Attachment #27305 for bug #64119

View | Details | Raw Unified | Return to bug 64119
Collapse All | Expand All




	
	if(pblock_mountp == NULL)
	{
		pblock_mountp = SMB_CALLOC_ARRAY( block_dir, 1 );
		if( pblock_mountp == NULL)
		{
			return FALSE;

		
	}else
	{
		tmp_pblock->next = SMB_CALLOC_ARRAY( block_dir, 1 );
		if(tmp_pblock->next == NULL)
		{
			return FALSE;

	

	tmp_pblock->st_dev = stat_buf.st_dev;
	tmp_pblock->dir_name = SMB_STRDUP(dir);
	

      return TRUE;


	if(pblock_dir == NULL)
	{
		pblock_dir = SMB_CALLOC_ARRAY( block_dir, 1 );
		if( pblock_dir == NULL)
		{
			return FALSE;

		
	}else
	{
		tmp_pblock->next = SMB_CALLOC_ARRAY( block_dir, 1 );
		if(tmp_pblock->next == NULL)
		{
			return FALSE;

	}
	

	tmp_pblock->dir_name = SMB_STRDUP(dir);
	tmp_pblock->str_len = strlen(dir);
	


Lines 151-157 Link Here

(-)samba-2.2.12-pre-CAN-2004-1154/examples/VFS/recycle/recycle.c (-2 / +2 lines)
151	static BOOL do_parameter(char pszParmName, char pszParmValue)	151	static BOOL do_parameter(char pszParmName, char pszParmValue)
152	{	152	{
153	if (StrCaseCmp("name",pszParmName)==0) {	153	if (StrCaseCmp("name",pszParmName)==0) {
154	current->recycle_bin = (char *)talloc(current->ctx,sizeof(pstring));	154	current->recycle_bin = (char *)TALLOC(current->ctx,sizeof(pstring));
155	if (current->recycle_bin == NULL)	155	if (current->recycle_bin == NULL)
156	return False;	156	return False;
157	current->recycle_bin = safe_strcpy(current->recycle_bin,pszParmValue,sizeof(pstring));	157	current->recycle_bin = safe_strcpy(current->recycle_bin,pszParmValue,sizeof(pstring));
Lines 236-242 Link Here
236	DEBUG(10,("Using configuration file %s\n",conf_file));	236	DEBUG(10,("Using configuration file %s\n",conf_file));
237	}	237	}
238		238
239	current = talloc(ctx,sizeof(recycle_bin_struct));	239	current = TALLOC_P(ctx,recycle_bin_struct);
240	if ( current == NULL) {	240	if ( current == NULL) {
241	DEBUG(0, ("Failed to allocate memory in VFS module recycle_bin\n"));	241	DEBUG(0, ("Failed to allocate memory in VFS module recycle_bin\n"));
242	return -1;	242	return -1;

Lines 1-4 Link Here

(-)samba-2.2.12-pre-CAN-2004-1154/source/aparser/parser.c (+11 lines)
1	#include "parser.h"	1	#include "parser.h"
		2	#include <limits.h>
2		3
3	/*******************************************************************	4	/*******************************************************************
4	Attempt, if needed, to grow a data buffer.	5	Attempt, if needed, to grow a data buffer.
Lines 44-49 Link Here
44	* If the current buffer size is bigger than the space needed, just	45	* If the current buffer size is bigger than the space needed, just
45	* double it, else add extra_space.	46	* double it, else add extra_space.
46	*/	47	*/
		48	if(ps->buffer_size >= INT_MAX/2)
		49	{
		50	DEBUG(0,("io_grow: integer overflow detected.\n"));
		51	return False;
		52	}
		53	if(ps->buffer_size >= INT_MAX - extra_space)
		54	{
		55	DEBUG(0,("io_grow: integer overflow detected.\n"));
		56	return False;
		57	}
47	new_size = MAX(ps->buffer_size*2, ps->buffer_size + extra_space);	58	new_size = MAX(ps->buffer_size*2, ps->buffer_size + extra_space);
48		59
49	if ((new_data = Realloc(ps->data_p, new_size)) == NULL) {	60	if ((new_data = Realloc(ps->data_p, new_size)) == NULL) {

Lines 380-386 Link Here

(-)samba-2.2.12-pre-CAN-2004-1154/source/client/client.c (-9 / +15 lines)
380	{	380	{
381	reset_do_list_queue();	381	reset_do_list_queue();
382	do_list_queue_size = 1024;	382	do_list_queue_size = 1024;
383	do_list_queue = malloc(do_list_queue_size);	383	do_list_queue = SMB_MALLOC(do_list_queue_size);
384	if (do_list_queue == 0) {	384	if (do_list_queue == 0) {
385	DEBUG(0,("malloc fail for size %d\n",	385	DEBUG(0,("malloc fail for size %d\n",
386	(int)do_list_queue_size));	386	(int)do_list_queue_size));
Lines 421-430 Link Here
421	long new_end = do_list_queue_end + ((long)strlen(entry)) + 1;	421	long new_end = do_list_queue_end + ((long)strlen(entry)) + 1;
422	while (new_end > do_list_queue_size)	422	while (new_end > do_list_queue_size)
423	{	423	{
		424	if(do_list_queue_size >= INT_MAX/2)
		425	{
		426	DEBUG(0,("add_to_do_list_queue: integer overflow detected.\n"));
		427	reset_do_list_queue();
		428	return;
		429	}
424	do_list_queue_size *= 2;	430	do_list_queue_size *= 2;
425	DEBUG(4,("enlarging do_list_queue to %d\n",	431	DEBUG(4,("enlarging do_list_queue to %d\n",
426	(int)do_list_queue_size));	432	(int)do_list_queue_size));
427	dlq = Realloc(do_list_queue, do_list_queue_size);	433	dlq = SMB_REALLOC(do_list_queue, do_list_queue_size);
428	if (!dlq) {	434	if (!dlq) {
429	DEBUG(0,("failure enlarging do_list_queue to %d bytes\n",	435	DEBUG(0,("failure enlarging do_list_queue to %d bytes\n",
430	(int)do_list_queue_size));	436	(int)do_list_queue_size));
Lines 683-689 Link Here
683	DEBUG(2,("getting file %s of size %.0f as %s ",	689	DEBUG(2,("getting file %s of size %.0f as %s ",
684	rname, (double)size, lname));	690	rname, (double)size, lname));
685		691
686	if(!(data = (char *)malloc(read_size))) {	692	if(!(data = (char *)SMB_MALLOC(read_size))) {
687	DEBUG(0,("malloc fail for size %d\n", read_size));	693	DEBUG(0,("malloc fail for size %d\n", read_size));
688	cli_close(cli, fnum);	694	cli_close(cli, fnum);
689	return;	695	return;
Lines 1049-1055 Link Here
1049	DEBUG(1,("putting file %s as %s ",lname,	1055	DEBUG(1,("putting file %s as %s ",lname,
1050	rname));	1056	rname));
1051		1057
1052	buf = (char *)malloc(maxwrite);	1058	buf = (char *)SMB_MALLOC(maxwrite);
1053	if (!buf) {	1059	if (!buf) {
1054	DEBUG(0, ("ERROR: Not enough memory!\n"));	1060	DEBUG(0, ("ERROR: Not enough memory!\n"));
1055	return;	1061	return;
Lines 1249-1255 Link Here
1249	return -1;	1255	return -1;
1250	}	1256	}
1251	}	1257	}
1252	entry = (struct file_list *) malloc(sizeof (struct file_list));	1258	entry = SMB_MALLOC_P(struct file_list);
1253	if (!entry) {	1259	if (!entry) {
1254	DEBUG(0,("Out of memory in file_find\n"));	1260	DEBUG(0,("Out of memory in file_find\n"));
1255	closedir(dir);	1261	closedir(dir);
Lines 2045-2059 Link Here
2045	/* for words not at the start of the line fallback to filename completion */	2051	/* for words not at the start of the line fallback to filename completion */
2046	if (start) return NULL;	2052	if (start) return NULL;
2047		2053
2048	matches = (char *)malloc(sizeof(matches[0])MAX_COMPLETIONS);	2054	matches = SMB_MALLOC_ARRAY( char *, MAX_COMPLETIONS );
2049	if (!matches) return NULL;	2055	if (!matches) return NULL;
2050		2056
2051	matches[count++] = strdup(text);	2057	matches[count++] = SMB_STRDUP(text);
2052	if (!matches[0]) return NULL;	2058	if (!matches[0]) return NULL;
2053		2059
2054	for (i=0;commands[i].fn && count < MAX_COMPLETIONS-1;i++) {	2060	for (i=0;commands[i].fn && count < MAX_COMPLETIONS-1;i++) {
2055	if (strncmp(text, commands[i].name, strlen(text)) == 0) {	2061	if (strncmp(text, commands[i].name, strlen(text)) == 0) {
2056	matches[count] = strdup(commands[i].name);	2062	matches[count] = SMB_STRDUP(commands[i].name);
2057	if (!matches[count]) return NULL;	2063	if (!matches[count]) return NULL;
2058	count++;	2064	count++;
2059	}	2065	}
Lines 2061-2067 Link Here
2061		2067
2062	if (count == 2) {	2068	if (count == 2) {
2063	SAFE_FREE(matches[0]);	2069	SAFE_FREE(matches[0]);
2064	matches[0] = strdup(matches[1]);	2070	matches[0] = SMB_STRDUP(matches[1]);
2065	}	2071	}
2066	matches[count] = NULL;	2072	matches[count] = NULL;
2067	return matches;	2073	return matches;





char tar_type='\0';
static char **cliplist=NULL;
static unsigned clipn=0;
static BOOL must_free_cliplist = False;

extern file_info def_finfo;

/*******************************************************************
Create  a string of size size+1 (for the null)
*******************************************************************/
static char *string_create_s(size_t size)
{
  char *tmp;

  tmp = (char *)SMB_MALLOC(size+1);

  if (tmp == NULL) {


  if (l >= NAMSIZ - 1) {
	  /* write a GNU tar style long header */
	  char *b;

	  if(l >= (INT_MAX - TBLOCK - 100)) {
		  DEBUG(0,("writetarheader: integer overflow detected.\n"));
	          exit(1);
	  }
	  b = (char *)SMB_MALLOC(l+TBLOCK+100);
	  if (!b) {
		  DEBUG(0,("out of memory\n"));
		  exit(1);

{
  /* initialize tar buffer */
  tbufsiz=blocksize*TBLOCK;
  tarbuf=SMB_MALLOC(tbufsiz);      /* FIXME: We might not get the buffer */

  if(tarbuf == NULL) {
    DEBUG(0,("initarbuf: out of memory.\n"));
    exit(1);
  }
  /* reset tar buffer pointer and tar file counter and total dumped */
  tp=0; ntarf=0; ttarf=0;
}

*/
static char * get_longfilename(file_info2 finfo)
{
  size_t namesize;
  char *longname;
  SMB_BIG_INT offset = 0, left = finfo.size;
  BOOL first = True;

  if(strlen(finfo.name) >= (UINT_MAX - strlen(cur_dir) - 2)) {
    DEBUG(0,("get_longfilename: integer overflow detected.\n"));
    return NULL;
  }
  namesize = strlen(finfo.name) + strlen(cur_dir) + 2;
  longname = SMB_MALLOC(namesize);
  DEBUG(5, ("Restoring a long file name: %s\n", finfo.name));
  DEBUG(5, ("Len = %.0f\n", (double)finfo.size));


  FILE *inclusion = NULL;
  char buf[MAXPATHLEN + 1];
  char *inclusion_buffer = NULL;
  size_t inclusion_buffer_size = 0;
  int inclusion_buffer_sofar = 0;
  char *p;
  char *tmpstr;

  while ((! error) && (fgets(buf, sizeof(buf)-1, inclusion))) {
    if (inclusion_buffer == NULL) {
      inclusion_buffer_size = 1024;
      if ((inclusion_buffer = SMB_MALLOC(inclusion_buffer_size)) == NULL) {
	DEBUG(0,("failure allocating buffer to read inclusion file\n"));
	error = 1;
	break;

    
    if ((strlen(buf) + 1 + inclusion_buffer_sofar) >= inclusion_buffer_size) {
      char *ib;

      if(inclusion_buffer_size >= INT_MAX/2) {
	DEBUG(0,("read_inclusion_file: integer overflow detected.\n"));
	return 0;
      }
      inclusion_buffer_size *= 2;
      ib = SMB_REALLOC(inclusion_buffer,inclusion_buffer_size);
      if (! ib) {
        DEBUG(0,("failure enlarging inclusion buffer to %d bytes\n", inclusion_buffer_size));
        error = 1;

    
    safe_strcpy(inclusion_buffer + inclusion_buffer_sofar, buf, inclusion_buffer_size - inclusion_buffer_sofar);
    inclusion_buffer_sofar += strlen(buf) + 1;
    if(clipn >= (INT_MAX-1)) {
      DEBUG(0,("read_inclusion_file: integer overflow detected.\n"));
      abort();
    }
    clipn++;
  }
  fclose(inclusion);

  if (! error) {
    /* Allocate an array of clipn + 1 char*'s for cliplist */
    cliplist = SMB_MALLOC_ARRAY( char *, clipn + 1 );
    if (cliplist == NULL) {
      DEBUG(0,("failure allocating memory for cliplist\n"));
      error = 1;

	/* set current item to NULL so array will be null-terminated even if
	 * malloc fails below. */
	cliplist[i] = NULL;
	if ((tmpstr = (char *)SMB_MALLOC(strlen(p)+1)) == NULL) {
	  DEBUG(0, ("Could not allocate space for a cliplist item, # %i\n", i));
	  error = 1;
	} else {

  } else if (Optind+1<argc && !tar_re_search) { /* For backwards compatibility */
    char *tmpstr;
    char **tmplist;
    unsigned int clipcount;

    cliplist=argv+Optind+1;
    clipn=argc-Optind-1;
    clipcount = clipn;

    if ((tmplist=SMB_MALLOC_ARRAY( char *, clipn )) == NULL) {
      DEBUG(0, ("Could not allocate space to process cliplist, count = %i\n", 
               clipn)
           );


      DEBUG(5, ("Processing an item, %s\n", cliplist[clipcount]));

      if ((tmpstr = (char *)SMB_MALLOC(strlen(cliplist[clipcount])+1)) == NULL) {
        DEBUG(0, ("Could not allocate space for a cliplist item, # %i\n",
                 clipcount)
             );

#ifdef HAVE_REGEX_H
    int errcode;

    if ((preg = (regex_t *)SMB_MALLOC(65536)) == NULL) {

      DEBUG(0, ("Could not allocate buffer for regular expression search\n"));
      return 0;

    }


      errlen = regerror(errcode, preg, errstr, sizeof(errstr) - 1);
      
      DEBUG(0, ("Could not compile pattern buffer for re search: %s\n%s\n", argv[Optind + 1], errstr));
      return 0;

    }
#endif

Lines 104-110 Link Here

(-)samba-2.2.12-pre-CAN-2004-1154/source/client/smbmnt.c (-1 / +1 lines)
104	fprintf(stderr,"Failed to find real path for mount point\n");	104	fprintf(stderr,"Failed to find real path for mount point\n");
105	exit(1);	105	exit(1);
106	}	106	}
107	return strdup(path);	107	return SMB_STRDUP(path);
108	}	108	}
109		109
110	/* Check whether user is allowed to mount on the specified mount point. If it's	110	/* Check whether user is allowed to mount on the specified mount point. If it's

Lines 134-140 Link Here

(-)samba-2.2.12-pre-CAN-2004-1154/source/client/smbumount.c (-2 / +2 lines)
134	npath = resolved_path;	134	npath = resolved_path;
135	else while(*(--npath) != '/');	135	else while(*(--npath) != '/');
136	m = strlen(path);	136	m = strlen(path);
137	if((buf = malloc(m + n + 1)) == NULL)	137	if((buf = SMB_MALLOC(m + n + 1)) == NULL)
138	{	138	{
139	fprintf(stderr,"Not enough memory.\n");	139	fprintf(stderr,"Not enough memory.\n");
140	return NULL;	140	return NULL;
Lines 163-169 Link Here
163	static char *	163	static char *
164	canonicalize (char *path)	164	canonicalize (char *path)
165	{	165	{
166	char npath,canonical = malloc (PATH_MAX + 1);	166	char npath,canonical = SMB_MALLOC (PATH_MAX + 1);
167	int i;	167	int i;
168		168
169	if (!canonical) {	169	if (!canonical) {

Lines 143-149 Link Here

(-)samba-2.2.12-pre-CAN-2004-1154/source/groupdb/aliasdb.c (-1 / +1 lines)
143	if (alss == NULL \|\| num_alss == NULL \|\| als == NULL)	143	if (alss == NULL \|\| num_alss == NULL \|\| als == NULL)
144	return False;	144	return False;
145		145
146	talss = (LOCAL_GRP )Realloc((alss), ((num_alss)+1) sizeof(LOCAL_GRP));	146	talss = SMB_REALLOC_ARRAY( alss, LOCAL_GRP, (num_alss)+1 );
147	if (talss == NULL) {	147	if (talss == NULL) {
148	if (*alss)	148	if (*alss)
149	free(*alss);	149	free(*alss);

Lines 129-135 Link Here

(-)samba-2.2.12-pre-CAN-2004-1154/source/groupdb/aliasfile.c (-1 / +1 lines)
129	uint8 type;	129	uint8 type;
130		130
131	if (lookup_sid(name, &sid, &type)) {	131	if (lookup_sid(name, &sid, &type)) {
132	mbrs = Realloc((members), ((num_mem)+1) * sizeof(LOCAL_GRP_MEMBER));	132	mbrs = SMB_REALLOC_ARRAY( members, LOCAL_GRP_MEMBER, (num_mem)+1 );
133	(*num_mem)++;	133	(*num_mem)++;
134	} else {	134	} else {
135	DEBUG(0,("alias database: could not resolve alias named %s\n", name));	135	DEBUG(0,("alias database: could not resolve alias named %s\n", name));

Lines 141-147 Link Here

(-)samba-2.2.12-pre-CAN-2004-1154/source/groupdb/groupdb.c (-1 / +1 lines)
141	if (grps == NULL \|\| num_grps == NULL \|\| grp == NULL)	141	if (grps == NULL \|\| num_grps == NULL \|\| grp == NULL)
142	return False;	142	return False;
143		143
144	tgrps = (DOMAIN_GRP )Realloc((grps), ((num_grps)+1) sizeof(DOMAIN_GRP));	144	tgrps = SMB_REALLOC_ARRAY(grps, DOMAIN_GRP, (num_grps)+1 );
145	if (tgrps == NULL) {	145	if (tgrps == NULL) {
146	if (*grps)	146	if (*grps)
147	free(*grps);	147	free(*grps);

Lines 129-135 Link Here

(-)samba-2.2.12-pre-CAN-2004-1154/source/groupdb/groupfile.c (-1 / +1 lines)
129	{	129	{
130	DOMAIN_GRP_MEMBER *mbrs;	130	DOMAIN_GRP_MEMBER *mbrs;
131		131
132	mbrs = (DOMAIN_GRP_MEMBER )Realloc((members), ((num_mem)+1) sizeof(DOMAIN_GRP_MEMBER));	132	mbrs = SMB_REALLOC_ARRAY( members, DOMAIN_GRP_MEMBER, (num_mem)+1 );
133	if (mbrs == NULL) {	133	if (mbrs == NULL) {
134	if (*members)	134	if (*members)
135	free(*members);	135	free(*members);




/* The following definitions come from lib/talloc.c  */

TALLOC_CTX *talloc_init(void);
void *talloc(TALLOC_CTX *t, size_t size);
void *talloc_realloc(TALLOC_CTX *t, void *ptr, size_t size);
void talloc_destroy_pool(TALLOC_CTX *t);
void talloc_destroy(TALLOC_CTX *t);
size_t talloc_pool_size(TALLOC_CTX *t);
const char * talloc_pool_name(TALLOC_CTX const *t);
void *talloc_zero(TALLOC_CTX *t, size_t size);
void *talloc_memdup(TALLOC_CTX *t, const void *p, size_t size);
char *talloc_strdup(TALLOC_CTX *t, const char *p);
char *talloc_describe_all(TALLOC_CTX *rt);
void talloc_get_allocation(TALLOC_CTX *t,
			   size_t *total_bytes,
			   int *n_chunks);
#define PARANOID_MALLOC_CHECKER 1
#if defined(PARANOID_MALLOC_CHECKER)
extern void *talloc_(TALLOC_CTX *t, size_t size);
extern void *talloc_realloc_ ( TALLOC_CTX *, void *, size_t );
extern void *talloc_array_ ( TALLOC_CTX *, size_t, unsigned int );
extern void *talloc_zero_(TALLOC_CTX *t, size_t size);
extern void *talloc_zero_array_(TALLOC_CTX *t, size_t size, unsigned int);
extern void *talloc_realloc_array_ ( TALLOC_CTX *, void *, size_t, unsigned int );
extern void *talloc_memdup_(TALLOC_CTX *t, const void *p, size_t size);
#else
extern void *talloc(TALLOC_CTX *t, size_t size);
extern void *talloc_realloc(TALLOC_CTX *t, void *ptr, size_t size);
extern void *talloc_zero(TALLOC_CTX *t, size_t size);
extern void *talloc_zero_array ( TALLOC_CTX *, void *, size_t, unsigned int );
extern void *talloc_array ( TALLOC_CTX *, void *, size_t, unsigned int );
extern void *talloc_realloc_array(TALLOC_CTX *t, void *ptr, size_t size, unsigned int);
extern void *talloc_memdup(TALLOC_CTX *t, const void *p, size_t size);
#endif

/* The following definitions come from lib/time.c  */


void msleep(unsigned int t);
void become_daemon(void);
BOOL yesno(char *p);
void *Realloc(void *p,size_t size);
void safe_free(void *p);
BOOL get_myname(char *my_name);
int interpret_protocol(char *str,int def);

int set_maxfiles(int requested_max);
BOOL reg_split_key(const char *full_keyname, uint32 *reg_type, char *key_name);
int smb_mkstemp(char *template);
void *smb_xmalloc(size_t size);
void *smb_xmemdup(const void *p, size_t size);
char *smb_xstrdup(const char *s);
extern char *smb_xstrndup(const char *s, size_t );
int smb_xvasprintf(char **ptr, const char *format, va_list ap);
void *memdup(void *p, size_t size);
char *myhostname(void);

void data_blob_free(DATA_BLOB *d);
void data_blob_clear(DATA_BLOB *d);
int _Insure_trap_error(int a1, int a2, int a3, int a4, int a5, int a6);
#if defined(PARANOID_MALLOC_CHECKER)
extern void *malloc_ ( size_t );
#endif
extern void *smb_malloc(void *p,size_t size);
extern void *malloc_array ( size_t, unsigned int );
extern void *calloc_array ( size_t, size_t );
extern void *realloc_array ( void *, size_t, unsigned int );
extern void *smb_xmalloc_array ( size_t, unsigned int );
extern void *smb_realloc(void *p,size_t size);

/* The following definitions come from lib/util_file.c  */


BOOL prs_read(prs_struct *ps, int fd, size_t len, int timeout);
void prs_mem_free(prs_struct *ps);
void prs_mem_clear(prs_struct *ps);
char *prs_alloc_mem(prs_struct *ps, size_t size);
TALLOC_CTX *prs_get_mem_context(prs_struct *ps);
void prs_give_memory(prs_struct *ps, char *buf, uint32 size, BOOL is_dynamic);
char *prs_take_memory(prs_struct *ps, uint32 *psize);

int tdb_prs_store(TDB_CONTEXT *tdb, char *keystr, prs_struct *ps);
int tdb_prs_fetch(TDB_CONTEXT *tdb, char *keystr, prs_struct *ps, TALLOC_CTX *mem_ctx);
BOOL prs_hash1(prs_struct *ps, uint32 offset, uint8 sess_key[16]);
extern char *prs_alloc_mem_(prs_struct *ps, size_t size, size_t count );

/* The following definitions come from rpc_parse/parse_reg.c  */






#define vfs_chdir(conn,fname) ((conn)->vfs_ops.chdir((conn),dos_to_unix_static((fname))))

/*****************************************************************************
 Safe allocation macros.
*****************************************************************************/

#define SMB_MALLOC_ARRAY(type,count) (type *)malloc_array(sizeof(type),(count))
#define SMB_REALLOC(p,s) smb_realloc((p),(s))
#define SMB_REALLOC_ARRAY(p,type,count) (type *)realloc_array((p),sizeof(type),(count))
#define SMB_CALLOC_ARRAY(type,count) (type *)calloc_array(sizeof(type),(count))
#define SMB_XMALLOC_P(type) (type *)smb_xmalloc_array(sizeof(type),1)
#define SMB_XMALLOC_ARRAY(type,count) (type *)smb_xmalloc_array(sizeof(type),(count))

/* limiting size of ipc replies */
#define SMB_REALLOC_LIMIT(ptr,size) SMB_REALLOC(ptr,MAX((size),4*1024))

#define PARANOID_MALLOC_CHECKER 1

#if defined(PARANOID_MALLOC_CHECKER)

#define TALLOC(ctx, size) talloc_((ctx),(size))
#define TALLOC_P(ctx, type) (type *)talloc_((ctx),sizeof(type))
#define TALLOC_ARRAY(ctx, type, count) (type *)talloc_array_((ctx),sizeof(type),(count))
#define TALLOC_MEMDUP(ctx, ptr, size) talloc_memdup_((ctx),(ptr),(size))
#define TALLOC_ZERO(ctx, size) talloc_zero_((ctx),(size))
#define TALLOC_ZERO_P(ctx, type) (type *)talloc_zero_((ctx),sizeof(type))
#define TALLOC_ZERO_ARRAY(ctx, type, count) (type *)talloc_zero_array_((ctx),sizeof(type),(count))
#define TALLOC_REALLOC(ctx, ptr, count) talloc_realloc_((ctx),(ptr),(count))
#define TALLOC_REALLOC_ARRAY(ctx, ptr, type, count) (type *)talloc_realloc_array_((ctx),(ptr),sizeof(type),(count))

#define PRS_ALLOC_MEM(ps, type, count) (type *)talloc_zero_array_((ps)->mem_ctx,sizeof(type),(count))

/* Get medieval on our ass about malloc.... */

/* Restrictions on malloc/realloc/calloc. */
#ifdef malloc
#undef malloc
#endif
#define malloc(s) __ERROR_DONT_USE_MALLOC_DIRECTLY

#ifdef realloc
#undef realloc
#endif
#define realloc(p,s) __ERROR_DONT_USE_REALLOC_DIRECTLY

#ifdef calloc
#undef calloc
#endif
#define calloc(n,s) __ERROR_DONT_USE_CALLOC_DIRECTLY

#ifdef strndup
#undef strndup
#endif
#define strndup(s,n) __ERROR_DONT_USE_STRNDUP_DIRECTLY

#ifdef strdup
#undef strdup
#endif
#define strdup(s) __ERROR_DONT_USE_STRDUP_DIRECTLY

#define SMB_MALLOC(s) malloc_(s)
#define SMB_MALLOC_P(type) (type *)malloc_(sizeof(type))

#define SMB_STRDUP(s) smb_xstrdup(s)
#define SMB_STRNDUP(s,n) smb_xstrndup(s,n)

#else /* PARANOID_MEMORY_CHECKER disabled */

#define TALLOC(ctx, size) talloc((ctx),(size))
#define TALLOC_P(ctx, type) (type *)talloc((ctx),sizeof(type))
#define TALLOC_ARRAY(ctx, type, count) (type *)talloc_array((ctx),sizeof(type),(count))
#define TALLOC_MEMDUP(ctx, ptr, size) talloc_memdup((ctx),(ptr),(size))
#define TALLOC_ZERO(ctx, size) talloc_zero((ctx),(size))
#define TALLOC_ZERO_P(ctx, type) (type *)talloc_zero((ctx),sizeof(type))
#define TALLOC_ZERO_ARRAY(ctx, type, count) (type *)talloc_zero_array((ctx),sizeof(type),(count))
#define TALLOC_REALLOC(ctx, ptr, count) talloc_realloc((ctx),(ptr),(count))
#define TALLOC_REALLOC_ARRAY(ctx, ptr, type, count) (type *)talloc_realloc_array((ctx),(ptr),sizeof(type),(count))

#define PRS_ALLOC_MEM(ps, type, count) (type *)prs_alloc_mem((ps),sizeof(type),(count))

/* Regular malloc code. */

#define SMB_MALLOC(s) malloc(s)
#define SMB_MALLOC_P(type) (type *)malloc(sizeof(type))

#define SMB_STRDUP(s) strdup(s)
#define SMB_STRNDUP(s,n) strndup(s,n)

#endif /* not PARANOID_MEMORY_CHECKER */

#endif /* _SMB_MACROS_H */




			DEBUG(0,("Unable to get default yp domain.\n"));
			return False;
		}
		if (!(hostname = SMB_STRDUP(s))) {
			DEBUG(1,("out of memory for strdup!\n"));
			return False;
		}

     */

    /* jkf -- can get called recursively with NULL list */
    listcopy = (list == 0) ? (char *)0 : SMB_STRDUP(list);

    /*
     * Process tokens one at a time. We have exhausted all possible matches

	char		*listcopy,
			*tok;
			
	listcopy = SMB_STRDUP(list);

	for (tok = strtok(listcopy, sep); tok ; tok = strtok(NULL, sep)) 
	{

		deny_list ? deny_list : "NULL"));

	if (deny_list) 
		deny = SMB_STRDUP(deny_list);
	if (allow_list) 
		allow = SMB_STRDUP(allow_list);

	if ((!deny || *deny==0) && (!allow || *allow==0))
		ret = True;




{
	struct bitmap *bm;

	bm = SMB_MALLOC_P(struct bitmap);

	if (!bm) return NULL;
	
	bm->n = n;
	bm->b = SMB_MALLOC_ARRAY( uint32, (n+31)/32 );
	if (!bm->b) {
		SAFE_FREE(bm);
		return NULL;
	}

	memset(bm->b, 0, sizeof(uint32)*((n+31)/32));

	return bm;
}

        int count = MIN(dst->n, src->n);

        SMB_ASSERT(dst->b != src->b);
	memcpy(dst->b, src->b, sizeof(uint32)*((count+31)/32));

        return count;
}

Lines 287-293 Link Here

(-)samba-2.2.12-pre-CAN-2004-1154/source/lib/charset.c (-2 / +2 lines)
287	}	287	}
288		288
289	/* Allocate space for the code page file and read it all in. */	289	/* Allocate space for the code page file and read it all in. */
290	if((cp_p = (codepage_p)malloc( size + 4 )) == NULL)	290	if((cp_p = (codepage_p)SMB_MALLOC( size + 4 )) == NULL)
291	{	291	{
292	DEBUG(0,("load_client_codepage: malloc fail.\n"));	292	DEBUG(0,("load_client_codepage: malloc fail.\n"));
293	goto clean_and_exit;	293	goto clean_and_exit;
Lines 378-384 Link Here
378	********************************************************************/	378	********************************************************************/
379	void add_char_string(const char *s)	379	void add_char_string(const char *s)
380	{	380	{
381	char extra_chars = (char )strdup(s);	381	char *extra_chars = SMB_STRDUP(s);
382	char *t;	382	char *t;
383	if (!extra_chars) return;	383	if (!extra_chars) return;
384		384

Lines 67-73 Link Here

(-)samba-2.2.12-pre-CAN-2004-1154/source/lib/hash.c (-2 / +2 lines)
67		67
68	DEBUG(5, ("Hash size = %d.\n", table->size));	68	DEBUG(5, ("Hash size = %d.\n", table->size));
69		69
70	if(!(table->buckets = (ubi_dlList ) malloc(sizeof(ubi_dlList) table->size))) {	70	if(!(table->buckets = SMB_MALLOC_ARRAY( ubi_dlList, table->size ))) {
71	DEBUG(0,("hash_table_init: malloc fail !\n"));	71	DEBUG(0,("hash_table_init: malloc fail !\n"));
72	return False;	72	return False;
73	}	73	}
Lines 207-213 Link Here
207	*/	207	*/
208		208
209	string_length = strlen(key);	209	string_length = strlen(key);
210	if(!(hash_elem = (hash_element *) malloc(sizeof(hash_element) + string_length))) {	210	if(!(hash_elem = (hash_element *) SMB_MALLOC(sizeof(hash_element) + string_length))) {
211	DEBUG(0,("hash_insert: malloc fail !\n"));	211	DEBUG(0,("hash_insert: malloc fail !\n"));
212	return (hash_element *)NULL;	212	return (hash_element *)NULL;
213	}	213	}

Lines 67-73 Link Here

(-)samba-2.2.12-pre-CAN-2004-1154/source/lib/interface.c (-1 / +1 lines)
67	return;	67	return;
68	}	68	}
69		69
70	iface = (struct interface )malloc(sizeof(iface));	70	iface = SMB_MALLOC_P(struct interface);
71	if (!iface) return;	71	if (!iface) return;
72		72
73	ZERO_STRUCTPN(iface);	73	ZERO_STRUCTPN(iface);

Lines 183-189 Link Here

(-)samba-2.2.12-pre-CAN-2004-1154/source/lib/messages.c (-4 / +8 lines)
183		183
184	if (!dbuf.dptr) {	184	if (!dbuf.dptr) {
185	/* its a new record */	185	/* its a new record */
186	p = (void *)malloc(len + sizeof(rec));	186	p = (void *)SMB_MALLOC(len + sizeof(rec));
187	if (!p) goto failed;	187	if (!p) goto failed;
188		188
189	memcpy(p, &rec, sizeof(rec));	189	memcpy(p, &rec, sizeof(rec));
Lines 221-227 Link Here
221	}	221	}
222		222
223	/* we're adding to an existing entry */	223	/* we're adding to an existing entry */
224	p = (void *)malloc(dbuf.dsize + len + sizeof(rec));	224	if(dbuf.dsize >= (INT_MAX-len) \|\| (dbuf.dsize+len) > (INT_MAX-sizeof(rec))) {
		225	DEBUG(0,("message_send_pid: integer overflow detected.\n"));
		226	goto failed;
		227	}
		228	p = (void *)SMB_MALLOC(dbuf.dsize + len + sizeof(rec));
225	if (!p) goto failed;	229	if (!p) goto failed;
226		230
227	memcpy(p, dbuf.dptr, dbuf.dsize);	231	memcpy(p, dbuf.dptr, dbuf.dsize);
Lines 270-276 Link Here
270	}	274	}
271		275
272	if (rec.len > 0) {	276	if (rec.len > 0) {
273	(buf) = (void )malloc(rec.len);	277	(buf) = (void )SMB_MALLOC(rec.len);
274	if (!(*buf)) goto failed;	278	if (!(*buf)) goto failed;
275		279
276	memcpy(*buf, dbuf.dptr+sizeof(rec), rec.len);	280	memcpy(*buf, dbuf.dptr+sizeof(rec), rec.len);
Lines 350-356 Link Here
350	{	354	{
351	struct dispatch_fns *dfn;	355	struct dispatch_fns *dfn;
352		356
353	dfn = (struct dispatch_fns )malloc(sizeof(dfn));	357	dfn = SMB_MALLOC_P(struct dispatch_fns);
354		358
355	if (dfn != NULL) {	359	if (dfn != NULL) {
356		360

Lines 220-226 Link Here

(-)samba-2.2.12-pre-CAN-2004-1154/source/lib/ms_fnmatch.c (-1 / +1 lines)
220	}	220	}
221		221
222	if (count != 0) {	222	if (count != 0) {
223	max_n = calloc(sizeof(struct max_n), count);	223	max_n = SMB_CALLOC_ARRAY( struct max_n, count );
224	if (!max_n) {	224	if (!max_n) {
225	return -1;	225	return -1;
226	}	226	}

Lines 697-703 Link Here

(-)samba-2.2.12-pre-CAN-2004-1154/source/lib/sysacls.c (-2 / +2 lines)
697		697
698	maxlen += nbytes + 20 * (acl_d->count - i);	698	maxlen += nbytes + 20 * (acl_d->count - i);
699		699
700	if ((text = Realloc(oldtext, maxlen)) == NULL) {	700	if ((text = SMB_REALLOC(oldtext, maxlen)) == NULL) {
701	SAFE_FREE(oldtext);	701	SAFE_FREE(oldtext);
702	errno = ENOMEM;	702	errno = ENOMEM;
703	return NULL;	703	return NULL;
Lines 1334-1340 Link Here
1334		1334
1335	maxlen += nbytes + 20 * (acl_d->count - i);	1335	maxlen += nbytes + 20 * (acl_d->count - i);
1336		1336
1337	if ((text = Realloc(oldtext, maxlen)) == NULL) {	1337	if ((text = SMB_REALLOC(oldtext, maxlen)) == NULL) {
1338	SAFE_FREE(oldtext);	1338	SAFE_FREE(oldtext);
1339	errno = ENOMEM;	1339	errno = ENOMEM;
1340	return NULL;	1340	return NULL;




	if (setlen == 0)
		setlen = groups_max();

	if((group_list = SMB_MALLOC_ARRAY( GID_T, setlen )) == NULL) {
		DEBUG(0,("sys_getgroups: Malloc fail.\n"));
		return -1;
	}

	 * GID_T array of size setlen.
	 */

	if((group_list = SMB_MALLOC_ARRAY( GID_T, setlen )) == NULL) {
		DEBUG(0,("sys_setgroups: Malloc fail.\n"));
		return -1;    
	}

	for( argcl = 1; ptr; ptr = strtok(NULL, " \t"))
		argcl++;

	if((argl = SMB_MALLOC_ARRAY(char *, argcl + 1 )) == NULL)
		return NULL;

	/*

		goto err_exit;
	}

	if((entry = SMB_MALLOC_P(popen_list)) == NULL)
		goto err_exit;

	ZERO_STRUCTP(entry);

Lines 54-59 Link Here

(-)samba-2.2.12-pre-CAN-2004-1154/source/lib/talloc.c (-10 / +74 lines)
54		54
55	#include "includes.h"	55	#include "includes.h"
56		56
		57	/* Max allowable allococation - 256mb - 0x10000000 */
		58	#define MAX_TALLOC_SIZE (10241024256)
		59
57	struct talloc_chunk {	60	struct talloc_chunk {
58	struct talloc_chunk *next;	61	struct talloc_chunk *next;
59	size_t size;	62	size_t size;
Lines 121-127 Link Here
121	{	124	{
122	TALLOC_CTX *t;	125	TALLOC_CTX *t;
123		126
124	t = (TALLOC_CTX *)malloc(sizeof(TALLOC_CTX));	127	t = (TALLOC_CTX *)SMB_MALLOC(sizeof(TALLOC_CTX));
125	if (t) {	128	if (t) {
126	t->list = NULL;	129	t->list = NULL;
127	t->total_alloc_size = 0;	130	t->total_alloc_size = 0;
Lines 155-170 Link Here
155		158
156		159
157	/ Allocate a bit of memory from the specified pool /	160	/ Allocate a bit of memory from the specified pool /
		161	#if defined(PARANOID_MALLOC_CHECKER)
		162	void talloc_(TALLOC_CTX t, size_t size)
		163	#else
158	void talloc(TALLOC_CTX t, size_t size)	164	void talloc(TALLOC_CTX t, size_t size)
		165	#endif
159	{	166	{
160	void *p;	167	void *p;
161	struct talloc_chunk *tc;	168	struct talloc_chunk *tc;
162		169
163	if (!t \|\| size == 0) return NULL;	170	if (!t \|\| size == 0) return NULL;
164		171
165	p = malloc(size);	172	p = SMB_MALLOC(size);
166	if (p) {	173	if (p) {
167	tc = malloc(sizeof(*tc));	174	tc = SMB_MALLOC(sizeof(*tc));
168	if (tc) {	175	if (tc) {
169	tc->ptr = p;	176	tc->ptr = p;
170	tc->size = size;	177	tc->size = size;
Lines 179-186 Link Here
179	return p;	186	return p;
180	}	187	}
181		188
		189
		190	/** Allocate an array of count elements of size x */
		191	#if defined(PARANOID_MALLOC_CHECKER)
		192	void talloc_array_(TALLOC_CTX ctx, size_t el_size, unsigned int count)
		193	#else
		194	void talloc_array(TALLOC_CTX ctx, size_t el_size, unsigned int count)
		195	#endif
		196	{
		197	if (count >= MAX_TALLOC_SIZE/el_size) {
		198	return NULL;
		199	}
		200	return TALLOC(ctx, el_size * count);
		201	}
		202
182	/** A talloc version of realloc */	203	/** A talloc version of realloc */
		204	#if defined(PARANOID_MALLOC_CHECKER)
		205	void talloc_realloc_(TALLOC_CTX t, void *ptr, size_t size)
		206	#else
183	void talloc_realloc(TALLOC_CTX t, void *ptr, size_t size)	207	void talloc_realloc(TALLOC_CTX t, void *ptr, size_t size)
		208	#endif
184	{	209	{
185	struct talloc_chunk *tc;	210	struct talloc_chunk *tc;
186	void *new_ptr;	211	void *new_ptr;
Lines 191-201 Link Here
191		216
192	/* realloc(NULL) is equavalent to malloc() */	217	/* realloc(NULL) is equavalent to malloc() */
193	if (ptr == NULL)	218	if (ptr == NULL)
194	return talloc(t, size);	219	return TALLOC(t, size);
195		220
196	for (tc=t->list; tc; tc=tc->next) {	221	for (tc=t->list; tc; tc=tc->next) {
197	if (tc->ptr == ptr) {	222	if (tc->ptr == ptr) {
198	new_ptr = Realloc(ptr, size);	223	new_ptr = SMB_REALLOC(ptr, size);
199	if (new_ptr) {	224	if (new_ptr) {
200	t->total_alloc_size += (size - tc->size);	225	t->total_alloc_size += (size - tc->size);
201	tc->size = size;	226	tc->size = size;
Lines 207-212 Link Here
207	return NULL;	232	return NULL;
208	}	233	}
209		234
		235	/** Re-allocate an array of count elements of size x */
		236	#if defined(PARANOID_MALLOC_CHECKER)
		237	void talloc_realloc_array_(TALLOC_CTX ctx, void *ptr, size_t el_size, unsigned int count)
		238	#else
		239	void talloc_realloc_array(TALLOC_CTX ctx, void *ptr, size_t el_size, unsigned int count)
		240	#endif
		241	{
		242	if (count >= MAX_TALLOC_SIZE/el_size) {
		243	return NULL;
		244	}
		245	return TALLOC_REALLOC(ctx, ptr, el_size * count);
		246	}
		247
210	/** Destroy all the memory allocated inside @p t, but not @p t	248	/** Destroy all the memory allocated inside @p t, but not @p t
211	* itself. */	249	* itself. */
212	void talloc_destroy_pool(TALLOC_CTX *t)	250	void talloc_destroy_pool(TALLOC_CTX *t)
Lines 257-265 Link Here
257		295
258		296
259	/** talloc and zero memory. */	297	/** talloc and zero memory. */
		298	#if defined(PARANOID_MALLOC_CHECKER)
		299	void talloc_zero_(TALLOC_CTX t, size_t size)
		300	#else
260	void talloc_zero(TALLOC_CTX t, size_t size)	301	void talloc_zero(TALLOC_CTX t, size_t size)
		302	#endif
261	{	303	{
262	void *p = talloc(t, size);	304	void *p = TALLOC(t, size);
263		305
264	if (p)	306	if (p)
265	memset(p, '\0', size);	307	memset(p, '\0', size);
Lines 267-276 Link Here
267	return p;	309	return p;
268	}	310	}
269		311
		312	#if defined(PARANOID_MALLOC_CHECKER)
		313	void talloc_zero_array_(TALLOC_CTX t, size_t el_size, unsigned int count)
		314	#else
		315	void talloc_zero_array(TALLOC_CTX t, size_t el_size, unsigned int count)
		316	#endif
		317	{
		318	#if defined(PARANOID_MALLOC_CHECKER)
		319	void *p = talloc_array_(t, el_size, count);
		320	#else
		321	void *p = talloc_array(t, el_size, count);
		322	#endif
		323
		324	if (p)
		325	memset(p, '\0', el_size*count);
		326
		327	return p;
		328	}
		329
270	/** memdup with a talloc. */	330	/** memdup with a talloc. */
		331	#if defined(PARANOID_MALLOC_CHECKER)
		332	void talloc_memdup_(TALLOC_CTX t, const void *p, size_t size)
		333	#else
271	void talloc_memdup(TALLOC_CTX t, const void *p, size_t size)	334	void talloc_memdup(TALLOC_CTX t, const void *p, size_t size)
		335	#endif
272	{	336	{
273	void *newp = talloc(t,size);	337	void *newp = TALLOC(t,size);
274		338
275	if (newp)	339	if (newp)
276	memcpy(newp, p, size);	340	memcpy(newp, p, size);
Lines 282-288 Link Here
282	char talloc_strdup(TALLOC_CTX t, const char *p)	346	char talloc_strdup(TALLOC_CTX t, const char *p)
283	{	347	{
284	if (p)	348	if (p)
285	return talloc_memdup(t, p, strlen(p) + 1);	349	return TALLOC_MEMDUP(t, p, strlen(p) + 1);
286	else	350	else
287	return NULL;	351	return NULL;
288	}	352	}
Lines 312-318 Link Here
312	VA_COPY(ap2, ap); /* for systems were va_list is a struct */	376	VA_COPY(ap2, ap); /* for systems were va_list is a struct */
313	len = vsnprintf(NULL, 0, fmt, ap2);	377	len = vsnprintf(NULL, 0, fmt, ap2);
314		378
315	ret = talloc(t, len+1);	379	ret = TALLOC(t, len+1);
316	if (ret) {	380	if (ret) {
317	VA_COPY(ap2, ap);	381	VA_COPY(ap2, ap);
318	vsnprintf(ret, len+1, fmt, ap2);	382	vsnprintf(ret, len+1, fmt, ap2);
Lines 355-361 Link Here
355	s_len = strlen(s);	419	s_len = strlen(s);
356	len = vsnprintf(NULL, 0, fmt, ap2);	420	len = vsnprintf(NULL, 0, fmt, ap2);
357		421
358	s = talloc_realloc(t, s, s_len + len+1);	422	s = TALLOC_REALLOC(t, s, s_len + len+1);
359	if (!s) return NULL;	423	if (!s) return NULL;
360		424
361	VA_COPY(ap2, ap);	425	VA_COPY(ap2, ap);

Lines 182-189 Link Here

(-)samba-2.2.12-pre-CAN-2004-1154/source/lib/time.c (-2 / +1 lines)
182	time_t low,high;	182	time_t low,high;
183		183
184	zone = TimeZone(t);	184	zone = TimeZone(t);
185	tdt = (struct dst_table *)Realloc(dst_table,	185	tdt = SMB_REALLOC_ARRAY( dst_table, struct dst_table, i+1 );
186	sizeof(dst_table[0])*(i+1));
187	if (!tdt) {	186	if (!tdt) {
188	DEBUG(0,("TimeZoneFaster: out of memory!\n"));	187	DEBUG(0,("TimeZoneFaster: out of memory!\n"));
189	SAFE_FREE(dst_table);	188	SAFE_FREE(dst_table);

Lines 336-342 Link Here

(-)samba-2.2.12-pre-CAN-2004-1154/source/lib/username.c (-1 / +1 lines)
336	return False;	336	return False;
337	}	337	}
338		338
339	if ((groups = (gid_t )malloc(sizeof(gid_t) num_groups )) == NULL) {	339	if ((groups = SMB_MALLOC_ARRAY( gid_t, num_groups )) == NULL) {
340	DEBUG(0,("user_in_winbind_group_list: malloc fail.\n"));	340	DEBUG(0,("user_in_winbind_group_list: malloc fail.\n"));
341	goto err;	341	goto err;
342	}	342	}

Lines 23-28 Link Here

(-)samba-2.2.12-pre-CAN-2004-1154/source/lib/util.c (-72 / +202 lines)
23		23
24	#include "includes.h"	24	#include "includes.h"
25		25
		26	/* Max allowable allococation - 256mb - 0x10000000 */
		27	#define MAX_ALLOC_SIZE (10241024256)
		28
26	#if (defined(HAVE_NETGROUP) && defined (WITH_AUTOMOUNT))	29	#if (defined(HAVE_NETGROUP) && defined (WITH_AUTOMOUNT))
27	#ifdef WITH_NISPLUS_HOME	30	#ifdef WITH_NISPLUS_HOME
28	#ifdef BROKEN_NISPLUS_INCLUDE_FILES	31	#ifdef BROKEN_NISPLUS_INCLUDE_FILES
Lines 159-165 Link Here
159	while ((p = Atoic(p, &val, ":,")) != NULL && (*p) != ':') {	162	while ((p = Atoic(p, &val, ":,")) != NULL && (*p) != ':') {
160	uint32 *tn;	163	uint32 *tn;
161		164
162	tn = Realloc((num), ((count)+1) * sizeof(uint32));	165	tn = SMB_REALLOC_ARRAY( num, uint32, (count)+1 );
163	if (tn == NULL)	166	if (tn == NULL)
164	{	167	{
165	SAFE_FREE(*num);	168	SAFE_FREE(*num);
Lines 210-227 Link Here
210		213
211	BOOL directory_exist(char dname,SMB_STRUCT_STAT st)	214	BOOL directory_exist(char dname,SMB_STRUCT_STAT st)
212	{	215	{
213	SMB_STRUCT_STAT st2;	216	SMB_STRUCT_STAT st2;
214	BOOL ret;	217	BOOL ret;
215		218
216	if (!st) st = &st2;	219	if (!st)
		220	st = &st2;
217		221
218	if (sys_stat(dname,st) != 0)	222	if (sys_stat(dname,st) != 0)
219	return(False);	223	return(False);
220		224
221	ret = S_ISDIR(st->st_mode);	225	ret = S_ISDIR(st->st_mode);
222	if(!ret)	226	if(!ret)
223	errno = ENOTDIR;	227	errno = ENOTDIR;
224	return ret;	228	return ret;
225	}	229	}
226		230
227	/*******************************************************************	231	/*******************************************************************
Lines 525-531 Link Here
525	size_t num_to_read_thistime;	529	size_t num_to_read_thistime;
526	size_t num_written = 0;	530	size_t num_written = 0;
527		531
528	if ((buf = malloc(TRANSFER_BUF_SIZE)) == NULL)	532	if ((buf = SMB_MALLOC(TRANSFER_BUF_SIZE)) == NULL)
529	return -1;	533	return -1;
530		534
531	while (total < n) {	535	while (total < n) {
Lines 650-660 Link Here
650	return(False);	654	return(False);
651	}	655	}
652		656
		657	#if defined(PARANOID_MALLOC_CHECKER)
		658
		659	/****************************************************************************
		660	Internal malloc wrapper. Externally visible.
		661	****************************************************************************/
		662
		663	void *malloc_(size_t size)
		664	{
		665	if ( size > MAX_ALLOC_SIZE )
		666	return NULL;
		667	#undef malloc
		668	return malloc(size);
		669	#define malloc(s) __ERROR_DONT_USE_MALLOC_DIRECTLY
		670	}
		671
		672	/****************************************************************************
		673	Internal calloc wrapper. Not externally visible.
		674	****************************************************************************/
		675
		676	static void *calloc_(size_t count, size_t size)
		677	{
		678	#undef calloc
		679	return calloc(count, size);
		680	#define calloc(n,s) __ERROR_DONT_USE_CALLOC_DIRECTLY
		681	}
		682
		683	/****************************************************************************
		684	Internal realloc wrapper. Not externally visible.
		685	****************************************************************************/
		686
		687	static void realloc_(void ptr, size_t size)
		688	{
		689	#undef realloc
		690	return realloc(ptr, size);
		691	#define realloc(p,s) __ERROR_DONT_USE_RELLOC_DIRECTLY
		692	}
		693
		694	#endif /* PARANOID_MALLOC_CHECKER */
		695
		696	/****************************************************************************
		697	Type-safe malloc.
		698	****************************************************************************/
		699
		700	void *malloc_array(size_t el_size, unsigned int count)
		701	{
		702	if (count >= MAX_ALLOC_SIZE/el_size) {
		703	return NULL;
		704	}
		705
		706	#if defined(PARANOID_MALLOC_CHECKER)
		707	return malloc_(el_size*count);
		708	#else
		709	return malloc(el_size*count);
		710	#endif
		711	}
		712
		713	/****************************************************************************
		714	Type-safe calloc.
		715	****************************************************************************/
		716
		717	void *calloc_array(size_t size, size_t nmemb)
		718	{
		719	if (nmemb >= MAX_ALLOC_SIZE/size) {
		720	return NULL;
721	}
722	#if defined(PARANOID_MALLOC_CHECKER)
723	return calloc_(nmemb, size);
724	#else
725	return calloc(nmemb, size);
726	#endif
727	}
728
653	/****************************************************************************	729	/****************************************************************************
654	Expand a pointer to be a particular size.	730	Expand a pointer to be a particular size.
655	****************************************************************************/	731	****************************************************************************/
656		732
657	void Realloc(void p,size_t size)	733	void smb_realloc(void p,size_t size)
658	{	734	{
659	void *ret=NULL;	735	void *ret=NULL;
660		736
Lines 663-673 Link Here
663	DEBUG(5,("Realloc asked for 0 bytes\n"));	739	DEBUG(5,("Realloc asked for 0 bytes\n"));
664	return NULL;	740	return NULL;
665	}	741	}
666		742	if ( size >= MAX_ALLOC_SIZE ) {
		743	SAFE_FREE(p);
		744	DEBUG(5,("Realloc overflow\n"));
		745	return NULL;
		746	}
		747	#if defined(PARANOID_MALLOC_CHECKER)
		748	if (!p)
		749	ret = (void *)malloc_(size);
		750	else
		751	ret = (void *)realloc_(p,size);
		752	#else
667	if (!p)	753	if (!p)
668	ret = (void *)malloc(size);	754	ret = (void *)malloc(size);
669	else	755	else
670	ret = (void *)realloc(p,size);	756	ret = (void *)realloc(p,size);
		757	#endif
671		758
672	if (!ret)	759	if (!ret)
673	DEBUG(0,("Memory allocation error: failed to expand to %d bytes\n",(int)size));	760	DEBUG(0,("Memory allocation error: failed to expand to %d bytes\n",(int)size));
Lines 676-681 Link Here
676	}	763	}
677		764
678	/****************************************************************************	765	/****************************************************************************
		766	Type-safe realloc.
		767	+****************************************************************************/
		768
		769	void realloc_array(void p,size_t el_size, unsigned int count)
		770	{
		771	if (count >= MAX_ALLOC_SIZE/el_size) {
		772	return NULL;
		773	}
		774	return SMB_REALLOC(p,el_size*count);
		775	}
		776
		777	/****************************************************************************
679	Free memory, checks for NULL.	778	Free memory, checks for NULL.
680	use directly SAFE_FREE()	779	use directly SAFE_FREE()
681	exist only because we need to pass a function pointer somewhere --SSS	780	exist only because we need to pass a function pointer somewhere --SSS
Lines 886-907 Link Here
886	{	985	{
887	if (result->status != NIS_SUCCESS)	986	if (result->status != NIS_SUCCESS)
888	{	987	{
889	DEBUG(3, ("NIS+ query failed: %s\n", nis_sperrno(result->status)));	988	DEBUG(3, ("NIS+ query failed: %s\n", nis_sperrno(result->status)));
890	fstrcpy(last_key, ""); pstrcpy(last_value, "");	989	fstrcpy(last_key, ""); pstrcpy(last_value, "");
891	}	990	}
892	else	991	else
893	{	992	{
894	object = result->objects.objects_val;	993	object = result->objects.objects_val;
895	if (object->zo_data.zo_type == ENTRY_OBJ)	994	if (object->zo_data.zo_type == ENTRY_OBJ)
896	{	995	{
897	entry = &object->zo_data.objdata_u.en_data;	996	entry = &object->zo_data.objdata_u.en_data;
898	DEBUG(5, ("NIS+ entry type: %s\n", entry->en_type));	997	DEBUG(5, ("NIS+ entry type: %s\n", entry->en_type));
899	DEBUG(3, ("NIS+ result: %s\n", entry->en_cols.en_cols_val[1].ec_value.ec_value_val));	998	DEBUG(3, ("NIS+ result: %s\n", entry->en_cols.en_cols_val[1].ec_value.ec_value_val));
900		999
901	pstrcpy(last_value, entry->en_cols.en_cols_val[1].ec_value.ec_value_val);	1000	pstrcpy(last_value, entry->en_cols.en_cols_val[1].ec_value.ec_value_val);
902	pstring_sub(last_value, "&", user_name);	1001	pstring_sub(last_value, "&", user_name);
903	fstrcpy(last_key, user_name);	1002	fstrcpy(last_key, user_name);
904	}	1003	}
905	}	1004	}
906	}	1005	}
907	nis_freeresult(result);	1006	nis_freeresult(result);
Lines 918-924 Link Here
918	static fstring last_key = "";	1017	static fstring last_key = "";
919	static pstring last_value = "";	1018	static pstring last_value = "";
920		1019
921	int nis_error; /* returned by yp all functions */	1020	int nis_error; /* returned by yp all functions */
922	char nis_result; / yp_match inits this */	1021	char nis_result; / yp_match inits this */
923	int nis_result_len; /* and set this */	1022	int nis_result_len; /* and set this */
924	char nis_domain; / yp_get_default_domain inits this */	1023	char nis_domain; / yp_get_default_domain inits this */
Lines 939-953 Link Here
939	} else {	1038	} else {
940		1039
941	if ((nis_error = yp_match(nis_domain, nis_map,	1040	if ((nis_error = yp_match(nis_domain, nis_map,
942	user_name, strlen(user_name),	1041	user_name, strlen(user_name),
943	&nis_result, &nis_result_len)) == 0) {	1042	&nis_result, &nis_result_len)) == 0) {
944	if (!nis_error && nis_result_len >= sizeof(pstring)) {	1043	if (!nis_error && nis_result_len >= sizeof(pstring)) {
945	nis_result_len = sizeof(pstring)-1;	1044	nis_result_len = sizeof(pstring)-1;
946	}	1045	}
947	fstrcpy(last_key, user_name);	1046	fstrcpy(last_key, user_name);
948	strncpy(last_value, nis_result, nis_result_len);	1047	strncpy(last_value, nis_result, nis_result_len);
949	last_value[nis_result_len] = '\0';	1048	last_value[nis_result_len] = '\0';
950	strip_mount_options(&last_value);	1049	strip_mount_options(&last_value);
951		1050
952	} else if(nis_error == YPERR_KEY) {	1051	} else if(nis_error == YPERR_KEY) {
953		1052
Lines 955-965 Link Here
955	use default information for server, and home directory */	1054	use default information for server, and home directory */
956	last_value[0] = 0;	1055	last_value[0] = 0;
957	DEBUG(3, ("YP Key not found: while looking up \"%s\" in map \"%s\"\n",	1056	DEBUG(3, ("YP Key not found: while looking up \"%s\" in map \"%s\"\n",
958	user_name, nis_map));	1057	user_name, nis_map));
959	DEBUG(3, ("using defaults for server and home directory\n"));	1058	DEBUG(3, ("using defaults for server and home directory\n"));
960	} else {	1059	} else {
961	DEBUG(3, ("YP Error: \"%s\" while looking up \"%s\" in map \"%s\"\n",	1060	DEBUG(3, ("YP Error: \"%s\" while looking up \"%s\" in map \"%s\"\n",
962	yperr_string(nis_error), user_name, nis_map));	1061	yperr_string(nis_error), user_name, nis_map));
963	}	1062	}
964	}	1063	}
965		1064
Lines 981-987 Link Here
981	nmask = ntohl(mask.s_addr);	1080	nmask = ntohl(mask.s_addr);
982	net1 = ntohl(ip1.s_addr);	1081	net1 = ntohl(ip1.s_addr);
983	net2 = ntohl(ip2.s_addr);	1082	net2 = ntohl(ip2.s_addr);
984		1083
985	return((net1 & nmask) == (net2 & nmask));	1084	return((net1 & nmask) == (net2 & nmask));
986	}	1085	}
987		1086
Lines 1162-1179 Link Here
1162	{	1261	{
1163	if (mask_match(last_component, namelist->name, case_sensitive))	1262	if (mask_match(last_component, namelist->name, case_sensitive))
1164	{	1263	{
1165	DEBUG(8,("is_in_path: mask match succeeded\n"));	1264	DEBUG(8,("is_in_path: mask match succeeded\n"));
1166	return True;	1265	return True;
1167	}	1266	}
1168	}	1267	}
1169	else	1268	else
1170	{	1269	{
1171	if((case_sensitive && (strcmp(last_component, namelist->name) == 0))\|\|	1270	if((case_sensitive && (strcmp(last_component, namelist->name) == 0))\|\|
1172	(!case_sensitive && (StrCaseCmp(last_component, namelist->name) == 0)))	1271	(!case_sensitive && (StrCaseCmp(last_component, namelist->name) == 0)))
1173	{	1272	{
1174	DEBUG(8,("is_in_path: match succeeded\n"));	1273	DEBUG(8,("is_in_path: match succeeded\n"));
1175	return True;	1274	return True;
1176	}	1275	}
1177	}	1276	}
1178	}	1277	}
1179	DEBUG(8,("is_in_path: match not found\n"));	1278	DEBUG(8,("is_in_path: match not found\n"));
Lines 1213-1229 Link Here
1213	while(*nameptr)	1312	while(*nameptr)
1214	{	1313	{
1215	if ( *nameptr == '/' )	1314	if ( *nameptr == '/' )
1216	{	1315	{
1217	/* cope with multiple (useless) /s) */	1316	/* cope with multiple (useless) /s) */
1218	nameptr++;	1317	nameptr++;
1219	continue;	1318	continue;
1220	}	1319	}
1221	/* find the next / */	1320	/* find the next / */
1222	name_end = strchr(nameptr, '/');	1321	name_end = strchr(nameptr, '/');
1223		1322
1224	/* oops - the last check for a / didn't find one. */	1323	/* oops - the last check for a / didn't find one. */
1225	if (name_end == NULL)	1324	if (name_end == NULL)
1226	break;	1325	break;
1227		1326
1228	/* next segment please */	1327	/* next segment please */
1229	nameptr = name_end + 1;	1328	nameptr = name_end + 1;
Lines 1233-1271 Link Here
1233	if(num_entries == 0)	1332	if(num_entries == 0)
1234	return;	1333	return;
1235		1334
1236	if(( (ppname_array) = (name_compare_entry )malloc(	1335	if(( (*ppname_array) = SMB_MALLOC_ARRAY( name_compare_entry, num_entries + 1)) == NULL)
1237	(num_entries + 1) * sizeof(name_compare_entry))) == NULL)	1336	{
1238	{
1239	DEBUG(0,("set_namearray: malloc fail\n"));	1337	DEBUG(0,("set_namearray: malloc fail\n"));
1240	return;	1338	return;
1241	}	1339	}
1242		1340
1243	/* Now copy out the names */	1341	/* Now copy out the names */
1244	nameptr = namelist;	1342	nameptr = namelist;
1245	i = 0;	1343	i = 0;
1246	while(*nameptr)	1344	while(*nameptr)
1247	{	1345	{
1248	if ( *nameptr == '/' )	1346	if ( *nameptr == '/' )
1249	{	1347	{
1250	/* cope with multiple (useless) /s) */	1348	/* cope with multiple (useless) /s) */
1251	nameptr++;	1349	nameptr++;
1252	continue;	1350	continue;
1253	}	1351	}
1254	/* find the next / */	1352	/* find the next / */
1255	if ((name_end = strchr(nameptr, '/')) != NULL)	1353	if ((name_end = strchr(nameptr, '/')) != NULL)
1256	{	1354	{
1257	*name_end = 0;	1355	*name_end = 0;
1258	}	1356	}
1259		1357
1260	/* oops - the last check for a / didn't find one. */	1358	/* oops - the last check for a / didn't find one. */
1261	if(name_end == NULL)	1359	if(name_end == NULL)
1262	break;	1360	break;
1263		1361
1264	(*ppname_array)[i].is_wild = ms_has_wild(nameptr);	1362	(*ppname_array)[i].is_wild = ms_has_wild(nameptr);
1265	if(((*ppname_array)[i].name = strdup(nameptr)) == NULL)	1363	if(((*ppname_array)[i].name = SMB_STRDUP(nameptr)) == NULL)
1266	{	1364	{
1267	DEBUG(0,("set_namearray: malloc fail (1)\n"));	1365	DEBUG(0,("set_namearray: malloc fail (1)\n"));
1268	return;	1366	return;
1269	}	1367	}
1270		1368
1271	/* next segment please */	1369	/* next segment please */
Lines 1322-1330 Link Here
1322	if (op == SMB_F_GETLK)	1420	if (op == SMB_F_GETLK)
1323	{	1421	{
1324	if ((ret != -1) &&	1422	if ((ret != -1) &&
1325	(lock.l_type != F_UNLCK) &&	1423	(lock.l_type != F_UNLCK) &&
1326	(lock.l_pid != 0) &&	1424	(lock.l_pid != 0) &&
1327	(lock.l_pid != sys_getpid()))	1425	(lock.l_pid != sys_getpid()))
1328	{	1426	{
1329	DEBUG(3,("fcntl_lock: fd %d is locked by pid %d\n",fd,(int)lock.l_pid));	1427	DEBUG(3,("fcntl_lock: fd %d is locked by pid %d\n",fd,(int)lock.l_pid));
1330	return(True);	1428	return(True);
Lines 1338-1344 Link Here
1338	if (ret == -1)	1436	if (ret == -1)
1339	{	1437	{
1340	DEBUG(3,("fcntl_lock: lock failed at offset %.0f count %.0f op %d type %d (%s)\n",	1438	DEBUG(3,("fcntl_lock: lock failed at offset %.0f count %.0f op %d type %d (%s)\n",
1341	(double)offset,(double)count,op,type,strerror(errno)));	1439	(double)offset,(double)count,op,type,strerror(errno)));
1342	return(False);	1440	return(False);
1343	}	1441	}
1344		1442
Lines 1577-1583 Link Here
1577	* Provide a checksum on a string	1675	* Provide a checksum on a string
1578	*	1676	*
1579	* Input: s - the null-terminated character string for which the checksum	1677	* Input: s - the null-terminated character string for which the checksum
1580	* will be calculated.	1678	* will be calculated.
1581	*	1679	*
1582	* Output: The checksum value calculated for s.	1680	* Output: The checksum value calculated for s.
1583	*	1681	*
Lines 1757-1769 Link Here
1757	malloc that aborts with smb_panic on fail or zero size.	1855	malloc that aborts with smb_panic on fail or zero size.
1758	*****************************************************************/	1856	*****************************************************************/
1759		1857
1760	void *smb_xmalloc(size_t size)	1858	void *smb_xmalloc_array(size_t size, unsigned int count)
1761	{	1859	{
1762	void *p;	1860	void *p;
1763	if (size == 0)	1861	if (size == 0)
1764	smb_panic("smb_xmalloc: called with zero size.\n");	1862	smb_panic("smb_xmalloc_array: called with zero size.\n");
1765	if ((p = malloc(size)) == NULL)	1863	if (count >= MAX_ALLOC_SIZE/size) {
1766	smb_panic("smb_xmalloc: malloc fail.\n");	1864	smb_panic("smb_xmalloc: alloc size too large.\n");
		1865	}
		1866	if ((p = SMB_MALLOC(size*count)) == NULL) {
		1867	DEBUG(0, ("smb_xmalloc_array failed to allocate %lu * %lu bytes\n",
		1868	(unsigned long)size, (unsigned long)count));
		1869	smb_panic("smb_xmalloc_array: malloc fail.\n");
		1870	}
1767	return p;	1871	return p;
1768	}	1872	}
1769		1873
Lines 1773-1779 Link Here
1773	void smb_xmemdup(const void p, size_t size)	1877	void smb_xmemdup(const void p, size_t size)
1774	{	1878	{
1775	void *p2;	1879	void *p2;
1776	p2 = smb_xmalloc(size);	1880	p2 = SMB_XMALLOC_ARRAY(unsigned char, size);
1777	memcpy(p2, p, size);	1881	memcpy(p2, p, size);
1778	return p2;	1882	return p2;
1779	}	1883	}
Lines 1783-1794 Link Here
1783	**/	1887	**/
1784	char smb_xstrdup(const char s)	1888	char smb_xstrdup(const char s)
1785	{	1889	{
		1890	#if defined(PARANOID_MALLOC_CHECKER) && defined(strdup)
		1891	#undef strdup
		1892	#endif
1786	char *s1 = strdup(s);	1893	char *s1 = strdup(s);
		1894	#if defined(PARANOID_MALLOC_CHECKER)
		1895	#define strdup(s) __ERROR_DONT_USE_STRDUP_DIRECTLY
		1896	#endif
1787	if (!s1)	1897	if (!s1)
1788	smb_panic("smb_xstrdup: malloc fail\n");	1898	smb_panic("smb_xstrdup: malloc fail\n");
1789	return s1;	1899	return s1;
1790	}	1900	}
1791		1901
		1902	/**
		1903	strndup that aborts on malloc fail.
		1904	**/
		1905
		1906	char smb_xstrndup(const char s, size_t n)
		1907	{
		1908	#if defined(PARANOID_MALLOC_CHECKER)
		1909	#ifdef strndup
		1910	#undef strndup
		1911	#endif
		1912	#endif
		1913	char *s1 = strndup(s, n);
		1914	#if defined(PARANOID_MALLOC_CHECKER)
		1915	#define strndup(s,n) __ERROR_DONT_USE_STRNDUP_DIRECTLY
		1916	#endif
		1917	if (!s1)
		1918	smb_panic("smb_xstrndup: malloc fail\n");
		1919	return s1;
		1920	}
		1921
1792	/*	1922	/*
1793	vasprintf that aborts on malloc fail	1923	vasprintf that aborts on malloc fail
1794	*/	1924	*/
Lines 1813-1819 Link Here
1813	{	1943	{
1814	void *p2;	1944	void *p2;
1815	if (size == 0) return NULL;	1945	if (size == 0) return NULL;
1816	p2 = malloc(size);	1946	p2 = SMB_MALLOC(size);
1817	if (!p2) return NULL;	1947	if (!p2) return NULL;
1818	memcpy(p2, p, size);	1948	memcpy(p2, p, size);
1819	return p2;	1949	return p2;
Lines 2095-2101 Link Here
2095	if (p) {	2225	if (p) {
2096	ret.data = smb_xmemdup(p, length);	2226	ret.data = smb_xmemdup(p, length);
2097	} else {	2227	} else {
2098	ret.data = smb_xmalloc(length);	2228	ret.data = SMB_XMALLOC_ARRAY(char, length);
2099	}	2229	}
2100	ret.length = length;	2230	ret.length = length;
2101	ret.free = free_data_blob;	2231	ret.free = free_data_blob;
Lines 2115-2121 Link Here
2115	return ret;	2245	return ret;
2116	}	2246	}
2117		2247
2118	ret.data = talloc_memdup(mem_ctx, p, length);	2248	ret.data = TALLOC_MEMDUP(mem_ctx, p, length);
2119	if (ret.data == NULL)	2249	if (ret.data == NULL)
2120	smb_panic("data_blob_talloc: talloc_memdup failed.\n");	2250	smb_panic("data_blob_talloc: talloc_memdup failed.\n");
2121		2251

Lines 288-294 Link Here

(-)samba-2.2.12-pre-CAN-2004-1154/source/lib/util_file.c (-5 / +13 lines)
288	char *t;	288	char *t;
289		289
290	maxlen = MIN(maxlen,8);	290	maxlen = MIN(maxlen,8);
291	t = (char *)Realloc(s,maxlen);	291	t = (char *)SMB_REALLOC(s,maxlen);
292	if (!t) {	292	if (!t) {
293	DEBUG(0,("fgets_slash: failed to expand buffer!\n"));	293	DEBUG(0,("fgets_slash: failed to expand buffer!\n"));
294	SAFE_FREE(s);	294	SAFE_FREE(s);
Lines 337-343 Link Here
337	char *t;	337	char *t;
338		338
339	maxlen *= 2;	339	maxlen *= 2;
340	t = (char *)Realloc(s,maxlen);	340	t = (char *)SMB_REALLOC(s,maxlen);
341	if (!t) {	341	if (!t) {
342	DEBUG(0,("fgets_slash: failed to expand buffer!\n"));	342	DEBUG(0,("fgets_slash: failed to expand buffer!\n"));
343	SAFE_FREE(s);	343	SAFE_FREE(s);
Lines 367-373 Link Here
367	total = 0;	367	total = 0;
368		368
369	while ((n = read(fd, buf, sizeof(buf))) > 0) {	369	while ((n = read(fd, buf, sizeof(buf))) > 0) {
370	tp = Realloc(p, total + n + 1);	370	if(total >= INT_MAX-n) {
		371	DEBUG(0,("file_pload: integer overflow detected.\n"));
		372	close(fd);
		373	SAFE_FREE(p);
		374	return NULL;
		375	}
		376	tp = SMB_REALLOC(p, total + n + 1);
371	if (!tp) {	377	if (!tp) {
372	DEBUG(0,("file_pload: failed to exand buffer!\n"));	378	DEBUG(0,("file_pload: failed to exand buffer!\n"));
373	close(fd);	379	close(fd);
Lines 398-404 Link Here
398		404
399	if (sys_fstat(fd, &sbuf) != 0) return NULL;	405	if (sys_fstat(fd, &sbuf) != 0) return NULL;
400		406
401	p = (char *)malloc(sbuf.st_size+1);	407	if(sbuf.st_size >= INT_MAX)
		408	return NULL;
		409	p = (char *)SMB_MALLOC(sbuf.st_size+1);
402	if (!p) return NULL;	410	if (!p) return NULL;
403		411
404	if (read(fd, p, sbuf.st_size) != sbuf.st_size) {	412	if (read(fd, p, sbuf.st_size) != sbuf.st_size) {
Lines 447-453 Link Here
447	if (s[0] == '\n') i++;	455	if (s[0] == '\n') i++;
448	}	456	}
449		457
450	ret = (char *)malloc(sizeof(ret[0])(i+2));	458	ret = SMB_MALLOC_ARRAY( char *, i+2 );
451	if (!ret) {	459	if (!ret) {
452	SAFE_FREE(p);	460	SAFE_FREE(p);
453	return NULL;	461	return NULL;




	struct sys_grent *gent;
	struct group *grp;
	
	gent = SMB_MALLOC_P(struct sys_grent);
	if (gent == NULL) {
		DEBUG (0, ("Out of memory in getgrent_list!\n"));
		return NULL;

		int i,num;
		
		if (grp->gr_name) {
			if ((gent->gr_name = SMB_STRDUP(grp->gr_name)) == NULL)
				goto err;
		}
		if (grp->gr_passwd) {
			if ((gent->gr_passwd = SMB_STRDUP(grp->gr_passwd)) == NULL)
				goto err;
		}
		gent->gr_gid = grp->gr_gid;

			;
		
		/* alloc space for gr_mem string pointers */
		if ((gent->gr_mem = SMB_MALLOC_ARRAY( char *, num+1 )) == NULL)
			goto err;

		memset(gent->gr_mem, '\0', (num+1) * sizeof(char *));

		for (i=0; i < num; i++) {
			if ((gent->gr_mem[i] = SMB_STRDUP(grp->gr_mem[i])) == NULL)
				goto err;
		}
		gent->gr_mem[num] = NULL;
		
		grp = getgrent();
		if (grp) {
			gent->next = SMB_MALLOC_P(struct sys_grent);
			if (gent->next == NULL)
				goto err;
			gent = gent->next;

	struct sys_pwent *pent;
	struct passwd *pwd;
	
	pent = SMB_MALLOC_P(struct sys_pwent);
	if (pent == NULL) {
		DEBUG (0, ("Out of memory in getpwent_list!\n"));
		return NULL;

	while (pwd != NULL) {
		memset(pent, '\0', sizeof(struct sys_pwent));
		if (pwd->pw_name) {
			if ((pent->pw_name = SMB_STRDUP(pwd->pw_name)) == NULL)
				goto err;
		}
		if (pwd->pw_passwd) {
			if ((pent->pw_passwd = SMB_STRDUP(pwd->pw_passwd)) == NULL)
				goto err;
		}
		pent->pw_uid = pwd->pw_uid;
		pent->pw_gid = pwd->pw_gid;
		if (pwd->pw_gecos) {
			if ((pent->pw_name = SMB_STRDUP(pwd->pw_gecos)) == NULL)
				goto err;
		}
		if (pwd->pw_dir) {
			if ((pent->pw_name = SMB_STRDUP(pwd->pw_dir)) == NULL)
				goto err;
		}
		if (pwd->pw_shell) {
			if ((pent->pw_name = SMB_STRDUP(pwd->pw_shell)) == NULL)
				goto err;
		}

		pwd = getpwent();
		if (pwd) {
			pent->next = SMB_MALLOC_P(struct sys_pwent);
			if (pent->next == NULL)
				goto err;
			pent = pent->next;

		;

	for (i = 0; i < num_users; i++) {
		struct sys_userlist *entry = SMB_MALLOC_P(struct sys_userlist);
		if (entry == NULL) {
			free_userlist(list_head);
			return NULL;
		}
		entry->unix_name = SMB_STRDUP(grp->gr_mem[i]);
		if (entry->unix_name == NULL) {
			SAFE_FREE(entry);
			free_userlist(list_head);

Lines 352-358 Link Here

(-)samba-2.2.12-pre-CAN-2004-1154/source/lib/util_seaccess.c (-1 / +1 lines)
352		352
353	the_acl = parent_ctr->dacl;	353	the_acl = parent_ctr->dacl;
354		354
355	if (!(new_ace_list = talloc(ctx, sizeof(SEC_ACE) * the_acl->num_aces)))	355	if (!(new_ace_list = TALLOC(ctx, sizeof(SEC_ACE) * the_acl->num_aces)))
356	return NULL;	356	return NULL;
357		357
358	for (i = 0; the_acl && i < the_acl->num_aces; i++) {	358	for (i = 0; the_acl && i < the_acl->num_aces; i++) {





  memset((char *)sidout, '\0', sizeof(DOM_SID));

  p = q = SMB_STRDUP(sidstr + 2);
  if (p == NULL) {
    DEBUG(0, ("string_to_sid: out of memory!\n"));
    return False;

  if(!src)
    return NULL;

  if((dst = SMB_MALLOC_P(DOM_SID)) != NULL) {
	memset(dst, '\0', sizeof(DOM_SID));
	sid_copy( dst, src);
  }

char *sid_binstring(DOM_SID *sid)
{
	char *buf, *s;
	size_t len = sid_size(sid);
	buf = SMB_MALLOC(len);
	if (!buf) return NULL;
	sid_linearize(buf, len, sid);
	s = binary_string(buf, len);




  *ctok=ictok;
  s=last_ptr;

  if (!(ret=iret=SMB_MALLOC_ARRAY( char *, ictok ))) return NULL;
  
  while(ictok--) {    
    *iret++=s;

	if (buflen >= (2*maxlength))
		buflen = 2*(maxlength - 1);

	str_ucs = (smb_ucs2_t*)SMB_MALLOC(buflen);
	if(!str_ucs) {
		*dest=0;
		return dest;


	/* Get UCS2 version of other_safe_chars string*/
	buflen=2*strlen(other_safe_chars)+2;
	other_ucs = (smb_ucs2_t*)SMB_MALLOC(buflen);
	if(!other_ucs) {
		*dest=0;
		SAFE_FREE(str_ucs);

  if (l == 0)
    {
      if (!null_string) {
        if((null_string = (char *)SMB_MALLOC(1)) == NULL) {
          DEBUG(0,("string_init: malloc fail for null_string.\n"));
          return False;
        }

    }
  else
    {
      (*dest) = (char *)SMB_MALLOC(l+1);
      if ((*dest) == NULL) {
	      DEBUG(0,("Out of memory in string_init\n"));
	      return False;

	char *s;
	int i, j;
	const char *hex = "0123456789ABCDEF";

	if(len <= 0 || len >= (INT_MAX/3)-1)
	    return NULL;
	s = SMB_MALLOC(len * 3 + 1);
	if (!s) return NULL;
	for (j=i=0;i<len;i++) {
		s[j] = '\\';

	char *ret;

	n = strnlen(s, n);
	ret = SMB_MALLOC(n+1);
	if (!ret)
		return NULL;
	memcpy(ret, s, n);





  free_maps(pp_cp_to_ucs2, pp_ucs2_to_cp);

  if ((*pp_ucs2_to_cp = SMB_MALLOC_ARRAY( uint16, 65536 )) == NULL) {
    DEBUG(0,("default_unicode_map: malloc fail for ucs2_to_cp size %u.\n", 2*65536));
    abort();
  }


  free_maps(pp_cp_to_ucs2, pp_ucs2_to_cp);

  if ((cp_to_ucs2 = (smb_ucs2_t *)SMB_MALLOC(cp_to_ucs2_size)) == NULL) {
    DEBUG(0,("load_unicode_map: malloc fail for cp_to_ucs2 size %u.\n", cp_to_ucs2_size ));
    goto clean_and_exit;
  }

  if ((ucs2_to_cp = (uint16 *)SMB_MALLOC(ucs2_to_cp_size)) == NULL) {
    DEBUG(0,("load_unicode_map: malloc fail for ucs2_to_cp size %u.\n", ucs2_to_cp_size ));
    goto clean_and_exit;
  }


smb_ucs2_t *strdup_w(const smb_ucs2_t *s)
{
	size_t newlen;
	smb_ucs2_t *newstr;

	newstr = SMB_MALLOC_ARRAY(smb_ucs2_t, strlen_w(s)+1 );

	if (newstr == NULL)
	    return NULL;
	newlen = (strlen_w(s)+1)*sizeof(smb_ucs2_t);
	safe_strcpy_w(newstr, s, newlen);
	return newstr;
}

/*******************************************************************

	*ctok = ictok;
	s = last_ptr;

	if (!(ret=iret=SMB_MALLOC_ARRAY( smb_ucs2_t *, ictok )))
		return NULL;
  
	while(ictok--) {

	size_t l;

	if (!null_string) {
		if((null_string = SMB_MALLOC_P(smb_ucs2_t)) == NULL) {
			DEBUG(0,("string_init_w: malloc fail for null_string.\n"));
		return False;
		}

	if (l == 0)
		*dest = null_string;
	else {
		(*dest) = SMB_MALLOC_ARRAY( smb_ucs2_t, l+1 );
		if ((*dest) == NULL) {
			DEBUG(0,("Out of memory in string_init_w\n"));
			return False;

Lines 139-145 Link Here

(-)samba-2.2.12-pre-CAN-2004-1154/source/lib/wins_srv.c (-2 / +2 lines)
139	DEBUG( 4, ("wins_srv_load_list(): Building WINS server list:\n") );	139	DEBUG( 4, ("wins_srv_load_list(): Building WINS server list:\n") );
140	while( next_token( &p, wins_id_bufr, LIST_SEP, sizeof( wins_id_bufr ) ) )	140	while( next_token( &p, wins_id_bufr, LIST_SEP, sizeof( wins_id_bufr ) ) )
141	{	141	{
142	entry = (list_entry *)malloc( sizeof( list_entry ) );	142	entry = SMB_MALLOC_P(list_entry);
143	if( NULL == entry )	143	if( NULL == entry )
144	{	144	{
145	DEBUG( 0, ("wins_srv_load_list(): malloc(list_entry) failed.\n") );	145	DEBUG( 0, ("wins_srv_load_list(): malloc(list_entry) failed.\n") );
Lines 147-153 Link Here
147	else	147	else
148	{	148	{
149	entry->mourning = 0;	149	entry->mourning = 0;
150	if( NULL == (entry->server = strdup( wins_id_bufr )) )	150	if( NULL == (entry->server = SMB_STRDUP( wins_id_bufr )) )
151	{	151	{
152	SAFE_FREE( entry );	152	SAFE_FREE( entry );
153	DEBUG( 0, ("wins_srv_load_list(): strdup(\"%s\") failed.\n", wins_id_bufr) );	153	DEBUG( 0, ("wins_srv_load_list(): strdup(\"%s\") failed.\n", wins_id_bufr) );




		goto done;
	}

	if (!((*domains) = TALLOC_ARRAY(mem_ctx, char *, num_sids))) {
					   num_sids))) {
		DEBUG(0, ("cli_lsa_lookup_sids(): out of memory\n"));
		result = NT_STATUS_UNSUCCESSFUL;
		goto done;
	}

	if (!((*names) = TALLOC_ARRAY(mem_ctx, char *, num_sids))) {
					 num_sids))) {
		DEBUG(0, ("cli_lsa_lookup_sids(): out of memory\n"));
		result = NT_STATUS_UNSUCCESSFUL;
		goto done;
	}

	if (!((*types) = TALLOC_ARRAY(mem_ctx, uint32, num_sids))) {
					  num_sids))) {
		DEBUG(0, ("cli_lsa_lookup_sids(): out of memory\n"));
		result = NT_STATUS_UNSUCCESSFUL;
		goto done;

		goto done;
	}

	if (!((*sids = TALLOC_ARRAY(mem_ctx, DOM_SID, num_names)))) {
					 num_names)))) {
		DEBUG(0, ("cli_lsa_lookup_sids(): out of memory\n"));
		result = NT_STATUS_UNSUCCESSFUL;
		goto done;
	}

	if (!((*types = TALLOC_ARRAY(mem_ctx, uint32, num_names)))) {
					 num_names)))) {
		DEBUG(0, ("cli_lsa_lookup_sids(): out of memory\n"));
		result = NT_STATUS_UNSUCCESSFUL;
		goto done;


		/* Allocate memory for trusted domain names and sids */

		*domain_names = TALLOC_ARRAY(mem_ctx, char *, r.num_domains);
						r.num_domains);

		if (!*domain_names) {
			DEBUG(0, ("cli_lsa_enum_trust_dom(): out of memory\n"));

			goto done;
		}

		*domain_sids = TALLOC_ARRAY(mem_ctx, DOM_SID, r.num_domains);
						 r.num_domains);
		if (!domain_sids) {
			DEBUG(0, ("cli_lsa_enum_trust_dom(): out of memory\n"));
			result = NT_STATUS_UNSUCCESSFUL;

	*enum_context = r.enum_context;
	*count = r.count;

	if (!((*privs_name = TALLOC_ARRAY(mem_ctx, char *, r.count)))) {
		DEBUG(0, ("(cli_lsa_enum_privilege): out of memory\n"));
		result = NT_STATUS_UNSUCCESSFUL;
		goto done;
	}

	if (!((*privs_high = TALLOC_ARRAY(mem_ctx, uint32, r.count)))) {
		DEBUG(0, ("(cli_lsa_enum_privilege): out of memory\n"));
		result = NT_STATUS_UNSUCCESSFUL;
		goto done;
	}

	if (!((*privs_low = TALLOC_ARRAY(mem_ctx, uint32, r.count)))) {
		DEBUG(0, ("(cli_lsa_enum_privilege): out of memory\n"));
		result = NT_STATUS_UNSUCCESSFUL;
		goto done;


	/* Return output parameters */

	*sids = TALLOC_ARRAY(mem_ctx, DOM_SID, r.sids.num_entries);
	if (!*sids) {
		DEBUG(0, ("(cli_lsa_enum_sids): out of memory\n"));
		result = NT_STATUS_UNSUCCESSFUL;

	if (r.count == 0)
		goto done;

	if (!((*set = TALLOC_ARRAY(mem_ctx, LUID_ATTR, r.count)))) {
		DEBUG(0, ("(cli_lsa_enum_privsaccount): out of memory\n"));
		result = NT_STATUS_UNSUCCESSFUL;
		goto done;





	*num_dom_groups = r.num_entries2;

	if (!((*dom_groups) = TALLOC_ARRAY(mem_ctx, struct acct_info, *num_dom_groups))) {
	      talloc(mem_ctx, sizeof(struct acct_info) * *num_dom_groups))) {
		result = NT_STATUS_UNSUCCESSFUL;
		goto done;
	}


	*num_dom_groups = r.num_entries2;

	if (!((*dom_groups) = TALLOC_ARRAY(mem_ctx, struct acct_info, *num_dom_groups))) {
	      talloc(mem_ctx, sizeof(struct acct_info) * *num_dom_groups))) {
		result = NT_STATUS_UNSUCCESSFUL;
		goto done;
	}


	*num_mem = r.num_sids;

	if (!(*sids = TALLOC_ARRAY(mem_ctx,DOM_SID, *num_mem))) {
		result = NT_STATUS_UNSUCCESSFUL;
		goto done;
	}

	}

	*num_names = r.num_names1;
	*names = TALLOC_ARRAY(mem_ctx, char *, r.num_names1);
	*name_types = TALLOC_ARRAY(mem_ctx, uint32, r.num_names1);

	for (i = 0; i < r.num_names1; i++) {
		fstring tmp;

	}

	*num_rids = r.num_rids1;
	*rids = TALLOC_ARRAY(mem_ctx, uint32, r.num_rids1);
	*rid_types = TALLOC_ARRAY(mem_ctx, uint32, r.num_rids1);

	for (i = 0; i < r.num_rids1; i++) {
		(*rids)[i] = r.rids[i];




        uint32 i;
        PRINTER_INFO_0  *inf;

        inf=TALLOC_ARRAY(mem_ctx, PRINTER_INFO_0, returned);

        buffer->prs.data_offset=0;


        uint32 i;
        PRINTER_INFO_1  *inf;

        inf=TALLOC_ARRAY(mem_ctx, PRINTER_INFO_1, returned);

        buffer->prs.data_offset=0;


        uint32 i;
        PRINTER_INFO_2  *inf;

        inf=TALLOC_ARRAY(mem_ctx, PRINTER_INFO_2, returned);

        buffer->prs.data_offset=0;


        uint32 i;
        PRINTER_INFO_3  *inf;

        inf=TALLOC_ARRAY(mem_ctx, PRINTER_INFO_3, returned);

        buffer->prs.data_offset=0;


        uint32 i;
        PORT_INFO_1 *inf;

        inf=TALLOC_ARRAY(mem_ctx, PORT_INFO_1, returned);

        prs_set_offset(&buffer->prs, 0);


        uint32 i;
        PORT_INFO_2 *inf;

        inf=TALLOC_ARRAY(mem_ctx, PORT_INFO_2, returned);

        prs_set_offset(&buffer->prs, 0);


        uint32 i;
        DRIVER_INFO_1 *inf;

        inf=TALLOC_ARRAY(mem_ctx, DRIVER_INFO_1, returned);

        buffer->prs.data_offset=0;


        uint32 i;
        DRIVER_INFO_2 *inf;

        inf=TALLOC_ARRAY(mem_ctx, DRIVER_INFO_2, returned);

        buffer->prs.data_offset=0;


        uint32 i;
        DRIVER_INFO_3 *inf;

        inf=TALLOC_ARRAY(mem_ctx, DRIVER_INFO_3, returned);

        buffer->prs.data_offset=0;


{
	DRIVER_DIRECTORY_1 *inf;
 
        inf=TALLOC_P(mem_ctx, DRIVER_DIRECTORY_1);

        prs_set_offset(&buffer->prs, 0);


{
	int i;

	*forms = TALLOC_ARRAY(mem_ctx, FORM_1, num_forms);
	buffer->prs.data_offset = 0;

	for (i = 0; i < num_forms; i++)

Lines 174-180 Link Here

(-)samba-2.2.12-pre-CAN-2004-1154/source/libsmb/clientgen.c (-3 / +3 lines)
174	}	174	}
175		175
176	if (!cli) {	176	if (!cli) {
177	cli = (struct cli_state )malloc(sizeof(cli));	177	cli = SMB_MALLOC_P(struct cli_state);
178	if (!cli)	178	if (!cli)
179	return NULL;	179	return NULL;
180	ZERO_STRUCTP(cli);	180	ZERO_STRUCTP(cli);
Lines 196-203 Link Here
196	cli->timeout = 20000; /* Timeout is in milliseconds. */	196	cli->timeout = 20000; /* Timeout is in milliseconds. */
197	cli->bufsize = CLI_BUFFER_SIZE+4;	197	cli->bufsize = CLI_BUFFER_SIZE+4;
198	cli->max_xmit = cli->bufsize;	198	cli->max_xmit = cli->bufsize;
199	cli->outbuf = (char *)malloc(cli->bufsize);	199	cli->outbuf = (char *)SMB_MALLOC(cli->bufsize);
200	cli->inbuf = (char *)malloc(cli->bufsize);	200	cli->inbuf = (char *)SMB_MALLOC(cli->bufsize);
201	cli->oplock_handler = cli_oplock_ack;	201	cli->oplock_handler = cli_oplock_ack;
202	/* Set the CLI_FORCE_DOSERR environment variable to test	202	/* Set the CLI_FORCE_DOSERR environment variable to test
203	client routines using DOS errors instead of STATUS32	203	client routines using DOS errors instead of STATUS32

Lines 1045-1051 Link Here

(-)samba-2.2.12-pre-CAN-2004-1154/source/libsmb/clifile.c (-1 / +1 lines)
1045	pstring path2;	1045	pstring path2;
1046	clistr_pull(cli, path2, p,	1046	clistr_pull(cli, path2, p,
1047	sizeof(path2), len, STR_ASCII);	1047	sizeof(path2), len, STR_ASCII);
1048	*tmp_path = strdup(path2);	1048	*tmp_path = SMB_STRDUP(path2);
1049	}	1049	}
1050		1050
1051	return SVAL(cli->inbuf,smb_vwv0);	1051	return SVAL(cli->inbuf,smb_vwv0);

Lines 263-269 Link Here

(-)samba-2.2.12-pre-CAN-2004-1154/source/libsmb/clilist.c (-2 / +6 lines)
263	}	263	}
264		264
265	/* and add them to the dirlist pool */	265	/* and add them to the dirlist pool */
266	tdl = Realloc(dirlist,dirlist_len + data_len);	266	if(dirlist_len >= UINT_MAX - data_len) {
		267	DEBUG(0,("cli_list_new: integer overflow detected.\n"));
		268	break;
		269	}
		270	tdl = SMB_REALLOC(dirlist,dirlist_len + data_len);
267		271
268	if (!tdl) {	272	if (!tdl) {
269	DEBUG(0,("cli_list_new: Failed to expand dirlist\n"));	273	DEBUG(0,("cli_list_new: Failed to expand dirlist\n"));
Lines 391-397 Link Here
391		395
392	first = False;	396	first = False;
393		397
394	tdl = Realloc(dirlist,(num_received + received)*DIR_STRUCT_SIZE);	398	tdl = SMB_REALLOC(dirlist,(num_received + received)*DIR_STRUCT_SIZE);
395		399
396	if (!tdl) {	400	if (!tdl) {
397	DEBUG(0,("cli_list_old: failed to expand dirlist"));	401	DEBUG(0,("cli_list_old: failed to expand dirlist"));

Lines 241-248 Link Here

(-)samba-2.2.12-pre-CAN-2004-1154/source/libsmb/clireadwrite.c (-2 / +2 lines)
241	BOOL bigoffset = False;	241	BOOL bigoffset = False;
242		242
243	if (size > cli->bufsize) {	243	if (size > cli->bufsize) {
244	cli->outbuf = realloc(cli->outbuf, size + 1024);	244	cli->outbuf = SMB_REALLOC(cli->outbuf, size + 1024);
245	cli->inbuf = realloc(cli->inbuf, size + 1024);	245	cli->inbuf = SMB_REALLOC(cli->inbuf, size + 1024);
246	if (cli->outbuf == NULL \|\| cli->inbuf == NULL)	246	if (cli->outbuf == NULL \|\| cli->inbuf == NULL)
247	return False;	247	return False;
248	cli->bufsize = size + 1024;	248	cli->bufsize = size + 1024;





	/* allocate it */
	if (total_data!=0) {
		tdata = SMB_REALLOC(*data,total_data);
		if (!tdata) {
			DEBUG(0,("cli_receive_trans: failed to enlarge data buffer\n"));
			return False;

	}

	if (total_param!=0) {
		tparam = SMB_REALLOC(*param,total_param);
		if (!tparam) {
			DEBUG(0,("cli_receive_trans: failed to enlarge param buffer\n"));
			return False;


	/* allocate it */
	if (total_data) {
		tdata = SMB_REALLOC(*data,total_data);
		if (!tdata) {
			DEBUG(0,("cli_receive_nt_trans: failed to enlarge data buffer to %d\n",total_data));
			return False;

	}

	if (total_param) {
		tparam = SMB_REALLOC(*param,total_param);
		if (!tparam) {
			DEBUG(0,("cli_receive_nt_trans: failed to enlarge param buffer to %d\n", total_param));
			return False;




  
	DEBUG(4,(" tconx ok\n"));
  
	srv = SMB_MALLOC_P(struct smbc_server);
	if (!srv) {
		errno = ENOMEM;
		goto failed;


	srv->dev = (dev_t)(str_checksum(server) ^ str_checksum(share));

	srv->server_name = SMB_STRDUP(server);
	if (!srv->server_name) {
		errno = ENOMEM;
		goto failed;
	}

	srv->share_name = SMB_STRDUP(share);
	if (!srv->share_name) {
		errno = ENOMEM;
		goto failed;
	}

	srv->workgroup = SMB_STRDUP(workgroup);
	if (!srv->workgroup) {
		errno = ENOMEM;
		goto failed;
	}

	srv->username = SMB_STRDUP(username);
	if (!srv->username) {
		errno = ENOMEM;
		goto failed;


	user = getenv("USER");
	/* walk around as "guest" if no username can be found */
	if (!user) user = SMB_STRDUP("guest");
	pstrcpy(smbc_user, user); /* Save for use elsewhere */
	
	/*


#endif

	smbc_file_table = SMB_MALLOC_ARRAY( struct smbc_file *, SMBC_MAX_FD );
	if (!smbc_file_table)
		return ENOMEM;



		}

		smbc_file_table[slot] = SMB_MALLOC_P(struct smbc_file);

		if (!smbc_file_table[slot]) {



		smbc_file_table[slot]->cli_fd  = fd;
		smbc_file_table[slot]->smbc_fd = slot + smbc_start_fd;
		smbc_file_table[slot]->fname   = SMB_STRDUP(fname);
		smbc_file_table[slot]->srv     = srv;
		smbc_file_table[slot]->offset  = 0;
		smbc_file_table[slot]->file    = True;

	size = sizeof(struct smbc_dirent) + (name?strlen(name):0) +
		(comment?strlen(comment):0) + 1; 
    
	dirent = SMB_MALLOC(size);

	if (!dirent) {



	if (dir->dir_list == NULL) {

		dir->dir_list = SMB_MALLOC_P(struct smbc_dir_list);
		if (!dir->dir_list) {

			SAFE_FREE(dirent);

	}
	else {

		dir->dir_end->next = SMB_MALLOC_P(struct smbc_dir_list);
		
		if (!dir->dir_end->next) {
			

      
	}

	smbc_file_table[slot] = SMB_MALLOC_P(struct smbc_file);

	if (!smbc_file_table[slot]) {



	smbc_file_table[slot]->cli_fd   = 0;
	smbc_file_table[slot]->smbc_fd  = slot + smbc_start_fd;
	smbc_file_table[slot]->fname    = SMB_STRDUP(fname);
	smbc_file_table[slot]->srv      = NULL;
	smbc_file_table[slot]->offset   = 0;
	smbc_file_table[slot]->file     = False;

Lines 98-104 Link Here

(-)samba-2.2.12-pre-CAN-2004-1154/source/libsmb/namecache.c (-3 / +2 lines)
98	if (num_names > 0)	98	if (num_names > 0)
99	size += sizeof(struct in_addr) * (num_names-1);	99	size += sizeof(struct in_addr) * (num_names-1);
100		100
101	value = (struct nc_value *)malloc(size);	101	value = (struct nc_value *)SMB_MALLOC(size);
102		102
103	memset(value, 0, size);	103	memset(value, 0, size);
104		104
Lines 224-231 Link Here
224		224
225	if (data->count) {	225	if (data->count) {
226		226
227	ip_list = (struct in_addr )malloc(	227	*ip_list = SMB_MALLOC_ARRAY(struct in_addr, data->count);
228	sizeof(struct in_addr) * data->count);
229		228
230	memcpy(ip_list, data->ip_list, sizeof(struct in_addr) data->count);	229	memcpy(ip_list, data->ip_list, sizeof(struct in_addr) data->count);
231		230





	if (*num_names == 0) return NULL;

	ret = SMB_MALLOC_ARRAY(struct node_status, *num_names);
	if (!ret) return NULL;

	p++;


  /* Now, create the additional stuff for a registration request */

  if ((nmb->additional = SMB_MALLOC_P(struct res_rec)) == NULL) {

    DEBUG(0, ("name_register: malloc fail for additional record.\n"));
    return False;

				continue;
			}

			if(
			   nmb2->answers->rdlength >= INT_MAX/6 ||
			   (*count) >= INT_MAX-(nmb2->answers->rdlength/6) ||
			   sizeof( ip_list[0] ) >= UINT_MAX/( (*count) + nmb2->answers->rdlength/6 )
			   )
			{
				DEBUG(0,("name_query: integer overflow detected.\n"));
				free_packet(p2);
				return NULL;
			}
			tmp_ip_list = SMB_REALLOC_ARRAY( ip_list, struct in_addr, (*count) + nmb2->answers->rdlength/6 );

			if (!tmp_ip_list) {
				DEBUG(0,("name_query: Realloc failed.\n"));

                ((name_type2 == -1) || (name_type == name_type2))
               ) {
				endlmhosts(fp);
				*return_iplist = SMB_MALLOC_P(struct in_addr);
				if(*return_iplist == NULL) {
					DEBUG(3,("resolve_lmhosts: malloc fail !\n"));
					return False;

		int i = 0, j;
		while (hp->h_addr_list[i]) i++;
		DEBUG(10, ("%d addresses returned\n", i));
		*return_iplist = SMB_MALLOC_ARRAY(struct in_addr, i);
		if(*return_iplist == NULL) {
			DEBUG(3,("resolve_hosts: malloc fail !\n"));
			return False;

  *return_count = 0;

  if (allzeros || allones || is_address) {
	*return_iplist = SMB_MALLOC_P(struct in_addr);
	if(*return_iplist == NULL) {
		DEBUG(3,("internal_resolve_name: malloc fail !\n"));
		return False;

     controllers including the PDC in iplist[1..n].  Iterating over
     the iplist when the PDC is down will cause two sets of timeouts. */

  if (*return_count && (nodupes_iplist = SMB_MALLOC_ARRAY(struct in_addr, *return_count))) {
			(struct in_addr *)malloc(sizeof(struct in_addr) * (*return_count)))) {
      int nodupes_count = 0;
 
      /* Iterate over return_iplist looking for duplicates */

		if (num_addresses == 0)
			return internal_resolve_name(group, name_type, ip_list, count);

		return_iplist = SMB_MALLOC_ARRAY(struct in_addr, num_addresses);
		if(return_iplist == NULL) {
			DEBUG(3,("get_dc_list: malloc fail !\n"));
			return False;

			int count_more;
			if (resolve_name_2( name, &more_ip, &count_more, 0x20) == False)
				continue;
			tmp = SMB_REALLOC_ARRAY(return_iplist, struct in_addr, num_addresses + count_more);
			if (return_iplist == NULL) {
				DEBUG(3, ("realloc failed with %d addresses\n", num_addresses + count_more));
				SAFE_FREE(return_iplist);




				struct res_rec **recs, int count)
{
  int i;
  *recs = SMB_MALLOC_ARRAY(struct res_rec, count);
  if (!*recs) return(False);

  memset((char *)*recs,'\0',sizeof(**recs)*count);

  struct nmb_packet *copy_nmb;
  struct packet_struct *pkt_copy;

  if(( pkt_copy = SMB_MALLOC_P(struct packet_struct)) == NULL)
  {
    DEBUG(0,("copy_nmb_packet: malloc fail.\n"));
    return NULL;


  if (nmb->answers)
  {
    if((copy_nmb->answers = SMB_MALLOC_ARRAY(struct res_rec, nmb->header.ancount)) == NULL)
                  malloc(nmb->header.ancount * sizeof(struct res_rec))) == NULL)
      goto free_and_exit;
    memcpy((char *)copy_nmb->answers, (char *)nmb->answers, 
           nmb->header.ancount * sizeof(struct res_rec));
  }
  if (nmb->nsrecs)
  {
    if((copy_nmb->nsrecs = SMB_MALLOC_ARRAY(struct res_rec, nmb->header.nscount)) == NULL)
                  malloc(nmb->header.nscount * sizeof(struct res_rec))) == NULL)
      goto free_and_exit;
    memcpy((char *)copy_nmb->nsrecs, (char *)nmb->nsrecs, 
           nmb->header.nscount * sizeof(struct res_rec));
  }
  if (nmb->additional)
  {
    if((copy_nmb->additional = SMB_MALLOC_ARRAY(struct res_rec, nmb->header.arcount)) == NULL)
                  malloc(nmb->header.arcount * sizeof(struct res_rec))) == NULL)
      goto free_and_exit;
    memcpy((char *)copy_nmb->additional, (char *)nmb->additional, 
           nmb->header.arcount * sizeof(struct res_rec));

{ 
  struct packet_struct *pkt_copy;

  if(( pkt_copy = SMB_MALLOC_P(struct packet_struct)) == NULL)
  {
    DEBUG(0,("copy_dgram_packet: malloc fail.\n"));
    return NULL;

	struct packet_struct *p;
	BOOL ok=False;

	p = SMB_MALLOC_P(struct packet_struct);
	if (!p) return(NULL);

	p->next = NULL;

Lines 355-361 Link Here

(-)samba-2.2.12-pre-CAN-2004-1154/source/locking/brlock.c (-1 / +1 lines)
355	}	355	}
356		356
357	/* no conflicts - add it to the list of locks */	357	/* no conflicts - add it to the list of locks */
358	tp = Realloc(dbuf.dptr, dbuf.dsize + sizeof(*locks));	358	tp = SMB_REALLOC(dbuf.dptr, dbuf.dsize + sizeof(*locks));
359	if (!tp) {	359	if (!tp) {
360	status = NT_STATUS_NO_MEMORY;	360	status = NT_STATUS_NO_MEMORY;
361	goto fail;	361	goto fail;

Lines 683-689 Link Here

(-)samba-2.2.12-pre-CAN-2004-1154/source/locking/locking.c (-2 / +2 lines)
683	pstrcat(fname, fsp->fsp_name);	683	pstrcat(fname, fsp->fsp_name);
684		684
685	size = sizeof(*data) + sizeof(share_mode_entry) + strlen(fname) + 1;	685	size = sizeof(*data) + sizeof(share_mode_entry) + strlen(fname) + 1;
686	p = (char *)malloc(size);	686	p = (char *)SMB_MALLOC(size);
687	if (!p)	687	if (!p)
688	return False;	688	return False;
689	data = (struct locking_data *)p;	689	data = (struct locking_data *)p;
Lines 715-721 Link Here
715	fsp->fsp_name, data->u.num_share_mode_entries ));	715	fsp->fsp_name, data->u.num_share_mode_entries ));
716		716
717	size = dbuf.dsize + sizeof(share_mode_entry);	717	size = dbuf.dsize + sizeof(share_mode_entry);
718	p = malloc(size);	718	p = SMB_MALLOC(size);
719	if (!p)	719	if (!p)
720	return False;	720	return False;
721	memcpy(p, dbuf.dptr, sizeof(*data));	721	memcpy(p, dbuf.dptr, sizeof(*data));





	dbuf = tdb_fetch(posix_pending_close_tdb, kbuf);

	tp = SMB_REALLOC(dbuf.dptr, dbuf.dsize + sizeof(int));
	if (!tp) {
		DEBUG(0,("add_fd_to_close_entry: Realloc fail !\n"));
		SAFE_FREE(dbuf.dptr);

	pl.size = size;
	pl.lock_type = lock_type;

	tp = SMB_REALLOC(dbuf.dptr, dbuf.dsize + sizeof(pl));
	if (!tp) {
		DEBUG(0,("add_posix_lock_entry: Realloc fail !\n"));
		goto fail;

        | l_curr|         | l_new   |
        +-------+         +---------+
**********************************************/
				struct lock_list *l_new = TALLOC_P(ctx,struct lock_list);
													sizeof(struct lock_list));

				if(l_new == NULL) {
					DEBUG(0,("posix_lock_list: talloc fail.\n"));

		return True; /* Not a fatal error. */
	}

	if ((ll = TALLOC_P(l_ctx, struct lock_list)) == NULL) {
		DEBUG(0,("set_posix_lock: unable to talloc unlock list.\n"));
		talloc_destroy(l_ctx);
		return True; /* Not a fatal error. */

		return True; /* Not a fatal error. */
	}

	if ((ul = TALLOC_P(ul_ctx, struct lock_list)) == NULL) {
		DEBUG(0,("release_posix_lock: unable to talloc unlock list.\n"));
		talloc_destroy(ul_ctx);
		return True; /* Not a fatal error. */

Lines 457-463 Link Here

(-)samba-2.2.12-pre-CAN-2004-1154/source/msdfs/msdfs.c (-2 / +2 lines)
457	/* add the unexplained 0x16 bytes */	457	/* add the unexplained 0x16 bytes */
458	reply_size += 0x16;	458	reply_size += 0x16;
459		459
460	pdata = Realloc(pdata,reply_size);	460	pdata = SMB_REALLOC(pdata,reply_size);
461	if(pdata == NULL) {	461	if(pdata == NULL) {
462	DEBUG(0,("malloc failed for Realloc!\n"));	462	DEBUG(0,("malloc failed for Realloc!\n"));
463	return -1;	463	return -1;
Lines 536-542 Link Here
536	reply_size += (strlen(junction->referral_list[i].alternate_path)+1)*2;	536	reply_size += (strlen(junction->referral_list[i].alternate_path)+1)*2;
537	}	537	}
538		538
539	pdata = Realloc(pdata,reply_size);	539	pdata = SMB_REALLOC(pdata,reply_size);
540	if(pdata == NULL) {	540	if(pdata == NULL) {
541	DEBUG(0,("version3 referral setup: malloc failed for Realloc!\n"));	541	DEBUG(0,("version3 referral setup: malloc failed for Realloc!\n"));
542	return -1;	542	return -1;

Lines 585-591 Link Here

(-)samba-2.2.12-pre-CAN-2004-1154/source/nmbd/nmbd.c (-2 / +2 lines)
585	namecount++;	585	namecount++;
586		586
587	/* Allocate space for the netbios aliases */	587	/* Allocate space for the netbios aliases */
588	my_netbios_names = (char *)malloc( sizeof(char ) * (namecount+1) );	588	my_netbios_names = SMB_MALLOC_ARRAY( char *, namecount+1 );
589	if( NULL == my_netbios_names )	589	if( NULL == my_netbios_names )
590	{	590	{
591	DEBUG( 0, ( "init_structs: malloc fail.\n" ) );	591	DEBUG( 0, ( "init_structs: malloc fail.\n" ) );
Lines 609-615 Link Here
609	nodup=0;	609	nodup=0;
610	}	610	}
611	if (nodup)	611	if (nodup)
612	my_netbios_names[namecount++] = strdup( nbname );	612	my_netbios_names[namecount++] = SMB_STRDUP( nbname );
613	}	613	}
614		614
615	/* Check the strdups succeeded. */	615	/* Check the strdups succeeded. */

Lines 212-218 Link Here

(-)samba-2.2.12-pre-CAN-2004-1154/source/nmbd/nmbd_become_lmb.c (-2 / +2 lines)
212	struct userdata_struct *userdata;	212	struct userdata_struct *userdata;
213	int size = sizeof(struct userdata_struct) + sizeof(BOOL);	213	int size = sizeof(struct userdata_struct) + sizeof(BOOL);
214		214
215	if((userdata = (struct userdata_struct *)malloc(size)) == NULL)	215	if((userdata = (struct userdata_struct *)SMB_MALLOC(size)) == NULL)
216	{	216	{
217	DEBUG(0,("release_1d_name: malloc fail.\n"));	217	DEBUG(0,("release_1d_name: malloc fail.\n"));
218	return;	218	return;
Lines 557-563 Link Here
557	subrec->work_changed = True;	557	subrec->work_changed = True;
558		558
559	/* Setup the userdata_struct. */	559	/* Setup the userdata_struct. */
560	if((userdata = (struct userdata_struct *)malloc(size)) == NULL)	560	if((userdata = (struct userdata_struct *)SMB_MALLOC(size)) == NULL)
561	{	561	{
562	DEBUG(0,("become_local_master_browser: malloc fail.\n"));	562	DEBUG(0,("become_local_master_browser: malloc fail.\n"));
563	return;	563	return;

Lines 89-95 Link Here

(-)samba-2.2.12-pre-CAN-2004-1154/source/nmbd/nmbd_browserdb.c (-1 / +1 lines)
89	struct browse_cache_record *browc;	89	struct browse_cache_record *browc;
90	time_t now = time( NULL );	90	time_t now = time( NULL );
91		91
92	browc = (struct browse_cache_record )malloc( sizeof( browc ) );	92	browc = SMB_MALLOC_P( struct browse_cache_record );
93		93
94	if( NULL == browc )	94	if( NULL == browc )
95	{	95	{

Lines 329-335 Link Here

(-)samba-2.2.12-pre-CAN-2004-1154/source/nmbd/nmbd_browsesync.c (-1 / +1 lines)
329		329
330	/* Setup the userdata_struct - this is copied so we can use	330	/* Setup the userdata_struct - this is copied so we can use
331	a stack variable for this. */	331	a stack variable for this. */
332	if((userdata = (struct userdata_struct *)malloc(size)) == NULL)	332	if((userdata = (struct userdata_struct *)SMB_MALLOC(size)) == NULL)
333	{	333	{
334	DEBUG(0, ("find_domain_master_name_query_success: malloc fail.\n"));	334	DEBUG(0, ("find_domain_master_name_query_success: malloc fail.\n"));
335	return;	335	return;

Lines 558-564 Link Here

(-)samba-2.2.12-pre-CAN-2004-1154/source/nmbd/nmbd_incomingrequests.c (-1 / +1 lines)
558	prdata = rdata;	558	prdata = rdata;
559	else	559	else
560	{	560	{
561	if((prdata = (char )malloc( namerec->data.num_ips 6 )) == NULL)	561	if((prdata = (char )SMB_MALLOC( namerec->data.num_ips 6 )) == NULL)
562	{	562	{
563	DEBUG(0,("process_name_query_request: malloc fail !\n"));	563	DEBUG(0,("process_name_query_request: malloc fail !\n"));
564	goto done;	564	goto done;




  struct name_record *namerec;
  time_t time_now = time(NULL);

  namerec = SMB_MALLOC_P( struct name_record );
  if( NULL == namerec )
  {
    DEBUG( 0, ( "add_name_to_subnet: malloc fail.\n" ) );

  }

  memset( (char *)namerec, '\0', sizeof(*namerec) );
  namerec->data.ip = SMB_MALLOC_ARRAY( struct in_addr, num_ips );
                                               * num_ips );
  if( NULL == namerec->data.ip )
  {
     DEBUG( 0, ( "add_name_to_subnet: malloc fail when creating ip_flgs.\n" ) );

  if( find_ip_in_name_record( namerec, new_ip ) )
    return;
  
  new_list = SMB_MALLOC_ARRAY( struct in_addr, namerec->data.num_ips + 1 );
                                       * sizeof(struct in_addr) );
  if( NULL == new_list )
  {
    DEBUG(0,("add_ip_to_name_record: Malloc fail !\n"));

    /* Create an IP list containing all our known subnets. */

    num_ips = iface_count();
    iplist = SMB_MALLOC_ARRAY( struct in_addr, num_ips );
    if( NULL == iplist )
    {
      DEBUG(0,("add_samba_names_to_subnet: Malloc fail !\n"));

Lines 276-282 Link Here

(-)samba-2.2.12-pre-CAN-2004-1154/source/nmbd/nmbd_nameregister.c (-1 / +1 lines)
276	for(subrec = FIRST_SUBNET; subrec; subrec = NEXT_SUBNET_EXCLUDING_UNICAST(subrec) )	276	for(subrec = FIRST_SUBNET; subrec; subrec = NEXT_SUBNET_EXCLUDING_UNICAST(subrec) )
277	num_ips++;	277	num_ips++;
278		278
279	if((ip_list = (struct in_addr )malloc(num_ips sizeof(struct in_addr)))==NULL)	279	if((ip_list = SMB_MALLOC_ARRAY( struct in_addr, num_ips ))==NULL)
280	{	280	{
281	DEBUG(0,("multihomed_register_name: malloc fail !\n"));	281	DEBUG(0,("multihomed_register_name: malloc fail !\n"));
282	return True;	282	return True;




  struct nmb_packet *nmb = NULL;

  /* Allocate the packet_struct we will return. */
  if((packet = SMB_MALLOC_P(struct packet_struct)) == NULL)
  {
    DEBUG(0,("create_and_init_netbios_packet: malloc fail (1) for packet struct.\n"));
    return NULL;

{
  struct nmb_packet *nmb = &packet->packet.nmb;

  if((nmb->additional = SMB_MALLOC_P(struct res_rec)) == NULL)
  {
    DEBUG(0,("initiate_name_register_packet: malloc fail for additional record.\n"));
    return False;

  struct subnet_record *subrec = NULL;
  int count = 0;
  int num = 0;
  fd_set *pset = SMB_MALLOC_P(fd_set);

  if(pset == NULL)
  {

  for (subrec = FIRST_SUBNET; subrec; subrec = NEXT_SUBNET_EXCLUDING_UNICAST(subrec))
    count++;

  if(count >= (UINT_MAX/2)-2)
  {
    DEBUG(0,("create_listen_fdset: integer overflow detected.\n"));
    return True;
  }
  if((count*2) + 2 > FD_SETSIZE)
  {
    DEBUG(0,("create_listen_fdset: Too many file descriptors needed (%d). We can \

    return True;
  }

  if((sock_array = SMB_MALLOC_ARRAY( int, (count*2) + 2)) == NULL)
  {
    DEBUG(0,("create_listen_fdset: malloc fail for socket array.\n"));
    return True;

Lines 108-114 Link Here

(-)samba-2.2.12-pre-CAN-2004-1154/source/nmbd/nmbd_responserecordsdb.c (-2 / +2 lines)
108	struct response_record *rrec;	108	struct response_record *rrec;
109	struct nmb_packet *nmb = &p->packet.nmb;	109	struct nmb_packet *nmb = &p->packet.nmb;
110		110
111	if (!(rrec = (struct response_record )malloc(sizeof(rrec))))	111	if (!(rrec = SMB_MALLOC_P(struct response_record)))
112	{	112	{
113	DEBUG(0,("make_response_queue_record: malloc fail for response_record.\n"));	113	DEBUG(0,("make_response_queue_record: malloc fail for response_record.\n"));
114	return NULL;	114	return NULL;
Lines 142-148 Link Here
142	{	142	{
143	/* Primitive userdata, do a memcpy. */	143	/* Primitive userdata, do a memcpy. */
144	if((rrec->userdata = (struct userdata_struct *)	144	if((rrec->userdata = (struct userdata_struct *)
145	malloc(sizeof(struct userdata_struct)+userdata->userdata_len)) == NULL)	145	SMB_MALLOC(sizeof(struct userdata_struct)+userdata->userdata_len)) == NULL)
146	{	146	{
147	DEBUG(0,("make_response_queue_record: malloc fail for userdata.\n"));	147	DEBUG(0,("make_response_queue_record: malloc fail for userdata.\n"));
148	ZERO_STRUCTP(rrec);	148	ZERO_STRUCTP(rrec);

Lines 148-154 Link Here

(-)samba-2.2.12-pre-CAN-2004-1154/source/nmbd/nmbd_serverlistdb.c (-1 / +1 lines)
148	return NULL;	148	return NULL;
149	}	149	}
150		150
151	if((servrec = (struct server_record )malloc(sizeof(servrec))) == NULL)	151	if((servrec = SMB_MALLOC_P(struct server_record)) == NULL)
152	{	152	{
153	DEBUG(0,("create_server_entry_on_workgroup: malloc fail !\n"));	153	DEBUG(0,("create_server_entry_on_workgroup: malloc fail !\n"));
154	return NULL;	154	return NULL;

Lines 164-170 Link Here

(-)samba-2.2.12-pre-CAN-2004-1154/source/nmbd/nmbd_subnetdb.c (-2 / +2 lines)
164		164
165	}	165	}
166		166
167	subrec = (struct subnet_record )malloc(sizeof(subrec));	167	subrec = SMB_MALLOC_P(struct subnet_record);
168		168
169	if (!subrec)	169	if (!subrec)
170	{	170	{
Lines 179-185 Link Here
179	namelist_entry_compare,	179	namelist_entry_compare,
180	ubi_trOVERWRITE );	180	ubi_trOVERWRITE );
181		181
182	if((subrec->subnet_name = strdup(name)) == NULL)	182	if((subrec->subnet_name = SMB_STRDUP(name)) == NULL)
183	{	183	{
184	DEBUG(0,("make_subnet: malloc fail for subnet name !\n"));	184	DEBUG(0,("make_subnet: malloc fail for subnet name !\n"));
185	close(nmb_sock);	185	close(nmb_sock);

Lines 146-152 Link Here

(-)samba-2.2.12-pre-CAN-2004-1154/source/nmbd/nmbd_synclists.c (-1 / +1 lines)
146	return;	146	return;
147	}	147	}
148		148
149	s = (struct sync_record )malloc(sizeof(s));	149	s = SMB_MALLOC_P(struct sync_record);
150	if (!s) goto done;	150	if (!s) goto done;
151		151
152	ZERO_STRUCTP(s);	152	ZERO_STRUCTP(s);

Lines 61-67 Link Here

(-)samba-2.2.12-pre-CAN-2004-1154/source/nmbd/nmbd_winsproxy.c (-2 / +2 lines)
61	iplist = &ip;	61	iplist = &ip;
62	else	62	else
63	{	63	{
64	if((iplist = (struct in_addr )malloc( num_ips sizeof(struct in_addr) )) == NULL)	64	if((iplist = SMB_MALLOC_ARRAY( struct in_addr, num_ips )) == NULL)
65	{	65	{
66	DEBUG(0,("wins_proxy_name_query_request_success: malloc fail !\n"));	66	DEBUG(0,("wins_proxy_name_query_request_success: malloc fail !\n"));
67	return;	67	return;
Lines 140-146 Link Here
140	{	140	{
141	struct packet_struct p, copy_of_p;	141	struct packet_struct p, copy_of_p;
142	struct userdata_struct *new_userdata =	142	struct userdata_struct *new_userdata =
143	(struct userdata_struct *)malloc( userdata->userdata_len );	143	(struct userdata_struct *)SMB_MALLOC( userdata->userdata_len );
144		144
145	if(new_userdata == NULL)	145	if(new_userdata == NULL)
146	return NULL;	146	return NULL;




    }

    /* Allocate the space for the ip_list. */
    if((ip_list = SMB_MALLOC_ARRAY( struct in_addr, num_ips )) == NULL)
    {
      DEBUG(0,("initialise_wins: Malloc fail !\n"));
      return False;

    return;
  }

  if((prdata = (char *)SMB_MALLOC( num_ips * 6 )) == NULL)
  {
    DEBUG(0,("process_wins_dmb_query_request: Malloc fail !.\n"));
    return;

      prdata = rdata;
    else
    {
      if((prdata = (char *)SMB_MALLOC( namerec->data.num_ips * 6 )) == NULL)
      {
        DEBUG(0,("send_wins_name_query_response: malloc fail !\n"));
        return;

Lines 55-61 Link Here

(-)samba-2.2.12-pre-CAN-2004-1154/source/nmbd/nmbd_workgroupdb.c (-1 / +1 lines)
55	struct subnet_record *subrec;	55	struct subnet_record *subrec;
56	int t = -1;	56	int t = -1;
57		57
58	if((work = (struct work_record )malloc(sizeof(work))) == NULL)	58	if((work = SMB_MALLOC_P(struct work_record)) == NULL)
59	{	59	{
60	DEBUG(0,("create_workgroup: malloc fail !\n"));	60	DEBUG(0,("create_workgroup: malloc fail !\n"));
61	return NULL;	61	return NULL;

Lines 312-318 Link Here

(-)samba-2.2.12-pre-CAN-2004-1154/source/nsswitch/wb_client.c (-1 / +1 lines)
312	/* Add group to list if necessary */	312	/* Add group to list if necessary */
313		313
314	if (!is_member) {	314	if (!is_member) {
315	tgr = (gid_t )Realloc(groups, sizeof(gid_t) ngroups + 1);	315	tgr = SMB_REALLOC_ARRAY( groups, gid_t, ngroups + 1 );
316		316
317	if (!tgr) {	317	if (!tgr) {
318	errno = ENOMEM;	318	errno = ENOMEM;

Lines 337-344 Link Here

(-)samba-2.2.12-pre-CAN-2004-1154/source/nsswitch/winbindd.c (-2 / +1 lines)
337		337
338	/* Create new connection structure */	338	/* Create new connection structure */
339		339
340	if ((state = (struct winbindd_cli_state *)	340	if ((state = SMB_MALLOC_P(struct winbindd_cli_state)) == NULL)
341	malloc(sizeof(*state))) == NULL)
342	return;	341	return;
343		342
344	ZERO_STRUCTP(state);	343	ZERO_STRUCTP(state);





	if (ret) return ret;
	
	ret = SMB_XMALLOC_P(struct winbind_cache);
	ZERO_STRUCTP(ret);
	switch (lp_security()) {
#ifdef HAVE_ADS

		smb_panic("centry_string");
	}

	ret = TALLOC_ARRAY(mem_ctx, char, len+1);
	if (!ret) {
		smb_panic("centry_string out of memory\n");
	}

		return NULL;
	}

	centry = SMB_XMALLOC_P(struct cache_entry);
	centry->data = (uchar *)data.dptr;
	centry->len = data.dsize;
	centry->ofs = 0;

	uint8 *p;
	if (centry->len - centry->ofs >= len) return;
	centry->len *= 2;
	p = SMB_REALLOC(centry->data, centry->len);
	if (!p) {
		DEBUG(0,("out of memory: needed %d bytes in centry_expand\n", centry->len));
		smb_panic("out of memory in centry_expand");


	if (!wcache->tdb) return NULL;

	centry = SMB_XMALLOC_P(struct cache_entry);

	centry->len = 8192; /* reasonable default */
	centry->data = SMB_XMALLOC_ARRAY(char, centry->len);
	centry->ofs = 0;
	centry->sequence_number = domain->sequence_number;
	centry_put_uint32(centry, NT_STATUS_V(status));

	
	if (*num_entries == 0) goto do_cached;

	(*info) = TALLOC_ARRAY(mem_ctx, WINBIND_USERINFO, *num_entries);
	if (! (*info)) smb_panic("query_user_list out of memory");
	for (i=0; i<(*num_entries); i++) {
		(*info)[i].acct_name = centry_string(centry, mem_ctx);

	
	if (*num_entries == 0) goto do_cached;

	(*info) = TALLOC_ARRAY(mem_ctx, struct acct_info, *num_entries);
	if (! (*info)) smb_panic("enum_dom_groups out of memory");
	for (i=0; i<(*num_entries); i++) {
		fstrcpy((*info)[i].acct_name, centry_string(centry, mem_ctx));

	
	if (*num_groups == 0) goto do_cached;

	(*user_gids) = TALLOC_ARRAY(mem_ctx, uint32, *num_groups);
	if (! (*user_gids)) smb_panic("lookup_usergroups out of memory");
	for (i=0; i<(*num_groups); i++) {
		(*user_gids)[i] = centry_uint32(centry);

	
	if (*num_names == 0) goto do_cached;

	(*rid_mem) = TALLOC_ARRAY(mem_ctx, uint32, *num_names);
	(*names) = TALLOC_ARRAY(mem_ctx, char *, *num_names);
	(*name_types) = TALLOC_ARRAY(mem_ctx, uint32, *num_names);

	if (! (*rid_mem) || ! (*names) || ! (*name_types)) {
		smb_panic("lookup_groupmem out of memory");





	/* Create negative lookup cache entry for this domain and controller */

	if (!(fcc = SMB_MALLOC_P(struct failed_connection_cache))) {
	      malloc(sizeof(struct failed_connection_cache)))) {
		DEBUG(0, ("malloc failed in add_failed_connection_entry!\n"));
		return;
	}

	}
	
	if (!conn) {
		if (!(conn = SMB_MALLOC_P(struct winbindd_cm_conn)))
			return NT_STATUS_NO_MEMORY;
		
		ZERO_STRUCTP(conn);

			basic_conn = conn;
	}
	
	if (!(conn = SMB_MALLOC_P(struct winbindd_cm_conn)))
	      malloc(sizeof(struct winbindd_cm_conn))))
		return NULL;
	
	ZERO_STRUCTP(conn);

		return NULL;
	}

	if (!(conn = SMB_MALLOC_P(struct winbindd_cm_conn)))
	      malloc(sizeof(struct winbindd_cm_conn))))
		return NULL;
	
	ZERO_STRUCTP(conn);

		return NULL;
	}

	if (!(conn = SMB_MALLOC_P(struct winbindd_cm_conn)))
	      malloc(sizeof(struct winbindd_cm_conn))))
		return NULL;
	
	ZERO_STRUCTP(conn);




	/* Allocate buffer */

	if (!buf && buf_len != 0) {
		if (!(buf = SMB_MALLOC(buf_len))) {
			DEBUG(1, ("out of memory\n"));
			result = False;
			goto done;

		
		/* Create a state record for this domain */
		
		if ((domain_state = SMB_MALLOC_P(struct getent_state)) == NULL)
		     malloc(sizeof(struct getent_state))) == NULL)
			return WINBINDD_ERROR;
		
		ZERO_STRUCTP(domain_state);

	/* Copy entries into return buffer */

	if (num_entries) {
		name_list = SMB_MALLOC_ARRAY(struct acct_info, num_entries);
		memcpy(name_list, sam_grp_entries, 
		       num_entries * sizeof(struct acct_info));
	}

	num_groups = MIN(MAX_GETGRENT_GROUPS, state->request.data.num_entries);

	if ((state->response.extra_data = 
	     SMB_MALLOC_ARRAY( struct winbindd_gr, num_groups )) == NULL)
		return WINBINDD_ERROR;

	state->response.data.num_entries = 0;


		if (result) {
			/* Append to group membership list */
			new_gr_mem_list = SMB_REALLOC(
				gr_mem_list,
				gr_mem_list_len + gr_mem_len);


	if (group_list_ndx == 0)
		goto done;

	new_extra_data = SMB_REALLOC(
		state->response.extra_data,
		group_list_ndx * sizeof(struct winbindd_gr) + gr_mem_list_len);


		/* Allocate some memory for extra data.  Note that we limit
		   account names to sizeof(fstring) = 128 characters.  */		

                ted = SMB_REALLOC_ARRAY( extra_data, fstring, total_entries );
 
		if (!ted) {
			DEBUG(0,("failed to enlarge buffer!\n"));

	/* Copy data back to client */

	num_gids = 0;
	gid_list = SMB_MALLOC_ARRAY( gid_t, num_groups );

	if (state->response.extra_data)
		goto done;

Lines 108-115 Link Here

(-)samba-2.2.12-pre-CAN-2004-1154/source/nsswitch/winbindd_misc.c (-3 / +2 lines)
108	/* Add domain to list */	108	/* Add domain to list */
109		109
110	total_entries++;	110	total_entries++;
111	ted = Realloc(extra_data, sizeof(fstring) *	111	ted = SMB_REALLOC_ARRAY( extra_data, fstring, total_entries );
112	total_entries);
113		112
114	if (!ted) {	113	if (!ted) {
115	DEBUG(0,("winbindd_list_trusted_domains: failed to enlarge buffer!\n"));	114	DEBUG(0,("winbindd_list_trusted_domains: failed to enlarge buffer!\n"));
Lines 143-149 Link Here
143		142
144	DEBUG(3, ("[%5d]: show sequence\n", state->pid));	143	DEBUG(3, ("[%5d]: show sequence\n", state->pid));
145		144
146	extra_data = strdup("");	145	extra_data = SMB_STRDUP("");
147		146
148	/* this makes for a very simple data format, and is easily parsable as well	147	/* this makes for a very simple data format, and is easily parsable as well
149	if that is ever needed */	148	if that is ever needed */




	int maxlen = (str->uni_str_len+1)*4;
	if (!str->buffer)
		return NULL;
	s = TALLOC_ARRAY(ctx, char *,maxlen); /* convervative */
	if (!s)
		return NULL;
	unistr2_to_unix(s, str, maxlen);

		(*num_entries) += count;

		/* now map the result into the WINBIND_USERINFO structure */
		(*info) = TALLOC_REALLOC_ARRAY(mem_ctx, *info, WINBIND_USERINFO,*num_entries);
					 (*num_entries)*sizeof(WINBIND_USERINFO));
		if (!(*info)) {
			result = NT_STATUS_NO_MEMORY;
			talloc_destroy(ctx2);

			break;
		}

		(*info) = TALLOC_REALLOC_ARRAY(mem_ctx, *info, struct acct_info, (*num_entries) + count);
					 sizeof(**info) * ((*num_entries) + count));
		if (! *info) {
			talloc_destroy(mem_ctx2);
			cli_samr_close(hnd->cli, mem_ctx, &dom_pol);

	if (!NT_STATUS_IS_OK(result) || (*num_groups) == 0)
		goto done;

	(*user_gids) = TALLOC_ARRAY(mem_ctx, uint32, *num_groups);
	for (i=0;i<(*num_groups);i++) {
		(*user_gids)[i] = user_groups[i].g_rid;
	}


#define MAX_LOOKUP_RIDS 900

        *names = TALLOC_ZERO_ARRAY(mem_ctx, char *, *num_names);
        *name_types = TALLOC_ZERO_ARRAY(mem_ctx, uint32, *num_names);

        for (i = 0; i < *num_names; i += MAX_LOOKUP_RIDS) {
                int num_lookup_rids = MIN(*num_names - i, MAX_LOOKUP_RIDS);





		/* Create a state record for this domain */
                
		if ((domain_state = SMB_MALLOC_P(struct getent_state)) == NULL)
		     malloc(sizeof(struct getent_state))) == NULL)
			return WINBINDD_ERROR;
                
		ZERO_STRUCTP(domain_state);

	if (num_entries) {
		struct getpwent_user *tnl;
		
		tnl = SMB_REALLOC_ARRAY(name_list, struct getpwent_user, ent->num_sam_entries + num_entries );
						      sizeof(struct getpwent_user) *
						      (ent->num_sam_entries + 
						       num_entries));
		
		if (!tnl) {
			DEBUG(0,("get_sam_user_entries realloc failed.\n"));

	num_users = MIN(MAX_GETPWENT_USERS, state->request.data.num_entries);
	
	if ((state->response.extra_data = 
	     SMB_MALLOC_ARRAY(struct winbindd_pw, num_users)) == NULL)
		return WINBINDD_ERROR;

	memset(state->response.extra_data, 0, num_users * 


		total_entries += num_entries;
			
		ted = SMB_REALLOC_ARRAY( extra_data, fstring, total_entries );
			
		if (!ted) {
			DEBUG(0,("failed to enlarge buffer!\n"));

Lines 91-98 Link Here

(-)samba-2.2.12-pre-CAN-2004-1154/source/nsswitch/winbindd_util.c (-2 / +1 lines)
91		91
92	/* Create new domain entry */	92	/* Create new domain entry */
93		93
94	if ((domain = (struct winbindd_domain *)	94	if ((domain = SMB_MALLOC_P(struct winbindd_domain)) == NULL)
95	malloc(sizeof(*domain))) == NULL)
96	return NULL;	95	return NULL;
97		96
98	/* Fill in fields */	97	/* Fill in fields */

Lines 236-242 Link Here

(-)samba-2.2.12-pre-CAN-2004-1154/source/pam_smbpass/support.c (-1 / +1 lines)
236	register char *new = NULL;	236	register char *new = NULL;
237		237
238	if (x != NULL) {	238	if (x != NULL) {
239	register int i;	239	register size_t i;
240		240
241	for (i = 0; x[i]; ++i); /* length of string */	241	for (i = 0; x[i]; ++i); /* length of string */
242	if ((new = malloc(++i)) == NULL) {	242	if ((new = malloc(++i)) == NULL) {




	if (!lp_talloc)
		lp_talloc = talloc_init();

	ret = TALLOC_ARRAY(lp_talloc, char, len + 100);	/* leave room for substitution */

	if (!ret)
		return NULL;

			memcpy(oldservices, ServicePtrs, sizeof(service *) * iNumServices);
#endif

		tsp = SMB_REALLOC_ARRAY( ServicePtrs, service *, num_to_alloc );
						sizeof(service *) *
						num_to_alloc);
 
		if (!tsp) {
			DEBUG(0,("add_a_service: failed to enlarge ServicePtrs!\n"));
			return (-1);
		} else {
			ServicePtrs = tsp;
			ServicePtrs[iNumServices] = SMB_MALLOC_P(service);
				(service *) malloc(sizeof(service));
        }

#ifdef __INSURE__

	}
 
	if (!f) {
		f = SMB_MALLOC_P(struct file_lists);
		if (!f)
			return;
		f->next = file_lists;
		f->name = SMB_STRDUP(fname);
		if (!f->name) {
			SAFE_FREE(f);
			return;
		}
		f->subfname = SMB_STRDUP(subfname);
		if (!f->subfname) {
			SAFE_FREE(f);
			return;

			DEBUGADD(6, ("file %s modified: %s\n", n2, ctime(&mod_time)));
			f->modtime = mod_time;
			SAFE_FREE(f->subfname);
			f->subfname = SMB_STRDUP(n2);
			return (True);
		}
		f = f->next;

		if (line[len - 1] == '\n')
			line[--len] = '\0';

		if ((varval = SMB_MALLOC(len + 1)) == NULL)
		{
			DEBUG(0, ("source_env: Not enough memory!\n"));
			return (False);

	 */
	string_set(ptr, pszParmValue);
	strupper(*ptr);
	saved_character_set = SMB_STRDUP(*ptr);
	interpret_character_set(*ptr, lp_client_code_page());
	return (True);
}

{
	int i;
	SAFE_FREE(pservice->copymap);
	pservice->copymap = SMB_MALLOC_ARRAY(BOOL, NUMPARAMETERS);
	if (!pservice->copymap)
		DEBUG(0,
		      ("Couldn't allocate copymap!! (size %d)\n",

	if (!str)
		return;

	s = SMB_STRDUP(str);
	if (!s)
		return;


			case P_STRING:
			case P_USTRING:
				parm_table[i].def.svalue =
					SMB_STRDUP(*(char **)parm_table[i].ptr);
				break;
			case P_GSTRING:
			case P_UGSTRING:
				parm_table[i].def.svalue =
					SMB_STRDUP((char *)parm_table[i].ptr);
				break;
			case P_BOOL:
			case P_BOOLREV:




      {
      char *tb;

      tb = SMB_REALLOC( bufr, bSize +BUFR_INC );
      if( NULL == tb )
        {
        DEBUG(0, ("%s Memory re-allocation failure.", func) );

      {
      char *tb;
 
      tb = SMB_REALLOC( bufr, bSize + BUFR_INC );
      if( NULL == tb )
        {
        DEBUG(0, ("%s Memory re-allocation failure.", func) );

    if( i > (bSize - 2) )       /* Make sure there's enough room. */
      {
      bSize += BUFR_INC;
      bufr   = SMB_REALLOC( bufr, bSize );
      if( NULL == bufr )
        {
        DEBUG(0, ("%s Memory re-allocation failure.", func) );

  int lvl = in_client?1:0;
  myFILE *ret;

  ret = SMB_MALLOC_P(myFILE);
  if (!ret) return NULL;

  ret->buf = file_load(FileName, &ret->size);

  else                                        /* If we don't have a buffer   */
    {                                         /* allocate one, then parse,   */
    bSize = BUFR_INC;                         /* then free.                  */
    bufr = (char *)SMB_MALLOC( bSize );
    if( NULL == bufr )
      {
      DEBUG(0,("%s memory allocation failure.\n", func));




/*
 *  Macros to help make life easy
 */
#define COPY_STRING(s) (s) ? SMB_STRDUP(s) : NULL

/*******************************************************************
 PAM error handler.

		return PAM_CONV_ERR;
	}

	reply = SMB_MALLOC_ARRAY( struct pam_response, num_msg );
	if (!reply)
		return PAM_CONV_ERR;


	struct chat_struct *tmp;

	while (1) {
		t = SMB_MALLOC_P(struct chat_struct);
		if (!t) {
			DEBUG(0,("make_pw_chat: malloc failed!\n"));
			return NULL;

		return PAM_CONV_ERR;
	}

	reply = SMB_MALLOC_ARRAY( struct pam_response, num_msg );
	if (!reply) {
		DEBUG(0,("smb_pam_passchange_conv: malloc for reply failed!\n"));
		free_pw_chat(pw_chat);

static struct pam_conv *smb_setup_pam_conv(smb_pam_conv_fn smb_pam_conv_fnptr, const char *user,
					const char *passwd, const char *newpass)
{
	struct pam_conv *pconv = SMB_MALLOC_P(struct pam_conv);
	struct smb_pam_userdata *udp = SMB_MALLOC_P(struct smb_pam_userdata);

	if (pconv == NULL || udp == NULL) {
		SAFE_FREE(pconv);




		return False;
	}
	
	*user=SMB_MALLOC_P(SAM_ACCOUNT);
	
	if (*user==NULL) {
		DEBUG(0,("pdb_init_sam: error while allocating memory\n"));

	if (sampass->nt_pw!=NULL)
		DEBUG(4,("pdb_set_nt_passwd: NT hash non NULL overwritting ?\n"));
	else
		sampass->nt_pw=SMB_MALLOC_ARRAY( unsigned char, 16 );
	
	if (sampass->nt_pw==NULL)
		return False;

	if (sampass->lm_pw!=NULL)
		DEBUG(4,("pdb_set_lanman_passwd: LM hash non NULL overwritting ?\n"));
	else
		sampass->lm_pw=SMB_MALLOC_ARRAY( unsigned char, 16 );
	
	if (sampass->lm_pw==NULL)
		return False;

Lines 480-486 Link Here

(-)samba-2.2.12-pre-CAN-2004-1154/source/passdb/pdb_ldap.c (-3 / +2 lines)
480		480
481	if (mods[i] == NULL)	481	if (mods[i] == NULL)
482	{	482	{
483	mods = (LDAPMod *) Realloc (mods, (i + 2) sizeof (LDAPMod *));	483	mods = SMB_REALLOC_ARRAY ( mods, LDAPMod *, i + 2 );
484	if (mods == NULL)	484	if (mods == NULL)
485	{	485	{
486	DEBUG(0, ("make_a_mod: out of memory!\n"));	486	DEBUG(0, ("make_a_mod: out of memory!\n"));
Lines 504-511 Link Here
504	if (mods[i]->mod_values != NULL) {	504	if (mods[i]->mod_values != NULL) {
505	for (; mods[i]->mod_values[j] != NULL; j++);	505	for (; mods[i]->mod_values[j] != NULL; j++);
506	}	506	}
507	mods[i]->mod_values = (char **)Realloc(mods[i]->mod_values,	507	mods[i]->mod_values = SMB_REALLOC_ARRAY( mods[i]->mod_values, char *, j + 2 );
508	(j + 2) * sizeof (char *));
509		508
510	if (mods[i]->mod_values == NULL) {	509	if (mods[i]->mod_values == NULL) {
511	DEBUG (0, ("make_a_mod: Memory allocation failure!\n"));	510	DEBUG (0, ("make_a_mod: Memory allocation failure!\n"));

Lines 501-507 Link Here

(-)samba-2.2.12-pre-CAN-2004-1154/source/passdb/pdb_smbpasswd.c (-1 / +1 lines)
501		501
502	new_entry_length = strlen(newpwd->smb_name) + 1 + 15 + 1 + 32 + 1 + 32 + 1 + NEW_PW_FORMAT_SPACE_PADDED_LEN + 1 + 13 + 2;	502	new_entry_length = strlen(newpwd->smb_name) + 1 + 15 + 1 + 32 + 1 + 32 + 1 + NEW_PW_FORMAT_SPACE_PADDED_LEN + 1 + 13 + 2;
503		503
504	if((new_entry = (char *)malloc( new_entry_length )) == NULL) {	504	if((new_entry = (char *)SMB_MALLOC( new_entry_length )) == NULL) {
505	DEBUG(0, ("format_new_smbpasswd_entry: Malloc failed adding entry for user %s.\n", newpwd->smb_name ));	505	DEBUG(0, ("format_new_smbpasswd_entry: Malloc failed adding entry for user %s.\n", newpwd->smb_name ));
506	return NULL;	506	return NULL;
507	}	507	}

Lines 41-47 Link Here

(-)samba-2.2.12-pre-CAN-2004-1154/source/printing/load.c (-1 / +1 lines)
41	{	41	{
42	char *p;	42	char *p;
43	int printers;	43	int printers;
44	char *str = strdup(lp_auto_services());	44	char *str = SMB_STRDUP(lp_auto_services());
45		45
46	if (!str) return;	46	if (!str) return;
47		47




		SAFE_FREE(dbuf.dptr);
		if (ret != dbuf.dsize) continue;

		tl = SMB_REALLOC_ARRAY( *list, nt_forms_struct, n+1 );
		if (!tl) {
			DEBUG(0,("get_ntforms: Realloc fail.\n"));
			return 0;

	}

	if (update==False) {
		if((tl=SMB_REALLOC_ARRAY( *list, nt_forms_struct, n+1 )) == NULL) {
			DEBUG(0,("add_a_form: failed to enlarge forms list!\n"));
			return False;
		}

	     newkey = tdb_nextkey(tdb_drivers, kbuf), safe_free(kbuf.dptr), kbuf=newkey) {
		if (strncmp(kbuf.dptr, key, strlen(key)) != 0) continue;
		
		if((fl = SMB_REALLOC_ARRAY( *list, fstring, total+1)) == NULL) {
			DEBUG(0,("get_ntdrivers: failed to enlarge list!\n"));
			return -1;
		}

	char    *buf;
	ssize_t byte_count;

	if ((buf=SMB_MALLOC(PE_HEADER_SIZE)) == NULL) {
		DEBUG(0,("get_file_version: PE file [%s] PE Header malloc failed bytes = %d\n",
				fname, PE_HEADER_SIZE));
		goto error_exit;

		num_sections        = SVAL(buf,PE_HEADER_NUMBER_OF_SECTIONS);
		section_table_bytes = num_sections * PE_HEADER_SECT_HEADER_SIZE;
		SAFE_FREE(buf);
		if ((buf=SMB_MALLOC(section_table_bytes)) == NULL) {
			DEBUG(0,("get_file_version: PE file [%s] section table malloc failed bytes = %d\n",
					fname, section_table_bytes));
			goto error_exit;

				int section_bytes = IVAL(buf,sec_offset+PE_HEADER_SECT_SIZE_DATA_OFFSET);

				SAFE_FREE(buf);
				if ((buf=SMB_MALLOC(section_bytes)) == NULL) {
					DEBUG(0,("get_file_version: PE file [%s] version malloc failed bytes = %d\n",
							fname, section_bytes));
					goto error_exit;


		/* Allocate a bit more space to speed up things */
		SAFE_FREE(buf);
		if ((buf=SMB_MALLOC(VS_NE_BUF_SIZE)) == NULL) {
			DEBUG(0,("get_file_version: NE file [%s] malloc failed bytes  = %d\n",
					fname, PE_HEADER_SIZE));
			goto error_exit;

	if (len != buflen) {
		char *tb;

		tb = (char *)SMB_REALLOC(buf, len);
		if (!tb) {
			DEBUG(0,("add_a_printer_driver_3: failed to enlarge buffer\n!"));
			ret = -1;

	fstrcpy(info.configfile, "");
	fstrcpy(info.helpfile, "");

	if ((info.dependentfiles=SMB_MALLOC_ARRAY( fstring, 2 )) == NULL)
		return WERR_NOMEM;

	memset(info.dependentfiles, '\0', 2*sizeof(fstring));

	while (len < dbuf.dsize) {
		fstring *tddfs;

		tddfs = (fstring *)SMB_REALLOC_ARRAY( driver.dependentfiles, fstring, i+2);
							 sizeof(fstring)*(i+2));
		if (tddfs == NULL) {
			DEBUG(0,("get_a_printer_driver_3: failed to enlarge buffer!\n"));
			break;

	if (buflen != len) {
		char *tb;

		tb = (char *)SMB_REALLOC(buf, len);
		if (!tb) {
			DEBUG(0,("update_a_printer_2: failed to enlarge buffer!\n"));
			ret = WERR_NOMEM;

{

	char adevice[MAXDEVICENAME+1];
	NT_DEVICEMODE *nt_devmode = SMB_MALLOC_P(NT_DEVICEMODE);

	if (nt_devmode == NULL) {
		DEBUG(0,("construct_nt_devicemode: malloc fail.\n"));

	if (buflen != len) {
		char *tb;

		tb = (char *)SMB_REALLOC(buf, len);
		if (!tb) {
			DEBUG(0, ("update_driver_init_2: failed to enlarge buffer!\n"));
			ret = -1;

		if ((ctx = talloc_init()) == NULL)
			return WERR_NOMEM;

		if ((nt_devmode = SMB_MALLOC_P(NT_DEVICEMODE)) == NULL) {
			status = WERR_NOMEM;
			goto done;
		}

	{
		case 2:
		{
			if ((printer = SMB_MALLOC_P(NT_PRINTER_INFO_LEVEL)) == NULL) {
				DEBUG(0,("get_a_printer: malloc fail.\n"));
				return WERR_NOMEM;
			}

	/* exited because it exist */
	*type=param->type;		
	StrnCpy(value, param->value, sizeof(fstring)-1);
	*data= SMB_MALLOC_ARRAY( uint8, param->data_len );
	if(*data == NULL)
		return False;
	ZERO_STRUCTP(*data);

		/* exited because it exist */
		*type=param->type;	
		
		*data= SMB_MALLOC_ARRAY( uint8, param->data_len );
		if(*data == NULL)
			return False;
		memcpy(*data, param->data, param->data_len);

Lines 920-926 Link Here

(-)samba-2.2.12-pre-CAN-2004-1154/source/printing/print_cups.c (-1 / +1 lines)
920	{	920	{
921	qalloc += 16;	921	qalloc += 16;
922		922
923	temp = Realloc(queue, sizeof(print_queue_struct) * qalloc);	923	temp = SMB_REALLOC_ARRAY( queue, print_queue_struct, qalloc );
924		924
925	if (temp == NULL)	925	if (temp == NULL)
926	{	926	{

Lines 218-224 Link Here

(-)samba-2.2.12-pre-CAN-2004-1154/source/printing/print_generic.c (-1 / +1 lines)
218	qcount = 0;	218	qcount = 0;
219	ZERO_STRUCTP(status);	219	ZERO_STRUCTP(status);
220	if (numlines)	220	if (numlines)
221	queue = (print_queue_struct )malloc(sizeof(print_queue_struct)(numlines+1));	221	queue = SMB_MALLOC_ARRAY( print_queue_struct, numlines+1 );
222		222
223	if (queue) {	223	if (queue) {
224	for (i=0; i<numlines; i++) {	224	for (i=0; i<numlines; i++) {

Lines 89-97 Link Here

(-)samba-2.2.12-pre-CAN-2004-1154/source/printing/print_svid.c (-2 / +2 lines)
89	*tmp = '\0';	89	*tmp = '\0';
90		90
91	/* add it to the cache */	91	/* add it to the cache */
92	if ((ptmp = malloc(sizeof (*ptmp))) != NULL) {	92	if ((ptmp = SMB_MALLOC_P(printer_t)) != NULL) {
93	ZERO_STRUCTP(ptmp);	93	ZERO_STRUCTP(ptmp);
94	if((ptmp->name = strdup(name)) == NULL)	94	if((ptmp->name = SMB_STRDUP(name)) == NULL)
95	DEBUG(0,("populate_printers: malloc fail in strdup !\n"));	95	DEBUG(0,("populate_printers: malloc fail in strdup !\n"));
96	ptmp->next = printers;	96	ptmp->next = printers;
97	printers = ptmp;	97	printers = ptmp;

Lines 1313-1320 Link Here

(-)samba-2.2.12-pre-CAN-2004-1154/source/printing/printing.c (-2 / +1 lines)
1313	return 0;	1313	return 0;
1314		1314
1315	/* Allocate the queue size. */	1315	/* Allocate the queue size. */
1316	if ((tstruct.queue = (print_queue_struct *)	1316	if ((tstruct.queue = SMB_MALLOC_ARRAY( print_queue_struct, tsc.count )) == NULL)
1317	malloc(sizeof(print_queue_struct)*tsc.count)) == NULL)
1318	return 0;	1317	return 0;
1319		1318
1320	/*	1319	/*

Lines 328-334 Link Here

(-)samba-2.2.12-pre-CAN-2004-1154/source/rpc_client/cli_spoolss_notify.c (-1 / +1 lines)
328	{	328	{
329	DEBUG(10,("build_notify_data: %s set on [%s][%d]\n", msg_table[i].name,	329	DEBUG(10,("build_notify_data: %s set on [%s][%d]\n", msg_table[i].name,
330	printer->info_2->printername, idx));	330	printer->info_2->printername, idx));
331	if ((data=Realloc(notify_data, (idx+1)sizeof(SPOOL_NOTIFY_INFO_DATA))) == NULL) {	331	if ((data=SMB_REALLOC_ARRAY( *notify_data, SPOOL_NOTIFY_INFO_DATA, idx+1)) == NULL) {
332	DEBUG(0,("build_notify_data: Realloc() failed with size [%d]!\n",	332	DEBUG(0,("build_notify_data: Realloc() failed with size [%d]!\n",
333	(idx+1)*sizeof(SPOOL_NOTIFY_INFO_DATA)));	333	(idx+1)*sizeof(SPOOL_NOTIFY_INFO_DATA)));
334	return -1;	334	return -1;




		depth++;
		/* should depend on whether marshalling or unmarshalling! */
		if(UNMARSHALLING(ps)) {
			ctr->dfs.info1 = PRS_ALLOC_MEM( ps, DFS_INFO_1, num_entries );
			if (!ctr->dfs.info1)
				return False;
		}

	case 2:
		depth++;
		if(UNMARSHALLING(ps)) {
			ctr->dfs.info2 = PRS_ALLOC_MEM( ps, DFS_INFO_2, num_entries );
			if (!ctr->dfs.info2)
				return False;
		}

	case 3:
		depth++;
		if(UNMARSHALLING(ps)) {
			ctr->dfs.info3 = PRS_ALLOC_MEM(ps, DFS_INFO_3, num_entries );
			if (!ctr->dfs.info3)
				return False;
		}

	depth++;

	if(UNMARSHALLING(ps)) {
		info3->storages = PRS_ALLOC_MEM( ps, DFS_STORAGE_INFO, info3->num_storage_infos );
		if (!info3->storages)
			return False;
	}





	if (attr->ptr_sec_qos != 0) {
		if (UNMARSHALLING(ps))
			if (!(attr->sec_qos = PRS_ALLOC_MEM( ps, LSA_SEC_QOS, 1 )))
				return False;

		if(!lsa_io_sec_qos("sec_qos", attr->sec_qos, ps, depth))

                r_e->ptr_enum_domains = 1;
                r_e->num_domains2 = 1;
		
		if (!(r_e->hdr_domain_name = TALLOC_P(ctx,UNIHDR2)))
			return;

		if (!(r_e->uni_domain_name = TALLOC_P(ctx,UNISTR2)))
			return;

		if (!(r_e->domain_sid = TALLOC_P(ctx,DOM_SID2)))
			return;

		init_uni_hdr2(&r_e->hdr_domain_name[0], len_domain_name);

		num_domains = r_e->num_domains2;

		if (UNMARSHALLING(ps)) {
			if (!(r_e->hdr_domain_name = PRS_ALLOC_MEM( ps, UNIHDR2, num_domains )))
				return False;

			if (!(r_e->uni_domain_name = PRS_ALLOC_MEM( ps, UNISTR2, num_domains )))
				return False;

			if (!(r_e->domain_sid = PRS_ALLOC_MEM( ps, DOM_SID2, num_domains )))
				return False;
		}


		return False;

	if (UNMARSHALLING(ps)) {
		d_q->auditsettings = (uint32 *)TALLOC_ZERO_ARRAY(ps->mem_ctx, uint32, d_q->count2);
	}

	if (d_q->auditsettings == NULL) {


	if (num_entries == 0) return;

	if ((sen->ptr_sid = (uint32 *)TALLOC_ZERO_ARRAY(mem_ctx, uint32, num_entries)) == NULL) {
					     sizeof(uint32))) == NULL) {
		DEBUG(3, ("init_lsa_sid_enum(): out of memory for ptr_sid\n"));
		return;
	}

	if ((sen->sid = (DOM_SID2 *)TALLOC_ZERO_ARRAY(mem_ctx, DOM_SID2, num_entries)) == NULL) {
					   sizeof(DOM_SID2))) == NULL) {
		DEBUG(3, ("init_lsa_sid_enum(): out of memory for sids\n"));
		return;
	}

	/* Mallocate memory if we're unpacking from the wire */

	if (UNMARSHALLING(ps)) {
		if ((sen->ptr_sid = PRS_ALLOC_MEM( ps, uint32, sen->num_entries )) == NULL) {
			sen->num_entries * sizeof(uint32))) == NULL) {
			DEBUG(3, ("init_lsa_sid_enum(): out of memory for "
				  "ptr_sid\n"));
			return False;
		}

		if ((sen->sid = PRS_ALLOC_MEM( ps, DOM_SID2, sen->num_entries )) == NULL) {
			sen->num_entries * sizeof(DOM_SID2))) == NULL) {
			DEBUG(3, ("init_lsa_sid_enum(): out of memory for "
				  "sids\n"));
			return False;

			return False;

		if (UNMARSHALLING(ps)) {
			if ((trn->name = PRS_ALLOC_MEM( ps, LSA_TRANS_NAME, trn->num_entries )) == NULL) {
			     prs_alloc_mem(ps, trn->num_entries * 
				    sizeof(LSA_TRANS_NAME))) == NULL) {
				return False;
			}

			if ((trn->uni_name = PRS_ALLOC_MEM( ps, UNISTR2, trn->num_entries )) == NULL) {
			     prs_alloc_mem(ps, trn->num_entries *
				    sizeof(UNISTR2))) == NULL) {
				return False;
			}
		}

	q_l->num_entries2 = num_names;
	q_l->lookup_level = 1;

	if ((q_l->uni_name = (UNISTR2 *)TALLOC_ZERO_ARRAY(
		mem_ctx, UNISTR2, num_names)) == NULL) {
		DEBUG(3, ("init_q_lookup_names(): out of memory\n"));
		return;
	}

	if ((q_l->hdr_name = (UNIHDR *)TALLOC_ZERO_ARRAY(
		mem_ctx, UNIHDR, num_names)) == NULL) {
		DEBUG(3, ("init_q_lookup_names(): out of memory\n"));
		return;
	}


	if (UNMARSHALLING(ps)) {
		if (q_r->num_entries) {
			if ((q_r->hdr_name = PRS_ALLOC_MEM( ps, UNIHDR, q_r->num_entries )) == NULL)
					q_r->num_entries * sizeof(UNIHDR))) == NULL)
				return False;
			if ((q_r->uni_name = PRS_ALLOC_MEM( ps, UNISTR2, q_r->num_entries )) == NULL)
					q_r->num_entries * sizeof(UNISTR2))) == NULL)
				return False;
		}
	}

		}

		if (UNMARSHALLING(ps)) {
			if ((r_r->dom_rid = PRS_ALLOC_MEM( ps, DOM_RID2, r_r->num_entries2 ))
			    == NULL) {
				DEBUG(3, ("lsa_io_r_lookup_names(): out of memory\n"));
				return False;

			return False;

		if (UNMARSHALLING(ps))
			if (!(r_q->privs = PRS_ALLOC_MEM(ps, LSA_PRIV_ENTRY, r_q->count1)))
				return False;

		if (!lsa_io_priv_entries("", r_q->privs, r_q->count1, ps, depth))

		/* malloc memory if unmarshalling here */

		if (UNMARSHALLING(ps) && r_c->count!=0) {
			if (!(r_c->set.set = PRS_ALLOC_MEM( ps, LUID_ATTR, r_c->count )))
				return False;

		}

		return False;

	if (UNMARSHALLING(ps) && r_c->count!=0) {
		if (!(r_c->set.set = PRS_ALLOC_MEM( ps, LUID_ATTR, r_c->count )))
			return False;
	}
	

			return False;

		if (UNMARSHALLING(ps) && r_c->count!=0) {
			if (!(r_c->set.set = PRS_ALLOC_MEM(ps,LUID_ATTR, r_c->count)))
				return False;
		}






	len = strlen(buf) + 1;

	len = MAX(len, MAX_UNISTRLEN);
		len = MAX_UNISTRLEN;
	len *= sizeof(uint16);

	str->buffer = (uint16 *)TALLOC_ZERO_ARRAY(get_talloc_ctx(), uint16, len);
	if (str->buffer == NULL)
		smb_panic("init_unistr: malloc fail\n");

	/* store the string (null-terminated copy) */
	dos_struni2((char *)str->buffer, buf, sizeof(uint16)*len);
}

/*******************************************************************


static void create_buffer3(BUFFER3 *str, size_t len)
{
	len = MAX(len,MAX_BUFFERLEN);
		len = MAX_BUFFERLEN;

	str->buffer = TALLOC_ZERO(get_talloc_ctx(), len);
	if (str->buffer == NULL)
		smb_panic("create_buffer3: talloc fail\n");


		return False;

	if (UNMARSHALLING(ps)) {
		buf3->buffer = PRS_ALLOC_MEM( ps, unsigned char, buf3->buf_max_len );
		if (buf3->buffer == NULL)
			return False;
	}

	str->buf_len = buf != NULL ? len : 0;

	if (buf != NULL) {
		len = MAX(len, MAX_BUFFERLEN);
		str->buffer = TALLOC_ZERO(get_talloc_ctx(), len);
		str->buffer = talloc_zero(get_talloc_ctx(), len);
		if (str->buffer == NULL)
			smb_panic("init_buffer2: talloc fail\n");
		memcpy(str->buffer, buf, MIN(str->buf_len, len));

	   (the the length of the source string) to prevent
	   reallocation of memory. */
	if (str->buffer == NULL) {
	    size_t alloc_len = MAX(from->uni_max_len,MAX_UNISTRLEN);
	    str->buffer = (uint16 *)TALLOC_ZERO_ARRAY(get_talloc_ctx(), uint16, alloc_len);
	    if ((str->buffer == NULL)) {
			len = MAX_UNISTRLEN;
		len *= sizeof(uint16);

   		str->buffer = (uint16 *)talloc_zero(get_talloc_ctx(), len);
		if ((str->buffer == NULL) && (len > 0 ))
		{
			smb_panic("copy_unistr2: talloc fail\n");
			return;
		}


void init_string2(STRING2 *str, const char *buf, int max_len, int str_len)
{
	int alloc_len = 0;

	/* set up string lengths. */
	str->str_max_len = max_len;
	str->undoc       = 0;


	/* store the string */
	if(str_len != 0) {
		int alloc_len = MAX(str_len,MAX_STRINGLEN);
		str->buffer = TALLOC_ZERO(get_talloc_ctx(), alloc_len);
		str->buffer = talloc_zero(get_talloc_ctx(), alloc_len);
		if (str->buffer == NULL)
			smb_panic("init_string2: malloc fail\n");
		memcpy(str->buffer, buf, str_len);

	str->undoc       = 0;
	str->uni_str_len = (uint32)len;

	len = MAX(len, MAX_UNISTRLEN);
		len = MAX_UNISTRLEN;
	len *= sizeof(uint16);

	str->buffer = TALLOC_ZERO_ARRAY(get_talloc_ctx(), uint16, len);
	if (str->buffer == NULL)
	{
		smb_panic("init_unistr2: malloc fail\n");
		return;
	}

	/* Ensure len is the length in *bytes* */
	len *= sizeof(uint16);

	/*
	 * don't move this test above ! The UNISTR2 must be initialized !!!
	 * jfm, 7/7/2001.

	to->uni_str_len = i;

	/* allocate the space and copy the string buffer */
	to->buffer = TALLOC_ZERO_ARRAY(get_talloc_ctx(), uint16, to->uni_str_len);
	if (to->buffer == NULL)
		smb_panic("init_unistr2_from_unistr: malloc fail\n");
	memcpy(to->buffer, from->buffer, to->uni_max_len*sizeof(uint16));

	if (len < MAX_UNISTRLEN)
		len = MAX_UNISTRLEN;

	str->str.buffer = TALLOC_ZERO_ARRAY(get_talloc_ctx(), uint16, len);

	str->str.buffer = (uint16 *)talloc_zero(get_talloc_ctx(), len);
	if (str->str.buffer == NULL)
		smb_panic("init_unistr3: malloc fail\n");

	/* store the string (null-terminated copy) */
	dos_struni2((char *)str->str.buffer, buf, len*sizeof(uint16));
}

/*******************************************************************




			;

		/* Now allocate space for them. */
		*ppsids = TALLOC_ZERO_ARRAY(ctx, DOM_SID2, count);
		if (*ppsids == NULL)
			return 0;


	depth++;

	if (UNMARSHALLING(ps)) {
		ctr = *pp_ctr = PRS_ALLOC_MEM( ps, NET_ID_INFO_CTR, 1 );
		if (ctr == NULL)
			return False;
	}

	/* always have at least one group == the user's primary group */
	usr->num_groups2 = num_groups+1;

	usr->gids = TALLOC_ZERO_ARRAY(ctx,DOM_GID, num_groups+1);
	if (usr->gids == NULL)
		return;


		return False;

	if (UNMARSHALLING(ps) && usr->num_groups2 > 0) {
		usr->gids = PRS_ALLOC_MEM( ps, DOM_GID, usr->num_groups2 );
		if (usr->gids == NULL)
			return False;
	}

	if (usr->num_other_sids) {

		if (UNMARSHALLING(ps)) {
			usr->other_sids = PRS_ALLOC_MEM( ps, DOM_SID2, usr->num_other_sids );
			if (usr->other_sids == NULL)
				return False;
		}

			return False;

		if (UNMARSHALLING(ps) && usr->num_other_groups > 0) {
			usr->other_gids = PRS_ALLOC_MEM( ps, DOM_GID, usr->num_other_groups );
			if (usr->other_gids == NULL)
				return False;
		}

			return False;
		}

                info->rids = TALLOC_ARRAY(ps->mem_ctx, uint32, info->num_members2);
                                    info->num_members2);

                if (info->rids == NULL) {
                        DEBUG(0, ("out of memory allocating %d rids\n",

			return False;
		}

                info->attribs = TALLOC_ARRAY(ps->mem_ctx, uint32, info->num_members3);
                                       info->num_members3);

                if (info->attribs == NULL) {
                        DEBUG(0, ("out of memory allocating %d attribs\n",

			return False;
		}

                info->ptr_sids = TALLOC_ARRAY(ps->mem_ctx, uint32, info->num_sids);
                                        info->num_sids);
                
                if (info->ptr_sids == NULL) {
                        DEBUG(0, ("out of memory allocating %d ptr_sids\n",

                                return False;
		}

                info->sids = TALLOC_ARRAY(ps->mem_ctx, DOM_SID2, info->num_sids);
                                    info->num_sids);

                if (info->sids == NULL) {
                        DEBUG(0, ("error allocating %d sids\n",

			}

                        if (r_s->num_deltas2 > 0) {
                                r_s->hdr_deltas = TALLOC_ARRAY(ps->mem_ctx, SAM_DELTA_HDR, r_s->num_deltas2);
                                        talloc(ps->mem_ctx, r_s->num_deltas2 *
                                               sizeof(SAM_DELTA_HDR));
                          
                                if (r_s->hdr_deltas == NULL) {
                                        DEBUG(0, ("error tallocating memory "

			}

                        if (r_s->num_deltas2 > 0) {
                                r_s->deltas = TALLOC_ARRAY(ps->mem_ctx, SAM_DELTA_CTR, r_s->num_deltas2 );
                                        talloc(ps->mem_ctx, r_s->num_deltas2 *
                                               sizeof(SAM_DELTA_CTR));

                                if (r_s->deltas == NULL) {
                                        DEBUG(0, ("error tallocating memory "

		if (r_s->ptr_deltas != 0)
		{
                        if (r_s->num_deltas > 0) {
                                r_s->hdr_deltas = TALLOC_ARRAY(ps->mem_ctx, SAM_DELTA_HDR, r_s->num_deltas);
                                        talloc(ps->mem_ctx, r_s->num_deltas *
                                               sizeof(SAM_DELTA_HDR));
                                if (r_s->hdr_deltas == NULL) {
                                        DEBUG(0, ("error tallocating memory "
                                                  "for %d delta headers\n", 

			}
                        
                        if (r_s->num_deltas > 0) {
                                r_s->deltas = TALLOC_ARRAY(ps->mem_ctx, SAM_DELTA_CTR, r_s->num_deltas );
                                        talloc(ps->mem_ctx, r_s->num_deltas *
                                               sizeof(SAM_DELTA_CTR));

                                if (r_s->deltas == NULL) {
                                        DEBUG(0, ("error tallocating memory "





	if (size != 0) {
		ps->buffer_size = size;
		if((ps->data_p = (char *)SMB_MALLOC((size_t)size)) == NULL) {
			DEBUG(0,("prs_init: malloc fail for %u bytes.\n", (unsigned int)size));
			return False;
		}

}

/*******************************************************************
 Allocate memory when unmarshalling... Always zero clears.
 ********************************************************************/

char *prs_alloc_mem(prs_struct *ps, size_t size)
{
	char *ret = talloc(ps->mem_ctx, size);

	if (ret)
		memset(ret, '\0', size);

	return ret;
}

/*******************************************************************
 Return the current talloc context we're using.
 ********************************************************************/


		return prs_force_grow(ps, newsize - ps->buffer_size);

	if (newsize < ps->buffer_size) {
		char *new_data_p = SMB_REALLOC(ps->data_p, newsize);
		/* if newsize is zero, Realloc acts like free() & returns NULL*/
		if (new_data_p == NULL && newsize != 0) {
			DEBUG(0,("prs_set_buffer_size: Realloc failure for size %u.\n",


		new_size = MAX(MAX_PDU_FRAG_LEN,extra_space);

		if((new_data = SMB_MALLOC(new_size)) == NULL) {
			DEBUG(0,("prs_grow: Malloc failure for size %u.\n", (unsigned int)new_size));
			return False;
		}

		 */
		new_size = MAX(ps->buffer_size*2, ps->buffer_size + extra_space);		

		if ((new_data = SMB_REALLOC(ps->data_p, new_size)) == NULL) {
			DEBUG(0,("prs_grow: Realloc failure for size %u.\n",
				(unsigned int)new_size));
			return False;

		return False;
	}

	if((new_data = SMB_REALLOC(ps->data_p, new_size)) == NULL) {
		DEBUG(0,("prs_force_grow: Realloc failure for size %u.\n",
			(unsigned int)new_size));
		return False;

		return False;

	if (UNMARSHALLING(ps)) {
		str->buffer = PRS_ALLOC_MEM( ps, uint16, str->buf_len );
		if (str->buffer == NULL)
			return False;
	}

		return False;

	if (UNMARSHALLING(ps)) {
		str->buffer = PRS_ALLOC_MEM( ps, uint16, str->buf_len );
		if (str->buffer == NULL)
			return False;
	}

		return False;

	if (UNMARSHALLING(ps)) {
		str->buffer = PRS_ALLOC_MEM( ps, unsigned char, str->str_max_len );
		if (str->buffer == NULL)
			return False;
	}

		return True;

	if (UNMARSHALLING(ps)) {
		str->buffer = PRS_ALLOC_MEM( ps, uint16, str->uni_max_len );
		if (str->buffer == NULL)
			return False;
	}

		return False;

	if (UNMARSHALLING(ps)) {
		str->str.buffer = PRS_ALLOC_MEM(ps, uint16, str->uni_str_len );
		if (str->str.buffer == NULL)
			return False;
	}

			;

		/* should we allocate anything at all? */
		str->buffer = PRS_ALLOC_MEM( ps, uint16, alloc_len );
		if ((str->buffer == NULL) && (alloc_len > 0))
			return False;





			return False;

		if (UNMARSHALLING(ps) && (r_u->num_entries2 != 0)) {
			r_u->sam = PRS_ALLOC_MEM( ps, SAM_ENTRY, r_u->num_entries2 );
			r_u->uni_acct_name = PRS_ALLOC_MEM( ps, UNISTR2, r_u->num_entries2 );
		}

		if ((r_u->sam == NULL || r_u->uni_acct_name == NULL) && r_u->num_entries2 != 0) {

	if (num_entries==0)
		return NT_STATUS_OK;

	sam->sam=TALLOC_ARRAY(ctx, SAM_ENTRY1, num_entries);
	if (!sam->sam)
		return NT_STATUS_NO_MEMORY;

	sam->str=TALLOC_ARRAY(ctx, SAM_STR1, num_entries);
	if (!sam->str)
		return NT_STATUS_NO_MEMORY;



	if (UNMARSHALLING(ps) && num_entries > 0) {

		if ((sam->sam = PRS_ALLOC_MEM(ps, SAM_ENTRY1, num_entries)) == NULL) {
		     prs_alloc_mem(ps, sizeof(SAM_ENTRY1) *
				   num_entries)) == NULL) {
			DEBUG(0, ("out of memory allocating SAM_ENTRY1\n"));
			return False;
		}

		if ((sam->str = PRS_ALLOC_MEM(ps, SAM_STR1, num_entries)) == NULL) {
		     prs_alloc_mem(ps, sizeof(SAM_STR1) * 
				   num_entries)) == NULL) {
			DEBUG(0, ("out of memory allocating SAM_STR1\n"));
			return False;
		}

	if (num_entries==0)
		return NT_STATUS_OK;

	if (!(sam->sam=TALLOC_ARRAY(ctx, SAM_ENTRY2, num_entries)))
		return NT_STATUS_NO_MEMORY;

	if (!(sam->str=TALLOC_ARRAY(ctx, SAM_STR2, num_entries)))
		return NT_STATUS_NO_MEMORY;

	ZERO_STRUCTP(sam->sam);


	if (UNMARSHALLING(ps) && num_entries > 0) {

		if ((sam->sam = PRS_ALLOC_MEM( ps, SAM_ENTRY2, num_entries )) == NULL) {
		     prs_alloc_mem(ps, sizeof(SAM_ENTRY2) *
				   num_entries)) == NULL) {
			DEBUG(0, ("out of memory allocating SAM_ENTRY2\n"));
			return False;
		}

		if ((sam->str = PRS_ALLOC_MEM( ps, SAM_STR2, num_entries )) == NULL) {
		     prs_alloc_mem(ps, sizeof(SAM_STR2) * 
				   num_entries)) == NULL) {
			DEBUG(0, ("out of memory allocating SAM_STR2\n"));
			return False;
		}

	if (num_entries==0)
		return NT_STATUS_OK;

	if (!(sam->sam=TALLOC_ARRAY(ctx, SAM_ENTRY3, num_entries)))
		return NT_STATUS_NO_MEMORY;

	if (!(sam->str=TALLOC_ARRAY(ctx, SAM_STR3, num_entries)))
		return NT_STATUS_NO_MEMORY;

	ZERO_STRUCTP(sam->sam);


	if (UNMARSHALLING(ps) && num_entries > 0) {

		if ((sam->sam = PRS_ALLOC_MEM( ps, SAM_ENTRY3, num_entries )) == NULL) {
		     prs_alloc_mem(ps, sizeof(SAM_ENTRY3) *
				   num_entries)) == NULL) {
			DEBUG(0, ("out of memory allocating SAM_ENTRY3\n"));
			return False;
		}

		if ((sam->str = PRS_ALLOC_MEM( ps, SAM_STR3, num_entries )) == NULL) {
		     prs_alloc_mem(ps, sizeof(SAM_STR3) * 
				   num_entries)) == NULL) {
			DEBUG(0, ("out of memory allocating SAM_STR3\n"));
			return False;
		}

	if (num_entries==0)
		return NT_STATUS_OK;

	if (!(sam->sam=TALLOC_ARRAY(ctx, SAM_ENTRY4, num_entries)))
		return NT_STATUS_NO_MEMORY;

	if (!(sam->str=TALLOC_ARRAY(ctx, SAM_STR4, num_entries)))
		return NT_STATUS_NO_MEMORY;

	ZERO_STRUCTP(sam->sam);


	if (UNMARSHALLING(ps) && num_entries > 0) {

		if ((sam->sam = PRS_ALLOC_MEM( ps, SAM_ENTRY4, num_entries )) == NULL) {
		     prs_alloc_mem(ps, sizeof(SAM_ENTRY4) *
				   num_entries)) == NULL) {
			DEBUG(0, ("out of memory allocating SAM_ENTRY4\n"));
			return False;
		}

		if ((sam->str = PRS_ALLOC_MEM(ps, SAM_STR4, num_entries )) == NULL) {
		     prs_alloc_mem(ps, sizeof(SAM_STR4) * 
				   num_entries)) == NULL) {
			DEBUG(0, ("out of memory allocating SAM_STR4\n"));
			return False;
		}

	if (num_entries==0)
		return NT_STATUS_OK;

	if (!(sam->sam=TALLOC_ARRAY(ctx, SAM_ENTRY5, num_entries)))
		return NT_STATUS_NO_MEMORY;

	if (!(sam->str=TALLOC_ARRAY(ctx, SAM_STR5, num_entries)))
		return NT_STATUS_NO_MEMORY;

	ZERO_STRUCTP(sam->sam);


	if (UNMARSHALLING(ps) && num_entries > 0) {

		if ((sam->sam = PRS_ALLOC_MEM( ps, SAM_ENTRY5, num_entries )) == NULL) {
		     prs_alloc_mem(ps, sizeof(SAM_ENTRY5) *
				   num_entries)) == NULL) {
			DEBUG(0, ("out of memory allocating SAM_ENTRY5\n"));
			return False;
		}

		if ((sam->str = PRS_ALLOC_MEM( ps, SAM_STR5, num_entries )) == NULL) {
		     prs_alloc_mem(ps, sizeof(SAM_STR5) * 
				   num_entries)) == NULL) {
			DEBUG(0, ("out of memory allocating SAM_STR5\n"));
			return False;
		}

				prs_struct *ps, int depth)
{
	if (UNMARSHALLING(ps))
		*ctr = PRS_ALLOC_MEM( ps, GROUP_INFO_CTR, 1 );

	if (*ctr == NULL)
		return False;

			if(!prs_uint32("num_rids", ps, depth, &r_u->num_rids))
				return False;
			if (UNMARSHALLING(ps) && r_u->num_rids != 0) {
				r_u->rid = PRS_ALLOC_MEM( ps, uint32, r_u->num_rids );
				if (r_u->rid == NULL)
					return False;
			}

				return False;

			if (UNMARSHALLING(ps) && r_u->num_attrs != 0) {
				r_u->attr = PRS_ALLOC_MEM( ps, uint32, r_u->num_attrs );
				if (r_u->attr == NULL)
					return False;
			}


	if ((*num_gids) != 0) {
		if (UNMARSHALLING(ps)) {
			(*gid) = PRS_ALLOC_MEM( ps, DOM_GID, (*num_gids) );
		}

		if ((*gid) == NULL) {

			return False;

		if (UNMARSHALLING(ps)) {
			r_u->sam = PRS_ALLOC_MEM( ps, SAM_ENTRY, r_u->num_entries2 );
			r_u->uni_dom_name = PRS_ALLOC_MEM( ps, UNISTR2, r_u->num_entries2 );
		}

		if ((r_u->sam == NULL || r_u->uni_dom_name == NULL) && r_u->num_entries2 != 0) {

			return False;

		if (UNMARSHALLING(ps)) {
			r_u->sam = PRS_ALLOC_MEM(ps, SAM_ENTRY, r_u->num_entries2 );
			r_u->uni_grp_name = PRS_ALLOC_MEM( ps, UNISTR2, r_u->num_entries2 );
		}

		if ((r_u->sam == NULL || r_u->uni_grp_name == NULL) && r_u->num_entries2 != 0) {

			return False;

		if (UNMARSHALLING(ps) && (r_u->num_entries2 > 0)) {
			r_u->sam = PRS_ALLOC_MEM( ps, SAM_ENTRY, r_u->num_entries2 );
			r_u->uni_grp_name = PRS_ALLOC_MEM( ps, UNISTR2, r_u->num_entries2 );
		}

		if (r_u->num_entries2 != 0 && 

		return False;

	if (UNMARSHALLING(ps) && (q_u->num_sids2 != 0)) {
		q_u->ptr_sid = PRS_ALLOC_MEM( ps, uint32, q_u->num_sids2 );
		if (q_u->ptr_sid == NULL)
			return False;

		q_u->sid = PRS_ALLOC_MEM( ps, DOM_SID2, q_u->num_sids2 );
		if (q_u->sid == NULL)
			return False;
	}

	if ((*num_rids) != 0) {
		if (UNMARSHALLING(ps)) {
			/* reading */
			(*rid) = PRS_ALLOC_MEM( ps, uint32, (*num_rids) );
		}
		if ((*rid) == NULL)
			return False;

	q_u->flags = flags;
	q_u->ptr = 0;
	q_u->num_rids2 = num_rids;
	q_u->rid = TALLOC_ZERO_ARRAY(ctx, uint32, num_rids);
	if (q_u->rid == NULL) {
		q_u->num_rids1 = 0;
		q_u->num_rids2 = 0;

		return False;

	if (UNMARSHALLING(ps) && (q_u->num_rids2 != 0)) {
		q_u->rid = PRS_ALLOC_MEM( ps, uint32, q_u->num_rids2 );
		if (q_u->rid == NULL)
			return False;
	}



		if (UNMARSHALLING(ps) && (r_u->num_names2 != 0)) {
			r_u->hdr_name = PRS_ALLOC_MEM( ps, UNIHDR, r_u->num_names2 );
			if (r_u->hdr_name == NULL)
				return False;

			r_u->uni_name = PRS_ALLOC_MEM(ps, UNISTR2, r_u->num_names2 );
			if (r_u->uni_name == NULL)
				return False;
		}

			return False;

		if (UNMARSHALLING(ps) && (r_u->num_types2 != 0)) {
			r_u->type = PRS_ALLOC_MEM(ps, uint32, r_u->num_types2 );
			if (r_u->type == NULL)
				return False;
		}

	q_u->ptr = 0;
	q_u->num_names2 = num_names;

	if (!(q_u->hdr_name = TALLOC_ZERO_ARRAY(ctx, UNIHDR, num_names)))
		return NT_STATUS_NO_MEMORY;

	if (!(q_u->uni_name = TALLOC_ZERO_ARRAY(ctx, UNISTR2, num_names)))
		return NT_STATUS_NO_MEMORY;

	for (i = 0; i < num_names; i++) {

		return False;

	if (UNMARSHALLING(ps) && (q_u->num_names2 != 0)) {
		q_u->hdr_name = PRS_ALLOC_MEM( ps, UNIHDR, q_u->num_names2 );
		q_u->uni_name = PRS_ALLOC_MEM( ps, UNISTR2, q_u->num_names2 );
		q_u->uni_name = (UNISTR2 *)prs_alloc_mem(ps, sizeof(UNISTR2) *
							 q_u->num_names2);
		if (!q_u->hdr_name || !q_u->uni_name)
			return False;
	}

		r_u->ptr_rids = 1;
		r_u->num_rids2 = num_rids;

		if (!(r_u->rids = TALLOC_ZERO_ARRAY(ctx, uint32,num_rids)))
			return NT_STATUS_NO_MEMORY;
		if (!(r_u->types = TALLOC_ZERO_ARRAY(ctx, uint32,num_rids)))
			return NT_STATUS_NO_MEMORY;

		if (!r_u->rids || !r_u->types)

		}

		if (UNMARSHALLING(ps))
			r_u->rids = PRS_ALLOC_MEM( ps, uint32, r_u->num_rids2 );

		if (!r_u->rids) {
			DEBUG(0, ("NULL rids in samr_io_r_lookup_names\n"));

		}

		if (UNMARSHALLING(ps))
			r_u->types = PRS_ALLOC_MEM( ps, uint32, r_u->num_types2 );

		if (!r_u->types) {
			DEBUG(0, ("NULL types in samr_io_r_lookup_names\n"));


	switch (switch_value) {
	case 0x10:
		ctr->info.id10 = TALLOC_ZERO_P(ctx,SAM_USER_INFO_10);
		if (ctr->info.id10 == NULL)
			return NT_STATUS_NO_MEMORY;


			expire.low = 0xffffffff;
			expire.high = 0x7fffffff;

			ctr->info.id = TALLOC_ZERO_P(ctx,SAM_USER_INFO_11);
			init_sam_user_info11(ctr->info.id11, &expire,
					     "BROOKFIELDS$",	/* name */
					     0x03ef,	/* user rid */

		}
#endif
	case 0x12:
		ctr->info.id12 = TALLOC_ZERO_P(ctx,SAM_USER_INFO_12);
		if (ctr->info.id12 == NULL)
			return NT_STATUS_NO_MEMORY;


	case 21:
		{
			SAM_USER_INFO_21 *cusr;
			cusr = TALLOC_ZERO_P(ctx,SAM_USER_INFO_21);
			ctr->info.id21 = cusr;
			if (ctr->info.id21 == NULL)
				return NT_STATUS_NO_MEMORY;

	depth++;

	if (UNMARSHALLING(ps)) {
		ctr = PRS_ALLOC_MEM( ps, SAM_USERINFO_CTR, 1 );
		if (ctr == NULL)
			return False;
		*ppctr = ctr;

	switch (ctr->switch_value) {
	case 0x10:
		if (UNMARSHALLING(ps))
			ctr->info.id10 = PRS_ALLOC_MEM( ps, SAM_USER_INFO_10, 1);
		if (ctr->info.id10 == NULL) {
			DEBUG(2,("samr_io_userinfo_ctr: info pointer not initialised\n"));
			return False;

		break;
	case 0x11:
		if (UNMARSHALLING(ps))
			ctr->info.id11 = PRS_ALLOC_MEM( ps, SAM_USER_INFO_11, 1 );

		if (ctr->info.id11 == NULL) {
			DEBUG(2,("samr_io_userinfo_ctr: info pointer not initialised\n"));

		break;
	case 0x12:
		if (UNMARSHALLING(ps))
			ctr->info.id12 = PRS_ALLOC_MEM( ps, SAM_USER_INFO_12, 1 );

		if (ctr->info.id12 == NULL) {
			DEBUG(2,("samr_io_userinfo_ctr: info pointer not initialised\n"));

		break;
	case 20:
		if (UNMARSHALLING(ps))
			ctr->info.id20 = PRS_ALLOC_MEM( ps, SAM_USER_INFO_20, 1 );

		if (ctr->info.id20 == NULL) {
			DEBUG(2,("samr_io_userinfo_ctr: info pointer not initialised\n"));

		break;
	case 21:
		if (UNMARSHALLING(ps))
			ctr->info.id21 = PRS_ALLOC_MEM( ps, SAM_USER_INFO_21, 1 );

		if (ctr->info.id21 == NULL) {
			DEBUG(2,("samr_io_userinfo_ctr: info pointer not initialised\n"));

		break;
	case 23:
		if (UNMARSHALLING(ps))
			ctr->info.id23 = PRS_ALLOC_MEM( ps, SAM_USER_INFO_23, 1 );

		if (ctr->info.id23 == NULL) {
			DEBUG(2,("samr_io_userinfo_ctr: info pointer not initialised\n"));

		break;
	case 24:
		if (UNMARSHALLING(ps))
			ctr->info.id24 = PRS_ALLOC_MEM( ps, SAM_USER_INFO_24, 1);

		if (ctr->info.id24 == NULL) {
			DEBUG(2,("samr_io_userinfo_ctr: info pointer not initialised\n"));

		break;
	case 25:
		if (UNMARSHALLING(ps))
			ctr->info.id25 = PRS_ALLOC_MEM( ps, SAM_USER_INFO_25, 1 );

		if (ctr->info.id25 == NULL) {
			DEBUG(2,("samr_io_userinfo_ctr: info pointer not initialised\n"));

	if(!prs_align(ps))
		return False;

	if ((q_u->ctr = PRS_ALLOC_MEM( ps, SAM_UNK_CTR, 1 )) == NULL)
		return False;
	
	switch (q_u->switch_value) {




	SEC_ACL *dst;
	int i;

	if((dst = TALLOC_ZERO_P(ctx,SEC_ACL)) == NULL)
		return NULL;

	dst->revision = revision;

	   positive number. */

	if ((num_aces) && 
            ((dst->ace = TALLOC_ARRAY(ctx, SEC_ACE,num_aces)) 
             == NULL)) {
		return NULL;
	}

		/*
		 * This is a read and we must allocate the stuct to read into.
		 */
		if((psa = PRS_ALLOC_MEM( ps, SEC_ACL, 1 )) == NULL)
			return False;
		*ppsa = psa;
	}

		 * between a non-present DACL (allow all access) and a DACL with no ACE's
		 * (allow no access).
		 */
		if((psa->ace = PRS_ALLOC_MEM( ps, SEC_ACE, psa->num_aces+1 )) == NULL)
			return False;
	}


  if(!src)
    return NULL;

  if((dst = TALLOC_ZERO_P(ctx, DOM_SID)) != NULL) {
    sid_copy( dst, src);
  }



	*sd_size = 0;

	if(( dst = TALLOC_ZERO_P(ctx, SEC_DESC)) == NULL)
		return NULL;

	dst->revision = revision;


	if (psd == NULL) {
		if(UNMARSHALLING(ps)) {
			if((psd = PRS_ALLOC_MEM( ps, SEC_DESC, 1 )) == NULL)
				return False;
			*ppsd = psd;
		} else {


		if (UNMARSHALLING(ps)) {
			/* reading */
			if((psd->owner_sid = PRS_ALLOC_MEM( ps, DOM_SID, 1 )) == NULL)
				return False;
		}



		if (UNMARSHALLING(ps)) {
			/* reading */
			if((psd->grp_sid = PRS_ALLOC_MEM( ps, DOM_SID, 1 )) == NULL)
				return False;
		}


{
	SEC_DESC_BUF *dst;

	if((dst = TALLOC_ZERO_P(ctx, SEC_DESC_BUF)) == NULL)
		return NULL;

	/* max buffer size (allocated size) */

	psdb = *ppsdb;

	if (UNMARSHALLING(ps) && psdb == NULL) {
		if((psdb = PRS_ALLOC_MEM( ps, SEC_DESC_BUF, 1 )) == NULL)
			return False;
		*ppsdb = psdb;
	}





	/* reading */
	if (UNMARSHALLING(ps))
		if((ctr->type=PRS_ALLOC_MEM( ps, SPOOL_NOTIFY_OPTION_TYPE, ctr->count )) == NULL)
			return False;
		
	/* the option type struct */


			/* Tallocate memory for string */

			data->notify_data.data.string = PRS_ALLOC_MEM( ps, uint16, x );
			if (!data->notify_data.data.string) 
				return False;


	depth++;

	if (UNMARSHALLING(ps)) {
		devmode->devicename.buffer = PRS_ALLOC_MEM( ps, uint16, 32 );
		if (devmode->devicename.buffer == NULL)
			return False;
	}

		return False;

	if (UNMARSHALLING(ps)) {
		devmode->formname.buffer = PRS_ALLOC_MEM( ps, uint16, 32 );
		if (devmode->formname.buffer == NULL)
			return False;
	}


	if (devmode->driverextra!=0) {
		if (UNMARSHALLING(ps)) {
			devmode->private= PRS_ALLOC_MEM( ps, uint8, devmode->driverextra );
			if(devmode->private == NULL)
				return False;
			DEBUG(7,("spoolss_io_devmode: allocated memory [%d] for private\n",devmode->driverextra)); 

	/* so we have a DEVICEMODE to follow */		
	if (UNMARSHALLING(ps)) {
		DEBUG(9,("Allocating memory for spoolss_io_devmode\n"));
		dm_c->devmode= PRS_ALLOC_MEM( ps, DEVICEMODE, 1 );
		if(dm_c->devmode == NULL)
			return False;
	}

	SPOOL_PRINTER_INFO_LEVEL_2 *inf;

	/* allocate the necessary memory */
	if (!(inf=TALLOC_P(mem_ctx, SPOOL_PRINTER_INFO_LEVEL_2))) {
		DEBUG(0,("make_spoolss_printer_info_2: Unable to allocate SPOOL_PRINTER_INFO_LEVEL_2 sruct!\n"));
		return False;
	}

		return False;
	
	if (UNMARSHALLING(ps) && r_u->size) {
		r_u->data = PRS_ALLOC_MEM( ps, unsigned char, r_u->size );
		if(!r_u->data)
			return False;
	}

	if (q_u->buffer_size!=0)
	{
		if (UNMARSHALLING(ps))
			q_u->buffer=PRS_ALLOC_MEM( ps, uint8, q_u->buffer_size );
		if(q_u->buffer == NULL)
			return False;	
		if(!prs_uint8s(True, "buffer", ps, depth, q_u->buffer, q_u->buffer_size))

	if (q_u->option_ptr!=0) {
	
		if (UNMARSHALLING(ps))
			if((q_u->option= PRS_ALLOC_MEM( ps, SPOOL_NOTIFY_OPTION, 1 )) == NULL)
				return False;
	
		if(!smb_io_notify_option("notify option", q_u->option, ps, depth))

	if (q_u->option_ptr!=0) {
	
		if (UNMARSHALLING(ps))
			if((q_u->option= PRS_ALLOC_MEM( ps, SPOOL_NOTIFY_OPTION, 1 )) == NULL)
				return False;
	
		if(!smb_io_notify_option("notify option", q_u->option, ps, depth))


			/* Yes this should be malloc not talloc. Don't change. */

			chaine.buffer = SMB_MALLOC_ARRAY( uint16, q-p+1 );
			if (chaine.buffer == NULL)
				return False;



				/* Yes this should be realloc - it's freed below. JRA */

				if((tc2=SMB_REALLOC_ARRAY(chaine2, uint16, l_chaine2+l_chaine+2 )) == NULL) {
					SAFE_FREE(chaine2);
					return False;
				}

		if (chaine2)
		{
			chaine2[l_chaine2] = '\0';
			*string=(uint16 *)TALLOC_MEMDUP(prs_get_mem_context(ps),chaine2,realloc_size);
			SAFE_FREE(chaine2);
		}


			return False;

		/* read the string */
		if((*devmode= PRS_ALLOC_MEM( ps, DEVICEMODE, 1 )) == NULL)
			return False;
		if (!spoolss_io_devmode(desc, ps, depth, *devmode))
			return False;

	depth++;
	
	if (UNMARSHALLING(ps))
		buffer = *pp_buffer = PRS_ALLOC_MEM( ps, NEW_BUFFER, 1 );

	if (buffer == NULL)
		return False;

		
		make_spoolss_printer_info_2 (mem_ctx, &q_u->info.info_2, info->printers_2);
#if 1	/* JERRY TEST */
		q_u->secdesc_ctr = SMB_MALLOC_P(SEC_DESC_BUF);
		if (!q_u->secdesc_ctr)
			return False;
		q_u->secdesc_ctr->ptr = (secdesc != NULL) ? 1: 0;

		case 1:
		{
			if (UNMARSHALLING(ps)) {
				if ((il->info_1= PRS_ALLOC_MEM( ps, SPOOL_PRINTER_INFO_LEVEL_1, 1 )) == NULL)
					return False;
			}
			if (!spool_io_printer_info_level_1("", il->info_1, ps, depth))

		 */	
		case 2:
			if (UNMARSHALLING(ps)) {
				if ((il->info_2= PRS_ALLOC_MEM( ps,  SPOOL_PRINTER_INFO_LEVEL_2, 1 )) == NULL)
					return False;
			}
			if (!spool_io_printer_info_level_2("", il->info_2, ps, depth))

		case 3:
		{
			if (UNMARSHALLING(ps)) {
				if ((il->info_3= PRS_ALLOC_MEM( ps, SPOOL_PRINTER_INFO_LEVEL_3, 1 )) == NULL)
					return False;
			}
			if (!spool_io_printer_info_level_3("", il->info_3, ps, depth))

		
	/* reading */
	if (UNMARSHALLING(ps)) {
		il= PRS_ALLOC_MEM( ps, SPOOL_PRINTER_DRIVER_INFO_LEVEL_3, 1);
		if(il == NULL)
			return False;
		*q_u=il;

		
	/* reading */
	if (UNMARSHALLING(ps)) {
		il= PRS_ALLOC_MEM( ps, SPOOL_PRINTER_DRIVER_INFO_LEVEL_6, 1 );
		if(il == NULL)
			return False;
		*q_u=il;

	while (src < ((char *)buf5->buffer) + buf5->buf_len*2) {
		unistr_to_dos(f, src, sizeof(f)-1);
		src = skip_unibuf(src, 2*buf5->buf_len - PTR_DIFF(src,buf5->buffer));
		tar = SMB_REALLOC_ARRAY( *ar, fstring, n+2 );
		if (!tar)
			return False;
		else

	BOOL		null_char = False;
	SPOOL_PRINTER_DRIVER_INFO_LEVEL_3 *inf;

	if (!(inf=(SPOOL_PRINTER_DRIVER_INFO_LEVEL_3*)TALLOC_ZERO_P(mem_ctx, SPOOL_PRINTER_DRIVER_INFO_LEVEL_3)))
		return False;
	
	inf->cversion	= info3->version;

{

	buf5->buf_len = len;
	if((buf5->buffer=(uint16*)TALLOC_MEMDUP(mem_ctx, src, sizeof(uint16)*len)) == NULL) {
	{
		DEBUG(0,("make_spoolss_buffer5: Unable to malloc memory for buffer!\n"));
		return False;
	}

	
	if (*asc==NULL)
	{
		*asc=SMB_MALLOC_P(NT_PRINTER_DRIVER_INFO_LEVEL_3);
		if(*asc == NULL)
			return False;
		ZERO_STRUCTP(*asc);

	
	if (*asc==NULL)
	{
		*asc=SMB_MALLOC_P(NT_PRINTER_DRIVER_INFO_LEVEL_6);
		if(*asc == NULL)
			return False;
		ZERO_STRUCTP(*asc);

	if (*asc==NULL) {
		DEBUGADD(8,("allocating memory\n"));

		*asc=SMB_MALLOC_P(NT_PRINTER_INFO_LEVEL_2);
		if(*asc == NULL)
			return False;
		ZERO_STRUCTP(*asc);

		return False;

	if (UNMARSHALLING(ps) && r_u->valuesize) {
		r_u->value = PRS_ALLOC_MEM( ps, uint16, r_u->valuesize );
		if (!r_u->value) {
			DEBUG(0, ("spoolss_io_r_enumprinterdata: out of memory for printerdata value\n"));
			return False;

		return False;

	if (UNMARSHALLING(ps) && r_u->datasize) {
		r_u->data = PRS_ALLOC_MEM( ps, uint8, r_u->datasize );
		if (!r_u->data) {
			DEBUG(0, ("spoolss_io_r_enumprinterdata: out of memory for printerdata data\n"));
			return False;


	init_unistr2(&tmp, data, strlen(data)+1);
	q_u->max_len = q_u->real_len = tmp.uni_max_len*2;
	q_u->data = TALLOC(ctx, q_u->real_len);
	memcpy(q_u->data, tmp.buffer, q_u->real_len);
	
	return True;

		case REG_MULTI_SZ:
            if (q_u->max_len) {
                if (UNMARSHALLING(ps))
    				q_u->data= PRS_ALLOC_MEM( ps, uint8, q_u->max_len );
    			if(q_u->data == NULL)
    				return False;
    			if(!prs_uint8s(False,"data", ps, depth, q_u->data, q_u->max_len))


	if (*param == NULL)
	{
		*param=SMB_MALLOC_P(NT_PRINTER_PARAM);
		if(*param == NULL)
			return False;
		memset((char *)*param, '\0', sizeof(NT_PRINTER_PARAM));

	(*param)->data_len=len;
	
	if (len) {
		(*param)->data=SMB_MALLOC_ARRAY( uint8, len );
		if((*param)->data == NULL)
			return False;
		memcpy((*param)->data, data, len);

		if (src->size != POINTER) 
			continue;
		len = src->notify_data.data.length;
		s = SMB_MALLOC_ARRAY(uint16, len );
		if (s == NULL) {
			DEBUG(0,("copy_spool_notify_info_data: malloc() failed!\n"));
			return False;

	
	if (dst->count) 
	{
		dst->data = SMB_MALLOC_ARRAY( SPOOL_NOTIFY_INFO_DATA, dst->count );
		
		DEBUG(10,("copy_spool_notify_info: allocating space for [%d] PRINTER_NOTIFY_INFO_DATA entries\n",
			dst->count));

		return False;
	
	if (UNMARSHALLING(ps) && r_u->size) {
		r_u->data = PRS_ALLOC_MEM( ps, unsigned char, r_u->size );
		if(!r_u->data)
			return False;
	}

		case 0x7:
			if (q_u->max_len) {
				if (UNMARSHALLING(ps))
    					q_u->data= PRS_ALLOC_MEM( ps, uint8, q_u->max_len );
    				if(q_u->data == NULL)
    					return False;
    				if(!prs_uint8s(False,"data", ps, depth, q_u->data, q_u->max_len))

	/* first loop to write basic enum_value information */
	
	if (UNMARSHALLING(ps)) {
		ctr->values = PRS_ALLOC_MEM( ps, PRINTER_ENUM_VALUES, ctr->size_of_array );
			ps, ctr->size_of_array * sizeof(PRINTER_ENUM_VALUES));
		if (!ctr->values)
			return False;
	}

			return False;
		
		if (UNMARSHALLING(ps)) {
			ctr->values[i].data = PRS_ALLOC_MEM( ps, uint8, ctr->values[i].data_len );
				ps, ctr->values[i].data_len);
			if (!ctr->values[i].data)
				return False;
		}




		int i;

		if (UNMARSHALLING(ps)) {
			if (!(info1 = PRS_ALLOC_MEM( ps, SRV_SHARE_INFO_1, num_entries )))
				return False;
			ctr->share.info1 = info1;
		}

		int i;

		if (UNMARSHALLING(ps)) {
			if (!(info2 = PRS_ALLOC_MEM( ps, SRV_SHARE_INFO_2, num_entries )))
				return False;
			ctr->share.info2 = info2;
		}

		int i;

		if (UNMARSHALLING(ps)) {
			if (!(info501 = PRS_ALLOC_MEM( ps, SRV_SHARE_INFO_501, num_entries )))
					sizeof (SRV_SHARE_INFO_501))))
				return False;
			ctr->share.info501 = info501;
		}

		int i;

		if (UNMARSHALLING(ps)) {
			if (!(info502 = PRS_ALLOC_MEM( ps, SRV_SHARE_INFO_502, num_entries )))
				return False;
			ctr->share.info502 = info502;
		}

	depth++;

	if(UNMARSHALLING(ps)) {
		ctr = *pp_ctr = PRS_ALLOC_MEM(ps, SRV_SESS_INFO_CTR, 1 );
		if (ctr == NULL)
			return False;
	}

	depth++;

	if (UNMARSHALLING(ps)) {
		ctr = *pp_ctr = PRS_ALLOC_MEM( ps, SRV_CONN_INFO_CTR, 1 );
		if (ctr == NULL)
			return False;
	}

	SRV_FILE_INFO_CTR *ctr = *pp_ctr;

	if (UNMARSHALLING(ps)) {
		ctr = *pp_ctr = PRS_ALLOC_MEM(ps, SRV_FILE_INFO_CTR, 1);
		if (ctr == NULL)
			return False;
	}

		return False;

	if (UNMARSHALLING(ps)) {
		q_n->ctr = PRS_ALLOC_MEM( ps, SRV_INFO_CTR, 1 );
			prs_alloc_mem(ps, sizeof(SRV_INFO_CTR));

		if (!q_n->ctr)
			return False;




  else
    jn.referral_count = 1;

  jn.referral_list = TALLOC_ARRAY(p->mem_ctx, struct referral, jn.referral_count );
					       * sizeof(struct referral));

  if(jn.referral_list == NULL)
    {

      dfs3[i].ptr_storages = 1;
     
      /* also enumerate the storages */
      dfs3[i].storages = TALLOC_ARRAY(ctx, DFS_STORAGE_INFO, j[i].referral_count);
						    sizeof(DFS_STORAGE_INFO));
      if (!dfs3[i].storages)
        return False;


    case 1:
      {
	DFS_INFO_1* dfs1;
	dfs1 = TALLOC_ARRAY(ctx, DFS_INFO_1, num_jn);
	if (!dfs1)
		return WERR_NOMEM;
	init_reply_dfs_info_1(jn, dfs1, num_jn);

    case 2:
      {
	DFS_INFO_2* dfs2;
	dfs2 = TALLOC_ARRAY(ctx, DFS_INFO_2, num_jn);
	if (!dfs2)
		return WERR_NOMEM;
	init_reply_dfs_info_2(jn, dfs2, num_jn);

    case 3:
      {
	DFS_INFO_3* dfs3;
	dfs3 = TALLOC_ARRAY(ctx, DFS_INFO_3, num_jn);
	if (!dfs3)
		return WERR_NOMEM;
	init_reply_dfs_info_3(ctx, jn, dfs3, num_jn);

  r_u->reshnd.ptr_hnd = 1;
  r_u->reshnd.handle = num_jn;
  
  r_u->ctr = TALLOC_P(p->mem_ctx, DFS_INFO_CTR);
  if (!r_u->ctr)
    return WERR_NOMEM;
  ZERO_STRUCTP(r_u->ctr);

Lines 68-74 Link Here

(-)samba-2.2.12-pre-CAN-2004-1154/source/rpc_server/srv_lsa_hnd.c (-2 / +2 lines)
68	* Create list.	68	* Create list.
69	*/	69	*/
70		70
71	if ((hl = (struct handle_list *)malloc(sizeof(struct handle_list))) == NULL)	71	if ((hl = SMB_MALLOC_P(struct handle_list)) == NULL)
72	return False;	72	return False;
73	ZERO_STRUCTP(hl);	73	ZERO_STRUCTP(hl);
74		74
Lines 110-116 Link Here
110	return False;	110	return False;
111	}	111	}
112		112
113	pol = (struct policy )malloc(sizeof(p));	113	pol = SMB_MALLOC_P(struct policy);
114	if (!pol) {	114	if (!pol) {
115	DEBUG(0,("create_policy_hnd: ERROR: out of memory!\n"));	115	DEBUG(0,("create_policy_hnd: ERROR: out of memory!\n"));
116	return False;	116	return False;




	/* Allocate memory for list of names */

	if (num_entries > 0) {
		if (!(trn->name = TALLOC_ARRAY(ctx, LSA_TRANS_NAME, num_entries))) {
							  num_entries))) {
			DEBUG(0, ("init_lsa_trans_names(): out of memory\n"));
			return;
		}

		if (!(trn->uni_name = TALLOC_ARRAY(ctx, UNISTR2, num_entries))) {
							num_entries))) {
			DEBUG(0, ("init_lsa_trans_names(): out of memory\n"));
			return;
		}

			info->id2.auditing_enabled = 1;
			info->id2.count1 = 7;
			info->id2.count2 = 7;
			if ((info->id2.auditsettings = TALLOC_ARRAY(p->mem_ctx,uint32, 7)) == NULL)
				return NT_STATUS_NO_MEMORY;
			for (i = 0; i < 7; i++)
				info->id2.auditsettings[i] = 3;

	LSA_TRANS_NAME_ENUM *names = NULL;
	uint32 mapped_count = 0;

	ref = TALLOC_ZERO_P(p->mem_ctx, DOM_R_REF);
	names = TALLOC_ZERO_P(p->mem_ctx, LSA_TRANS_NAME_ENUM);

	if (!find_policy_by_hnd(p, &q_u->pol, NULL))
		r_u->status = NT_STATUS_INVALID_HANDLE;

	DOM_RID2 *rids;
	uint32 mapped_count = 0;

	ref = TALLOC_ZERO_P(p->mem_ctx, DOM_R_REF);
	rids = TALLOC_ZERO_ARRAY(p->mem_ctx, DOM_RID2, MAX_LOOKUP_SIDS);

	if (!find_policy_by_hnd(p, &q_u->pol, NULL))
		r_u->status = NT_STATUS_INVALID_HANDLE;

	if (enum_context >= PRIV_ALL_INDEX)
		return NT_STATUS_UNABLE_TO_FREE_VM;

	entries = TALLOC_ZERO_ARRAY(p->mem_ctx, LSA_PRIV_ENTRY, PRIV_ALL_INDEX-enum_context);
	if (entries==NULL)
		return NT_STATUS_NO_MEMORY;


		return NT_STATUS_INVALID_HANDLE;

	/* associate the user/group SID with the (unique) handle. */
	if ((info = SMB_MALLOC_P(struct lsa_info)) == NULL)
		return NT_STATUS_NO_MEMORY;

	ZERO_STRUCTP(info);

Lines 573-579 Link Here

(-)samba-2.2.12-pre-CAN-2004-1154/source/rpc_server/srv_netlog_nt.c (-1 / +1 lines)
573	BOOL ret;	573	BOOL ret;
574	uint16 acct_ctrl;	574	uint16 acct_ctrl;
575		575
576	usr_info = (NET_USER_INFO_3 *)talloc(p->mem_ctx, sizeof(NET_USER_INFO_3));	576	usr_info = TALLOC_P(p->mem_ctx, NET_USER_INFO_3);
577	if (!usr_info)	577	if (!usr_info)
578	return NT_STATUS_NO_MEMORY;	578	return NT_STATUS_NO_MEMORY;
579	ZERO_STRUCTP(usr_info);	579	ZERO_STRUCTP(usr_info);

Lines 1260-1266 Link Here

(-)samba-2.2.12-pre-CAN-2004-1154/source/rpc_server/srv_pipe.c (-1 / +1 lines)
1260	p->in_data.data.data_offset;	1260	p->in_data.data.data_offset;
1261	char *data;	1261	char *data;
1262		1262
1263	data = malloc(data_len);	1263	data = SMB_MALLOC(data_len);
1264		1264
1265	DEBUG(10, ("api_rpcTNP: rpc input buffer underflow (parse error?)\n"));	1265	DEBUG(10, ("api_rpcTNP: rpc input buffer underflow (parse error?)\n"));
1266	if (data) {	1266	if (data) {

Lines 169-175 Link Here

(-)samba-2.2.12-pre-CAN-2004-1154/source/rpc_server/srv_pipe_hnd.c (-1 / +1 lines)
169	for (p = Pipes; p; p = p->next)	169	for (p = Pipes; p; p = p->next)
170	DEBUG(5,("open_rpc_pipe_p: name %s pnum=%x\n", p->name, p->pnum));	170	DEBUG(5,("open_rpc_pipe_p: name %s pnum=%x\n", p->name, p->pnum));
171		171
172	p = (pipes_struct )malloc(sizeof(p));	172	p = SMB_MALLOC_P(pipes_struct);
173		173
174	if (!p)	174	if (!p)
175	return NULL;	175	return NULL;

Lines 92-98 Link Here

(-)samba-2.2.12-pre-CAN-2004-1154/source/rpc_server/srv_reg_nt.c (-3 / +3 lines)
92	!strequal(name, "System\\CurrentControlSet\\services\\Netlogon\\parameters\\"))	92	!strequal(name, "System\\CurrentControlSet\\services\\Netlogon\\parameters\\"))
93	return NT_STATUS_ACCESS_DENIED;	93	return NT_STATUS_ACCESS_DENIED;
94		94
95	if ((info = (struct reg_info *)malloc(sizeof(struct reg_info))) == NULL)	95	if ((info = SMB_MALLOC_P(struct reg_info)) == NULL)
96	return NT_STATUS_NO_MEMORY;	96	return NT_STATUS_NO_MEMORY;
97		97
98	ZERO_STRUCTP(info);	98	ZERO_STRUCTP(info);
Lines 131-138 Link Here
131		131
132	DEBUG(5,("reg_info: checking key: %s\n", name));	132	DEBUG(5,("reg_info: checking key: %s\n", name));
133		133
134	uni_key = (UNISTR2 *)talloc_zero(p->mem_ctx, sizeof(UNISTR2));	134	uni_key = TALLOC_ZERO_P(p->mem_ctx, UNISTR2);
135	buf = (BUFFER2 *)talloc_zero(p->mem_ctx, sizeof(BUFFER2));	135	buf = TALLOC_ZERO_P(p->mem_ctx, BUFFER2);
136		136
137	if (!uni_key \|\| !buf)	137	if (!uni_key \|\| !buf)
138	return NT_STATUS_NO_MEMORY;	138	return NT_STATUS_NO_MEMORY;




	struct samr_info *info;
	fstring sid_str;

	if ((info = SMB_MALLOC_P(struct samr_info)) == NULL)
		return NULL;

	ZERO_STRUCTP(info);

		if (info->disp_info.num_user_account % MAX_SAM_ENTRIES == 0) {
		
			DEBUG(10,("load_sampwd_entries: allocating more memory\n"));
			pwd_array= SMB_REALLOC_ARRAY(info->disp_info.disp_user_info, DISP_USER_INFO,
			                  info->disp_info.num_user_account+MAX_SAM_ENTRIES );

			if (pwd_array==NULL)
				return NT_STATUS_NO_MEMORY;

	static BOOL group_map_init;
	extern DOM_SID global_sam_sid;

	*ret_map = SMB_MALLOC_ARRAY(GROUP_MAP, 2);
	if (!ret_map)
		return 2;
	


	info->disp_info.num_group_account=group_entries;

	grp_array=SMB_MALLOC_ARRAY( DISP_GROUP_INFO, info->disp_info.num_group_account );

	if (group_entries!=0 && grp_array==NULL) {
		return NT_STATUS_NO_MEMORY;


	for (i=0; i<group_entries; i++) {
	
		grp_array[i].grp=SMB_MALLOC_P(DOMAIN_GRP);
	
		fstrcpy(grp_array[i].grp->name, map[i].nt_name);
		fstrcpy(grp_array[i].grp->comment, map[i].comment);

	if (num_sam_entries == 0)
		return;

	sam = TALLOC_ZERO_ARRAY(ctx, SAM_ENTRY, num_sam_entries);

	uni_name = TALLOC_ZERO_ARRAY(ctx, UNISTR2, num_sam_entries);

	if (sam == NULL || uni_name == NULL) {
		DEBUG(0, ("NULL pointers in SAMR_R_QUERY_DISPINFO\n"));

	if (num_sam_entries == 0)
		return;

	sam = TALLOC_ZERO_ARRAY(ctx,SAM_ENTRY, num_sam_entries);

	uni_name = TALLOC_ZERO_ARRAY(ctx, UNISTR2, num_sam_entries);

	if (sam == NULL || uni_name == NULL) {
		DEBUG(0, ("NULL pointers in SAMR_R_QUERY_DISPINFO\n"));

		DEBUG(5, ("samr_reply_query_dispinfo: buffer size limits to only %d entries\n", max_entries));
	}

	if (!(ctr = TALLOC_ZERO_P(p->mem_ctx,SAM_DISPINFO_CTR)))
		return NT_STATUS_NO_MEMORY;

	ZERO_STRUCTP(ctr);

	switch (q_u->switch_level) {
	case 0x1:
		if (max_entries) {
			if (!(ctr->sam.info1 = TALLOC_ZERO_ARRAY(p->mem_ctx,SAM_DISPINFO_1, max_entries)))
				return NT_STATUS_NO_MEMORY;
		}
		disp_ret = init_sam_dispinfo_1(p->mem_ctx, ctr->sam.info1, max_entries, enum_context, info->disp_info.disp_user_info);

		break;
	case 0x2:
		if (max_entries) {
			if (!(ctr->sam.info2 = TALLOC_ZERO_ARRAY(p->mem_ctx,SAM_DISPINFO_2,max_entries)))
				return NT_STATUS_NO_MEMORY;
		}
		disp_ret = init_sam_dispinfo_2(p->mem_ctx, ctr->sam.info2, max_entries, enum_context, info->disp_info.disp_user_info);

		break;
	case 0x3:
		if (max_entries) {
			if (!(ctr->sam.info3 = TALLOC_ZERO_ARRAY(p->mem_ctx,SAM_DISPINFO_3,max_entries)))
				return NT_STATUS_NO_MEMORY;
		}
		disp_ret = init_sam_dispinfo_3(p->mem_ctx, ctr->sam.info3, max_entries, enum_context, info->disp_info.disp_group_info);

		break;
	case 0x4:
		if (max_entries) {
			if (!(ctr->sam.info4 = TALLOC_ZERO_ARRAY(p->mem_ctx,SAM_DISPINFO_4,max_entries)))
				return NT_STATUS_NO_MEMORY;
		}
		disp_ret = init_sam_dispinfo_4(p->mem_ctx, ctr->sam.info4, max_entries, enum_context, info->disp_info.disp_user_info);

		break;
	case 0x5:
		if (max_entries) {
			if (!(ctr->sam.info5 = TALLOC_ZERO_ARRAY(p->mem_ctx,SAM_DISPINFO_5,max_entries)))
				return NT_STATUS_NO_MEMORY;
		}
		disp_ret = init_sam_dispinfo_5(p->mem_ctx, ctr->sam.info5, max_entries, enum_context, info->disp_info.disp_group_info);

	*pp_hdr_name = NULL;

	if (num_names != 0) {
		hdr_name = TALLOC_ZERO_ARRAY(ctx, UNIHDR,num_names);
		if (hdr_name == NULL)
			return False;

		uni_name = TALLOC_ZERO_ARRAY(ctx,UNISTR2,num_names);
		if (uni_name == NULL)
			return False;
	}

	}

	if (num_rids) {
		if ((group_attrs = TALLOC_ZERO_ARRAY(p->mem_ctx, uint32, num_rids)) == NULL)
			return NT_STATUS_NO_MEMORY;
	}



	DEBUG(5,("_samr_query_userinfo: rid:0x%x\n", rid));

	ctr = TALLOC_ZERO_P(p->mem_ctx,SAM_USERINFO_CTR);
	if (!ctr)
		return NT_STATUS_NO_MEMORY;



	switch (q_u->switch_value) {
	case 0x10:
		ctr->info.id10 = TALLOC_ZERO_P(p->mem_ctx,SAM_USER_INFO_10);
		if (ctr->info.id10 == NULL)
			return NT_STATUS_NO_MEMORY;


            expire.low = 0xffffffff;
            expire.high = 0x7fffffff;

            ctr->info.id = TALLOC_ZERO_P(p->mem_ctx, SAM_USER_INFO_11);
                                    sizeof
                                    (*ctr->
                                     info.
                                     id11));
            init_sam_user_info11(ctr->info.id11, &expire,
                         "BROOKFIELDS$",    /* name */
                         0x03ef,    /* user rid */

#endif

	case 0x12:
		ctr->info.id12 = TALLOC_ZERO_P(p->mem_ctx,SAM_USER_INFO_12);
		if (ctr->info.id12 == NULL)
			return NT_STATUS_NO_MEMORY;


		break;

	case 20:
		ctr->info.id20 = TALLOC_ZERO_P(p->mem_ctx,SAM_USER_INFO_20);
		if (ctr->info.id20 == NULL)
			return NT_STATUS_NO_MEMORY;
		if (!get_user_info_20(ctr->info.id20, rid))

		break;

	case 21:
		ctr->info.id21 = TALLOC_ZERO_P(p->mem_ctx,SAM_USER_INFO_21);
		if (ctr->info.id21 == NULL)
			return NT_STATUS_NO_MEMORY;
		if (!get_user_info_21(ctr->info.id21, rid))


	uint32 num_users=0, num_groups=0, num_aliases=0;

	if ((ctr = TALLOC_ZERO_P(p->mem_ctx,SAM_UNK_CTR)) == NULL)
		return NT_STATUS_NO_MEMORY;

	ZERO_STRUCTP(ctr);

	if (num_sam_entries == 0)
		return True;

	sam = TALLOC_ZERO_ARRAY(ctx, SAM_ENTRY, num_sam_entries);
	uni_name = TALLOC_ZERO_ARRAY(ctx, UNISTR2, num_sam_entries);

	if (sam == NULL || uni_name == NULL)
		return False;

	int num_rids;

	num_rids = 1;
	rid=TALLOC_ZERO_ARRAY(p->mem_ctx, uint32, num_rids);
	if (rid == NULL)
		return NT_STATUS_NO_MEMORY;





	if (!sp)
		return NULL;

	new_sp = SMB_MALLOC_P(SPOOL_NOTIFY_OPTION);
	if (!new_sp)
		return NULL;



	DEBUG(10,("open_printer_hnd: name [%s]\n", name));

	if((new_printer=SMB_MALLOC_P(Printer_entry)) == NULL)
		return False;

	ZERO_STRUCTP(new_printer);

	
	/* bulk copy first */
	
	d = TALLOC_MEMDUP(ctx, devmode, sizeof(DEVICEMODE));
	if (!d)
		return NULL;
		

	
	len = unistrlen(devmode->devicename.buffer);
	if (len != -1) {
		d->devicename.buffer = TALLOC_ARRAY(ctx, uint16, len);
		if (unistrcpy(d->devicename.buffer, devmode->devicename.buffer) != len)
			return NULL;
	}


	len = unistrlen(devmode->formname.buffer);
	if (len != -1) {
		d->devicename.buffer = TALLOC_ARRAY(ctx, uint16, len);
		if (unistrcpy(d->formname.buffer, devmode->formname.buffer) != len)
			return NULL;
	}

	d->private = TALLOC_MEMDUP(ctx, devmode->private, devmode->driverextra);
	
	return d;
}

	if ((devmode->driverextra != 0) && (devmode->private != NULL)) {
		SAFE_FREE(nt_devmode->private);
		nt_devmode->driverextra=devmode->driverextra;
		if((nt_devmode->private=SMB_MALLOC_ARRAY(uint8, nt_devmode->driverextra)) == NULL)
			return False;
		memcpy(nt_devmode->private, devmode->private, nt_devmode->driverextra);
	}

		
	if (!strcmp(value, "W3SvcInstalled")) {
		*type = 0x4;
		if((*data = (uint8 *)TALLOC_ZERO(ctx, 4*sizeof(uint8) )) == NULL)
			return False;
		*needed = 0x4;			
		return True;


	if (!strcmp(value, "BeepEnabled")) {
		*type = 0x4;
		if((*data = (uint8 *)TALLOC(ctx, 4*sizeof(uint8) )) == NULL)
			return False;
		SIVAL(*data, 0, 0x00);
		*needed = 0x4;			


	if (!strcmp(value, "EventLog")) {
		*type = 0x4;
		if((*data = (uint8 *)TALLOC(ctx, 4*sizeof(uint8) )) == NULL)
			return False;
		/* formally was 0x1b */
		SIVAL(*data, 0, 0x0);


	if (!strcmp(value, "NetPopup")) {
		*type = 0x4;
		if((*data = (uint8 *)TALLOC(ctx, 4*sizeof(uint8) )) == NULL)
			return False;
		SIVAL(*data, 0, 0x00);
		*needed = 0x4;


	if (!strcmp(value, "MajorVersion")) {
		*type = 0x4;
		if((*data = (uint8 *)TALLOC(ctx, 4*sizeof(uint8) )) == NULL)
			return False;
#ifndef EMULATE_WIN2K_HACK /* JERRY */
		SIVAL(*data, 0, 2);

		fstrcpy(string, string_truncate(lp_serverstring(), MAX_SERVER_STRING_LENGTH));
		*type = 0x1;			
		*needed = 2*(strlen(string)+1);		
		if((*data  = (uint8 *)TALLOC(ctx, ((*needed > in_size) ? *needed:in_size) *sizeof(uint8))) == NULL)
			return False;
		memset(*data, 0, (*needed > in_size) ? *needed:in_size);
		

		pstring string="Windows NT x86";
		*type = 0x1;			
		*needed = 2*(strlen(string)+1);	
		if((*data  = (uint8 *)TALLOC(ctx, ((*needed > in_size) ? *needed:in_size) *sizeof(uint8))) == NULL)
			return False;
		memset(*data, 0, (*needed > in_size) ? *needed:in_size);
		for (i=0; i<strlen(string); i++) {

	DEBUG(5,("getprinterdata_printer:allocating %d\n", in_size));

	if (in_size) {
		if((*data  = TALLOC_ARRAY(ctx, uint8, in_size )) == NULL) {
			return False;
		}


	DEBUG(4,("_spoolss_getprinterdata\n"));
	
	if (!Printer) {
		if((*data=TALLOC_ZERO_ARRAY(p->mem_ctx, uint8, 4)) == NULL)
			return WERR_NOMEM;
		DEBUG(2,("_spoolss_getprinterdata: Invalid handle (%s:%u:%u).\n", OUR_HANDLE(handle)));
		return WERR_BADFID;

		DEBUG(5, ("value not found, allocating %d\n", *out_size));
		/* reply this param doesn't exist */
		if (*out_size) {
			if((*data=TALLOC_ZERO_ARRAY(p->mem_ctx, uint8, *out_size)) == NULL)
				return WERR_NOMEM;
		} else {
			*data = NULL;

	len = (uint32)dos_PutUniCode(temp, temp_name, sizeof(temp) - 2, True);

	data->notify_data.data.length = len / 2 - 1;
	data->notify_data.data.string = (uint16 *)TALLOC(mem_ctx, len);

	if (!data->notify_data.data.string) {
		data->notify_data.data.length = 0;

	len = (uint32)dos_PutUniCode(temp, p, sizeof(temp) - 2, True);

	data->notify_data.data.length = len / 2 - 1;
	data->notify_data.data.string = (uint16 *)TALLOC(mem_ctx, len);
	
	if (!data->notify_data.data.string) {
		data->notify_data.data.length = 0;

				     sizeof(temp) - 2, True);

	data->notify_data.data.length = len / 2 - 1;
	data->notify_data.data.string = (uint16 *)TALLOC(mem_ctx, len);
	
	if (!data->notify_data.data.string) {
		data->notify_data.data.length = 0;

				     sizeof(temp) - 2, True);

	data->notify_data.data.length = len / 2 - 1;
	data->notify_data.data.string = (uint16 *)TALLOC(mem_ctx, len);
	
	if (!data->notify_data.data.string) {
		data->notify_data.data.length = 0;

				     sizeof(temp) - 2, True);

	data->notify_data.data.length = len / 2 - 1;
	data->notify_data.data.string = (uint16 *)TALLOC(mem_ctx, len);
	
	if (!data->notify_data.data.string) {
		data->notify_data.data.length = 0;

					     sizeof(temp) - 2, True);

	data->notify_data.data.length = len / 2 - 1;
	data->notify_data.data.string = (uint16 *)TALLOC(mem_ctx, len);
	
	if (!data->notify_data.data.string) {
		data->notify_data.data.length = 0;

				     sizeof(temp) - 2, True);

	data->notify_data.data.length = len / 2 - 1;
	data->notify_data.data.string = (uint16 *)TALLOC(mem_ctx, len);
	
	if (!data->notify_data.data.string) {
		data->notify_data.data.length = 0;

				     sizeof(temp) - 2, True);

	data->notify_data.data.length = len / 2 - 1;
	data->notify_data.data.string = (uint16 *)TALLOC(mem_ctx, len);
	
	if (!data->notify_data.data.string) {
		data->notify_data.data.length = 0;

				     sizeof(temp) - 2, True);

	data->notify_data.data.length = len / 2 - 1;
	data->notify_data.data.string = (uint16 *)TALLOC(mem_ctx, len);
	
	if (!data->notify_data.data.string) {
		data->notify_data.data.length = 0;

				     sizeof(temp) - 2, True);

	data->notify_data.data.length = len / 2 - 1;
	data->notify_data.data.string = (uint16 *)TALLOC(mem_ctx, len);
	
	if (!data->notify_data.data.string) {
		data->notify_data.data.length = 0;

				     sizeof(pstring) - 2, True);

	data->notify_data.data.length = len / 2 - 1;
	data->notify_data.data.string = (uint16 *)TALLOC(mem_ctx, len);
	
	if (!data->notify_data.data.string) {
		data->notify_data.data.length = 0;

				     sizeof(temp) - 2, True);

	data->notify_data.data.length = len / 2 - 1;
	data->notify_data.data.string = (uint16 *)TALLOC(mem_ctx, len);
	
	if (!data->notify_data.data.string) {
		data->notify_data.data.length = 0;

				     True);

	data->notify_data.data.length = len / 2 - 1;
	data->notify_data.data.string = (uint16 *)TALLOC(mem_ctx, len);
	
	if (!data->notify_data.data.string) {
		data->notify_data.data.length = 0;

	len = (uint32)dos_PutUniCode(temp, p, sizeof(temp) - 2, True);

	data->notify_data.data.length = len / 2 - 1;
	data->notify_data.data.string = (uint16 *)TALLOC(mem_ctx, len);
	
	if (!data->notify_data.data.string) {
		data->notify_data.data.length = 0;

	len = sizeof(SYSTEMTIME);

	data->notify_data.data.length = len;
	data->notify_data.data.string = (uint16 *)TALLOC(mem_ctx, len);

	if (!data->notify_data.data.string) {
		data->notify_data.data.length = 0;

		if (!search_notify(type, field, &j) )
			continue;

		if((tid=SMB_REALLOC_ARRAY( info->data, SPOOL_NOTIFY_INFO_DATA, info->count+1 )) == NULL) {
			DEBUG(2,("construct_notify_printer_info: failed to enlarge buffer info->data!\n"));
			return False;
		}

		if (!search_notify(type, field, &j) )
			continue;

		if((tid=SMB_REALLOC_ARRAY( info->data, SPOOL_NOTIFY_INFO_DATA, info->count+1 )) == NULL) {
			DEBUG(2,("construct_notify_jobs_info: failed to enlarg buffer info->data!\n"));
			return False;
		}


	/* it's the first time, add it to the list */
	if (session_counter==NULL) {
		if((session_counter=SMB_MALLOC_P(counter_printer_0)) == NULL) {
			free_a_printer(&ntprinter, 2);
			return False;
		}

	
	DEBUGADD(8,("getting printer characteristics\n"));

	if ((devmode = SMB_MALLOC_P(DEVICEMODE)) == NULL) {
		DEBUG(2,("construct_dev_mode: malloc fail.\n"));
		return NULL;
	}

		return False;

	*pp_printer = NULL;
	if ((printer = SMB_MALLOC_P(PRINTER_INFO_3)) == NULL) {
		DEBUG(2,("construct_printer_info_3: malloc fail.\n"));
		return False;
	}

			DEBUG(4,("Found a printer in smb.conf: %s[%x]\n", lp_servicename(snum), snum));

			if (construct_printer_info_1(flags, &current_prt, snum)) {
				if((tp=SMB_REALLOC_ARRAY( printers, PRINTER_INFO_1, *returned +1 )) == NULL) {
					DEBUG(2,("enum_all_printers_info_1: failed to enlarge printers buffer!\n"));
					SAFE_FREE(printers);
					*returned=0;

	 * We should have a TDB here. The registration is done thru an undocumented RPC call.
	 */
	
	if((printer=SMB_MALLOC_P(PRINTER_INFO_1)) == NULL)
		return WERR_NOMEM;

	*returned=1;

			DEBUG(4,("Found a printer in smb.conf: %s[%x]\n", lp_servicename(snum), snum));
				
			if (construct_printer_info_2(&current_prt, snum)) {
				if((tp=SMB_REALLOC_ARRAY( printers, PRINTER_INFO_2, *returned +1 )) == NULL) {
					DEBUG(2,("enum_all_printers_info_2: failed to enlarge printers buffer!\n"));
					SAFE_FREE(printers);
					*returned = 0;

{
	PRINTER_INFO_0 *printer=NULL;

	if((printer=SMB_MALLOC_P(PRINTER_INFO_0)) == NULL)
		return WERR_NOMEM;

	construct_printer_info_0(printer, snum);

{
	PRINTER_INFO_1 *printer=NULL;

	if((printer=SMB_MALLOC_P(PRINTER_INFO_1)) == NULL)
		return WERR_NOMEM;

	construct_printer_info_1(PRINTER_ENUM_ICON8, printer, snum);

{
	PRINTER_INFO_2 *printer=NULL;

	if((printer=SMB_MALLOC_P(PRINTER_INFO_2))==NULL)
		return WERR_NOMEM;
	
	construct_printer_info_2(printer, snum);

{
	PRINTER_INFO_4 *printer=NULL;

	if((printer=SMB_MALLOC_P(PRINTER_INFO_4))==NULL)
		return WERR_NOMEM;

	if (!construct_printer_info_4(printer, snum))

{
	PRINTER_INFO_5 *printer=NULL;

	if((printer=SMB_MALLOC_P(PRINTER_INFO_5))==NULL)
		return WERR_NOMEM;

	if (!construct_printer_info_5(printer, snum))

		if (strlen(v) == 0) break;
		slprintf(line, sizeof(line)-1, "\\\\%s%s", servername, v);
		DEBUGADD(6,("%d:%s:%d\n", i, line, strlen(line)));
		if((tuary= SMB_REALLOC_ARRAY( *uni_array, uint16, j+strlen(line)+2 )) == NULL) {
			DEBUG(2,("init_unistr_array: Realloc error\n" ));
			return;
		} else

	DRIVER_INFO_1 *info=NULL;
	WERROR status;
	
	if((info=SMB_MALLOC_P(DRIVER_INFO_1)) == NULL)
		return WERR_NOMEM;
	
	status=construct_printer_driver_info_1(info, snum, servername, architecture, version);

	DRIVER_INFO_2 *info=NULL;
	WERROR status;
	
	if((info=SMB_MALLOC_P(DRIVER_INFO_2)) == NULL)
		return WERR_NOMEM;
	
	status=construct_printer_driver_info_2(info, snum, servername, architecture, version);

	JOB_INFO_1 *info;
	int i;
	
	info=SMB_MALLOC_ARRAY(JOB_INFO_1, *returned);
	if (info==NULL) {
		SAFE_FREE(queue);
		*returned=0;

	WERROR result;
	DEVICEMODE *devmode = NULL;
	
	info=SMB_MALLOC_ARRAY(JOB_INFO_2, *returned );
	if (info==NULL) {
		*returned=0;
		result = WERR_NOMEM;

			return WERR_NOMEM;

		if(ndrivers != 0) {
			if((tdi1=SMB_REALLOC_ARRAY(driver_info_1, DRIVER_INFO_1, *returned+ndrivers )) == NULL) {
				DEBUG(0,("enumprinterdrivers_level1: failed to enlarge driver info buffer!\n"));
				SAFE_FREE(driver_info_1);
				SAFE_FREE(list);

			return WERR_NOMEM;

		if(ndrivers != 0) {
			if((tdi2= SMB_REALLOC_ARRAY( driver_info_2, DRIVER_INFO_2, *returned+ndrivers )) == NULL) {
				DEBUG(0,("enumprinterdrivers_level2: failed to enlarge driver info buffer!\n"));
				SAFE_FREE(driver_info_2);
				SAFE_FREE(list);

			return WERR_NOMEM;

		if(ndrivers != 0) {
			if((tdi3=SMB_REALLOC_ARRAY( driver_info_3, DRIVER_INFO_3, *returned+ndrivers )) == NULL) {
				DEBUG(0,("enumprinterdrivers_level3: failed to enlarge driver info buffer!\n"));
				SAFE_FREE(driver_info_3);
				SAFE_FREE(list);


	switch (level) {
	case 1:
		if ((forms_1=SMB_MALLOC_ARRAY(FORM_1, *numofforms)) == NULL) {
			*numofforms=0;
			return WERR_NOMEM;
		}

		close(fd);

		if(numlines) {
			if((ports=SMB_MALLOC_ARRAY( PORT_INFO_1, numlines )) == NULL) {
				DEBUG(10,("Returning WERR_NOMEM [%s]\n", 
					  dos_errstr(WERR_NOMEM)));
				file_lines_free(qlines);

	} else {
		*returned = 1; /* Sole Samba port returned. */

		if((ports=SMB_MALLOC_P(PORT_INFO_1)) == NULL)
			return WERR_NOMEM;
	
		DEBUG(10,("enumports_level_1: port name %s\n", SAMBA_PRINTER_PORT_NAME));

		close(fd);

		if(numlines) {
			if((ports=SMB_MALLOC_ARRAY( PORT_INFO_2, numlines )) == NULL) {
				file_lines_free(qlines);
				return WERR_NOMEM;
			}


		*returned = 1;

		if((ports=SMB_MALLOC_P(PORT_INFO_2)) == NULL)
			return WERR_NOMEM;
	
		DEBUG(10,("enumports_level_2: port name %s\n", SAMBA_PRINTER_PORT_NAME));

	int	snum;
	WERROR err = WERR_OK;

	if ((printer = SMB_MALLOC_P(NT_PRINTER_INFO_LEVEL)) == NULL) {
		DEBUG(0,("spoolss_addprinterex_level_2: malloc fail.\n"));
		return WERR_NOMEM;
	}

	if (get_short_archi(short_archi, long_archi)==False)
		return WERR_INVALID_ENVIRONMENT;

	if((info=SMB_MALLOC_P(DRIVER_DIRECTORY_1)) == NULL)
		return WERR_NOMEM;

	slprintf(path, sizeof(path)-1, "\\\\%s\\print$\\%s", get_called_name(), short_archi);

		   problems unmarshalling the response */

		*out_max_value_len=(in_value_len/sizeof(uint16));
		if((*out_value=(uint16 *)TALLOC_ZERO(p->mem_ctx, in_value_len*sizeof(uint8))) == NULL)
			return WERR_NOMEM;

		*out_value_len = (uint32)dos_PutUniCode((char *)*out_value, "", in_value_len, True);

		/* the data is counted in bytes */
		*out_max_data_len = in_data_len;
		*out_data_len = in_data_len;
		if((*data_out=(uint8 *)TALLOC_ZERO(p->mem_ctx, in_data_len*sizeof(uint8))) == NULL)
			return WERR_NOMEM;

		return WERR_NO_MORE_ITEMS;

	 */
	
	*out_max_value_len=(in_value_len/sizeof(uint16));
	if((*out_value=(uint16 *)TALLOC_ZERO(p->mem_ctx,in_value_len*sizeof(uint8))) == NULL) {
		SAFE_FREE(data);
		return WERR_NOMEM;
	}


	/* the data is counted in bytes */
	*out_max_data_len=in_data_len;
	if((*data_out=(uint8 *)TALLOC_ZERO(p->mem_ctx, in_data_len*sizeof(uint8))) == NULL) {
		SAFE_FREE(data);
		return WERR_NOMEM;
	}

{
	PRINTPROCESSOR_1 *info_1=NULL;
	
	if((info_1 = SMB_MALLOC_P(PRINTPROCESSOR_1)) == NULL)
		return WERR_NOMEM;

	(*returned) = 0x1;

{
	PRINTPROCDATATYPE_1 *info_1=NULL;
	
	if((info_1 = SMB_MALLOC_P(PRINTPROCDATATYPE_1)) == NULL)
		return WERR_NOMEM;

	(*returned) = 0x1;

{
	PRINTMONITOR_1 *info_1=NULL;
	
	if((info_1 = SMB_MALLOC_P(PRINTMONITOR_1)) == NULL)
		return WERR_NOMEM;

	(*returned) = 0x1;

{
	PRINTMONITOR_2 *info_2=NULL;
	
	if((info_2 = SMB_MALLOC_P(PRINTMONITOR_2)) == NULL)
		return WERR_NOMEM;

	(*returned) = 0x1;

	BOOL found=False;
	JOB_INFO_1 *info_1=NULL;

	info_1=SMB_MALLOC_P(JOB_INFO_1);

	if (info_1 == NULL) {
		SAFE_FREE(queue);

	WERROR ret;
	DEVICEMODE *devmode = NULL;

	info_2=SMB_MALLOC_P(JOB_INFO_2);

	ZERO_STRUCTP(info_2);



		
	if (!Printer) {
		if((*data=(uint8 *)TALLOC_ZERO(p->mem_ctx, 4*sizeof(uint8))) == NULL)
			return WERR_NOMEM;
		DEBUG(2,("_spoolss_getprinterdata: Invalid handle (%s:%u:%u).\n", OUR_HANDLE(handle)));
		return WERR_BADFID;

		
		/* reply this param doesn't exist */
		if (*out_size) {
			if((*data=TALLOC_ZERO_ARRAY(p->mem_ctx, uint8, *out_size)) == NULL)
				return WERR_NOMEM;
		} else {
			*data = NULL;


		DEBUG(10,("retrieved value number [%d] [%s]\n", num_entries, value));

		if ((ptr=TALLOC_REALLOC_ARRAY(p->mem_ctx, enum_values, PRINTER_ENUM_VALUES, num_entries+1)) == NULL)
		{
			DEBUG(0,("talloc_realloc failed to allocate more memory!\n"));
			result = WERR_NOMEM;

		
		if ( data_len )
		{
			if ( !(enum_values[num_entries].data = TALLOC_ZERO(p->mem_ctx, data_len)) ) {
				DEBUG(0,("talloc_realloc failed to allocate more memory [data_len=%d] for data!\n", data_len ));
				result = WERR_NOMEM;
				goto done;

	if (get_short_archi(short_archi, long_archi)==False)
		return WERR_INVALID_ENVIRONMENT;

	if((info=SMB_MALLOC_P(PRINTPROCESSOR_DIRECTORY_1)) == NULL)
		return WERR_NOMEM;

	pstrcpy(path, "C:\\WINNT\\System32\\spool\\PRTPROCS\\W32X86");




		SRV_SHARE_INFO_1 *info1;
		int i = 0;

		info1 = TALLOC_ARRAY(ctx, SRV_SHARE_INFO_1, num_entries);

		for (snum = *resume_hnd; snum < num_services; snum++) {
			if (lp_browseable(snum) && lp_snum_ok(snum) && (all_shares || !is_admin_share(snum)) ) {

		SRV_SHARE_INFO_2 *info2;
		int i = 0;

		info2 = TALLOC_ARRAY(ctx, SRV_SHARE_INFO_2, num_entries);

		for (snum = *resume_hnd; snum < num_services; snum++) {
			if (lp_browseable(snum) && lp_snum_ok(snum) && (all_shares || !is_admin_share(snum)) ) {

		SRV_SHARE_INFO_501 *info501;
		int i = 0;
	
		info501 = TALLOC_ARRAY(ctx, SRV_SHARE_INFO_501, num_entries);

		for (snum = *resume_hnd; snum < num_services; snum++) {
			if (lp_browseable(snum) && lp_snum_ok(snum) && (all_shares || !is_admin_share(snum)) ) {

		SRV_SHARE_INFO_502 *info502;
		int i = 0;

		info502 = TALLOC_ARRAY(ctx, SRV_SHARE_INFO_502, num_entries);

		for (snum = *resume_hnd; snum < num_services; snum++) {
			if (lp_browseable(snum) && lp_snum_ok(snum) && (all_shares || !is_admin_share(snum)) ) {

WERROR _srv_net_srv_get_info(pipes_struct *p, SRV_Q_NET_SRV_GET_INFO *q_u, SRV_R_NET_SRV_GET_INFO *r_u)
{
	WERROR status = WERR_OK;
	SRV_INFO_CTR *ctr = TALLOC_P(p->mem_ctx, SRV_INFO_CTR);

	if (!ctr)
		return WERR_NOMEM;


WERROR _srv_net_file_enum(pipes_struct *p, SRV_Q_NET_FILE_ENUM *q_u, SRV_R_NET_FILE_ENUM *r_u)
{
	r_u->ctr = TALLOC_P(p->mem_ctx, SRV_FILE_INFO_CTR);
	if (!r_u->ctr)
		return WERR_NOMEM;


{
	DEBUG(5,("srv_net_conn_enum: %d\n", __LINE__));

	r_u->ctr = TALLOC_P(p->mem_ctx, SRV_CONN_INFO_CTR);
	if (!r_u->ctr)
		return WERR_NOMEM;


{
	DEBUG(5,("_srv_net_sess_enum: %d\n", __LINE__));

	r_u->ctr = TALLOC_P(p->mem_ctx, SRV_SESS_INFO_CTR);
	if (!r_u->ctr)
		return WERR_NOMEM;


	struct tm *t;
	time_t unixdate = time(NULL);

	tod = TALLOC_P(p->mem_ctx, TIME_OF_DAY_INFO);
	if (!tod)
		return WERR_NOMEM;


Lines 97-103 Link Here

(-)samba-2.2.12-pre-CAN-2004-1154/source/rpc_server/srv_util.c (-1 / +1 lines)
97	count++)	97	count++)
98	;	98	;
99		99
100	gids = (DOM_GID )talloc(ctx, sizeof(DOM_GID) count );	100	gids = TALLOC_ARRAY(ctx, DOM_GID, count );
101	if(!gids)	101	if(!gids)
102	{	102	{
103	DEBUG(0,("make_dom_gids: talloc fail !\n"));	103	DEBUG(0,("make_dom_gids: talloc fail !\n"));

Lines 65-71 Link Here

(-)samba-2.2.12-pre-CAN-2004-1154/source/rpc_server/srv_wkssvc_nt.c (-1 / +1 lines)
65		65
66	DEBUG(5,("_wks_query_info: %d\n", __LINE__));	66	DEBUG(5,("_wks_query_info: %d\n", __LINE__));
67		67
68	wks100 = (WKS_INFO_100 *)talloc_zero(p->mem_ctx, sizeof(WKS_INFO_100));	68	wks100 = TALLOC_ZERO_P(p->mem_ctx, WKS_INFO_100);
69		69
70	if (!wks100)	70	if (!wks100)
71	return NT_STATUS_NO_MEMORY;	71	return NT_STATUS_NO_MEMORY;

Lines 142-148 Link Here

(-)samba-2.2.12-pre-CAN-2004-1154/source/rpcclient/cmd_lsarpc.c (-1 / +1 lines)
142		142
143	/* Convert arguments to sids */	143	/* Convert arguments to sids */
144		144
145	sids = (DOM_SID )talloc(mem_ctx, sizeof(DOM_SID) (argc - 1));	145	sids = TALLOC_ARRAY(mem_ctx, DOM_SID, argc - 1);
146		146
147	if (!sids) {	147	if (!sids) {
148	printf("could not allocate memory for %d sids\n", argc - 1);	148	printf("could not allocate memory for %d sids\n", argc - 1);

Lines 1045-1051 Link Here

(-)samba-2.2.12-pre-CAN-2004-1154/source/rpcclient/cmd_samr.c (-2 / +2 lines)
1045	/* Look up names */	1045	/* Look up names */
1046		1046
1047	num_names = argc - 2;	1047	num_names = argc - 2;
1048	names = (const char *)talloc(mem_ctx, sizeof(char ) * num_names);	1048	names = (const char *)TALLOC_ARRAY(mem_ctx, char , num_names);
1049		1049
1050	for (i = 0; i < argc - 2; i++)	1050	for (i = 0; i < argc - 2; i++)
1051	names[i] = argv[i + 2];	1051	names[i] = argv[i + 2];
Lines 1106-1112 Link Here
1106	/* Look up rids */	1106	/* Look up rids */
1107		1107
1108	num_rids = argc - 1;	1108	num_rids = argc - 1;
1109	rids = (uint32 )talloc(mem_ctx, sizeof(uint32) num_rids);	1109	rids = TALLOC_ARRAY(mem_ctx, uint32, num_rids);
1110		1110
1111	for (i = 0; i < argc - 1; i++)	1111	for (i = 0; i < argc - 1; i++)
1112	sscanf(argv[i + 1], "%i", &rids[i]);	1112	sscanf(argv[i + 1], "%i", &rids[i]);

Lines 1031-1037 Link Here

(-)samba-2.2.12-pre-CAN-2004-1154/source/rpcclient/cmd_spoolss.c (-1 / +1 lines)
1031	/* allocate the space; add one extra slot for a terminating NULL.	1031	/* allocate the space; add one extra slot for a terminating NULL.
1032	Each filename is NULL terminated and the end contains a double	1032	Each filename is NULL terminated and the end contains a double
1033	NULL */	1033	NULL */
1034	if ((info->dependentfiles=(uint16)talloc(mem_ctx, (len+1)sizeof(uint16))) == NULL)	1034	if ((info->dependentfiles=TALLOC_ARRAY(mem_ctx, uint16, len+1)) == NULL)
1035	{	1035	{
1036	DEBUG(0,("init_drv_info_3_members: Unable to malloc memory for dependenfiles\n"));	1036	DEBUG(0,("init_drv_info_3_members: Unable to malloc memory for dependenfiles\n"));
1037	return False;	1037	return False;




	if (!commands) 
		return NULL;

	matches = SMB_MALLOC_ARRAY( char *, MAX_COMPLETIONS );
	if (!matches) return NULL;

	matches[count++] = SMB_STRDUP(text);
	if (!matches[0]) return NULL;

	while (commands && count < MAX_COMPLETIONS-1) 

			if ((strncmp(text, commands->cmd_set[i].name, strlen(text)) == 0) &&
				commands->cmd_set[i].fn) 
			{
				matches[count] = SMB_STRDUP(commands->cmd_set[i].name);
				if (!matches[count]) 
					return NULL;
				count++;


	if (count == 2) {
		SAFE_FREE(matches[0]);
		matches[0] = SMB_STRDUP(matches[1]);
	}
	matches[count] = NULL;
	return matches;

{
	struct cmd_list *entry;

	if (!(entry = SMB_MALLOC_P(struct cmd_list))) {
		DEBUG(0, ("out of memory\n"));
		return;
	}

 again:
	while(next_token(&p, buf, " ", sizeof(buf))) {
		if (argv) {
			argv[argc] = SMB_STRDUP(buf);
		}
		
		argc++;


		/* Create argument list */

		argv = SMB_MALLOC_ARRAY( char *, argc );
                memset(argv, 0, sizeof(char *) * argc);

		if (!argv) {




   * the expiration time here.
   */

  if((blr = SMB_MALLOC_P(blocking_lock_record)) == NULL) {
    DEBUG(0,("push_blocking_lock_request: Malloc fail !\n" ));
    return False;
  }

  if((blr->inbuf = (char *)SMB_MALLOC(length)) == NULL) {
    DEBUG(0,("push_blocking_lock_request: Malloc fail (2)!\n" ));
    SAFE_FREE(blr);
    return False;

Lines 126-132 Link Here

(-)samba-2.2.12-pre-CAN-2004-1154/source/smbd/conn.c (-1 / +1 lines)
126	goto find_again;	126	goto find_again;
127	}	127	}
128		128
129	conn = (connection_struct )malloc(sizeof(conn));	129	conn = SMB_MALLOC_P(connection_struct);
130	if (!conn) return NULL;	130	if (!conn) return NULL;
131		131
132	ZERO_STRUCTP(conn);	132	ZERO_STRUCTP(conn);




  if (dptrs_open >= MAX_OPEN_DIRECTORIES)
    dptr_idleoldest();

  dptr = SMB_MALLOC_P(dptr_struct);
  if(!dptr) {
    DEBUG(0,("malloc fail in dptr_create.\n"));
    return -1;

  
	if (!p)
		return(NULL);
	dirp = SMB_MALLOC_P(Dir);
	if (!dirp) {
		DEBUG(0,("Out of memory in OpenDir\n"));
		conn->vfs_ops.closedir(conn,p);

		if (used + l > dirp->mallocsize) {
			int s = MAX(used+l,used+2000);
			char *r;
			r = (char *)SMB_REALLOC(dirp->data,s);
			if (!r) {
				DEBUG(0,("Out of memory in OpenDir\n"));
				break;

   */
  pathlen = strlen( path ) +1;  /* Bytes required to store path (with nul). */
  namelen = strlen( name ) +1;  /* Bytes required to store name (with nul). */
  entry = (dir_cache_entry *)SMB_MALLOC( sizeof( dir_cache_entry )
                                   + pathlen
                                   + namelen
                                   + strlen( dname ) +1 );

Lines 660-666 Link Here

(-)samba-2.2.12-pre-CAN-2004-1154/source/smbd/fileio.c (-2 / +2 lines)
660	if(alloc_size == 0 \|\| fsp->wcp)	660	if(alloc_size == 0 \|\| fsp->wcp)
661	return False;	661	return False;
662		662
663	if((wcp = (write_cache *)malloc(sizeof(write_cache))) == NULL) {	663	if((wcp = SMB_MALLOC_P(write_cache)) == NULL) {
664	DEBUG(0,("setup_write_cache: malloc fail.\n"));	664	DEBUG(0,("setup_write_cache: malloc fail.\n"));
665	return False;	665	return False;
666	}	666	}
Lines 669-675 Link Here
669	wcp->offset = 0;	669	wcp->offset = 0;
670	wcp->alloc_size = alloc_size;	670	wcp->alloc_size = alloc_size;
671	wcp->data_size = 0;	671	wcp->data_size = 0;
672	if((wcp->data = malloc(wcp->alloc_size)) == NULL) {	672	if((wcp->data = SMB_MALLOC(wcp->alloc_size)) == NULL) {
673	DEBUG(0,("setup_write_cache: malloc fail for buffer size %u.\n",	673	DEBUG(0,("setup_write_cache: malloc fail for buffer size %u.\n",
674	(unsigned int)wcp->alloc_size ));	674	(unsigned int)wcp->alloc_size ));
675	SAFE_FREE(wcp);	675	SAFE_FREE(wcp);

Lines 94-100 Link Here

(-)samba-2.2.12-pre-CAN-2004-1154/source/smbd/files.c (-1 / +1 lines)
94	return NULL;	94	return NULL;
95	}	95	}
96		96
97	fsp = (files_struct )malloc(sizeof(fsp));	97	fsp = SMB_MALLOC_P(files_struct);
98	if (!fsp) {	98	if (!fsp) {
99	unix_ERR_class = ERRSRV;	99	unix_ERR_class = ERRSRV;
100	unix_ERR_code = ERRnofids;	100	unix_ERR_code = ERRnofids;





static BOOL api_rpc_trans_reply(char *outbuf, pipes_struct *p)
{
	char *rdata = SMB_MALLOC(p->max_trans_reply);
	int data_len;

	if(rdata == NULL) {

		goto bad_param;
  
	if (tdscnt)  {
		if((data = (char *)SMB_MALLOC(tdscnt)) == NULL) {
			DEBUG(0,("reply_trans: data malloc fail for %u bytes !\n", tdscnt));
			END_PROFILE(SMBtrans);
			return(ERROR_DOS(ERRDOS,ERRnomem));

	}

	if (tpscnt) {
		if((params = (char *)SMB_MALLOC(tpscnt)) == NULL) {
			DEBUG(0,("reply_trans: param malloc fail for %u bytes !\n", tpscnt));
			SAFE_FREE(data);
			END_PROFILE(SMBtrans);


	if (suwcnt) {
		int i;
		if((setup = SMB_MALLOC_ARRAY(uint16, suwcnt)) == NULL) {
			DEBUG(0,("reply_trans: setup malloc fail for %u bytes !\n", (unsigned int)(suwcnt * sizeof(uint16))));
			SAFE_FREE(data);
			SAFE_FREE(params);




		 */
		*rdata_len = 0;
		*rparam_len = 6;
		*rparam = SMB_REALLOC_LIMIT(*rparam,*rparam_len);
		SSVALS(*rparam,0,ERRunknownlevel);
		SSVAL(*rparam,2,0);
		SSVAL(*rparam,4,0);

	}

	if (mdrcnt > 0) {
		*rdata = SMB_REALLOC_LIMIT(*rdata,mdrcnt);
		desc.base = *rdata;
		desc.buflen = mdrcnt;
	} else {

		 * init_package will return wrong size if buflen=0
		 */
		desc.buflen = getlen(desc.format);
		desc.base = tmpdata = (char *) SMB_MALLOC (desc.buflen);
	}

	if (init_package(&desc,1,count)) {

	*rdata_len = desc.usedlen;
  
	*rparam_len = 6;
	*rparam = SMB_REALLOC_LIMIT(*rparam,*rparam_len);
	SSVALS(*rparam,0,desc.errcode);
	SSVAL(*rparam,2,0);
	SSVAL(*rparam,4,desc.neededlen);

     */
    *rdata_len = 0;
    *rparam_len = 6;
    *rparam = SMB_REALLOC_LIMIT(*rparam,*rparam_len);
    SSVALS(*rparam,0,ERRunknownlevel);
    SSVAL(*rparam,2,0);
    SSVAL(*rparam,4,0);

    if (lp_snum_ok(i) && lp_print_ok(i) && lp_browseable(i))
      queuecnt++;
  if (uLevel > 0) {
    if((queue = SMB_MALLOC_ARRAY(print_queue_struct *, queuecnt)) == NULL) {
      DEBUG(0,("api_DosPrintQEnum: malloc fail !\n"));
      return False;
    }
    memset(queue,0,queuecnt*sizeof(print_queue_struct*));
    if((status = SMB_MALLOC_ARRAY(print_status_struct, queuecnt)) == NULL) {
      DEBUG(0,("api_DosPrintQEnum: malloc fail !\n"));
      return False;
    }
    memset(status,0,queuecnt*sizeof(print_status_struct));
    if((subcntarr = SMB_MALLOC_ARRAY(int, queuecnt)) == NULL) {
      DEBUG(0,("api_DosPrintQEnum: malloc fail !\n"));
      return False;
    }

 	n++;
      }
  }
  if (mdrcnt > 0) *rdata = SMB_REALLOC_LIMIT(*rdata,mdrcnt);
  desc.base = *rdata;
  desc.buflen = mdrcnt;


 
  *rdata_len = desc.usedlen;
  *rparam_len = 8;
  *rparam = SMB_REALLOC_LIMIT(*rparam,*rparam_len);
  SSVALS(*rparam,0,desc.errcode);
  SSVAL(*rparam,2,0);
  SSVAL(*rparam,4,succnt);

      struct srv_info_struct *ts;

      alloced += 10;
      ts = SMB_REALLOC_ARRAY(*servers, struct srv_info_struct, alloced);
	Realloc(*servers,sizeof(**servers)*alloced);
      if (!ts) {
        DEBUG(0,("get_server_info: failed to enlarge servers info struct!\n"));
        return(0);

  }

  *rdata_len = fixed_len + string_len;
  *rdata = SMB_REALLOC_LIMIT(*rdata,*rdata_len);
  memset(*rdata,'\0',*rdata_len);
  
  p2 = (*rdata) + fixed_len;	/* auxilliary data (strings) will go here */

  }
  
  *rparam_len = 8;
  *rparam = SMB_REALLOC_LIMIT(*rparam,*rparam_len);
  SSVAL(*rparam,0,(missed == 0 ? NERR_Success : ERRmoredata));
  SSVAL(*rparam,2,0);
  SSVAL(*rparam,4,counted);

  *rdata_len = 0;
  
  *rparam_len = 8;
  *rparam = SMB_REALLOC_LIMIT(*rparam,*rparam_len);

  SSVAL(*rparam,0,0x08AC); /* informational warning message */
  SSVAL(*rparam,2,0);

  if (!prefix_ok(str1,"zWrLh")) return False;
  if (!check_share_info(uLevel,str2)) return False;
 
  *rdata = SMB_REALLOC_LIMIT(*rdata,mdrcnt);
  p = *rdata;
  *rdata_len = fill_share_info(conn,snum,uLevel,&p,&mdrcnt,0,0,0);
  if (*rdata_len < 0) return False;
 
  *rparam_len = 6;
  *rparam = SMB_REALLOC_LIMIT(*rparam,*rparam_len);
  SSVAL(*rparam,0,NERR_Success);
  SSVAL(*rparam,2,0);		/* converter word */
  SSVAL(*rparam,4,*rdata_len);

        missed = True;
    }
  *rdata_len = fixed_len + string_len;
  *rdata = SMB_REALLOC_LIMIT(*rdata,*rdata_len);
  memset(*rdata,0,*rdata_len);
  
  p2 = (*rdata) + fixed_len;	/* auxillery data (strings) will go here */

 	break;
  
  *rparam_len = 8;
  *rparam = SMB_REALLOC_LIMIT(*rparam,*rparam_len);
  SSVAL(*rparam,0,missed ? ERRmoredata : NERR_Success);
  SSVAL(*rparam,2,0);
  SSVAL(*rparam,4,counted);

{
  char *p;
  *rparam_len = 4;
  *rparam = SMB_REALLOC_LIMIT(*rparam,*rparam_len);

  *rdata_len = 21;
  *rdata = SMB_REALLOC_LIMIT(*rdata,*rdata_len);

  SSVAL(*rparam,0,NERR_Success);
  SSVAL(*rparam,2,0);		/* converter word */

  memcpy(pass2,p+16,16);

  *rparam_len = 4;
  *rparam = SMB_REALLOC_LIMIT(*rparam,*rparam_len);

  *rdata_len = 0;


  fstring user;
  char *p = param + 2;
  *rparam_len = 2;
  *rparam = SMB_REALLOC_LIMIT(*rparam,*rparam_len);

  *rdata_len = 0;


		return(False);

	*rparam_len = 4;
	*rparam = SMB_REALLOC_LIMIT(*rparam,*rparam_len);	
	*rdata_len = 0;

	if (!print_job_exists(jobid)) {

		return(False);

	*rparam_len = 4;
	*rparam = SMB_REALLOC_LIMIT(*rparam,*rparam_len);
	*rdata_len = 0;

	snum = print_queue_snum(QueueName);


	jobid = SVAL(p,0);
	*rparam_len = 4;
	*rparam = SMB_REALLOC_LIMIT(*rparam,*rparam_len);
  
	*rdata_len = 0;
	

  }

  *rdata_len = mdrcnt;
  *rdata = SMB_REALLOC_LIMIT(*rdata,*rdata_len);

  p = *rdata;
  p2 = p + struct_len;

  *rdata_len = PTR_DIFF(p2,*rdata);

  *rparam_len = 6;
  *rparam = SMB_REALLOC_LIMIT(*rparam,*rparam_len);
  SSVAL(*rparam,0,NERR_Success);
  SSVAL(*rparam,2,0);		/* converter word */
  SSVAL(*rparam,4,*rdata_len);

  DEBUG(4,("NetWkstaGetInfo level %d\n",level));

  *rparam_len = 6;
  *rparam = SMB_REALLOC_LIMIT(*rparam,*rparam_len);

  /* check it's a supported varient */
  if (!(level==10 && strcsequal(str1,"WrLh") && strcsequal(str2,"zzzBBzz")))
    return(False);

  *rdata_len = mdrcnt + 1024;
  *rdata = SMB_REALLOC_LIMIT(*rdata,*rdata_len);

  SSVAL(*rparam,0,NERR_Success);
  SSVAL(*rparam,2,0);		/* converter word */

	       vuser->user.unix_name));

    *rparam_len = 6;
    *rparam = SMB_REALLOC_LIMIT(*rparam,*rparam_len);

    DEBUG(4,("RNetUserGetInfo level=%d\n", uLevel));
  

	if (strcmp(level_string,str2) != 0) return False;

	*rdata_len = mdrcnt + 1024;
	*rdata = SMB_REALLOC_LIMIT(*rdata,*rdata_len);

	SSVAL(*rparam,0,NERR_Success);
	SSVAL(*rparam,2,0);		/* converter word */

  int count=0;

  *rparam_len = 8;
  *rparam = SMB_REALLOC_LIMIT(*rparam,*rparam_len);

  /* check it's a supported varient */
  if (strcmp(str1,"zWrLeh") != 0) return False;

  if (strcmp(level_string,str2) != 0) return False;

  *rdata_len = mdrcnt + 1024;
  *rdata = SMB_REALLOC_LIMIT(*rdata,*rdata_len);

  SSVAL(*rparam,0,NERR_Success);
  SSVAL(*rparam,2,0);		/* converter word */

  /* check it's a supported varient */
  if (strcmp(str1,"OOWb54WrLh") != 0) return False;
  if (uLevel != 1 || strcmp(str2,"WB21BWDWWDDDDDDDzzzD") != 0) return False;
  if (mdrcnt > 0) *rdata = SMB_REALLOC_LIMIT(*rdata,mdrcnt);
  desc.base = *rdata;
  desc.buflen = mdrcnt;
  desc.subformat = NULL;


  *rdata_len = desc.usedlen;
  *rparam_len = 6;
  *rparam = SMB_REALLOC_LIMIT(*rparam,*rparam_len);
  SSVALS(*rparam,0,desc.errcode);
  SSVAL(*rparam,2,0);
  SSVAL(*rparam,4,desc.neededlen);

  if (strcmp(str2,"") != 0) return False;

  *rparam_len = 6;
  *rparam = SMB_REALLOC_LIMIT(*rparam,*rparam_len);
  SSVALS(*rparam,0,0);		/* errorcode */
  SSVAL(*rparam,2,0);		/* converter word */
  SSVAL(*rparam,4,0x7f);	/* permission flags */

  }

  if (mdrcnt > 0) {
    *rdata = SMB_REALLOC_LIMIT(*rdata,mdrcnt);
    desc.base = *rdata;
    desc.buflen = mdrcnt;
  } else {

     *  init_package will return wrong size if buflen=0
     */
    desc.buflen = getlen(desc.format);
    desc.base = tmpdata = (char *)SMB_MALLOC ( desc.buflen );
  }

  if (init_package(&desc,1,0)) {

  }

  *rparam_len = 6;
  *rparam = SMB_REALLOC_LIMIT(*rparam,*rparam_len);
  SSVALS(*rparam,0,desc.errcode);
  SSVAL(*rparam,2,0);
  SSVAL(*rparam,4,desc.neededlen);

  if (snum < 0 || !VALID_SNUM(snum)) return(False);

  count = print_queue_status(snum,&queue,&status);
  if (mdrcnt > 0) *rdata = SMB_REALLOC_LIMIT(*rdata,mdrcnt);
  desc.base = *rdata;
  desc.buflen = mdrcnt;


  *rdata_len = desc.usedlen;

  *rparam_len = 8;
  *rparam = SMB_REALLOC_LIMIT(*rparam,*rparam_len);
  SSVALS(*rparam,0,desc.errcode);
  SSVAL(*rparam,2,0);
  SSVAL(*rparam,4,succnt);

  }
  else {
    if (mdrcnt > 0) {
      *rdata = SMB_REALLOC_LIMIT(*rdata,mdrcnt);
      desc.base = *rdata;
      desc.buflen = mdrcnt;
    } else {

       *  init_package will return wrong size if buflen=0
       */
      desc.buflen = getlen(desc.format);
      desc.base = tmpdata = (char *)SMB_MALLOC ( desc.buflen );
    }
    if (init_package(&desc,1,0)) {
      fill_printdest_info(conn,snum,uLevel,&desc);

  }

  *rparam_len = 6;
  *rparam = SMB_REALLOC_LIMIT(*rparam,*rparam_len);
  SSVALS(*rparam,0,desc.errcode);
  SSVAL(*rparam,2,0);
  SSVAL(*rparam,4,desc.neededlen);

    if (lp_snum_ok(i) && lp_print_ok(i) && lp_browseable(i))
      queuecnt++;

  if (mdrcnt > 0) *rdata = SMB_REALLOC_LIMIT(*rdata,mdrcnt);
  desc.base = *rdata;
  desc.buflen = mdrcnt;
  if (init_package(&desc,queuecnt,0)) {    

  *rdata_len = desc.usedlen;

  *rparam_len = 8;
  *rparam = SMB_REALLOC_LIMIT(*rparam,*rparam_len);
  SSVALS(*rparam,0,desc.errcode);
  SSVAL(*rparam,2,0);
  SSVAL(*rparam,4,succnt);

  if (strcmp(str1,"WrLeh") != 0) return False;
  if (uLevel != 0 || strcmp(str2,"B41") != 0) return False;

  if (mdrcnt > 0) *rdata = SMB_REALLOC_LIMIT(*rdata,mdrcnt);
  desc.base = *rdata;
  desc.buflen = mdrcnt;
  if (init_package(&desc,1,0)) {

  *rdata_len = desc.usedlen;

  *rparam_len = 8;
  *rparam = SMB_REALLOC_LIMIT(*rparam,*rparam_len);
  SSVALS(*rparam,0,desc.errcode);
  SSVAL(*rparam,2,0);
  SSVAL(*rparam,4,succnt);

  if (strcmp(str1,"WrLeh") != 0) return False;
  if (uLevel != 0 || strcmp(str2,"B13") != 0) return False;

  if (mdrcnt > 0) *rdata = SMB_REALLOC_LIMIT(*rdata,mdrcnt);
  desc.base = *rdata;
  desc.buflen = mdrcnt;
  desc.format = str2;

  *rdata_len = desc.usedlen;

  *rparam_len = 8;
  *rparam = SMB_REALLOC_LIMIT(*rparam,*rparam_len);
  SSVALS(*rparam,0,desc.errcode);
  SSVAL(*rparam,2,0);
  SSVAL(*rparam,4,succnt);

  if (strcmp(str1,"WrLeh") != 0) return False;
  if (uLevel != 0 || strcmp(str2,"B9") != 0) return False;

  if (mdrcnt > 0) *rdata = SMB_REALLOC_LIMIT(*rdata,mdrcnt);
  memset((char *)&desc,'\0',sizeof(desc));
  desc.base = *rdata;
  desc.buflen = mdrcnt;

  *rdata_len = desc.usedlen;

  *rparam_len = 8;
  *rparam = SMB_REALLOC_LIMIT(*rparam,*rparam_len);
  SSVALS(*rparam,0,desc.errcode);
  SSVAL(*rparam,2,0);
  SSVAL(*rparam,4,succnt);

			 int *rdata_len,int *rparam_len)
{
  *rparam_len = MIN(*rparam_len,mprcnt);
  *rparam = SMB_REALLOC_LIMIT(*rparam,*rparam_len);

  *rdata_len = 0;


			    int *rdata_len,int *rparam_len)
{
  *rparam_len = 4;
  *rparam = SMB_REALLOC_LIMIT(*rparam,*rparam_len);

  *rdata_len = 0;


    }
  }

  rdata = (char *)SMB_MALLOC(1024);
  if (rdata)
    memset(rdata,'\0',1024);

  rparam = (char *)SMB_MALLOC(1024);
  if (rparam)
    memset(rparam,'\0',1024);






  /* Allocate a new cache entry.  If the allocation fails, just return. */
  i = sizeof( ubi_cacheEntry ) + mangled_len + raw_len + 2;
  new_entry = SMB_MALLOC( i );
  if( !new_entry )
    return;


    ext_start = strrchr( s, '.' );
    if( ext_start )
    {
      if((saved_ext = SMB_STRDUP(ext_start)) == NULL)
        return False;

      *ext_start = '\0';


		/* mangle it into 8.3 */
		if (cache83)
			tmp = SMB_STRDUP(OutName);

		mangle_name_83(OutName);





{
	if (prefix_cache) return True;

	prefix_cache = SMB_CALLOC_ARRAY(char *, MANGLE_CACHE_SIZE);
	if (!prefix_cache) return False;

	prefix_cache_hashes = SMB_CALLOC_ARRAY(u32, MANGLE_CACHE_SIZE);
	if (!prefix_cache_hashes) return False;

	return True;

		free(prefix_cache[i]);
	}

	prefix_cache[i] = SMB_STRNDUP(prefix, length);
	prefix_cache_hashes[i] = hash;
}


	DEBUG(10,("is_mangled %s ?\n", name));

	for (s=name; (p=strchr(s, '/')); s=p+1) {
		char *component = SMB_STRNDUP(s, PTR_DIFF(p, s));
		if (is_mangled_component(component)) {
			free(component);
			return True;

Lines 178-184 Link Here

(-)samba-2.2.12-pre-CAN-2004-1154/source/smbd/notify.c (-1 / +1 lines)
178	{	178	{
179	struct change_notify *cnbp;	179	struct change_notify *cnbp;
180		180
181	if((cnbp = (struct change_notify )malloc(sizeof(cnbp))) == NULL) {	181	if((cnbp = SMB_MALLOC_P(struct change_notify)) == NULL) {
182	DEBUG(0,("call_nt_transact_notify_change: malloc fail !\n" ));	182	DEBUG(0,("call_nt_transact_notify_change: malloc fail !\n" ));
183	return -1;	183	return -1;
184	}	184	}




		return ret;

	/* Realloc the size of parameters and data we will return */
	params = SMB_REALLOC(*ppparams, 69);
	if(params == NULL)
		return ERROR_DOS(ERRDOS,ERRnomem);


	}

	/* Realloc the size of parameters and data we will return */
	params = SMB_REALLOC(*ppparams, 69);
	if(params == NULL)
		return ERROR_DOS(ERRDOS,ERRnomem);



  DEBUG(3,("call_nt_transact_query_security_desc: file = %s\n", fsp->fsp_name ));

  params = SMB_REALLOC(*ppparams, 4);
  if(params == NULL)
    return ERROR_DOS(ERRDOS,ERRnomem);


   * Allocate the data we will point this at.
   */

  data = SMB_REALLOC(*ppdata, sd_size);
  if(data == NULL) {
    talloc_destroy(mem_ctx);
    return ERROR_DOS(ERRDOS,ERRnomem);

	/* Allocate the space for the setup, the maximum needed parameters and data */

	if(setup_count > 0)
		setup = (char *)SMB_MALLOC(setup_count);
	if (total_parameter_count > 0)
		params = (char *)SMB_MALLOC(total_parameter_count);
	if (total_data_count > 0)
		data = (char *)SMB_MALLOC(total_data_count);
 
	if ((total_parameter_count && !params)  || (total_data_count && !data) ||
				(setup_count && !setup)) {




	 * messages crossing on the wire.
	 */

	if((inbuf = (char *)SMB_MALLOC(BUFFER_SIZE + LARGE_WRITEX_HDR_SIZE + SAFETY_MARGIN))==NULL) {
		DEBUG(0,("oplock_break: malloc fail for input buffer.\n"));
		return False;
	}

	if((outbuf = (char *)SMB_MALLOC(BUFFER_SIZE + LARGE_WRITEX_HDR_SIZE + SAFETY_MARGIN))==NULL) {
		DEBUG(0,("oplock_break: malloc fail for output buffer.\n"));
		SAFE_FREE(inbuf);
		return False;




	size_t num_sids = 0;
	fstring sid_str;

	if ((token = SMB_MALLOC_P(NT_USER_TOKEN ) ) == NULL)
		return NULL;

	ZERO_STRUCTP(token);

	if (sup_tok && sup_tok->num_sids)
		num_sids += sup_tok->num_sids;

	if ((token->user_sids = SMB_MALLOC_ARRAY( DOM_SID, num_sids)) == NULL) {
		SAFE_FREE(token);
		return NULL;
	}

	if (num_validated_vuids >= 0xFFFF-VUID_OFFSET)
		return UID_FIELD_INVALID;

	if((vuser = SMB_MALLOC_P(user_struct)) == NULL) {
		DEBUG(0,("Failed to malloc users struct!\n"));
		return UID_FIELD_INVALID;
	}

		/* now check the list of session users */
		if (!ok) {
			char *auser;
			char *user_list = SMB_STRDUP(session_users);
			if (!user_list)
				return(False);


	if (!cli_initialise(cli))
		return NULL;

	pserver = SMB_STRDUP(lp_passwordserver());
	p = pserver;

	while(next_token( &p, desthost, LIST_SEP, sizeof(desthost))) {


static BOOL grab_server_mutex(const char *name)
{
	mutex_server_name = SMB_STRDUP(name);
	if (!mutex_server_name) {
		DEBUG(0,("grab_server_mutex: malloc failed for %s\n", name));
		return False;

 
		*pptoken = NULL;
 
		if ((ptok = SMB_MALLOC_P(NT_USER_TOKEN) ) == NULL) {
			DEBUG(0, ("domain_client_validate: Out of memory allocating NT_USER_TOKEN\n"));
			release_server_mutex();
			return False;
		}
 
		ptok->num_sids = (size_t)info3.num_groups2 + info3.num_other_sids;
		if ((ptok->user_sids = SMB_MALLOC_ARRAY( DOM_SID, ptok->num_sids )) == NULL) {
			DEBUG(0, ("domain_client_validate: Out of memory allocating group SIDS\n"));
			SAFE_FREE(ptok);
			release_server_mutex();





static canon_ace *dup_canon_ace( canon_ace *src_ace)
{
	canon_ace *dst_ace = SMB_MALLOC_P(canon_ace);

	if (dst_ace == NULL)
		return NULL;

	}

	if (!got_user) {
		if ((pace = SMB_MALLOC_P(canon_ace)) == NULL) {
			DEBUG(0,("ensure_canon_entry_valid: malloc fail.\n"));
			return False;
		}

	}

	if (!got_grp) {
		if ((pace = SMB_MALLOC_P(canon_ace)) == NULL) {
			DEBUG(0,("ensure_canon_entry_valid: malloc fail.\n"));
			return False;
		}

	}

	if (!got_other) {
		if ((pace = SMB_MALLOC_P(canon_ace)) == NULL) {
			DEBUG(0,("ensure_canon_entry_valid: malloc fail.\n"));
			return False;
		}

		 * Create a cannon_ace entry representing this NT DACL ACE.
		 */

		if ((current_ace = SMB_MALLOC_P(canon_ace)) == NULL) {
			free_canon_ace_list(file_ace);
			free_canon_ace_list(dir_ace);
			DEBUG(0,("create_canon_ace_lists: malloc fail.\n"));

		 * Add this entry to the list.
		 */

		if ((ace = SMB_MALLOC_P(canon_ace)) == NULL)
			goto fail;

		ZERO_STRUCTP(ace);

		num_dir_acls = count_canon_ace_list(dir_ace);

		/* Allocate the ace list. */
		if ((nt_ace_list = SMB_MALLOC_ARRAY(SEC_ACE, num_acls + num_profile_acls + num_dir_acls)) == NULL) {
			DEBUG(0,("get_nt_acl: Unable to malloc space for nt_ace_list.\n"));
			goto done;
		}





static BOOL push_message(ubi_slList *list_head, char *buf, int msg_len)
{
  pending_message_list *msg = SMB_MALLOC_P(pending_message_list);
                               malloc(sizeof(pending_message_list));

  if(msg == NULL)
  {

    return False;
  }

  msg->msg_buf = (char *)SMB_MALLOC(msg_len);
  if(msg->msg_buf == NULL)
  {
    DEBUG(0,("push_message: malloc fail (2)\n"));

	time_t last_timeout_processing_time = time(NULL);
	unsigned int num_smbs = 0;

	InBuffer = (char *)SMB_MALLOC(BUFFER_SIZE + LARGE_WRITEX_HDR_SIZE + SAFETY_MARGIN);
	OutBuffer = (char *)SMB_MALLOC(BUFFER_SIZE + LARGE_WRITEX_HDR_SIZE + SAFETY_MARGIN);
	if ((InBuffer == NULL) || (OutBuffer == NULL)) 
		return;


Lines 1470-1476 Link Here

(-)samba-2.2.12-pre-CAN-2004-1154/source/smbd/reply.c (-2 / +2 lines)
1470	END_PROFILE(SMBsearch);	1470	END_PROFILE(SMBsearch);
1471	return ERROR_DOS(ERRDOS,ERRnofids);	1471	return ERROR_DOS(ERRDOS,ERRnofids);
1472	}	1472	}
1473	dptr_set_wcard(dptr_num, strdup(mask));	1473	dptr_set_wcard(dptr_num, SMB_STRDUP(mask));
1474	dptr_set_attr(dptr_num, dirtype);	1474	dptr_set_attr(dptr_num, dirtype);
1475	} else {	1475	} else {
1476	dirtype = dptr_attr(dptr_num);	1476	dirtype = dptr_attr(dptr_num);
Lines 4990-4996 Link Here
4990	if(fsp->wbmpx_ptr != NULL)	4990	if(fsp->wbmpx_ptr != NULL)
4991	wbms = fsp->wbmpx_ptr; /* Use an existing struct */	4991	wbms = fsp->wbmpx_ptr; /* Use an existing struct */
4992	else	4992	else
4993	wbms = (write_bmpx_struct *)malloc(sizeof(write_bmpx_struct));	4993	wbms = SMB_MALLOC_P(write_bmpx_struct);
4994		4994
4995	if(!wbms) {	4995	if(!wbms) {
4996	DEBUG(0,("Out of memory in reply_readmpx\n"));	4996	DEBUG(0,("Out of memory in reply_readmpx\n"));




		goto fail;
	}

	if((groups = SMB_MALLOC_ARRAY(gid_t, ngroups+1)) == NULL) {
		DEBUG(0,("setup_groups malloc fail !\n"));
		goto fail;
	}

	if (!ptoken)
		return NULL;

    if ((token = SMB_MALLOC_P(NT_USER_TOKEN) ) == NULL)
        return NULL;

    ZERO_STRUCTP(token);

	ctx_p->ngroups = sys_getgroups(0, NULL);

	if (ctx_p->ngroups != 0) {
		if (!(ctx_p->groups = SMB_MALLOC_ARRAY(gid_t, ctx_p->ngroups))) {
			DEBUG(0, ("Out of memory in push_sec_ctx()\n"));
			delete_nt_token(&ctx_p->token);
			return False;

Lines 103-109 Link Here

(-)samba-2.2.12-pre-CAN-2004-1154/source/smbd/statcache.c (-2 / +2 lines)
103	return;	103	return;
104	} else {	104	} else {
105	hash_remove(&stat_cache, hash_elem);	105	hash_remove(&stat_cache, hash_elem);
106	if((scp = (stat_cache_entry )malloc(sizeof(stat_cache_entry)+2namelen)) == NULL) {	106	if((scp = (stat_cache_entry )SMB_MALLOC(sizeof(stat_cache_entry)+2namelen)) == NULL) {
107	DEBUG(0,("stat_cache_add: Out of memory !\n"));	107	DEBUG(0,("stat_cache_add: Out of memory !\n"));
108	return;	108	return;
109	}	109	}
Lines 119-125 Link Here
119	* New entry.	119	* New entry.
120	*/	120	*/
121		121
122	if((scp = (stat_cache_entry )malloc(sizeof(stat_cache_entry)+2namelen)) == NULL) {	122	if((scp = (stat_cache_entry )SMB_MALLOC(sizeof(stat_cache_entry)+2namelen)) == NULL) {
123	DEBUG(0,("stat_cache_add: Out of memory !\n"));	123	DEBUG(0,("stat_cache_add: Out of memory !\n"));
124	return;	124	return;
125	}	125	}




	}

	/* Realloc the size of parameters and data we will return */
	params = SMB_REALLOC(*pparams, 28);
	if( params == NULL )
		return(ERROR_DOS(ERRDOS,ERRnomem));
	*pparams = params;


	DEBUG(5,("dir=%s, mask = %s\n",directory, mask));

	pdata = SMB_REALLOC(*ppdata, max_data_bytes + DIR_ENTRY_SAFETY_MARGIN);
	if( pdata == NULL )
		return(ERROR_DOS(ERRDOS,ERRnomem));
	*ppdata = pdata;
	memset((char *)pdata,'\0',max_data_bytes + DIR_ENTRY_SAFETY_MARGIN);

	/* Realloc the params space */
	params = SMB_REALLOC(*pparams, 10);
	if( params == NULL )
		return ERROR_DOS(ERRDOS,ERRnomem);
	*pparams = params;

	/* Save the wildcard match and attribs we are using on this directory - 
		needed as lanman2 assumes these are being saved between calls */

	if(!(wcard = SMB_STRDUP(mask))) {
		dptr_close(&dptr_num);
		return ERROR_DOS(ERRDOS,ERRnomem);
	}

			return ERROR_DOS(ERRDOS,ERRunknownlevel);
	}

	pdata = SMB_REALLOC( *ppdata, max_data_bytes + DIR_ENTRY_SAFETY_MARGIN);
	if(pdata == NULL)
		return ERROR_DOS(ERRDOS,ERRnomem);


	memset((char *)pdata,'\0',max_data_bytes + DIR_ENTRY_SAFETY_MARGIN);

	/* Realloc the params space */
	params = SMB_REALLOC(*pparams, 6*SIZEOFWORD);
	if( params == NULL )
		return ERROR_DOS(ERRDOS,ERRnomem);
	*pparams = params;

		return ERROR_DOS(ERRSRV,ERRinvdevice);
	}

	pdata = SMB_REALLOC(*ppdata, max_data_bytes + DIR_ENTRY_SAFETY_MARGIN);
	if ( pdata == NULL )
		return ERROR_DOS(ERRDOS,ERRnomem);


	/* from now on we only want the part after the / */
	fname = p;
  
	params = SMB_REALLOC(*pparams,2);
	if ( params == NULL )
	  return ERROR_DOS(ERRDOS,ERRnomem);
	*pparams	= params;
	memset((char *)params,'\0',2);
	data_size = max_data_bytes + DIR_ENTRY_SAFETY_MARGIN;
	pdata = SMB_REALLOC(*ppdata, data_size); 
	if ( pdata == NULL )
		return ERROR_DOS(ERRDOS,ERRnomem);
	*ppdata	= pdata;

		tran_call,fname,info_level,total_data));

	/* Realloc the parameter and data sizes */
	params = SMB_REALLOC(*pparams,2);
	if(params == NULL)
		return ERROR_DOS(ERRDOS,ERRnomem);
	*pparams = params;

	}

	/* Realloc the parameter and data sizes */
	params = SMB_REALLOC(*pparams,2);
	if(params == NULL)
		return ERROR_DOS(ERRDOS,ERRnomem);
	*pparams = params;

	}

	/* Realloc the parameter and data sizes */
	params = SMB_REALLOC(*pparams,6);
	if(params == NULL)
		return ERROR_DOS(ERRDOS,ERRnomem);
	*pparams = params;

	DEBUG(3,("call_trans2findnotifynext\n"));

	/* Realloc the parameter and data sizes */
	params = SMB_REALLOC(*pparams,4);
	if(params == NULL)
		return ERROR_DOS(ERRDOS,ERRnomem);
	*pparams = params;


	if ((SVAL(inbuf,(smb_setup+4)) == LMCAT_SPL) &&
			(SVAL(inbuf,(smb_setup+6)) == LMFUNC_GETJOBID)) {
		pdata = SMB_REALLOC(*ppdata, 32);
		if(pdata == NULL)
			return ERROR_DOS(ERRDOS,ERRnomem);
		*ppdata = pdata;

    
	/* Allocate the space for the maximum needed parameters and data */
	if (total_params > 0)
		params = (char *)SMB_MALLOC(total_params);
	if (total_data > 0)
		data = (char *)SMB_MALLOC(total_data);
  
	if ((total_params && !params)  || (total_data && !data)) {
		DEBUG(2,("Out of memory in reply_trans2\n"));





	total_groups = current_n_groups + ptok->num_sids;
 
	final_groups = SMB_MALLOC_ARRAY(gid_t, total_groups );
	if (!final_groups) {
		DEBUG(0,("add_supplementary_nt_login_groups: Failed to malloc new groups.\n"));
		delete_nt_token(&new_tok);

		}
	}

	pc = SMB_MALLOC_P(struct uid_sid_cache);
	if (!pc)
		return;
	pc->uid = uid;

		}
	}

	pc = SMB_MALLOC_P(struct gid_sid_cache);
	if (!pc)
		return;
	pc->gid = gid;

Lines 504-510 Link Here

(-)samba-2.2.12-pre-CAN-2004-1154/source/smbd/vfs.c (-2 / +2 lines)
504		504
505	/* Create new vfs option */	505	/* Create new vfs option */
506		506
507	new_option = (struct vfs_options )malloc(sizeof(new_option));	507	new_option = SMB_MALLOC_P(struct vfs_options);
508	if (new_option == NULL) {	508	if (new_option == NULL) {
509	return False;	509	return False;
510	}	510	}
Lines 601-607 Link Here
601	if (element == 0)	601	if (element == 0)
602	return;	602	return;
603		603
604	p = (char *)malloc(elsize);	604	p = (char *)SMB_MALLOC(elsize);
605		605
606	if (!p) {	606	if (!p) {
607	DEBUG(5,("array_promote: malloc fail\n"));	607	DEBUG(5,("array_promote: malloc fail\n"));

Lines 111-117 Link Here

(-)samba-2.2.12-pre-CAN-2004-1154/source/smbwrapper/shared.c (-2 / +2 lines)
111	if (fstat(shared_fd, &st)) goto failed;	111	if (fstat(shared_fd, &st)) goto failed;
112		112
113	if (st.st_size != shared_size) {	113	if (st.st_size != shared_size) {
114	variables = (char *)Realloc(variables, st.st_size);	114	variables = (char *)SMB_REALLOC(variables, st.st_size);
115	if (!variables) goto failed;	115	if (!variables) goto failed;
116	shared_size = st.st_size;	116	shared_size = st.st_size;
117	lseek(shared_fd, 0, SEEK_SET);	117	lseek(shared_fd, 0, SEEK_SET);
Lines 165-171 Link Here
165	l1 = strlen(name)+1;	165	l1 = strlen(name)+1;
166	l2 = strlen(val)+1;	166	l2 = strlen(val)+1;
167		167
168	variables = (char *)Realloc(variables, shared_size + l1+l2+4);	168	variables = (char *)SMB_REALLOC(variables, shared_size + l1+l2+4);
169		169
170	if (!variables) {	170	if (!variables) {
171	DEBUG(0,("out of memory in smbw_setshared\n"));	171	DEBUG(0,("out of memory in smbw_setshared\n"));

Lines 80-88 Link Here

(-)samba-2.2.12-pre-CAN-2004-1154/source/smbwrapper/smbw_dir.c (-3 / +1 lines)
80	DEBUG(5,("%s\n", finfo->name));	80	DEBUG(5,("%s\n", finfo->name));
81		81
82	if (cur_dir->malloced == cur_dir->count) {	82	if (cur_dir->malloced == cur_dir->count) {
83	cur_dir->list = (struct file_info *)Realloc(cur_dir->list,	83	cur_dir->list = SMB_REALLOC_ARRAY(cur_dir->list, struct file_info, cur_dir->count+100 );
84	sizeof(cur_dir->list[0])*
85	(cur_dir->count+100));
86	if (!cur_dir->list) {	84	if (!cur_dir->list) {
87	/* oops */	85	/* oops */
88	return;	86	return;




#include "spinlock.h"
#else
#include "includes.h"

#if defined(PARANOID_MALLOC_CHECKER)
#ifdef malloc
#undef malloc
#endif

#ifdef realloc
#undef realloc
#endif

#ifdef calloc
#undef calloc
#endif

#ifdef strdup
#undef strdup
#endif

#ifdef strndup
#undef strndup
#endif

#endif

#endif

#define TDB_MAGIC_FOOD "TDB file\n"

Lines 484-490 Link Here

(-)samba-2.2.12-pre-CAN-2004-1154/source/tdb/tdbutil.c (-1 / +1 lines)
484	len += *i;	484	len += *i;
485	if (bufsize < len)	485	if (bufsize < len)
486	goto no_space;	486	goto no_space;
487	b = (char )malloc(*i);	487	b = (char )SMB_MALLOC(*i);
488	if (! *b)	488	if (! *b)
489	goto no_space;	489	goto no_space;
490	memcpy(b, buf+4, i);	490	memcpy(b, buf+4, i);




  char *temp;
  int i=0;
 
  *entry=(char *)SMB_MALLOC(sizeof(pstring));
  value=(char *)SMB_MALLOC(sizeof(pstring));

  if(*entry == NULL || value == NULL) {
    fprintf(stderr,"scan: malloc fail !\n");

  int found=0,pointeur=0,i=0;
  char *temp,*temp2;
  
  temp=(char *)SMB_MALLOC(sizeof(pstring));
  temp2=(char *)SMB_MALLOC(sizeof(pstring));
  
  if(temp == NULL || temp2 == NULL) {
	  safe_free(temp);

  int found=0,pointeur=0,i=0;
  char *temp,*temp2;
  
  temp=(char *)SMB_MALLOC(sizeof(pstring));
  temp2=(char *)SMB_MALLOC(sizeof(pstring));
  
  if(temp == NULL || temp2 == NULL) {
	  safe_free(temp);


  int found=0;

  chaine=(char *)SMB_MALLOC(sizeof(pstring));
  long_desc=(char *)SMB_MALLOC(sizeof(pstring));
  short_desc=(char *)SMB_MALLOC(sizeof(pstring));
  if (!chaine || !long_desc || !short_desc) {
	  safe_free(chaine);
	  safe_free(long_desc);

  languagemonitor=0;
  vendorsetup=0;
  datatype="RAW";
  if((temp=(char *)SMB_MALLOC(sizeof(pstring))) == NULL) {
    fprintf(stderr, "scan_short_desc: malloc fail !\n");
    exit(1);
  }

  lookup_entry(inf_file,"DestinationDirs");
  build_subdir();

  if((files_to_copy=(char *)SMB_MALLOC(2048*sizeof(char))) == NULL) {
    fprintf(stderr, "%s: malloc fail.\n", argv[0] );
    exit(1);
  }




  pstring linebuf;
  char *p = *buf;
  int num_lines = 0;
  char *newbuf = (char *)SMB_MALLOC( *size + 1);
  char *newbuf_p = NULL;

  if(newbuf == NULL)

  }

  /* As we will be reading text, allocate one more byte for a '\0' */
  if((buf = (char *)SMB_MALLOC( size + 1 )) == NULL)
  {
    fprintf(stderr, "%s: malloc fail for size %d.\n", prog_name, size + 1);
    fclose(fp);

  } 
  
  /* Allocate space for the code page file and read it all in. */
  if((buf = (char *)SMB_MALLOC( size )) == NULL)
  { 
    fprintf (stderr, "%s: malloc fail for size %d.\n",
             prog_name, size );




  pstring linebuf;
  char *p = *buf;
  size_t num_lines = 0;
  char *newbuf = (char *)SMB_MALLOC( *size + 1);
  char *newbuf_p = NULL;

  if(newbuf == NULL) {

  }

  /* As we will be reading text, allocate one more byte for a '\0' */
  if((buf = (char *)SMB_MALLOC( size + 1 )) == NULL) {
    fprintf(stderr, "%s: malloc fail for size %d.\n", prog_name, size + 1);
    fclose(fp);
    exit(1);


  size = UNICODE_MAP_HEADER_SIZE + (multibyte_code_page ? (4*65536) : (2*256 + 2*65536));

  if((output_buf = (char *)SMB_MALLOC( size )) == NULL) {
    fprintf(stderr, "%s: output buffer malloc fail for size %d.\n", prog_name, size);
    fclose(fp);
    exit(1);




		return True;
	}

	aces = SMB_XMALLOC_ARRAY( SEC_ACE, 1+(*the_acl)->num_aces );
	memcpy(aces, (*the_acl)->ace, (*the_acl)->num_aces * sizeof(SEC_ACE));
	memcpy(aces+(*the_acl)->num_aces, ace, sizeof(SEC_ACE));
	new = make_sec_acl(ctx,(*the_acl)->revision,1+(*the_acl)->num_aces, aces);

		}

		if (strncmp(tok,"OWNER:", 6) == 0) {
			owner_sid = SMB_CALLOC_ARRAY(DOM_SID, 1 );
			if (!owner_sid ||
			    !StringToSid(owner_sid, tok+6)) {
				printf("Failed to parse owner sid\n");

		}

		if (strncmp(tok,"GROUP:", 6) == 0) {
			grp_sid = SMB_CALLOC_ARRAY( DOM_SID, 1);
			if (!grp_sid ||
			    !StringToSid(grp_sid, tok+6)) {
				printf("Failed to parse group sid\n");

Lines 56-62 Link Here

(-)samba-2.2.12-pre-CAN-2004-1154/source/utils/smbpasswd.c (-3 / +2 lines)
56		56
57	static char strdup_x(const char s)	57	static char strdup_x(const char s)
58	{	58	{
59	char *new_s = strdup(s);	59	char *new_s = SMB_STRDUP(s);
60	if (!new_s) {	60	if (!new_s) {
61	fprintf(stderr,"out of memory\n");	61	fprintf(stderr,"out of memory\n");
62	exit(1);	62	exit(1);
Lines 538-545 Link Here
538	{	538	{
539	UNISTR2 upw; /* Unicode password */	539	UNISTR2 upw; /* Unicode password */
540		540
541	upw.buffer = (uint16 )talloc_zero(mem_ctx, 0xc	541	upw.buffer = TALLOC_ZERO_ARRAY(mem_ctx, uint16, 0xc);
542	sizeof(uint16));
543		542
544	upw.uni_str_len = 0xc;	543	upw.uni_str_len = 0xc;
545	upw.uni_max_len = 0xc;	544	upw.uni_max_len = 0xc;

Lines 544-550 Link Here

(-)samba-2.2.12-pre-CAN-2004-1154/source/utils/status.c (-1 / +1 lines)
544	ptr=ptr->next;	544	ptr=ptr->next;
545	}	545	}
546	if (ptr==NULL) {	546	if (ptr==NULL) {
547	ptr=(struct session_record *) malloc(sizeof(struct session_record));	547	ptr= SMB_MALLOC_P(struct session_record);
548	if (!ptr)	548	if (!ptr)
549	return 0;	549	return 0;
550	ptr->uid=crec.uid;	550	ptr->uid=crec.uid;





	while ((*cl)) {
		int c;

		if (i == len) {
			char *ret2;
			if (len == 0) len = 1024;
			else len *= 2;
			ret2 = (char *)SMB_REALLOC(ret, len);
			if (!ret2) return ret;
			ret = ret2;
		}

			
			*p = 0;
			
			variables[num_variables].name = SMB_STRDUP(line);
			variables[num_variables].value = SMB_STRDUP(p+1);

			SAFE_FREE(line);
			

			
			*p = 0;
			
			variables[num_variables].name = SMB_STRDUP(tok);
			variables[num_variables].value = SMB_STRDUP(p+1);

			if (!variables[num_variables].name || 
			    !variables[num_variables].value)

		}

		/* Save the users name */
		C_user = SMB_STRDUP(user);
		return True;
	}


		if (line[0] == '\r' || line[0] == '\n') break;
		if (strncasecmp(line,"GET ", 4)==0) {
			got_request = True;
			url = SMB_STRDUP(&line[4]);
		} else if (strncasecmp(line,"POST ", 5)==0) {
			got_request = True;
			request_post = 1;
			url = SMB_STRDUP(&line[5]);
		} else if (strncasecmp(line,"PUT ", 4)==0) {
			got_request = True;
			cgi_setup_error("400 Bad Request", "",




	if (PID_or_Machine) {
		PIDMAP *newmap;

		if ((newmap = SMB_MALLOC_P(PIDMAP)) == NULL) {
			/* XXX need error message for this?
			   if malloc fails, PID is always shown */
			return;
		}

		newmap->pid = pid;
		newmap->machine = SMB_STRDUP (machine);

		DLIST_ADD(pidmap, newmap);
	}

Lines 113-121 Link Here

(-)samba-2.2.12-pre-CAN-2004-1154/source/web/swat.c (-2 / +2 lines)
113	}	113	}
114	}	114	}
115	if (length == destlen) {	115	if (length == destlen) {
116	return(strdup(str));	116	return(SMB_STRDUP(str));
117	}	117	}
118	p = dststr = malloc(destlen + 1);	118	p = dststr = SMB_MALLOC(destlen + 1);
119	if (!dststr) {	119	if (!dststr) {
120	return(NULL);	120	return(NULL);
121	}	121	}

Return to bug 64119

Lines 209-215 Link Here

(-)samba-2.2.12-pre-CAN-2004-1154/examples/VFS/block/block.c (-6 / +6 lines)
209		209
210	if(pblock_mountp == NULL)	210	if(pblock_mountp == NULL)
211	{	211	{
212	pblock_mountp = calloc(1, sizeof(block_dir));	212	pblock_mountp = SMB_CALLOC_ARRAY( block_dir, 1 );
213	if( pblock_mountp == NULL)	213	if( pblock_mountp == NULL)
214	{	214	{
215	return FALSE;	215	return FALSE;
Lines 219-225 Link Here
219		219
220	}else	220	}else
221	{	221	{
222	tmp_pblock->next = calloc(1, sizeof(block_dir));	222	tmp_pblock->next = SMB_CALLOC_ARRAY( block_dir, 1 );
223	if(tmp_pblock->next == NULL)	223	if(tmp_pblock->next == NULL)
224	{	224	{
225	return FALSE;	225	return FALSE;
Lines 231-237 Link Here
231		231
232		232
233	tmp_pblock->st_dev = stat_buf.st_dev;	233	tmp_pblock->st_dev = stat_buf.st_dev;
234	tmp_pblock->dir_name = strdup(dir);	234	tmp_pblock->dir_name = SMB_STRDUP(dir);
235		235
236		236
237	return TRUE;	237	return TRUE;
Lines 251-257 Link Here
251		251
252	if(pblock_dir == NULL)	252	if(pblock_dir == NULL)
253	{	253	{
254	pblock_dir = calloc(1, sizeof(block_dir));	254	pblock_dir = SMB_CALLOC_ARRAY( block_dir, 1 );
255	if( pblock_dir == NULL)	255	if( pblock_dir == NULL)
256	{	256	{
257	return FALSE;	257	return FALSE;
Lines 261-267 Link Here
261		261
262	}else	262	}else
263	{	263	{
264	tmp_pblock->next = calloc(1, sizeof(block_dir));	264	tmp_pblock->next = SMB_CALLOC_ARRAY( block_dir, 1 );
265	if(tmp_pblock->next == NULL)	265	if(tmp_pblock->next == NULL)
266	{	266	{
267	return FALSE;	267	return FALSE;
Lines 272-278 Link Here
272	}	272	}
273		273
274		274
275	tmp_pblock->dir_name = strdup(dir);	275	tmp_pblock->dir_name = SMB_STRDUP(dir);
276	tmp_pblock->str_len = strlen(dir);	276	tmp_pblock->str_len = strlen(dir);
277		277
278		278

Lines 109-115 Link Here

(-)samba-2.2.12-pre-CAN-2004-1154/source/client/clitar.c (-18 / +42 lines)
109		109
110	char tar_type='\0';	110	char tar_type='\0';
111	static char **cliplist=NULL;	111	static char **cliplist=NULL;
112	static int clipn=0;	112	static unsigned clipn=0;
113	static BOOL must_free_cliplist = False;	113	static BOOL must_free_cliplist = False;
114		114
115	extern file_info def_finfo;	115	extern file_info def_finfo;
Lines 149-159 Link Here
149	/*******************************************************************	149	/*******************************************************************
150	Create a string of size size+1 (for the null)	150	Create a string of size size+1 (for the null)
151	*******************************************************************/	151	*******************************************************************/
152	static char *string_create_s(int size)	152	static char *string_create_s(size_t size)
153	{	153	{
154	char *tmp;	154	char *tmp;
155		155
156	tmp = (char *)malloc(size+1);	156	tmp = (char *)SMB_MALLOC(size+1);
157		157
158	if (tmp == NULL) {	158	if (tmp == NULL) {
159		159
Lines 183-189 Link Here
183	if (l >= NAMSIZ - 1) {	183	if (l >= NAMSIZ - 1) {
184	/* write a GNU tar style long header */	184	/* write a GNU tar style long header */
185	char *b;	185	char *b;
186	b = (char *)malloc(l+TBLOCK+100);	186
		187	if(l >= (INT_MAX - TBLOCK - 100)) {
		188	DEBUG(0,("writetarheader: integer overflow detected.\n"));
		189	exit(1);
		190	}
		191	b = (char *)SMB_MALLOC(l+TBLOCK+100);
187	if (!b) {	192	if (!b) {
188	DEBUG(0,("out of memory\n"));	193	DEBUG(0,("out of memory\n"));
189	exit(1);	194	exit(1);
Lines 384-391 Link Here
384	{	389	{
385	/* initialize tar buffer */	390	/* initialize tar buffer */
386	tbufsiz=blocksize*TBLOCK;	391	tbufsiz=blocksize*TBLOCK;
387	tarbuf=malloc(tbufsiz); /* FIXME: We might not get the buffer */	392	tarbuf=SMB_MALLOC(tbufsiz); /* FIXME: We might not get the buffer */
388		393
		394	if(tarbuf == NULL) {
		395	DEBUG(0,("initarbuf: out of memory.\n"));
		396	exit(1);
		397	}
389	/* reset tar buffer pointer and tar file counter and total dumped */	398	/* reset tar buffer pointer and tar file counter and total dumped */
390	tp=0; ntarf=0; ttarf=0;	399	tp=0; ntarf=0; ttarf=0;
391	}	400	}
Lines 1124-1134 Link Here
1124	*/	1133	*/
1125	static char * get_longfilename(file_info2 finfo)	1134	static char * get_longfilename(file_info2 finfo)
1126	{	1135	{
1127	int namesize = strlen(finfo.name) + strlen(cur_dir) + 2;	1136	size_t namesize;
1128	char *longname = malloc(namesize);	1137	char *longname;
1129	SMB_BIG_INT offset = 0, left = finfo.size;	1138	SMB_BIG_INT offset = 0, left = finfo.size;
1130	BOOL first = True;	1139	BOOL first = True;
1131		1140
		1141	if(strlen(finfo.name) >= (UINT_MAX - strlen(cur_dir) - 2)) {
		1142	DEBUG(0,("get_longfilename: integer overflow detected.\n"));
		1143	return NULL;
		1144	}
		1145	namesize = strlen(finfo.name) + strlen(cur_dir) + 2;
		1146	longname = SMB_MALLOC(namesize);
1132	DEBUG(5, ("Restoring a long file name: %s\n", finfo.name));	1147	DEBUG(5, ("Restoring a long file name: %s\n", finfo.name));
1133	DEBUG(5, ("Len = %.0f\n", (double)finfo.size));	1148	DEBUG(5, ("Len = %.0f\n", (double)finfo.size));
1134		1149
Lines 1576-1582 Link Here
1576	FILE *inclusion = NULL;	1591	FILE *inclusion = NULL;
1577	char buf[MAXPATHLEN + 1];	1592	char buf[MAXPATHLEN + 1];
1578	char *inclusion_buffer = NULL;	1593	char *inclusion_buffer = NULL;
1579	int inclusion_buffer_size = 0;	1594	size_t inclusion_buffer_size = 0;
1580	int inclusion_buffer_sofar = 0;	1595	int inclusion_buffer_sofar = 0;
1581	char *p;	1596	char *p;
1582	char *tmpstr;	1597	char *tmpstr;
Lines 1596-1602 Link Here
1596	while ((! error) && (fgets(buf, sizeof(buf)-1, inclusion))) {	1611	while ((! error) && (fgets(buf, sizeof(buf)-1, inclusion))) {
1597	if (inclusion_buffer == NULL) {	1612	if (inclusion_buffer == NULL) {
1598	inclusion_buffer_size = 1024;	1613	inclusion_buffer_size = 1024;
1599	if ((inclusion_buffer = malloc(inclusion_buffer_size)) == NULL) {	1614	if ((inclusion_buffer = SMB_MALLOC(inclusion_buffer_size)) == NULL) {
1600	DEBUG(0,("failure allocating buffer to read inclusion file\n"));	1615	DEBUG(0,("failure allocating buffer to read inclusion file\n"));
1601	error = 1;	1616	error = 1;
1602	break;	1617	break;
Lines 1609-1616 Link Here
1609		1624
1610	if ((strlen(buf) + 1 + inclusion_buffer_sofar) >= inclusion_buffer_size) {	1625	if ((strlen(buf) + 1 + inclusion_buffer_sofar) >= inclusion_buffer_size) {
1611	char *ib;	1626	char *ib;
		1627
		1628	if(inclusion_buffer_size >= INT_MAX/2) {
		1629	DEBUG(0,("read_inclusion_file: integer overflow detected.\n"));
		1630	return 0;
		1631	}
1612	inclusion_buffer_size *= 2;	1632	inclusion_buffer_size *= 2;
1613	ib = Realloc(inclusion_buffer,inclusion_buffer_size);	1633	ib = SMB_REALLOC(inclusion_buffer,inclusion_buffer_size);
1614	if (! ib) {	1634	if (! ib) {
1615	DEBUG(0,("failure enlarging inclusion buffer to %d bytes\n", inclusion_buffer_size));	1635	DEBUG(0,("failure enlarging inclusion buffer to %d bytes\n", inclusion_buffer_size));
1616	error = 1;	1636	error = 1;
Lines 1621-1633 Link Here
1621		1641
1622	safe_strcpy(inclusion_buffer + inclusion_buffer_sofar, buf, inclusion_buffer_size - inclusion_buffer_sofar);	1642	safe_strcpy(inclusion_buffer + inclusion_buffer_sofar, buf, inclusion_buffer_size - inclusion_buffer_sofar);
1623	inclusion_buffer_sofar += strlen(buf) + 1;	1643	inclusion_buffer_sofar += strlen(buf) + 1;
		1644	if(clipn >= (INT_MAX-1)) {
		1645	DEBUG(0,("read_inclusion_file: integer overflow detected.\n"));
		1646	abort();
		1647	}
1624	clipn++;	1648	clipn++;
1625	}	1649	}
1626	fclose(inclusion);	1650	fclose(inclusion);
1627		1651
1628	if (! error) {	1652	if (! error) {
1629	/* Allocate an array of clipn + 1 char's for cliplist /	1653	/* Allocate an array of clipn + 1 char's for cliplist /
1630	cliplist = malloc((clipn + 1) * sizeof(char *));	1654	cliplist = SMB_MALLOC_ARRAY( char *, clipn + 1 );
1631	if (cliplist == NULL) {	1655	if (cliplist == NULL) {
1632	DEBUG(0,("failure allocating memory for cliplist\n"));	1656	DEBUG(0,("failure allocating memory for cliplist\n"));
1633	error = 1;	1657	error = 1;
Lines 1638-1644 Link Here
1638	/* set current item to NULL so array will be null-terminated even if	1662	/* set current item to NULL so array will be null-terminated even if
1639	* malloc fails below. */	1663	* malloc fails below. */
1640	cliplist[i] = NULL;	1664	cliplist[i] = NULL;
1641	if ((tmpstr = (char *)malloc(strlen(p)+1)) == NULL) {	1665	if ((tmpstr = (char *)SMB_MALLOC(strlen(p)+1)) == NULL) {
1642	DEBUG(0, ("Could not allocate space for a cliplist item, # %i\n", i));	1666	DEBUG(0, ("Could not allocate space for a cliplist item, # %i\n", i));
1643	error = 1;	1667	error = 1;
1644	} else {	1668	} else {
Lines 1797-1809 Link Here
1797	} else if (Optind+1<argc && !tar_re_search) { /* For backwards compatibility */	1821	} else if (Optind+1<argc && !tar_re_search) { /* For backwards compatibility */
1798	char *tmpstr;	1822	char *tmpstr;
1799	char **tmplist;	1823	char **tmplist;
1800	int clipcount;	1824	unsigned int clipcount;
1801		1825
1802	cliplist=argv+Optind+1;	1826	cliplist=argv+Optind+1;
1803	clipn=argc-Optind-1;	1827	clipn=argc-Optind-1;
1804	clipcount = clipn;	1828	clipcount = clipn;
1805		1829
1806	if ((tmplist=malloc(clipnsizeof(char ))) == NULL) {	1830	if ((tmplist=SMB_MALLOC_ARRAY( char *, clipn )) == NULL) {
1807	DEBUG(0, ("Could not allocate space to process cliplist, count = %i\n",	1831	DEBUG(0, ("Could not allocate space to process cliplist, count = %i\n",
1808	clipn)	1832	clipn)
1809	);	1833	);
Lines 1814-1820 Link Here
1814		1838
1815	DEBUG(5, ("Processing an item, %s\n", cliplist[clipcount]));	1839	DEBUG(5, ("Processing an item, %s\n", cliplist[clipcount]));
1816		1840
1817	if ((tmpstr = (char *)malloc(strlen(cliplist[clipcount])+1)) == NULL) {	1841	if ((tmpstr = (char *)SMB_MALLOC(strlen(cliplist[clipcount])+1)) == NULL) {
1818	DEBUG(0, ("Could not allocate space for a cliplist item, # %i\n",	1842	DEBUG(0, ("Could not allocate space for a cliplist item, # %i\n",
1819	clipcount)	1843	clipcount)
1820	);	1844	);
Lines 1834-1843 Link Here
1834	#ifdef HAVE_REGEX_H	1858	#ifdef HAVE_REGEX_H
1835	int errcode;	1859	int errcode;
1836		1860
1837	if ((preg = (regex_t *)malloc(65536)) == NULL) {	1861	if ((preg = (regex_t *)SMB_MALLOC(65536)) == NULL) {
1838		1862
1839	DEBUG(0, ("Could not allocate buffer for regular expression search\n"));	1863	DEBUG(0, ("Could not allocate buffer for regular expression search\n"));
1840	return;	1864	return 0;
1841		1865
1842	}	1866	}
1843		1867
Lines 1848-1854 Link Here
1848	errlen = regerror(errcode, preg, errstr, sizeof(errstr) - 1);	1872	errlen = regerror(errcode, preg, errstr, sizeof(errstr) - 1);
1849		1873
1850	DEBUG(0, ("Could not compile pattern buffer for re search: %s\n%s\n", argv[Optind + 1], errstr));	1874	DEBUG(0, ("Could not compile pattern buffer for re search: %s\n%s\n", argv[Optind + 1], errstr));
1851	return;	1875	return 0;
1852		1876
1853	}	1877	}
1854	#endif	1878	#endif

Lines 1068-1086 Link Here

(-)samba-2.2.12-pre-CAN-2004-1154/source/include/proto.h (-7 / +29 lines)
1068	/* The following definitions come from lib/talloc.c */	1068	/* The following definitions come from lib/talloc.c */
1069		1069
1070	TALLOC_CTX *talloc_init(void);	1070	TALLOC_CTX *talloc_init(void);
1071	void talloc(TALLOC_CTX t, size_t size);
1072	void talloc_realloc(TALLOC_CTX t, void *ptr, size_t size);
1073	void talloc_destroy_pool(TALLOC_CTX *t);	1071	void talloc_destroy_pool(TALLOC_CTX *t);
1074	void talloc_destroy(TALLOC_CTX *t);	1072	void talloc_destroy(TALLOC_CTX *t);
1075	size_t talloc_pool_size(TALLOC_CTX *t);	1073	size_t talloc_pool_size(TALLOC_CTX *t);
1076	const char * talloc_pool_name(TALLOC_CTX const *t);	1074	const char * talloc_pool_name(TALLOC_CTX const *t);
1077	void talloc_zero(TALLOC_CTX t, size_t size);
1078	void talloc_memdup(TALLOC_CTX t, const void *p, size_t size);
1079	char talloc_strdup(TALLOC_CTX t, const char *p);	1075	char talloc_strdup(TALLOC_CTX t, const char *p);
1080	char talloc_describe_all(TALLOC_CTX rt);	1076	char talloc_describe_all(TALLOC_CTX rt);
1081	void talloc_get_allocation(TALLOC_CTX *t,	1077	void talloc_get_allocation(TALLOC_CTX *t,
1082	size_t *total_bytes,	1078	size_t *total_bytes,
1083	int *n_chunks);	1079	int *n_chunks);
		1080	#define PARANOID_MALLOC_CHECKER 1
		1081	#if defined(PARANOID_MALLOC_CHECKER)
		1082	extern void talloc_(TALLOC_CTX t, size_t size);
		1083	extern void talloc_realloc_ ( TALLOC_CTX , void *, size_t );
		1084	extern void talloc_array_ ( TALLOC_CTX , size_t, unsigned int );
		1085	extern void talloc_zero_(TALLOC_CTX t, size_t size);
		1086	extern void talloc_zero_array_(TALLOC_CTX t, size_t size, unsigned int);
		1087	extern void talloc_realloc_array_ ( TALLOC_CTX , void *, size_t, unsigned int );
		1088	extern void talloc_memdup_(TALLOC_CTX t, const void *p, size_t size);
		1089	#else
		1090	extern void talloc(TALLOC_CTX t, size_t size);
		1091	extern void talloc_realloc(TALLOC_CTX t, void *ptr, size_t size);
		1092	extern void talloc_zero(TALLOC_CTX t, size_t size);
		1093	extern void talloc_zero_array ( TALLOC_CTX , void *, size_t, unsigned int );
		1094	extern void talloc_array ( TALLOC_CTX , void *, size_t, unsigned int );
		1095	extern void talloc_realloc_array(TALLOC_CTX t, void *ptr, size_t size, unsigned int);
		1096	extern void talloc_memdup(TALLOC_CTX t, const void *p, size_t size);
		1097	#endif
1084		1098
1085	/* The following definitions come from lib/time.c */	1099	/* The following definitions come from lib/time.c */
1086		1100
Lines 1151-1157 Link Here
1151	void msleep(unsigned int t);	1165	void msleep(unsigned int t);
1152	void become_daemon(void);	1166	void become_daemon(void);
1153	BOOL yesno(char *p);	1167	BOOL yesno(char *p);
1154	void Realloc(void p,size_t size);
1155	void safe_free(void *p);	1168	void safe_free(void *p);
1156	BOOL get_myname(char *my_name);	1169	BOOL get_myname(char *my_name);
1157	int interpret_protocol(char *str,int def);	1170	int interpret_protocol(char *str,int def);
Lines 1189-1197 Link Here
1189	int set_maxfiles(int requested_max);	1202	int set_maxfiles(int requested_max);
1190	BOOL reg_split_key(const char full_keyname, uint32 reg_type, char *key_name);	1203	BOOL reg_split_key(const char full_keyname, uint32 reg_type, char *key_name);
1191	int smb_mkstemp(char *template);	1204	int smb_mkstemp(char *template);
1192	void *smb_xmalloc(size_t size);
1193	void smb_xmemdup(const void p, size_t size);	1205	void smb_xmemdup(const void p, size_t size);
1194	char smb_xstrdup(const char s);	1206	char smb_xstrdup(const char s);
		1207	extern char smb_xstrndup(const char s, size_t );
1195	int smb_xvasprintf(char *ptr, const char format, va_list ap);	1208	int smb_xvasprintf(char *ptr, const char format, va_list ap);
1196	void memdup(void p, size_t size);	1209	void memdup(void p, size_t size);
1197	char *myhostname(void);	1210	char *myhostname(void);
Lines 1206-1211 Link Here
1206	void data_blob_free(DATA_BLOB *d);	1219	void data_blob_free(DATA_BLOB *d);
1207	void data_blob_clear(DATA_BLOB *d);	1220	void data_blob_clear(DATA_BLOB *d);
1208	int _Insure_trap_error(int a1, int a2, int a3, int a4, int a5, int a6);	1221	int _Insure_trap_error(int a1, int a2, int a3, int a4, int a5, int a6);
		1222	#if defined(PARANOID_MALLOC_CHECKER)
		1223	extern void *malloc_ ( size_t );
		1224	#endif
		1225	extern void smb_malloc(void p,size_t size);
		1226	extern void *malloc_array ( size_t, unsigned int );
		1227	extern void *calloc_array ( size_t, size_t );
		1228	extern void realloc_array ( void , size_t, unsigned int );
		1229	extern void *smb_xmalloc_array ( size_t, unsigned int );
		1230	extern void smb_realloc(void p,size_t size);
1209		1231
1210	/* The following definitions come from lib/util_file.c */	1232	/* The following definitions come from lib/util_file.c */
1211		1233
Lines 2908-2914 Link Here
2908	BOOL prs_read(prs_struct *ps, int fd, size_t len, int timeout);	2930	BOOL prs_read(prs_struct *ps, int fd, size_t len, int timeout);
2909	void prs_mem_free(prs_struct *ps);	2931	void prs_mem_free(prs_struct *ps);
2910	void prs_mem_clear(prs_struct *ps);	2932	void prs_mem_clear(prs_struct *ps);
2911	char prs_alloc_mem(prs_struct ps, size_t size);
2912	TALLOC_CTX prs_get_mem_context(prs_struct ps);	2933	TALLOC_CTX prs_get_mem_context(prs_struct ps);
2913	void prs_give_memory(prs_struct ps, char buf, uint32 size, BOOL is_dynamic);	2934	void prs_give_memory(prs_struct ps, char buf, uint32 size, BOOL is_dynamic);
2914	char prs_take_memory(prs_struct ps, uint32 *psize);	2935	char prs_take_memory(prs_struct ps, uint32 *psize);
Lines 2955-2960 Link Here
2955	int tdb_prs_store(TDB_CONTEXT tdb, char keystr, prs_struct *ps);	2976	int tdb_prs_store(TDB_CONTEXT tdb, char keystr, prs_struct *ps);
2956	int tdb_prs_fetch(TDB_CONTEXT tdb, char keystr, prs_struct ps, TALLOC_CTX mem_ctx);	2977	int tdb_prs_fetch(TDB_CONTEXT tdb, char keystr, prs_struct ps, TALLOC_CTX mem_ctx);
2957	BOOL prs_hash1(prs_struct *ps, uint32 offset, uint8 sess_key[16]);	2978	BOOL prs_hash1(prs_struct *ps, uint32 offset, uint8 sess_key[16]);
		2979	extern char prs_alloc_mem_(prs_struct ps, size_t size, size_t count );
2958		2980
2959	/* The following definitions come from rpc_parse/parse_reg.c */	2981	/* The following definitions come from rpc_parse/parse_reg.c */
2960		2982

Lines 284-287 Link Here

(-)samba-2.2.12-pre-CAN-2004-1154/source/include/smb_macros.h (+88 lines)
284		284
285	#define vfs_chdir(conn,fname) ((conn)->vfs_ops.chdir((conn),dos_to_unix_static((fname))))	285	#define vfs_chdir(conn,fname) ((conn)->vfs_ops.chdir((conn),dos_to_unix_static((fname))))
286		286
		287	/*****************************************************************************
		288	Safe allocation macros.
		289	*****************************************************************************/
		290
		291	#define SMB_MALLOC_ARRAY(type,count) (type *)malloc_array(sizeof(type),(count))
		292	#define SMB_REALLOC(p,s) smb_realloc((p),(s))
		293	#define SMB_REALLOC_ARRAY(p,type,count) (type *)realloc_array((p),sizeof(type),(count))
		294	#define SMB_CALLOC_ARRAY(type,count) (type *)calloc_array(sizeof(type),(count))
		295	#define SMB_XMALLOC_P(type) (type *)smb_xmalloc_array(sizeof(type),1)
		296	#define SMB_XMALLOC_ARRAY(type,count) (type *)smb_xmalloc_array(sizeof(type),(count))
		297
		298	/* limiting size of ipc replies */
		299	#define SMB_REALLOC_LIMIT(ptr,size) SMB_REALLOC(ptr,MAX((size),4*1024))
		300
		301	#define PARANOID_MALLOC_CHECKER 1
		302
		303	#if defined(PARANOID_MALLOC_CHECKER)
		304
		305	#define TALLOC(ctx, size) talloc_((ctx),(size))
		306	#define TALLOC_P(ctx, type) (type *)talloc_((ctx),sizeof(type))
		307	#define TALLOC_ARRAY(ctx, type, count) (type *)talloc_array_((ctx),sizeof(type),(count))
		308	#define TALLOC_MEMDUP(ctx, ptr, size) talloc_memdup_((ctx),(ptr),(size))
		309	#define TALLOC_ZERO(ctx, size) talloc_zero_((ctx),(size))
		310	#define TALLOC_ZERO_P(ctx, type) (type *)talloc_zero_((ctx),sizeof(type))
		311	#define TALLOC_ZERO_ARRAY(ctx, type, count) (type *)talloc_zero_array_((ctx),sizeof(type),(count))
		312	#define TALLOC_REALLOC(ctx, ptr, count) talloc_realloc_((ctx),(ptr),(count))
		313	#define TALLOC_REALLOC_ARRAY(ctx, ptr, type, count) (type *)talloc_realloc_array_((ctx),(ptr),sizeof(type),(count))
		314
		315	#define PRS_ALLOC_MEM(ps, type, count) (type *)talloc_zero_array_((ps)->mem_ctx,sizeof(type),(count))
		316
		317	/* Get medieval on our ass about malloc.... */
		318
		319	/* Restrictions on malloc/realloc/calloc. */
		320	#ifdef malloc
		321	#undef malloc
		322	#endif
		323	#define malloc(s) __ERROR_DONT_USE_MALLOC_DIRECTLY
		324
		325	#ifdef realloc
		326	#undef realloc
		327	#endif
		328	#define realloc(p,s) __ERROR_DONT_USE_REALLOC_DIRECTLY
		329
		330	#ifdef calloc
		331	#undef calloc
		332	#endif
		333	#define calloc(n,s) __ERROR_DONT_USE_CALLOC_DIRECTLY
		334
		335	#ifdef strndup
		336	#undef strndup
		337	#endif
		338	#define strndup(s,n) __ERROR_DONT_USE_STRNDUP_DIRECTLY
		339
		340	#ifdef strdup
		341	#undef strdup
		342	#endif
		343	#define strdup(s) __ERROR_DONT_USE_STRDUP_DIRECTLY
		344
		345	#define SMB_MALLOC(s) malloc_(s)
		346	#define SMB_MALLOC_P(type) (type *)malloc_(sizeof(type))
		347
		348	#define SMB_STRDUP(s) smb_xstrdup(s)
		349	#define SMB_STRNDUP(s,n) smb_xstrndup(s,n)
		350
351	#else /* PARANOID_MEMORY_CHECKER disabled */
352
353	#define TALLOC(ctx, size) talloc((ctx),(size))
354	#define TALLOC_P(ctx, type) (type *)talloc((ctx),sizeof(type))
355	#define TALLOC_ARRAY(ctx, type, count) (type *)talloc_array((ctx),sizeof(type),(count))
356	#define TALLOC_MEMDUP(ctx, ptr, size) talloc_memdup((ctx),(ptr),(size))
357	#define TALLOC_ZERO(ctx, size) talloc_zero((ctx),(size))
358	#define TALLOC_ZERO_P(ctx, type) (type *)talloc_zero((ctx),sizeof(type))
359	#define TALLOC_ZERO_ARRAY(ctx, type, count) (type *)talloc_zero_array((ctx),sizeof(type),(count))
360	#define TALLOC_REALLOC(ctx, ptr, count) talloc_realloc((ctx),(ptr),(count))
361	#define TALLOC_REALLOC_ARRAY(ctx, ptr, type, count) (type *)talloc_realloc_array((ctx),(ptr),sizeof(type),(count))
362
363	#define PRS_ALLOC_MEM(ps, type, count) (type *)prs_alloc_mem((ps),sizeof(type),(count))
364
365	/* Regular malloc code. */
366
367	#define SMB_MALLOC(s) malloc(s)
368	#define SMB_MALLOC_P(type) (type *)malloc(sizeof(type))
369
370	#define SMB_STRDUP(s) strdup(s)
371	#define SMB_STRNDUP(s,n) strndup(s,n)
372
373	#endif /* not PARANOID_MEMORY_CHECKER */
374
287	#endif /* _SMB_MACROS_H */	375	#endif /* _SMB_MACROS_H */

Lines 81-87 Link Here

(-)samba-2.2.12-pre-CAN-2004-1154/source/lib/access.c (-5 / +5 lines)
81	DEBUG(0,("Unable to get default yp domain.\n"));	81	DEBUG(0,("Unable to get default yp domain.\n"));
82	return False;	82	return False;
83	}	83	}
84	if (!(hostname = strdup(s))) {	84	if (!(hostname = SMB_STRDUP(s))) {
85	DEBUG(1,("out of memory for strdup!\n"));	85	DEBUG(1,("out of memory for strdup!\n"));
86	return False;	86	return False;
87	}	87	}
Lines 167-173 Link Here
167	*/	167	*/
168		168
169	/* jkf -- can get called recursively with NULL list */	169	/* jkf -- can get called recursively with NULL list */
170	listcopy = (list == 0) ? (char *)0 : strdup(list);	170	listcopy = (list == 0) ? (char *)0 : SMB_STRDUP(list);
171		171
172	/*	172	/*
173	* Process tokens one at a time. We have exhausted all possible matches	173	* Process tokens one at a time. We have exhausted all possible matches
Lines 259-265 Link Here
259	char *listcopy,	259	char *listcopy,
260	*tok;	260	*tok;
261		261
262	listcopy = strdup(list);	262	listcopy = SMB_STRDUP(list);
263		263
264	for (tok = strtok(listcopy, sep); tok ; tok = strtok(NULL, sep))	264	for (tok = strtok(listcopy, sep); tok ; tok = strtok(NULL, sep))
265	{	265	{
Lines 304-312 Link Here
304	deny_list ? deny_list : "NULL"));	304	deny_list ? deny_list : "NULL"));
305		305
306	if (deny_list)	306	if (deny_list)
307	deny = strdup(deny_list);	307	deny = SMB_STRDUP(deny_list);
308	if (allow_list)	308	if (allow_list)
309	allow = strdup(allow_list);	309	allow = SMB_STRDUP(allow_list);
310		310
311	if ((!deny \|\| deny==0) && (!allow \|\| allow==0))	311	if ((!deny \|\| deny==0) && (!allow \|\| allow==0))
312	ret = True;	312	ret = True;

Lines 32-49 Link Here

(-)samba-2.2.12-pre-CAN-2004-1154/source/lib/bitmap.c (-4 / +4 lines)
32	{	32	{
33	struct bitmap *bm;	33	struct bitmap *bm;
34		34
35	bm = (struct bitmap )malloc(sizeof(bm));	35	bm = SMB_MALLOC_P(struct bitmap);
36		36
37	if (!bm) return NULL;	37	if (!bm) return NULL;
38		38
39	bm->n = n;	39	bm->n = n;
40	bm->b = (uint32 )malloc(sizeof(bm->b[0])(n+31)/32);	40	bm->b = SMB_MALLOC_ARRAY( uint32, (n+31)/32 );
41	if (!bm->b) {	41	if (!bm->b) {
42	SAFE_FREE(bm);	42	SAFE_FREE(bm);
43	return NULL;	43	return NULL;
44	}	44	}
45		45
46	memset(bm->b, 0, sizeof(bm->b[0])*(n+31)/32);	46	memset(bm->b, 0, sizeof(uint32)*((n+31)/32));
47		47
48	return bm;	48	return bm;
49	}	49	}
Lines 70-76 Link Here
70	int count = MIN(dst->n, src->n);	70	int count = MIN(dst->n, src->n);
71		71
72	SMB_ASSERT(dst->b != src->b);	72	SMB_ASSERT(dst->b != src->b);
73	memcpy(dst->b, src->b, sizeof(dst->b[0])*(count+31)/32);	73	memcpy(dst->b, src->b, sizeof(uint32)*((count+31)/32));
74		74
75	return count;	75	return count;
76	}	76	}

Lines 674-680 Link Here

(-)samba-2.2.12-pre-CAN-2004-1154/source/lib/system.c (-4 / +4 lines)
674	if (setlen == 0)	674	if (setlen == 0)
675	setlen = groups_max();	675	setlen = groups_max();
676		676
677	if((group_list = (GID_T )malloc(setlen sizeof(GID_T))) == NULL) {	677	if((group_list = SMB_MALLOC_ARRAY( GID_T, setlen )) == NULL) {
678	DEBUG(0,("sys_getgroups: Malloc fail.\n"));	678	DEBUG(0,("sys_getgroups: Malloc fail.\n"));
679	return -1;	679	return -1;
680	}	680	}
Lines 723-729 Link Here
723	* GID_T array of size setlen.	723	* GID_T array of size setlen.
724	*/	724	*/
725		725
726	if((group_list = (GID_T )malloc(setlen sizeof(GID_T))) == NULL) {	726	if((group_list = SMB_MALLOC_ARRAY( GID_T, setlen )) == NULL) {
727	DEBUG(0,("sys_setgroups: Malloc fail.\n"));	727	DEBUG(0,("sys_setgroups: Malloc fail.\n"));
728	return -1;	728	return -1;
729	}	729	}
Lines 1071-1077 Link Here
1071	for( argcl = 1; ptr; ptr = strtok(NULL, " \t"))	1071	for( argcl = 1; ptr; ptr = strtok(NULL, " \t"))
1072	argcl++;	1072	argcl++;
1073		1073
1074	if((argl = (char *)malloc((argcl + 1) sizeof(char *))) == NULL)	1074	if((argl = SMB_MALLOC_ARRAY(char *, argcl + 1 )) == NULL)
1075	return NULL;	1075	return NULL;
1076		1076
1077	/*	1077	/*
Lines 1153-1159 Link Here
1153	goto err_exit;	1153	goto err_exit;
1154	}	1154	}
1155		1155
1156	if((entry = (popen_list *)malloc(sizeof(popen_list))) == NULL)	1156	if((entry = SMB_MALLOC_P(popen_list)) == NULL)
1157	goto err_exit;	1157	goto err_exit;
1158		1158
1159	ZERO_STRUCTP(entry);	1159	ZERO_STRUCTP(entry);

Lines 55-61 Link Here

(-)samba-2.2.12-pre-CAN-2004-1154/source/lib/util_getent.c (-15 / +15 lines)
55	struct sys_grent *gent;	55	struct sys_grent *gent;
56	struct group *grp;	56	struct group *grp;
57		57
58	gent = (struct sys_grent *) malloc(sizeof(struct sys_grent));	58	gent = SMB_MALLOC_P(struct sys_grent);
59	if (gent == NULL) {	59	if (gent == NULL) {
60	DEBUG (0, ("Out of memory in getgrent_list!\n"));	60	DEBUG (0, ("Out of memory in getgrent_list!\n"));
61	return NULL;	61	return NULL;
Lines 75-85 Link Here
75	int i,num;	75	int i,num;
76		76
77	if (grp->gr_name) {	77	if (grp->gr_name) {
78	if ((gent->gr_name = strdup(grp->gr_name)) == NULL)	78	if ((gent->gr_name = SMB_STRDUP(grp->gr_name)) == NULL)
79	goto err;	79	goto err;
80	}	80	}
81	if (grp->gr_passwd) {	81	if (grp->gr_passwd) {
82	if ((gent->gr_passwd = strdup(grp->gr_passwd)) == NULL)	82	if ((gent->gr_passwd = SMB_STRDUP(grp->gr_passwd)) == NULL)
83	goto err;	83	goto err;
84	}	84	}
85	gent->gr_gid = grp->gr_gid;	85	gent->gr_gid = grp->gr_gid;
Lines 89-108 Link Here
89	;	89	;
90		90
91	/* alloc space for gr_mem string pointers */	91	/* alloc space for gr_mem string pointers */
92	if ((gent->gr_mem = (char *) malloc((num+1) sizeof(char *))) == NULL)	92	if ((gent->gr_mem = SMB_MALLOC_ARRAY( char *, num+1 )) == NULL)
93	goto err;	93	goto err;
94		94
95	memset(gent->gr_mem, '\0', (num+1) * sizeof(char *));	95	memset(gent->gr_mem, '\0', (num+1) * sizeof(char *));
96		96
97	for (i=0; i < num; i++) {	97	for (i=0; i < num; i++) {
98	if ((gent->gr_mem[i] = strdup(grp->gr_mem[i])) == NULL)	98	if ((gent->gr_mem[i] = SMB_STRDUP(grp->gr_mem[i])) == NULL)
99	goto err;	99	goto err;
100	}	100	}
101	gent->gr_mem[num] = NULL;	101	gent->gr_mem[num] = NULL;
102		102
103	grp = getgrent();	103	grp = getgrent();
104	if (grp) {	104	if (grp) {
105	gent->next = (struct sys_grent *) malloc(sizeof(struct sys_grent));	105	gent->next = SMB_MALLOC_P(struct sys_grent);
106	if (gent->next == NULL)	106	if (gent->next == NULL)
107	goto err;	107	goto err;
108	gent = gent->next;	108	gent = gent->next;
Lines 156-162 Link Here
156	struct sys_pwent *pent;	156	struct sys_pwent *pent;
157	struct passwd *pwd;	157	struct passwd *pwd;
158		158
159	pent = (struct sys_pwent *) malloc(sizeof(struct sys_pwent));	159	pent = SMB_MALLOC_P(struct sys_pwent);
160	if (pent == NULL) {	160	if (pent == NULL) {
161	DEBUG (0, ("Out of memory in getpwent_list!\n"));	161	DEBUG (0, ("Out of memory in getpwent_list!\n"));
162	return NULL;	162	return NULL;
Lines 168-198 Link Here
168	while (pwd != NULL) {	168	while (pwd != NULL) {
169	memset(pent, '\0', sizeof(struct sys_pwent));	169	memset(pent, '\0', sizeof(struct sys_pwent));
170	if (pwd->pw_name) {	170	if (pwd->pw_name) {
171	if ((pent->pw_name = strdup(pwd->pw_name)) == NULL)	171	if ((pent->pw_name = SMB_STRDUP(pwd->pw_name)) == NULL)
172	goto err;	172	goto err;
173	}	173	}
174	if (pwd->pw_passwd) {	174	if (pwd->pw_passwd) {
175	if ((pent->pw_passwd = strdup(pwd->pw_passwd)) == NULL)	175	if ((pent->pw_passwd = SMB_STRDUP(pwd->pw_passwd)) == NULL)
176	goto err;	176	goto err;
177	}	177	}
178	pent->pw_uid = pwd->pw_uid;	178	pent->pw_uid = pwd->pw_uid;
179	pent->pw_gid = pwd->pw_gid;	179	pent->pw_gid = pwd->pw_gid;
180	if (pwd->pw_gecos) {	180	if (pwd->pw_gecos) {
181	if ((pent->pw_name = strdup(pwd->pw_gecos)) == NULL)	181	if ((pent->pw_name = SMB_STRDUP(pwd->pw_gecos)) == NULL)
182	goto err;	182	goto err;
183	}	183	}
184	if (pwd->pw_dir) {	184	if (pwd->pw_dir) {
185	if ((pent->pw_name = strdup(pwd->pw_dir)) == NULL)	185	if ((pent->pw_name = SMB_STRDUP(pwd->pw_dir)) == NULL)
186	goto err;	186	goto err;
187	}	187	}
188	if (pwd->pw_shell) {	188	if (pwd->pw_shell) {
189	if ((pent->pw_name = strdup(pwd->pw_shell)) == NULL)	189	if ((pent->pw_name = SMB_STRDUP(pwd->pw_shell)) == NULL)
190	goto err;	190	goto err;
191	}	191	}
192		192
193	pwd = getpwent();	193	pwd = getpwent();
194	if (pwd) {	194	if (pwd) {
195	pent->next = (struct sys_pwent *) malloc(sizeof(struct sys_pwent));	195	pent->next = SMB_MALLOC_P(struct sys_pwent);
196	if (pent->next == NULL)	196	if (pent->next == NULL)
197	goto err;	197	goto err;
198	pent = pent->next;	198	pent = pent->next;
Lines 245-256 Link Here
245	;	245	;
246		246
247	for (i = 0; i < num_users; i++) {	247	for (i = 0; i < num_users; i++) {
248	struct sys_userlist entry = (struct sys_userlist )malloc(sizeof(*entry));	248	struct sys_userlist *entry = SMB_MALLOC_P(struct sys_userlist);
249	if (entry == NULL) {	249	if (entry == NULL) {
250	free_userlist(list_head);	250	free_userlist(list_head);
251	return NULL;	251	return NULL;
252	}	252	}
253	entry->unix_name = strdup(grp->gr_mem[i]);	253	entry->unix_name = SMB_STRDUP(grp->gr_mem[i]);
254	if (entry->unix_name == NULL) {	254	if (entry->unix_name == NULL) {
255	SAFE_FREE(entry);	255	SAFE_FREE(entry);
256	free_userlist(list_head);	256	free_userlist(list_head);

Lines 394-400 Link Here

(-)samba-2.2.12-pre-CAN-2004-1154/source/lib/util_sid.c (-4 / +4 lines)
394		394
395	memset((char *)sidout, '\0', sizeof(DOM_SID));	395	memset((char *)sidout, '\0', sizeof(DOM_SID));
396		396
397	p = q = strdup(sidstr + 2);	397	p = q = SMB_STRDUP(sidstr + 2);
398	if (p == NULL) {	398	if (p == NULL) {
399	DEBUG(0, ("string_to_sid: out of memory!\n"));	399	DEBUG(0, ("string_to_sid: out of memory!\n"));
400	return False;	400	return False;
Lines 511-517 Link Here
511	if(!src)	511	if(!src)
512	return NULL;	512	return NULL;
513		513
514	if((dst = malloc(sizeof(DOM_SID))) != NULL) {	514	if((dst = SMB_MALLOC_P(DOM_SID)) != NULL) {
515	memset(dst, '\0', sizeof(DOM_SID));	515	memset(dst, '\0', sizeof(DOM_SID));
516	sid_copy( dst, src);	516	sid_copy( dst, src);
517	}	517	}
Lines 715-722 Link Here
715	char sid_binstring(DOM_SID sid)	715	char sid_binstring(DOM_SID sid)
716	{	716	{
717	char buf, s;	717	char buf, s;
718	int len = sid_size(sid);	718	size_t len = sid_size(sid);
719	buf = malloc(len);	719	buf = SMB_MALLOC(len);
720	if (!buf) return NULL;	720	if (!buf) return NULL;
721	sid_linearize(buf, len, sid);	721	sid_linearize(buf, len, sid);
722	s = binary_string(buf, len);	722	s = binary_string(buf, len);

Lines 103-109 Link Here

(-)samba-2.2.12-pre-CAN-2004-1154/source/lib/util_str.c (-7 / +10 lines)
103	*ctok=ictok;	103	*ctok=ictok;
104	s=last_ptr;	104	s=last_ptr;
105		105
106	if (!(ret=iret=malloc(ictoksizeof(char )))) return NULL;	106	if (!(ret=iret=SMB_MALLOC_ARRAY( char *, ictok ))) return NULL;
107		107
108	while(ictok--) {	108	while(ictok--) {
109	*iret++=s;	109	*iret++=s;
Lines 977-983 Link Here
977	if (buflen >= (2*maxlength))	977	if (buflen >= (2*maxlength))
978	buflen = 2*(maxlength - 1);	978	buflen = 2*(maxlength - 1);
979		979
980	str_ucs = (smb_ucs2_t*)malloc(buflen);	980	str_ucs = (smb_ucs2_t*)SMB_MALLOC(buflen);
981	if(!str_ucs) {	981	if(!str_ucs) {
982	*dest=0;	982	*dest=0;
983	return dest;	983	return dest;
Lines 990-996 Link Here
990		990
991	/* Get UCS2 version of other_safe_chars string*/	991	/* Get UCS2 version of other_safe_chars string*/
992	buflen=2*strlen(other_safe_chars)+2;	992	buflen=2*strlen(other_safe_chars)+2;
993	other_ucs = (smb_ucs2_t*)malloc(buflen);	993	other_ucs = (smb_ucs2_t*)SMB_MALLOC(buflen);
994	if(!other_ucs) {	994	if(!other_ucs) {
995	*dest=0;	995	*dest=0;
996	SAFE_FREE(str_ucs);	996	SAFE_FREE(str_ucs);
Lines 1144-1150 Link Here
1144	if (l == 0)	1144	if (l == 0)
1145	{	1145	{
1146	if (!null_string) {	1146	if (!null_string) {
1147	if((null_string = (char *)malloc(1)) == NULL) {	1147	if((null_string = (char *)SMB_MALLOC(1)) == NULL) {
1148	DEBUG(0,("string_init: malloc fail for null_string.\n"));	1148	DEBUG(0,("string_init: malloc fail for null_string.\n"));
1149	return False;	1149	return False;
1150	}	1150	}
Lines 1154-1160 Link Here
1154	}	1154	}
1155	else	1155	else
1156	{	1156	{
1157	(dest) = (char )malloc(l+1);	1157	(dest) = (char )SMB_MALLOC(l+1);
1158	if ((*dest) == NULL) {	1158	if ((*dest) == NULL) {
1159	DEBUG(0,("Out of memory in string_init\n"));	1159	DEBUG(0,("Out of memory in string_init\n"));
1160	return False;	1160	return False;
Lines 1360-1366 Link Here
1360	char *s;	1360	char *s;
1361	int i, j;	1361	int i, j;
1362	const char *hex = "0123456789ABCDEF";	1362	const char *hex = "0123456789ABCDEF";
1363	s = malloc(len * 3 + 1);	1363
		1364	if(len <= 0 \|\| len >= (INT_MAX/3)-1)
		1365	return NULL;
		1366	s = SMB_MALLOC(len * 3 + 1);
1364	if (!s) return NULL;	1367	if (!s) return NULL;
1365	for (j=i=0;i<len;i++) {	1368	for (j=i=0;i<len;i++) {
1366	s[j] = '\\';	1369	s[j] = '\\';
Lines 1396-1402 Link Here
1396	char *ret;	1399	char *ret;
1397		1400
1398	n = strnlen(s, n);	1401	n = strnlen(s, n);
1399	ret = malloc(n+1);	1402	ret = SMB_MALLOC(n+1);
1400	if (!ret)	1403	if (!ret)
1401	return NULL;	1404	return NULL;
1402	memcpy(ret, s, n);	1405	memcpy(ret, s, n);

Lines 569-575 Link Here

(-)samba-2.2.12-pre-CAN-2004-1154/source/lib/util_unistr.c (-12 / +16 lines)
569		569
570	free_maps(pp_cp_to_ucs2, pp_ucs2_to_cp);	570	free_maps(pp_cp_to_ucs2, pp_ucs2_to_cp);
571		571
572	if ((pp_ucs2_to_cp = (uint16 )malloc(2*65536)) == NULL) {	572	if ((*pp_ucs2_to_cp = SMB_MALLOC_ARRAY( uint16, 65536 )) == NULL) {
573	DEBUG(0,("default_unicode_map: malloc fail for ucs2_to_cp size %u.\n", 2*65536));	573	DEBUG(0,("default_unicode_map: malloc fail for ucs2_to_cp size %u.\n", 2*65536));
574	abort();	574	abort();
575	}	575	}
Lines 673-684 Link Here
673		673
674	free_maps(pp_cp_to_ucs2, pp_ucs2_to_cp);	674	free_maps(pp_cp_to_ucs2, pp_ucs2_to_cp);
675		675
676	if ((cp_to_ucs2 = (smb_ucs2_t *)malloc(cp_to_ucs2_size)) == NULL) {	676	if ((cp_to_ucs2 = (smb_ucs2_t *)SMB_MALLOC(cp_to_ucs2_size)) == NULL) {
677	DEBUG(0,("load_unicode_map: malloc fail for cp_to_ucs2 size %u.\n", cp_to_ucs2_size ));	677	DEBUG(0,("load_unicode_map: malloc fail for cp_to_ucs2 size %u.\n", cp_to_ucs2_size ));
678	goto clean_and_exit;	678	goto clean_and_exit;
679	}	679	}
680		680
681	if ((ucs2_to_cp = (uint16 *)malloc(ucs2_to_cp_size)) == NULL) {	681	if ((ucs2_to_cp = (uint16 *)SMB_MALLOC(ucs2_to_cp_size)) == NULL) {
682	DEBUG(0,("load_unicode_map: malloc fail for ucs2_to_cp size %u.\n", ucs2_to_cp_size ));	682	DEBUG(0,("load_unicode_map: malloc fail for ucs2_to_cp size %u.\n", ucs2_to_cp_size ));
683	goto clean_and_exit;	683	goto clean_and_exit;
684	}	684	}
Lines 1150-1161 Link Here
1150		1150
1151	smb_ucs2_t strdup_w(const smb_ucs2_t s)	1151	smb_ucs2_t strdup_w(const smb_ucs2_t s)
1152	{	1152	{
1153	size_t newlen = (strlen_w(s)+1)*sizeof(smb_ucs2_t);	1153	size_t newlen;
1154	smb_ucs2_t newstr = (smb_ucs2_t )malloc(newlen);	1154	smb_ucs2_t *newstr;
1155	if (newstr == NULL)	1155
1156	return NULL;	1156	newstr = SMB_MALLOC_ARRAY(smb_ucs2_t, strlen_w(s)+1 );
1157	safe_strcpy_w(newstr, s, newlen);	1157
1158	return newstr;	1158	if (newstr == NULL)
		1159	return NULL;
		1160	newlen = (strlen_w(s)+1)*sizeof(smb_ucs2_t);
		1161	safe_strcpy_w(newstr, s, newlen);
		1162	return newstr;
1159	}	1163	}
1160		1164
1161	/*******************************************************************	1165	/*******************************************************************
Lines 1382-1388 Link Here
1382	*ctok = ictok;	1386	*ctok = ictok;
1383	s = last_ptr;	1387	s = last_ptr;
1384		1388
1385	if (!(ret=iret=malloc(ictoksizeof(smb_ucs2_t ))))	1389	if (!(ret=iret=SMB_MALLOC_ARRAY( smb_ucs2_t *, ictok )))
1386	return NULL;	1390	return NULL;
1387		1391
1388	while(ictok--) {	1392	while(ictok--) {
Lines 1855-1861 Link Here
1855	size_t l;	1859	size_t l;
1856		1860
1857	if (!null_string) {	1861	if (!null_string) {
1858	if((null_string = (smb_ucs2_t *)malloc(sizeof(smb_ucs2_t))) == NULL) {	1862	if((null_string = SMB_MALLOC_P(smb_ucs2_t)) == NULL) {
1859	DEBUG(0,("string_init_w: malloc fail for null_string.\n"));	1863	DEBUG(0,("string_init_w: malloc fail for null_string.\n"));
1860	return False;	1864	return False;
1861	}	1865	}
Lines 1870-1876 Link Here
1870	if (l == 0)	1874	if (l == 0)
1871	*dest = null_string;	1875	*dest = null_string;
1872	else {	1876	else {
1873	(dest) = (smb_ucs2_t )malloc(sizeof(smb_ucs2_t)*(l+1));	1877	(*dest) = SMB_MALLOC_ARRAY( smb_ucs2_t, l+1 );
1874	if ((*dest) == NULL) {	1878	if ((*dest) == NULL) {
1875	DEBUG(0,("Out of memory in string_init_w\n"));	1879	DEBUG(0,("Out of memory in string_init_w\n"));
1876	return False;	1880	return False;

Lines 551-558 Link Here

(-)samba-2.2.12-pre-CAN-2004-1154/source/libsmb/cli_samr.c (-9 / +7 lines)
551		551
552	*num_dom_groups = r.num_entries2;	552	*num_dom_groups = r.num_entries2;
553		553
554	if (!((dom_groups) = (struct acct_info )	554	if (!((dom_groups) = TALLOC_ARRAY(mem_ctx, struct acct_info, num_dom_groups))) {
555	talloc(mem_ctx, sizeof(struct acct_info) * *num_dom_groups))) {
556	result = NT_STATUS_UNSUCCESSFUL;	555	result = NT_STATUS_UNSUCCESSFUL;
557	goto done;	556	goto done;
558	}	557	}
Lines 629-636 Link Here
629		628
630	*num_dom_groups = r.num_entries2;	629	*num_dom_groups = r.num_entries2;
631		630
632	if (!((dom_groups) = (struct acct_info )	631	if (!((dom_groups) = TALLOC_ARRAY(mem_ctx, struct acct_info, num_dom_groups))) {
633	talloc(mem_ctx, sizeof(struct acct_info) * *num_dom_groups))) {
634	result = NT_STATUS_UNSUCCESSFUL;	632	result = NT_STATUS_UNSUCCESSFUL;
635	goto done;	633	goto done;
636	}	634	}
Lines 703-709 Link Here
703		701
704	*num_mem = r.num_sids;	702	*num_mem = r.num_sids;
705		703
706	if (!(sids = talloc(mem_ctx, sizeof(DOM_SID) *num_mem))) {	704	if (!(sids = TALLOC_ARRAY(mem_ctx,DOM_SID, num_mem))) {
707	result = NT_STATUS_UNSUCCESSFUL;	705	result = NT_STATUS_UNSUCCESSFUL;
708	goto done;	706	goto done;
709	}	707	}
Lines 972-979 Link Here
972	}	970	}
973		971
974	*num_names = r.num_names1;	972	*num_names = r.num_names1;
975	names = talloc(mem_ctx, sizeof(char ) * r.num_names1);	973	names = TALLOC_ARRAY(mem_ctx, char , r.num_names1);
976	name_types = talloc(mem_ctx, sizeof(uint32) r.num_names1);	974	*name_types = TALLOC_ARRAY(mem_ctx, uint32, r.num_names1);
977		975
978	for (i = 0; i < r.num_names1; i++) {	976	for (i = 0; i < r.num_names1; i++) {
979	fstring tmp;	977	fstring tmp;
Lines 1040-1047 Link Here
1040	}	1038	}
1041		1039
1042	*num_rids = r.num_rids1;	1040	*num_rids = r.num_rids1;
1043	rids = talloc(mem_ctx, sizeof(uint32) r.num_rids1);	1041	*rids = TALLOC_ARRAY(mem_ctx, uint32, r.num_rids1);
1044	rid_types = talloc(mem_ctx, sizeof(uint32) r.num_rids1);	1042	*rid_types = TALLOC_ARRAY(mem_ctx, uint32, r.num_rids1);
1045		1043
1046	for (i = 0; i < r.num_rids1; i++) {	1044	for (i = 0; i < r.num_rids1; i++) {
1047	(*rids)[i] = r.rids[i];	1045	(*rids)[i] = r.rids[i];

Lines 70-76 Link Here

(-)samba-2.2.12-pre-CAN-2004-1154/source/libsmb/cli_spoolss.c (-11 / +11 lines)
70	uint32 i;	70	uint32 i;
71	PRINTER_INFO_0 *inf;	71	PRINTER_INFO_0 *inf;
72		72
73	inf=(PRINTER_INFO_0 )talloc(mem_ctx, returnedsizeof(PRINTER_INFO_0));	73	inf=TALLOC_ARRAY(mem_ctx, PRINTER_INFO_0, returned);
74		74
75	buffer->prs.data_offset=0;	75	buffer->prs.data_offset=0;
76		76
Lines 89-95 Link Here
89	uint32 i;	89	uint32 i;
90	PRINTER_INFO_1 *inf;	90	PRINTER_INFO_1 *inf;
91		91
92	inf=(PRINTER_INFO_1 )talloc(mem_ctx, returnedsizeof(PRINTER_INFO_1));	92	inf=TALLOC_ARRAY(mem_ctx, PRINTER_INFO_1, returned);
93		93
94	buffer->prs.data_offset=0;	94	buffer->prs.data_offset=0;
95		95
Lines 108-114 Link Here
108	uint32 i;	108	uint32 i;
109	PRINTER_INFO_2 *inf;	109	PRINTER_INFO_2 *inf;
110		110
111	inf=(PRINTER_INFO_2 )talloc(mem_ctx, returnedsizeof(PRINTER_INFO_2));	111	inf=TALLOC_ARRAY(mem_ctx, PRINTER_INFO_2, returned);
112		112
113	buffer->prs.data_offset=0;	113	buffer->prs.data_offset=0;
114		114
Lines 129-135 Link Here
129	uint32 i;	129	uint32 i;
130	PRINTER_INFO_3 *inf;	130	PRINTER_INFO_3 *inf;
131		131
132	inf=(PRINTER_INFO_3 )talloc(mem_ctx, returnedsizeof(PRINTER_INFO_3));	132	inf=TALLOC_ARRAY(mem_ctx, PRINTER_INFO_3, returned);
133		133
134	buffer->prs.data_offset=0;	134	buffer->prs.data_offset=0;
135		135
Lines 149-155 Link Here
149	uint32 i;	149	uint32 i;
150	PORT_INFO_1 *inf;	150	PORT_INFO_1 *inf;
151		151
152	inf=(PORT_INFO_1)talloc(mem_ctx, returnedsizeof(PORT_INFO_1));	152	inf=TALLOC_ARRAY(mem_ctx, PORT_INFO_1, returned);
153		153
154	prs_set_offset(&buffer->prs, 0);	154	prs_set_offset(&buffer->prs, 0);
155		155
Lines 168-174 Link Here
168	uint32 i;	168	uint32 i;
169	PORT_INFO_2 *inf;	169	PORT_INFO_2 *inf;
170		170
171	inf=(PORT_INFO_2)talloc(mem_ctx, returnedsizeof(PORT_INFO_2));	171	inf=TALLOC_ARRAY(mem_ctx, PORT_INFO_2, returned);
172		172
173	prs_set_offset(&buffer->prs, 0);	173	prs_set_offset(&buffer->prs, 0);
174		174
Lines 187-193 Link Here
187	uint32 i;	187	uint32 i;
188	DRIVER_INFO_1 *inf;	188	DRIVER_INFO_1 *inf;
189		189
190	inf=(DRIVER_INFO_1 )talloc(mem_ctx, returnedsizeof(DRIVER_INFO_1));	190	inf=TALLOC_ARRAY(mem_ctx, DRIVER_INFO_1, returned);
191		191
192	buffer->prs.data_offset=0;	192	buffer->prs.data_offset=0;
193		193
Lines 206-212 Link Here
206	uint32 i;	206	uint32 i;
207	DRIVER_INFO_2 *inf;	207	DRIVER_INFO_2 *inf;
208		208
209	inf=(DRIVER_INFO_2 )talloc(mem_ctx, returnedsizeof(DRIVER_INFO_2));	209	inf=TALLOC_ARRAY(mem_ctx, DRIVER_INFO_2, returned);
210		210
211	buffer->prs.data_offset=0;	211	buffer->prs.data_offset=0;
212		212
Lines 225-231 Link Here
225	uint32 i;	225	uint32 i;
226	DRIVER_INFO_3 *inf;	226	DRIVER_INFO_3 *inf;
227		227
228	inf=(DRIVER_INFO_3 )talloc(mem_ctx, returnedsizeof(DRIVER_INFO_3));	228	inf=TALLOC_ARRAY(mem_ctx, DRIVER_INFO_3, returned);
229		229
230	buffer->prs.data_offset=0;	230	buffer->prs.data_offset=0;
231		231
Lines 244-250 Link Here
244	{	244	{
245	DRIVER_DIRECTORY_1 *inf;	245	DRIVER_DIRECTORY_1 *inf;
246		246
247	inf=(DRIVER_DIRECTORY_1 *)talloc(mem_ctx, sizeof(DRIVER_DIRECTORY_1));	247	inf=TALLOC_P(mem_ctx, DRIVER_DIRECTORY_1);
248		248
249	prs_set_offset(&buffer->prs, 0);	249	prs_set_offset(&buffer->prs, 0);
250		250
Lines 1415-1421 Link Here
1415	{	1415	{
1416	int i;	1416	int i;
1417		1417
1418	forms = (FORM_1 )talloc(mem_ctx, num_forms * sizeof(FORM_1));	1418	*forms = TALLOC_ARRAY(mem_ctx, FORM_1, num_forms);
1419	buffer->prs.data_offset = 0;	1419	buffer->prs.data_offset = 0;
1420		1420
1421	for (i = 0; i < num_forms; i++)	1421	for (i = 0; i < num_forms; i++)

Lines 181-187 Link Here

(-)samba-2.2.12-pre-CAN-2004-1154/source/libsmb/clitrans.c (-4 / +4 lines)
181		181
182	/* allocate it */	182	/* allocate it */
183	if (total_data!=0) {	183	if (total_data!=0) {
184	tdata = Realloc(*data,total_data);	184	tdata = SMB_REALLOC(*data,total_data);
185	if (!tdata) {	185	if (!tdata) {
186	DEBUG(0,("cli_receive_trans: failed to enlarge data buffer\n"));	186	DEBUG(0,("cli_receive_trans: failed to enlarge data buffer\n"));
187	return False;	187	return False;
Lines 191-197 Link Here
191	}	191	}
192		192
193	if (total_param!=0) {	193	if (total_param!=0) {
194	tparam = Realloc(*param,total_param);	194	tparam = SMB_REALLOC(*param,total_param);
195	if (!tparam) {	195	if (!tparam) {
196	DEBUG(0,("cli_receive_trans: failed to enlarge param buffer\n"));	196	DEBUG(0,("cli_receive_trans: failed to enlarge param buffer\n"));
197	return False;	197	return False;
Lines 446-452 Link Here
446		446
447	/* allocate it */	447	/* allocate it */
448	if (total_data) {	448	if (total_data) {
449	tdata = Realloc(*data,total_data);	449	tdata = SMB_REALLOC(*data,total_data);
450	if (!tdata) {	450	if (!tdata) {
451	DEBUG(0,("cli_receive_nt_trans: failed to enlarge data buffer to %d\n",total_data));	451	DEBUG(0,("cli_receive_nt_trans: failed to enlarge data buffer to %d\n",total_data));
452	return False;	452	return False;
Lines 456-462 Link Here
456	}	456	}
457		457
458	if (total_param) {	458	if (total_param) {
459	tparam = Realloc(*param,total_param);	459	tparam = SMB_REALLOC(*param,total_param);
460	if (!tparam) {	460	if (!tparam) {
461	DEBUG(0,("cli_receive_nt_trans: failed to enlarge param buffer to %d\n", total_param));	461	DEBUG(0,("cli_receive_nt_trans: failed to enlarge param buffer to %d\n", total_param));
462	return False;	462	return False;

Lines 378-384 Link Here

(-)samba-2.2.12-pre-CAN-2004-1154/source/libsmb/libsmbclient.c (-14 / +14 lines)
378		378
379	DEBUG(4,(" tconx ok\n"));	379	DEBUG(4,(" tconx ok\n"));
380		380
381	srv = (struct smbc_server )malloc(sizeof(srv));	381	srv = SMB_MALLOC_P(struct smbc_server);
382	if (!srv) {	382	if (!srv) {
383	errno = ENOMEM;	383	errno = ENOMEM;
384	goto failed;	384	goto failed;
Lines 390-414 Link Here
390		390
391	srv->dev = (dev_t)(str_checksum(server) ^ str_checksum(share));	391	srv->dev = (dev_t)(str_checksum(server) ^ str_checksum(share));
392		392
393	srv->server_name = strdup(server);	393	srv->server_name = SMB_STRDUP(server);
394	if (!srv->server_name) {	394	if (!srv->server_name) {
395	errno = ENOMEM;	395	errno = ENOMEM;
396	goto failed;	396	goto failed;
397	}	397	}
398		398
399	srv->share_name = strdup(share);	399	srv->share_name = SMB_STRDUP(share);
400	if (!srv->share_name) {	400	if (!srv->share_name) {
401	errno = ENOMEM;	401	errno = ENOMEM;
402	goto failed;	402	goto failed;
403	}	403	}
404		404
405	srv->workgroup = strdup(workgroup);	405	srv->workgroup = SMB_STRDUP(workgroup);
406	if (!srv->workgroup) {	406	if (!srv->workgroup) {
407	errno = ENOMEM;	407	errno = ENOMEM;
408	goto failed;	408	goto failed;
409	}	409	}
410		410
411	srv->username = strdup(username);	411	srv->username = SMB_STRDUP(username);
412	if (!srv->username) {	412	if (!srv->username) {
413	errno = ENOMEM;	413	errno = ENOMEM;
414	goto failed;	414	goto failed;
Lines 535-541 Link Here
535		535
536	user = getenv("USER");	536	user = getenv("USER");
537	/* walk around as "guest" if no username can be found */	537	/* walk around as "guest" if no username can be found */
538	if (!user) user = strdup("guest");	538	if (!user) user = SMB_STRDUP("guest");
539	pstrcpy(smbc_user, user); /* Save for use elsewhere */	539	pstrcpy(smbc_user, user); /* Save for use elsewhere */
540		540
541	/*	541	/*
Lines 585-591 Link Here
585		585
586	#endif	586	#endif
587		587
588	smbc_file_table = malloc(SMBC_MAX_FD * sizeof(struct smbc_file *));	588	smbc_file_table = SMB_MALLOC_ARRAY( struct smbc_file *, SMBC_MAX_FD );
589	if (!smbc_file_table)	589	if (!smbc_file_table)
590	return ENOMEM;	590	return ENOMEM;
591		591
Lines 659-665 Link Here
659		659
660	}	660	}
661		661
662	smbc_file_table[slot] = malloc(sizeof(struct smbc_file));	662	smbc_file_table[slot] = SMB_MALLOC_P(struct smbc_file);
663		663
664	if (!smbc_file_table[slot]) {	664	if (!smbc_file_table[slot]) {
665		665
Lines 682-688 Link Here
682		682
683	smbc_file_table[slot]->cli_fd = fd;	683	smbc_file_table[slot]->cli_fd = fd;
684	smbc_file_table[slot]->smbc_fd = slot + smbc_start_fd;	684	smbc_file_table[slot]->smbc_fd = slot + smbc_start_fd;
685	smbc_file_table[slot]->fname = strdup(fname);	685	smbc_file_table[slot]->fname = SMB_STRDUP(fname);
686	smbc_file_table[slot]->srv = srv;	686	smbc_file_table[slot]->srv = srv;
687	smbc_file_table[slot]->offset = 0;	687	smbc_file_table[slot]->offset = 0;
688	smbc_file_table[slot]->file = True;	688	smbc_file_table[slot]->file = True;
Lines 1419-1425 Link Here
1419	size = sizeof(struct smbc_dirent) + (name?strlen(name):0) +	1419	size = sizeof(struct smbc_dirent) + (name?strlen(name):0) +
1420	(comment?strlen(comment):0) + 1;	1420	(comment?strlen(comment):0) + 1;
1421		1421
1422	dirent = malloc(size);	1422	dirent = SMB_MALLOC(size);
1423		1423
1424	if (!dirent) {	1424	if (!dirent) {
1425		1425
Lines 1430-1436 Link Here
1430		1430
1431	if (dir->dir_list == NULL) {	1431	if (dir->dir_list == NULL) {
1432		1432
1433	dir->dir_list = malloc(sizeof(struct smbc_dir_list));	1433	dir->dir_list = SMB_MALLOC_P(struct smbc_dir_list);
1434	if (!dir->dir_list) {	1434	if (!dir->dir_list) {
1435		1435
1436	SAFE_FREE(dirent);	1436	SAFE_FREE(dirent);
Lines 1444-1450 Link Here
1444	}	1444	}
1445	else {	1445	else {
1446		1446
1447	dir->dir_end->next = malloc(sizeof(struct smbc_dir_list));	1447	dir->dir_end->next = SMB_MALLOC_P(struct smbc_dir_list);
1448		1448
1449	if (!dir->dir_end->next) {	1449	if (!dir->dir_end->next) {
1450		1450
Lines 1581-1587 Link Here
1581		1581
1582	}	1582	}
1583		1583
1584	smbc_file_table[slot] = malloc(sizeof(struct smbc_file));	1584	smbc_file_table[slot] = SMB_MALLOC_P(struct smbc_file);
1585		1585
1586	if (!smbc_file_table[slot]) {	1586	if (!smbc_file_table[slot]) {
1587		1587
Lines 1592-1598 Link Here
1592		1592
1593	smbc_file_table[slot]->cli_fd = 0;	1593	smbc_file_table[slot]->cli_fd = 0;
1594	smbc_file_table[slot]->smbc_fd = slot + smbc_start_fd;	1594	smbc_file_table[slot]->smbc_fd = slot + smbc_start_fd;
1595	smbc_file_table[slot]->fname = strdup(fname);	1595	smbc_file_table[slot]->fname = SMB_STRDUP(fname);
1596	smbc_file_table[slot]->srv = NULL;	1596	smbc_file_table[slot]->srv = NULL;
1597	smbc_file_table[slot]->offset = 0;	1597	smbc_file_table[slot]->offset = 0;
1598	smbc_file_table[slot]->file = False;	1598	smbc_file_table[slot]->file = False;

Lines 54-60 Link Here

(-)samba-2.2.12-pre-CAN-2004-1154/source/libsmb/namequery.c (-11 / +19 lines)
54		54
55	if (*num_names == 0) return NULL;	55	if (*num_names == 0) return NULL;
56		56
57	ret = (struct node_status )malloc(sizeof(struct node_status) (*num_names));	57	ret = SMB_MALLOC_ARRAY(struct node_status, *num_names);
58	if (!ret) return NULL;	58	if (!ret) return NULL;
59		59
60	p++;	60	p++;
Lines 238-244 Link Here
238		238
239	/* Now, create the additional stuff for a registration request */	239	/* Now, create the additional stuff for a registration request */
240		240
241	if ((nmb->additional = (struct res_rec *)malloc(sizeof(struct res_rec))) == NULL) {	241	if ((nmb->additional = SMB_MALLOC_P(struct res_rec)) == NULL) {
242		242
243	DEBUG(0, ("name_register: malloc fail for additional record.\n"));	243	DEBUG(0, ("name_register: malloc fail for additional record.\n"));
244	return False;	244	return False;
Lines 407-414 Link Here
407	continue;	407	continue;
408	}	408	}
409		409
410	tmp_ip_list = (struct in_addr *)Realloc( ip_list, sizeof( ip_list[0] )	410	if(
411	* ( (*count) + nmb2->answers->rdlength/6 ) );	411	nmb2->answers->rdlength >= INT_MAX/6 \|\|
		412	(*count) >= INT_MAX-(nmb2->answers->rdlength/6) \|\|
		413	sizeof( ip_list[0] ) >= UINT_MAX/( (*count) + nmb2->answers->rdlength/6 )
		414	)
		415	{
		416	DEBUG(0,("name_query: integer overflow detected.\n"));
		417	free_packet(p2);
		418	return NULL;
		419	}
		420	tmp_ip_list = SMB_REALLOC_ARRAY( ip_list, struct in_addr, (*count) + nmb2->answers->rdlength/6 );
412		421
413	if (!tmp_ip_list) {	422	if (!tmp_ip_list) {
414	DEBUG(0,("name_query: Realloc failed.\n"));	423	DEBUG(0,("name_query: Realloc failed.\n"));
Lines 775-781 Link Here
775	((name_type2 == -1) \|\| (name_type == name_type2))	784	((name_type2 == -1) \|\| (name_type == name_type2))
776	) {	785	) {
777	endlmhosts(fp);	786	endlmhosts(fp);
778	return_iplist = (struct in_addr )malloc(sizeof(struct in_addr));	787	*return_iplist = SMB_MALLOC_P(struct in_addr);
779	if(*return_iplist == NULL) {	788	if(*return_iplist == NULL) {
780	DEBUG(3,("resolve_lmhosts: malloc fail !\n"));	789	DEBUG(3,("resolve_lmhosts: malloc fail !\n"));
781	return False;	790	return False;
Lines 812-818 Link Here
812	int i = 0, j;	821	int i = 0, j;
813	while (hp->h_addr_list[i]) i++;	822	while (hp->h_addr_list[i]) i++;
814	DEBUG(10, ("%d addresses returned\n", i));	823	DEBUG(10, ("%d addresses returned\n", i));
815	return_iplist = (struct in_addr )malloc(i*sizeof(struct in_addr));	824	*return_iplist = SMB_MALLOC_ARRAY(struct in_addr, i);
816	if(*return_iplist == NULL) {	825	if(*return_iplist == NULL) {
817	DEBUG(3,("resolve_hosts: malloc fail !\n"));	826	DEBUG(3,("resolve_hosts: malloc fail !\n"));
818	return False;	827	return False;
Lines 849-855 Link Here
849	*return_count = 0;	858	*return_count = 0;
850		859
851	if (allzeros \|\| allones \|\| is_address) {	860	if (allzeros \|\| allones \|\| is_address) {
852	return_iplist = (struct in_addr )malloc(sizeof(struct in_addr));	861	*return_iplist = SMB_MALLOC_P(struct in_addr);
853	if(*return_iplist == NULL) {	862	if(*return_iplist == NULL) {
854	DEBUG(3,("internal_resolve_name: malloc fail !\n"));	863	DEBUG(3,("internal_resolve_name: malloc fail !\n"));
855	return False;	864	return False;
Lines 919-926 Link Here
919	controllers including the PDC in iplist[1..n]. Iterating over	928	controllers including the PDC in iplist[1..n]. Iterating over
920	the iplist when the PDC is down will cause two sets of timeouts. */	929	the iplist when the PDC is down will cause two sets of timeouts. */
921		930
922	if (*return_count && (nodupes_iplist =	931	if (return_count && (nodupes_iplist = SMB_MALLOC_ARRAY(struct in_addr, return_count))) {
923	(struct in_addr )malloc(sizeof(struct in_addr) (*return_count)))) {
924	int nodupes_count = 0;	932	int nodupes_count = 0;
925		933
926	/* Iterate over return_iplist looking for duplicates */	934	/* Iterate over return_iplist looking for duplicates */
Lines 1327-1333 Link Here
1327	if (num_addresses == 0)	1335	if (num_addresses == 0)
1328	return internal_resolve_name(group, name_type, ip_list, count);	1336	return internal_resolve_name(group, name_type, ip_list, count);
1329		1337
1330	return_iplist = (struct in_addr )malloc(num_addresses sizeof(struct in_addr));	1338	return_iplist = SMB_MALLOC_ARRAY(struct in_addr, num_addresses);
1331	if(return_iplist == NULL) {	1339	if(return_iplist == NULL) {
1332	DEBUG(3,("get_dc_list: malloc fail !\n"));	1340	DEBUG(3,("get_dc_list: malloc fail !\n"));
1333	return False;	1341	return False;
Lines 1339-1345 Link Here
1339	int count_more;	1347	int count_more;
1340	if (resolve_name_2( name, &more_ip, &count_more, 0x20) == False)	1348	if (resolve_name_2( name, &more_ip, &count_more, 0x20) == False)
1341	continue;	1349	continue;
1342	tmp = (struct in_addr )realloc(return_iplist,(num_addresses + count_more) sizeof(struct in_addr));	1350	tmp = SMB_REALLOC_ARRAY(return_iplist, struct in_addr, num_addresses + count_more);
1343	if (return_iplist == NULL) {	1351	if (return_iplist == NULL) {
1344	DEBUG(3, ("realloc failed with %d addresses\n", num_addresses + count_more));	1352	DEBUG(3, ("realloc failed with %d addresses\n", num_addresses + count_more));
1345	SAFE_FREE(return_iplist);	1353	SAFE_FREE(return_iplist);

Lines 335-341 Link Here

(-)samba-2.2.12-pre-CAN-2004-1154/source/libsmb/nmblib.c (-10 / +7 lines)
335	struct res_rec **recs, int count)	335	struct res_rec **recs, int count)
336	{	336	{
337	int i;	337	int i;
338	recs = (struct res_rec )malloc(sizeof(*recs)count);	338	*recs = SMB_MALLOC_ARRAY(struct res_rec, count);
339	if (!*recs) return(False);	339	if (!*recs) return(False);
340		340
341	memset((char )recs,'\0',sizeof(*recs)count);	341	memset((char )recs,'\0',sizeof(*recs)count);
Lines 525-531 Link Here
525	struct nmb_packet *copy_nmb;	525	struct nmb_packet *copy_nmb;
526	struct packet_struct *pkt_copy;	526	struct packet_struct *pkt_copy;
527		527
528	if(( pkt_copy = (struct packet_struct )malloc(sizeof(packet))) == NULL)	528	if(( pkt_copy = SMB_MALLOC_P(struct packet_struct)) == NULL)
529	{	529	{
530	DEBUG(0,("copy_nmb_packet: malloc fail.\n"));	530	DEBUG(0,("copy_nmb_packet: malloc fail.\n"));
531	return NULL;	531	return NULL;
Lines 550-573 Link Here
550		550
551	if (nmb->answers)	551	if (nmb->answers)
552	{	552	{
553	if((copy_nmb->answers = (struct res_rec *)	553	if((copy_nmb->answers = SMB_MALLOC_ARRAY(struct res_rec, nmb->header.ancount)) == NULL)
554	malloc(nmb->header.ancount * sizeof(struct res_rec))) == NULL)
555	goto free_and_exit;	554	goto free_and_exit;
556	memcpy((char )copy_nmb->answers, (char )nmb->answers,	555	memcpy((char )copy_nmb->answers, (char )nmb->answers,
557	nmb->header.ancount * sizeof(struct res_rec));	556	nmb->header.ancount * sizeof(struct res_rec));
558	}	557	}
559	if (nmb->nsrecs)	558	if (nmb->nsrecs)
560	{	559	{
561	if((copy_nmb->nsrecs = (struct res_rec *)	560	if((copy_nmb->nsrecs = SMB_MALLOC_ARRAY(struct res_rec, nmb->header.nscount)) == NULL)
562	malloc(nmb->header.nscount * sizeof(struct res_rec))) == NULL)
563	goto free_and_exit;	561	goto free_and_exit;
564	memcpy((char )copy_nmb->nsrecs, (char )nmb->nsrecs,	562	memcpy((char )copy_nmb->nsrecs, (char )nmb->nsrecs,
565	nmb->header.nscount * sizeof(struct res_rec));	563	nmb->header.nscount * sizeof(struct res_rec));
566	}	564	}
567	if (nmb->additional)	565	if (nmb->additional)
568	{	566	{
569	if((copy_nmb->additional = (struct res_rec *)	567	if((copy_nmb->additional = SMB_MALLOC_ARRAY(struct res_rec, nmb->header.arcount)) == NULL)
570	malloc(nmb->header.arcount * sizeof(struct res_rec))) == NULL)
571	goto free_and_exit;	568	goto free_and_exit;
572	memcpy((char )copy_nmb->additional, (char )nmb->additional,	569	memcpy((char )copy_nmb->additional, (char )nmb->additional,
573	nmb->header.arcount * sizeof(struct res_rec));	570	nmb->header.arcount * sizeof(struct res_rec));
Lines 593-599 Link Here
593	{	590	{
594	struct packet_struct *pkt_copy;	591	struct packet_struct *pkt_copy;
595		592
596	if(( pkt_copy = (struct packet_struct )malloc(sizeof(packet))) == NULL)	593	if(( pkt_copy = SMB_MALLOC_P(struct packet_struct)) == NULL)
597	{	594	{
598	DEBUG(0,("copy_dgram_packet: malloc fail.\n"));	595	DEBUG(0,("copy_dgram_packet: malloc fail.\n"));
599	return NULL;	596	return NULL;
Lines 667-673 Link Here
667	struct packet_struct *p;	664	struct packet_struct *p;
668	BOOL ok=False;	665	BOOL ok=False;
669		666
670	p = (struct packet_struct )malloc(sizeof(p));	667	p = SMB_MALLOC_P(struct packet_struct);
671	if (!p) return(NULL);	668	if (!p) return(NULL);
672		669
673	p->next = NULL;	670	p->next = NULL;

Lines 103-109 Link Here

(-)samba-2.2.12-pre-CAN-2004-1154/source/locking/posix.c (-6 / +5 lines)
103		103
104	dbuf = tdb_fetch(posix_pending_close_tdb, kbuf);	104	dbuf = tdb_fetch(posix_pending_close_tdb, kbuf);
105		105
106	tp = Realloc(dbuf.dptr, dbuf.dsize + sizeof(int));	106	tp = SMB_REALLOC(dbuf.dptr, dbuf.dsize + sizeof(int));
107	if (!tp) {	107	if (!tp) {
108	DEBUG(0,("add_fd_to_close_entry: Realloc fail !\n"));	108	DEBUG(0,("add_fd_to_close_entry: Realloc fail !\n"));
109	SAFE_FREE(dbuf.dptr);	109	SAFE_FREE(dbuf.dptr);
Lines 370-376 Link Here
370	pl.size = size;	370	pl.size = size;
371	pl.lock_type = lock_type;	371	pl.lock_type = lock_type;
372		372
373	tp = Realloc(dbuf.dptr, dbuf.dsize + sizeof(pl));	373	tp = SMB_REALLOC(dbuf.dptr, dbuf.dsize + sizeof(pl));
374	if (!tp) {	374	if (!tp) {
375	DEBUG(0,("add_posix_lock_entry: Realloc fail !\n"));	375	DEBUG(0,("add_posix_lock_entry: Realloc fail !\n"));
376	goto fail;	376	goto fail;
Lines 896-903 Link Here
896	\| l_curr\| \| l_new \|	896	\| l_curr\| \| l_new \|
897	+-------+ +---------+	897	+-------+ +---------+
898	**********************************************/	898	**********************************************/
899	struct lock_list l_new = (struct lock_list )talloc(ctx,	899	struct lock_list *l_new = TALLOC_P(ctx,struct lock_list);
900	sizeof(struct lock_list));
901		900
902	if(l_new == NULL) {	901	if(l_new == NULL) {
903	DEBUG(0,("posix_lock_list: talloc fail.\n"));	902	DEBUG(0,("posix_lock_list: talloc fail.\n"));
Lines 1002-1008 Link Here
1002	return True; /* Not a fatal error. */	1001	return True; /* Not a fatal error. */
1003	}	1002	}
1004		1003
1005	if ((ll = (struct lock_list *)talloc(l_ctx, sizeof(struct lock_list))) == NULL) {	1004	if ((ll = TALLOC_P(l_ctx, struct lock_list)) == NULL) {
1006	DEBUG(0,("set_posix_lock: unable to talloc unlock list.\n"));	1005	DEBUG(0,("set_posix_lock: unable to talloc unlock list.\n"));
1007	talloc_destroy(l_ctx);	1006	talloc_destroy(l_ctx);
1008	return True; /* Not a fatal error. */	1007	return True; /* Not a fatal error. */
Lines 1148-1154 Link Here
1148	return True; /* Not a fatal error. */	1147	return True; /* Not a fatal error. */
1149	}	1148	}
1150		1149
1151	if ((ul = (struct lock_list *)talloc(ul_ctx, sizeof(struct lock_list))) == NULL) {	1150	if ((ul = TALLOC_P(ul_ctx, struct lock_list)) == NULL) {
1152	DEBUG(0,("release_posix_lock: unable to talloc unlock list.\n"));	1151	DEBUG(0,("release_posix_lock: unable to talloc unlock list.\n"));
1153	talloc_destroy(ul_ctx);	1152	talloc_destroy(ul_ctx);
1154	return True; /* Not a fatal error. */	1153	return True; /* Not a fatal error. */

Lines 187-193 Link Here

(-)samba-2.2.12-pre-CAN-2004-1154/source/nmbd/nmbd_namelistdb.c (-6 / +4 lines)
187	struct name_record *namerec;	187	struct name_record *namerec;
188	time_t time_now = time(NULL);	188	time_t time_now = time(NULL);
189		189
190	namerec = (struct name_record )malloc( sizeof(namerec) );	190	namerec = SMB_MALLOC_P( struct name_record );
191	if( NULL == namerec )	191	if( NULL == namerec )
192	{	192	{
193	DEBUG( 0, ( "add_name_to_subnet: malloc fail.\n" ) );	193	DEBUG( 0, ( "add_name_to_subnet: malloc fail.\n" ) );
Lines 195-202 Link Here
195	}	195	}
196		196
197	memset( (char )namerec, '\0', sizeof(namerec) );	197	memset( (char )namerec, '\0', sizeof(namerec) );
198	namerec->data.ip = (struct in_addr *)malloc( sizeof(struct in_addr)	198	namerec->data.ip = SMB_MALLOC_ARRAY( struct in_addr, num_ips );
199	* num_ips );
200	if( NULL == namerec->data.ip )	199	if( NULL == namerec->data.ip )
201	{	200	{
202	DEBUG( 0, ( "add_name_to_subnet: malloc fail when creating ip_flgs.\n" ) );	201	DEBUG( 0, ( "add_name_to_subnet: malloc fail when creating ip_flgs.\n" ) );
Lines 336-343 Link Here
336	if( find_ip_in_name_record( namerec, new_ip ) )	335	if( find_ip_in_name_record( namerec, new_ip ) )
337	return;	336	return;
338		337
339	new_list = (struct in_addr *)malloc( (namerec->data.num_ips + 1)	338	new_list = SMB_MALLOC_ARRAY( struct in_addr, namerec->data.num_ips + 1 );
340	* sizeof(struct in_addr) );
341	if( NULL == new_list )	339	if( NULL == new_list )
342	{	340	{
343	DEBUG(0,("add_ip_to_name_record: Malloc fail !\n"));	341	DEBUG(0,("add_ip_to_name_record: Malloc fail !\n"));
Lines 492-498 Link Here
492	/* Create an IP list containing all our known subnets. */	490	/* Create an IP list containing all our known subnets. */
493		491
494	num_ips = iface_count();	492	num_ips = iface_count();
495	iplist = (struct in_addr )malloc( num_ips sizeof(struct in_addr) );	493	iplist = SMB_MALLOC_ARRAY( struct in_addr, num_ips );
496	if( NULL == iplist )	494	if( NULL == iplist )
497	{	495	{
498	DEBUG(0,("add_samba_names_to_subnet: Malloc fail !\n"));	496	DEBUG(0,("add_samba_names_to_subnet: Malloc fail !\n"));

Lines 193-199 Link Here

(-)samba-2.2.12-pre-CAN-2004-1154/source/nmbd/nmbd_packets.c (-4 / +9 lines)
193	struct nmb_packet *nmb = NULL;	193	struct nmb_packet *nmb = NULL;
194		194
195	/* Allocate the packet_struct we will return. */	195	/* Allocate the packet_struct we will return. */
196	if((packet = (struct packet_struct )malloc(sizeof(packet))) == NULL)	196	if((packet = SMB_MALLOC_P(struct packet_struct)) == NULL)
197	{	197	{
198	DEBUG(0,("create_and_init_netbios_packet: malloc fail (1) for packet struct.\n"));	198	DEBUG(0,("create_and_init_netbios_packet: malloc fail (1) for packet struct.\n"));
199	return NULL;	199	return NULL;
Lines 240-246 Link Here
240	{	240	{
241	struct nmb_packet *nmb = &packet->packet.nmb;	241	struct nmb_packet *nmb = &packet->packet.nmb;
242		242
243	if((nmb->additional = (struct res_rec *)malloc(sizeof(struct res_rec))) == NULL)	243	if((nmb->additional = SMB_MALLOC_P(struct res_rec)) == NULL)
244	{	244	{
245	DEBUG(0,("initiate_name_register_packet: malloc fail for additional record.\n"));	245	DEBUG(0,("initiate_name_register_packet: malloc fail for additional record.\n"));
246	return False;	246	return False;
Lines 1705-1711 Link Here
1705	struct subnet_record *subrec = NULL;	1705	struct subnet_record *subrec = NULL;
1706	int count = 0;	1706	int count = 0;
1707	int num = 0;	1707	int num = 0;
1708	fd_set pset = (fd_set )malloc(sizeof(fd_set));	1708	fd_set *pset = SMB_MALLOC_P(fd_set);
1709		1709
1710	if(pset == NULL)	1710	if(pset == NULL)
1711	{	1711	{
Lines 1717-1722 Link Here
1717	for (subrec = FIRST_SUBNET; subrec; subrec = NEXT_SUBNET_EXCLUDING_UNICAST(subrec))	1717	for (subrec = FIRST_SUBNET; subrec; subrec = NEXT_SUBNET_EXCLUDING_UNICAST(subrec))
1718	count++;	1718	count++;
1719		1719
		1720	if(count >= (UINT_MAX/2)-2)
		1721	{
		1722	DEBUG(0,("create_listen_fdset: integer overflow detected.\n"));
		1723	return True;
		1724	}
1720	if((count*2) + 2 > FD_SETSIZE)	1725	if((count*2) + 2 > FD_SETSIZE)
1721	{	1726	{
1722	DEBUG(0,("create_listen_fdset: Too many file descriptors needed (%d). We can \	1727	DEBUG(0,("create_listen_fdset: Too many file descriptors needed (%d). We can \
Lines 1724-1730 Link Here
1724	return True;	1729	return True;
1725	}	1730	}
1726		1731
1727	if((sock_array = (int )malloc(((count2) + 2)*sizeof(int))) == NULL)	1732	if((sock_array = SMB_MALLOC_ARRAY( int, (count*2) + 2)) == NULL)
1728	{	1733	{
1729	DEBUG(0,("create_listen_fdset: malloc fail for socket array.\n"));	1734	DEBUG(0,("create_listen_fdset: malloc fail for socket array.\n"));
1730	return True;	1735	return True;

Lines 272-278 Link Here

(-)samba-2.2.12-pre-CAN-2004-1154/source/nmbd/nmbd_winsserver.c (-3 / +3 lines)
272	}	272	}
273		273
274	/* Allocate the space for the ip_list. */	274	/* Allocate the space for the ip_list. */
275	if((ip_list = (struct in_addr )malloc( num_ips sizeof(struct in_addr))) == NULL)	275	if((ip_list = SMB_MALLOC_ARRAY( struct in_addr, num_ips )) == NULL)
276	{	276	{
277	DEBUG(0,("initialise_wins: Malloc fail !\n"));	277	DEBUG(0,("initialise_wins: Malloc fail !\n"));
278	return False;	278	return False;
Lines 1237-1243 Link Here
1237	return;	1237	return;
1238	}	1238	}
1239		1239
1240	if((prdata = (char )malloc( num_ips 6 )) == NULL)	1240	if((prdata = (char )SMB_MALLOC( num_ips 6 )) == NULL)
1241	{	1241	{
1242	DEBUG(0,("process_wins_dmb_query_request: Malloc fail !.\n"));	1242	DEBUG(0,("process_wins_dmb_query_request: Malloc fail !.\n"));
1243	return;	1243	return;
Lines 1309-1315 Link Here
1309	prdata = rdata;	1309	prdata = rdata;
1310	else	1310	else
1311	{	1311	{
1312	if((prdata = (char )malloc( namerec->data.num_ips 6 )) == NULL)	1312	if((prdata = (char )SMB_MALLOC( namerec->data.num_ips 6 )) == NULL)
1313	{	1313	{
1314	DEBUG(0,("send_wins_name_query_response: malloc fail !\n"));	1314	DEBUG(0,("send_wins_name_query_response: malloc fail !\n"));
1315	return;	1315	return;

Lines 95-101 Link Here

(-)samba-2.2.12-pre-CAN-2004-1154/source/nsswitch/winbindd_cache.c (-12 / +12 lines)
95		95
96	if (ret) return ret;	96	if (ret) return ret;
97		97
98	ret = smb_xmalloc(sizeof(*ret));	98	ret = SMB_XMALLOC_P(struct winbind_cache);
99	ZERO_STRUCTP(ret);	99	ZERO_STRUCTP(ret);
100	switch (lp_security()) {	100	switch (lp_security()) {
101	#ifdef HAVE_ADS	101	#ifdef HAVE_ADS
Lines 179-185 Link Here
179	smb_panic("centry_string");	179	smb_panic("centry_string");
180	}	180	}
181		181
182	ret = talloc(mem_ctx, len+1);	182	ret = TALLOC_ARRAY(mem_ctx, char, len+1);
183	if (!ret) {	183	if (!ret) {
184	smb_panic("centry_string out of memory\n");	184	smb_panic("centry_string out of memory\n");
185	}	185	}
Lines 292-298 Link Here
292	return NULL;	292	return NULL;
293	}	293	}
294		294
295	centry = smb_xmalloc(sizeof(*centry));	295	centry = SMB_XMALLOC_P(struct cache_entry);
296	centry->data = (uchar *)data.dptr;	296	centry->data = (uchar *)data.dptr;
297	centry->len = data.dsize;	297	centry->len = data.dsize;
298	centry->ofs = 0;	298	centry->ofs = 0;
Lines 322-328 Link Here
322	uint8 *p;	322	uint8 *p;
323	if (centry->len - centry->ofs >= len) return;	323	if (centry->len - centry->ofs >= len) return;
324	centry->len *= 2;	324	centry->len *= 2;
325	p = realloc(centry->data, centry->len);	325	p = SMB_REALLOC(centry->data, centry->len);
326	if (!p) {	326	if (!p) {
327	DEBUG(0,("out of memory: needed %d bytes in centry_expand\n", centry->len));	327	DEBUG(0,("out of memory: needed %d bytes in centry_expand\n", centry->len));
328	smb_panic("out of memory in centry_expand");	328	smb_panic("out of memory in centry_expand");
Lines 381-390 Link Here
381		381
382	if (!wcache->tdb) return NULL;	382	if (!wcache->tdb) return NULL;
383		383
384	centry = smb_xmalloc(sizeof(*centry));	384	centry = SMB_XMALLOC_P(struct cache_entry);
385		385
386	centry->len = 8192; /* reasonable default */	386	centry->len = 8192; /* reasonable default */
387	centry->data = smb_xmalloc(centry->len);	387	centry->data = SMB_XMALLOC_ARRAY(char, centry->len);
388	centry->ofs = 0;	388	centry->ofs = 0;
389	centry->sequence_number = domain->sequence_number;	389	centry->sequence_number = domain->sequence_number;
390	centry_put_uint32(centry, NT_STATUS_V(status));	390	centry_put_uint32(centry, NT_STATUS_V(status));
Lines 494-500 Link Here
494		494
495	if (*num_entries == 0) goto do_cached;	495	if (*num_entries == 0) goto do_cached;
496		496
497	(info) = talloc(mem_ctx, sizeof(info) (*num_entries));	497	(info) = TALLOC_ARRAY(mem_ctx, WINBIND_USERINFO, num_entries);
498	if (! (*info)) smb_panic("query_user_list out of memory");	498	if (! (*info)) smb_panic("query_user_list out of memory");
499	for (i=0; i<(*num_entries); i++) {	499	for (i=0; i<(*num_entries); i++) {
500	(*info)[i].acct_name = centry_string(centry, mem_ctx);	500	(*info)[i].acct_name = centry_string(centry, mem_ctx);
Lines 580-586 Link Here
580		580
581	if (*num_entries == 0) goto do_cached;	581	if (*num_entries == 0) goto do_cached;
582		582
583	(info) = talloc(mem_ctx, sizeof(info) (*num_entries));	583	(info) = TALLOC_ARRAY(mem_ctx, struct acct_info, num_entries);
584	if (! (*info)) smb_panic("enum_dom_groups out of memory");	584	if (! (*info)) smb_panic("enum_dom_groups out of memory");
585	for (i=0; i<(*num_entries); i++) {	585	for (i=0; i<(*num_entries); i++) {
586	fstrcpy((*info)[i].acct_name, centry_string(centry, mem_ctx));	586	fstrcpy((*info)[i].acct_name, centry_string(centry, mem_ctx));
Lines 783-789 Link Here
783		783
784	if (*num_groups == 0) goto do_cached;	784	if (*num_groups == 0) goto do_cached;
785		785
786	(user_gids) = talloc(mem_ctx, sizeof(user_gids) (*num_groups));	786	(user_gids) = TALLOC_ARRAY(mem_ctx, uint32, num_groups);
787	if (! (*user_gids)) smb_panic("lookup_usergroups out of memory");	787	if (! (*user_gids)) smb_panic("lookup_usergroups out of memory");
788	for (i=0; i<(*num_groups); i++) {	788	for (i=0; i<(*num_groups); i++) {
789	(*user_gids)[i] = centry_uint32(centry);	789	(*user_gids)[i] = centry_uint32(centry);
Lines 841-849 Link Here
841		841
842	if (*num_names == 0) goto do_cached;	842	if (*num_names == 0) goto do_cached;
843		843
844	(rid_mem) = talloc(mem_ctx, sizeof(rid_mem) (*num_names));	844	(rid_mem) = TALLOC_ARRAY(mem_ctx, uint32, num_names);
845	(names) = talloc(mem_ctx, sizeof(names) (*num_names));	845	(names) = TALLOC_ARRAY(mem_ctx, char , *num_names);
846	(name_types) = talloc(mem_ctx, sizeof(name_types) (*num_names));	846	(name_types) = TALLOC_ARRAY(mem_ctx, uint32, num_names);
847		847
848	if (! (rid_mem) \|\| ! (names) \|\| ! (*name_types)) {	848	if (! (rid_mem) \|\| ! (names) \|\| ! (*name_types)) {
849	smb_panic("lookup_groupmem out of memory");	849	smb_panic("lookup_groupmem out of memory");

Lines 235-242 Link Here

(-)samba-2.2.12-pre-CAN-2004-1154/source/nsswitch/winbindd_cm.c (-9 / +5 lines)
235		235
236	/* Create negative lookup cache entry for this domain and controller */	236	/* Create negative lookup cache entry for this domain and controller */
237		237
238	if (!(fcc = (struct failed_connection_cache *)	238	if (!(fcc = SMB_MALLOC_P(struct failed_connection_cache))) {
239	malloc(sizeof(struct failed_connection_cache)))) {
240	DEBUG(0, ("malloc failed in add_failed_connection_entry!\n"));	239	DEBUG(0, ("malloc failed in add_failed_connection_entry!\n"));
241	return;	240	return;
242	}	241	}
Lines 396-402 Link Here
396	}	395	}
397		396
398	if (!conn) {	397	if (!conn) {
399	if (!(conn = (struct winbindd_cm_conn *) malloc(sizeof(struct winbindd_cm_conn))))	398	if (!(conn = SMB_MALLOC_P(struct winbindd_cm_conn)))
400	return NT_STATUS_NO_MEMORY;	399	return NT_STATUS_NO_MEMORY;
401		400
402	ZERO_STRUCTP(conn);	401	ZERO_STRUCTP(conn);
Lines 565-572 Link Here
565	basic_conn = conn;	564	basic_conn = conn;
566	}	565	}
567		566
568	if (!(conn = (struct winbindd_cm_conn *)	567	if (!(conn = SMB_MALLOC_P(struct winbindd_cm_conn)))
569	malloc(sizeof(struct winbindd_cm_conn))))
570	return NULL;	568	return NULL;
571		569
572	ZERO_STRUCTP(conn);	570	ZERO_STRUCTP(conn);
Lines 641-648 Link Here
641	return NULL;	639	return NULL;
642	}	640	}
643		641
644	if (!(conn = (struct winbindd_cm_conn *)	642	if (!(conn = SMB_MALLOC_P(struct winbindd_cm_conn)))
645	malloc(sizeof(struct winbindd_cm_conn))))
646	return NULL;	643	return NULL;
647		644
648	ZERO_STRUCTP(conn);	645	ZERO_STRUCTP(conn);
Lines 718-725 Link Here
718	return NULL;	715	return NULL;
719	}	716	}
720		717
721	if (!(conn = (struct winbindd_cm_conn *)	718	if (!(conn = SMB_MALLOC_P(struct winbindd_cm_conn)))
722	malloc(sizeof(struct winbindd_cm_conn))))
723	return NULL;	719	return NULL;
724		720
725	ZERO_STRUCTP(conn);	721	ZERO_STRUCTP(conn);

Lines 151-157 Link Here

(-)samba-2.2.12-pre-CAN-2004-1154/source/nsswitch/winbindd_group.c (-9 / +8 lines)
151	/* Allocate buffer */	151	/* Allocate buffer */
152		152
153	if (!buf && buf_len != 0) {	153	if (!buf && buf_len != 0) {
154	if (!(buf = malloc(buf_len))) {	154	if (!(buf = SMB_MALLOC(buf_len))) {
155	DEBUG(1, ("out of memory\n"));	155	DEBUG(1, ("out of memory\n"));
156	result = False;	156	result = False;
157	goto done;	157	goto done;
Lines 358-365 Link Here
358		358
359	/* Create a state record for this domain */	359	/* Create a state record for this domain */
360		360
361	if ((domain_state = (struct getent_state *)	361	if ((domain_state = SMB_MALLOC_P(struct getent_state)) == NULL)
362	malloc(sizeof(struct getent_state))) == NULL)
363	return WINBINDD_ERROR;	362	return WINBINDD_ERROR;
364		363
365	ZERO_STRUCTP(domain_state);	364	ZERO_STRUCTP(domain_state);
Lines 431-437 Link Here
431	/* Copy entries into return buffer */	430	/* Copy entries into return buffer */
432		431
433	if (num_entries) {	432	if (num_entries) {
434	name_list = malloc(sizeof(struct acct_info) * num_entries);	433	name_list = SMB_MALLOC_ARRAY(struct acct_info, num_entries);
435	memcpy(name_list, sam_grp_entries,	434	memcpy(name_list, sam_grp_entries,
436	num_entries * sizeof(struct acct_info));	435	num_entries * sizeof(struct acct_info));
437	}	436	}
Lines 477-483 Link Here
477	num_groups = MIN(MAX_GETGRENT_GROUPS, state->request.data.num_entries);	476	num_groups = MIN(MAX_GETGRENT_GROUPS, state->request.data.num_entries);
478		477
479	if ((state->response.extra_data =	478	if ((state->response.extra_data =
480	malloc(num_groups * sizeof(struct winbindd_gr))) == NULL)	479	SMB_MALLOC_ARRAY( struct winbindd_gr, num_groups )) == NULL)
481	return WINBINDD_ERROR;	480	return WINBINDD_ERROR;
482		481
483	state->response.data.num_entries = 0;	482	state->response.data.num_entries = 0;
Lines 593-599 Link Here
593		592
594	if (result) {	593	if (result) {
595	/* Append to group membership list */	594	/* Append to group membership list */
596	new_gr_mem_list = Realloc(	595	new_gr_mem_list = SMB_REALLOC(
597	gr_mem_list,	596	gr_mem_list,
598	gr_mem_list_len + gr_mem_len);	597	gr_mem_list_len + gr_mem_len);
599		598
Lines 646-652 Link Here
646	if (group_list_ndx == 0)	645	if (group_list_ndx == 0)
647	goto done;	646	goto done;
648		647
649	new_extra_data = Realloc(	648	new_extra_data = SMB_REALLOC(
650	state->response.extra_data,	649	state->response.extra_data,
651	group_list_ndx * sizeof(struct winbindd_gr) + gr_mem_list_len);	650	group_list_ndx * sizeof(struct winbindd_gr) + gr_mem_list_len);
652		651
Lines 731-737 Link Here
731	/* Allocate some memory for extra data. Note that we limit	730	/* Allocate some memory for extra data. Note that we limit
732	account names to sizeof(fstring) = 128 characters. */	731	account names to sizeof(fstring) = 128 characters. */
733		732
734	ted = Realloc(extra_data, sizeof(fstring) * total_entries);	733	ted = SMB_REALLOC_ARRAY( extra_data, fstring, total_entries );
735		734
736	if (!ted) {	735	if (!ted) {
737	DEBUG(0,("failed to enlarge buffer!\n"));	736	DEBUG(0,("failed to enlarge buffer!\n"));
Lines 830-836 Link Here
830	/* Copy data back to client */	829	/* Copy data back to client */
831		830
832	num_gids = 0;	831	num_gids = 0;
833	gid_list = malloc(sizeof(gid_t) * num_groups);	832	gid_list = SMB_MALLOC_ARRAY( gid_t, num_groups );
834		833
835	if (state->response.extra_data)	834	if (state->response.extra_data)
836	goto done;	835	goto done;

Lines 34-40 Link Here

(-)samba-2.2.12-pre-CAN-2004-1154/source/nsswitch/winbindd_rpc.c (-8 / +6 lines)
34	int maxlen = (str->uni_str_len+1)*4;	34	int maxlen = (str->uni_str_len+1)*4;
35	if (!str->buffer)	35	if (!str->buffer)
36	return NULL;	36	return NULL;
37	s = (char )talloc(ctx, maxlen); / convervative */	37	s = TALLOC_ARRAY(ctx, char ,maxlen); / convervative */
38	if (!s)	38	if (!s)
39	return NULL;	39	return NULL;
40	unistr2_to_unix(s, str, maxlen);	40	unistr2_to_unix(s, str, maxlen);
Lines 111-118 Link Here
111	(*num_entries) += count;	111	(*num_entries) += count;
112		112
113	/* now map the result into the WINBIND_USERINFO structure */	113	/* now map the result into the WINBIND_USERINFO structure */
114	(info) = talloc_realloc(mem_ctx, info,	114	(info) = TALLOC_REALLOC_ARRAY(mem_ctx, info, WINBIND_USERINFO,*num_entries);
115	(num_entries)sizeof(WINBIND_USERINFO));
116	if (!(*info)) {	115	if (!(*info)) {
117	result = NT_STATUS_NO_MEMORY;	116	result = NT_STATUS_NO_MEMORY;
118	talloc_destroy(ctx2);	117	talloc_destroy(ctx2);
Lines 193-200 Link Here
193	break;	192	break;
194	}	193	}
195		194
196	(info) = talloc_realloc(mem_ctx, info,	195	(info) = TALLOC_REALLOC_ARRAY(mem_ctx, info, struct acct_info, (*num_entries) + count);
197	sizeof(*info) ((*num_entries) + count));
198	if (! *info) {	196	if (! *info) {
199	talloc_destroy(mem_ctx2);	197	talloc_destroy(mem_ctx2);
200	cli_samr_close(hnd->cli, mem_ctx, &dom_pol);	198	cli_samr_close(hnd->cli, mem_ctx, &dom_pol);
Lines 421-427 Link Here
421	if (!NT_STATUS_IS_OK(result) \|\| (*num_groups) == 0)	419	if (!NT_STATUS_IS_OK(result) \|\| (*num_groups) == 0)
422	goto done;	420	goto done;
423		421
424	(user_gids) = talloc(mem_ctx, sizeof(uint32) (*num_groups));	422	(user_gids) = TALLOC_ARRAY(mem_ctx, uint32, num_groups);
425	for (i=0;i<(*num_groups);i++) {	423	for (i=0;i<(*num_groups);i++) {
426	(*user_gids)[i] = user_groups[i].g_rid;	424	(*user_gids)[i] = user_groups[i].g_rid;
427	}	425	}
Lines 499-506 Link Here
499		497
500	#define MAX_LOOKUP_RIDS 900	498	#define MAX_LOOKUP_RIDS 900
501		499
502	names = talloc_zero(mem_ctx, num_names * sizeof(char *));	500	names = TALLOC_ZERO_ARRAY(mem_ctx, char , *num_names);
503	name_types = talloc_zero(mem_ctx, num_names * sizeof(uint32));	501	name_types = TALLOC_ZERO_ARRAY(mem_ctx, uint32, num_names);
504		502
505	for (i = 0; i < *num_names; i += MAX_LOOKUP_RIDS) {	503	for (i = 0; i < *num_names; i += MAX_LOOKUP_RIDS) {
506	int num_lookup_rids = MIN(*num_names - i, MAX_LOOKUP_RIDS);	504	int num_lookup_rids = MIN(*num_names - i, MAX_LOOKUP_RIDS);

Lines 1499-1505 Link Here

(-)samba-2.2.12-pre-CAN-2004-1154/source/param/loadparm.c (-16 / +13 lines)
1499	if (!lp_talloc)	1499	if (!lp_talloc)
1500	lp_talloc = talloc_init();	1500	lp_talloc = talloc_init();
1501		1501
1502	ret = (char )talloc(lp_talloc, len + 100); / leave room for substitution */	1502	ret = TALLOC_ARRAY(lp_talloc, char, len + 100); /* leave room for substitution */
1503		1503
1504	if (!ret)	1504	if (!ret)
1505	return NULL;	1505	return NULL;
Lines 1918-1934 Link Here
1918	memcpy(oldservices, ServicePtrs, sizeof(service ) iNumServices);	1918	memcpy(oldservices, ServicePtrs, sizeof(service ) iNumServices);
1919	#endif	1919	#endif
1920		1920
1921	tsp = (service **) Realloc(ServicePtrs,	1921	tsp = SMB_REALLOC_ARRAY( ServicePtrs, service *, num_to_alloc );
1922	sizeof(service )
1923	num_to_alloc);
1924		1922
1925	if (!tsp) {	1923	if (!tsp) {
1926	DEBUG(0,("add_a_service: failed to enlarge ServicePtrs!\n"));	1924	DEBUG(0,("add_a_service: failed to enlarge ServicePtrs!\n"));
1927	return (-1);	1925	return (-1);
1928	} else {	1926	} else {
1929	ServicePtrs = tsp;	1927	ServicePtrs = tsp;
1930	ServicePtrs[iNumServices] =	1928	ServicePtrs[iNumServices] = SMB_MALLOC_P(service);
1931	(service *) malloc(sizeof(service));
1932	}	1929	}
1933		1930
1934	#ifdef __INSURE__	1931	#ifdef __INSURE__
Lines 2270-2285 Link Here
2270	}	2267	}
2271		2268
2272	if (!f) {	2269	if (!f) {
2273	f = (struct file_lists *)malloc(sizeof(file_lists[0]));	2270	f = SMB_MALLOC_P(struct file_lists);
2274	if (!f)	2271	if (!f)
2275	return;	2272	return;
2276	f->next = file_lists;	2273	f->next = file_lists;
2277	f->name = strdup(fname);	2274	f->name = SMB_STRDUP(fname);
2278	if (!f->name) {	2275	if (!f->name) {
2279	SAFE_FREE(f);	2276	SAFE_FREE(f);
2280	return;	2277	return;
2281	}	2278	}
2282	f->subfname = strdup(subfname);	2279	f->subfname = SMB_STRDUP(subfname);
2283	if (!f->subfname) {	2280	if (!f->subfname) {
2284	SAFE_FREE(f);	2281	SAFE_FREE(f);
2285	return;	2282	return;
Lines 2317-2323 Link Here
2317	DEBUGADD(6, ("file %s modified: %s\n", n2, ctime(&mod_time)));	2314	DEBUGADD(6, ("file %s modified: %s\n", n2, ctime(&mod_time)));
2318	f->modtime = mod_time;	2315	f->modtime = mod_time;
2319	SAFE_FREE(f->subfname);	2316	SAFE_FREE(f->subfname);
2320	f->subfname = strdup(n2);	2317	f->subfname = SMB_STRDUP(n2);
2321	return (True);	2318	return (True);
2322	}	2319	}
2323	f = f->next;	2320	f = f->next;
Lines 2375-2381 Link Here
2375	if (line[len - 1] == '\n')	2372	if (line[len - 1] == '\n')
2376	line[--len] = '\0';	2373	line[--len] = '\0';
2377		2374
2378	if ((varval = malloc(len + 1)) == NULL)	2375	if ((varval = SMB_MALLOC(len + 1)) == NULL)
2379	{	2376	{
2380	DEBUG(0, ("source_env: Not enough memory!\n"));	2377	DEBUG(0, ("source_env: Not enough memory!\n"));
2381	return (False);	2378	return (False);
Lines 2495-2501 Link Here
2495	*/	2492	*/
2496	string_set(ptr, pszParmValue);	2493	string_set(ptr, pszParmValue);
2497	strupper(*ptr);	2494	strupper(*ptr);
2498	saved_character_set = strdup(*ptr);	2495	saved_character_set = SMB_STRDUP(*ptr);
2499	interpret_character_set(*ptr, lp_client_code_page());	2496	interpret_character_set(*ptr, lp_client_code_page());
2500	return (True);	2497	return (True);
2501	}	2498	}
Lines 2732-2738 Link Here
2732	{	2729	{
2733	int i;	2730	int i;
2734	SAFE_FREE(pservice->copymap);	2731	SAFE_FREE(pservice->copymap);
2735	pservice->copymap = (BOOL )malloc(sizeof(BOOL) NUMPARAMETERS);	2732	pservice->copymap = SMB_MALLOC_ARRAY(BOOL, NUMPARAMETERS);
2736	if (!pservice->copymap)	2733	if (!pservice->copymap)
2737	DEBUG(0,	2734	DEBUG(0,
2738	("Couldn't allocate copymap!! (size %d)\n",	2735	("Couldn't allocate copymap!! (size %d)\n",
Lines 3302-3308 Link Here
3302	if (!str)	3299	if (!str)
3303	return;	3300	return;
3304		3301
3305	s = strdup(str);	3302	s = SMB_STRDUP(str);
3306	if (!s)	3303	if (!s)
3307	return;	3304	return;
3308		3305
Lines 3396-3407 Link Here
3396	case P_STRING:	3393	case P_STRING:
3397	case P_USTRING:	3394	case P_USTRING:
3398	parm_table[i].def.svalue =	3395	parm_table[i].def.svalue =
3399	strdup((char *)parm_table[i].ptr);	3396	SMB_STRDUP((char *)parm_table[i].ptr);
3400	break;	3397	break;
3401	case P_GSTRING:	3398	case P_GSTRING:
3402	case P_UGSTRING:	3399	case P_UGSTRING:
3403	parm_table[i].def.svalue =	3400	parm_table[i].def.svalue =
3404	strdup((char *)parm_table[i].ptr);	3401	SMB_STRDUP((char *)parm_table[i].ptr);
3405	break;	3402	break;
3406	case P_BOOL:	3403	case P_BOOL:
3407	case P_BOOLREV:	3404	case P_BOOLREV:

Lines 252-258 Link Here

(-)samba-2.2.12-pre-CAN-2004-1154/source/param/params.c (-5 / +5 lines)
252	{	252	{
253	char *tb;	253	char *tb;
254		254
255	tb = Realloc( bufr, bSize +BUFR_INC );	255	tb = SMB_REALLOC( bufr, bSize +BUFR_INC );
256	if( NULL == tb )	256	if( NULL == tb )
257	{	257	{
258	DEBUG(0, ("%s Memory re-allocation failure.", func) );	258	DEBUG(0, ("%s Memory re-allocation failure.", func) );
Lines 349-355 Link Here
349	{	349	{
350	char *tb;	350	char *tb;
351		351
352	tb = Realloc( bufr, bSize + BUFR_INC );	352	tb = SMB_REALLOC( bufr, bSize + BUFR_INC );
353	if( NULL == tb )	353	if( NULL == tb )
354	{	354	{
355	DEBUG(0, ("%s Memory re-allocation failure.", func) );	355	DEBUG(0, ("%s Memory re-allocation failure.", func) );
Lines 416-422 Link Here
416	if( i > (bSize - 2) ) /* Make sure there's enough room. */	416	if( i > (bSize - 2) ) /* Make sure there's enough room. */
417	{	417	{
418	bSize += BUFR_INC;	418	bSize += BUFR_INC;
419	bufr = Realloc( bufr, bSize );	419	bufr = SMB_REALLOC( bufr, bSize );
420	if( NULL == bufr )	420	if( NULL == bufr )
421	{	421	{
422	DEBUG(0, ("%s Memory re-allocation failure.", func) );	422	DEBUG(0, ("%s Memory re-allocation failure.", func) );
Lines 532-538 Link Here
532	int lvl = in_client?1:0;	532	int lvl = in_client?1:0;
533	myFILE *ret;	533	myFILE *ret;
534		534
535	ret = (myFILE )malloc(sizeof(ret));	535	ret = SMB_MALLOC_P(myFILE);
536	if (!ret) return NULL;	536	if (!ret) return NULL;
537		537
538	ret->buf = file_load(FileName, &ret->size);	538	ret->buf = file_load(FileName, &ret->size);
Lines 583-589 Link Here
583	else /* If we don't have a buffer */	583	else /* If we don't have a buffer */
584	{ /* allocate one, then parse, */	584	{ /* allocate one, then parse, */
585	bSize = BUFR_INC; /* then free. */	585	bSize = BUFR_INC; /* then free. */
586	bufr = (char *)malloc( bSize );	586	bufr = (char *)SMB_MALLOC( bSize );
587	if( NULL == bufr )	587	if( NULL == bufr )
588	{	588	{
589	DEBUG(0,("%s memory allocation failure.\n", func));	589	DEBUG(0,("%s memory allocation failure.\n", func));

Lines 57-63 Link Here

(-)samba-2.2.12-pre-CAN-2004-1154/source/passdb/pampass.c (-6 / +6 lines)
57	/*	57	/*
58	* Macros to help make life easy	58	* Macros to help make life easy
59	*/	59	*/
60	#define COPY_STRING(s) (s) ? strdup(s) : NULL	60	#define COPY_STRING(s) (s) ? SMB_STRDUP(s) : NULL
61		61
62	/*******************************************************************	62	/*******************************************************************
63	PAM error handler.	63	PAM error handler.
Lines 126-132 Link Here
126	return PAM_CONV_ERR;	126	return PAM_CONV_ERR;
127	}	127	}
128		128
129	reply = malloc(sizeof(struct pam_response) * num_msg);	129	reply = SMB_MALLOC_ARRAY( struct pam_response, num_msg );
130	if (!reply)	130	if (!reply)
131	return PAM_CONV_ERR;	131	return PAM_CONV_ERR;
132		132
Lines 207-213 Link Here
207	struct chat_struct *tmp;	207	struct chat_struct *tmp;
208		208
209	while (1) {	209	while (1) {
210	t = (struct chat_struct )malloc(sizeof(t));	210	t = SMB_MALLOC_P(struct chat_struct);
211	if (!t) {	211	if (!t) {
212	DEBUG(0,("make_pw_chat: malloc failed!\n"));	212	DEBUG(0,("make_pw_chat: malloc failed!\n"));
213	return NULL;	213	return NULL;
Lines 286-292 Link Here
286	return PAM_CONV_ERR;	286	return PAM_CONV_ERR;
287	}	287	}
288		288
289	reply = malloc(sizeof(struct pam_response) * num_msg);	289	reply = SMB_MALLOC_ARRAY( struct pam_response, num_msg );
290	if (!reply) {	290	if (!reply) {
291	DEBUG(0,("smb_pam_passchange_conv: malloc for reply failed!\n"));	291	DEBUG(0,("smb_pam_passchange_conv: malloc for reply failed!\n"));
292	free_pw_chat(pw_chat);	292	free_pw_chat(pw_chat);
Lines 402-409 Link Here
402	static struct pam_conv smb_setup_pam_conv(smb_pam_conv_fn smb_pam_conv_fnptr, const char user,	402	static struct pam_conv smb_setup_pam_conv(smb_pam_conv_fn smb_pam_conv_fnptr, const char user,
403	const char passwd, const char newpass)	403	const char passwd, const char newpass)
404	{	404	{
405	struct pam_conv pconv = (struct pam_conv )malloc(sizeof(struct pam_conv));	405	struct pam_conv *pconv = SMB_MALLOC_P(struct pam_conv);
406	struct smb_pam_userdata udp = (struct smb_pam_userdata )malloc(sizeof(struct smb_pam_userdata));	406	struct smb_pam_userdata *udp = SMB_MALLOC_P(struct smb_pam_userdata);
407		407
408	if (pconv == NULL \|\| udp == NULL) {	408	if (pconv == NULL \|\| udp == NULL) {
409	SAFE_FREE(pconv);	409	SAFE_FREE(pconv);

Lines 371-377 Link Here

(-)samba-2.2.12-pre-CAN-2004-1154/source/rpc_parse/parse_dfs.c (-4 / +4 lines)
371	depth++;	371	depth++;
372	/* should depend on whether marshalling or unmarshalling! */	372	/* should depend on whether marshalling or unmarshalling! */
373	if(UNMARSHALLING(ps)) {	373	if(UNMARSHALLING(ps)) {
374	ctr->dfs.info1 = (DFS_INFO_1 )prs_alloc_mem(ps, sizeof(DFS_INFO_1)num_entries);	374	ctr->dfs.info1 = PRS_ALLOC_MEM( ps, DFS_INFO_1, num_entries );
375	if (!ctr->dfs.info1)	375	if (!ctr->dfs.info1)
376	return False;	376	return False;
377	}	377	}
Lines 391-397 Link Here
391	case 2:	391	case 2:
392	depth++;	392	depth++;
393	if(UNMARSHALLING(ps)) {	393	if(UNMARSHALLING(ps)) {
394	ctr->dfs.info2 = (DFS_INFO_2 )prs_alloc_mem(ps, num_entriessizeof(DFS_INFO_2));	394	ctr->dfs.info2 = PRS_ALLOC_MEM( ps, DFS_INFO_2, num_entries );
395	if (!ctr->dfs.info2)	395	if (!ctr->dfs.info2)
396	return False;	396	return False;
397	}	397	}
Lines 421-427 Link Here
421	case 3:	421	case 3:
422	depth++;	422	depth++;
423	if(UNMARSHALLING(ps)) {	423	if(UNMARSHALLING(ps)) {
424	ctr->dfs.info3 = (DFS_INFO_3 )prs_alloc_mem(ps, num_entriessizeof(DFS_INFO_3));	424	ctr->dfs.info3 = PRS_ALLOC_MEM(ps, DFS_INFO_3, num_entries );
425	if (!ctr->dfs.info3)	425	if (!ctr->dfs.info3)
426	return False;	426	return False;
427	}	427	}
Lines 514-520 Link Here
514	depth++;	514	depth++;
515		515
516	if(UNMARSHALLING(ps)) {	516	if(UNMARSHALLING(ps)) {
517	info3->storages = (DFS_STORAGE_INFO )prs_alloc_mem(ps, info3->num_storage_infossizeof(DFS_STORAGE_INFO));	517	info3->storages = PRS_ALLOC_MEM( ps, DFS_STORAGE_INFO, info3->num_storage_infos );
518	if (!info3->storages)	518	if (!info3->storages)
519	return False;	519	return False;
520	}	520	}

Lines 251-257 Link Here

(-)samba-2.2.12-pre-CAN-2004-1154/source/rpc_parse/parse_lsa.c (-35 / +25 lines)
251		251
252	if (attr->ptr_sec_qos != 0) {	252	if (attr->ptr_sec_qos != 0) {
253	if (UNMARSHALLING(ps))	253	if (UNMARSHALLING(ps))
254	if (!(attr->sec_qos = (LSA_SEC_QOS *)prs_alloc_mem(ps,sizeof(LSA_SEC_QOS))))	254	if (!(attr->sec_qos = PRS_ALLOC_MEM( ps, LSA_SEC_QOS, 1 )))
255	return False;	255	return False;
256		256
257	if(!lsa_io_sec_qos("sec_qos", attr->sec_qos, ps, depth))	257	if(!lsa_io_sec_qos("sec_qos", attr->sec_qos, ps, depth))
Lines 538-550 Link Here
538	r_e->ptr_enum_domains = 1;	538	r_e->ptr_enum_domains = 1;
539	r_e->num_domains2 = 1;	539	r_e->num_domains2 = 1;
540		540
541	if (!(r_e->hdr_domain_name = (UNIHDR2 *)talloc(ctx,sizeof(UNIHDR2))))	541	if (!(r_e->hdr_domain_name = TALLOC_P(ctx,UNIHDR2)))
542	return;	542	return;
543		543
544	if (!(r_e->uni_domain_name = (UNISTR2 *)talloc(ctx,sizeof(UNISTR2))))	544	if (!(r_e->uni_domain_name = TALLOC_P(ctx,UNISTR2)))
545	return;	545	return;
546		546
547	if (!(r_e->domain_sid = (DOM_SID2 *)talloc(ctx,sizeof(DOM_SID2))))	547	if (!(r_e->domain_sid = TALLOC_P(ctx,DOM_SID2)))
548	return;	548	return;
549		549
550	init_uni_hdr2(&r_e->hdr_domain_name[0], len_domain_name);	550	init_uni_hdr2(&r_e->hdr_domain_name[0], len_domain_name);
Lines 585-597 Link Here
585	num_domains = r_e->num_domains2;	585	num_domains = r_e->num_domains2;
586		586
587	if (UNMARSHALLING(ps)) {	587	if (UNMARSHALLING(ps)) {
588	if (!(r_e->hdr_domain_name = (UNIHDR2 )prs_alloc_mem(ps,sizeof(UNIHDR2) num_domains)))	588	if (!(r_e->hdr_domain_name = PRS_ALLOC_MEM( ps, UNIHDR2, num_domains )))
589	return False;	589	return False;
590		590
591	if (!(r_e->uni_domain_name = (UNISTR2 )prs_alloc_mem(ps,sizeof(UNISTR2) num_domains)))	591	if (!(r_e->uni_domain_name = PRS_ALLOC_MEM( ps, UNISTR2, num_domains )))
592	return False;	592	return False;
593		593
594	if (!(r_e->domain_sid = (DOM_SID2 )prs_alloc_mem(ps,sizeof(DOM_SID2) num_domains)))	594	if (!(r_e->domain_sid = PRS_ALLOC_MEM( ps, DOM_SID2, num_domains )))
595	return False;	595	return False;
596	}	596	}
597		597
Lines 686-692 Link Here
686	return False;	686	return False;
687		687
688	if (UNMARSHALLING(ps)) {	688	if (UNMARSHALLING(ps)) {
689	d_q->auditsettings = (uint32 )talloc_zero(ps->mem_ctx, d_q->count2 sizeof(uint32));	689	d_q->auditsettings = (uint32 *)TALLOC_ZERO_ARRAY(ps->mem_ctx, uint32, d_q->count2);
690	}	690	}
691		691
692	if (d_q->auditsettings == NULL) {	692	if (d_q->auditsettings == NULL) {
Lines 807-820 Link Here
807		807
808	if (num_entries == 0) return;	808	if (num_entries == 0) return;
809		809
810	if ((sen->ptr_sid = (uint32 )talloc_zero(mem_ctx, num_entries	810	if ((sen->ptr_sid = (uint32 *)TALLOC_ZERO_ARRAY(mem_ctx, uint32, num_entries)) == NULL) {
811	sizeof(uint32))) == NULL) {
812	DEBUG(3, ("init_lsa_sid_enum(): out of memory for ptr_sid\n"));	811	DEBUG(3, ("init_lsa_sid_enum(): out of memory for ptr_sid\n"));
813	return;	812	return;
814	}	813	}
815		814
816	if ((sen->sid = (DOM_SID2 )talloc_zero(mem_ctx, num_entries	815	if ((sen->sid = (DOM_SID2 *)TALLOC_ZERO_ARRAY(mem_ctx, DOM_SID2, num_entries)) == NULL) {
817	sizeof(DOM_SID2))) == NULL) {
818	DEBUG(3, ("init_lsa_sid_enum(): out of memory for sids\n"));	816	DEBUG(3, ("init_lsa_sid_enum(): out of memory for sids\n"));
819	return;	817	return;
820	}	818	}
Lines 861-875 Link Here
861	/* Mallocate memory if we're unpacking from the wire */	859	/* Mallocate memory if we're unpacking from the wire */
862		860
863	if (UNMARSHALLING(ps)) {	861	if (UNMARSHALLING(ps)) {
864	if ((sen->ptr_sid = (uint32 *)prs_alloc_mem( ps,	862	if ((sen->ptr_sid = PRS_ALLOC_MEM( ps, uint32, sen->num_entries )) == NULL) {
865	sen->num_entries * sizeof(uint32))) == NULL) {
866	DEBUG(3, ("init_lsa_sid_enum(): out of memory for "	863	DEBUG(3, ("init_lsa_sid_enum(): out of memory for "
867	"ptr_sid\n"));	864	"ptr_sid\n"));
868	return False;	865	return False;
869	}	866	}
870		867
871	if ((sen->sid = (DOM_SID2 *)prs_alloc_mem( ps,	868	if ((sen->sid = PRS_ALLOC_MEM( ps, DOM_SID2, sen->num_entries )) == NULL) {
872	sen->num_entries * sizeof(DOM_SID2))) == NULL) {
873	DEBUG(3, ("init_lsa_sid_enum(): out of memory for "	869	DEBUG(3, ("init_lsa_sid_enum(): out of memory for "
874	"sids\n"));	870	"sids\n"));
875	return False;	871	return False;
Lines 969-983 Link Here
969	return False;	965	return False;
970		966
971	if (UNMARSHALLING(ps)) {	967	if (UNMARSHALLING(ps)) {
972	if ((trn->name = (LSA_TRANS_NAME *)	968	if ((trn->name = PRS_ALLOC_MEM( ps, LSA_TRANS_NAME, trn->num_entries )) == NULL) {
973	prs_alloc_mem(ps, trn->num_entries *
974	sizeof(LSA_TRANS_NAME))) == NULL) {
975	return False;	969	return False;
976	}	970	}
977		971
978	if ((trn->uni_name = (UNISTR2 *)	972	if ((trn->uni_name = PRS_ALLOC_MEM( ps, UNISTR2, trn->num_entries )) == NULL) {
979	prs_alloc_mem(ps, trn->num_entries *
980	sizeof(UNISTR2))) == NULL) {
981	return False;	973	return False;
982	}	974	}
983	}	975	}
Lines 1057-1070 Link Here
1057	q_l->num_entries2 = num_names;	1049	q_l->num_entries2 = num_names;
1058	q_l->lookup_level = 1;	1050	q_l->lookup_level = 1;
1059		1051
1060	if ((q_l->uni_name = (UNISTR2 *)talloc_zero(	1052	if ((q_l->uni_name = (UNISTR2 *)TALLOC_ZERO_ARRAY(
1061	mem_ctx, num_names * sizeof(UNISTR2))) == NULL) {	1053	mem_ctx, UNISTR2, num_names)) == NULL) {
1062	DEBUG(3, ("init_q_lookup_names(): out of memory\n"));	1054	DEBUG(3, ("init_q_lookup_names(): out of memory\n"));
1063	return;	1055	return;
1064	}	1056	}
1065		1057
1066	if ((q_l->hdr_name = (UNIHDR *)talloc_zero(	1058	if ((q_l->hdr_name = (UNIHDR *)TALLOC_ZERO_ARRAY(
1067	mem_ctx, num_names * sizeof(UNIHDR))) == NULL) {	1059	mem_ctx, UNIHDR, num_names)) == NULL) {
1068	DEBUG(3, ("init_q_lookup_names(): out of memory\n"));	1060	DEBUG(3, ("init_q_lookup_names(): out of memory\n"));
1069	return;	1061	return;
1070	}	1062	}
Lines 1105-1115 Link Here
1105		1097
1106	if (UNMARSHALLING(ps)) {	1098	if (UNMARSHALLING(ps)) {
1107	if (q_r->num_entries) {	1099	if (q_r->num_entries) {
1108	if ((q_r->hdr_name = (UNIHDR *)prs_alloc_mem(ps,	1100	if ((q_r->hdr_name = PRS_ALLOC_MEM( ps, UNIHDR, q_r->num_entries )) == NULL)
1109	q_r->num_entries * sizeof(UNIHDR))) == NULL)
1110	return False;	1101	return False;
1111	if ((q_r->uni_name = (UNISTR2 *)prs_alloc_mem(ps,	1102	if ((q_r->uni_name = PRS_ALLOC_MEM( ps, UNISTR2, q_r->num_entries )) == NULL)
1112	q_r->num_entries * sizeof(UNISTR2))) == NULL)
1113	return False;	1103	return False;
1114	}	1104	}
1115	}	1105	}
Lines 1179-1185 Link Here
1179	}	1169	}
1180		1170
1181	if (UNMARSHALLING(ps)) {	1171	if (UNMARSHALLING(ps)) {
1182	if ((r_r->dom_rid = (DOM_RID2 )prs_alloc_mem(ps, r_r->num_entries2 sizeof(DOM_RID2)))	1172	if ((r_r->dom_rid = PRS_ALLOC_MEM( ps, DOM_RID2, r_r->num_entries2 ))
1183	== NULL) {	1173	== NULL) {
1184	DEBUG(3, ("lsa_io_r_lookup_names(): out of memory\n"));	1174	DEBUG(3, ("lsa_io_r_lookup_names(): out of memory\n"));
1185	return False;	1175	return False;
Lines 1401-1407 Link Here
1401	return False;	1391	return False;
1402		1392
1403	if (UNMARSHALLING(ps))	1393	if (UNMARSHALLING(ps))
1404	if (!(r_q->privs = (LSA_PRIV_ENTRY )prs_alloc_mem(ps, sizeof(LSA_PRIV_ENTRY) r_q->count1)))	1394	if (!(r_q->privs = PRS_ALLOC_MEM(ps, LSA_PRIV_ENTRY, r_q->count1)))
1405	return False;	1395	return False;
1406		1396
1407	if (!lsa_io_priv_entries("", r_q->privs, r_q->count1, ps, depth))	1397	if (!lsa_io_priv_entries("", r_q->privs, r_q->count1, ps, depth))
Lines 1834-1840 Link Here
1834	/* malloc memory if unmarshalling here */	1824	/* malloc memory if unmarshalling here */
1835		1825
1836	if (UNMARSHALLING(ps) && r_c->count!=0) {	1826	if (UNMARSHALLING(ps) && r_c->count!=0) {
1837	if (!(r_c->set.set = (LUID_ATTR )prs_alloc_mem(ps,sizeof(LUID_ATTR) r_c->count)))	1827	if (!(r_c->set.set = PRS_ALLOC_MEM( ps, LUID_ATTR, r_c->count )))
1838	return False;	1828	return False;
1839		1829
1840	}	1830	}
Lines 2006-2012 Link Here
2006	return False;	1996	return False;
2007		1997
2008	if (UNMARSHALLING(ps) && r_c->count!=0) {	1998	if (UNMARSHALLING(ps) && r_c->count!=0) {
2009	if (!(r_c->set.set = (LUID_ATTR )prs_alloc_mem(ps,sizeof(LUID_ATTR) r_c->count)))	1999	if (!(r_c->set.set = PRS_ALLOC_MEM( ps, LUID_ATTR, r_c->count )))
2010	return False;	2000	return False;
2011	}	2001	}
2012		2002
Lines 2065-2071 Link Here
2065	return False;	2055	return False;
2066		2056
2067	if (UNMARSHALLING(ps) && r_c->count!=0) {	2057	if (UNMARSHALLING(ps) && r_c->count!=0) {
2068	if (!(r_c->set.set = (LUID_ATTR )prs_alloc_mem(ps,sizeof(LUID_ATTR) r_c->count)))	2058	if (!(r_c->set.set = PRS_ALLOC_MEM(ps,LUID_ATTR, r_c->count)))
2069	return False;	2059	return False;
2070	}	2060	}
2071		2061