s3: smbd: Ensure all callers to srvstr_pull_req_talloc() pass a zeroed-out dest pointer.

Now we've fixed srvstr_pull_req_talloc() this isn't
strictly needed, but ensuring pointers are initialized
is best practice to avoid future bugs.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15420

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Mon Aug 14 15:55:43 UTC 2023 on atb-devel-224

(cherry picked from commit 5379b8d557a9a16b81eafb87b60b81debc4bfccb)

diff --git a/source3/smbd/smb1_ipc.c b/source3/smbd/smb1_ipc.c
index 1f289e4fc3af84899c93fd892af6b131bc8ecc05..66e58e6c09952e692332a2753e02f5bd57807e85 100644 (file)
--- a/source3/smbd/smb1_ipc.c
+++ b/source3/smbd/smb1_ipc.c
@@ -688,7 +688,7 @@ void reply_trans(struct smb_request *req)
                return;
        }
 
-       if ((state = talloc(conn, struct trans_state)) == NULL) {
+       if ((state = talloc_zero(conn, struct trans_state)) == NULL) {
                DEBUG(0, ("talloc failed\n"));
                reply_nterror(req, NT_STATUS_NO_MEMORY);
                END_PROFILE(SMBtrans);

diff --git a/source3/smbd/smb1_message.c b/source3/smbd/smb1_message.c
index 6894aa52ec02d649a53368c142352b82d10315a0..edce398dd7ee41ed0ba0714d1fe58686166329a8 100644 (file)
--- a/source3/smbd/smb1_message.c
+++ b/source3/smbd/smb1_message.c
@@ -161,7 +161,7 @@ void reply_sends(struct smb_request *req)
                return;
        }
 
-       state = talloc(talloc_tos(), struct msg_state);
+       state = talloc_zero(talloc_tos(), struct msg_state);
 
        p = req->buf + 1;
        p += srvstr_pull_req_talloc(

diff --git a/source3/smbd/smb1_sesssetup.c b/source3/smbd/smb1_sesssetup.c
index 29302f9c56b4fddecb5e554c91e42f8bbec56948..a812d375d63677141aedc9dec0daa20d3aaee8c2 100644 (file)
--- a/source3/smbd/smb1_sesssetup.c
+++ b/source3/smbd/smb1_sesssetup.c
@@ -86,7 +86,7 @@ static void reply_sesssetup_and_X_spnego(struct smb_request *req)
        DATA_BLOB in_blob;
        DATA_BLOB out_blob = data_blob_null;
        size_t bufrem;
-       char *tmp;
+       char *tmp = NULL;
        const char *native_os;
        const char *native_lanman;
        const char *primary_domain;