From: Jeremy Allison Date: Fri, 11 Aug 2023 17:52:31 +0000 (-0700) Subject: s3: smbd: Ensure all callers to srvstr_pull_req_talloc() pass a zeroed-out dest pointer. X-Git-Tag: samba-4.17.11~43 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=0dbba5f655f6e84b07f04c8e23719a72c67594ed;p=thirdparty%2Fsamba.git s3: smbd: Ensure all callers to srvstr_pull_req_talloc() pass a zeroed-out dest pointer. Now we've fixed srvstr_pull_req_talloc() this isn't strictly needed, but ensuring pointers are initialized is best practice to avoid future bugs. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15420 Signed-off-by: Jeremy Allison Reviewed-by: Volker Lendecke Autobuild-User(master): Volker Lendecke Autobuild-Date(master): Mon Aug 14 15:55:43 UTC 2023 on atb-devel-224 (cherry picked from commit 5379b8d557a9a16b81eafb87b60b81debc4bfccb) --- diff --git a/source3/smbd/smb1_ipc.c b/source3/smbd/smb1_ipc.c index 1f289e4fc3a..66e58e6c099 100644 --- a/source3/smbd/smb1_ipc.c +++ b/source3/smbd/smb1_ipc.c @@ -688,7 +688,7 @@ void reply_trans(struct smb_request *req) return; } - if ((state = talloc(conn, struct trans_state)) == NULL) { + if ((state = talloc_zero(conn, struct trans_state)) == NULL) { DEBUG(0, ("talloc failed\n")); reply_nterror(req, NT_STATUS_NO_MEMORY); END_PROFILE(SMBtrans); diff --git a/source3/smbd/smb1_message.c b/source3/smbd/smb1_message.c index 6894aa52ec0..edce398dd7e 100644 --- a/source3/smbd/smb1_message.c +++ b/source3/smbd/smb1_message.c @@ -161,7 +161,7 @@ void reply_sends(struct smb_request *req) return; } - state = talloc(talloc_tos(), struct msg_state); + state = talloc_zero(talloc_tos(), struct msg_state); p = req->buf + 1; p += srvstr_pull_req_talloc( diff --git a/source3/smbd/smb1_sesssetup.c b/source3/smbd/smb1_sesssetup.c index 29302f9c56b..a812d375d63 100644 --- a/source3/smbd/smb1_sesssetup.c +++ b/source3/smbd/smb1_sesssetup.c @@ -86,7 +86,7 @@ static void reply_sesssetup_and_X_spnego(struct smb_request *req) DATA_BLOB in_blob; DATA_BLOB out_blob = data_blob_null; size_t bufrem; - char *tmp; + char *tmp = NULL; const char *native_os; const char *native_lanman; const char *primary_domain;