s3:shadow_copy: CID 1449539 talloc_realloc and error handling

author Shwetha K Acharya <Shwetha.K.Acharya@ibm.com>

Mon, 1 Sep 2025 08:50:39 +0000 (14:20 +0530)

committer Anoop C S <anoopcs@samba.org>

Sat, 6 Sep 2025 10:34:27 +0000 (10:34 +0000)
author Shwetha K Acharya <Shwetha.K.Acharya@ibm.com>
Mon, 1 Sep 2025 08:50:39 +0000 (14:20 +0530)
committer Anoop C S <anoopcs@samba.org>
Sat, 6 Sep 2025 10:34:27 +0000 (10:34 +0000)
diff --git a/source3/modules/vfs_shadow_copy.c b/source3/modules/vfs_shadow_copy.c

index c99d933a5d3ef5e3710c4c9e61468a9eedd59bbe..1796bd1573f054428c6ca0a6c790ae1acdba9339 100644 (file)
--- a/source3/modules/vfs_shadow_copy.c
+++ b/source3/modules/vfs_shadow_copy.c
@@ -190,7 +190,7 @@ static int shadow_copy_get_shadow_copy_data(vfs_handle_struct *handle,
         shadow_copy_data->labels = NULL;
  
         while (True) {
-               SHADOW_COPY_LABEL *tlabels;
+               SHADOW_COPY_LABEL *tmp_labels = NULL;
                 int ret;
  
                 dname = ReadDirName(dir_hnd, &talloced);
@@ -213,27 +213,32 @@ static int shadow_copy_get_shadow_copy_data(vfs_handle_struct *handle,
                         continue;
                 }
  
-               tlabels = (SHADOW_COPY_LABEL *)TALLOC_REALLOC(shadow_copy_data,
-                                                                       shadow_copy_data->labels,
-                                                                       (shadow_copy_data->num_volumes+1)*sizeof(SHADOW_COPY_LABEL));
-               if (tlabels == NULL) {
+               tmp_labels = talloc_realloc(shadow_copy_data, shadow_copy_data->labels,
+                                           SHADOW_COPY_LABEL, shadow_copy_data->num_volumes + 1);
+
+               if (tmp_labels == NULL) {
                         DEBUG(0,("shadow_copy_get_shadow_copy_data: Out of memory\n"));
+                       shadow_copy_data->num_volumes = 0;
+                       TALLOC_FREE(shadow_copy_data->labels);
                         TALLOC_FREE(talloced);
                         TALLOC_FREE(dir_hnd);
                         return -1;
                 }
  
-               ret = strlcpy(tlabels[shadow_copy_data->num_volumes], dname,
-                             sizeof(tlabels[shadow_copy_data->num_volumes]));
-               if (ret != sizeof(tlabels[shadow_copy_data->num_volumes]) - 1) {
+               shadow_copy_data->labels = tmp_labels;
+
+               ret = strlcpy(shadow_copy_data->labels[shadow_copy_data->num_volumes], dname,
+                             sizeof(shadow_copy_data->labels[shadow_copy_data->num_volumes]));
+               if (ret != sizeof(shadow_copy_data->labels[shadow_copy_data->num_volumes]) - 1) {
                         DBG_ERR("malformed label %s\n", dname);
+                       shadow_copy_data->num_volumes = 0;
+                       TALLOC_FREE(shadow_copy_data->labels);
                         TALLOC_FREE(talloced);
                         TALLOC_FREE(dir_hnd);
                         return -1;
                 }
                 shadow_copy_data->num_volumes++;
  
-               shadow_copy_data->labels = tlabels;
                 TALLOC_FREE(talloced);
         }
author	Shwetha K Acharya <Shwetha.K.Acharya@ibm.com>
	Mon, 1 Sep 2025 08:50:39 +0000 (14:20 +0530)
committer	Anoop C S <anoopcs@samba.org>
	Sat, 6 Sep 2025 10:34:27 +0000 (10:34 +0000)