svn commit: samba r19299 - in branches/SAMBA_4_0/source:
auth/gensec dsdb/samdb/ldb_modules kdc lib/ldb/modules
lib/registry libnet nbt_server/wins param torture/ldap
idra at samba.org
idra at samba.org
Sun Oct 15 23:14:25 GMT 2006
Author: idra
Date: 2006-10-15 23:14:19 +0000 (Sun, 15 Oct 2006)
New Revision: 19299
WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=19299
Log:
Fix possible memleaks
Modified:
branches/SAMBA_4_0/source/auth/gensec/schannel_state.c
branches/SAMBA_4_0/source/dsdb/samdb/ldb_modules/entryUUID.c
branches/SAMBA_4_0/source/kdc/hdb-ldb.c
branches/SAMBA_4_0/source/lib/ldb/modules/ldb_map.c
branches/SAMBA_4_0/source/lib/registry/reg_backend_ldb.c
branches/SAMBA_4_0/source/libnet/libnet_join.c
branches/SAMBA_4_0/source/nbt_server/wins/winsdb.c
branches/SAMBA_4_0/source/param/share_ldb.c
branches/SAMBA_4_0/source/torture/ldap/schema.c
Changeset:
Modified: branches/SAMBA_4_0/source/auth/gensec/schannel_state.c
===================================================================
--- branches/SAMBA_4_0/source/auth/gensec/schannel_state.c 2006-10-15 21:42:45 UTC (rev 19298)
+++ branches/SAMBA_4_0/source/auth/gensec/schannel_state.c 2006-10-15 23:14:19 UTC (rev 19299)
@@ -198,12 +198,14 @@
ret = ldb_search(ldb, NULL, LDB_SCOPE_SUBTREE, expr, NULL, &res);
if (ret != LDB_SUCCESS || res->count != 1) {
DEBUG(3,("schannel: Failed to find a record for client: %s\n", computer_name));
+ talloc_free(res);
return NT_STATUS_INVALID_HANDLE;
}
val = ldb_msg_find_ldb_val(res->msgs[0], "sessionKey");
if (val == NULL || val->length != 16) {
DEBUG(1,("schannel: record in schannel DB must contain a sessionKey of length 16, when searching for client: %s\n", computer_name));
+ talloc_free(res);
return NT_STATUS_INTERNAL_ERROR;
}
@@ -212,6 +214,7 @@
val = ldb_msg_find_ldb_val(res->msgs[0], "seed");
if (val == NULL || val->length != 8) {
DEBUG(1,("schannel: record in schannel DB must contain a vaid seed of length 8, when searching for client: %s\n", computer_name));
+ talloc_free(res);
return NT_STATUS_INTERNAL_ERROR;
}
@@ -220,6 +223,7 @@
val = ldb_msg_find_ldb_val(res->msgs[0], "clientState");
if (val == NULL || val->length != 8) {
DEBUG(1,("schannel: record in schannel DB must contain a vaid clientState of length 8, when searching for client: %s\n", computer_name));
+ talloc_free(res);
return NT_STATUS_INTERNAL_ERROR;
}
memcpy((*creds)->client.data, val->data, 8);
@@ -227,6 +231,7 @@
val = ldb_msg_find_ldb_val(res->msgs[0], "serverState");
if (val == NULL || val->length != 8) {
DEBUG(1,("schannel: record in schannel DB must contain a vaid serverState of length 8, when searching for client: %s\n", computer_name));
+ talloc_free(res);
return NT_STATUS_INTERNAL_ERROR;
}
memcpy((*creds)->server.data, val->data, 8);
@@ -235,14 +240,27 @@
(*creds)->secure_channel_type = ldb_msg_find_attr_as_int(res->msgs[0], "secureChannelType", 0);
- (*creds)->account_name = talloc_reference(*creds, ldb_msg_find_attr_as_string(res->msgs[0], "accountName", NULL));
+ (*creds)->account_name = talloc_strdup(*creds, ldb_msg_find_attr_as_string(res->msgs[0], "accountName", NULL));
+ if ((*creds)->account_name == NULL) {
+ talloc_free(res);
+ return NT_STATUS_NO_MEMORY;
+ }
- (*creds)->computer_name = talloc_reference(*creds, ldb_msg_find_attr_as_string(res->msgs[0], "computerName", NULL));
+ (*creds)->computer_name = talloc_strdup(*creds, ldb_msg_find_attr_as_string(res->msgs[0], "computerName", NULL));
+ if ((*creds)->computer_name == NULL) {
+ talloc_free(res);
+ return NT_STATUS_NO_MEMORY;
+ }
- (*creds)->domain = talloc_reference(*creds, ldb_msg_find_attr_as_string(res->msgs[0], "flatname", NULL));
+ (*creds)->domain = talloc_strdup(*creds, ldb_msg_find_attr_as_string(res->msgs[0], "flatname", NULL));
+ if ((*creds)->domain == NULL) {
+ talloc_free(res);
+ return NT_STATUS_NO_MEMORY;
+ }
(*creds)->sid = samdb_result_dom_sid(*creds, res->msgs[0], "objectSid");
+ talloc_free(res);
return NT_STATUS_OK;
}
Modified: branches/SAMBA_4_0/source/dsdb/samdb/ldb_modules/entryUUID.c
===================================================================
--- branches/SAMBA_4_0/source/dsdb/samdb/ldb_modules/entryUUID.c 2006-10-15 21:42:45 UTC (rev 19298)
+++ branches/SAMBA_4_0/source/dsdb/samdb/ldb_modules/entryUUID.c 2006-10-15 23:14:19 UTC (rev 19299)
@@ -468,7 +468,9 @@
if (ret != LDB_SUCCESS) {
return ret;
}
-
+
+ talloc_steal(mem_ctx, objectclass_res);
+
return ret;
}
Modified: branches/SAMBA_4_0/source/kdc/hdb-ldb.c
===================================================================
--- branches/SAMBA_4_0/source/kdc/hdb-ldb.c 2006-10-15 21:42:45 UTC (rev 19298)
+++ branches/SAMBA_4_0/source/kdc/hdb-ldb.c 2006-10-15 23:14:19 UTC (rev 19299)
@@ -458,8 +458,6 @@
char *short_princ;
char *short_princ_talloc;
- char *realm_dn_str;
-
struct ldb_result *res = NULL;
ret = krb5_unparse_name_norealm(context, principal, &short_princ);
@@ -501,13 +499,12 @@
lret = ldb_search(ldb_ctx, realm_dn, LDB_SCOPE_SUBTREE, filter, princ_attrs, &res);
- realm_dn_str = ldb_dn_linearize(mem_ctx, realm_dn);
-
if (lret != LDB_SUCCESS) {
DEBUG(3, ("Failed to search for %s: %s\n", filter, ldb_errstring(ldb_ctx)));
return HDB_ERR_NOENTRY;
} else if (res->count == 0 || res->count > 1) {
DEBUG(3, ("Failed find a single entry for %s: got %d\n", filter, res->count));
+ talloc_free(res);
return HDB_ERR_NOENTRY;
}
talloc_steal(mem_ctx, res->msgs);
Modified: branches/SAMBA_4_0/source/lib/ldb/modules/ldb_map.c
===================================================================
--- branches/SAMBA_4_0/source/lib/ldb/modules/ldb_map.c 2006-10-15 21:42:45 UTC (rev 19298)
+++ branches/SAMBA_4_0/source/lib/ldb/modules/ldb_map.c 2006-10-15 23:14:19 UTC (rev 19299)
@@ -1233,11 +1233,13 @@
if (res->count == 0) {
ldb_debug(module->ldb, LDB_DEBUG_ERROR, "ldb_map: "
"No results for '%s=%s'!\n", MAP_DN_NAME, name);
+ talloc_free(res);
return LDB_ERR_CONSTRAINT_VIOLATION;
}
if (res->count > 1) {
ldb_debug(module->ldb, LDB_DEBUG_ERROR, "ldb_map: "
"Too many results for '%s=%s'!\n", MAP_DN_NAME, name);
+ talloc_free(res);
return LDB_ERR_CONSTRAINT_VIOLATION;
}
Modified: branches/SAMBA_4_0/source/lib/registry/reg_backend_ldb.c
===================================================================
--- branches/SAMBA_4_0/source/lib/registry/reg_backend_ldb.c 2006-10-15 21:42:45 UTC (rev 19298)
+++ branches/SAMBA_4_0/source/lib/registry/reg_backend_ldb.c 2006-10-15 23:14:19 UTC (rev 19299)
@@ -240,6 +240,7 @@
DEBUG(0, ("Error opening key '%s': %s\n", ldb_dn_linearize(ldap_path, ldap_path), ldb_errstring(c)));
return WERR_FOOBAR;
} else if (res->count == 0) {
+ talloc_free(res);
return WERR_BADFILE;
}
Modified: branches/SAMBA_4_0/source/libnet/libnet_join.c
===================================================================
--- branches/SAMBA_4_0/source/libnet/libnet_join.c 2006-10-15 21:42:45 UTC (rev 19298)
+++ branches/SAMBA_4_0/source/libnet/libnet_join.c 2006-10-15 23:14:19 UTC (rev 19299)
@@ -247,6 +247,7 @@
/* search for the user's record */
ret = ldb_search(remote_ldb, account_dn, LDB_SCOPE_BASE,
NULL, attrs, &res);
+ talloc_steal(tmp_ctx, res);
if (ret != LDB_SUCCESS || res->count != 1) {
r->out.error_string = talloc_asprintf(r, "ldb_search for %s failed - %s",
account_dn_str, ldb_errstring(remote_ldb));
Modified: branches/SAMBA_4_0/source/nbt_server/wins/winsdb.c
===================================================================
--- branches/SAMBA_4_0/source/nbt_server/wins/winsdb.c 2006-10-15 21:42:45 UTC (rev 19298)
+++ branches/SAMBA_4_0/source/nbt_server/wins/winsdb.c 2006-10-15 23:14:19 UTC (rev 19299)
@@ -85,6 +85,7 @@
ret = ldb_search(wins_db, dn, LDB_SCOPE_BASE, NULL, NULL, &res);
if (ret != LDB_SUCCESS) goto failed;
+ talloc_steal(tmp_ctx, res);
if (res->count > 1) goto failed;
talloc_steal(tmp_ctx, res);
@@ -588,6 +589,7 @@
ret = ldb_search(wins_db, winsdb_dn(tmp_ctx, name), LDB_SCOPE_BASE,
NULL, NULL, &res);
+ talloc_steal(tmp_ctx, res);
if (ret != LDB_SUCCESS || res->count > 1) {
status = NT_STATUS_INTERNAL_DB_CORRUPTION;
goto failed;
@@ -596,8 +598,6 @@
goto failed;
}
- talloc_steal(tmp_ctx, res);
-
status = winsdb_record(h, res->msgs[0], tmp_ctx, now, &rec);
if (!NT_STATUS_IS_OK(status)) goto failed;
Modified: branches/SAMBA_4_0/source/param/share_ldb.c
===================================================================
--- branches/SAMBA_4_0/source/param/share_ldb.c 2006-10-15 21:42:45 UTC (rev 19298)
+++ branches/SAMBA_4_0/source/param/share_ldb.c 2006-10-15 23:14:19 UTC (rev 19299)
@@ -172,11 +172,11 @@
ldb = talloc_get_type(ctx->priv_data, struct ldb_context);
ret = ldb_search(ldb, ldb_dn_explode(tmp_ctx, "CN=SHARES"), LDB_SCOPE_SUBTREE, "(name=*)", NULL, &res);
+ talloc_steal(tmp_ctx, res);
if (ret != LDB_SUCCESS) {
talloc_free(tmp_ctx);
return NT_STATUS_BAD_NETWORK_NAME;
}
- talloc_steal(tmp_ctx, res);
n = talloc_array(mem_ctx, const char *, res->count);
if (!n) {
@@ -228,11 +228,11 @@
return NT_STATUS_NO_MEMORY;
}
ret = ldb_search(ldb, ldb_dn_explode(tmp_ctx, "CN=SHARES"), LDB_SCOPE_SUBTREE, filter, NULL, &res);
+ talloc_steal(tmp_ctx, res);
if (ret != LDB_SUCCESS || res->count != 1) {
talloc_free(tmp_ctx);
return NT_STATUS_BAD_NETWORK_NAME;
}
- talloc_steal(tmp_ctx, res);
s = talloc(tmp_ctx, struct share_config);
if (!s) {
Modified: branches/SAMBA_4_0/source/torture/ldap/schema.c
===================================================================
--- branches/SAMBA_4_0/source/torture/ldap/schema.c 2006-10-15 21:42:45 UTC (rev 19298)
+++ branches/SAMBA_4_0/source/torture/ldap/schema.c 2006-10-15 23:14:19 UTC (rev 19299)
@@ -124,6 +124,7 @@
if (ret != LDB_SUCCESS) {
return False;
} else if (r->count != 1) {
+ talloc_free(r);
return False;
}
More information about the samba-cvs
mailing list