s3: smbd: Ensure all callers to srvstr_pull_req_talloc() pass a zeroed-out dest pointer.

Now we've fixed srvstr_pull_req_talloc() this isn't
strictly needed, but ensuring pointers are initialized
is best practice to avoid future bugs.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15420

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Mon Aug 14 15:55:43 UTC 2023 on atb-devel-224

(cherry picked from commit 5379b8d557a9a16b81eafb87b60b81debc4bfccb)

diff --git a/source3/smbd/smb1_ipc.c b/source3/smbd/smb1_ipc.c
index 3f9958fece0c1c2a07c3d038dff16f2bb0a6e721..716b67b40ea8c2579d31929dfac356246acb3886 100644 (file)
--- a/source3/smbd/smb1_ipc.c
+++ b/source3/smbd/smb1_ipc.c
@@ -695,7 +695,7 @@ void reply_trans(struct smb_request *req)
                return;
        }
 
-       if ((state = talloc(conn, struct trans_state)) == NULL) {
+       if ((state = talloc_zero(conn, struct trans_state)) == NULL) {
                DEBUG(0, ("talloc failed\n"));
                reply_nterror(req, NT_STATUS_NO_MEMORY);
                END_PROFILE(SMBtrans);

diff --git a/source3/smbd/smb1_message.c b/source3/smbd/smb1_message.c
index 928be77f8542c9c25a134be87ac61daa7eeac4c0..ca7201e2e7f131ef78544bfb73b130308e8da0d8 100644 (file)
--- a/source3/smbd/smb1_message.c
+++ b/source3/smbd/smb1_message.c
@@ -159,7 +159,7 @@ void reply_sends(struct smb_request *req)
                return;
        }
 
-       state = talloc(talloc_tos(), struct msg_state);
+       state = talloc_zero(talloc_tos(), struct msg_state);
 
        p = req->buf + 1;
        p += srvstr_pull_req_talloc(

diff --git a/source3/smbd/smb1_sesssetup.c b/source3/smbd/smb1_sesssetup.c
index e0c601c34c74860aee8ae4ef312898721db1d8b0..6c668fffa7b6759b6360884b8db9c51d3e49445d 100644 (file)
--- a/source3/smbd/smb1_sesssetup.c
+++ b/source3/smbd/smb1_sesssetup.c
@@ -86,7 +86,7 @@ static void reply_sesssetup_and_X_spnego(struct smb_request *req)
        DATA_BLOB in_blob;
        DATA_BLOB out_blob = data_blob_null;
        size_t bufrem;
-       char *tmp;
+       char *tmp = NULL;
        const char *native_os;
        const char *native_lanman;
        const char *primary_domain;