;
7083
		return False;
7085
	
7084
	
7086
	if (UNMARSHALLING(ps) && r_u->size) {
7085
	if (UNMARSHALLING(ps) && r_u->size) {
7087
		r_u->data = (unsigned char *)prs_alloc_mem(ps, r_u->size);
7086
		r_u->data = PRS_ALLOC_MEM(ps, unsigned char, r_u->size);
7088
		if(!r_u->data)
7087
		if(!r_u->data)
7089
			return False;
7088
			return False;
7090
	}
7089
	}
Lines 7142-7148 Link Here
7142
		case 0x7:
7141
		case 0x7:
7143
			if (q_u->max_len) {
7142
			if (q_u->max_len) {
7144
				if (UNMARSHALLING(ps))
7143
				if (UNMARSHALLING(ps))
7145
    					q_u->data=(uint8 *)prs_alloc_mem(ps, q_u->max_len * sizeof(uint8));
7144
    					q_u->data=PRS_ALLOC_MEM(ps, uint8, q_u->max_len);
7146
    				if(q_u->data == NULL)
7145
    				if(q_u->data == NULL)
7147
    					return False;
7146
    					return False;
7148
    				if(!prs_uint8s(False,"data", ps, depth, q_u->data, q_u->max_len))
7147
    				if(!prs_uint8s(False,"data", ps, depth, q_u->data, q_u->max_len))
Lines 7350-7357 Link Here
7350
	/* first loop to write basic enum_value information */
7349
	/* first loop to write basic enum_value information */
7351
	
7350
	
7352
	if (UNMARSHALLING(ps)) {
7351
	if (UNMARSHALLING(ps)) {
7353
		ctr->values = (PRINTER_ENUM_VALUES *)prs_alloc_mem(
7352
		ctr->values = PRS_ALLOC_MEM(ps, PRINTER_ENUM_VALUES, ctr->size_of_array);
7354
			ps, ctr->size_of_array * sizeof(PRINTER_ENUM_VALUES));
7355
		if (!ctr->values)
7353
		if (!ctr->values)
7356
			return False;
7354
			return False;
7357
	}
7355
	}
Lines 7392-7399 Link Here
7392
		
7390
		
7393
		if ( ctr->values[i].data_len ) {
7391
		if ( ctr->values[i].data_len ) {
7394
			if ( UNMARSHALLING(ps) ) {
7392
			if ( UNMARSHALLING(ps) ) {
7395
				ctr->values[i].data = (uint8 *)prs_alloc_mem(
7393
				ctr->values[i].data = PRS_ALLOC_MEM(ps, uint8, ctr->values[i].data_len);
7396
					ps, ctr->values[i].data_len);
7397
				if (!ctr->values[i].data)
7394
				if (!ctr->values[i].data)
7398
					return False;
7395
					return False;
7399
			}
7396
			}
(-)samba-3.0.9-orig/source/rpc_parse/parse_srv.c (-17 / +15 lines)
Lines 783-789 Link Here
783
		int i;
783
		int i;
784
784
785
		if (UNMARSHALLING(ps)) {
785
		if (UNMARSHALLING(ps)) {
786
			if (!(info0 = (SRV_SHARE_INFO_0 *)prs_alloc_mem(ps, num_entries * sizeof(SRV_SHARE_INFO_0))))
786
			if (!(info0 = PRS_ALLOC_MEM(ps, SRV_SHARE_INFO_0, num_entries)))
787
				return False;
787
				return False;
788
			ctr->share.info0 = info0;
788
			ctr->share.info0 = info0;
789
		}
789
		}
Lines 809-815 Link Here
809
		int i;
809
		int i;
810
810
811
		if (UNMARSHALLING(ps)) {
811
		if (UNMARSHALLING(ps)) {
812
			if (!(info1 = (SRV_SHARE_INFO_1 *)prs_alloc_mem(ps, num_entries * sizeof(SRV_SHARE_INFO_1))))
812
			if (!(info1 = PRS_ALLOC_MEM(ps, SRV_SHARE_INFO_1, num_entries)))
813
				return False;
813
				return False;
814
			ctr->share.info1 = info1;
814
			ctr->share.info1 = info1;
815
		}
815
		}
Lines 835-841 Link Here
835
		int i;
835
		int i;
836
836
837
		if (UNMARSHALLING(ps)) {
837
		if (UNMARSHALLING(ps)) {
838
			if (!(info2 = (SRV_SHARE_INFO_2 *)prs_alloc_mem(ps,num_entries * sizeof(SRV_SHARE_INFO_2))))
838
			if (!(info2 = PRS_ALLOC_MEM(ps,SRV_SHARE_INFO_2,num_entries)))
839
				return False;
839
				return False;
840
			ctr->share.info2 = info2;
840
			ctr->share.info2 = info2;
841
		}
841
		}
Lines 860-867 Link Here
860
		int i;
860
		int i;
861
861
862
		if (UNMARSHALLING(ps)) {
862
		if (UNMARSHALLING(ps)) {
863
			if (!(info501 = (SRV_SHARE_INFO_501 *) prs_alloc_mem(ps, num_entries *
863
			if (!(info501 = PRS_ALLOC_MEM(ps, SRV_SHARE_INFO_501, num_entries)))
864
					sizeof (SRV_SHARE_INFO_501))))
865
				return False;
864
				return False;
866
			ctr->share.info501 = info501;
865
			ctr->share.info501 = info501;
867
		}
866
		}
Lines 886-892 Link Here
886
		int i;
885
		int i;
887
886
888
		if (UNMARSHALLING(ps)) {
887
		if (UNMARSHALLING(ps)) {
889
			if (!(info502 = (SRV_SHARE_INFO_502 *)prs_alloc_mem(ps,num_entries * sizeof(SRV_SHARE_INFO_502))))
888
			if (!(info502 = PRS_ALLOC_MEM(ps,SRV_SHARE_INFO_502,num_entries)))
890
				return False;
889
				return False;
891
			ctr->share.info502 = info502;
890
			ctr->share.info502 = info502;
892
		}
891
		}
Lines 912-918 Link Here
912
		int i;
911
		int i;
913
912
914
		if (UNMARSHALLING(ps)) {
913
		if (UNMARSHALLING(ps)) {
915
			if (!(info1004 = (SRV_SHARE_INFO_1004 *)prs_alloc_mem(ps,num_entries * sizeof(SRV_SHARE_INFO_1004))))
914
			if (!(info1004 = PRS_ALLOC_MEM(ps,SRV_SHARE_INFO_1004,num_entries)))
916
				return False;
915
				return False;
917
			ctr->share.info1004 = info1004;
916
			ctr->share.info1004 = info1004;
918
		}
917
		}
Lines 938-944 Link Here
938
		int i;
937
		int i;
939
938
940
		if (UNMARSHALLING(ps)) {
939
		if (UNMARSHALLING(ps)) {
941
			if (!(info1005 = (SRV_SHARE_INFO_1005 *)prs_alloc_mem(ps,num_entries * sizeof(SRV_SHARE_INFO_1005))))
940
			if (!(info1005 = PRS_ALLOC_MEM(ps,SRV_SHARE_INFO_1005,num_entries)))
942
				return False;
941
				return False;
943
			ctr->share.info1005 = info1005;
942
			ctr->share.info1005 = info1005;
944
		}
943
		}
Lines 958-964 Link Here
958
		int i;
957
		int i;
959
958
960
		if (UNMARSHALLING(ps)) {
959
		if (UNMARSHALLING(ps)) {
961
			if (!(info1006 = (SRV_SHARE_INFO_1006 *)prs_alloc_mem(ps,num_entries * sizeof(SRV_SHARE_INFO_1006))))
960
			if (!(info1006 = PRS_ALLOC_MEM(ps,SRV_SHARE_INFO_1006,num_entries)))
962
				return False;
961
				return False;
963
			ctr->share.info1006 = info1006;
962
			ctr->share.info1006 = info1006;
964
		}
963
		}
Lines 978-984 Link Here
978
		int i;
977
		int i;
979
978
980
		if (UNMARSHALLING(ps)) {
979
		if (UNMARSHALLING(ps)) {
981
			if (!(info1007 = (SRV_SHARE_INFO_1007 *)prs_alloc_mem(ps,num_entries * sizeof(SRV_SHARE_INFO_1007))))
980
			if (!(info1007 = PRS_ALLOC_MEM(ps,SRV_SHARE_INFO_1007,num_entries)))
982
				return False;
981
				return False;
983
			ctr->share.info1007 = info1007;
982
			ctr->share.info1007 = info1007;
984
		}
983
		}
Lines 1004-1010 Link Here
1004
		int i;
1003
		int i;
1005
1004
1006
		if (UNMARSHALLING(ps)) {
1005
		if (UNMARSHALLING(ps)) {
1007
			if (!(info1501 = (SRV_SHARE_INFO_1501 *)prs_alloc_mem(ps,num_entries * sizeof(SRV_SHARE_INFO_1501))))
1006
			if (!(info1501 = PRS_ALLOC_MEM(ps,SRV_SHARE_INFO_1501,num_entries)))
1008
				return False;
1007
				return False;
1009
			ctr->share.info1501 = info1501;
1008
			ctr->share.info1501 = info1501;
1010
		}
1009
		}
Lines 1848-1854 Link Here
1848
	depth++;
1847
	depth++;
1849
1848
1850
	if(UNMARSHALLING(ps)) {
1849
	if(UNMARSHALLING(ps)) {
1851
		ctr = *pp_ctr = (SRV_SESS_INFO_CTR *)prs_alloc_mem(ps, sizeof(SRV_SESS_INFO_CTR));
1850
		ctr = *pp_ctr = PRS_ALLOC_MEM(ps, SRV_SESS_INFO_CTR, 1);
1852
		if (ctr == NULL)
1851
		if (ctr == NULL)
1853
			return False;
1852
			return False;
1854
	}
1853
	}
Lines 2221-2227 Link Here
2221
	depth++;
2220
	depth++;
2222
2221
2223
	if (UNMARSHALLING(ps)) {
2222
	if (UNMARSHALLING(ps)) {
2224
		ctr = *pp_ctr = (SRV_CONN_INFO_CTR *)prs_alloc_mem(ps, sizeof(SRV_CONN_INFO_CTR));
2223
		ctr = *pp_ctr = PRS_ALLOC_MEM(ps, SRV_CONN_INFO_CTR, 1);
2225
		if (ctr == NULL)
2224
		if (ctr == NULL)
2226
			return False;
2225
			return False;
2227
	}
2226
	}
Lines 2487-2493 Link Here
2487
		int i;
2486
		int i;
2488
2487
2489
		if (UNMARSHALLING(ps)) {
2488
		if (UNMARSHALLING(ps)) {
2490
			if (!(info3 = (SRV_FILE_INFO_3 *)prs_alloc_mem(ps, num_entries * sizeof(SRV_FILE_INFO_3))))
2489
			if (!(info3 = PRS_ALLOC_MEM(ps, SRV_FILE_INFO_3, num_entries)))
2491
				return False;
2490
				return False;
2492
			ctr->file.info3 = info3;
2491
			ctr->file.info3 = info3;
2493
		}
2492
		}
Lines 3022-3029 Link Here
3022
		return False;
3021
		return False;
3023
3022
3024
	if (UNMARSHALLING(ps)) {
3023
	if (UNMARSHALLING(ps)) {
3025
		q_n->ctr = (SRV_INFO_CTR *)
3024
		q_n->ctr = PRS_ALLOC_MEM(ps, SRV_INFO_CTR, 1);
3026
			prs_alloc_mem(ps, sizeof(SRV_INFO_CTR));
3027
3025
3028
		if (!q_n->ctr)
3026
		if (!q_n->ctr)
3029
			return False;
3027
			return False;
Lines 3310-3316 Link Here
3310
3308
3311
		DISK_INFO *dinfo;
3309
		DISK_INFO *dinfo;
3312
3310
3313
		if(!(dinfo = (DISK_INFO *)prs_alloc_mem(ps, sizeof(*dinfo) * entries_read3)))
3311
		if(!(dinfo = PRS_ALLOC_MEM(ps, DISK_INFO, entries_read3)))
3314
		return False;
3312
		return False;
3315
		r_n->disk_enum_ctr.disk_info = dinfo;
3313
		r_n->disk_enum_ctr.disk_info = dinfo;
3316
	}
3314
	}
(-)samba-3.0.9-orig/source/rpc_server/srv_dfs_nt.c (-9 / +6 lines)
Lines 81-89 Link Here
81
81
82
	vfs_ChDir(p->conn,p->conn->connectpath);
82
	vfs_ChDir(p->conn,p->conn->connectpath);
83
83
84
	jn.referral_list = (struct referral*) talloc(p->mem_ctx, jn.referral_count 
84
	jn.referral_list = TALLOC_ARRAY(p->mem_ctx, struct referral, jn.referral_count);
85
				* sizeof(struct referral));
86
87
	if(jn.referral_list == NULL) {
85
	if(jn.referral_list == NULL) {
88
		DEBUG(0,("init_reply_dfs_add: talloc failed for referral list!\n"));
86
		DEBUG(0,("init_reply_dfs_add: talloc failed for referral list!\n"));
89
		return WERR_DFS_INTERNAL_ERROR;
87
		return WERR_DFS_INTERNAL_ERROR;
Lines 245-252 Link Here
245
		dfs3[i].ptr_storages = 1;
243
		dfs3[i].ptr_storages = 1;
246
     
244
     
247
		/* also enumerate the storages */
245
		/* also enumerate the storages */
248
		dfs3[i].storages = (DFS_STORAGE_INFO*) talloc(ctx, j[i].referral_count * 
246
		dfs3[i].storages = TALLOC_ARRAY(ctx, DFS_STORAGE_INFO, j[i].referral_count);
249
						sizeof(DFS_STORAGE_INFO));
250
		if (!dfs3[i].storages)
247
		if (!dfs3[i].storages)
251
			return False;
248
			return False;
252
249
Lines 285-291 Link Here
285
	case 1:
282
	case 1:
286
		{
283
		{
287
		DFS_INFO_1* dfs1;
284
		DFS_INFO_1* dfs1;
288
		dfs1 = (DFS_INFO_1*) talloc(ctx, num_jn * sizeof(DFS_INFO_1));
285
		dfs1 = TALLOC_ARRAY(ctx, DFS_INFO_1, num_jn);
289
		if (!dfs1)
286
		if (!dfs1)
290
			return WERR_NOMEM;
287
			return WERR_NOMEM;
291
		init_reply_dfs_info_1(jn, dfs1, num_jn);
288
		init_reply_dfs_info_1(jn, dfs1, num_jn);
Lines 295-301 Link Here
295
	case 2:
292
	case 2:
296
		{
293
		{
297
		DFS_INFO_2* dfs2;
294
		DFS_INFO_2* dfs2;
298
		dfs2 = (DFS_INFO_2*) talloc(ctx, num_jn * sizeof(DFS_INFO_2));
295
		dfs2 = TALLOC_ARRAY(ctx, DFS_INFO_2, num_jn);
299
		if (!dfs2)
296
		if (!dfs2)
300
			return WERR_NOMEM;
297
			return WERR_NOMEM;
301
		init_reply_dfs_info_2(jn, dfs2, num_jn);
298
		init_reply_dfs_info_2(jn, dfs2, num_jn);
Lines 305-311 Link Here
305
	case 3:
302
	case 3:
306
		{
303
		{
307
		DFS_INFO_3* dfs3;
304
		DFS_INFO_3* dfs3;
308
		dfs3 = (DFS_INFO_3*) talloc(ctx, num_jn * sizeof(DFS_INFO_3));
305
		dfs3 = TALLOC_ARRAY(ctx, DFS_INFO_3, num_jn);
309
		if (!dfs3)
306
		if (!dfs3)
310
			return WERR_NOMEM;
307
			return WERR_NOMEM;
311
		init_reply_dfs_info_3(ctx, jn, dfs3, num_jn);
308
		init_reply_dfs_info_3(ctx, jn, dfs3, num_jn);
Lines 336-342 Link Here
336
	r_u->reshnd.ptr_hnd = 1;
333
	r_u->reshnd.ptr_hnd = 1;
337
	r_u->reshnd.handle = num_jn;
334
	r_u->reshnd.handle = num_jn;
338
  
335
  
339
	r_u->ctr = (DFS_INFO_CTR*)talloc(p->mem_ctx, sizeof(DFS_INFO_CTR));
336
	r_u->ctr = TALLOC_P(p->mem_ctx, DFS_INFO_CTR);
340
	if (!r_u->ctr)
337
	if (!r_u->ctr)
341
		return WERR_NOMEM;
338
		return WERR_NOMEM;
342
	ZERO_STRUCTP(r_u->ctr);
339
	ZERO_STRUCTP(r_u->ctr);
(-)samba-3.0.9-orig/source/rpc_server/srv_echo_nt.c (-2 / +2 lines)
Lines 44-50 Link Here
44
{
44
{
45
	DEBUG(10, ("_echo_data\n"));
45
	DEBUG(10, ("_echo_data\n"));
46
46
47
	r_u->data = talloc(p->mem_ctx, q_u->size);
47
	r_u->data = TALLOC(p->mem_ctx, q_u->size);
48
	r_u->size = q_u->size;
48
	r_u->size = q_u->size;
49
	memcpy(r_u->data, q_u->data, q_u->size);
49
	memcpy(r_u->data, q_u->data, q_u->size);
50
}
50
}
Lines 68-74 Link Here
68
68
69
	DEBUG(10, ("_source_data\n"));
69
	DEBUG(10, ("_source_data\n"));
70
70
71
	r_u->data = talloc(p->mem_ctx, q_u->size);
71
	r_u->data = TALLOC(p->mem_ctx, q_u->size);
72
	r_u->size = q_u->size;
72
	r_u->size = q_u->size;
73
73
74
	for (i = 0; i < r_u->size; i++)
74
	for (i = 0; i < r_u->size; i++)
(-)samba-3.0.9-orig/source/rpc_server/srv_lsa_ds_nt.c (-1 / +1 lines)
Lines 41-47 Link Here
41
41
42
	DEBUG(10,("fill_dsrole_dominfo_basic: enter\n"));
42
	DEBUG(10,("fill_dsrole_dominfo_basic: enter\n"));
43
43
44
	if ( !(basic = talloc_zero(ctx, sizeof(DSROLE_PRIMARY_DOMAIN_INFO_BASIC))) ) {
44
	if ( !(basic = TALLOC_ZERO_P(ctx, DSROLE_PRIMARY_DOMAIN_INFO_BASIC)) ) {
45
		DEBUG(0,("fill_dsrole_dominfo_basic: FATAL error!  talloc_xero() failed\n"));
45
		DEBUG(0,("fill_dsrole_dominfo_basic: FATAL error!  talloc_xero() failed\n"));
46
		return NT_STATUS_NO_MEMORY;
46
		return NT_STATUS_NO_MEMORY;
47
	}
47
	}
(-)samba-3.0.9-orig/source/rpc_server/srv_lsa_hnd.c (-2 / +2 lines)
Lines 70-76 Link Here
70
		 * Create list.
70
		 * Create list.
71
		 */
71
		 */
72
72
73
		if ((hl = (struct handle_list *)malloc(sizeof(struct handle_list))) == NULL)
73
		if ((hl = SMB_MALLOC_P(struct handle_list)) == NULL)
74
			return False;
74
			return False;
75
		ZERO_STRUCTP(hl);
75
		ZERO_STRUCTP(hl);
76
76
Lines 112-118 Link Here
112
		return False;
112
		return False;
113
	}
113
	}
114
114
115
	pol = (struct policy *)malloc(sizeof(*p));
115
	pol = SMB_MALLOC_P(struct policy);
116
	if (!pol) {
116
	if (!pol) {
117
		DEBUG(0,("create_policy_hnd: ERROR: out of memory!\n"));
117
		DEBUG(0,("create_policy_hnd: ERROR: out of memory!\n"));
118
		return False;
118
		return False;
(-)samba-3.0.9-orig/source/rpc_server/srv_lsa_nt.c (-15 / +13 lines)
Lines 232-245 Link Here
232
	/* Allocate memory for list of names */
232
	/* Allocate memory for list of names */
233
233
234
	if (num_entries > 0) {
234
	if (num_entries > 0) {
235
		if (!(trn->name = (LSA_TRANS_NAME *)talloc(ctx, sizeof(LSA_TRANS_NAME) *
235
		if (!(trn->name = TALLOC_ARRAY(ctx, LSA_TRANS_NAME, num_entries))) {
236
							  num_entries))) {
237
			DEBUG(0, ("init_lsa_trans_names(): out of memory\n"));
236
			DEBUG(0, ("init_lsa_trans_names(): out of memory\n"));
238
			return;
237
			return;
239
		}
238
		}
240
239
241
		if (!(trn->uni_name = (UNISTR2 *)talloc(ctx, sizeof(UNISTR2) * 
240
		if (!(trn->uni_name = TALLOC_ARRAY(ctx, UNISTR2, num_entries))) {
242
							num_entries))) {
243
			DEBUG(0, ("init_lsa_trans_names(): out of memory\n"));
241
			DEBUG(0, ("init_lsa_trans_names(): out of memory\n"));
244
			return;
242
			return;
245
		}
243
		}
Lines 418-424 Link Here
418
416
419
417
420
	/* associate the domain SID with the (unique) handle. */
418
	/* associate the domain SID with the (unique) handle. */
421
	if ((info = (struct lsa_info *)malloc(sizeof(struct lsa_info))) == NULL)
419
	if ((info = SMB_MALLOC_P(struct lsa_info)) == NULL)
422
		return NT_STATUS_NO_MEMORY;
420
		return NT_STATUS_NO_MEMORY;
423
421
424
	ZERO_STRUCTP(info);
422
	ZERO_STRUCTP(info);
Lines 463-469 Link Here
463
	}
461
	}
464
462
465
	/* associate the domain SID with the (unique) handle. */
463
	/* associate the domain SID with the (unique) handle. */
466
	if ((info = (struct lsa_info *)malloc(sizeof(struct lsa_info))) == NULL)
464
	if ((info = SMB_MALLOC_P(struct lsa_info)) == NULL)
467
		return NT_STATUS_NO_MEMORY;
465
		return NT_STATUS_NO_MEMORY;
468
466
469
	ZERO_STRUCTP(info);
467
	ZERO_STRUCTP(info);
Lines 550-556 Link Here
550
		info->id2.auditing_enabled = 1;
548
		info->id2.auditing_enabled = 1;
551
		info->id2.count1 = 7;
549
		info->id2.count1 = 7;
552
		info->id2.count2 = 7;
550
		info->id2.count2 = 7;
553
		if ((info->id2.auditsettings = (uint32 *)talloc(p->mem_ctx,7*sizeof(uint32))) == NULL)
551
		if ((info->id2.auditsettings = TALLOC_ARRAY(p->mem_ctx,uint32, 7)) == NULL)
554
			return NT_STATUS_NO_MEMORY;
552
			return NT_STATUS_NO_MEMORY;
555
		for (i = 0; i < 7; i++)
553
		for (i = 0; i < 7; i++)
556
			info->id2.auditsettings[i] = 3;
554
			info->id2.auditsettings[i] = 3;
Lines 649-656 Link Here
649
		DEBUG(5,("_lsa_lookup_sids: truncating SID lookup list to %d\n", num_entries));
647
		DEBUG(5,("_lsa_lookup_sids: truncating SID lookup list to %d\n", num_entries));
650
	}
648
	}
651
649
652
	ref = (DOM_R_REF *)talloc_zero(p->mem_ctx, sizeof(DOM_R_REF));
650
	ref = TALLOC_ZERO_P(p->mem_ctx, DOM_R_REF);
653
	names = (LSA_TRANS_NAME_ENUM *)talloc_zero(p->mem_ctx, sizeof(LSA_TRANS_NAME_ENUM));
651
	names = TALLOC_ZERO_P(p->mem_ctx, LSA_TRANS_NAME_ENUM);
654
652
655
	if (!find_policy_by_hnd(p, &q_u->pol, (void **)&handle)) {
653
	if (!find_policy_by_hnd(p, &q_u->pol, (void **)&handle)) {
656
		r_u->status = NT_STATUS_INVALID_HANDLE;
654
		r_u->status = NT_STATUS_INVALID_HANDLE;
Lines 698-705 Link Here
698
		DEBUG(5,("_lsa_lookup_names: truncating name lookup list to %d\n", num_entries));
696
		DEBUG(5,("_lsa_lookup_names: truncating name lookup list to %d\n", num_entries));
699
	}
697
	}
700
		
698
		
701
	ref = (DOM_R_REF *)talloc_zero(p->mem_ctx, sizeof(DOM_R_REF));
699
	ref = TALLOC_ZERO_P(p->mem_ctx, DOM_R_REF);
702
	rids = (DOM_RID2 *)talloc_zero(p->mem_ctx, sizeof(DOM_RID2)*num_entries);
700
	rids = TALLOC_ZERO_ARRAY(p->mem_ctx, DOM_RID2, num_entries);
703
701
704
	if (!find_policy_by_hnd(p, &q_u->pol, (void **)&handle)) {
702
	if (!find_policy_by_hnd(p, &q_u->pol, (void **)&handle)) {
705
		r_u->status = NT_STATUS_INVALID_HANDLE;
703
		r_u->status = NT_STATUS_INVALID_HANDLE;
Lines 768-774 Link Here
768
	if (enum_context >= PRIV_ALL_INDEX)
766
	if (enum_context >= PRIV_ALL_INDEX)
769
		return NT_STATUS_NO_MORE_ENTRIES;
767
		return NT_STATUS_NO_MORE_ENTRIES;
770
768
771
	entries = (LSA_PRIV_ENTRY *)talloc_zero(p->mem_ctx, sizeof(LSA_PRIV_ENTRY) * (PRIV_ALL_INDEX));
769
	entries = TALLOC_ZERO_ARRAY(p->mem_ctx, LSA_PRIV_ENTRY, PRIV_ALL_INDEX);
772
	if (entries==NULL)
770
	if (entries==NULL)
773
		return NT_STATUS_NO_MEMORY;
771
		return NT_STATUS_NO_MEMORY;
774
772
Lines 887-894 Link Here
887
	if (q_u->enum_context >= num_entries)
885
	if (q_u->enum_context >= num_entries)
888
		return NT_STATUS_NO_MORE_ENTRIES;
886
		return NT_STATUS_NO_MORE_ENTRIES;
889
887
890
	sids->ptr_sid = (uint32 *)talloc_zero(p->mem_ctx, (num_entries-q_u->enum_context)*sizeof(uint32));
888
	sids->ptr_sid = TALLOC_ZERO_ARRAY(p->mem_ctx, uint32, num_entries-q_u->enum_context);
891
	sids->sid = (DOM_SID2 *)talloc_zero(p->mem_ctx, (num_entries-q_u->enum_context)*sizeof(DOM_SID2));
889
	sids->sid = TALLOC_ZERO_ARRAY(p->mem_ctx, DOM_SID2, num_entries-q_u->enum_context);
892
890
893
	if (sids->ptr_sid==NULL || sids->sid==NULL) {
891
	if (sids->ptr_sid==NULL || sids->sid==NULL) {
894
		SAFE_FREE(map);
892
		SAFE_FREE(map);
Lines 960-966 Link Here
960
		return NT_STATUS_ACCESS_DENIED;
958
		return NT_STATUS_ACCESS_DENIED;
961
959
962
	/* associate the user/group SID with the (unique) handle. */
960
	/* associate the user/group SID with the (unique) handle. */
963
	if ((info = (struct lsa_info *)malloc(sizeof(struct lsa_info))) == NULL)
961
	if ((info = SMB_MALLOC_P(struct lsa_info)) == NULL)
964
		return NT_STATUS_NO_MEMORY;
962
		return NT_STATUS_NO_MEMORY;
965
963
966
	ZERO_STRUCTP(info);
964
	ZERO_STRUCTP(info);
(-)samba-3.0.9-orig/source/rpc_server/srv_netlog_nt.c (-1 / +1 lines)
Lines 579-585 Link Here
579
	SAM_ACCOUNT *sampw;
579
	SAM_ACCOUNT *sampw;
580
	struct auth_context *auth_context = NULL;
580
	struct auth_context *auth_context = NULL;
581
	        
581
	        
582
	usr_info = (NET_USER_INFO_3 *)talloc(p->mem_ctx, sizeof(NET_USER_INFO_3));
582
	usr_info = TALLOC_P(p->mem_ctx, NET_USER_INFO_3);
583
	if (!usr_info)
583
	if (!usr_info)
584
		return NT_STATUS_NO_MEMORY;
584
		return NT_STATUS_NO_MEMORY;
585
585
(-)samba-3.0.9-orig/source/rpc_server/srv_pipe.c (-13 / +8 lines)
Lines 775-781 Link Here
775
			int 			n_fns = 0;
775
			int 			n_fns = 0;
776
			PIPE_RPC_FNS		*context_fns;
776
			PIPE_RPC_FNS		*context_fns;
777
			
777
			
778
			if ( !(context_fns = malloc(sizeof(PIPE_RPC_FNS))) ) {
778
			if ( !(context_fns = SMB_MALLOC_P(PIPE_RPC_FNS)) ) {
779
				DEBUG(0,("check_bind_req: malloc() failed!\n"));
779
				DEBUG(0,("check_bind_req: malloc() failed!\n"));
780
				return False;
780
				return False;
781
			}
781
			}
Lines 831-838 Link Here
831
        /* We use a temporary variable because this call can fail and 
831
        /* We use a temporary variable because this call can fail and 
832
           rpc_lookup will still be valid afterwards.  It could then succeed if
832
           rpc_lookup will still be valid afterwards.  It could then succeed if
833
           called again later */
833
           called again later */
834
        rpc_entry = realloc(rpc_lookup, 
834
	rpc_lookup_size++;
835
                            ++rpc_lookup_size*sizeof(struct rpc_table));
835
        rpc_entry = SMB_REALLOC_ARRAY(rpc_lookup, struct rpc_table, rpc_lookup_size);
836
        if (NULL == rpc_entry) {
836
        if (NULL == rpc_entry) {
837
                rpc_lookup_size--;
837
                rpc_lookup_size--;
838
                DEBUG(0, ("rpc_pipe_register_commands: memory allocation failed\n"));
838
                DEBUG(0, ("rpc_pipe_register_commands: memory allocation failed\n"));
Lines 843-855 Link Here
843
        
843
        
844
        rpc_entry = rpc_lookup + (rpc_lookup_size - 1);
844
        rpc_entry = rpc_lookup + (rpc_lookup_size - 1);
845
        ZERO_STRUCTP(rpc_entry);
845
        ZERO_STRUCTP(rpc_entry);
846
        rpc_entry->pipe.clnt = strdup(clnt);
846
        rpc_entry->pipe.clnt = SMB_STRDUP(clnt);
847
        rpc_entry->pipe.srv = strdup(srv);
847
        rpc_entry->pipe.srv = SMB_STRDUP(srv);
848
        rpc_entry->cmds = realloc(rpc_entry->cmds, 
848
        rpc_entry->cmds = SMB_REALLOC_ARRAY(rpc_entry->cmds, struct api_struct, rpc_entry->n_cmds + size);
849
                                  (rpc_entry->n_cmds + size) *
849
        memcpy(rpc_entry->cmds + rpc_entry->n_cmds, cmds, size * sizeof(struct api_struct));
850
                                  sizeof(struct api_struct));
851
        memcpy(rpc_entry->cmds + rpc_entry->n_cmds, cmds,
852
               size * sizeof(struct api_struct));
853
        rpc_entry->n_cmds += size;
850
        rpc_entry->n_cmds += size;
854
        
851
        
855
        return NT_STATUS_OK;
852
        return NT_STATUS_OK;
Lines 1585-1593 Link Here
1585
	if ((DEBUGLEVEL >= 10) && 
1582
	if ((DEBUGLEVEL >= 10) && 
1586
	    (prs_offset(&p->in_data.data) != prs_data_size(&p->in_data.data))) {
1583
	    (prs_offset(&p->in_data.data) != prs_data_size(&p->in_data.data))) {
1587
		size_t data_len = prs_data_size(&p->in_data.data) - prs_offset(&p->in_data.data);
1584
		size_t data_len = prs_data_size(&p->in_data.data) - prs_offset(&p->in_data.data);
1588
		char *data;
1585
		char *data = SMB_MALLOC(data_len);
1589
1590
		data = malloc(data_len);
1591
1586
1592
		DEBUG(10, ("api_rpcTNP: rpc input buffer underflow (parse error?)\n"));
1587
		DEBUG(10, ("api_rpcTNP: rpc input buffer underflow (parse error?)\n"));
1593
		if (data) {
1588
		if (data) {
(-)samba-3.0.9-orig/source/rpc_server/srv_pipe_hnd.c (-5 / +3 lines)
Lines 204-211 Link Here
204
	for (p = Pipes; p; p = p->next)
204
	for (p = Pipes; p; p = p->next)
205
		DEBUG(5,("open_rpc_pipe_p: name %s pnum=%x\n", p->name, p->pnum));  
205
		DEBUG(5,("open_rpc_pipe_p: name %s pnum=%x\n", p->name, p->pnum));  
206
206
207
	p = (smb_np_struct *)malloc(sizeof(*p));
207
	p = SMB_MALLOC_P(smb_np_struct);
208
209
	if (!p) {
208
	if (!p) {
210
		DEBUG(0,("ERROR! no memory for pipes_struct!\n"));
209
		DEBUG(0,("ERROR! no memory for pipes_struct!\n"));
211
		return NULL;
210
		return NULL;
Lines 283-292 Link Here
283
		return NULL;
282
		return NULL;
284
	}
283
	}
285
284
286
	p = (pipes_struct *)malloc(sizeof(*p));
285
	p = SMB_MALLOC_P(pipes_struct);
287
286
288
	if (!p)
287
	if (!p) {
289
	{
290
		DEBUG(0,("ERROR! no memory for pipes_struct!\n"));
288
		DEBUG(0,("ERROR! no memory for pipes_struct!\n"));
291
		return NULL;
289
		return NULL;
292
	}
290
	}
(-)samba-3.0.9-orig/source/rpc_server/srv_reg_nt.c (-2 / +2 lines)
Lines 97-103 Link Here
97
	if ( subkey_len && subkeyname2[subkey_len-1] == '\\' )
97
	if ( subkey_len && subkeyname2[subkey_len-1] == '\\' )
98
		subkeyname2[subkey_len-1] = '\0';
98
		subkeyname2[subkey_len-1] = '\0';
99
99
100
	if ((regkey=(REGISTRY_KEY*)malloc(sizeof(REGISTRY_KEY))) == NULL)
100
	if ((regkey=SMB_MALLOC_P(REGISTRY_KEY)) == NULL)
101
		return NT_STATUS_NO_MEMORY;
101
		return NT_STATUS_NO_MEMORY;
102
		
102
		
103
	ZERO_STRUCTP( regkey );
103
	ZERO_STRUCTP( regkey );
Lines 373-379 Link Here
373
	/* couple of hard coded registry values */
373
	/* couple of hard coded registry values */
374
	
374
	
375
	if ( strequal(name, "RefusePasswordChange") ) {
375
	if ( strequal(name, "RefusePasswordChange") ) {
376
		if ( (val = (REGISTRY_VALUE*)malloc(sizeof(REGISTRY_VALUE))) == NULL ) {
376
		if ( (val = SMB_MALLOC_P(REGISTRY_VALUE)) == NULL ) {
377
			DEBUG(0,("_reg_info: malloc() failed!\n"));
377
			DEBUG(0,("_reg_info: malloc() failed!\n"));
378
			return NT_STATUS_NO_MEMORY;
378
			return NT_STATUS_NO_MEMORY;
379
		}
379
		}
(-)samba-3.0.9-orig/source/rpc_server/srv_samr_nt.c (-40 / +35 lines)
Lines 137-143 Link Here
137
137
138
	mem_ctx = talloc_init("samr_info for domain sid %s", sid_str);
138
	mem_ctx = talloc_init("samr_info for domain sid %s", sid_str);
139
139
140
	if ((info = (struct samr_info *)talloc(mem_ctx, sizeof(struct samr_info))) == NULL)
140
	if ((info = TALLOC_P(mem_ctx, struct samr_info)) == NULL)
141
		return NULL;
141
		return NULL;
142
142
143
	ZERO_STRUCTP(info);
143
	ZERO_STRUCTP(info);
Lines 255-262 Link Here
255
		if (info->disp_info.num_user_account % MAX_SAM_ENTRIES == 0) {
255
		if (info->disp_info.num_user_account % MAX_SAM_ENTRIES == 0) {
256
		
256
		
257
			DEBUG(10,("load_sampwd_entries: allocating more memory\n"));
257
			DEBUG(10,("load_sampwd_entries: allocating more memory\n"));
258
			pwd_array=(SAM_ACCOUNT *)talloc_realloc(mem_ctx, info->disp_info.disp_user_info, 
258
			pwd_array=TALLOC_REALLOC_ARRAY(mem_ctx, info->disp_info.disp_user_info, SAM_ACCOUNT,
259
			                  (info->disp_info.num_user_account+MAX_SAM_ENTRIES)*sizeof(SAM_ACCOUNT));
259
			                  info->disp_info.num_user_account+MAX_SAM_ENTRIES);
260
260
261
			if (pwd_array==NULL)
261
			if (pwd_array==NULL)
262
				return NT_STATUS_NO_MEMORY;
262
				return NT_STATUS_NO_MEMORY;
Lines 322-328 Link Here
322
322
323
	info->disp_info.num_group_account=group_entries;
323
	info->disp_info.num_group_account=group_entries;
324
324
325
	grp_array=(DOMAIN_GRP *)talloc(mem_ctx, info->disp_info.num_group_account*sizeof(DOMAIN_GRP));
325
	grp_array=TALLOC_ARRAY(mem_ctx, DOMAIN_GRP, info->disp_info.num_group_account);
326
	if (group_entries!=0 && grp_array==NULL) {
326
	if (group_entries!=0 && grp_array==NULL) {
327
		DEBUG(1, ("load_group_domain_entries: talloc() failed for grp_array!\n"));
327
		DEBUG(1, ("load_group_domain_entries: talloc() failed for grp_array!\n"));
328
		SAFE_FREE(map);
328
		SAFE_FREE(map);
Lines 716-724 Link Here
716
	if (num_entries == 0)
716
	if (num_entries == 0)
717
		return NT_STATUS_OK;
717
		return NT_STATUS_OK;
718
718
719
	sam = (SAM_ENTRY *)talloc_zero(ctx, sizeof(SAM_ENTRY)*num_entries);
719
	sam = TALLOC_ZERO_ARRAY(ctx, SAM_ENTRY, num_entries);
720
720
721
	uni_name = (UNISTR2 *)talloc_zero(ctx, sizeof(UNISTR2)*num_entries);
721
	uni_name = TALLOC_ZERO_ARRAY(ctx, UNISTR2, num_entries);
722
722
723
	if (sam == NULL || uni_name == NULL) {
723
	if (sam == NULL || uni_name == NULL) {
724
		DEBUG(0, ("make_user_sam_entry_list: talloc_zero failed!\n"));
724
		DEBUG(0, ("make_user_sam_entry_list: talloc_zero failed!\n"));
Lines 871-879 Link Here
871
	if (num_sam_entries == 0)
871
	if (num_sam_entries == 0)
872
		return;
872
		return;
873
873
874
	sam = (SAM_ENTRY *)talloc_zero(ctx, sizeof(SAM_ENTRY)*num_sam_entries);
874
	sam = TALLOC_ZERO_ARRAY(ctx, SAM_ENTRY, num_sam_entries);
875
875
	uni_name = TALLOC_ZERO_ARRAY(ctx, UNISTR2, num_sam_entries);
876
	uni_name = (UNISTR2 *)talloc_zero(ctx, sizeof(UNISTR2)*num_sam_entries);
877
876
878
	if (sam == NULL || uni_name == NULL) {
877
	if (sam == NULL || uni_name == NULL) {
879
		DEBUG(0, ("NULL pointers in SAMR_R_QUERY_DISPINFO\n"));
878
		DEBUG(0, ("NULL pointers in SAMR_R_QUERY_DISPINFO\n"));
Lines 923-929 Link Here
923
		num_entries=max_entries;
922
		num_entries=max_entries;
924
	}
923
	}
925
924
926
	*d_grp=(DOMAIN_GRP *)talloc_zero(ctx, num_entries*sizeof(DOMAIN_GRP));
925
	*d_grp=TALLOC_ZERO_ARRAY(ctx, DOMAIN_GRP, num_entries);
927
	if (num_entries!=0 && *d_grp==NULL){
926
	if (num_entries!=0 && *d_grp==NULL){
928
		SAFE_FREE(map);
927
		SAFE_FREE(map);
929
		return NT_STATUS_NO_MEMORY;
928
		return NT_STATUS_NO_MEMORY;
Lines 969-975 Link Here
969
	if (*p_num_entries == 0)
968
	if (*p_num_entries == 0)
970
		return NT_STATUS_OK;
969
		return NT_STATUS_OK;
971
970
972
	*d_grp = talloc(ctx, sizeof(DOMAIN_GRP) * (*p_num_entries));
971
	*d_grp = TALLOC_ARRAY(ctx, DOMAIN_GRP, *p_num_entries);
973
972
974
	if (*d_grp == NULL) {
973
	if (*d_grp == NULL) {
975
		SAFE_FREE(info);
974
		SAFE_FREE(info);
Lines 1187-1193 Link Here
1187
		DEBUG(5, ("samr_reply_query_dispinfo: buffer size limits to only %d entries\n", max_entries));
1186
		DEBUG(5, ("samr_reply_query_dispinfo: buffer size limits to only %d entries\n", max_entries));
1188
	}
1187
	}
1189
1188
1190
	if (!(ctr = (SAM_DISPINFO_CTR *)talloc_zero(p->mem_ctx,sizeof(SAM_DISPINFO_CTR))))
1189
	if (!(ctr = TALLOC_ZERO_P(p->mem_ctx,SAM_DISPINFO_CTR)))
1191
		return NT_STATUS_NO_MEMORY;
1190
		return NT_STATUS_NO_MEMORY;
1192
1191
1193
	ZERO_STRUCTP(ctr);
1192
	ZERO_STRUCTP(ctr);
Lines 1196-1202 Link Here
1196
	switch (q_u->switch_level) {
1195
	switch (q_u->switch_level) {
1197
	case 0x1:
1196
	case 0x1:
1198
		if (max_entries) {
1197
		if (max_entries) {
1199
			if (!(ctr->sam.info1 = (SAM_DISPINFO_1 *)talloc_zero(p->mem_ctx,max_entries*sizeof(SAM_DISPINFO_1))))
1198
			if (!(ctr->sam.info1 = TALLOC_ZERO_ARRAY(p->mem_ctx,SAM_DISPINFO_1,max_entries)))
1200
				return NT_STATUS_NO_MEMORY;
1199
				return NT_STATUS_NO_MEMORY;
1201
		}
1200
		}
1202
		disp_ret = init_sam_dispinfo_1(p->mem_ctx, ctr->sam.info1, max_entries, enum_context, 
1201
		disp_ret = init_sam_dispinfo_1(p->mem_ctx, ctr->sam.info1, max_entries, enum_context, 
Lines 1206-1212 Link Here
1206
		break;
1205
		break;
1207
	case 0x2:
1206
	case 0x2:
1208
		if (max_entries) {
1207
		if (max_entries) {
1209
			if (!(ctr->sam.info2 = (SAM_DISPINFO_2 *)talloc_zero(p->mem_ctx,max_entries*sizeof(SAM_DISPINFO_2))))
1208
			if (!(ctr->sam.info2 = TALLOC_ZERO_ARRAY(p->mem_ctx,SAM_DISPINFO_2,max_entries)))
1210
				return NT_STATUS_NO_MEMORY;
1209
				return NT_STATUS_NO_MEMORY;
1211
		}
1210
		}
1212
		disp_ret = init_sam_dispinfo_2(p->mem_ctx, ctr->sam.info2, max_entries, enum_context, 
1211
		disp_ret = init_sam_dispinfo_2(p->mem_ctx, ctr->sam.info2, max_entries, enum_context, 
Lines 1216-1222 Link Here
1216
		break;
1215
		break;
1217
	case 0x3:
1216
	case 0x3:
1218
		if (max_entries) {
1217
		if (max_entries) {
1219
			if (!(ctr->sam.info3 = (SAM_DISPINFO_3 *)talloc_zero(p->mem_ctx,max_entries*sizeof(SAM_DISPINFO_3))))
1218
			if (!(ctr->sam.info3 = TALLOC_ZERO_ARRAY(p->mem_ctx,SAM_DISPINFO_3,max_entries)))
1220
				return NT_STATUS_NO_MEMORY;
1219
				return NT_STATUS_NO_MEMORY;
1221
		}
1220
		}
1222
		disp_ret = init_sam_dispinfo_3(p->mem_ctx, ctr->sam.info3, max_entries, enum_context, info->disp_info.disp_group_info);
1221
		disp_ret = init_sam_dispinfo_3(p->mem_ctx, ctr->sam.info3, max_entries, enum_context, info->disp_info.disp_group_info);
Lines 1225-1231 Link Here
1225
		break;
1224
		break;
1226
	case 0x4:
1225
	case 0x4:
1227
		if (max_entries) {
1226
		if (max_entries) {
1228
			if (!(ctr->sam.info4 = (SAM_DISPINFO_4 *)talloc_zero(p->mem_ctx,max_entries*sizeof(SAM_DISPINFO_4))))
1227
			if (!(ctr->sam.info4 = TALLOC_ZERO_ARRAY(p->mem_ctx,SAM_DISPINFO_4,max_entries)))
1229
				return NT_STATUS_NO_MEMORY;
1228
				return NT_STATUS_NO_MEMORY;
1230
		}
1229
		}
1231
		disp_ret = init_sam_dispinfo_4(p->mem_ctx, ctr->sam.info4, max_entries, enum_context, info->disp_info.disp_user_info);
1230
		disp_ret = init_sam_dispinfo_4(p->mem_ctx, ctr->sam.info4, max_entries, enum_context, info->disp_info.disp_user_info);
Lines 1234-1240 Link Here
1234
		break;
1233
		break;
1235
	case 0x5:
1234
	case 0x5:
1236
		if (max_entries) {
1235
		if (max_entries) {
1237
			if (!(ctr->sam.info5 = (SAM_DISPINFO_5 *)talloc_zero(p->mem_ctx,max_entries*sizeof(SAM_DISPINFO_5))))
1236
			if (!(ctr->sam.info5 = TALLOC_ZERO_ARRAY(p->mem_ctx,SAM_DISPINFO_5,max_entries)))
1238
				return NT_STATUS_NO_MEMORY;
1237
				return NT_STATUS_NO_MEMORY;
1239
		}
1238
		}
1240
		disp_ret = init_sam_dispinfo_5(p->mem_ctx, ctr->sam.info5, max_entries, enum_context, info->disp_info.disp_group_info);
1239
		disp_ret = init_sam_dispinfo_5(p->mem_ctx, ctr->sam.info5, max_entries, enum_context, info->disp_info.disp_group_info);
Lines 1512-1522 Link Here
1512
	*pp_hdr_name = NULL;
1511
	*pp_hdr_name = NULL;
1513
1512
1514
	if (num_names != 0) {
1513
	if (num_names != 0) {
1515
		hdr_name = (UNIHDR *)talloc_zero(ctx, sizeof(UNIHDR)*num_names);
1514
		hdr_name = TALLOC_ZERO_ARRAY(ctx, UNIHDR, num_names);
1516
		if (hdr_name == NULL)
1515
		if (hdr_name == NULL)
1517
			return False;
1516
			return False;
1518
1517
1519
		uni_name = (UNISTR2 *)talloc_zero(ctx,sizeof(UNISTR2)*num_names);
1518
		uni_name = TALLOC_ZERO_ARRAY(ctx,UNISTR2, num_names);
1520
		if (uni_name == NULL)
1519
		if (uni_name == NULL)
1521
			return False;
1520
			return False;
1522
	}
1521
	}
Lines 1562-1568 Link Here
1562
	}
1561
	}
1563
1562
1564
	if (num_rids) {
1563
	if (num_rids) {
1565
		if ((group_attrs = (uint32 *)talloc_zero(p->mem_ctx, num_rids * sizeof(uint32))) == NULL)
1564
		if ((group_attrs = TALLOC_ZERO_ARRAY(p->mem_ctx, uint32, num_rids )) == NULL)
1566
			return NT_STATUS_NO_MEMORY;
1565
			return NT_STATUS_NO_MEMORY;
1567
 	}
1566
 	}
1568
 
1567
 
Lines 1854-1860 Link Here
1854
1853
1855
	DEBUG(5,("_samr_query_userinfo: sid:%s\n", sid_string_static(&info->sid)));
1854
	DEBUG(5,("_samr_query_userinfo: sid:%s\n", sid_string_static(&info->sid)));
1856
1855
1857
	ctr = (SAM_USERINFO_CTR *)talloc_zero(p->mem_ctx, sizeof(SAM_USERINFO_CTR));
1856
	ctr = TALLOC_ZERO_P(p->mem_ctx, SAM_USERINFO_CTR);
1858
	if (!ctr)
1857
	if (!ctr)
1859
		return NT_STATUS_NO_MEMORY;
1858
		return NT_STATUS_NO_MEMORY;
1860
1859
Lines 1865-1871 Link Here
1865
1864
1866
	switch (q_u->switch_value) {
1865
	switch (q_u->switch_value) {
1867
	case 0x10:
1866
	case 0x10:
1868
		ctr->info.id10 = (SAM_USER_INFO_10 *)talloc_zero(p->mem_ctx, sizeof(SAM_USER_INFO_10));
1867
		ctr->info.id10 = TALLOC_ZERO_P(p->mem_ctx, SAM_USER_INFO_10);
1869
		if (ctr->info.id10 == NULL)
1868
		if (ctr->info.id10 == NULL)
1870
			return NT_STATUS_NO_MEMORY;
1869
			return NT_STATUS_NO_MEMORY;
1871
1870
Lines 1883-1893 Link Here
1883
            expire.low = 0xffffffff;
1882
            expire.low = 0xffffffff;
1884
            expire.high = 0x7fffffff;
1883
            expire.high = 0x7fffffff;
1885
1884
1886
            ctr->info.id = (SAM_USER_INFO_11 *)talloc_zero(p->mem_ctx,
1885
            ctr->info.id = TALLOC_ZERO_P(p->mem_ctx, SAM_USER_INFO_11));
1887
                                    sizeof
1888
                                    (*ctr->
1889
                                     info.
1890
                                     id11));
1891
	    ZERO_STRUCTP(ctr->info.id11);
1886
	    ZERO_STRUCTP(ctr->info.id11);
1892
            init_sam_user_info11(ctr->info.id11, &expire,
1887
            init_sam_user_info11(ctr->info.id11, &expire,
1893
                         "BROOKFIELDS$",    /* name */
1888
                         "BROOKFIELDS$",    /* name */
Lines 1900-1906 Link Here
1900
#endif
1895
#endif
1901
1896
1902
	case 0x12:
1897
	case 0x12:
1903
		ctr->info.id12 = (SAM_USER_INFO_12 *)talloc_zero(p->mem_ctx, sizeof(SAM_USER_INFO_12));
1898
		ctr->info.id12 = TALLOC_ZERO_P(p->mem_ctx, SAM_USER_INFO_12);
1904
		if (ctr->info.id12 == NULL)
1899
		if (ctr->info.id12 == NULL)
1905
			return NT_STATUS_NO_MEMORY;
1900
			return NT_STATUS_NO_MEMORY;
1906
1901
Lines 1909-1915 Link Here
1909
		break;
1904
		break;
1910
		
1905
		
1911
	case 20:
1906
	case 20:
1912
		ctr->info.id20 = (SAM_USER_INFO_20 *)talloc_zero(p->mem_ctx,sizeof(SAM_USER_INFO_20));
1907
		ctr->info.id20 = TALLOC_ZERO_P(p->mem_ctx,SAM_USER_INFO_20);
1913
		if (ctr->info.id20 == NULL)
1908
		if (ctr->info.id20 == NULL)
1914
			return NT_STATUS_NO_MEMORY;
1909
			return NT_STATUS_NO_MEMORY;
1915
		if (!NT_STATUS_IS_OK(r_u->status = get_user_info_20(p->mem_ctx, ctr->info.id20, &info->sid)))
1910
		if (!NT_STATUS_IS_OK(r_u->status = get_user_info_20(p->mem_ctx, ctr->info.id20, &info->sid)))
Lines 1917-1923 Link Here
1917
		break;
1912
		break;
1918
1913
1919
	case 21:
1914
	case 21:
1920
		ctr->info.id21 = (SAM_USER_INFO_21 *)talloc_zero(p->mem_ctx,sizeof(SAM_USER_INFO_21));
1915
		ctr->info.id21 = TALLOC_ZERO_P(p->mem_ctx,SAM_USER_INFO_21);
1921
		if (ctr->info.id21 == NULL)
1916
		if (ctr->info.id21 == NULL)
1922
			return NT_STATUS_NO_MEMORY;
1917
			return NT_STATUS_NO_MEMORY;
1923
		if (!NT_STATUS_IS_OK(r_u->status = get_user_info_21(p->mem_ctx, ctr->info.id21, 
1918
		if (!NT_STATUS_IS_OK(r_u->status = get_user_info_21(p->mem_ctx, ctr->info.id21, 
Lines 2025-2031 Link Here
2025
2020
2026
	uint32 num_users=0, num_groups=0, num_aliases=0;
2021
	uint32 num_users=0, num_groups=0, num_aliases=0;
2027
2022
2028
	if ((ctr = (SAM_UNK_CTR *)talloc_zero(p->mem_ctx, sizeof(SAM_UNK_CTR))) == NULL)
2023
	if ((ctr = TALLOC_ZERO_P(p->mem_ctx, SAM_UNK_CTR)) == NULL)
2029
		return NT_STATUS_NO_MEMORY;
2024
		return NT_STATUS_NO_MEMORY;
2030
2025
2031
	ZERO_STRUCTP(ctr);
2026
	ZERO_STRUCTP(ctr);
Lines 2510-2517 Link Here
2510
	if (num_sam_entries == 0)
2505
	if (num_sam_entries == 0)
2511
		return True;
2506
		return True;
2512
2507
2513
	sam = (SAM_ENTRY *)talloc_zero(ctx, sizeof(SAM_ENTRY)*num_sam_entries);
2508
	sam = TALLOC_ZERO_ARRAY(ctx, SAM_ENTRY, num_sam_entries);
2514
	uni_name = (UNISTR2 *)talloc_zero(ctx, sizeof(UNISTR2)*num_sam_entries);
2509
	uni_name = TALLOC_ZERO_ARRAY(ctx, UNISTR2, num_sam_entries);
2515
2510
2516
	if (sam == NULL || uni_name == NULL)
2511
	if (sam == NULL || uni_name == NULL)
2517
		return False;
2512
		return False;
Lines 3185-3191 Link Here
3185
			continue;
3180
			continue;
3186
		}
3181
		}
3187
3182
3188
		new_rids=(uint32 *)talloc_realloc(p->mem_ctx, rids, (num_groups+tmp_num_groups)*sizeof(uint32));
3183
		new_rids=TALLOC_REALLOC_ARRAY(p->mem_ctx, rids, uint32, num_groups+tmp_num_groups);
3189
		if (new_rids==NULL) {
3184
		if (new_rids==NULL) {
3190
			DEBUG(0,("_samr_query_useraliases: could not realloc memory\n"));
3185
			DEBUG(0,("_samr_query_useraliases: could not realloc memory\n"));
3191
			return NT_STATUS_NO_MEMORY;
3186
			return NT_STATUS_NO_MEMORY;
Lines 3234-3240 Link Here
3234
	if (!pdb_enum_aliasmem(&alias_sid, &sids, &num_sids))
3229
	if (!pdb_enum_aliasmem(&alias_sid, &sids, &num_sids))
3235
		return NT_STATUS_NO_SUCH_ALIAS;
3230
		return NT_STATUS_NO_SUCH_ALIAS;
3236
3231
3237
	sid = (DOM_SID2 *)talloc_zero(p->mem_ctx, sizeof(DOM_SID2) * num_sids);	
3232
	sid = TALLOC_ZERO_ARRAY(p->mem_ctx, DOM_SID2, num_sids);	
3238
	if (num_sids!=0 && sid == NULL) {
3233
	if (num_sids!=0 && sid == NULL) {
3239
		SAFE_FREE(sids);
3234
		SAFE_FREE(sids);
3240
		return NT_STATUS_NO_MEMORY;
3235
		return NT_STATUS_NO_MEMORY;
Lines 3260-3266 Link Here
3260
			return;
3255
			return;
3261
	}
3256
	}
3262
	
3257
	
3263
	*uids = Realloc(*uids, (*num+1) * sizeof(uid_t));
3258
	*uids = SMB_REALLOC_ARRAY(*uids, uid_t, *num+1);
3264
3259
3265
	if (*uids == NULL)
3260
	if (*uids == NULL)
3266
		return;
3261
		return;
Lines 3357-3364 Link Here
3357
	if(!get_memberuids(gid, &uids, &num))
3352
	if(!get_memberuids(gid, &uids, &num))
3358
		return NT_STATUS_NO_SUCH_GROUP;
3353
		return NT_STATUS_NO_SUCH_GROUP;
3359
3354
3360
	rid=talloc_zero(p->mem_ctx, sizeof(uint32)*num);
3355
	rid=TALLOC_ZERO_ARRAY(p->mem_ctx, uint32, num);
3361
	attr=talloc_zero(p->mem_ctx, sizeof(uint32)*num);
3356
	attr=TALLOC_ZERO_ARRAY(p->mem_ctx, uint32, num);
3362
	
3357
	
3363
	if (num!=0 && (rid==NULL || attr==NULL))
3358
	if (num!=0 && (rid==NULL || attr==NULL))
3364
		return NT_STATUS_NO_MEMORY;
3359
		return NT_STATUS_NO_MEMORY;
Lines 3948-3954 Link Here
3948
	if (!ret)
3943
	if (!ret)
3949
		return NT_STATUS_INVALID_HANDLE;
3944
		return NT_STATUS_INVALID_HANDLE;
3950
3945
3951
	ctr=(GROUP_INFO_CTR *)talloc_zero(p->mem_ctx, sizeof(GROUP_INFO_CTR));
3946
	ctr=TALLOC_ZERO_P(p->mem_ctx, GROUP_INFO_CTR);
3952
	if (ctr==NULL)
3947
	if (ctr==NULL)
3953
		return NT_STATUS_NO_MEMORY;
3948
		return NT_STATUS_NO_MEMORY;
3954
3949
Lines 4279-4285 Link Here
4279
4274
4280
	uint32 account_policy_temp;
4275
	uint32 account_policy_temp;
4281
4276
4282
	if ((ctr = (SAM_UNK_CTR *)talloc_zero(p->mem_ctx, sizeof(SAM_UNK_CTR))) == NULL)
4277
	if ((ctr = TALLOC_ZERO_P(p->mem_ctx, SAM_UNK_CTR)) == NULL)
4283
		return NT_STATUS_NO_MEMORY;
4278
		return NT_STATUS_NO_MEMORY;
4284
4279
4285
	ZERO_STRUCTP(ctr);
4280
	ZERO_STRUCTP(ctr);
(-)samba-3.0.9-orig/source/rpc_server/srv_spoolss_nt.c (-87 / +87 lines)
Lines 238-244 Link Here
238
	if (!sp)
238
	if (!sp)
239
		return NULL;
239
		return NULL;
240
240
241
	new_sp = (SPOOL_NOTIFY_OPTION *)malloc(sizeof(SPOOL_NOTIFY_OPTION));
241
	new_sp = SMB_MALLOC_P(SPOOL_NOTIFY_OPTION);
242
	if (!new_sp)
242
	if (!new_sp)
243
		return NULL;
243
		return NULL;
244
244
Lines 595-601 Link Here
595
595
596
	DEBUG(10,("open_printer_hnd: name [%s]\n", name));
596
	DEBUG(10,("open_printer_hnd: name [%s]\n", name));
597
597
598
	if((new_printer=(Printer_entry *)malloc(sizeof(Printer_entry))) == NULL)
598
	if((new_printer=SMB_MALLOC_P(Printer_entry)) == NULL)
599
		return False;
599
		return False;
600
600
601
	ZERO_STRUCTP(new_printer);
601
	ZERO_STRUCTP(new_printer);
Lines 743-749 Link Here
743
	init_unistr2(&unistr, msg->notify.data, UNI_STR_TERMINATE);
743
	init_unistr2(&unistr, msg->notify.data, UNI_STR_TERMINATE);
744
744
745
	data->notify_data.data.length = msg->len * 2;
745
	data->notify_data.data.length = msg->len * 2;
746
	data->notify_data.data.string = (uint16 *)talloc(mem_ctx, msg->len * 2);
746
	data->notify_data.data.string = TALLOC_ARRAY(mem_ctx, uint16, msg->len);
747
747
748
	if (!data->notify_data.data.string) {
748
	if (!data->notify_data.data.string) {
749
		data->notify_data.data.length = 0;
749
		data->notify_data.data.length = 0;
Lines 780-786 Link Here
780
		return;
780
		return;
781
781
782
	data->notify_data.data.length = prs_offset(&ps);
782
	data->notify_data.data.length = prs_offset(&ps);
783
	data->notify_data.data.string = talloc(mem_ctx, prs_offset(&ps));
783
	data->notify_data.data.string = TALLOC(mem_ctx, prs_offset(&ps));
784
784
785
	prs_copy_all_data_out((char *)data->notify_data.data.string, &ps);
785
	prs_copy_all_data_out((char *)data->notify_data.data.string, &ps);
786
786
Lines 938-944 Link Here
938
	if ( i == ctr->num_groups ) {
938
	if ( i == ctr->num_groups ) {
939
		ctr->num_groups++;
939
		ctr->num_groups++;
940
940
941
		if ( !(groups = talloc_realloc( ctr->ctx, ctr->msg_groups, sizeof(SPOOLSS_NOTIFY_MSG_GROUP)*ctr->num_groups)) ) {
941
		if ( !(groups = TALLOC_REALLOC_ARRAY( ctr->ctx, ctr->msg_groups, SPOOLSS_NOTIFY_MSG_GROUP, ctr->num_groups)) ) {
942
			DEBUG(0,("notify_msg_ctr_addmsg: talloc_realloc() failed!\n"));
942
			DEBUG(0,("notify_msg_ctr_addmsg: talloc_realloc() failed!\n"));
943
			return 0;
943
			return 0;
944
		}
944
		}
Lines 956-962 Link Here
956
	
956
	
957
	msg_grp->num_msgs++;
957
	msg_grp->num_msgs++;
958
	
958
	
959
	if ( !(msg_list =  talloc_realloc( ctr->ctx, msg_grp->msgs, sizeof(SPOOLSS_NOTIFY_MSG)*msg_grp->num_msgs )) ) {
959
	if ( !(msg_list = TALLOC_REALLOC_ARRAY( ctr->ctx, msg_grp->msgs, SPOOLSS_NOTIFY_MSG, msg_grp->num_msgs )) ) {
960
		DEBUG(0,("notify_msg_ctr_addmsg: talloc_realloc() failed for new message [%d]!\n", msg_grp->num_msgs));
960
		DEBUG(0,("notify_msg_ctr_addmsg: talloc_realloc() failed for new message [%d]!\n", msg_grp->num_msgs));
961
		return 0;
961
		return 0;
962
	}
962
	}
Lines 968-974 Link Here
968
	/* need to allocate own copy of data */
968
	/* need to allocate own copy of data */
969
	
969
	
970
	if ( msg->len != 0 ) 
970
	if ( msg->len != 0 ) 
971
		msg_grp->msgs[new_slot].notify.data = talloc_memdup( ctr->ctx, msg->notify.data, msg->len );
971
		msg_grp->msgs[new_slot].notify.data = TALLOC_MEMDUP( ctr->ctx, msg->notify.data, msg->len );
972
	
972
	
973
	return ctr->num_groups;
973
	return ctr->num_groups;
974
}
974
}
Lines 1026-1032 Link Here
1026
		
1026
		
1027
		/* allocate the max entries possible */
1027
		/* allocate the max entries possible */
1028
		
1028
		
1029
		data = talloc( mem_ctx, msg_group->num_msgs*sizeof(SPOOL_NOTIFY_INFO_DATA) );
1029
		data = TALLOC_ARRAY( mem_ctx, SPOOL_NOTIFY_INFO_DATA, msg_group->num_msgs);
1030
		ZERO_STRUCTP(data);
1030
		ZERO_STRUCTP(data);
1031
		
1031
		
1032
		/* build the array of change notifications */
1032
		/* build the array of change notifications */
Lines 1446-1452 Link Here
1446
	
1446
	
1447
	/* bulk copy first */
1447
	/* bulk copy first */
1448
	
1448
	
1449
	d = talloc_memdup(ctx, devmode, sizeof(DEVICEMODE));
1449
	d = TALLOC_MEMDUP(ctx, devmode, sizeof(DEVICEMODE));
1450
	if (!d)
1450
	if (!d)
1451
		return NULL;
1451
		return NULL;
1452
		
1452
		
Lines 1454-1460 Link Here
1454
	
1454
	
1455
	len = unistrlen(devmode->devicename.buffer);
1455
	len = unistrlen(devmode->devicename.buffer);
1456
	if (len != -1) {
1456
	if (len != -1) {
1457
		d->devicename.buffer = talloc(ctx, len*2);
1457
		d->devicename.buffer = TALLOC_ARRAY(ctx, uint16, len);
1458
		if (unistrcpy(d->devicename.buffer, devmode->devicename.buffer) != len)
1458
		if (unistrcpy(d->devicename.buffer, devmode->devicename.buffer) != len)
1459
			return NULL;
1459
			return NULL;
1460
	}
1460
	}
Lines 1462-1473 Link Here
1462
1462
1463
	len = unistrlen(devmode->formname.buffer);
1463
	len = unistrlen(devmode->formname.buffer);
1464
	if (len != -1) {
1464
	if (len != -1) {
1465
		d->devicename.buffer = talloc(ctx, len*2);
1465
		d->devicename.buffer = TALLOC_ARRAY(ctx, uint16, len);
1466
		if (unistrcpy(d->formname.buffer, devmode->formname.buffer) != len)
1466
		if (unistrcpy(d->formname.buffer, devmode->formname.buffer) != len)
1467
			return NULL;
1467
			return NULL;
1468
	}
1468
	}
1469
1469
1470
	d->private = talloc_memdup(ctx, devmode->private, devmode->driverextra);
1470
	d->private = TALLOC_MEMDUP(ctx, devmode->private, devmode->driverextra);
1471
	
1471
	
1472
	return d;
1472
	return d;
1473
}
1473
}
Lines 1904-1910 Link Here
1904
	if ((devmode->driverextra != 0) && (devmode->private != NULL)) {
1904
	if ((devmode->driverextra != 0) && (devmode->private != NULL)) {
1905
		SAFE_FREE(nt_devmode->private);
1905
		SAFE_FREE(nt_devmode->private);
1906
		nt_devmode->driverextra=devmode->driverextra;
1906
		nt_devmode->driverextra=devmode->driverextra;
1907
		if((nt_devmode->private=(uint8 *)malloc(nt_devmode->driverextra * sizeof(uint8))) == NULL)
1907
		if((nt_devmode->private=SMB_MALLOC_ARRAY(uint8, nt_devmode->driverextra)) == NULL)
1908
			return False;
1908
			return False;
1909
		memcpy(nt_devmode->private, devmode->private, nt_devmode->driverextra);
1909
		memcpy(nt_devmode->private, devmode->private, nt_devmode->driverextra);
1910
	}
1910
	}
Lines 2245-2255 Link Here
2245
		
2245
		
2246
		/* special case for 0 length values */
2246
		/* special case for 0 length values */
2247
		if ( data_len ) {
2247
		if ( data_len ) {
2248
			if ( (*data  = (uint8 *)talloc_memdup(ctx, regval_data_p(val), data_len)) == NULL )
2248
			if ( (*data  = (uint8 *)TALLOC_MEMDUP(ctx, regval_data_p(val), data_len)) == NULL )
2249
				return WERR_NOMEM;
2249
				return WERR_NOMEM;
2250
		}
2250
		}
2251
		else {
2251
		else {
2252
			if ( (*data  = (uint8 *)talloc_zero(ctx, in_size)) == NULL )
2252
			if ( (*data  = (uint8 *)TALLOC_ZERO(ctx, in_size)) == NULL )
2253
				return WERR_NOMEM;
2253
				return WERR_NOMEM;
2254
		}
2254
		}
2255
	}
2255
	}
Lines 2296-2302 Link Here
2296
		
2296
		
2297
	if (!StrCaseCmp(value, "W3SvcInstalled")) {
2297
	if (!StrCaseCmp(value, "W3SvcInstalled")) {
2298
		*type = 0x4;
2298
		*type = 0x4;
2299
		if((*data = (uint8 *)talloc_zero(ctx, 4*sizeof(uint8) )) == NULL)
2299
		if((*data = (uint8 *)TALLOC_ZERO(ctx, 4*sizeof(uint8) )) == NULL)
2300
			return WERR_NOMEM;
2300
			return WERR_NOMEM;
2301
		*needed = 0x4;
2301
		*needed = 0x4;
2302
		return WERR_OK;
2302
		return WERR_OK;
Lines 2304-2310 Link Here
2304
2304
2305
	if (!StrCaseCmp(value, "BeepEnabled")) {
2305
	if (!StrCaseCmp(value, "BeepEnabled")) {
2306
		*type = 0x4;
2306
		*type = 0x4;
2307
		if((*data = (uint8 *)talloc(ctx, 4*sizeof(uint8) )) == NULL)
2307
		if((*data = (uint8 *)TALLOC(ctx, 4*sizeof(uint8) )) == NULL)
2308
			return WERR_NOMEM;
2308
			return WERR_NOMEM;
2309
		SIVAL(*data, 0, 0x00);
2309
		SIVAL(*data, 0, 0x00);
2310
		*needed = 0x4;			
2310
		*needed = 0x4;			
Lines 2313-2319 Link Here
2313
2313
2314
	if (!StrCaseCmp(value, "EventLog")) {
2314
	if (!StrCaseCmp(value, "EventLog")) {
2315
		*type = 0x4;
2315
		*type = 0x4;
2316
		if((*data = (uint8 *)talloc(ctx, 4*sizeof(uint8) )) == NULL)
2316
		if((*data = (uint8 *)TALLOC(ctx, 4 )) == NULL)
2317
			return WERR_NOMEM;
2317
			return WERR_NOMEM;
2318
		/* formally was 0x1b */
2318
		/* formally was 0x1b */
2319
		SIVAL(*data, 0, 0x0);
2319
		SIVAL(*data, 0, 0x0);
Lines 2323-2329 Link Here
2323
2323
2324
	if (!StrCaseCmp(value, "NetPopup")) {
2324
	if (!StrCaseCmp(value, "NetPopup")) {
2325
		*type = 0x4;
2325
		*type = 0x4;
2326
		if((*data = (uint8 *)talloc(ctx, 4*sizeof(uint8) )) == NULL)
2326
		if((*data = (uint8 *)TALLOC(ctx, 4 )) == NULL)
2327
			return WERR_NOMEM;
2327
			return WERR_NOMEM;
2328
		SIVAL(*data, 0, 0x00);
2328
		SIVAL(*data, 0, 0x00);
2329
		*needed = 0x4;
2329
		*needed = 0x4;
Lines 2332-2338 Link Here
2332
2332
2333
	if (!StrCaseCmp(value, "MajorVersion")) {
2333
	if (!StrCaseCmp(value, "MajorVersion")) {
2334
		*type = 0x4;
2334
		*type = 0x4;
2335
		if((*data = (uint8 *)talloc(ctx, 4*sizeof(uint8) )) == NULL)
2335
		if((*data = (uint8 *)TALLOC(ctx, 4 )) == NULL)
2336
			return WERR_NOMEM;
2336
			return WERR_NOMEM;
2337
2337
2338
		/* Windows NT 4.0 seems to not allow uploading of drivers
2338
		/* Windows NT 4.0 seems to not allow uploading of drivers
Lines 2351-2357 Link Here
2351
2351
2352
	if (!StrCaseCmp(value, "MinorVersion")) {
2352
	if (!StrCaseCmp(value, "MinorVersion")) {
2353
		*type = 0x4;
2353
		*type = 0x4;
2354
		if((*data = (uint8 *)talloc(ctx, 4*sizeof(uint8) )) == NULL)
2354
		if((*data = (uint8 *)TALLOC(ctx, 4 )) == NULL)
2355
			return WERR_NOMEM;
2355
			return WERR_NOMEM;
2356
		SIVAL(*data, 0, 0);
2356
		SIVAL(*data, 0, 0);
2357
		*needed = 0x4;
2357
		*needed = 0x4;
Lines 2369-2375 Link Here
2369
		*type = 0x3;
2369
		*type = 0x3;
2370
		*needed = 0x114;
2370
		*needed = 0x114;
2371
2371
2372
		if((*data = (uint8 *)talloc(ctx, (*needed)*sizeof(uint8) )) == NULL)
2372
		if((*data = (uint8 *)TALLOC(ctx, *needed)) == NULL)
2373
			return WERR_NOMEM;
2373
			return WERR_NOMEM;
2374
		ZERO_STRUCTP( *data );
2374
		ZERO_STRUCTP( *data );
2375
		
2375
		
Lines 2388-2394 Link Here
2388
		const char *string="C:\\PRINTERS";
2388
		const char *string="C:\\PRINTERS";
2389
		*type = 0x1;			
2389
		*type = 0x1;			
2390
		*needed = 2*(strlen(string)+1);		
2390
		*needed = 2*(strlen(string)+1);		
2391
		if((*data  = (uint8 *)talloc(ctx, ((*needed > in_size) ? *needed:in_size) *sizeof(uint8))) == NULL)
2391
		if((*data  = (uint8 *)TALLOC(ctx, (*needed > in_size) ? *needed:in_size )) == NULL)
2392
			return WERR_NOMEM;
2392
			return WERR_NOMEM;
2393
		memset(*data, 0, (*needed > in_size) ? *needed:in_size);
2393
		memset(*data, 0, (*needed > in_size) ? *needed:in_size);
2394
		
2394
		
Lines 2404-2410 Link Here
2404
		const char *string="Windows NT x86";
2404
		const char *string="Windows NT x86";
2405
		*type = 0x1;			
2405
		*type = 0x1;			
2406
		*needed = 2*(strlen(string)+1);	
2406
		*needed = 2*(strlen(string)+1);	
2407
		if((*data  = (uint8 *)talloc(ctx, ((*needed > in_size) ? *needed:in_size) *sizeof(uint8))) == NULL)
2407
		if((*data  = (uint8 *)TALLOC(ctx, (*needed > in_size) ? *needed:in_size )) == NULL)
2408
			return WERR_NOMEM;
2408
			return WERR_NOMEM;
2409
		memset(*data, 0, (*needed > in_size) ? *needed:in_size);
2409
		memset(*data, 0, (*needed > in_size) ? *needed:in_size);
2410
		for (i=0; i<strlen(string); i++) {
2410
		for (i=0; i<strlen(string); i++) {
Lines 2416-2422 Link Here
2416
2416
2417
	if (!StrCaseCmp(value, "DsPresent")) {
2417
	if (!StrCaseCmp(value, "DsPresent")) {
2418
		*type = 0x4;
2418
		*type = 0x4;
2419
		if((*data = (uint8 *)talloc(ctx, 4*sizeof(uint8) )) == NULL)
2419
		if((*data = (uint8 *)TALLOC(ctx, 4 )) == NULL)
2420
			return WERR_NOMEM;
2420
			return WERR_NOMEM;
2421
		SIVAL(*data, 0, 0x01);
2421
		SIVAL(*data, 0, 0x01);
2422
		*needed = 0x4;
2422
		*needed = 0x4;
Lines 2430-2436 Link Here
2430
			return WERR_BADFILE;
2430
			return WERR_BADFILE;
2431
		*type = 0x1;			
2431
		*type = 0x1;			
2432
		*needed = 2*(strlen(hostname)+1);	
2432
		*needed = 2*(strlen(hostname)+1);	
2433
		if((*data  = (uint8 *)talloc(ctx, ((*needed > in_size) ? *needed:in_size) *sizeof(uint8))) == NULL)
2433
		if((*data  = (uint8 *)TALLOC(ctx, (*needed > in_size) ? *needed:in_size )) == NULL)
2434
			return WERR_NOMEM;
2434
			return WERR_NOMEM;
2435
		memset(*data, 0, (*needed > in_size) ? *needed:in_size);
2435
		memset(*data, 0, (*needed > in_size) ? *needed:in_size);
2436
		for (i=0; i<strlen(hostname); i++) {
2436
		for (i=0; i<strlen(hostname); i++) {
Lines 2505-2511 Link Here
2505
		if ( strequal(value, "ChangeId") ) {
2505
		if ( strequal(value, "ChangeId") ) {
2506
			*type = REG_DWORD;
2506
			*type = REG_DWORD;
2507
			*needed = sizeof(uint32);
2507
			*needed = sizeof(uint32);
2508
			if ( (*data = (uint8*)talloc(p->mem_ctx, sizeof(uint32))) == NULL) {
2508
			if ( (*data = (uint8*)TALLOC(p->mem_ctx, sizeof(uint32))) == NULL) {
2509
				status = WERR_NOMEM;
2509
				status = WERR_NOMEM;
2510
				goto done;
2510
				goto done;
2511
			}
2511
			}
Lines 2527-2533 Link Here
2527
		/* reply this param doesn't exist */
2527
		/* reply this param doesn't exist */
2528
		
2528
		
2529
		if ( *out_size ) {
2529
		if ( *out_size ) {
2530
			if((*data=(uint8 *)talloc_zero(p->mem_ctx, *out_size*sizeof(uint8))) == NULL) {
2530
			if((*data=(uint8 *)TALLOC_ZERO_ARRAY(p->mem_ctx, uint8, *out_size)) == NULL) {
2531
				if ( printer ) 
2531
				if ( printer ) 
2532
					free_a_printer( &printer, 2 );
2532
					free_a_printer( &printer, 2 );
2533
				return WERR_NOMEM;
2533
				return WERR_NOMEM;
Lines 2774-2780 Link Here
2774
	len = rpcstr_push(temp, printer->info_2->servername, sizeof(temp)-2, STR_TERMINATE);
2774
	len = rpcstr_push(temp, printer->info_2->servername, sizeof(temp)-2, STR_TERMINATE);
2775
2775
2776
	data->notify_data.data.length = len;
2776
	data->notify_data.data.length = len;
2777
	data->notify_data.data.string = (uint16 *)talloc(mem_ctx, len);
2777
	data->notify_data.data.string = (uint16 *)TALLOC(mem_ctx, len);
2778
2778
2779
	if (!data->notify_data.data.string) {
2779
	if (!data->notify_data.data.string) {
2780
		data->notify_data.data.length = 0;
2780
		data->notify_data.data.length = 0;
Lines 2809-2815 Link Here
2809
	len = rpcstr_push(temp, p, sizeof(temp)-2, STR_TERMINATE);
2809
	len = rpcstr_push(temp, p, sizeof(temp)-2, STR_TERMINATE);
2810
2810
2811
	data->notify_data.data.length = len;
2811
	data->notify_data.data.length = len;
2812
	data->notify_data.data.string = (uint16 *)talloc(mem_ctx, len);
2812
	data->notify_data.data.string = (uint16 *)TALLOC(mem_ctx, len);
2813
	
2813
	
2814
	if (!data->notify_data.data.string) {
2814
	if (!data->notify_data.data.string) {
2815
		data->notify_data.data.length = 0;
2815
		data->notify_data.data.length = 0;
Lines 2835-2841 Link Here
2835
	len = rpcstr_push(temp, lp_servicename(snum), sizeof(temp)-2, STR_TERMINATE);
2835
	len = rpcstr_push(temp, lp_servicename(snum), sizeof(temp)-2, STR_TERMINATE);
2836
2836
2837
	data->notify_data.data.length = len;
2837
	data->notify_data.data.length = len;
2838
	data->notify_data.data.string = (uint16 *)talloc(mem_ctx, len);
2838
	data->notify_data.data.string = (uint16 *)TALLOC(mem_ctx, len);
2839
	
2839
	
2840
	if (!data->notify_data.data.string) {
2840
	if (!data->notify_data.data.string) {
2841
		data->notify_data.data.length = 0;
2841
		data->notify_data.data.length = 0;
Lines 2863-2869 Link Here
2863
	len = rpcstr_push(temp, printer->info_2->portname, sizeof(temp)-2, STR_TERMINATE);
2863
	len = rpcstr_push(temp, printer->info_2->portname, sizeof(temp)-2, STR_TERMINATE);
2864
2864
2865
	data->notify_data.data.length = len;
2865
	data->notify_data.data.length = len;
2866
	data->notify_data.data.string = (uint16 *)talloc(mem_ctx, len);
2866
	data->notify_data.data.string = (uint16 *)TALLOC(mem_ctx, len);
2867
	
2867
	
2868
	if (!data->notify_data.data.string) {
2868
	if (!data->notify_data.data.string) {
2869
		data->notify_data.data.length = 0;
2869
		data->notify_data.data.length = 0;
Lines 2890-2896 Link Here
2890
	len = rpcstr_push(temp, printer->info_2->drivername, sizeof(temp)-2, STR_TERMINATE);
2890
	len = rpcstr_push(temp, printer->info_2->drivername, sizeof(temp)-2, STR_TERMINATE);
2891
2891
2892
	data->notify_data.data.length = len;
2892
	data->notify_data.data.length = len;
2893
	data->notify_data.data.string = (uint16 *)talloc(mem_ctx, len);
2893
	data->notify_data.data.string = (uint16 *)TALLOC(mem_ctx, len);
2894
	
2894
	
2895
	if (!data->notify_data.data.string) {
2895
	if (!data->notify_data.data.string) {
2896
		data->notify_data.data.length = 0;
2896
		data->notify_data.data.length = 0;
Lines 2919-2925 Link Here
2919
		len = rpcstr_push(temp, printer->info_2->comment, sizeof(temp)-2, STR_TERMINATE);
2919
		len = rpcstr_push(temp, printer->info_2->comment, sizeof(temp)-2, STR_TERMINATE);
2920
2920
2921
	data->notify_data.data.length = len;
2921
	data->notify_data.data.length = len;
2922
	data->notify_data.data.string = (uint16 *)talloc(mem_ctx, len);
2922
	data->notify_data.data.string = (uint16 *)TALLOC(mem_ctx, len);
2923
	
2923
	
2924
	if (!data->notify_data.data.string) {
2924
	if (!data->notify_data.data.string) {
2925
		data->notify_data.data.length = 0;
2925
		data->notify_data.data.length = 0;
Lines 2946-2952 Link Here
2946
	len = rpcstr_push(temp, printer->info_2->location,sizeof(temp)-2, STR_TERMINATE);
2946
	len = rpcstr_push(temp, printer->info_2->location,sizeof(temp)-2, STR_TERMINATE);
2947
2947
2948
	data->notify_data.data.length = len;
2948
	data->notify_data.data.length = len;
2949
	data->notify_data.data.string = (uint16 *)talloc(mem_ctx, len);
2949
	data->notify_data.data.string = (uint16 *)TALLOC(mem_ctx, len);
2950
	
2950
	
2951
	if (!data->notify_data.data.string) {
2951
	if (!data->notify_data.data.string) {
2952
		data->notify_data.data.length = 0;
2952
		data->notify_data.data.length = 0;
Lines 2985-2991 Link Here
2985
	len = rpcstr_push(temp, printer->info_2->sepfile, sizeof(temp)-2, STR_TERMINATE);
2985
	len = rpcstr_push(temp, printer->info_2->sepfile, sizeof(temp)-2, STR_TERMINATE);
2986
2986
2987
	data->notify_data.data.length = len;
2987
	data->notify_data.data.length = len;
2988
	data->notify_data.data.string = (uint16 *)talloc(mem_ctx, len);
2988
	data->notify_data.data.string = (uint16 *)TALLOC(mem_ctx, len);
2989
	
2989
	
2990
	if (!data->notify_data.data.string) {
2990
	if (!data->notify_data.data.string) {
2991
		data->notify_data.data.length = 0;
2991
		data->notify_data.data.length = 0;
Lines 3012-3018 Link Here
3012
	len = rpcstr_push(temp,  printer->info_2->printprocessor, sizeof(temp)-2, STR_TERMINATE);
3012
	len = rpcstr_push(temp,  printer->info_2->printprocessor, sizeof(temp)-2, STR_TERMINATE);
3013
3013
3014
	data->notify_data.data.length = len;
3014
	data->notify_data.data.length = len;
3015
	data->notify_data.data.string = (uint16 *)talloc(mem_ctx, len);
3015
	data->notify_data.data.string = (uint16 *)TALLOC(mem_ctx, len);
3016
	
3016
	
3017
	if (!data->notify_data.data.string) {
3017
	if (!data->notify_data.data.string) {
3018
		data->notify_data.data.length = 0;
3018
		data->notify_data.data.length = 0;
Lines 3039-3045 Link Here
3039
	len = rpcstr_push(temp,  printer->info_2->parameters, sizeof(temp)-2, STR_TERMINATE);
3039
	len = rpcstr_push(temp,  printer->info_2->parameters, sizeof(temp)-2, STR_TERMINATE);
3040
3040
3041
	data->notify_data.data.length = len;
3041
	data->notify_data.data.length = len;
3042
	data->notify_data.data.string = (uint16 *)talloc(mem_ctx, len);
3042
	data->notify_data.data.string = (uint16 *)TALLOC(mem_ctx, len);
3043
	
3043
	
3044
	if (!data->notify_data.data.string) {
3044
	if (!data->notify_data.data.string) {
3045
		data->notify_data.data.length = 0;
3045
		data->notify_data.data.length = 0;
Lines 3066-3072 Link Here
3066
	len = rpcstr_push(temp, printer->info_2->datatype, sizeof(pstring)-2, STR_TERMINATE);
3066
	len = rpcstr_push(temp, printer->info_2->datatype, sizeof(pstring)-2, STR_TERMINATE);
3067
3067
3068
	data->notify_data.data.length = len;
3068
	data->notify_data.data.length = len;
3069
	data->notify_data.data.string = (uint16 *)talloc(mem_ctx, len);
3069
	data->notify_data.data.string = (uint16 *)TALLOC(mem_ctx, len);
3070
	
3070
	
3071
	if (!data->notify_data.data.string) {
3071
	if (!data->notify_data.data.string) {
3072
		data->notify_data.data.length = 0;
3072
		data->notify_data.data.length = 0;
Lines 3226-3232 Link Here
3226
	len = rpcstr_push(temp, queue->fs_user, sizeof(temp)-2, STR_TERMINATE);
3226
	len = rpcstr_push(temp, queue->fs_user, sizeof(temp)-2, STR_TERMINATE);
3227
3227
3228
	data->notify_data.data.length = len;
3228
	data->notify_data.data.length = len;
3229
	data->notify_data.data.string = (uint16 *)talloc(mem_ctx, len);
3229
	data->notify_data.data.string = (uint16 *)TALLOC(mem_ctx, len);
3230
	
3230
	
3231
	if (!data->notify_data.data.string) {
3231
	if (!data->notify_data.data.string) {
3232
		data->notify_data.data.length = 0;
3232
		data->notify_data.data.length = 0;
Lines 3266-3272 Link Here
3266
	len = rpcstr_push(temp, queue->fs_file, sizeof(temp)-2, STR_TERMINATE);
3266
	len = rpcstr_push(temp, queue->fs_file, sizeof(temp)-2, STR_TERMINATE);
3267
3267
3268
	data->notify_data.data.length = len;
3268
	data->notify_data.data.length = len;
3269
	data->notify_data.data.string = (uint16 *)talloc(mem_ctx, len);
3269
	data->notify_data.data.string = (uint16 *)TALLOC(mem_ctx, len);
3270
	
3270
	
3271
	if (!data->notify_data.data.string) {
3271
	if (!data->notify_data.data.string) {
3272
		data->notify_data.data.length = 0;
3272
		data->notify_data.data.length = 0;
Lines 3316-3322 Link Here
3316
	len = rpcstr_push(temp, p, sizeof(temp) - 2, STR_TERMINATE);
3316
	len = rpcstr_push(temp, p, sizeof(temp) - 2, STR_TERMINATE);
3317
3317
3318
	data->notify_data.data.length = len;
3318
	data->notify_data.data.length = len;
3319
	data->notify_data.data.string = (uint16 *)talloc(mem_ctx, len);
3319
	data->notify_data.data.string = (uint16 *)TALLOC(mem_ctx, len);
3320
	
3320
	
3321
	if (!data->notify_data.data.string) {
3321
	if (!data->notify_data.data.string) {
3322
		data->notify_data.data.length = 0;
3322
		data->notify_data.data.length = 0;
Lines 3414-3420 Link Here
3414
	len = sizeof(SYSTEMTIME);
3414
	len = sizeof(SYSTEMTIME);
3415
3415
3416
	data->notify_data.data.length = len;
3416
	data->notify_data.data.length = len;
3417
	data->notify_data.data.string = (uint16 *)talloc(mem_ctx, len);
3417
	data->notify_data.data.string = (uint16 *)TALLOC(mem_ctx, len);
3418
3418
3419
	if (!data->notify_data.data.string) {
3419
	if (!data->notify_data.data.string) {
3420
		data->notify_data.data.length = 0;
3420
		data->notify_data.data.length = 0;
Lines 3636-3642 Link Here
3636
		if (!search_notify(type, field, &j) )
3636
		if (!search_notify(type, field, &j) )
3637
			continue;
3637
			continue;
3638
3638
3639
		if((tid=(SPOOL_NOTIFY_INFO_DATA *)Realloc(info->data, (info->count+1)*sizeof(SPOOL_NOTIFY_INFO_DATA))) == NULL) {
3639
		if((tid=SMB_REALLOC_ARRAY(info->data, SPOOL_NOTIFY_INFO_DATA, info->count+1)) == NULL) {
3640
			DEBUG(2,("construct_notify_printer_info: failed to enlarge buffer info->data!\n"));
3640
			DEBUG(2,("construct_notify_printer_info: failed to enlarge buffer info->data!\n"));
3641
			return False;
3641
			return False;
3642
		} else 
3642
		} else 
Lines 3692-3698 Link Here
3692
		if (!search_notify(type, field, &j) )
3692
		if (!search_notify(type, field, &j) )
3693
			continue;
3693
			continue;
3694
3694
3695
		if((tid=Realloc(info->data, (info->count+1)*sizeof(SPOOL_NOTIFY_INFO_DATA))) == NULL) {
3695
		if((tid=SMB_REALLOC_ARRAY(info->data, SPOOL_NOTIFY_INFO_DATA, info->count+1)) == NULL) {
3696
			DEBUG(2,("construct_notify_jobs_info: failed to enlarg buffer info->data!\n"));
3696
			DEBUG(2,("construct_notify_jobs_info: failed to enlarg buffer info->data!\n"));
3697
			return False;
3697
			return False;
3698
		}
3698
		}
Lines 3976-3982 Link Here
3976
3976
3977
	/* it's the first time, add it to the list */
3977
	/* it's the first time, add it to the list */
3978
	if (session_counter==NULL) {
3978
	if (session_counter==NULL) {
3979
		if((session_counter=(counter_printer_0 *)malloc(sizeof(counter_printer_0))) == NULL) {
3979
		if((session_counter=SMB_MALLOC_P(counter_printer_0)) == NULL) {
3980
			free_a_printer(&ntprinter, 2);
3980
			free_a_printer(&ntprinter, 2);
3981
			return False;
3981
			return False;
3982
		}
3982
		}
Lines 4170-4176 Link Here
4170
		goto done;
4170
		goto done;
4171
	}
4171
	}
4172
4172
4173
	if ((devmode = (DEVICEMODE *)malloc(sizeof(DEVICEMODE))) == NULL) {
4173
	if ((devmode = SMB_MALLOC_P(DEVICEMODE)) == NULL) {
4174
		DEBUG(2,("construct_dev_mode: malloc fail.\n"));
4174
		DEBUG(2,("construct_dev_mode: malloc fail.\n"));
4175
		goto done;
4175
		goto done;
4176
	}
4176
	}
Lines 4267-4273 Link Here
4267
		return False;
4267
		return False;
4268
4268
4269
	*pp_printer = NULL;
4269
	*pp_printer = NULL;
4270
	if ((printer = (PRINTER_INFO_3 *)malloc(sizeof(PRINTER_INFO_3))) == NULL) {
4270
	if ((printer = SMB_MALLOC_P(PRINTER_INFO_3)) == NULL) {
4271
		DEBUG(2,("construct_printer_info_3: malloc fail.\n"));
4271
		DEBUG(2,("construct_printer_info_3: malloc fail.\n"));
4272
		return False;
4272
		return False;
4273
	}
4273
	}
Lines 4396-4402 Link Here
4396
			DEBUG(4,("Found a printer in smb.conf: %s[%x]\n", lp_servicename(snum), snum));
4396
			DEBUG(4,("Found a printer in smb.conf: %s[%x]\n", lp_servicename(snum), snum));
4397
4397
4398
			if (construct_printer_info_1(NULL, flags, &current_prt, snum)) {
4398
			if (construct_printer_info_1(NULL, flags, &current_prt, snum)) {
4399
				if((tp=Realloc(printers, (*returned +1)*sizeof(PRINTER_INFO_1))) == NULL) {
4399
				if((tp=SMB_REALLOC_ARRAY(printers, PRINTER_INFO_1, *returned +1)) == NULL) {
4400
					DEBUG(2,("enum_all_printers_info_1: failed to enlarge printers buffer!\n"));
4400
					DEBUG(2,("enum_all_printers_info_1: failed to enlarge printers buffer!\n"));
4401
					SAFE_FREE(printers);
4401
					SAFE_FREE(printers);
4402
					*returned=0;
4402
					*returned=0;
Lines 4485-4491 Link Here
4485
	 * undocumented RPC call.
4485
	 * undocumented RPC call.
4486
	 */
4486
	 */
4487
	
4487
	
4488
	if((printer=(PRINTER_INFO_1 *)malloc(sizeof(PRINTER_INFO_1))) == NULL)
4488
	if((printer=SMB_MALLOC_P(PRINTER_INFO_1)) == NULL)
4489
		return WERR_NOMEM;
4489
		return WERR_NOMEM;
4490
4490
4491
	*returned=1;
4491
	*returned=1;
Lines 4569-4575 Link Here
4569
			DEBUG(4,("Found a printer in smb.conf: %s[%x]\n", lp_servicename(snum), snum));
4569
			DEBUG(4,("Found a printer in smb.conf: %s[%x]\n", lp_servicename(snum), snum));
4570
				
4570
				
4571
			if (construct_printer_info_2(NULL, &current_prt, snum)) {
4571
			if (construct_printer_info_2(NULL, &current_prt, snum)) {
4572
				if((tp=Realloc(printers, (*returned +1)*sizeof(PRINTER_INFO_2))) == NULL) {
4572
				if((tp=SMB_REALLOC_ARRAY(printers, PRINTER_INFO_2, *returned +1)) == NULL) {
4573
					DEBUG(2,("enum_all_printers_info_2: failed to enlarge printers buffer!\n"));
4573
					DEBUG(2,("enum_all_printers_info_2: failed to enlarge printers buffer!\n"));
4574
					SAFE_FREE(printers);
4574
					SAFE_FREE(printers);
4575
					*returned = 0;
4575
					*returned = 0;
Lines 4745-4751 Link Here
4745
{
4745
{
4746
	PRINTER_INFO_0 *printer=NULL;
4746
	PRINTER_INFO_0 *printer=NULL;
4747
4747
4748
	if((printer=(PRINTER_INFO_0*)malloc(sizeof(PRINTER_INFO_0))) == NULL)
4748
	if((printer=SMB_MALLOC_P(PRINTER_INFO_0)) == NULL)
4749
		return WERR_NOMEM;
4749
		return WERR_NOMEM;
4750
4750
4751
	construct_printer_info_0(print_hnd, printer, snum);
4751
	construct_printer_info_0(print_hnd, printer, snum);
Lines 4778-4784 Link Here
4778
{
4778
{
4779
	PRINTER_INFO_1 *printer=NULL;
4779
	PRINTER_INFO_1 *printer=NULL;
4780
4780
4781
	if((printer=(PRINTER_INFO_1*)malloc(sizeof(PRINTER_INFO_1))) == NULL)
4781
	if((printer=SMB_MALLOC_P(PRINTER_INFO_1)) == NULL)
4782
		return WERR_NOMEM;
4782
		return WERR_NOMEM;
4783
4783
4784
	construct_printer_info_1(print_hnd, PRINTER_ENUM_ICON8, printer, snum);
4784
	construct_printer_info_1(print_hnd, PRINTER_ENUM_ICON8, printer, snum);
Lines 4811-4817 Link Here
4811
{
4811
{
4812
	PRINTER_INFO_2 *printer=NULL;
4812
	PRINTER_INFO_2 *printer=NULL;
4813
4813
4814
	if((printer=(PRINTER_INFO_2*)malloc(sizeof(PRINTER_INFO_2)))==NULL)
4814
	if((printer=SMB_MALLOC_P(PRINTER_INFO_2))==NULL)
4815
		return WERR_NOMEM;
4815
		return WERR_NOMEM;
4816
	
4816
	
4817
	construct_printer_info_2(print_hnd, printer, snum);
4817
	construct_printer_info_2(print_hnd, printer, snum);
Lines 4878-4884 Link Here
4878
{
4878
{
4879
	PRINTER_INFO_4 *printer=NULL;
4879
	PRINTER_INFO_4 *printer=NULL;
4880
4880
4881
	if((printer=(PRINTER_INFO_4*)malloc(sizeof(PRINTER_INFO_4)))==NULL)
4881
	if((printer=SMB_MALLOC_P(PRINTER_INFO_4))==NULL)
4882
		return WERR_NOMEM;
4882
		return WERR_NOMEM;
4883
4883
4884
	if (!construct_printer_info_4(print_hnd, printer, snum))
4884
	if (!construct_printer_info_4(print_hnd, printer, snum))
Lines 4912-4918 Link Here
4912
{
4912
{
4913
	PRINTER_INFO_5 *printer=NULL;
4913
	PRINTER_INFO_5 *printer=NULL;
4914
4914
4915
	if((printer=(PRINTER_INFO_5*)malloc(sizeof(PRINTER_INFO_5)))==NULL)
4915
	if((printer=SMB_MALLOC_P(PRINTER_INFO_5))==NULL)
4916
		return WERR_NOMEM;
4916
		return WERR_NOMEM;
4917
4917
4918
	if (!construct_printer_info_5(print_hnd, printer, snum))
4918
	if (!construct_printer_info_5(print_hnd, printer, snum))
Lines 4943-4949 Link Here
4943
{
4943
{
4944
	PRINTER_INFO_7 *printer=NULL;
4944
	PRINTER_INFO_7 *printer=NULL;
4945
4945
4946
	if((printer=(PRINTER_INFO_7*)malloc(sizeof(PRINTER_INFO_7)))==NULL)
4946
	if((printer=SMB_MALLOC_P(PRINTER_INFO_7))==NULL)
4947
		return WERR_NOMEM;
4947
		return WERR_NOMEM;
4948
4948
4949
	if (!construct_printer_info_7(print_hnd, printer, snum))
4949
	if (!construct_printer_info_7(print_hnd, printer, snum))
Lines 5145-5151 Link Here
5145
5145
5146
		/* add one extra unit16 for the second terminating NULL */
5146
		/* add one extra unit16 for the second terminating NULL */
5147
		
5147
		
5148
		if ( (tuary=Realloc(*uni_array, (j+1+strlen(line)+2)*sizeof(uint16))) == NULL ) {
5148
		if ( (tuary=SMB_REALLOC_ARRAY(*uni_array, uint16, j+1+strlen(line)+2)) == NULL ) {
5149
			DEBUG(2,("init_unistr_array: Realloc error\n" ));
5149
			DEBUG(2,("init_unistr_array: Realloc error\n" ));
5150
			return 0;
5150
			return 0;
5151
		} else
5151
		} else
Lines 5421-5427 Link Here
5421
	DRIVER_INFO_1 *info=NULL;
5421
	DRIVER_INFO_1 *info=NULL;
5422
	WERROR status;
5422
	WERROR status;
5423
	
5423
	
5424
	if((info=(DRIVER_INFO_1 *)malloc(sizeof(DRIVER_INFO_1))) == NULL)
5424
	if((info=SMB_MALLOC_P(DRIVER_INFO_1)) == NULL)
5425
		return WERR_NOMEM;
5425
		return WERR_NOMEM;
5426
	
5426
	
5427
	status=construct_printer_driver_info_1(info, snum, servername, architecture, version);
5427
	status=construct_printer_driver_info_1(info, snum, servername, architecture, version);
Lines 5458-5464 Link Here
5458
	DRIVER_INFO_2 *info=NULL;
5458
	DRIVER_INFO_2 *info=NULL;
5459
	WERROR status;
5459
	WERROR status;
5460
	
5460
	
5461
	if((info=(DRIVER_INFO_2 *)malloc(sizeof(DRIVER_INFO_2))) == NULL)
5461
	if((info=SMB_MALLOC_P(DRIVER_INFO_2)) == NULL)
5462
		return WERR_NOMEM;
5462
		return WERR_NOMEM;
5463
	
5463
	
5464
	status=construct_printer_driver_info_2(info, snum, servername, architecture, version);
5464
	status=construct_printer_driver_info_2(info, snum, servername, architecture, version);
Lines 6444-6450 Link Here
6444
	JOB_INFO_1 *info;
6444
	JOB_INFO_1 *info;
6445
	int i;
6445
	int i;
6446
	
6446
	
6447
	info=(JOB_INFO_1 *)malloc(*returned*sizeof(JOB_INFO_1));
6447
	info=SMB_MALLOC_ARRAY(JOB_INFO_1,*returned);
6448
	if (info==NULL) {
6448
	if (info==NULL) {
6449
		SAFE_FREE(queue);
6449
		SAFE_FREE(queue);
6450
		*returned=0;
6450
		*returned=0;
Lines 6494-6500 Link Here
6494
	WERROR result;
6494
	WERROR result;
6495
	DEVICEMODE *devmode = NULL;
6495
	DEVICEMODE *devmode = NULL;
6496
	
6496
	
6497
	info=(JOB_INFO_2 *)malloc(*returned*sizeof(JOB_INFO_2));
6497
	info=SMB_MALLOC_ARRAY(JOB_INFO_2,*returned);
6498
	if (info==NULL) {
6498
	if (info==NULL) {
6499
		*returned=0;
6499
		*returned=0;
6500
		result = WERR_NOMEM;
6500
		result = WERR_NOMEM;
Lines 6686-6692 Link Here
6686
			return WERR_NOMEM;
6686
			return WERR_NOMEM;
6687
6687
6688
		if(ndrivers != 0) {
6688
		if(ndrivers != 0) {
6689
			if((tdi1=(DRIVER_INFO_1 *)Realloc(driver_info_1, (*returned+ndrivers) * sizeof(DRIVER_INFO_1))) == NULL) {
6689
			if((tdi1=SMB_REALLOC_ARRAY(driver_info_1, DRIVER_INFO_1, *returned+ndrivers )) == NULL) {
6690
				DEBUG(0,("enumprinterdrivers_level1: failed to enlarge driver info buffer!\n"));
6690
				DEBUG(0,("enumprinterdrivers_level1: failed to enlarge driver info buffer!\n"));
6691
				SAFE_FREE(driver_info_1);
6691
				SAFE_FREE(driver_info_1);
6692
				SAFE_FREE(list);
6692
				SAFE_FREE(list);
Lines 6765-6771 Link Here
6765
			return WERR_NOMEM;
6765
			return WERR_NOMEM;
6766
6766
6767
		if(ndrivers != 0) {
6767
		if(ndrivers != 0) {
6768
			if((tdi2=(DRIVER_INFO_2 *)Realloc(driver_info_2, (*returned+ndrivers) * sizeof(DRIVER_INFO_2))) == NULL) {
6768
			if((tdi2=SMB_REALLOC_ARRAY(driver_info_2, DRIVER_INFO_2, *returned+ndrivers )) == NULL) {
6769
				DEBUG(0,("enumprinterdrivers_level2: failed to enlarge driver info buffer!\n"));
6769
				DEBUG(0,("enumprinterdrivers_level2: failed to enlarge driver info buffer!\n"));
6770
				SAFE_FREE(driver_info_2);
6770
				SAFE_FREE(driver_info_2);
6771
				SAFE_FREE(list);
6771
				SAFE_FREE(list);
Lines 6845-6851 Link Here
6845
			return WERR_NOMEM;
6845
			return WERR_NOMEM;
6846
6846
6847
		if(ndrivers != 0) {
6847
		if(ndrivers != 0) {
6848
			if((tdi3=(DRIVER_INFO_3 *)Realloc(driver_info_3, (*returned+ndrivers) * sizeof(DRIVER_INFO_3))) == NULL) {
6848
			if((tdi3=SMB_REALLOC_ARRAY(driver_info_3, DRIVER_INFO_3, *returned+ndrivers )) == NULL) {
6849
				DEBUG(0,("enumprinterdrivers_level3: failed to enlarge driver info buffer!\n"));
6849
				DEBUG(0,("enumprinterdrivers_level3: failed to enlarge driver info buffer!\n"));
6850
				SAFE_FREE(driver_info_3);
6850
				SAFE_FREE(driver_info_3);
6851
				SAFE_FREE(list);
6851
				SAFE_FREE(list);
Lines 6998-7004 Link Here
6998
6998
6999
	switch (level) {
6999
	switch (level) {
7000
	case 1:
7000
	case 1:
7001
		if ((forms_1=(FORM_1 *)malloc(*numofforms * sizeof(FORM_1))) == NULL) {
7001
		if ((forms_1=SMB_MALLOC_ARRAY(FORM_1, *numofforms)) == NULL) {
7002
			*numofforms=0;
7002
			*numofforms=0;
7003
			return WERR_NOMEM;
7003
			return WERR_NOMEM;
7004
		}
7004
		}
Lines 7202-7208 Link Here
7202
		close(fd);
7202
		close(fd);
7203
7203
7204
		if(numlines) {
7204
		if(numlines) {
7205
			if((ports=(PORT_INFO_1 *)malloc( numlines * sizeof(PORT_INFO_1) )) == NULL) {
7205
			if((ports=SMB_MALLOC_ARRAY( PORT_INFO_1, numlines )) == NULL) {
7206
				DEBUG(10,("Returning WERR_NOMEM [%s]\n", 
7206
				DEBUG(10,("Returning WERR_NOMEM [%s]\n", 
7207
					  dos_errstr(WERR_NOMEM)));
7207
					  dos_errstr(WERR_NOMEM)));
7208
				file_lines_free(qlines);
7208
				file_lines_free(qlines);
Lines 7222-7228 Link Here
7222
	} else {
7222
	} else {
7223
		*returned = 1; /* Sole Samba port returned. */
7223
		*returned = 1; /* Sole Samba port returned. */
7224
7224
7225
		if((ports=(PORT_INFO_1 *)malloc( sizeof(PORT_INFO_1) )) == NULL)
7225
		if((ports=SMB_MALLOC_P(PORT_INFO_1)) == NULL)
7226
			return WERR_NOMEM;
7226
			return WERR_NOMEM;
7227
	
7227
	
7228
		DEBUG(10,("enumports_level_1: port name %s\n", SAMBA_PRINTER_PORT_NAME));
7228
		DEBUG(10,("enumports_level_1: port name %s\n", SAMBA_PRINTER_PORT_NAME));
Lines 7301-7307 Link Here
7301
		close(fd);
7301
		close(fd);
7302
7302
7303
		if(numlines) {
7303
		if(numlines) {
7304
			if((ports=(PORT_INFO_2 *)malloc( numlines * sizeof(PORT_INFO_2) )) == NULL) {
7304
			if((ports=SMB_MALLOC_ARRAY( PORT_INFO_2, numlines)) == NULL) {
7305
				file_lines_free(qlines);
7305
				file_lines_free(qlines);
7306
				return WERR_NOMEM;
7306
				return WERR_NOMEM;
7307
			}
7307
			}
Lines 7320-7326 Link Here
7320
7320
7321
		*returned = 1;
7321
		*returned = 1;
7322
7322
7323
		if((ports=(PORT_INFO_2 *)malloc( sizeof(PORT_INFO_2) )) == NULL)
7323
		if((ports=SMB_MALLOC_P(PORT_INFO_2)) == NULL)
7324
			return WERR_NOMEM;
7324
			return WERR_NOMEM;
7325
	
7325
	
7326
		DEBUG(10,("enumports_level_2: port name %s\n", SAMBA_PRINTER_PORT_NAME));
7326
		DEBUG(10,("enumports_level_2: port name %s\n", SAMBA_PRINTER_PORT_NAME));
Lines 7400-7406 Link Here
7400
	int	snum;
7400
	int	snum;
7401
	WERROR err = WERR_OK;
7401
	WERROR err = WERR_OK;
7402
7402
7403
	if ((printer = (NT_PRINTER_INFO_LEVEL *)malloc(sizeof(NT_PRINTER_INFO_LEVEL))) == NULL) {
7403
	if ((printer = SMB_MALLOC_P(NT_PRINTER_INFO_LEVEL)) == NULL) {
7404
		DEBUG(0,("spoolss_addprinterex_level_2: malloc fail.\n"));
7404
		DEBUG(0,("spoolss_addprinterex_level_2: malloc fail.\n"));
7405
		return WERR_NOMEM;
7405
		return WERR_NOMEM;
7406
	}
7406
	}
Lines 7729-7735 Link Here
7729
	if (!(short_archi = get_short_archi(long_archi)))
7729
	if (!(short_archi = get_short_archi(long_archi)))
7730
		return WERR_INVALID_ENVIRONMENT;
7730
		return WERR_INVALID_ENVIRONMENT;
7731
7731
7732
	if((info=(DRIVER_DIRECTORY_1 *)malloc(sizeof(DRIVER_DIRECTORY_1))) == NULL)
7732
	if((info=SMB_MALLOC_P(DRIVER_DIRECTORY_1)) == NULL)
7733
		return WERR_NOMEM;
7733
		return WERR_NOMEM;
7734
7734
7735
	slprintf(path, sizeof(path)-1, "\\\\%s\\print$\\%s", pservername, short_archi);
7735
	slprintf(path, sizeof(path)-1, "\\\\%s\\print$\\%s", pservername, short_archi);
Lines 7897-7903 Link Here
7897
7897
7898
		*out_max_value_len=(in_value_len/sizeof(uint16));
7898
		*out_max_value_len=(in_value_len/sizeof(uint16));
7899
		
7899
		
7900
		if((*out_value=(uint16 *)talloc_zero(p->mem_ctx, in_value_len*sizeof(uint8))) == NULL)
7900
		if((*out_value=(uint16 *)TALLOC_ZERO(p->mem_ctx, in_value_len*sizeof(uint8))) == NULL)
7901
		{
7901
		{
7902
			result = WERR_NOMEM;
7902
			result = WERR_NOMEM;
7903
			goto done;
7903
			goto done;
Lines 7912-7918 Link Here
7912
		
7912
		
7913
		/* only allocate when given a non-zero data_len */
7913
		/* only allocate when given a non-zero data_len */
7914
		
7914
		
7915
		if ( in_data_len && ((*data_out=(uint8 *)talloc_zero(p->mem_ctx, in_data_len*sizeof(uint8))) == NULL) )
7915
		if ( in_data_len && ((*data_out=(uint8 *)TALLOC_ZERO(p->mem_ctx, in_data_len*sizeof(uint8))) == NULL) )
7916
		{
7916
		{
7917
			result = WERR_NOMEM;
7917
			result = WERR_NOMEM;
7918
			goto done;
7918
			goto done;
Lines 7933-7939 Link Here
7933
	
7933
	
7934
		/* name */
7934
		/* name */
7935
		*out_max_value_len=(in_value_len/sizeof(uint16));
7935
		*out_max_value_len=(in_value_len/sizeof(uint16));
7936
		if ( (*out_value = (uint16 *)talloc_zero(p->mem_ctx, in_value_len*sizeof(uint8))) == NULL ) 
7936
		if ( (*out_value = (uint16 *)TALLOC_ZERO(p->mem_ctx, in_value_len*sizeof(uint8))) == NULL ) 
7937
		{
7937
		{
7938
			result = WERR_NOMEM;
7938
			result = WERR_NOMEM;
7939
			goto done;
7939
			goto done;
Lines 7948-7954 Link Here
7948
		/* data - counted in bytes */
7948
		/* data - counted in bytes */
7949
7949
7950
		*out_max_data_len = in_data_len;
7950
		*out_max_data_len = in_data_len;
7951
		if ( (*data_out = (uint8 *)talloc_zero(p->mem_ctx, in_data_len*sizeof(uint8))) == NULL) 
7951
		if ( (*data_out = (uint8 *)TALLOC_ZERO(p->mem_ctx, in_data_len*sizeof(uint8))) == NULL) 
7952
		{
7952
		{
7953
			result = WERR_NOMEM;
7953
			result = WERR_NOMEM;
7954
			goto done;
7954
			goto done;
Lines 8333-8339 Link Here
8333
{
8333
{
8334
	PRINTPROCESSOR_1 *info_1=NULL;
8334
	PRINTPROCESSOR_1 *info_1=NULL;
8335
	
8335
	
8336
	if((info_1 = (PRINTPROCESSOR_1 *)malloc(sizeof(PRINTPROCESSOR_1))) == NULL)
8336
	if((info_1 = SMB_MALLOC_P(PRINTPROCESSOR_1)) == NULL)
8337
		return WERR_NOMEM;
8337
		return WERR_NOMEM;
8338
8338
8339
	(*returned) = 0x1;
8339
	(*returned) = 0x1;
Lines 8400-8406 Link Here
8400
{
8400
{
8401
	PRINTPROCDATATYPE_1 *info_1=NULL;
8401
	PRINTPROCDATATYPE_1 *info_1=NULL;
8402
	
8402
	
8403
	if((info_1 = (PRINTPROCDATATYPE_1 *)malloc(sizeof(PRINTPROCDATATYPE_1))) == NULL)
8403
	if((info_1 = SMB_MALLOC_P(PRINTPROCDATATYPE_1)) == NULL)
8404
		return WERR_NOMEM;
8404
		return WERR_NOMEM;
8405
8405
8406
	(*returned) = 0x1;
8406
	(*returned) = 0x1;
Lines 8460-8466 Link Here
8460
{
8460
{
8461
	PRINTMONITOR_1 *info_1=NULL;
8461
	PRINTMONITOR_1 *info_1=NULL;
8462
	
8462
	
8463
	if((info_1 = (PRINTMONITOR_1 *)malloc(sizeof(PRINTMONITOR_1))) == NULL)
8463
	if((info_1 = SMB_MALLOC_P(PRINTMONITOR_1)) == NULL)
8464
		return WERR_NOMEM;
8464
		return WERR_NOMEM;
8465
8465
8466
	(*returned) = 0x1;
8466
	(*returned) = 0x1;
Lines 8492-8498 Link Here
8492
{
8492
{
8493
	PRINTMONITOR_2 *info_2=NULL;
8493
	PRINTMONITOR_2 *info_2=NULL;
8494
	
8494
	
8495
	if((info_2 = (PRINTMONITOR_2 *)malloc(sizeof(PRINTMONITOR_2))) == NULL)
8495
	if((info_2 = SMB_MALLOC_P(PRINTMONITOR_2)) == NULL)
8496
		return WERR_NOMEM;
8496
		return WERR_NOMEM;
8497
8497
8498
	(*returned) = 0x1;
8498
	(*returned) = 0x1;
Lines 8567-8573 Link Here
8567
	BOOL found=False;
8567
	BOOL found=False;
8568
	JOB_INFO_1 *info_1=NULL;
8568
	JOB_INFO_1 *info_1=NULL;
8569
8569
8570
	info_1=(JOB_INFO_1 *)malloc(sizeof(JOB_INFO_1));
8570
	info_1=SMB_MALLOC_P(JOB_INFO_1);
8571
8571
8572
	if (info_1 == NULL) {
8572
	if (info_1 == NULL) {
8573
		return WERR_NOMEM;
8573
		return WERR_NOMEM;
Lines 8618-8624 Link Here
8618
	DEVICEMODE 	*devmode = NULL;
8618
	DEVICEMODE 	*devmode = NULL;
8619
	NT_DEVICEMODE	*nt_devmode = NULL;
8619
	NT_DEVICEMODE	*nt_devmode = NULL;
8620
8620
8621
	info_2=(JOB_INFO_2 *)malloc(sizeof(JOB_INFO_2));
8621
	info_2=SMB_MALLOC_P(JOB_INFO_2);
8622
8622
8623
	ZERO_STRUCTP(info_2);
8623
	ZERO_STRUCTP(info_2);
8624
8624
Lines 8650-8656 Link Here
8650
	if ( !(nt_devmode=print_job_devmode( lp_const_servicename(snum), jobid )) )
8650
	if ( !(nt_devmode=print_job_devmode( lp_const_servicename(snum), jobid )) )
8651
		devmode = construct_dev_mode(snum);
8651
		devmode = construct_dev_mode(snum);
8652
	else {
8652
	else {
8653
		if ((devmode = (DEVICEMODE *)malloc(sizeof(DEVICEMODE))) != NULL) {
8653
		if ((devmode = SMB_MALLOC_P(DEVICEMODE)) != NULL) {
8654
			ZERO_STRUCTP( devmode );
8654
			ZERO_STRUCTP( devmode );
8655
			convert_nt_devicemode( devmode, nt_devmode );
8655
			convert_nt_devicemode( devmode, nt_devmode );
8656
		}
8656
		}
Lines 8828-8834 Link Here
8828
		
8828
		
8829
		if ( *out_size ) 
8829
		if ( *out_size ) 
8830
		{
8830
		{
8831
			if( (*data=(uint8 *)talloc_zero(p->mem_ctx, *out_size*sizeof(uint8))) == NULL ) {
8831
			if( (*data=(uint8 *)TALLOC_ZERO(p->mem_ctx, *out_size*sizeof(uint8))) == NULL ) {
8832
				status = WERR_NOMEM;
8832
				status = WERR_NOMEM;
8833
				goto done;
8833
				goto done;
8834
			}
8834
			}
Lines 9187-9193 Link Here
9187
	num_entries = regval_ctr_numvals( &p_data->keys[key_index].values );
9187
	num_entries = regval_ctr_numvals( &p_data->keys[key_index].values );
9188
	if ( num_entries )
9188
	if ( num_entries )
9189
	{
9189
	{
9190
		if ( (enum_values=talloc(p->mem_ctx, num_entries*sizeof(PRINTER_ENUM_VALUES))) == NULL )
9190
		if ( (enum_values=TALLOC_ARRAY(p->mem_ctx, PRINTER_ENUM_VALUES, num_entries)) == NULL )
9191
		{
9191
		{
9192
			DEBUG(0,("_spoolss_enumprinterdataex: talloc() failed to allocate memory for [%lu] bytes!\n",
9192
			DEBUG(0,("_spoolss_enumprinterdataex: talloc() failed to allocate memory for [%lu] bytes!\n",
9193
				(unsigned long)num_entries*sizeof(PRINTER_ENUM_VALUES)));
9193
				(unsigned long)num_entries*sizeof(PRINTER_ENUM_VALUES)));
Lines 9219-9225 Link Here
9219
		
9219
		
9220
		data_len = regval_size( val );
9220
		data_len = regval_size( val );
9221
		if ( data_len ) {
9221
		if ( data_len ) {
9222
			if ( !(enum_values[i].data = talloc_memdup(p->mem_ctx, regval_data_p(val), data_len)) ) 
9222
			if ( !(enum_values[i].data = TALLOC_MEMDUP(p->mem_ctx, regval_data_p(val), data_len)) ) 
9223
			{
9223
			{
9224
				DEBUG(0,("talloc_memdup failed to allocate memory [data_len=%d] for data!\n", 
9224
				DEBUG(0,("talloc_memdup failed to allocate memory [data_len=%d] for data!\n", 
9225
					data_len ));
9225
					data_len ));
Lines 9282-9288 Link Here
9282
	if (!get_short_archi(long_archi))
9282
	if (!get_short_archi(long_archi))
9283
		return WERR_INVALID_ENVIRONMENT;
9283
		return WERR_INVALID_ENVIRONMENT;
9284
9284
9285
	if((info=(PRINTPROCESSOR_DIRECTORY_1 *)malloc(sizeof(PRINTPROCESSOR_DIRECTORY_1))) == NULL)
9285
	if((info=SMB_MALLOC_P(PRINTPROCESSOR_DIRECTORY_1)) == NULL)
9286
		return WERR_NOMEM;
9286
		return WERR_NOMEM;
9287
9287
9288
	pstrcpy(path, "C:\\WINNT\\System32\\spool\\PRTPROCS\\W32X86");
9288
	pstrcpy(path, "C:\\WINNT\\System32\\spool\\PRTPROCS\\W32X86");
(-)samba-3.0.9-orig/source/rpc_server/srv_srvsvc_nt.c (-35 / +46 lines)
Lines 527-536 Link Here
527
	switch (info_level) {
527
	switch (info_level) {
528
	case 0:
528
	case 0:
529
	{
529
	{
530
		SRV_SHARE_INFO_0 *info0;
530
		SRV_SHARE_INFO_0 *info0 = TALLOC_ARRAY(ctx, SRV_SHARE_INFO_0, num_entries);
531
		int i = 0;
531
		int i = 0;
532
532
533
		info0 = talloc(ctx, num_entries * sizeof(SRV_SHARE_INFO_0));
533
		if (!info0) {
534
			return False;
535
		}
534
536
535
		for (snum = *resume_hnd; snum < num_services; snum++) {
537
		for (snum = *resume_hnd; snum < num_services; snum++) {
536
			if (lp_browseable(snum) && lp_snum_ok(snum) && (all_shares || !is_hidden_share(snum)) ) {
538
			if (lp_browseable(snum) && lp_snum_ok(snum) && (all_shares || !is_hidden_share(snum)) ) {
Lines 545-554 Link Here
545
547
546
	case 1:
548
	case 1:
547
	{
549
	{
548
		SRV_SHARE_INFO_1 *info1;
550
		SRV_SHARE_INFO_1 *info1 = TALLOC_ARRAY(ctx, SRV_SHARE_INFO_1, num_entries);
549
		int i = 0;
551
		int i = 0;
550
552
551
		info1 = talloc(ctx, num_entries * sizeof(SRV_SHARE_INFO_1));
553
		if (!info1) {
554
			return False;
555
		}
552
556
553
		for (snum = *resume_hnd; snum < num_services; snum++) {
557
		for (snum = *resume_hnd; snum < num_services; snum++) {
554
			if (lp_browseable(snum) && lp_snum_ok(snum) && (all_shares || !is_hidden_share(snum)) ) {
558
			if (lp_browseable(snum) && lp_snum_ok(snum) && (all_shares || !is_hidden_share(snum)) ) {
Lines 562-571 Link Here
562
566
563
	case 2:
567
	case 2:
564
	{
568
	{
565
		SRV_SHARE_INFO_2 *info2;
569
		SRV_SHARE_INFO_2 *info2 = TALLOC_ARRAY(ctx, SRV_SHARE_INFO_2, num_entries);
566
		int i = 0;
570
		int i = 0;
567
571
568
		info2 = talloc(ctx, num_entries * sizeof(SRV_SHARE_INFO_2));
572
		if (!info2) {
573
			return False;
574
		}
569
575
570
		for (snum = *resume_hnd; snum < num_services; snum++) {
576
		for (snum = *resume_hnd; snum < num_services; snum++) {
571
			if (lp_browseable(snum) && lp_snum_ok(snum) && (all_shares || !is_hidden_share(snum)) ) {
577
			if (lp_browseable(snum) && lp_snum_ok(snum) && (all_shares || !is_hidden_share(snum)) ) {
Lines 579-588 Link Here
579
585
580
	case 501:
586
	case 501:
581
	{
587
	{
582
		SRV_SHARE_INFO_501 *info501;
588
		SRV_SHARE_INFO_501 *info501 = TALLOC_ARRAY(ctx, SRV_SHARE_INFO_501, num_entries);
583
		int i = 0;
589
		int i = 0;
584
	
590
	
585
		info501 = talloc(ctx, num_entries * sizeof(SRV_SHARE_INFO_501));
591
		if (!info501) {
592
			return False;
593
		}
586
594
587
		for (snum = *resume_hnd; snum < num_services; snum++) {
595
		for (snum = *resume_hnd; snum < num_services; snum++) {
588
			if (lp_browseable(snum) && lp_snum_ok(snum) && (all_shares || !is_hidden_share(snum)) ) {
596
			if (lp_browseable(snum) && lp_snum_ok(snum) && (all_shares || !is_hidden_share(snum)) ) {
Lines 596-605 Link Here
596
604
597
	case 502:
605
	case 502:
598
	{
606
	{
599
		SRV_SHARE_INFO_502 *info502;
607
		SRV_SHARE_INFO_502 *info502 = TALLOC_ARRAY(ctx, SRV_SHARE_INFO_502, num_entries);
600
		int i = 0;
608
		int i = 0;
601
609
602
		info502 = talloc(ctx, num_entries * sizeof(SRV_SHARE_INFO_502));
610
		if (!info502) {
611
			return False;
612
		}
603
613
604
		for (snum = *resume_hnd; snum < num_services; snum++) {
614
		for (snum = *resume_hnd; snum < num_services; snum++) {
605
			if (lp_browseable(snum) && lp_snum_ok(snum) && (all_shares || !is_hidden_share(snum)) ) {
615
			if (lp_browseable(snum) && lp_snum_ok(snum) && (all_shares || !is_hidden_share(snum)) ) {
Lines 615-624 Link Here
615
	
625
	
616
	case 1004:
626
	case 1004:
617
	{
627
	{
618
		SRV_SHARE_INFO_1004 *info1004;
628
		SRV_SHARE_INFO_1004 *info1004 = TALLOC_ARRAY(ctx, SRV_SHARE_INFO_1004, num_entries);
619
		int i = 0;
629
		int i = 0;
620
630
621
		info1004 = talloc(ctx, num_entries * sizeof(SRV_SHARE_INFO_1004));
631
		if (!info1004) {
632
			return False;
633
		}
622
634
623
		for (snum = *resume_hnd; snum < num_services; snum++) {
635
		for (snum = *resume_hnd; snum < num_services; snum++) {
624
			if (lp_browseable(snum) && lp_snum_ok(snum) && (all_shares || !is_hidden_share(snum)) ) {
636
			if (lp_browseable(snum) && lp_snum_ok(snum) && (all_shares || !is_hidden_share(snum)) ) {
Lines 632-641 Link Here
632
644
633
	case 1005:
645
	case 1005:
634
	{
646
	{
635
		SRV_SHARE_INFO_1005 *info1005;
647
		SRV_SHARE_INFO_1005 *info1005 = TALLOC_ARRAY(ctx, SRV_SHARE_INFO_1005, num_entries);
636
		int i = 0;
648
		int i = 0;
637
649
638
		info1005 = talloc(ctx, num_entries * sizeof(SRV_SHARE_INFO_1005));
650
		if (!info1005) {
651
			return False;
652
		}
639
653
640
		for (snum = *resume_hnd; snum < num_services; snum++) {
654
		for (snum = *resume_hnd; snum < num_services; snum++) {
641
			if (lp_browseable(snum) && lp_snum_ok(snum) && (all_shares || !is_hidden_share(snum)) ) {
655
			if (lp_browseable(snum) && lp_snum_ok(snum) && (all_shares || !is_hidden_share(snum)) ) {
Lines 649-658 Link Here
649
663
650
	case 1006:
664
	case 1006:
651
	{
665
	{
652
		SRV_SHARE_INFO_1006 *info1006;
666
		SRV_SHARE_INFO_1006 *info1006 = TALLOC_ARRAY(ctx, SRV_SHARE_INFO_1006, num_entries);
653
		int i = 0;
667
		int i = 0;
654
668
655
		info1006 = talloc(ctx, num_entries * sizeof(SRV_SHARE_INFO_1006));
669
		if (!info1006) {
670
			return False;
671
		}
656
672
657
		for (snum = *resume_hnd; snum < num_services; snum++) {
673
		for (snum = *resume_hnd; snum < num_services; snum++) {
658
			if (lp_browseable(snum) && lp_snum_ok(snum) && (all_shares || !is_hidden_share(snum)) ) {
674
			if (lp_browseable(snum) && lp_snum_ok(snum) && (all_shares || !is_hidden_share(snum)) ) {
Lines 666-675 Link Here
666
682
667
	case 1007:
683
	case 1007:
668
	{
684
	{
669
		SRV_SHARE_INFO_1007 *info1007;
685
		SRV_SHARE_INFO_1007 *info1007 = TALLOC_ARRAY(ctx, SRV_SHARE_INFO_1007, num_entries);
670
		int i = 0;
686
		int i = 0;
671
687
672
		info1007 = talloc(ctx, num_entries * sizeof(SRV_SHARE_INFO_1007));
688
		if (!info1007) {
689
			return False;
690
		}
673
691
674
		for (snum = *resume_hnd; snum < num_services; snum++) {
692
		for (snum = *resume_hnd; snum < num_services; snum++) {
675
			if (lp_browseable(snum) && lp_snum_ok(snum) && (all_shares || !is_hidden_share(snum)) ) {
693
			if (lp_browseable(snum) && lp_snum_ok(snum) && (all_shares || !is_hidden_share(snum)) ) {
Lines 683-692 Link Here
683
701
684
	case 1501:
702
	case 1501:
685
	{
703
	{
686
		SRV_SHARE_INFO_1501 *info1501;
704
		SRV_SHARE_INFO_1501 *info1501 = TALLOC_ARRAY(ctx, SRV_SHARE_INFO_1501, num_entries);
687
		int i = 0;
705
		int i = 0;
688
706
689
		info1501 = talloc(ctx, num_entries * sizeof(SRV_SHARE_INFO_1501));
707
		if (!info1501) {
708
			return False;
709
		}
690
710
691
		for (snum = *resume_hnd; snum < num_services; snum++) {
711
		for (snum = *resume_hnd; snum < num_services; snum++) {
692
			if (lp_browseable(snum) && lp_snum_ok(snum) && (all_shares || !is_hidden_share(snum)) ) {
712
			if (lp_browseable(snum) && lp_snum_ok(snum) && (all_shares || !is_hidden_share(snum)) ) {
Lines 1137-1144 Link Here
1137
		int i;
1157
		int i;
1138
		if (*total_entries > 0) {
1158
		if (*total_entries > 0) {
1139
			ctr->ptr_entries = 1;
1159
			ctr->ptr_entries = 1;
1140
			ctr->file.info3 = talloc(ctx, ctr->num_entries * 
1160
			ctr->file.info3 = TALLOC_ARRAY(ctx, SRV_FILE_INFO_3, ctr->num_entries);
1141
						 sizeof(SRV_FILE_INFO_3));
1142
		}
1161
		}
1143
		for (i=0 ;i<ctr->num_entries;i++) {
1162
		for (i=0 ;i<ctr->num_entries;i++) {
1144
			init_srv_file_info3(&ctr->file.info3[i].info_3, i+*resume_hnd, 0x35, 0, "\\PIPE\\samr", "dummy user");
1163
			init_srv_file_info3(&ctr->file.info3[i].info_3, i+*resume_hnd, 0x35, 0, "\\PIPE\\samr", "dummy user");
Lines 1189-1195 Link Here
1189
WERROR _srv_net_srv_get_info(pipes_struct *p, SRV_Q_NET_SRV_GET_INFO *q_u, SRV_R_NET_SRV_GET_INFO *r_u)
1208
WERROR _srv_net_srv_get_info(pipes_struct *p, SRV_Q_NET_SRV_GET_INFO *q_u, SRV_R_NET_SRV_GET_INFO *r_u)
1190
{
1209
{
1191
	WERROR status = WERR_OK;
1210
	WERROR status = WERR_OK;
1192
	SRV_INFO_CTR *ctr = (SRV_INFO_CTR *)talloc(p->mem_ctx, sizeof(SRV_INFO_CTR));
1211
	SRV_INFO_CTR *ctr = TALLOC_P(p->mem_ctx, SRV_INFO_CTR);
1193
1212
1194
	if (!ctr)
1213
	if (!ctr)
1195
		return WERR_NOMEM;
1214
		return WERR_NOMEM;
Lines 1292-1298 Link Here
1292
{
1311
{
1293
	DEBUG(5,("srv_net_conn_enum: %d\n", __LINE__));
1312
	DEBUG(5,("srv_net_conn_enum: %d\n", __LINE__));
1294
1313
1295
	r_u->ctr = (SRV_CONN_INFO_CTR *)talloc(p->mem_ctx, sizeof(SRV_CONN_INFO_CTR));
1314
	r_u->ctr = TALLOC_P(p->mem_ctx, SRV_CONN_INFO_CTR);
1296
	if (!r_u->ctr)
1315
	if (!r_u->ctr)
1297
		return WERR_NOMEM;
1316
		return WERR_NOMEM;
1298
1317
Lines 1317-1323 Link Here
1317
{
1336
{
1318
	DEBUG(5,("_srv_net_sess_enum: %d\n", __LINE__));
1337
	DEBUG(5,("_srv_net_sess_enum: %d\n", __LINE__));
1319
1338
1320
	r_u->ctr = (SRV_SESS_INFO_CTR *)talloc(p->mem_ctx, sizeof(SRV_SESS_INFO_CTR));
1339
	r_u->ctr = TALLOC_P(p->mem_ctx, SRV_SESS_INFO_CTR);
1321
	if (!r_u->ctr)
1340
	if (!r_u->ctr)
1322
		return WERR_NOMEM;
1341
		return WERR_NOMEM;
1323
1342
Lines 1800-1806 Link Here
1800
	struct tm *t;
1819
	struct tm *t;
1801
	time_t unixdate = time(NULL);
1820
	time_t unixdate = time(NULL);
1802
1821
1803
	tod = (TIME_OF_DAY_INFO *)talloc(p->mem_ctx, sizeof(TIME_OF_DAY_INFO));
1822
	tod = TALLOC_P(p->mem_ctx, TIME_OF_DAY_INFO);
1804
	if (!tod)
1823
	if (!tod)
1805
		return WERR_NOMEM;
1824
		return WERR_NOMEM;
1806
1825
Lines 2119-2136 Link Here
2119
2138
2120
	r_u->disk_enum_ctr.unknown = 0; 
2139
	r_u->disk_enum_ctr.unknown = 0; 
2121
2140
2122
	{
2141
	if(!(r_u->disk_enum_ctr.disk_info =  TALLOC_ARRAY(ctx, DISK_INFO, MAX_SERVER_DISK_ENTRIES))) {
2123
		DISK_INFO *dinfo;
2124
2125
		int dinfo_size = MAX_SERVER_DISK_ENTRIES * sizeof(*dinfo);
2126
	  
2127
		if(!(dinfo =  talloc(ctx, dinfo_size))) {
2128
			return WERR_NOMEM;
2142
			return WERR_NOMEM;
2129
		}
2143
		}
2130
2144
2131
		r_u->disk_enum_ctr.disk_info = dinfo;
2132
	}
2133
2134
	r_u->disk_enum_ctr.disk_info_ptr = r_u->disk_enum_ctr.disk_info ? 1 : 0;
2145
	r_u->disk_enum_ctr.disk_info_ptr = r_u->disk_enum_ctr.disk_info ? 1 : 0;
2135
2146
2136
	/*allow one DISK_INFO for null terminator*/
2147
	/*allow one DISK_INFO for null terminator*/
(-)samba-3.0.9-orig/source/rpc_server/srv_util.c (-2 / +2 lines)
Lines 276-282 Link Here
276
	
276
	
277
	if (n_unix_groups > 0) {
277
	if (n_unix_groups > 0) {
278
	
278
	
279
		*pgids   = talloc(ctx, sizeof(DOM_GID) * n_unix_groups);
279
		*pgids   = TALLOC_ARRAY(ctx, DOM_GID, n_unix_groups);
280
		
280
		
281
		if (!*pgids) {
281
		if (!*pgids) {
282
			DEBUG(0, ("get_user_group: malloc() failed for DOM_GID list!\n"));
282
			DEBUG(0, ("get_user_group: malloc() failed for DOM_GID list!\n"));
Lines 324-330 Link Here
324
	DOM_GID *gids;
324
	DOM_GID *gids;
325
	int i;
325
	int i;
326
326
327
	gids = (DOM_GID *)talloc(mem_ctx, sizeof(*gids) * nt_token->num_sids);
327
	gids = TALLOC_ARRAY(mem_ctx, DOM_GID, nt_token->num_sids);
328
328
329
	if (!gids) {
329
	if (!gids) {
330
		return NT_STATUS_NO_MEMORY;
330
		return NT_STATUS_NO_MEMORY;
(-)samba-3.0.9-orig/source/rpc_server/srv_wkssvc_nt.c (-1 / +1 lines)
Lines 65-71 Link Here
65
65
66
	DEBUG(5,("_wks_query_info: %d\n", __LINE__));
66
	DEBUG(5,("_wks_query_info: %d\n", __LINE__));
67
67
68
	wks100 = (WKS_INFO_100 *)talloc_zero(p->mem_ctx, sizeof(WKS_INFO_100));
68
	wks100 = TALLOC_ZERO_P(p->mem_ctx, WKS_INFO_100);
69
69
70
	if (!wks100)
70
	if (!wks100)
71
		return NT_STATUS_NO_MEMORY;
71
		return NT_STATUS_NO_MEMORY;
(-)samba-3.0.9-orig/source/sam/idmap.c (-1 / +1 lines)
Lines 83-89 Link Here
83
		return NT_STATUS_OBJECT_NAME_COLLISION;
83
		return NT_STATUS_OBJECT_NAME_COLLISION;
84
	}
84
	}
85
85
86
	entry = smb_xmalloc(sizeof(struct idmap_function_entry));
86
	entry = SMB_XMALLOC_P(struct idmap_function_entry);
87
	entry->name = smb_xstrdup(name);
87
	entry->name = smb_xstrdup(name);
88
	entry->methods = methods;
88
	entry->methods = methods;
89
89
(-)samba-3.0.9-orig/source/sam/idmap_tdb.c (-1 / +1 lines)
Lines 487-493 Link Here
487
	BOOL tdb_is_new = False;
487
	BOOL tdb_is_new = False;
488
488
489
	/* use the old database if present */
489
	/* use the old database if present */
490
	tdbfile = strdup(lock_path("winbindd_idmap.tdb"));
490
	tdbfile = SMB_STRDUP(lock_path("winbindd_idmap.tdb"));
491
	if (!tdbfile) {
491
	if (!tdbfile) {
492
		DEBUG(0, ("idmap_init: out of memory!\n"));
492
		DEBUG(0, ("idmap_init: out of memory!\n"));
493
		return NT_STATUS_NO_MEMORY;
493
		return NT_STATUS_NO_MEMORY;
(-)samba-3.0.9-orig/source/smbd/blocking.c (-2 / +2 lines)
Lines 106-117 Link Here
106
	 * the expiration time here.
106
	 * the expiration time here.
107
	 */
107
	 */
108
108
109
	if((blr = (blocking_lock_record *)malloc(sizeof(blocking_lock_record))) == NULL) {
109
	if((blr = SMB_MALLOC_P(blocking_lock_record)) == NULL) {
110
		DEBUG(0,("push_blocking_lock_request: Malloc fail !\n" ));
110
		DEBUG(0,("push_blocking_lock_request: Malloc fail !\n" ));
111
		return False;
111
		return False;
112
	}
112
	}
113
113
114
	if((blr->inbuf = (char *)malloc(length)) == NULL) {
114
	if((blr->inbuf = (char *)SMB_MALLOC(length)) == NULL) {
115
		DEBUG(0,("push_blocking_lock_request: Malloc fail (2)!\n" ));
115
		DEBUG(0,("push_blocking_lock_request: Malloc fail (2)!\n" ));
116
		SAFE_FREE(blr);
116
		SAFE_FREE(blr);
117
		return False;
117
		return False;
(-)samba-3.0.9-orig/source/smbd/conn.c (-1 / +1 lines)
Lines 132-138 Link Here
132
		return NULL;
132
		return NULL;
133
	}
133
	}
134
134
135
	if ((conn=(connection_struct *)talloc_zero(mem_ctx, sizeof(*conn)))==NULL) {
135
	if ((conn=TALLOC_ZERO_P(mem_ctx, connection_struct))==NULL) {
136
		DEBUG(0,("talloc_zero() failed!\n"));
136
		DEBUG(0,("talloc_zero() failed!\n"));
137
		return NULL;
137
		return NULL;
138
	}
138
	}
(-)samba-3.0.9-orig/source/smbd/dir.c (-3 / +3 lines)
Lines 407-413 Link Here
407
	if (dptrs_open >= MAX_OPEN_DIRECTORIES)
407
	if (dptrs_open >= MAX_OPEN_DIRECTORIES)
408
		dptr_idleoldest();
408
		dptr_idleoldest();
409
409
410
	dptr = (dptr_struct *)malloc(sizeof(dptr_struct));
410
	dptr = SMB_MALLOC_P(dptr_struct);
411
	if(!dptr) {
411
	if(!dptr) {
412
		DEBUG(0,("malloc fail in dptr_create.\n"));
412
		DEBUG(0,("malloc fail in dptr_create.\n"));
413
		return -1;
413
		return -1;
Lines 819-825 Link Here
819
819
820
	if (!p)
820
	if (!p)
821
		return(NULL);
821
		return(NULL);
822
	dirp = (Dir *)malloc(sizeof(Dir));
822
	dirp = SMB_MALLOC_P(Dir);
823
	if (!dirp) {
823
	if (!dirp) {
824
		DEBUG(0,("Out of memory in OpenDir\n"));
824
		DEBUG(0,("Out of memory in OpenDir\n"));
825
		SMB_VFS_CLOSEDIR(conn,p);
825
		SMB_VFS_CLOSEDIR(conn,p);
Lines 900-906 Link Here
900
		if (used + l > dirp->mallocsize) {
900
		if (used + l > dirp->mallocsize) {
901
			int s = MAX(used+l,used+2000);
901
			int s = MAX(used+l,used+2000);
902
			char *r;
902
			char *r;
903
			r = (char *)Realloc(dirp->data,s);
903
			r = (char *)SMB_REALLOC(dirp->data,s);
904
			if (!r) {
904
			if (!r) {
905
				DEBUG(0,("Out of memory in OpenDir\n"));
905
				DEBUG(0,("Out of memory in OpenDir\n"));
906
					break;
906
					break;
(-)samba-3.0.9-orig/source/smbd/fake_file.c (-1 / +1 lines)
Lines 132-138 Link Here
132
				return NULL;	
132
				return NULL;	
133
			}
133
			}
134
134
135
			if ((fh =(FAKE_FILE_HANDLE *)talloc_zero(mem_ctx, sizeof(FAKE_FILE_HANDLE)))==NULL) {
135
			if ((fh =TALLOC_ZERO_P(mem_ctx, FAKE_FILE_HANDLE))==NULL) {
136
				DEBUG(0,("talloc_zero() failed.\n"));
136
				DEBUG(0,("talloc_zero() failed.\n"));
137
				talloc_destroy(mem_ctx);
137
				talloc_destroy(mem_ctx);
138
				return NULL;
138
				return NULL;
(-)samba-3.0.9-orig/source/smbd/fileio.c (-2 / +2 lines)
Lines 662-668 Link Here
662
	if(alloc_size == 0 || fsp->wcp)
662
	if(alloc_size == 0 || fsp->wcp)
663
		return False;
663
		return False;
664
664
665
	if((wcp = (write_cache *)malloc(sizeof(write_cache))) == NULL) {
665
	if((wcp = SMB_MALLOC_P(write_cache)) == NULL) {
666
		DEBUG(0,("setup_write_cache: malloc fail.\n"));
666
		DEBUG(0,("setup_write_cache: malloc fail.\n"));
667
		return False;
667
		return False;
668
	}
668
	}
Lines 671-677 Link Here
671
	wcp->offset = 0;
671
	wcp->offset = 0;
672
	wcp->alloc_size = alloc_size;
672
	wcp->alloc_size = alloc_size;
673
	wcp->data_size = 0;
673
	wcp->data_size = 0;
674
	if((wcp->data = malloc(wcp->alloc_size)) == NULL) {
674
	if((wcp->data = SMB_MALLOC(wcp->alloc_size)) == NULL) {
675
		DEBUG(0,("setup_write_cache: malloc fail for buffer size %u.\n",
675
		DEBUG(0,("setup_write_cache: malloc fail for buffer size %u.\n",
676
			(unsigned int)wcp->alloc_size ));
676
			(unsigned int)wcp->alloc_size ));
677
		SAFE_FREE(wcp);
677
		SAFE_FREE(wcp);
(-)samba-3.0.9-orig/source/smbd/files.c (-1 / +1 lines)
Lines 93-99 Link Here
93
		return NULL;
93
		return NULL;
94
	}
94
	}
95
95
96
	fsp = (files_struct *)malloc(sizeof(*fsp));
96
	fsp = SMB_MALLOC_P(files_struct);
97
	if (!fsp) {
97
	if (!fsp) {
98
		unix_ERR_class = ERRSRV;
98
		unix_ERR_class = ERRSRV;
99
		unix_ERR_code = ERRnofids;
99
		unix_ERR_code = ERRnofids;
(-)samba-3.0.9-orig/source/smbd/ipc.c (-4 / +4 lines)
Lines 165-171 Link Here
165
static BOOL api_rpc_trans_reply(char *outbuf, smb_np_struct *p)
165
static BOOL api_rpc_trans_reply(char *outbuf, smb_np_struct *p)
166
{
166
{
167
	BOOL is_data_outstanding;
167
	BOOL is_data_outstanding;
168
	char *rdata = malloc(p->max_trans_reply);
168
	char *rdata = SMB_MALLOC(p->max_trans_reply);
169
	int data_len;
169
	int data_len;
170
170
171
	if(rdata == NULL) {
171
	if(rdata == NULL) {
Lines 389-395 Link Here
389
		goto bad_param;
389
		goto bad_param;
390
  
390
  
391
	if (tdscnt)  {
391
	if (tdscnt)  {
392
		if((data = (char *)malloc(tdscnt)) == NULL) {
392
		if((data = (char *)SMB_MALLOC(tdscnt)) == NULL) {
393
			DEBUG(0,("reply_trans: data malloc fail for %u bytes !\n", tdscnt));
393
			DEBUG(0,("reply_trans: data malloc fail for %u bytes !\n", tdscnt));
394
			END_PROFILE(SMBtrans);
394
			END_PROFILE(SMBtrans);
395
			return(ERROR_DOS(ERRDOS,ERRnomem));
395
			return(ERROR_DOS(ERRDOS,ERRnomem));
Lines 404-410 Link Here
404
	}
404
	}
405
405
406
	if (tpscnt) {
406
	if (tpscnt) {
407
		if((params = (char *)malloc(tpscnt)) == NULL) {
407
		if((params = (char *)SMB_MALLOC(tpscnt)) == NULL) {
408
			DEBUG(0,("reply_trans: param malloc fail for %u bytes !\n", tpscnt));
408
			DEBUG(0,("reply_trans: param malloc fail for %u bytes !\n", tpscnt));
409
			SAFE_FREE(data);
409
			SAFE_FREE(data);
410
			END_PROFILE(SMBtrans);
410
			END_PROFILE(SMBtrans);
Lines 421-427 Link Here
421
421
422
	if (suwcnt) {
422
	if (suwcnt) {
423
		unsigned int i;
423
		unsigned int i;
424
		if((setup = (uint16 *)malloc(suwcnt*sizeof(uint16))) == NULL) {
424
		if((setup = SMB_MALLOC_ARRAY(uint16,suwcnt)) == NULL) {
425
			DEBUG(0,("reply_trans: setup malloc fail for %u bytes !\n", (unsigned int)(suwcnt * sizeof(uint16))));
425
			DEBUG(0,("reply_trans: setup malloc fail for %u bytes !\n", (unsigned int)(suwcnt * sizeof(uint16))));
426
			SAFE_FREE(data);
426
			SAFE_FREE(data);
427
			SAFE_FREE(params);
427
			SAFE_FREE(params);
(-)samba-3.0.9-orig/source/smbd/lanman.c (-65 / +64 lines)
Lines 753-759 Link Here
753
		 */
753
		 */
754
		*rdata_len = 0;
754
		*rdata_len = 0;
755
		*rparam_len = 6;
755
		*rparam_len = 6;
756
		*rparam = REALLOC(*rparam,*rparam_len);
756
		*rparam = SMB_REALLOC_LIMIT(*rparam,*rparam_len);
757
		SSVALS(*rparam,0,ERRunknownlevel);
757
		SSVALS(*rparam,0,ERRunknownlevel);
758
		SSVAL(*rparam,2,0);
758
		SSVAL(*rparam,2,0);
759
		SSVAL(*rparam,4,0);
759
		SSVAL(*rparam,4,0);
Lines 780-786 Link Here
780
	}
780
	}
781
781
782
	if (mdrcnt > 0) {
782
	if (mdrcnt > 0) {
783
		*rdata = REALLOC(*rdata,mdrcnt);
783
		*rdata = SMB_REALLOC_LIMIT(*rdata,mdrcnt);
784
		desc.base = *rdata;
784
		desc.base = *rdata;
785
		desc.buflen = mdrcnt;
785
		desc.buflen = mdrcnt;
786
	} else {
786
	} else {
Lines 789-795 Link Here
789
		 * init_package will return wrong size if buflen=0
789
		 * init_package will return wrong size if buflen=0
790
		 */
790
		 */
791
		desc.buflen = getlen(desc.format);
791
		desc.buflen = getlen(desc.format);
792
		desc.base = tmpdata = (char *) malloc (desc.buflen);
792
		desc.base = tmpdata = (char *) SMB_MALLOC (desc.buflen);
793
	}
793
	}
794
794
795
	if (init_package(&desc,1,count)) {
795
	if (init_package(&desc,1,count)) {
Lines 809-815 Link Here
809
 
809
 
810
	*rdata_len = desc.usedlen;
810
	*rdata_len = desc.usedlen;
811
	*rparam_len = 6;
811
	*rparam_len = 6;
812
	*rparam = REALLOC(*rparam,*rparam_len);
812
	*rparam = SMB_REALLOC_LIMIT(*rparam,*rparam_len);
813
	SSVALS(*rparam,0,desc.errcode);
813
	SSVALS(*rparam,0,desc.errcode);
814
	SSVAL(*rparam,2,0);
814
	SSVAL(*rparam,2,0);
815
	SSVAL(*rparam,4,desc.neededlen);
815
	SSVAL(*rparam,4,desc.neededlen);
Lines 857-863 Link Here
857
     */
857
     */
858
    *rdata_len = 0;
858
    *rdata_len = 0;
859
    *rparam_len = 6;
859
    *rparam_len = 6;
860
    *rparam = REALLOC(*rparam,*rparam_len);
860
    *rparam = SMB_REALLOC_LIMIT(*rparam,*rparam_len);
861
    SSVALS(*rparam,0,ERRunknownlevel);
861
    SSVALS(*rparam,0,ERRunknownlevel);
862
    SSVAL(*rparam,2,0);
862
    SSVAL(*rparam,2,0);
863
    SSVAL(*rparam,4,0);
863
    SSVAL(*rparam,4,0);
Lines 869-885 Link Here
869
    if (lp_snum_ok(i) && lp_print_ok(i) && lp_browseable(i))
869
    if (lp_snum_ok(i) && lp_print_ok(i) && lp_browseable(i))
870
      queuecnt++;
870
      queuecnt++;
871
  if (uLevel > 0) {
871
  if (uLevel > 0) {
872
    if((queue = (print_queue_struct**)malloc(queuecnt*sizeof(print_queue_struct*))) == NULL) {
872
    if((queue = SMB_MALLOC_ARRAY(print_queue_struct*, queuecnt)) == NULL) {
873
      DEBUG(0,("api_DosPrintQEnum: malloc fail !\n"));
873
      DEBUG(0,("api_DosPrintQEnum: malloc fail !\n"));
874
      return False;
874
      return False;
875
    }
875
    }
876
    memset(queue,0,queuecnt*sizeof(print_queue_struct*));
876
    memset(queue,0,queuecnt*sizeof(print_queue_struct*));
877
    if((status = (print_status_struct*)malloc(queuecnt*sizeof(print_status_struct))) == NULL) {
877
    if((status = SMB_MALLOC_ARRAY(print_status_struct,queuecnt)) == NULL) {
878
      DEBUG(0,("api_DosPrintQEnum: malloc fail !\n"));
878
      DEBUG(0,("api_DosPrintQEnum: malloc fail !\n"));
879
      return False;
879
      return False;
880
    }
880
    }
881
    memset(status,0,queuecnt*sizeof(print_status_struct));
881
    memset(status,0,queuecnt*sizeof(print_status_struct));
882
    if((subcntarr = (int*)malloc(queuecnt*sizeof(int))) == NULL) {
882
    if((subcntarr = SMB_MALLOC_ARRAY(int,queuecnt)) == NULL) {
883
      DEBUG(0,("api_DosPrintQEnum: malloc fail !\n"));
883
      DEBUG(0,("api_DosPrintQEnum: malloc fail !\n"));
884
      return False;
884
      return False;
885
    }
885
    }
Lines 892-898 Link Here
892
 	n++;
892
 	n++;
893
      }
893
      }
894
  }
894
  }
895
  if (mdrcnt > 0) *rdata = REALLOC(*rdata,mdrcnt);
895
  if (mdrcnt > 0) *rdata = SMB_REALLOC_LIMIT(*rdata,mdrcnt);
896
  desc.base = *rdata;
896
  desc.base = *rdata;
897
  desc.buflen = mdrcnt;
897
  desc.buflen = mdrcnt;
898
898
Lines 911-917 Link Here
911
 
911
 
912
  *rdata_len = desc.usedlen;
912
  *rdata_len = desc.usedlen;
913
  *rparam_len = 8;
913
  *rparam_len = 8;
914
  *rparam = REALLOC(*rparam,*rparam_len);
914
  *rparam = SMB_REALLOC_LIMIT(*rparam,*rparam_len);
915
  SSVALS(*rparam,0,desc.errcode);
915
  SSVALS(*rparam,0,desc.errcode);
916
  SSVAL(*rparam,2,0);
916
  SSVAL(*rparam,2,0);
917
  SSVAL(*rparam,4,succnt);
917
  SSVAL(*rparam,4,succnt);
Lines 995-1002 Link Here
995
      struct srv_info_struct *ts;
995
      struct srv_info_struct *ts;
996
      
996
      
997
      alloced += 10;
997
      alloced += 10;
998
      ts = (struct srv_info_struct *)
998
      ts = SMB_REALLOC_ARRAY(*servers,struct srv_info_struct, alloced);
999
	Realloc(*servers,sizeof(**servers)*alloced);
1000
      if (!ts) {
999
      if (!ts) {
1001
      	DEBUG(0,("get_server_info: failed to enlarge servers info struct!\n"));
1000
      	DEBUG(0,("get_server_info: failed to enlarge servers info struct!\n"));
1002
	return(0);
1001
	return(0);
Lines 1242-1248 Link Here
1242
  }
1241
  }
1243
1242
1244
  *rdata_len = fixed_len + string_len;
1243
  *rdata_len = fixed_len + string_len;
1245
  *rdata = REALLOC(*rdata,*rdata_len);
1244
  *rdata = SMB_REALLOC_LIMIT(*rdata,*rdata_len);
1246
  memset(*rdata,'\0',*rdata_len);
1245
  memset(*rdata,'\0',*rdata_len);
1247
  
1246
  
1248
  p2 = (*rdata) + fixed_len;	/* auxilliary data (strings) will go here */
1247
  p2 = (*rdata) + fixed_len;	/* auxilliary data (strings) will go here */
Lines 1266-1272 Link Here
1266
  }
1265
  }
1267
  
1266
  
1268
  *rparam_len = 8;
1267
  *rparam_len = 8;
1269
  *rparam = REALLOC(*rparam,*rparam_len);
1268
  *rparam = SMB_REALLOC_LIMIT(*rparam,*rparam_len);
1270
  SSVAL(*rparam,0,(missed == 0 ? NERR_Success : ERRmoredata));
1269
  SSVAL(*rparam,0,(missed == 0 ? NERR_Success : ERRmoredata));
1271
  SSVAL(*rparam,2,0);
1270
  SSVAL(*rparam,2,0);
1272
  SSVAL(*rparam,4,counted);
1271
  SSVAL(*rparam,4,counted);
Lines 1303-1309 Link Here
1303
  *rdata_len = 0;
1302
  *rdata_len = 0;
1304
  
1303
  
1305
  *rparam_len = 8;
1304
  *rparam_len = 8;
1306
  *rparam = REALLOC(*rparam,*rparam_len);
1305
  *rparam = SMB_REALLOC_LIMIT(*rparam,*rparam_len);
1307
1306
1308
  SSVAL(*rparam,0,0x08AC); /* informational warning message */
1307
  SSVAL(*rparam,0,0x08AC); /* informational warning message */
1309
  SSVAL(*rparam,2,0);
1308
  SSVAL(*rparam,2,0);
Lines 1449-1461 Link Here
1449
  if (!prefix_ok(str1,"zWrLh")) return False;
1448
  if (!prefix_ok(str1,"zWrLh")) return False;
1450
  if (!check_share_info(uLevel,str2)) return False;
1449
  if (!check_share_info(uLevel,str2)) return False;
1451
 
1450
 
1452
  *rdata = REALLOC(*rdata,mdrcnt);
1451
  *rdata = SMB_REALLOC_LIMIT(*rdata,mdrcnt);
1453
  p = *rdata;
1452
  p = *rdata;
1454
  *rdata_len = fill_share_info(conn,snum,uLevel,&p,&mdrcnt,0,0,0);
1453
  *rdata_len = fill_share_info(conn,snum,uLevel,&p,&mdrcnt,0,0,0);
1455
  if (*rdata_len < 0) return False;
1454
  if (*rdata_len < 0) return False;
1456
 
1455
 
1457
  *rparam_len = 6;
1456
  *rparam_len = 6;
1458
  *rparam = REALLOC(*rparam,*rparam_len);
1457
  *rparam = SMB_REALLOC_LIMIT(*rparam,*rparam_len);
1459
  SSVAL(*rparam,0,NERR_Success);
1458
  SSVAL(*rparam,0,NERR_Success);
1460
  SSVAL(*rparam,2,0);		/* converter word */
1459
  SSVAL(*rparam,2,0);		/* converter word */
1461
  SSVAL(*rparam,4,*rdata_len);
1460
  SSVAL(*rparam,4,*rdata_len);
Lines 1520-1526 Link Here
1520
    }
1519
    }
1521
  }
1520
  }
1522
  *rdata_len = fixed_len + string_len;
1521
  *rdata_len = fixed_len + string_len;
1523
  *rdata = REALLOC(*rdata,*rdata_len);
1522
  *rdata = SMB_REALLOC_LIMIT(*rdata,*rdata_len);
1524
  memset(*rdata,0,*rdata_len);
1523
  memset(*rdata,0,*rdata_len);
1525
  
1524
  
1526
  p2 = (*rdata) + fixed_len;	/* auxiliary data (strings) will go here */
1525
  p2 = (*rdata) + fixed_len;	/* auxiliary data (strings) will go here */
Lines 1541-1547 Link Here
1541
    }
1540
    }
1542
  
1541
  
1543
  *rparam_len = 8;
1542
  *rparam_len = 8;
1544
  *rparam = REALLOC(*rparam,*rparam_len);
1543
  *rparam = SMB_REALLOC_LIMIT(*rparam,*rparam_len);
1545
  SSVAL(*rparam,0,missed ? ERRmoredata : NERR_Success);
1544
  SSVAL(*rparam,0,missed ? ERRmoredata : NERR_Success);
1546
  SSVAL(*rparam,2,0);
1545
  SSVAL(*rparam,2,0);
1547
  SSVAL(*rparam,4,counted);
1546
  SSVAL(*rparam,4,counted);
Lines 1627-1633 Link Here
1627
  } else return False;
1626
  } else return False;
1628
1627
1629
  *rparam_len = 6;
1628
  *rparam_len = 6;
1630
  *rparam = REALLOC(*rparam,*rparam_len);
1629
  *rparam = SMB_REALLOC_LIMIT(*rparam,*rparam_len);
1631
  SSVAL(*rparam,0,NERR_Success);
1630
  SSVAL(*rparam,0,NERR_Success);
1632
  SSVAL(*rparam,2,0);		/* converter word */
1631
  SSVAL(*rparam,2,0);		/* converter word */
1633
  SSVAL(*rparam,4,*rdata_len);
1632
  SSVAL(*rparam,4,*rdata_len);
Lines 1637-1643 Link Here
1637
1636
1638
 error_exit:
1637
 error_exit:
1639
  *rparam_len = 4;
1638
  *rparam_len = 4;
1640
  *rparam = REALLOC(*rparam,*rparam_len);
1639
  *rparam = SMB_REALLOC_LIMIT(*rparam,*rparam_len);
1641
  *rdata_len = 0;
1640
  *rdata_len = 0;
1642
  SSVAL(*rparam,0,res);
1641
  SSVAL(*rparam,0,res);
1643
  SSVAL(*rparam,2,0);
1642
  SSVAL(*rparam,2,0);
Lines 1692-1698 Link Here
1692
	DEBUG(10,("api_RNetGroupEnum:resume context: %d, client buffer size: %d\n", resume_context, cli_buf_size));
1691
	DEBUG(10,("api_RNetGroupEnum:resume context: %d, client buffer size: %d\n", resume_context, cli_buf_size));
1693
1692
1694
	*rdata_len = cli_buf_size;
1693
	*rdata_len = cli_buf_size;
1695
	*rdata = REALLOC(*rdata,*rdata_len);
1694
	*rdata = SMB_REALLOC_LIMIT(*rdata,*rdata_len);
1696
1695
1697
	p = *rdata;
1696
	p = *rdata;
1698
1697
Lines 1714-1720 Link Here
1714
	*rdata_len = PTR_DIFF(p,*rdata);
1713
	*rdata_len = PTR_DIFF(p,*rdata);
1715
1714
1716
	*rparam_len = 8;
1715
	*rparam_len = 8;
1717
	*rparam = REALLOC(*rparam,*rparam_len);
1716
	*rparam = SMB_REALLOC_LIMIT(*rparam,*rparam_len);
1718
1717
1719
  	SSVAL(*rparam, 0, errflags);
1718
  	SSVAL(*rparam, 0, errflags);
1720
  	SSVAL(*rparam, 2, 0);		/* converter word */
1719
  	SSVAL(*rparam, 2, 0);		/* converter word */
Lines 1750-1756 Link Here
1750
	DOM_SID sid, dom_sid;
1749
	DOM_SID sid, dom_sid;
1751
1750
1752
	*rparam_len = 8;
1751
	*rparam_len = 8;
1753
	*rparam = REALLOC(*rparam,*rparam_len);
1752
	*rparam = SMB_REALLOC_LIMIT(*rparam,*rparam_len);
1754
  
1753
  
1755
	/* check it's a supported varient */
1754
	/* check it's a supported varient */
1756
	
1755
	
Lines 1769-1775 Link Here
1769
		return False;
1768
		return False;
1770
1769
1771
	*rdata_len = mdrcnt + 1024;
1770
	*rdata_len = mdrcnt + 1024;
1772
	*rdata = REALLOC(*rdata,*rdata_len);
1771
	*rdata = SMB_REALLOC_LIMIT(*rdata,*rdata_len);
1773
1772
1774
	SSVAL(*rparam,0,NERR_Success);
1773
	SSVAL(*rparam,0,NERR_Success);
1775
	SSVAL(*rparam,2,0);		/* converter word */
1774
	SSVAL(*rparam,2,0);		/* converter word */
Lines 1864-1877 Link Here
1864
	DEBUG(10,("api_RNetUserEnum:resume context: %d, client buffer size: %d\n", resume_context, cli_buf_size));
1863
	DEBUG(10,("api_RNetUserEnum:resume context: %d, client buffer size: %d\n", resume_context, cli_buf_size));
1865
1864
1866
	*rparam_len = 8;
1865
	*rparam_len = 8;
1867
	*rparam = REALLOC(*rparam,*rparam_len);
1866
	*rparam = SMB_REALLOC_LIMIT(*rparam,*rparam_len);
1868
1867
1869
	/* check it's a supported varient */
1868
	/* check it's a supported varient */
1870
	if (strcmp("B21",str2) != 0)
1869
	if (strcmp("B21",str2) != 0)
1871
		return False;
1870
		return False;
1872
1871
1873
	*rdata_len = cli_buf_size;
1872
	*rdata_len = cli_buf_size;
1874
	*rdata = REALLOC(*rdata,*rdata_len);
1873
	*rdata = SMB_REALLOC_LIMIT(*rdata,*rdata_len);
1875
1874
1876
	p = *rdata;
1875
	p = *rdata;
1877
1876
Lines 1934-1943 Link Here
1934
{
1933
{
1935
  char *p;
1934
  char *p;
1936
  *rparam_len = 4;
1935
  *rparam_len = 4;
1937
  *rparam = REALLOC(*rparam,*rparam_len);
1936
  *rparam = SMB_REALLOC_LIMIT(*rparam,*rparam_len);
1938
1937
1939
  *rdata_len = 21;
1938
  *rdata_len = 21;
1940
  *rdata = REALLOC(*rdata,*rdata_len);
1939
  *rdata = SMB_REALLOC_LIMIT(*rdata,*rdata_len);
1941
1940
1942
  SSVAL(*rparam,0,NERR_Success);
1941
  SSVAL(*rparam,0,NERR_Success);
1943
  SSVAL(*rparam,2,0);		/* converter word */
1942
  SSVAL(*rparam,2,0);		/* converter word */
Lines 1996-2002 Link Here
1996
	memcpy(pass2,p+16,16);
1995
	memcpy(pass2,p+16,16);
1997
1996
1998
	*rparam_len = 4;
1997
	*rparam_len = 4;
1999
	*rparam = REALLOC(*rparam,*rparam_len);
1998
	*rparam = SMB_REALLOC_LIMIT(*rparam,*rparam_len);
2000
1999
2001
	*rdata_len = 0;
2000
	*rdata_len = 0;
2002
2001
Lines 2068-2074 Link Here
2068
	fstring user;
2067
	fstring user;
2069
	char *p = param + 2;
2068
	char *p = param + 2;
2070
	*rparam_len = 2;
2069
	*rparam_len = 2;
2071
	*rparam = REALLOC(*rparam,*rparam_len);
2070
	*rparam = SMB_REALLOC_LIMIT(*rparam,*rparam_len);
2072
2071
2073
	*rdata_len = 0;
2072
	*rdata_len = 0;
2074
2073
Lines 2135-2141 Link Here
2135
		return(False);
2134
		return(False);
2136
2135
2137
	*rparam_len = 4;
2136
	*rparam_len = 4;
2138
	*rparam = REALLOC(*rparam,*rparam_len);	
2137
	*rparam = SMB_REALLOC_LIMIT(*rparam,*rparam_len);	
2139
	*rdata_len = 0;
2138
	*rdata_len = 0;
2140
2139
2141
	if (!print_job_exists(sharename, jobid)) {
2140
	if (!print_job_exists(sharename, jobid)) {
Lines 2192-2198 Link Here
2192
		return(False);
2191
		return(False);
2193
2192
2194
	*rparam_len = 4;
2193
	*rparam_len = 4;
2195
	*rparam = REALLOC(*rparam,*rparam_len);
2194
	*rparam = SMB_REALLOC_LIMIT(*rparam,*rparam_len);
2196
	*rdata_len = 0;
2195
	*rdata_len = 0;
2197
2196
2198
	snum = print_queue_snum(QueueName);
2197
	snum = print_queue_snum(QueueName);
Lines 2266-2272 Link Here
2266
	if(!rap_to_pjobid(SVAL(p,0), sharename, &jobid))
2265
	if(!rap_to_pjobid(SVAL(p,0), sharename, &jobid))
2267
		return False;
2266
		return False;
2268
	*rparam_len = 4;
2267
	*rparam_len = 4;
2269
	*rparam = REALLOC(*rparam,*rparam_len);
2268
	*rparam = SMB_REALLOC_LIMIT(*rparam,*rparam_len);
2270
2269
2271
	if ( (snum = lp_servicenumber(sharename)) == -1 ) {
2270
	if ( (snum = lp_servicenumber(sharename)) == -1 ) {
2272
		DEBUG(0,("api_PrintJobInfo: unable to get service number from sharename [%s]\n",
2271
		DEBUG(0,("api_PrintJobInfo: unable to get service number from sharename [%s]\n",
Lines 2367-2373 Link Here
2367
  }
2366
  }
2368
2367
2369
  *rdata_len = mdrcnt;
2368
  *rdata_len = mdrcnt;
2370
  *rdata = REALLOC(*rdata,*rdata_len);
2369
  *rdata = SMB_REALLOC_LIMIT(*rdata,*rdata_len);
2371
2370
2372
  p = *rdata;
2371
  p = *rdata;
2373
  p2 = p + struct_len;
2372
  p2 = p + struct_len;
Lines 2416-2422 Link Here
2416
  *rdata_len = PTR_DIFF(p2,*rdata);
2415
  *rdata_len = PTR_DIFF(p2,*rdata);
2417
2416
2418
  *rparam_len = 6;
2417
  *rparam_len = 6;
2419
  *rparam = REALLOC(*rparam,*rparam_len);
2418
  *rparam = SMB_REALLOC_LIMIT(*rparam,*rparam_len);
2420
  SSVAL(*rparam,0,NERR_Success);
2419
  SSVAL(*rparam,0,NERR_Success);
2421
  SSVAL(*rparam,2,0);		/* converter word */
2420
  SSVAL(*rparam,2,0);		/* converter word */
2422
  SSVAL(*rparam,4,*rdata_len);
2421
  SSVAL(*rparam,4,*rdata_len);
Lines 2443-2456 Link Here
2443
  DEBUG(4,("NetWkstaGetInfo level %d\n",level));
2442
  DEBUG(4,("NetWkstaGetInfo level %d\n",level));
2444
2443
2445
  *rparam_len = 6;
2444
  *rparam_len = 6;
2446
  *rparam = REALLOC(*rparam,*rparam_len);
2445
  *rparam = SMB_REALLOC_LIMIT(*rparam,*rparam_len);
2447
2446
2448
  /* check it's a supported varient */
2447
  /* check it's a supported varient */
2449
  if (!(level==10 && strcsequal(str1,"WrLh") && strcsequal(str2,"zzzBBzz")))
2448
  if (!(level==10 && strcsequal(str1,"WrLh") && strcsequal(str2,"zzzBBzz")))
2450
    return(False);
2449
    return(False);
2451
2450
2452
  *rdata_len = mdrcnt + 1024;
2451
  *rdata_len = mdrcnt + 1024;
2453
  *rdata = REALLOC(*rdata,*rdata_len);
2452
  *rdata = SMB_REALLOC_LIMIT(*rdata,*rdata_len);
2454
2453
2455
  SSVAL(*rparam,0,NERR_Success);
2454
  SSVAL(*rparam,0,NERR_Success);
2456
  SSVAL(*rparam,2,0);		/* converter word */
2455
  SSVAL(*rparam,2,0);		/* converter word */
Lines 2689-2695 Link Here
2689
	       vuser->user.unix_name));
2688
	       vuser->user.unix_name));
2690
2689
2691
    *rparam_len = 6;
2690
    *rparam_len = 6;
2692
    *rparam = REALLOC(*rparam,*rparam_len);
2691
    *rparam = SMB_REALLOC_LIMIT(*rparam,*rparam_len);
2693
2692
2694
    DEBUG(4,("RNetUserGetInfo level=%d\n", uLevel));
2693
    DEBUG(4,("RNetUserGetInfo level=%d\n", uLevel));
2695
  
2694
  
Lines 2708-2714 Link Here
2708
	if (strcmp(level_string,str2) != 0) return False;
2707
	if (strcmp(level_string,str2) != 0) return False;
2709
2708
2710
	*rdata_len = mdrcnt + 1024;
2709
	*rdata_len = mdrcnt + 1024;
2711
	*rdata = REALLOC(*rdata,*rdata_len);
2710
	*rdata = SMB_REALLOC_LIMIT(*rdata,*rdata_len);
2712
2711
2713
	SSVAL(*rparam,0,NERR_Success);
2712
	SSVAL(*rparam,0,NERR_Success);
2714
	SSVAL(*rparam,2,0);		/* converter word */
2713
	SSVAL(*rparam,2,0);		/* converter word */
Lines 2855-2861 Link Here
2855
  /* check it's a supported varient */
2854
  /* check it's a supported varient */
2856
  if (strcmp(str1,"OOWb54WrLh") != 0) return False;
2855
  if (strcmp(str1,"OOWb54WrLh") != 0) return False;
2857
  if (uLevel != 1 || strcmp(str2,"WB21BWDWWDDDDDDDzzzD") != 0) return False;
2856
  if (uLevel != 1 || strcmp(str2,"WB21BWDWWDDDDDDDzzzD") != 0) return False;
2858
  if (mdrcnt > 0) *rdata = REALLOC(*rdata,mdrcnt);
2857
  if (mdrcnt > 0) *rdata = SMB_REALLOC_LIMIT(*rdata,mdrcnt);
2859
  desc.base = *rdata;
2858
  desc.base = *rdata;
2860
  desc.buflen = mdrcnt;
2859
  desc.buflen = mdrcnt;
2861
  desc.subformat = NULL;
2860
  desc.subformat = NULL;
Lines 2894-2900 Link Here
2894
2893
2895
  *rdata_len = desc.usedlen;
2894
  *rdata_len = desc.usedlen;
2896
  *rparam_len = 6;
2895
  *rparam_len = 6;
2897
  *rparam = REALLOC(*rparam,*rparam_len);
2896
  *rparam = SMB_REALLOC_LIMIT(*rparam,*rparam_len);
2898
  SSVALS(*rparam,0,desc.errcode);
2897
  SSVALS(*rparam,0,desc.errcode);
2899
  SSVAL(*rparam,2,0);
2898
  SSVAL(*rparam,2,0);
2900
  SSVAL(*rparam,4,desc.neededlen);
2899
  SSVAL(*rparam,4,desc.neededlen);
Lines 2924-2930 Link Here
2924
  if (strcmp(str2,"") != 0) return False;
2923
  if (strcmp(str2,"") != 0) return False;
2925
2924
2926
  *rparam_len = 6;
2925
  *rparam_len = 6;
2927
  *rparam = REALLOC(*rparam,*rparam_len);
2926
  *rparam = SMB_REALLOC_LIMIT(*rparam,*rparam_len);
2928
  SSVALS(*rparam,0,0);		/* errorcode */
2927
  SSVALS(*rparam,0,0);		/* errorcode */
2929
  SSVAL(*rparam,2,0);		/* converter word */
2928
  SSVAL(*rparam,2,0);		/* converter word */
2930
  SSVAL(*rparam,4,0x7f);	/* permission flags */
2929
  SSVAL(*rparam,4,0x7f);	/* permission flags */
Lines 2976-2982 Link Here
2976
  }
2975
  }
2977
2976
2978
  if (mdrcnt > 0) {
2977
  if (mdrcnt > 0) {
2979
    *rdata = REALLOC(*rdata,mdrcnt);
2978
    *rdata = SMB_REALLOC_LIMIT(*rdata,mdrcnt);
2980
    desc.base = *rdata;
2979
    desc.base = *rdata;
2981
    desc.buflen = mdrcnt;
2980
    desc.buflen = mdrcnt;
2982
  } else {
2981
  } else {
Lines 2985-2991 Link Here
2985
     *  init_package will return wrong size if buflen=0
2984
     *  init_package will return wrong size if buflen=0
2986
     */
2985
     */
2987
    desc.buflen = getlen(desc.format);
2986
    desc.buflen = getlen(desc.format);
2988
    desc.base = tmpdata = (char *)malloc ( desc.buflen );
2987
    desc.base = tmpdata = (char *)SMB_MALLOC( desc.buflen );
2989
  }
2988
  }
2990
2989
2991
  if (init_package(&desc,1,0)) {
2990
  if (init_package(&desc,1,0)) {
Lines 3000-3006 Link Here
3000
  }
2999
  }
3001
3000
3002
  *rparam_len = 6;
3001
  *rparam_len = 6;
3003
  *rparam = REALLOC(*rparam,*rparam_len);
3002
  *rparam = SMB_REALLOC_LIMIT(*rparam,*rparam_len);
3004
  SSVALS(*rparam,0,desc.errcode);
3003
  SSVALS(*rparam,0,desc.errcode);
3005
  SSVAL(*rparam,2,0);
3004
  SSVAL(*rparam,2,0);
3006
  SSVAL(*rparam,4,desc.neededlen);
3005
  SSVAL(*rparam,4,desc.neededlen);
Lines 3054-3060 Link Here
3054
  if (snum < 0 || !VALID_SNUM(snum)) return(False);
3053
  if (snum < 0 || !VALID_SNUM(snum)) return(False);
3055
3054
3056
  count = print_queue_status(snum,&queue,&status);
3055
  count = print_queue_status(snum,&queue,&status);
3057
  if (mdrcnt > 0) *rdata = REALLOC(*rdata,mdrcnt);
3056
  if (mdrcnt > 0) *rdata = SMB_REALLOC_LIMIT(*rdata,mdrcnt);
3058
  desc.base = *rdata;
3057
  desc.base = *rdata;
3059
  desc.buflen = mdrcnt;
3058
  desc.buflen = mdrcnt;
3060
3059
Lines 3069-3075 Link Here
3069
  *rdata_len = desc.usedlen;
3068
  *rdata_len = desc.usedlen;
3070
3069
3071
  *rparam_len = 8;
3070
  *rparam_len = 8;
3072
  *rparam = REALLOC(*rparam,*rparam_len);
3071
  *rparam = SMB_REALLOC_LIMIT(*rparam,*rparam_len);
3073
  SSVALS(*rparam,0,desc.errcode);
3072
  SSVALS(*rparam,0,desc.errcode);
3074
  SSVAL(*rparam,2,0);
3073
  SSVAL(*rparam,2,0);
3075
  SSVAL(*rparam,4,succnt);
3074
  SSVAL(*rparam,4,succnt);
Lines 3170-3176 Link Here
3170
  }
3169
  }
3171
  else {
3170
  else {
3172
    if (mdrcnt > 0) {
3171
    if (mdrcnt > 0) {
3173
      *rdata = REALLOC(*rdata,mdrcnt);
3172
      *rdata = SMB_REALLOC_LIMIT(*rdata,mdrcnt);
3174
      desc.base = *rdata;
3173
      desc.base = *rdata;
3175
      desc.buflen = mdrcnt;
3174
      desc.buflen = mdrcnt;
3176
    } else {
3175
    } else {
Lines 3179-3185 Link Here
3179
       *  init_package will return wrong size if buflen=0
3178
       *  init_package will return wrong size if buflen=0
3180
       */
3179
       */
3181
      desc.buflen = getlen(desc.format);
3180
      desc.buflen = getlen(desc.format);
3182
      desc.base = tmpdata = (char *)malloc ( desc.buflen );
3181
      desc.base = tmpdata = (char *)SMB_MALLOC( desc.buflen );
3183
    }
3182
    }
3184
    if (init_package(&desc,1,0)) {
3183
    if (init_package(&desc,1,0)) {
3185
      fill_printdest_info(conn,snum,uLevel,&desc);
3184
      fill_printdest_info(conn,snum,uLevel,&desc);
Lines 3188-3194 Link Here
3188
  }
3187
  }
3189
3188
3190
  *rparam_len = 6;
3189
  *rparam_len = 6;
3191
  *rparam = REALLOC(*rparam,*rparam_len);
3190
  *rparam = SMB_REALLOC_LIMIT(*rparam,*rparam_len);
3192
  SSVALS(*rparam,0,desc.errcode);
3191
  SSVALS(*rparam,0,desc.errcode);
3193
  SSVAL(*rparam,2,0);
3192
  SSVAL(*rparam,2,0);
3194
  SSVAL(*rparam,4,desc.neededlen);
3193
  SSVAL(*rparam,4,desc.neededlen);
Lines 3227-3233 Link Here
3227
    if (lp_snum_ok(i) && lp_print_ok(i) && lp_browseable(i))
3226
    if (lp_snum_ok(i) && lp_print_ok(i) && lp_browseable(i))
3228
      queuecnt++;
3227
      queuecnt++;
3229
3228
3230
  if (mdrcnt > 0) *rdata = REALLOC(*rdata,mdrcnt);
3229
  if (mdrcnt > 0) *rdata = SMB_REALLOC_LIMIT(*rdata,mdrcnt);
3231
  desc.base = *rdata;
3230
  desc.base = *rdata;
3232
  desc.buflen = mdrcnt;
3231
  desc.buflen = mdrcnt;
3233
  if (init_package(&desc,queuecnt,0)) {    
3232
  if (init_package(&desc,queuecnt,0)) {    
Lines 3245-3251 Link Here
3245
  *rdata_len = desc.usedlen;
3244
  *rdata_len = desc.usedlen;
3246
3245
3247
  *rparam_len = 8;
3246
  *rparam_len = 8;
3248
  *rparam = REALLOC(*rparam,*rparam_len);
3247
  *rparam = SMB_REALLOC_LIMIT(*rparam,*rparam_len);
3249
  SSVALS(*rparam,0,desc.errcode);
3248
  SSVALS(*rparam,0,desc.errcode);
3250
  SSVAL(*rparam,2,0);
3249
  SSVAL(*rparam,2,0);
3251
  SSVAL(*rparam,4,succnt);
3250
  SSVAL(*rparam,4,succnt);
Lines 3277-3283 Link Here
3277
  if (strcmp(str1,"WrLeh") != 0) return False;
3276
  if (strcmp(str1,"WrLeh") != 0) return False;
3278
  if (uLevel != 0 || strcmp(str2,"B41") != 0) return False;
3277
  if (uLevel != 0 || strcmp(str2,"B41") != 0) return False;
3279
3278
3280
  if (mdrcnt > 0) *rdata = REALLOC(*rdata,mdrcnt);
3279
  if (mdrcnt > 0) *rdata = SMB_REALLOC_LIMIT(*rdata,mdrcnt);
3281
  desc.base = *rdata;
3280
  desc.base = *rdata;
3282
  desc.buflen = mdrcnt;
3281
  desc.buflen = mdrcnt;
3283
  if (init_package(&desc,1,0)) {
3282
  if (init_package(&desc,1,0)) {
Lines 3289-3295 Link Here
3289
  *rdata_len = desc.usedlen;
3288
  *rdata_len = desc.usedlen;
3290
3289
3291
  *rparam_len = 8;
3290
  *rparam_len = 8;
3292
  *rparam = REALLOC(*rparam,*rparam_len);
3291
  *rparam = SMB_REALLOC_LIMIT(*rparam,*rparam_len);
3293
  SSVALS(*rparam,0,desc.errcode);
3292
  SSVALS(*rparam,0,desc.errcode);
3294
  SSVAL(*rparam,2,0);
3293
  SSVAL(*rparam,2,0);
3295
  SSVAL(*rparam,4,succnt);
3294
  SSVAL(*rparam,4,succnt);
Lines 3321-3327 Link Here
3321
  if (strcmp(str1,"WrLeh") != 0) return False;
3320
  if (strcmp(str1,"WrLeh") != 0) return False;
3322
  if (uLevel != 0 || strcmp(str2,"B13") != 0) return False;
3321
  if (uLevel != 0 || strcmp(str2,"B13") != 0) return False;
3323
3322
3324
  if (mdrcnt > 0) *rdata = REALLOC(*rdata,mdrcnt);
3323
  if (mdrcnt > 0) *rdata = SMB_REALLOC_LIMIT(*rdata,mdrcnt);
3325
  desc.base = *rdata;
3324
  desc.base = *rdata;
3326
  desc.buflen = mdrcnt;
3325
  desc.buflen = mdrcnt;
3327
  desc.format = str2;
3326
  desc.format = str2;
Lines 3334-3340 Link Here
3334
  *rdata_len = desc.usedlen;
3333
  *rdata_len = desc.usedlen;
3335
3334
3336
  *rparam_len = 8;
3335
  *rparam_len = 8;
3337
  *rparam = REALLOC(*rparam,*rparam_len);
3336
  *rparam = SMB_REALLOC_LIMIT(*rparam,*rparam_len);
3338
  SSVALS(*rparam,0,desc.errcode);
3337
  SSVALS(*rparam,0,desc.errcode);
3339
  SSVAL(*rparam,2,0);
3338
  SSVAL(*rparam,2,0);
3340
  SSVAL(*rparam,4,succnt);
3339
  SSVAL(*rparam,4,succnt);
Lines 3366-3372 Link Here
3366
  if (strcmp(str1,"WrLeh") != 0) return False;
3365
  if (strcmp(str1,"WrLeh") != 0) return False;
3367
  if (uLevel != 0 || strcmp(str2,"B9") != 0) return False;
3366
  if (uLevel != 0 || strcmp(str2,"B9") != 0) return False;
3368
3367
3369
  if (mdrcnt > 0) *rdata = REALLOC(*rdata,mdrcnt);
3368
  if (mdrcnt > 0) *rdata = SMB_REALLOC_LIMIT(*rdata,mdrcnt);
3370
  memset((char *)&desc,'\0',sizeof(desc));
3369
  memset((char *)&desc,'\0',sizeof(desc));
3371
  desc.base = *rdata;
3370
  desc.base = *rdata;
3372
  desc.buflen = mdrcnt;
3371
  desc.buflen = mdrcnt;
Lines 3380-3386 Link Here
3380
  *rdata_len = desc.usedlen;
3379
  *rdata_len = desc.usedlen;
3381
3380
3382
  *rparam_len = 8;
3381
  *rparam_len = 8;
3383
  *rparam = REALLOC(*rparam,*rparam_len);
3382
  *rparam = SMB_REALLOC_LIMIT(*rparam,*rparam_len);
3384
  SSVALS(*rparam,0,desc.errcode);
3383
  SSVALS(*rparam,0,desc.errcode);
3385
  SSVAL(*rparam,2,0);
3384
  SSVAL(*rparam,2,0);
3386
  SSVAL(*rparam,4,succnt);
3385
  SSVAL(*rparam,4,succnt);
Lines 3422-3428 Link Here
3422
3421
3423
  num_sessions = list_sessions(&session_list);
3422
  num_sessions = list_sessions(&session_list);
3424
3423
3425
  if (mdrcnt > 0) *rdata = REALLOC(*rdata,mdrcnt);
3424
  if (mdrcnt > 0) *rdata = SMB_REALLOC_LIMIT(*rdata,mdrcnt);
3426
  memset((char *)&desc,'\0',sizeof(desc));
3425
  memset((char *)&desc,'\0',sizeof(desc));
3427
  desc.base = *rdata;
3426
  desc.base = *rdata;
3428
  desc.buflen = mdrcnt;
3427
  desc.buflen = mdrcnt;
Lines 3446-3452 Link Here
3446
  *rdata_len = desc.usedlen;
3445
  *rdata_len = desc.usedlen;
3447
3446
3448
  *rparam_len = 8;
3447
  *rparam_len = 8;
3449
  *rparam = REALLOC(*rparam,*rparam_len);
3448
  *rparam = SMB_REALLOC_LIMIT(*rparam,*rparam_len);
3450
  SSVALS(*rparam,0,desc.errcode);
3449
  SSVALS(*rparam,0,desc.errcode);
3451
  SSVAL(*rparam,2,0); /* converter */
3450
  SSVAL(*rparam,2,0); /* converter */
3452
  SSVAL(*rparam,4,num_sessions); /* count */
3451
  SSVAL(*rparam,4,num_sessions); /* count */
Lines 3466-3472 Link Here
3466
			 int *rdata_len,int *rparam_len)
3465
			 int *rdata_len,int *rparam_len)
3467
{
3466
{
3468
  *rparam_len = MIN(*rparam_len,mprcnt);
3467
  *rparam_len = MIN(*rparam_len,mprcnt);
3469
  *rparam = REALLOC(*rparam,*rparam_len);
3468
  *rparam = SMB_REALLOC_LIMIT(*rparam,*rparam_len);
3470
3469
3471
  *rdata_len = 0;
3470
  *rdata_len = 0;
3472
3471
Lines 3488-3494 Link Here
3488
			    int *rdata_len,int *rparam_len)
3487
			    int *rdata_len,int *rparam_len)
3489
{
3488
{
3490
  *rparam_len = 4;
3489
  *rparam_len = 4;
3491
  *rparam = REALLOC(*rparam,*rparam_len);
3490
  *rparam = SMB_REALLOC_LIMIT(*rparam,*rparam_len);
3492
3491
3493
  *rdata_len = 0;
3492
  *rdata_len = 0;
3494
3493
Lines 3595-3605 Link Here
3595
		  return ERROR_NT(NT_STATUS_ACCESS_DENIED);
3594
		  return ERROR_NT(NT_STATUS_ACCESS_DENIED);
3596
  }
3595
  }
3597
3596
3598
  rdata = (char *)malloc(1024);
3597
  rdata = (char *)SMB_MALLOC(1024);
3599
  if (rdata)
3598
  if (rdata)
3600
    memset(rdata,'\0',1024);
3599
    memset(rdata,'\0',1024);
3601
3600
3602
  rparam = (char *)malloc(1024);
3601
  rparam = (char *)SMB_MALLOC(1024);
3603
  if (rparam)
3602
  if (rparam)
3604
    memset(rparam,'\0',1024);
3603
    memset(rparam,'\0',1024);
3605
3604
(-)samba-3.0.9-orig/source/smbd/mangle_hash2.c (-6 / +12 lines)
Lines 153-165 Link Here
153
 */
153
 */
154
static BOOL cache_init(void)
154
static BOOL cache_init(void)
155
{
155
{
156
	if (prefix_cache) return True;
156
	if (prefix_cache) {
157
		return True;
158
	}
157
159
158
	prefix_cache = calloc(MANGLE_CACHE_SIZE, sizeof(char *));
160
	prefix_cache = SMB_CALLOC_ARRAY(char *,MANGLE_CACHE_SIZE);
159
	if (!prefix_cache) return False;
161
	if (!prefix_cache) {
162
		return False;
163
	}
160
164
161
	prefix_cache_hashes = calloc(MANGLE_CACHE_SIZE, sizeof(u32));
165
	prefix_cache_hashes = SMB_CALLOC_ARRAY(u32, MANGLE_CACHE_SIZE);
162
	if (!prefix_cache_hashes) return False;
166
	if (!prefix_cache_hashes) {
167
		return False;
168
	}
163
169
164
	return True;
170
	return True;
165
}
171
}
Lines 175-181 Link Here
175
		free(prefix_cache[i]);
181
		free(prefix_cache[i]);
176
	}
182
	}
177
183
178
	prefix_cache[i] = strndup(prefix, length);
184
	prefix_cache[i] = SMB_STRNDUP(prefix, length);
179
	prefix_cache_hashes[i] = hash;
185
	prefix_cache_hashes[i] = hash;
180
}
186
}
181
187
(-)samba-3.0.9-orig/source/smbd/mangle_hash.c (-2 / +2 lines)
Lines 476-482 Link Here
476
	if(data_val.dptr == NULL || data_val.dsize == 0) {
476
	if(data_val.dptr == NULL || data_val.dsize == 0) {
477
		ext_start = strrchr( s, '.' );
477
		ext_start = strrchr( s, '.' );
478
		if( ext_start ) {
478
		if( ext_start ) {
479
			if((saved_ext = strdup(ext_start)) == NULL)
479
			if((saved_ext = SMB_STRDUP(ext_start)) == NULL)
480
				return False;
480
				return False;
481
481
482
			*ext_start = '\0';
482
			*ext_start = '\0';
Lines 624-630 Link Here
624
624
625
		/* mangle it into 8.3 */
625
		/* mangle it into 8.3 */
626
		if (cache83)
626
		if (cache83)
627
			tmp = strdup(OutName);
627
			tmp = SMB_STRDUP(OutName);
628
628
629
		to_8_3(OutName, default_case);
629
		to_8_3(OutName, default_case);
630
630
(-)samba-3.0.9-orig/source/smbd/msdfs.c (-7 / +6 lines)
Lines 189-195 Link Here
189
189
190
	DEBUG(10,("parse_symlink: count=%d\n", count));
190
	DEBUG(10,("parse_symlink: count=%d\n", count));
191
191
192
	reflist = *preflist = (struct referral*) malloc(count * sizeof(struct referral));
192
	reflist = *preflist = SMB_MALLOC_ARRAY(struct referral, count);
193
	if(reflist == NULL) {
193
	if(reflist == NULL) {
194
		DEBUG(0,("parse_symlink: Malloc failed!\n"));
194
		DEBUG(0,("parse_symlink: Malloc failed!\n"));
195
		return False;
195
		return False;
Lines 417-423 Link Here
417
		*self_referralp = True;
417
		*self_referralp = True;
418
418
419
	jucn->referral_count = 1;
419
	jucn->referral_count = 1;
420
	if((ref = (struct referral*) malloc(sizeof(struct referral))) == NULL) {
420
	if((ref = SMB_MALLOC_P(struct referral)) == NULL) {
421
		DEBUG(0,("self_ref: malloc failed for referral\n"));
421
		DEBUG(0,("self_ref: malloc failed for referral\n"));
422
		return False;
422
		return False;
423
	}
423
	}
Lines 503-509 Link Here
503
					self_referralp);
503
					self_referralp);
504
504
505
		jucn->referral_count = 1;
505
		jucn->referral_count = 1;
506
		if ((ref = (struct referral*) malloc(sizeof(struct referral))) == NULL) {
506
		if ((ref = SMB_MALLOC_P(struct referral)) == NULL) {
507
			DEBUG(0, ("malloc failed for referral\n"));
507
			DEBUG(0, ("malloc failed for referral\n"));
508
			goto out;
508
			goto out;
509
		}
509
		}
Lines 595-601 Link Here
595
	/* add the unexplained 0x16 bytes */
595
	/* add the unexplained 0x16 bytes */
596
	reply_size += 0x16;
596
	reply_size += 0x16;
597
597
598
	pdata = Realloc(pdata,reply_size);
598
	pdata = SMB_REALLOC(pdata,reply_size);
599
	if(pdata == NULL) {
599
	if(pdata == NULL) {
600
		DEBUG(0,("malloc failed for Realloc!\n"));
600
		DEBUG(0,("malloc failed for Realloc!\n"));
601
		return -1;
601
		return -1;
Lines 676-682 Link Here
676
		reply_size += (strlen(junction->referral_list[i].alternate_path)+1)*2;
676
		reply_size += (strlen(junction->referral_list[i].alternate_path)+1)*2;
677
	}
677
	}
678
678
679
	pdata = Realloc(pdata,reply_size);
679
	pdata = SMB_REALLOC(pdata,reply_size);
680
	if(pdata == NULL) {
680
	if(pdata == NULL) {
681
		DEBUG(0,("version3 referral setup: malloc failed for Realloc!\n"));
681
		DEBUG(0,("version3 referral setup: malloc failed for Realloc!\n"));
682
		return -1;
682
		return -1;
Lines 962-969 Link Here
962
	jucn[cnt].volume_name[0] = '\0';
962
	jucn[cnt].volume_name[0] = '\0';
963
	jucn[cnt].referral_count = 1;
963
	jucn[cnt].referral_count = 1;
964
964
965
	ref = jucn[cnt].referral_list
965
	ref = jucn[cnt].referral_list = SMB_MALLOC_P(struct referral);
966
		= (struct referral*) malloc(sizeof(struct referral));
967
	if (jucn[cnt].referral_list == NULL) {
966
	if (jucn[cnt].referral_list == NULL) {
968
		DEBUG(0, ("Malloc failed!\n"));
967
		DEBUG(0, ("Malloc failed!\n"));
969
		goto out;
968
		goto out;
(-)samba-3.0.9-orig/source/smbd/notify.c (-1 / +1 lines)
Lines 178-184 Link Here
178
{
178
{
179
	struct change_notify *cnbp;
179
	struct change_notify *cnbp;
180
180
181
	if((cnbp = (struct change_notify *)malloc(sizeof(*cnbp))) == NULL) {
181
	if((cnbp = SMB_MALLOC_P(struct change_notify)) == NULL) {
182
		DEBUG(0,("change_notify_set: malloc fail !\n" ));
182
		DEBUG(0,("change_notify_set: malloc fail !\n" ));
183
		return -1;
183
		return -1;
184
	}
184
	}
(-)samba-3.0.9-orig/source/smbd/ntquotas.c (-3 / +3 lines)
Lines 199-212 Link Here
199
		DEBUG(15,("quota entry for id[%s] path[%s]\n",
199
		DEBUG(15,("quota entry for id[%s] path[%s]\n",
200
			sid_string_static(&sid),fsp->conn->connectpath));
200
			sid_string_static(&sid),fsp->conn->connectpath));
201
201
202
		if ((tmp_list_ent=(SMB_NTQUOTA_LIST *)talloc_zero(mem_ctx,sizeof(SMB_NTQUOTA_LIST)))==NULL) {
202
		if ((tmp_list_ent=TALLOC_ZERO_P(mem_ctx,SMB_NTQUOTA_LIST))==NULL) {
203
			DEBUG(0,("talloc_zero() failed\n"));
203
			DEBUG(0,("talloc_zero() failed\n"));
204
			*qt_list = NULL;
204
			*qt_list = NULL;
205
			talloc_destroy(mem_ctx);
205
			talloc_destroy(mem_ctx);
206
			return (-1);
206
			return (-1);
207
		}
207
		}
208
208
209
		if ((tmp_list_ent->quotas=(SMB_NTQUOTA_STRUCT *)talloc_zero(mem_ctx,sizeof(SMB_NTQUOTA_STRUCT)))==NULL) {
209
		if ((tmp_list_ent->quotas=TALLOC_ZERO_P(mem_ctx,SMB_NTQUOTA_STRUCT))==NULL) {
210
			DEBUG(0,("talloc_zero() failed\n"));
210
			DEBUG(0,("talloc_zero() failed\n"));
211
			*qt_list = NULL;
211
			*qt_list = NULL;
212
			talloc_destroy(mem_ctx);
212
			talloc_destroy(mem_ctx);
Lines 232-238 Link Here
232
	if (!mem_ctx)
232
	if (!mem_ctx)
233
		return False;
233
		return False;
234
234
235
	qt_handle = (SMB_NTQUOTA_HANDLE *)talloc_zero(mem_ctx,sizeof(SMB_NTQUOTA_HANDLE));
235
	qt_handle = TALLOC_ZERO_P(mem_ctx,SMB_NTQUOTA_HANDLE);
236
	if (qt_handle==NULL) {
236
	if (qt_handle==NULL) {
237
		DEBUG(0,("talloc_zero() failed\n"));
237
		DEBUG(0,("talloc_zero() failed\n"));
238
		return NULL;
238
		return NULL;
(-)samba-3.0.9-orig/source/smbd/nttrans.c (-5 / +16 lines)
Lines 58-68 Link Here
58
	if (ptr==NULL)
58
	if (ptr==NULL)
59
		smb_panic("nttrans_realloc() called with NULL ptr\n");
59
		smb_panic("nttrans_realloc() called with NULL ptr\n");
60
		
60
		
61
	tptr = Realloc_zero(*ptr, size);
61
	tptr = SMB_REALLOC(*ptr, size);
62
	if(tptr == NULL) {
62
	if(tptr == NULL) {
63
		*ptr = NULL;
63
		*ptr = NULL;
64
		return NULL;
64
		return NULL;
65
	}
65
	}
66
	memset(tptr,'\0',size);
66
67
67
	*ptr = tptr;
68
	*ptr = tptr;
68
69
Lines 2141-2147 Link Here
2141
			return ERROR_NT(NT_STATUS_NO_MEMORY);
2142
			return ERROR_NT(NT_STATUS_NO_MEMORY);
2142
		}
2143
		}
2143
2144
2144
		shadow_data = (SHADOW_COPY_DATA *)talloc_zero(shadow_mem_ctx,sizeof(SHADOW_COPY_DATA));
2145
		shadow_data = TALLOC_ZERO_P(shadow_mem_ctx,SHADOW_COPY_DATA);
2145
		if (shadow_data == NULL) {
2146
		if (shadow_data == NULL) {
2146
			DEBUG(0,("talloc_zero() failed!\n"));
2147
			DEBUG(0,("talloc_zero() failed!\n"));
2147
			return ERROR_NT(NT_STATUS_NO_MEMORY);
2148
			return ERROR_NT(NT_STATUS_NO_MEMORY);
Lines 2452-2457 Link Here
2452
			}
2453
			}
2453
2454
2454
			sid_len = IVAL(pdata,4);
2455
			sid_len = IVAL(pdata,4);
2456
			/* Ensure this is less than 1mb. */
2457
			if (sid_len > (1024*1024)) {
2458
				return ERROR_DOS(ERRDOS,ERRnomem);
2459
			}
2455
2460
2456
			if (data_count < 8+sid_len) {
2461
			if (data_count < 8+sid_len) {
2457
				DEBUG(0,("TRANSACT_GET_USER_QUOTA_FOR_SID: requires %d >= %lu bytes data\n",data_count,(unsigned long)(8+sid_len)));
2462
				DEBUG(0,("TRANSACT_GET_USER_QUOTA_FOR_SID: requires %d >= %lu bytes data\n",data_count,(unsigned long)(8+sid_len)));
Lines 2707-2720 Link Here
2707
		goto bad_param;
2712
		goto bad_param;
2708
	}
2713
	}
2709
    
2714
    
2715
	/* Don't allow more than 128mb for each value. */
2716
	if ((total_parameter_count > (1024*1024*128)) || (total_data_count > (1024*1024*128))) {
2717
		END_PROFILE(SMBnttrans);
2718
		return ERROR_DOS(ERRDOS,ERRnomem);
2719
	}
2720
2710
	/* Allocate the space for the setup, the maximum needed parameters and data */
2721
	/* Allocate the space for the setup, the maximum needed parameters and data */
2711
2722
2712
	if(setup_count > 0)
2723
	if(setup_count > 0)
2713
		setup = (char *)malloc(setup_count);
2724
		setup = (char *)SMB_MALLOC(setup_count);
2714
	if (total_parameter_count > 0)
2725
	if (total_parameter_count > 0)
2715
		params = (char *)malloc(total_parameter_count);
2726
		params = (char *)SMB_MALLOC(total_parameter_count);
2716
	if (total_data_count > 0)
2727
	if (total_data_count > 0)
2717
		data = (char *)malloc(total_data_count);
2728
		data = (char *)SMB_MALLOC(total_data_count);
2718
 
2729
 
2719
	if ((total_parameter_count && !params)  || (total_data_count && !data) ||
2730
	if ((total_parameter_count && !params)  || (total_data_count && !data) ||
2720
				(setup_count && !setup)) {
2731
				(setup_count && !setup)) {
(-)samba-3.0.9-orig/source/smbd/open.c (-1 / +1 lines)
Lines 681-687 Link Here
681
					return -1;
681
					return -1;
682
				}
682
				}
683
				
683
				
684
				broken_entry = malloc(sizeof(struct share_mode_entry_list));
684
				broken_entry = SMB_MALLOC_P(struct share_mode_entry_list);
685
				if (!broken_entry) {
685
				if (!broken_entry) {
686
					smb_panic("open_mode_check: malloc fail.\n");
686
					smb_panic("open_mode_check: malloc fail.\n");
687
				}
687
				}
(-)samba-3.0.9-orig/source/smbd/oplock.c (-2 / +2 lines)
Lines 740-751 Link Here
740
	 * messages crossing on the wire.
740
	 * messages crossing on the wire.
741
	 */
741
	 */
742
742
743
	if((inbuf = (char *)malloc(BUFFER_SIZE + LARGE_WRITEX_HDR_SIZE + SAFETY_MARGIN))==NULL) {
743
	if((inbuf = (char *)SMB_MALLOC(BUFFER_SIZE + LARGE_WRITEX_HDR_SIZE + SAFETY_MARGIN))==NULL) {
744
		DEBUG(0,("oplock_break: malloc fail for input buffer.\n"));
744
		DEBUG(0,("oplock_break: malloc fail for input buffer.\n"));
745
		return False;
745
		return False;
746
	}
746
	}
747
747
748
	if((outbuf = (char *)malloc(BUFFER_SIZE + LARGE_WRITEX_HDR_SIZE + SAFETY_MARGIN))==NULL) {
748
	if((outbuf = (char *)SMB_MALLOC(BUFFER_SIZE + LARGE_WRITEX_HDR_SIZE + SAFETY_MARGIN))==NULL) {
749
		DEBUG(0,("oplock_break: malloc fail for output buffer.\n"));
749
		DEBUG(0,("oplock_break: malloc fail for output buffer.\n"));
750
		SAFE_FREE(inbuf);
750
		SAFE_FREE(inbuf);
751
		return False;
751
		return False;
(-)samba-3.0.9-orig/source/smbd/password.c (-4 / +4 lines)
Lines 139-145 Link Here
139
		return UID_FIELD_INVALID;
139
		return UID_FIELD_INVALID;
140
	}
140
	}
141
141
142
	if((vuser = (user_struct *)malloc( sizeof(user_struct) )) == NULL) {
142
	if((vuser = SMB_MALLOC_P(user_struct)) == NULL) {
143
		DEBUG(0,("Failed to malloc users struct!\n"));
143
		DEBUG(0,("Failed to malloc users struct!\n"));
144
		data_blob_free(&session_key);
144
		data_blob_free(&session_key);
145
		return UID_FIELD_INVALID;
145
		return UID_FIELD_INVALID;
Lines 316-322 Link Here
316
			DEBUG(3,("add_session_user: session userlist already too large.\n"));
316
			DEBUG(3,("add_session_user: session userlist already too large.\n"));
317
			return;
317
			return;
318
		}
318
		}
319
		newlist = Realloc( session_userlist, len_session_userlist + PSTRING_LEN );
319
		newlist = SMB_REALLOC( session_userlist, len_session_userlist + PSTRING_LEN );
320
		if( newlist == NULL ) {
320
		if( newlist == NULL ) {
321
			DEBUG(1,("Unable to resize session_userlist\n"));
321
			DEBUG(1,("Unable to resize session_userlist\n"));
322
			return;
322
			return;
Lines 498-506 Link Here
498
		char *user_list = NULL;
498
		char *user_list = NULL;
499
499
500
		if ( session_userlist )
500
		if ( session_userlist )
501
			user_list = strdup(session_userlist);
501
			user_list = SMB_STRDUP(session_userlist);
502
		else
502
		else
503
			user_list = strdup("");
503
			user_list = SMB_STRDUP("");
504
504
505
		if (!user_list)
505
		if (!user_list)
506
			return(False);
506
			return(False);
(-)samba-3.0.9-orig/source/smbd/posix_acls.c (-13 / +16 lines)
Lines 166-172 Link Here
166
166
167
	*store_size = PAI_ENTRIES_BASE + ((num_entries + num_def_entries)*PAI_ENTRY_LENGTH);
167
	*store_size = PAI_ENTRIES_BASE + ((num_entries + num_def_entries)*PAI_ENTRY_LENGTH);
168
168
169
	pai_buf = malloc(*store_size);
169
	pai_buf = SMB_MALLOC(*store_size);
170
	if (!pai_buf) {
170
	if (!pai_buf) {
171
		return NULL;
171
		return NULL;
172
	}
172
	}
Lines 343-349 Link Here
343
	if (!check_pai_ok(buf, size))
343
	if (!check_pai_ok(buf, size))
344
		return NULL;
344
		return NULL;
345
345
346
	paiv = malloc(sizeof(struct pai_val));
346
	paiv = SMB_MALLOC_P(struct pai_val);
347
	if (!paiv)
347
	if (!paiv)
348
		return NULL;
348
		return NULL;
349
349
Lines 362-368 Link Here
362
	for (i = 0; i < paiv->num_entries; i++) {
362
	for (i = 0; i < paiv->num_entries; i++) {
363
		struct pai_entry *paie;
363
		struct pai_entry *paie;
364
364
365
		paie = malloc(sizeof(struct pai_entry));
365
		paie = SMB_MALLOC_P(struct pai_entry);
366
		if (!paie) {
366
		if (!paie) {
367
			free_inherited_info(paiv);
367
			free_inherited_info(paiv);
368
			return NULL;
368
			return NULL;
Lines 393-399 Link Here
393
	for (i = 0; i < paiv->num_def_entries; i++) {
393
	for (i = 0; i < paiv->num_def_entries; i++) {
394
		struct pai_entry *paie;
394
		struct pai_entry *paie;
395
395
396
		paie = malloc(sizeof(struct pai_entry));
396
		paie = SMB_MALLOC_P(struct pai_entry);
397
		if (!paie) {
397
		if (!paie) {
398
			free_inherited_info(paiv);
398
			free_inherited_info(paiv);
399
			return NULL;
399
			return NULL;
Lines 438-444 Link Here
438
	if (!lp_map_acl_inherit(SNUM(fsp->conn)))
438
	if (!lp_map_acl_inherit(SNUM(fsp->conn)))
439
		return NULL;
439
		return NULL;
440
440
441
	if ((pai_buf = malloc(pai_buf_size)) == NULL)
441
	if ((pai_buf = SMB_MALLOC(pai_buf_size)) == NULL)
442
		return NULL;
442
		return NULL;
443
443
444
	do {
444
	do {
Lines 456-462 Link Here
456
			/* Buffer too small - enlarge it. */
456
			/* Buffer too small - enlarge it. */
457
			pai_buf_size *= 2;
457
			pai_buf_size *= 2;
458
			SAFE_FREE(pai_buf);
458
			SAFE_FREE(pai_buf);
459
			if ((pai_buf = malloc(pai_buf_size)) == NULL)
459
			if (pai_buf_size > 1024*1024) {
460
				return NULL; /* Limit malloc to 1mb. */
461
			}
462
			if ((pai_buf = SMB_MALLOC(pai_buf_size)) == NULL)
460
				return NULL;
463
				return NULL;
461
		}
464
		}
462
	} while (ret == -1);
465
	} while (ret == -1);
Lines 523-529 Link Here
523
526
524
static canon_ace *dup_canon_ace( canon_ace *src_ace)
527
static canon_ace *dup_canon_ace( canon_ace *src_ace)
525
{
528
{
526
	canon_ace *dst_ace = (canon_ace *)malloc(sizeof(canon_ace));
529
	canon_ace *dst_ace = SMB_MALLOC_P(canon_ace);
527
530
528
	if (dst_ace == NULL)
531
	if (dst_ace == NULL)
529
		return NULL;
532
		return NULL;
Lines 1083-1089 Link Here
1083
	}
1086
	}
1084
1087
1085
	if (!got_user) {
1088
	if (!got_user) {
1086
		if ((pace = (canon_ace *)malloc(sizeof(canon_ace))) == NULL) {
1089
		if ((pace = SMB_MALLOC_P(canon_ace)) == NULL) {
1087
			DEBUG(0,("ensure_canon_entry_valid: malloc fail.\n"));
1090
			DEBUG(0,("ensure_canon_entry_valid: malloc fail.\n"));
1088
			return False;
1091
			return False;
1089
		}
1092
		}
Lines 1113-1119 Link Here
1113
	}
1116
	}
1114
1117
1115
	if (!got_grp) {
1118
	if (!got_grp) {
1116
		if ((pace = (canon_ace *)malloc(sizeof(canon_ace))) == NULL) {
1119
		if ((pace = SMB_MALLOC_P(canon_ace)) == NULL) {
1117
			DEBUG(0,("ensure_canon_entry_valid: malloc fail.\n"));
1120
			DEBUG(0,("ensure_canon_entry_valid: malloc fail.\n"));
1118
			return False;
1121
			return False;
1119
		}
1122
		}
Lines 1139-1145 Link Here
1139
	}
1142
	}
1140
1143
1141
	if (!got_other) {
1144
	if (!got_other) {
1142
		if ((pace = (canon_ace *)malloc(sizeof(canon_ace))) == NULL) {
1145
		if ((pace = SMB_MALLOC_P(canon_ace)) == NULL) {
1143
			DEBUG(0,("ensure_canon_entry_valid: malloc fail.\n"));
1146
			DEBUG(0,("ensure_canon_entry_valid: malloc fail.\n"));
1144
			return False;
1147
			return False;
1145
		}
1148
		}
Lines 1323-1329 Link Here
1323
		 * Create a cannon_ace entry representing this NT DACL ACE.
1326
		 * Create a cannon_ace entry representing this NT DACL ACE.
1324
		 */
1327
		 */
1325
1328
1326
		if ((current_ace = (canon_ace *)malloc(sizeof(canon_ace))) == NULL) {
1329
		if ((current_ace = SMB_MALLOC_P(canon_ace)) == NULL) {
1327
			free_canon_ace_list(file_ace);
1330
			free_canon_ace_list(file_ace);
1328
			free_canon_ace_list(dir_ace);
1331
			free_canon_ace_list(dir_ace);
1329
			DEBUG(0,("create_canon_ace_lists: malloc fail.\n"));
1332
			DEBUG(0,("create_canon_ace_lists: malloc fail.\n"));
Lines 2161-2167 Link Here
2161
		 * Add this entry to the list.
2164
		 * Add this entry to the list.
2162
		 */
2165
		 */
2163
2166
2164
		if ((ace = (canon_ace *)malloc(sizeof(canon_ace))) == NULL)
2167
		if ((ace = SMB_MALLOC_P(canon_ace)) == NULL)
2165
			goto fail;
2168
			goto fail;
2166
2169
2167
		ZERO_STRUCTP(ace);
2170
		ZERO_STRUCTP(ace);
Lines 2793-2799 Link Here
2793
			num_dir_acls = count_canon_ace_list(dir_ace);
2796
			num_dir_acls = count_canon_ace_list(dir_ace);
2794
2797
2795
			/* Allocate the ace list. */
2798
			/* Allocate the ace list. */
2796
			if ((nt_ace_list = (SEC_ACE *)malloc((num_acls + num_profile_acls + num_dir_acls)* sizeof(SEC_ACE))) == NULL) {
2799
			if ((nt_ace_list = SMB_MALLOC_ARRAY(SEC_ACE, num_acls + num_profile_acls + num_dir_acls)) == NULL) {
2797
				DEBUG(0,("get_nt_acl: Unable to malloc space for nt_ace_list.\n"));
2800
				DEBUG(0,("get_nt_acl: Unable to malloc space for nt_ace_list.\n"));
2798
				goto done;
2801
				goto done;
2799
			}
2802
			}
(-)samba-3.0.9-orig/source/smbd/process.c (-4 / +3 lines)
Lines 85-92 Link Here
85
static BOOL push_queued_message(enum q_type qt, char *buf, int msg_len, struct timeval *ptv, char *private, size_t private_len)
85
static BOOL push_queued_message(enum q_type qt, char *buf, int msg_len, struct timeval *ptv, char *private, size_t private_len)
86
{
86
{
87
	struct pending_message_list *tmp_msg;
87
	struct pending_message_list *tmp_msg;
88
	struct pending_message_list *msg = (struct pending_message_list *)
88
	struct pending_message_list *msg = SMB_MALLOC_P(struct pending_message_list);
89
                               malloc(sizeof(struct pending_message_list));
90
89
91
	if(msg == NULL) {
90
	if(msg == NULL) {
92
		DEBUG(0,("push_message: malloc fail (1)\n"));
91
		DEBUG(0,("push_message: malloc fail (1)\n"));
Lines 1498-1505 Link Here
1498
	unsigned int num_smbs = 0;
1497
	unsigned int num_smbs = 0;
1499
	const size_t total_buffer_size = BUFFER_SIZE + LARGE_WRITEX_HDR_SIZE + SAFETY_MARGIN;
1498
	const size_t total_buffer_size = BUFFER_SIZE + LARGE_WRITEX_HDR_SIZE + SAFETY_MARGIN;
1500
1499
1501
	InBuffer = (char *)malloc(total_buffer_size);
1500
	InBuffer = (char *)SMB_MALLOC(total_buffer_size);
1502
	OutBuffer = (char *)malloc(total_buffer_size);
1501
	OutBuffer = (char *)SMB_MALLOC(total_buffer_size);
1503
	if ((InBuffer == NULL) || (OutBuffer == NULL)) 
1502
	if ((InBuffer == NULL) || (OutBuffer == NULL)) 
1504
		return;
1503
		return;
1505
1504
(-)samba-3.0.9-orig/source/smbd/reply.c (-2 / +2 lines)
Lines 900-906 Link Here
900
				END_PROFILE(SMBsearch);
900
				END_PROFILE(SMBsearch);
901
				return ERROR_DOS(ERRDOS,ERRnofids);
901
				return ERROR_DOS(ERRDOS,ERRnofids);
902
			}
902
			}
903
			dptr_set_wcard(dptr_num, strdup(mask));
903
			dptr_set_wcard(dptr_num, SMB_STRDUP(mask));
904
			dptr_set_attr(dptr_num, dirtype);
904
			dptr_set_attr(dptr_num, dirtype);
905
		} else {
905
		} else {
906
			dirtype = dptr_attr(dptr_num);
906
			dirtype = dptr_attr(dptr_num);
Lines 4884-4890 Link Here
4884
		if(fsp->wbmpx_ptr != NULL)
4884
		if(fsp->wbmpx_ptr != NULL)
4885
			wbms = fsp->wbmpx_ptr; /* Use an existing struct */
4885
			wbms = fsp->wbmpx_ptr; /* Use an existing struct */
4886
		else
4886
		else
4887
			wbms = (write_bmpx_struct *)malloc(sizeof(write_bmpx_struct));
4887
			wbms = SMB_MALLOC_P(write_bmpx_struct);
4888
		if(!wbms) {
4888
		if(!wbms) {
4889
			DEBUG(0,("Out of memory in reply_readmpx\n"));
4889
			DEBUG(0,("Out of memory in reply_readmpx\n"));
4890
			END_PROFILE(SMBwriteBmpx);
4890
			END_PROFILE(SMBwriteBmpx);
(-)samba-3.0.9-orig/source/smbd/sec_ctx.c (-2 / +2 lines)
Lines 154-160 Link Here
154
		goto fail;
154
		goto fail;
155
	}
155
	}
156
156
157
	if((groups = (gid_t *)malloc(sizeof(gid_t)*(ngroups+1))) == NULL) {
157
	if((groups = SMB_MALLOC_ARRAY(gid_t, ngroups+1)) == NULL) {
158
		DEBUG(0,("setup_groups malloc fail !\n"));
158
		DEBUG(0,("setup_groups malloc fail !\n"));
159
		goto fail;
159
		goto fail;
160
	}
160
	}
Lines 260-266 Link Here
260
	ctx_p->ngroups = sys_getgroups(0, NULL);
260
	ctx_p->ngroups = sys_getgroups(0, NULL);
261
261
262
	if (ctx_p->ngroups != 0) {
262
	if (ctx_p->ngroups != 0) {
263
		if (!(ctx_p->groups = malloc(ctx_p->ngroups * sizeof(gid_t)))) {
263
		if (!(ctx_p->groups = SMB_MALLOC_ARRAY(gid_t, ctx_p->ngroups))) {
264
			DEBUG(0, ("Out of memory in push_sec_ctx()\n"));
264
			DEBUG(0, ("Out of memory in push_sec_ctx()\n"));
265
			delete_nt_token(&ctx_p->token);
265
			delete_nt_token(&ctx_p->token);
266
			return False;
266
			return False;
(-)samba-3.0.9-orig/source/smbd/session.c (-3 / +3 lines)
Lines 151-157 Link Here
151
			       sessionid.id_str, sessionid.id_num);
151
			       sessionid.id_str, sessionid.id_num);
152
	}
152
	}
153
153
154
	vuser->session_keystr = strdup(keystr);
154
	vuser->session_keystr = SMB_STRDUP(keystr);
155
	if (!vuser->session_keystr) {
155
	if (!vuser->session_keystr) {
156
		DEBUG(0, ("session_claim:  strdup() failed for session_keystr\n"));
156
		DEBUG(0, ("session_claim:  strdup() failed for session_keystr\n"));
157
		return False;
157
		return False;
Lines 221-228 Link Here
221
	const struct sessionid *current = (const struct sessionid *) dbuf.dptr;
221
	const struct sessionid *current = (const struct sessionid *) dbuf.dptr;
222
222
223
	sesslist->count += 1;
223
	sesslist->count += 1;
224
	sesslist->sessions = REALLOC(sesslist->sessions, sesslist->count * 
224
	sesslist->sessions = SMB_REALLOC_ARRAY(sesslist->sessions, struct sessionid,
225
				      sizeof(struct sessionid));
225
					sesslist->count);
226
226
227
	memcpy(&sesslist->sessions[sesslist->count - 1], current, 
227
	memcpy(&sesslist->sessions[sesslist->count - 1], current, 
228
	       sizeof(struct sessionid));
228
	       sizeof(struct sessionid));
(-)samba-3.0.9-orig/source/smbd/statcache.c (-3 / +3 lines)
Lines 76-82 Link Here
76
	 * translated path.
76
	 * translated path.
77
	 */
77
	 */
78
78
79
	translated_path = strdup(orig_translated_path);
79
	translated_path = SMB_STRDUP(orig_translated_path);
80
	if (!translated_path)
80
	if (!translated_path)
81
		return;
81
		return;
82
82
Lines 88-94 Link Here
88
	}
88
	}
89
89
90
	if(case_sensitive) {
90
	if(case_sensitive) {
91
		original_path = strdup(full_orig_name);
91
		original_path = SMB_STRDUP(full_orig_name);
92
	} else {
92
	} else {
93
		original_path = strdup_upper(full_orig_name);
93
		original_path = strdup_upper(full_orig_name);
94
	}
94
	}
Lines 179-185 Link Here
179
		return False;
179
		return False;
180
180
181
	if (conn->case_sensitive) {
181
	if (conn->case_sensitive) {
182
		chk_name = strdup(name);
182
		chk_name = SMB_STRDUP(name);
183
		if (!chk_name) {
183
		if (!chk_name) {
184
			DEBUG(0, ("stat_cache_lookup: strdup failed!\n"));
184
			DEBUG(0, ("stat_cache_lookup: strdup failed!\n"));
185
			return False;
185
			return False;
(-)samba-3.0.9-orig/source/smbd/trans2.c (-20 / +20 lines)
Lines 115-121 Link Here
115
115
116
 again:
116
 again:
117
117
118
	val = talloc_realloc(mem_ctx, val, attr_size);
118
	val = TALLOC_REALLOC_ARRAY(mem_ctx, val, char, attr_size);
119
	if (!val) {
119
	if (!val) {
120
		return False;
120
		return False;
121
	}
121
	}
Lines 169-176 Link Here
169
		return NULL;
169
		return NULL;
170
	}
170
	}
171
171
172
	for (i = 0, ea_namelist = talloc(mem_ctx, ea_namelist_size); i < 6;
172
	for (i = 0, ea_namelist = TALLOC(mem_ctx, ea_namelist_size); i < 6;
173
			ea_namelist = talloc_realloc(mem_ctx, ea_namelist, ea_namelist_size), i++) {
173
			ea_namelist = TALLOC_REALLOC_ARRAY(mem_ctx, ea_namelist, char, ea_namelist_size), i++) {
174
		if (fsp && fsp->fd != -1) {
174
		if (fsp && fsp->fd != -1) {
175
			sizeret = SMB_VFS_FLISTXATTR(fsp, fsp->fd, ea_namelist, ea_namelist_size);
175
			sizeret = SMB_VFS_FLISTXATTR(fsp, fsp->fd, ea_namelist, ea_namelist_size);
176
		} else {
176
		} else {
Lines 196-202 Link Here
196
			if (strnequal(p, "system.", 7) || samba_private_attr_name(p))
196
			if (strnequal(p, "system.", 7) || samba_private_attr_name(p))
197
				continue;
197
				continue;
198
		
198
		
199
			listp = talloc(mem_ctx, sizeof(struct ea_list));
199
			listp = TALLOC_P(mem_ctx, struct ea_list);
200
			if (!listp)
200
			if (!listp)
201
				return NULL;
201
				return NULL;
202
202
Lines 671-677 Link Here
671
	}
671
	}
672
672
673
	/* Realloc the size of parameters and data we will return */
673
	/* Realloc the size of parameters and data we will return */
674
	params = Realloc(*pparams, 28);
674
	params = SMB_REALLOC(*pparams, 28);
675
	if( params == NULL )
675
	if( params == NULL )
676
		return(ERROR_DOS(ERRDOS,ERRnomem));
676
		return(ERROR_DOS(ERRDOS,ERRnomem));
677
	*pparams = params;
677
	*pparams = params;
Lines 1411-1417 Link Here
1411
1411
1412
	DEBUG(5,("dir=%s, mask = %s\n",directory, mask));
1412
	DEBUG(5,("dir=%s, mask = %s\n",directory, mask));
1413
1413
1414
	pdata = Realloc(*ppdata, max_data_bytes + DIR_ENTRY_SAFETY_MARGIN);
1414
	pdata = SMB_REALLOC(*ppdata, max_data_bytes + DIR_ENTRY_SAFETY_MARGIN);
1415
	if( pdata == NULL )
1415
	if( pdata == NULL )
1416
		return(ERROR_DOS(ERRDOS,ERRnomem));
1416
		return(ERROR_DOS(ERRDOS,ERRnomem));
1417
1417
Lines 1419-1425 Link Here
1419
	memset((char *)pdata,'\0',max_data_bytes + DIR_ENTRY_SAFETY_MARGIN);
1419
	memset((char *)pdata,'\0',max_data_bytes + DIR_ENTRY_SAFETY_MARGIN);
1420
1420
1421
	/* Realloc the params space */
1421
	/* Realloc the params space */
1422
	params = Realloc(*pparams, 10);
1422
	params = SMB_REALLOC(*pparams, 10);
1423
	if (params == NULL)
1423
	if (params == NULL)
1424
		return ERROR_DOS(ERRDOS,ERRnomem);
1424
		return ERROR_DOS(ERRDOS,ERRnomem);
1425
	*pparams = params;
1425
	*pparams = params;
Lines 1431-1437 Link Here
1431
	/* Save the wildcard match and attribs we are using on this directory - 
1431
	/* Save the wildcard match and attribs we are using on this directory - 
1432
		needed as lanman2 assumes these are being saved between calls */
1432
		needed as lanman2 assumes these are being saved between calls */
1433
1433
1434
	if(!(wcard = strdup(mask))) {
1434
	if(!(wcard = SMB_STRDUP(mask))) {
1435
		dptr_close(&dptr_num);
1435
		dptr_close(&dptr_num);
1436
		return ERROR_DOS(ERRDOS,ERRnomem);
1436
		return ERROR_DOS(ERRDOS,ERRnomem);
1437
	}
1437
	}
Lines 1609-1615 Link Here
1609
			return ERROR_DOS(ERRDOS,ERRunknownlevel);
1609
			return ERROR_DOS(ERRDOS,ERRunknownlevel);
1610
	}
1610
	}
1611
1611
1612
	pdata = Realloc( *ppdata, max_data_bytes + DIR_ENTRY_SAFETY_MARGIN);
1612
	pdata = SMB_REALLOC( *ppdata, max_data_bytes + DIR_ENTRY_SAFETY_MARGIN);
1613
	if(pdata == NULL)
1613
	if(pdata == NULL)
1614
		return ERROR_DOS(ERRDOS,ERRnomem);
1614
		return ERROR_DOS(ERRDOS,ERRnomem);
1615
1615
Lines 1617-1623 Link Here
1617
	memset((char *)pdata,'\0',max_data_bytes + DIR_ENTRY_SAFETY_MARGIN);
1617
	memset((char *)pdata,'\0',max_data_bytes + DIR_ENTRY_SAFETY_MARGIN);
1618
1618
1619
	/* Realloc the params space */
1619
	/* Realloc the params space */
1620
	params = Realloc(*pparams, 6*SIZEOFWORD);
1620
	params = SMB_REALLOC(*pparams, 6*SIZEOFWORD);
1621
	if( params == NULL )
1621
	if( params == NULL )
1622
		return ERROR_DOS(ERRDOS,ERRnomem);
1622
		return ERROR_DOS(ERRDOS,ERRnomem);
1623
1623
Lines 1829-1835 Link Here
1829
		return ERROR_DOS(ERRSRV,ERRinvdevice);
1829
		return ERROR_DOS(ERRSRV,ERRinvdevice);
1830
	}
1830
	}
1831
1831
1832
	pdata = Realloc(*ppdata, max_data_bytes + DIR_ENTRY_SAFETY_MARGIN);
1832
	pdata = SMB_REALLOC(*ppdata, max_data_bytes + DIR_ENTRY_SAFETY_MARGIN);
1833
	if ( pdata == NULL )
1833
	if ( pdata == NULL )
1834
		return ERROR_DOS(ERRDOS,ERRnomem);
1834
		return ERROR_DOS(ERRDOS,ERRnomem);
1835
1835
Lines 2395-2407 Link Here
2395
	if (mode & aDIR)
2395
	if (mode & aDIR)
2396
		file_size = 0;
2396
		file_size = 0;
2397
2397
2398
	params = Realloc(*pparams,2);
2398
	params = SMB_REALLOC(*pparams,2);
2399
	if (params == NULL)
2399
	if (params == NULL)
2400
	  return ERROR_DOS(ERRDOS,ERRnomem);
2400
	  return ERROR_DOS(ERRDOS,ERRnomem);
2401
	*pparams = params;
2401
	*pparams = params;
2402
	memset((char *)params,'\0',2);
2402
	memset((char *)params,'\0',2);
2403
	data_size = max_data_bytes + DIR_ENTRY_SAFETY_MARGIN;
2403
	data_size = max_data_bytes + DIR_ENTRY_SAFETY_MARGIN;
2404
	pdata = Realloc(*ppdata, data_size); 
2404
	pdata = SMB_REALLOC(*ppdata, data_size); 
2405
	if ( pdata == NULL )
2405
	if ( pdata == NULL )
2406
		return ERROR_DOS(ERRDOS,ERRnomem);
2406
		return ERROR_DOS(ERRDOS,ERRnomem);
2407
	*ppdata = pdata;
2407
	*ppdata = pdata;
Lines 3096-3102 Link Here
3096
		tran_call,fname, fsp ? fsp->fnum : -1, info_level,total_data));
3096
		tran_call,fname, fsp ? fsp->fnum : -1, info_level,total_data));
3097
3097
3098
	/* Realloc the parameter and data sizes */
3098
	/* Realloc the parameter and data sizes */
3099
	params = Realloc(*pparams,2);
3099
	params = SMB_REALLOC(*pparams,2);
3100
	if(params == NULL)
3100
	if(params == NULL)
3101
		return ERROR_DOS(ERRDOS,ERRnomem);
3101
		return ERROR_DOS(ERRDOS,ERRnomem);
3102
	*pparams = params;
3102
	*pparams = params;
Lines 3770-3776 Link Here
3770
	}
3770
	}
3771
3771
3772
	/* Realloc the parameter and data sizes */
3772
	/* Realloc the parameter and data sizes */
3773
	params = Realloc(*pparams,2);
3773
	params = SMB_REALLOC(*pparams,2);
3774
	if(params == NULL)
3774
	if(params == NULL)
3775
		return ERROR_DOS(ERRDOS,ERRnomem);
3775
		return ERROR_DOS(ERRDOS,ERRnomem);
3776
	*pparams = params;
3776
	*pparams = params;
Lines 3810-3816 Link Here
3810
	}
3810
	}
3811
3811
3812
	/* Realloc the parameter and data sizes */
3812
	/* Realloc the parameter and data sizes */
3813
	params = Realloc(*pparams,6);
3813
	params = SMB_REALLOC(*pparams,6);
3814
	if(params == NULL) 
3814
	if(params == NULL) 
3815
		return ERROR_DOS(ERRDOS,ERRnomem);
3815
		return ERROR_DOS(ERRDOS,ERRnomem);
3816
	*pparams = params;
3816
	*pparams = params;
Lines 3843-3849 Link Here
3843
	DEBUG(3,("call_trans2findnotifynext\n"));
3843
	DEBUG(3,("call_trans2findnotifynext\n"));
3844
3844
3845
	/* Realloc the parameter and data sizes */
3845
	/* Realloc the parameter and data sizes */
3846
	params = Realloc(*pparams,4);
3846
	params = SMB_REALLOC(*pparams,4);
3847
	if(params == NULL)
3847
	if(params == NULL)
3848
		return ERROR_DOS(ERRDOS,ERRnomem);
3848
		return ERROR_DOS(ERRDOS,ERRnomem);
3849
	*pparams = params;
3849
	*pparams = params;
Lines 3910-3916 Link Here
3910
3910
3911
	if ((SVAL(inbuf,(smb_setup+4)) == LMCAT_SPL) &&
3911
	if ((SVAL(inbuf,(smb_setup+4)) == LMCAT_SPL) &&
3912
			(SVAL(inbuf,(smb_setup+6)) == LMFUNC_GETJOBID)) {
3912
			(SVAL(inbuf,(smb_setup+6)) == LMFUNC_GETJOBID)) {
3913
		pdata = Realloc(*ppdata, 32);
3913
		pdata = SMB_REALLOC(*ppdata, 32);
3914
		if(pdata == NULL)
3914
		if(pdata == NULL)
3915
			return ERROR_DOS(ERRDOS,ERRnomem);
3915
			return ERROR_DOS(ERRDOS,ERRnomem);
3916
		*ppdata = pdata;
3916
		*ppdata = pdata;
Lines 4061-4069 Link Here
4061
    
4061
    
4062
	/* Allocate the space for the maximum needed parameters and data */
4062
	/* Allocate the space for the maximum needed parameters and data */
4063
	if (total_params > 0)
4063
	if (total_params > 0)
4064
		params = (char *)malloc(total_params);
4064
		params = (char *)SMB_MALLOC(total_params);
4065
	if (total_data > 0)
4065
	if (total_data > 0)
4066
		data = (char *)malloc(total_data);
4066
		data = (char *)SMB_MALLOC(total_data);
4067
  
4067
  
4068
	if ((total_params && !params)  || (total_data && !data)) {
4068
	if ((total_params && !params)  || (total_data && !data)) {
4069
		DEBUG(2,("Out of memory in reply_trans2\n"));
4069
		DEBUG(2,("Out of memory in reply_trans2\n"));
(-)samba-3.0.9-orig/source/smbd/vfs.c (-4 / +4 lines)
Lines 185-191 Link Here
185
		return NT_STATUS_OBJECT_NAME_COLLISION;
185
		return NT_STATUS_OBJECT_NAME_COLLISION;
186
	}
186
	}
187
187
188
	entry = smb_xmalloc(sizeof(struct vfs_init_function_entry));
188
	entry = SMB_XMALLOC_P(struct vfs_init_function_entry);
189
	entry->name = smb_xstrdup(name);
189
	entry->name = smb_xstrdup(name);
190
	entry->vfs_op_tuples = vfs_op_tuples;
190
	entry->vfs_op_tuples = vfs_op_tuples;
191
191
Lines 258-264 Link Here
258
		return False;
258
		return False;
259
	}
259
	}
260
260
261
	handle = (vfs_handle_struct *)talloc_zero(conn->mem_ctx,sizeof(vfs_handle_struct));
261
	handle = TALLOC_ZERO_P(conn->mem_ctx,vfs_handle_struct);
262
	if (!handle) {
262
	if (!handle) {
263
		DEBUG(0,("talloc_zero() failed!\n"));
263
		DEBUG(0,("talloc_zero() failed!\n"));
264
		SAFE_FREE(module_name);
264
		SAFE_FREE(module_name);
Lines 681-687 Link Here
681
	if (element == 0)
681
	if (element == 0)
682
		return;
682
		return;
683
683
684
	p = (char *)malloc(elsize);
684
	p = (char *)SMB_MALLOC(elsize);
685
685
686
	if (!p) {
686
	if (!p) {
687
		DEBUG(5,("array_promote: malloc fail\n"));
687
		DEBUG(5,("array_promote: malloc fail\n"));
Lines 876-882 Link Here
876
				pstrcat(tmp_fname, last_component);
876
				pstrcat(tmp_fname, last_component);
877
#ifdef REALPATH_TAKES_NULL
877
#ifdef REALPATH_TAKES_NULL
878
				SAFE_FREE(resolved_name);
878
				SAFE_FREE(resolved_name);
879
				resolved_name = strdup(tmp_fname);
879
				resolved_name = SMB_STRDUP(tmp_fname);
880
				if (!resolved_name) {
880
				if (!resolved_name) {
881
					DEBUG(0,("reduce_name: malloc fail for %s\n", tmp_fname));
881
					DEBUG(0,("reduce_name: malloc fail for %s\n", tmp_fname));
882
					errno = saved_errno;
882
					errno = saved_errno;
(-)samba-3.0.9-orig/source/tdb/tdbback.c (+13 lines)
Lines 40-45 Link Here
40
40
41
#else
41
#else
42
#include "includes.h"
42
#include "includes.h"
43
44
#ifdef malloc
45
#undef malloc
46
#endif
47
                                                                                                                 
48
#ifdef realloc
49
#undef realloc
50
#endif
51
                                                                                                                 
52
#ifdef calloc
53
#undef calloc
54
#endif
55
43
#endif
56
#endif
44
57
45
#include "tdb.h"
58
#include "tdb.h"
(-)samba-3.0.9-orig/source/tdb/tdb.c (+24 lines)
Lines 65-70 Link Here
65
#include "spinlock.h"
65
#include "spinlock.h"
66
#else
66
#else
67
#include "includes.h"
67
#include "includes.h"
68
69
#if defined(PARANOID_MALLOC_CHECKER)
70
#ifdef malloc
71
#undef malloc
72
#endif
73
74
#ifdef realloc
75
#undef realloc
76
#endif
77
78
#ifdef calloc
79
#undef calloc
80
#endif
81
82
#ifdef strdup
83
#undef strdup
84
#endif
85
86
#ifdef strndup
87
#undef strndup
88
#endif
89
90
#endif
91
68
#endif
92
#endif
69
93
70
#define TDB_MAGIC_FOOD "TDB file\n"
94
#define TDB_MAGIC_FOOD "TDB file\n"
(-)samba-3.0.9-orig/source/tdb/tdbutil.c (-3 / +3 lines)
Lines 554-560 Link Here
554
			len += *i;
554
			len += *i;
555
			if (bufsize < len)
555
			if (bufsize < len)
556
				goto no_space;
556
				goto no_space;
557
			*b = (char *)malloc(*i);
557
			*b = (char *)SMB_MALLOC(*i);
558
			if (! *b)
558
			if (! *b)
559
				goto no_space;
559
				goto no_space;
560
			memcpy(*b, buf+4, *i);
560
			memcpy(*b, buf+4, *i);
Lines 778-784 Link Here
778
	
778
	
779
	for (key = tdb_firstkey(tdb); key.dptr; key = next) {
779
	for (key = tdb_firstkey(tdb); key.dptr; key = next) {
780
		/* duplicate key string to ensure null-termination */
780
		/* duplicate key string to ensure null-termination */
781
		char *key_str = (char*) strndup(key.dptr, key.dsize);
781
		char *key_str = (char*) SMB_STRNDUP(key.dptr, key.dsize);
782
		if (!key_str) {
782
		if (!key_str) {
783
			DEBUG(0, ("tdb_search_keys: strndup() failed!\n"));
783
			DEBUG(0, ("tdb_search_keys: strndup() failed!\n"));
784
			smb_panic("strndup failed!\n");
784
			smb_panic("strndup failed!\n");
Lines 790-796 Link Here
790
790
791
		/* do the pattern checking */
791
		/* do the pattern checking */
792
		if (fnmatch(pattern, key_str, 0) == 0) {
792
		if (fnmatch(pattern, key_str, 0) == 0) {
793
			rec = (TDB_LIST_NODE*) malloc(sizeof(*rec));
793
			rec = SMB_MALLOC_P(TDB_LIST_NODE);
794
			ZERO_STRUCTP(rec);
794
			ZERO_STRUCTP(rec);
795
795
796
			rec->node_key = key;
796
			rec->node_key = key;
(-)samba-3.0.9-orig/source/utils/net_ads.c (-3 / +3 lines)
Lines 259-268 Link Here
259
	if (!values) /* must be new field, indicate string field */
259
	if (!values) /* must be new field, indicate string field */
260
		return True;
260
		return True;
261
	if (StrCaseCmp(field, "sAMAccountName") == 0) {
261
	if (StrCaseCmp(field, "sAMAccountName") == 0) {
262
		disp_fields[0] = strdup((char *) values[0]);
262
		disp_fields[0] = SMB_STRDUP((char *) values[0]);
263
	}
263
	}
264
	if (StrCaseCmp(field, "description") == 0)
264
	if (StrCaseCmp(field, "description") == 0)
265
		disp_fields[1] = strdup((char *) values[0]);
265
		disp_fields[1] = SMB_STRDUP((char *) values[0]);
266
	return True;
266
	return True;
267
}
267
}
268
268
Lines 718-724 Link Here
718
	}
718
	}
719
719
720
	tmp_password = generate_random_str(DEFAULT_TRUST_ACCOUNT_PASSWORD_LENGTH);
720
	tmp_password = generate_random_str(DEFAULT_TRUST_ACCOUNT_PASSWORD_LENGTH);
721
	password = strdup(tmp_password);
721
	password = SMB_STRDUP(tmp_password);
722
722
723
	if (!(ads = ads_startup())) {
723
	if (!(ads = ads_startup())) {
724
		return -1;
724
		return -1;
(-)samba-3.0.9-orig/source/utils/net.c (-10 / +10 lines)
Lines 144-150 Link Here
144
	if (!opt_password && !opt_machine_pass) {
144
	if (!opt_password && !opt_machine_pass) {
145
		char *pass = getpass("Password:");
145
		char *pass = getpass("Password:");
146
		if (pass) {
146
		if (pass) {
147
			opt_password = strdup(pass);
147
			opt_password = SMB_STRDUP(pass);
148
		}
148
		}
149
	}
149
	}
150
	
150
	
Lines 221-231 Link Here
221
NTSTATUS connect_pipe(struct cli_state **cli_dst, int pipe_num, BOOL *got_pipe)
221
NTSTATUS connect_pipe(struct cli_state **cli_dst, int pipe_num, BOOL *got_pipe)
222
{
222
{
223
	NTSTATUS nt_status;
223
	NTSTATUS nt_status;
224
	char *server_name = strdup("127.0.0.1");
224
	char *server_name = SMB_STRDUP("127.0.0.1");
225
	struct cli_state *cli_tmp = NULL;
225
	struct cli_state *cli_tmp = NULL;
226
226
227
	if (opt_destination)
227
	if (opt_destination)
228
		server_name = strdup(opt_destination);
228
		server_name = SMB_STRDUP(opt_destination);
229
229
230
	/* make a connection to a named pipe */
230
	/* make a connection to a named pipe */
231
	nt_status = connect_to_ipc(&cli_tmp, NULL, server_name);
231
	nt_status = connect_to_ipc(&cli_tmp, NULL, server_name);
Lines 270-282 Link Here
270
{
270
{
271
271
272
	if (opt_host) {
272
	if (opt_host) {
273
		*server_name = strdup(opt_host);
273
		*server_name = SMB_STRDUP(opt_host);
274
	}		
274
	}		
275
275
276
	if (opt_have_ip) {
276
	if (opt_have_ip) {
277
		*server_ip = opt_dest_ip;
277
		*server_ip = opt_dest_ip;
278
		if (!*server_name) {
278
		if (!*server_name) {
279
			*server_name = strdup(inet_ntoa(opt_dest_ip));
279
			*server_name = SMB_STRDUP(inet_ntoa(opt_dest_ip));
280
		}
280
		}
281
	} else if (*server_name) {
281
	} else if (*server_name) {
282
		/* resolve the IP address */
282
		/* resolve the IP address */
Lines 296-302 Link Here
296
			if ( !name_status_find(opt_target_workgroup, 0x1b, 0x20, pdc_ip, dc_name) )
296
			if ( !name_status_find(opt_target_workgroup, 0x1b, 0x20, pdc_ip, dc_name) )
297
				return False;
297
				return False;
298
				
298
				
299
			*server_name = strdup(dc_name);
299
			*server_name = SMB_STRDUP(dc_name);
300
			*server_ip = pdc_ip;
300
			*server_ip = pdc_ip;
301
		}
301
		}
302
		
302
		
Lines 309-315 Link Here
309
		} else {
309
		} else {
310
			*server_ip = msbrow_ip;
310
			*server_ip = msbrow_ip;
311
		}
311
		}
312
		*server_name = strdup(inet_ntoa(opt_dest_ip));
312
		*server_name = SMB_STRDUP(inet_ntoa(opt_dest_ip));
313
	} else if (flags & NET_FLAGS_MASTER) {
313
	} else if (flags & NET_FLAGS_MASTER) {
314
		struct in_addr brow_ips;
314
		struct in_addr brow_ips;
315
		if (!resolve_name(opt_target_workgroup, &brow_ips, 0x1D))  {
315
		if (!resolve_name(opt_target_workgroup, &brow_ips, 0x1D))  {
Lines 319-329 Link Here
319
		} else {
319
		} else {
320
			*server_ip = brow_ips;
320
			*server_ip = brow_ips;
321
		}
321
		}
322
		*server_name = strdup(inet_ntoa(opt_dest_ip));
322
		*server_name = SMB_STRDUP(inet_ntoa(opt_dest_ip));
323
	} else if (!(flags & NET_FLAGS_LOCALHOST_DEFAULT_INSANE)) {
323
	} else if (!(flags & NET_FLAGS_LOCALHOST_DEFAULT_INSANE)) {
324
		extern struct in_addr loopback_ip;
324
		extern struct in_addr loopback_ip;
325
		*server_ip = loopback_ip;
325
		*server_ip = loopback_ip;
326
		*server_name = strdup("127.0.0.1");
326
		*server_name = SMB_STRDUP("127.0.0.1");
327
	}
327
	}
328
328
329
	if (!server_name || !*server_name) {
329
	if (!server_name || !*server_name) {
Lines 786-792 Link Here
786
			break;
786
			break;
787
		case 'U':
787
		case 'U':
788
			opt_user_specified = True;
788
			opt_user_specified = True;
789
			opt_user_name = strdup(opt_user_name);
789
			opt_user_name = SMB_STRDUP(opt_user_name);
790
			p = strchr(opt_user_name,'%');
790
			p = strchr(opt_user_name,'%');
791
			if (p) {
791
			if (p) {
792
				*p = 0;
792
				*p = 0;
(-)samba-3.0.9-orig/source/utils/net_cache.c (-1 / +1 lines)
Lines 101-107 Link Here
101
	/* number detection */
101
	/* number detection */
102
	len = (sign) ? strlen(&timeout_str[number_begin]) : len;
102
	len = (sign) ? strlen(&timeout_str[number_begin]) : len;
103
	number_end = (unit) ? len - 1 : len;
103
	number_end = (unit) ? len - 1 : len;
104
	number = strndup(&timeout_str[number_begin], number_end);
104
	number = SMB_STRNDUP(&timeout_str[number_begin], number_end);
105
	
105
	
106
	/* calculate actual timeout value */
106
	/* calculate actual timeout value */
107
	timeout = (time_t)atoi(number);
107
	timeout = (time_t)atoi(number);
(-)samba-3.0.9-orig/source/utils/net_idmap.c (-1 / +1 lines)
Lines 126-132 Link Here
126
		return NT_STATUS_UNSUCCESSFUL;
126
		return NT_STATUS_UNSUCCESSFUL;
127
	}
127
	}
128
128
129
	tdbfile = strdup(lock_path("winbindd_idmap.tdb"));
129
	tdbfile = SMB_STRDUP(lock_path("winbindd_idmap.tdb"));
130
	if (!tdbfile) {
130
	if (!tdbfile) {
131
		DEBUG(0, ("idmap_init: out of memory!\n"));
131
		DEBUG(0, ("idmap_init: out of memory!\n"));
132
		return NT_STATUS_NO_MEMORY;
132
		return NT_STATUS_NO_MEMORY;
(-)samba-3.0.9-orig/source/utils/net_rap.c (-1 / +1 lines)
Lines 198-204 Link Here
198
	if (!(cli = net_make_ipc_connection(0))) 
198
	if (!(cli = net_make_ipc_connection(0))) 
199
                return -1;
199
                return -1;
200
200
201
	sharename = strdup(argv[0]);
201
	sharename = SMB_STRDUP(argv[0]);
202
	p = strchr(sharename, '=');
202
	p = strchr(sharename, '=');
203
	*p = 0;
203
	*p = 0;
204
	strlcpy(sinfo.share_name, sharename, sizeof(sinfo.share_name));
204
	strlcpy(sinfo.share_name, sharename, sizeof(sinfo.share_name));
(-)samba-3.0.9-orig/source/utils/net_rpc.c (-15 / +10 lines)
Lines 884-890 Link Here
884
884
885
	/* Look up rids */
885
	/* Look up rids */
886
886
887
	rids = (uint32 *)talloc(mem_ctx, sizeof(uint32) * num_rids);
887
	rids = TALLOC_ARRAY(mem_ctx, uint32, num_rids);
888
888
889
	for (i = 0; i < num_rids; i++)
889
	for (i = 0; i < num_rids; i++)
890
                rids[i] = user_gids[i].g_rid;
890
                rids[i] = user_gids[i].g_rid;
Lines 2805-2811 Link Here
2805
	pstring mask;
2805
	pstring mask;
2806
	char *dst = NULL;
2806
	char *dst = NULL;
2807
2807
2808
	dst = strdup(opt_destination?opt_destination:"127.0.0.1");
2808
	dst = SMB_STRDUP(opt_destination?opt_destination:"127.0.0.1");
2809
2809
2810
	init_enum_hnd(&hnd, 0);
2810
	init_enum_hnd(&hnd, 0);
2811
2811
Lines 2989-2995 Link Here
2989
static void push_alias(TALLOC_CTX *mem_ctx, struct full_alias *alias)
2989
static void push_alias(TALLOC_CTX *mem_ctx, struct full_alias *alias)
2990
{
2990
{
2991
	if (server_aliases == NULL)
2991
	if (server_aliases == NULL)
2992
		server_aliases = malloc(100 * sizeof(struct full_alias));
2992
		server_aliases = SMB_MALLOC_ARRAY(struct full_alias, 100);
2993
2993
2994
	server_aliases[num_server_aliases] = *alias;
2994
	server_aliases[num_server_aliases] = *alias;
2995
	num_server_aliases += 1;
2995
	num_server_aliases += 1;
Lines 3053-3060 Link Here
3053
			alias.members = NULL;
3053
			alias.members = NULL;
3054
3054
3055
			if (alias.num_members > 0) {
3055
			if (alias.num_members > 0) {
3056
				alias.members = malloc(alias.num_members *
3056
				alias.members = SMB_MALLOC_ARRAY(DOM_SID, alias.num_members);
3057
						       sizeof(DOM_SID));
3058
3057
3059
				for (j = 0; j < alias.num_members; j++)
3058
				for (j = 0; j < alias.num_members; j++)
3060
					sid_copy(&alias.members[j],
3059
					sid_copy(&alias.members[j],
Lines 3183-3189 Link Here
3183
3182
3184
	token->num_sids = 4;
3183
	token->num_sids = 4;
3185
3184
3186
	token->user_sids = malloc(4 * sizeof(DOM_SID));
3185
	token->user_sids = SMB_MALLOC_ARRAY(DOM_SID, 4);
3187
3186
3188
	token->user_sids[0] = *user_sid;
3187
	token->user_sids[0] = *user_sid;
3189
	sid_copy(&token->user_sids[1], &global_sid_World);
3188
	sid_copy(&token->user_sids[1], &global_sid_World);
Lines 3212-3219 Link Here
3212
	if (is_sid_in_token(token, sid))
3211
	if (is_sid_in_token(token, sid))
3213
		return;
3212
		return;
3214
3213
3215
	token->user_sids = Realloc(token->user_sids,
3214
	token->user_sids = SMB_REALLOC_ARRAY(token->user_sids, DOM_SID, token->num_sids+1);
3216
				   (token->num_sids+1) * sizeof(DOM_SID));
3217
3215
3218
	sid_copy(&token->user_sids[token->num_sids], sid);
3216
	sid_copy(&token->user_sids[token->num_sids], sid);
3219
3217
Lines 3392-3398 Link Here
3392
		*num_tokens += 1;
3390
		*num_tokens += 1;
3393
	}
3391
	}
3394
3392
3395
	result = malloc(*num_tokens * sizeof(struct user_token));
3393
	result = SMB_MALLOC_ARRAY(struct user_token, *num_tokens);
3396
3394
3397
	if (result == NULL) {
3395
	if (result == NULL) {
3398
		DEBUG(1, ("Could not malloc sid array\n"));
3396
		DEBUG(1, ("Could not malloc sid array\n"));
Lines 3467-3475 Link Here
3467
		/* And a new user... */
3465
		/* And a new user... */
3468
3466
3469
		*num_tokens += 1;
3467
		*num_tokens += 1;
3470
		*tokens = Realloc(*tokens,
3468
		*tokens = SMB_REALLOC_ARRAY(*tokens, struct user_token, *num_tokens);
3471
				  *num_tokens *
3472
				  sizeof(struct user_token));
3473
		if (*tokens == NULL) {
3469
		if (*tokens == NULL) {
3474
			DEBUG(0, ("Could not realloc tokens\n"));
3470
			DEBUG(0, ("Could not realloc tokens\n"));
3475
			return False;
3471
			return False;
Lines 3587-3595 Link Here
3587
		return;
3583
		return;
3588
3584
3589
	share_list->num_shares += 1;
3585
	share_list->num_shares += 1;
3590
	share_list->shares = Realloc(share_list->shares,
3586
	share_list->shares = SMB_REALLOC_ARRAY(share_list->shares, char *, share_list->num_shares);
3591
				     share_list->num_shares * sizeof(char *));
3587
	share_list->shares[share_list->num_shares-1] = SMB_STRDUP(name);
3592
	share_list->shares[share_list->num_shares-1] = strdup(name);
3593
}
3588
}
3594
3589
3595
static void rpc_share_userlist_usage(void)
3590
static void rpc_share_userlist_usage(void)
(-)samba-3.0.9-orig/source/utils/net_rpc_join.c (-1 / +1 lines)
Lines 258-264 Link Here
258
	{ 
258
	{ 
259
		char *str;
259
		char *str;
260
		str = generate_random_str(DEFAULT_TRUST_ACCOUNT_PASSWORD_LENGTH);
260
		str = generate_random_str(DEFAULT_TRUST_ACCOUNT_PASSWORD_LENGTH);
261
		clear_trust_password = strdup(str);
261
		clear_trust_password = SMB_STRDUP(str);
262
		E_md4hash(clear_trust_password, md4_trust_password);
262
		E_md4hash(clear_trust_password, md4_trust_password);
263
	}
263
	}
264
264
(-)samba-3.0.9-orig/source/utils/net_rpc_printer.c (-4 / +4 lines)
Lines 501-507 Link Here
501
		}
501
		}
502
502
503
		/* allocate memory */
503
		/* allocate memory */
504
		if (!(data = (char *)malloc(read_size))) {
504
		if (!(data = (char *)SMB_MALLOC(read_size))) {
505
			d_printf("malloc fail for size %d\n", read_size);
505
			d_printf("malloc fail for size %d\n", read_size);
506
			nt_status = NT_STATUS_NO_MEMORY;
506
			nt_status = NT_STATUS_NO_MEMORY;
507
			goto out;
507
			goto out;
Lines 1153-1159 Link Here
1153
1153
1154
1154
1155
	/* argument given, get a single printer by name */
1155
	/* argument given, get a single printer by name */
1156
	sharename = strdup(argv[0]);
1156
	sharename = SMB_STRDUP(argv[0]);
1157
1157
1158
	if (!net_spoolss_open_printer_ex(cli, mem_ctx, sharename,
1158
	if (!net_spoolss_open_printer_ex(cli, mem_ctx, sharename,
1159
			MAXIMUM_ALLOWED_ACCESS,	cli->user_name, &hnd)) 
1159
			MAXIMUM_ALLOWED_ACCESS,	cli->user_name, &hnd)) 
Lines 2298-2304 Link Here
2298
		}
2298
		}
2299
2299
2300
		/* copy devmode (info level 2) */
2300
		/* copy devmode (info level 2) */
2301
		ctr_dst.printers_2->devmode = talloc_memdup(mem_ctx, 
2301
		ctr_dst.printers_2->devmode = TALLOC_MEMDUP(mem_ctx, 
2302
			ctr_enum.printers_2[i].devmode, sizeof(DEVICEMODE));
2302
			ctr_enum.printers_2[i].devmode, sizeof(DEVICEMODE));
2303
2303
2304
		/* do not copy security descriptor (we have another command for that) */
2304
		/* do not copy security descriptor (we have another command for that) */
Lines 2460-2466 Link Here
2460
2460
2461
					value.type = REG_SZ;
2461
					value.type = REG_SZ;
2462
					value.size = data.uni_str_len * 2;
2462
					value.size = data.uni_str_len * 2;
2463
					value.data_p = talloc_memdup(mem_ctx, data.buffer, value.size);
2463
					value.data_p = TALLOC_MEMDUP(mem_ctx, data.buffer, value.size);
2464
2464
2465
					if (opt_verbose) 
2465
					if (opt_verbose) 
2466
						display_reg_value(subkey, value);
2466
						display_reg_value(subkey, value);
(-)samba-3.0.9-orig/source/utils/net_rpc_samsync.c (-1 / +1 lines)
Lines 595-601 Link Here
595
		return NT_STATUS_NO_MEMORY;
595
		return NT_STATUS_NO_MEMORY;
596
	}
596
	}
597
597
598
	nt_members = talloc_zero(t, sizeof(char *) * delta->num_members);
598
	nt_members = TALLOC_ZERO_ARRAY(t, char *, delta->num_members);
599
599
600
	for (i=0; i<delta->num_members; i++) {
600
	for (i=0; i<delta->num_members; i++) {
601
		NTSTATUS nt_status;
601
		NTSTATUS nt_status;
(-)samba-3.0.9-orig/source/utils/net_status.c (-2 / +1 lines)
Lines 129-136 Link Here
129
		return 0;
129
		return 0;
130
130
131
	ids->num_entries += 1;
131
	ids->num_entries += 1;
132
	ids->entries = Realloc(ids->entries,
132
	ids->entries = SMB_REALLOC_ARRAY(ids->entries, struct sessionid, ids->num_entries);
133
			       sizeof(struct sessionid) * ids->num_entries);
134
	ids->entries[ids->num_entries-1] = sessionid;
133
	ids->entries[ids->num_entries-1] = sessionid;
135
134
136
	return 0;
135
	return 0;
(-)samba-3.0.9-orig/source/utils/ntlm_auth.c (-14 / +14 lines)
Lines 238-244 Link Here
238
		return False;
238
		return False;
239
	}
239
	}
240
240
241
	require_membership_of_sid = strdup(response.data.sid.sid);
241
	require_membership_of_sid = SMB_STRDUP(response.data.sid.sid);
242
242
243
	if (require_membership_of_sid)
243
	if (require_membership_of_sid)
244
		return True;
244
		return True;
Lines 378-384 Link Here
378
	}
378
	}
379
379
380
	if (flags & WBFLAG_PAM_UNIX_NAME) {
380
	if (flags & WBFLAG_PAM_UNIX_NAME) {
381
		*unix_name = strdup((char *)response.extra_data);
381
		*unix_name = SMB_STRDUP((char *)response.extra_data);
382
		if (!*unix_name) {
382
		if (!*unix_name) {
383
			free_response(&response);
383
			free_response(&response);
384
			return NT_STATUS_NO_MEMORY;
384
			return NT_STATUS_NO_MEMORY;
Lines 552-558 Link Here
552
	if ((strncmp(buf, "PW ", 3) == 0)) {
552
	if ((strncmp(buf, "PW ", 3) == 0)) {
553
		/* The calling application wants us to use a local password (rather than winbindd) */
553
		/* The calling application wants us to use a local password (rather than winbindd) */
554
554
555
		opt_password = strndup((const char *)request.data, request.length);
555
		opt_password = SMB_STRNDUP((const char *)request.data, request.length);
556
556
557
		if (opt_password == NULL) {
557
		if (opt_password == NULL) {
558
			DEBUG(1, ("Out of memory\n"));
558
			DEBUG(1, ("Out of memory\n"));
Lines 634-640 Link Here
634
	if (strncmp(buf, "PW ", 3) == 0) {
634
	if (strncmp(buf, "PW ", 3) == 0) {
635
		/* We asked for a password and obviously got it :-) */
635
		/* We asked for a password and obviously got it :-) */
636
636
637
		opt_password = strndup((const char *)request.data, request.length);
637
		opt_password = SMB_STRNDUP((const char *)request.data, request.length);
638
638
639
		if (opt_password == NULL) {
639
		if (opt_password == NULL) {
640
			DEBUG(1, ("Out of memory\n"));
640
			DEBUG(1, ("Out of memory\n"));
Lines 753-759 Link Here
753
753
754
	/* Server negTokenInit (mech offerings) */
754
	/* Server negTokenInit (mech offerings) */
755
	spnego.type = SPNEGO_NEG_TOKEN_INIT;
755
	spnego.type = SPNEGO_NEG_TOKEN_INIT;
756
	spnego.negTokenInit.mechTypes = smb_xmalloc(sizeof(char *) * 3);
756
	spnego.negTokenInit.mechTypes = SMB_XMALLOC_ARRAY(char *, 3);
757
#ifdef HAVE_KRB5
757
#ifdef HAVE_KRB5
758
	spnego.negTokenInit.mechTypes[0] = smb_xstrdup(OID_KERBEROS5_OLD);
758
	spnego.negTokenInit.mechTypes[0] = smb_xstrdup(OID_KERBEROS5_OLD);
759
	spnego.negTokenInit.mechTypes[1] = smb_xstrdup(OID_NTLMSSP);
759
	spnego.negTokenInit.mechTypes[1] = smb_xstrdup(OID_NTLMSSP);
Lines 883-889 Link Here
883
				  request.negTokenInit.mechToken.length);
883
				  request.negTokenInit.mechToken.length);
884
884
885
			response.type = SPNEGO_NEG_TOKEN_TARG;
885
			response.type = SPNEGO_NEG_TOKEN_TARG;
886
			response.negTokenTarg.supportedMech = strdup(OID_NTLMSSP);
886
			response.negTokenTarg.supportedMech = SMB_STRDUP(OID_NTLMSSP);
887
			response.negTokenTarg.mechListMIC = data_blob(NULL, 0);
887
			response.negTokenTarg.mechListMIC = data_blob(NULL, 0);
888
888
889
			status = ntlmssp_update(ntlmssp_state,
889
			status = ntlmssp_update(ntlmssp_state,
Lines 906-912 Link Here
906
			}
906
			}
907
907
908
			response.type = SPNEGO_NEG_TOKEN_TARG;
908
			response.type = SPNEGO_NEG_TOKEN_TARG;
909
			response.negTokenTarg.supportedMech = strdup(OID_KERBEROS5_OLD);
909
			response.negTokenTarg.supportedMech = SMB_STRDUP(OID_KERBEROS5_OLD);
910
			response.negTokenTarg.mechListMIC = data_blob(NULL, 0);
910
			response.negTokenTarg.mechListMIC = data_blob(NULL, 0);
911
			response.negTokenTarg.responseToken = data_blob(NULL, 0);
911
			response.negTokenTarg.responseToken = data_blob(NULL, 0);
912
912
Lines 930-937 Link Here
930
				}
930
				}
931
931
932
				*domain++ = '\0';
932
				*domain++ = '\0';
933
				domain = strdup(domain);
933
				domain = SMB_STRDUP(domain);
934
				user = strdup(principal);
934
				user = SMB_STRDUP(principal);
935
935
936
				data_blob_free(&ap_rep);
936
				data_blob_free(&ap_rep);
937
				data_blob_free(&auth_data);
937
				data_blob_free(&auth_data);
Lines 964-975 Link Here
964
					       &response.negTokenTarg.responseToken);
964
					       &response.negTokenTarg.responseToken);
965
965
966
		response.type = SPNEGO_NEG_TOKEN_TARG;
966
		response.type = SPNEGO_NEG_TOKEN_TARG;
967
		response.negTokenTarg.supportedMech = strdup(OID_NTLMSSP);
967
		response.negTokenTarg.supportedMech = SMB_STRDUP(OID_NTLMSSP);
968
		response.negTokenTarg.mechListMIC = data_blob(NULL, 0);
968
		response.negTokenTarg.mechListMIC = data_blob(NULL, 0);
969
969
970
		if (NT_STATUS_IS_OK(status)) {
970
		if (NT_STATUS_IS_OK(status)) {
971
			user = strdup(ntlmssp_state->user);
971
			user = SMB_STRDUP(ntlmssp_state->user);
972
			domain = strdup(ntlmssp_state->domain);
972
			domain = SMB_STRDUP(ntlmssp_state->domain);
973
			ntlmssp_end(&ntlmssp_state);
973
			ntlmssp_end(&ntlmssp_state);
974
		}
974
		}
975
	}
975
	}
Lines 1155-1161 Link Here
1155
		return False;
1155
		return False;
1156
	}
1156
	}
1157
1157
1158
	principal = malloc(spnego.negTokenInit.mechListMIC.length+1);
1158
	principal = SMB_MALLOC(spnego.negTokenInit.mechListMIC.length+1);
1159
1159
1160
	if (principal == NULL) {
1160
	if (principal == NULL) {
1161
		DEBUG(1, ("Could not malloc principal\n"));
1161
		DEBUG(1, ("Could not malloc principal\n"));
Lines 1266-1272 Link Here
1266
1266
1267
		/* We asked for a password and obviously got it :-) */
1267
		/* We asked for a password and obviously got it :-) */
1268
1268
1269
		opt_password = strndup((const char *)request.data, request.length);
1269
		opt_password = SMB_STRNDUP((const char *)request.data, request.length);
1270
		
1270
		
1271
		if (opt_password == NULL) {
1271
		if (opt_password == NULL) {
1272
			DEBUG(1, ("Out of memory\n"));
1272
			DEBUG(1, ("Out of memory\n"));
(-)samba-3.0.9-orig/source/utils/pdbedit.c (-2 / +2 lines)
Lines 429-438 Link Here
429
	}
429
	}
430
430
431
	staticpass = getpass("new password:");
431
	staticpass = getpass("new password:");
432
	password1 = strdup(staticpass);
432
	password1 = SMB_STRDUP(staticpass);
433
	memset(staticpass, 0, strlen(staticpass));
433
	memset(staticpass, 0, strlen(staticpass));
434
	staticpass = getpass("retype new password:");
434
	staticpass = getpass("retype new password:");
435
	password2 = strdup(staticpass);
435
	password2 = SMB_STRDUP(staticpass);
436
	memset(staticpass, 0, strlen(staticpass));
436
	memset(staticpass, 0, strlen(staticpass));
437
	if (strcmp (password1, password2)) {
437
	if (strcmp (password1, password2)) {
438
		fprintf (stderr, "Passwords does not match!\n");
438
		fprintf (stderr, "Passwords does not match!\n");
(-)samba-3.0.9-orig/source/utils/smbcacls.c (-3 / +3 lines)
Lines 325-331 Link Here
325
		return True;
325
		return True;
326
	}
326
	}
327
327
328
	aces = calloc(1+(*the_acl)->num_aces,sizeof(SEC_ACE));
328
	aces = SMB_CALLOC_ARRAY(SEC_ACE, 1+(*the_acl)->num_aces);
329
	memcpy(aces, (*the_acl)->ace, (*the_acl)->num_aces * sizeof(SEC_ACE));
329
	memcpy(aces, (*the_acl)->ace, (*the_acl)->num_aces * sizeof(SEC_ACE));
330
	memcpy(aces+(*the_acl)->num_aces, ace, sizeof(SEC_ACE));
330
	memcpy(aces+(*the_acl)->num_aces, ace, sizeof(SEC_ACE));
331
	new = make_sec_acl(ctx,(*the_acl)->revision,1+(*the_acl)->num_aces, aces);
331
	new = make_sec_acl(ctx,(*the_acl)->revision,1+(*the_acl)->num_aces, aces);
Lines 353-359 Link Here
353
		}
353
		}
354
354
355
		if (strncmp(tok,"OWNER:", 6) == 0) {
355
		if (strncmp(tok,"OWNER:", 6) == 0) {
356
			owner_sid = (DOM_SID *)calloc(1, sizeof(DOM_SID));
356
			owner_sid = SMB_CALLOC_ARRAY(DOM_SID, 1);
357
			if (!owner_sid ||
357
			if (!owner_sid ||
358
			    !StringToSid(owner_sid, tok+6)) {
358
			    !StringToSid(owner_sid, tok+6)) {
359
				printf("Failed to parse owner sid\n");
359
				printf("Failed to parse owner sid\n");
Lines 363-369 Link Here
363
		}
363
		}
364
364
365
		if (strncmp(tok,"GROUP:", 6) == 0) {
365
		if (strncmp(tok,"GROUP:", 6) == 0) {
366
			grp_sid = (DOM_SID *)calloc(1, sizeof(DOM_SID));
366
			grp_sid = SMB_CALLOC_ARRAY(DOM_SID, 1);
367
			if (!grp_sid ||
367
			if (!grp_sid ||
368
			    !StringToSid(grp_sid, tok+6)) {
368
			    !StringToSid(grp_sid, tok+6)) {
369
				printf("Failed to parse group sid\n");
369
				printf("Failed to parse group sid\n");
(-)samba-3.0.9-orig/source/utils/smbtree.c (-1 / +1 lines)
Lines 51-57 Link Here
51
        struct name_list **name_list = (struct name_list **)state;
51
        struct name_list **name_list = (struct name_list **)state;
52
        struct name_list *new_name;
52
        struct name_list *new_name;
53
53
54
        new_name = (struct name_list *)malloc(sizeof(struct name_list));
54
        new_name = SMB_MALLOC_P(struct name_list);
55
55
56
        if (!new_name)
56
        if (!new_name)
57
                return;
57
                return;
(-)samba-3.0.9-orig/source/web/cgi.c (-10 / +10 lines)
Lines 59-65 Link Here
59
			char *ret2;
59
			char *ret2;
60
			if (len == 0) len = 1024;
60
			if (len == 0) len = 1024;
61
			else len *= 2;
61
			else len *= 2;
62
			ret2 = (char *)Realloc(ret, len);
62
			ret2 = (char *)SMB_REALLOC(ret, len);
63
			if (!ret2) return ret;
63
			if (!ret2) return ret;
64
			ret = ret2;
64
			ret = ret2;
65
		}
65
		}
Lines 135-142 Link Here
135
			
135
			
136
			*p = 0;
136
			*p = 0;
137
			
137
			
138
			variables[num_variables].name = strdup(line);
138
			variables[num_variables].name = SMB_STRDUP(line);
139
			variables[num_variables].value = strdup(p+1);
139
			variables[num_variables].value = SMB_STRDUP(p+1);
140
140
141
			SAFE_FREE(line);
141
			SAFE_FREE(line);
142
			
142
			
Lines 170-177 Link Here
170
			
170
			
171
			*p = 0;
171
			*p = 0;
172
			
172
			
173
			variables[num_variables].name = strdup(tok);
173
			variables[num_variables].name = SMB_STRDUP(tok);
174
			variables[num_variables].value = strdup(p+1);
174
			variables[num_variables].value = SMB_STRDUP(p+1);
175
175
176
			if (!variables[num_variables].name || 
176
			if (!variables[num_variables].name || 
177
			    !variables[num_variables].value)
177
			    !variables[num_variables].value)
Lines 205-217 Link Here
205
			       variables[i].name, -1, 
205
			       variables[i].name, -1, 
206
			       dest, sizeof(dest), True);
206
			       dest, sizeof(dest), True);
207
		free(variables[i].name);
207
		free(variables[i].name);
208
		variables[i].name = strdup(dest);
208
		variables[i].name = SMB_STRDUP(dest);
209
209
210
		convert_string(CH_UTF8, CH_UNIX, 
210
		convert_string(CH_UTF8, CH_UNIX, 
211
			       variables[i].value, -1,
211
			       variables[i].value, -1,
212
			       dest, sizeof(dest), True);
212
			       dest, sizeof(dest), True);
213
		free(variables[i].value);
213
		free(variables[i].value);
214
		variables[i].value = strdup(dest);
214
		variables[i].value = SMB_STRDUP(dest);
215
	}
215
	}
216
}
216
}
217
217
Lines 366-372 Link Here
366
			become_user_permanently(pass->pw_uid, pass->pw_gid);
366
			become_user_permanently(pass->pw_uid, pass->pw_gid);
367
			
367
			
368
			/* Save the users name */
368
			/* Save the users name */
369
			C_user = strdup(user);
369
			C_user = SMB_STRDUP(user);
370
			passwd_free(&pass);
370
			passwd_free(&pass);
371
			return True;
371
			return True;
372
		}
372
		}
Lines 530-540 Link Here
530
		if (line[0] == '\r' || line[0] == '\n') break;
530
		if (line[0] == '\r' || line[0] == '\n') break;
531
		if (strnequal(line,"GET ", 4)) {
531
		if (strnequal(line,"GET ", 4)) {
532
			got_request = True;
532
			got_request = True;
533
			url = strdup(&line[4]);
533
			url = SMB_STRDUP(&line[4]);
534
		} else if (strnequal(line,"POST ", 5)) {
534
		} else if (strnequal(line,"POST ", 5)) {
535
			got_request = True;
535
			got_request = True;
536
			request_post = 1;
536
			request_post = 1;
537
			url = strdup(&line[5]);
537
			url = SMB_STRDUP(&line[5]);
538
		} else if (strnequal(line,"PUT ", 4)) {
538
		} else if (strnequal(line,"PUT ", 4)) {
539
			got_request = True;
539
			got_request = True;
540
			cgi_setup_error("400 Bad Request", "",
540
			cgi_setup_error("400 Bad Request", "",
(-)samba-3.0.9-orig/source/web/neg_lang.c (-2 / +2 lines)
Lines 85-91 Link Here
85
		count++;
85
		count++;
86
		lang_num++;
86
		lang_num++;
87
	}
87
	}
88
	pl = (struct pri_list *)malloc(sizeof(struct pri_list) * lang_num);
88
	pl = SMB_MALLOC_ARRAY(struct pri_list, lang_num);
89
	for (i = 0; i < lang_num; i++) {
89
	for (i = 0; i < lang_num; i++) {
90
		char *pri_code;
90
		char *pri_code;
91
		if ((pri_code=strstr(lang_list[i], ";q="))) {
91
		if ((pri_code=strstr(lang_list[i], ";q="))) {
Lines 95-101 Link Here
95
		} else {
95
		} else {
96
			pl[i].pri = 1;
96
			pl[i].pri = 1;
97
		}
97
		}
98
		pl[i].string = strdup(lang_list[i]);
98
		pl[i].string = SMB_STRDUP(lang_list[i]);
99
	}
99
	}
100
	str_list_free(&lang_list);
100
	str_list_free(&lang_list);
101
101
(-)samba-3.0.9-orig/source/web/statuspage.c (-2 / +2 lines)
Lines 61-74 Link Here
61
	if (PID_or_Machine) {
61
	if (PID_or_Machine) {
62
		PIDMAP *newmap;
62
		PIDMAP *newmap;
63
63
64
		if ((newmap = (PIDMAP *) malloc (sizeof (PIDMAP))) == NULL) {
64
		if ((newmap = SMB_MALLOC_P(PIDMAP)) == NULL) {
65
			/* XXX need error message for this?
65
			/* XXX need error message for this?
66
			   if malloc fails, PID is always shown */
66
			   if malloc fails, PID is always shown */
67
			return;
67
			return;
68
		}
68
		}
69
69
70
		newmap->pid = pid;
70
		newmap->pid = pid;
71
		newmap->machine = strdup (machine);
71
		newmap->machine = SMB_STRDUP(machine);
72
72
73
		DLIST_ADD(pidmap, newmap);
73
		DLIST_ADD(pidmap, newmap);
74
	}
74
	}

Return to bug 73943