[SCM] Samba Shared Repository - branch master updated
Gary Lockyer
gary at samba.org
Wed May 8 00:37:03 UTC 2019
The branch, master has been updated
via 93061fb822d CID 1363286: Resource leak by failing to free tmp_ctx
via a4973270423 CID 1363287: Resource leak using str_list_append
from bead4fdb88c wafsamba: Enable warnings about zero-length formats
https://git.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 93061fb822d5af5c29f223e9fe1ce91b7264f082
Author: Garming Sam <garming at catalyst.net.nz>
Date: Tue May 7 13:28:49 2019 +1200
CID 1363286: Resource leak by failing to free tmp_ctx
There are a few oddities in this function, including a duplicated NULL
check, a talloc_free of a context which is passed in and a number of
missing frees before a return.
Signed-off-by: Garming Sam <garming at catalyst.net.nz>
Reviewed-by: Gary Lockyer <gary at catalyst.net.nz>
Autobuild-User(master): Gary Lockyer <gary at samba.org>
Autobuild-Date(master): Wed May 8 00:36:14 UTC 2019 on sn-devel-184
commit a4973270423203d9881cdbf2d24fadd02c3228c0
Author: Garming Sam <garming at catalyst.net.nz>
Date: Thu May 2 17:11:57 2019 +1200
CID 1363287: Resource leak using str_list_append
Signed-off-by: Garming Sam <garming at catalyst.net.nz>
Reviewed-by: Gary Lockyer <gary at catalyst.net.nz>
-----------------------------------------------------------------------
Summary of changes:
source4/auth/session.c | 27 ++++++++++++++++++---------
source4/dsdb/samdb/ldb_modules/samba_dsdb.c | 4 ++++
2 files changed, 22 insertions(+), 9 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source4/auth/session.c b/source4/auth/session.c
index 3a8c40b7fb8..71d236aa3e1 100644
--- a/source4/auth/session.c
+++ b/source4/auth/session.c
@@ -115,10 +115,6 @@ _PUBLIC_ NTSTATUS auth_generate_session_info(TALLOC_CTX *mem_ctx,
TALLOC_FREE(tmp_ctx);
return NT_STATUS_NO_MEMORY;
}
- if (!sids) {
- talloc_free(tmp_ctx);
- return NT_STATUS_NO_MEMORY;
- }
num_sids = user_info_dc->num_sids;
@@ -134,14 +130,19 @@ _PUBLIC_ NTSTATUS auth_generate_session_info(TALLOC_CTX *mem_ctx,
if (session_info_flags & AUTH_SESSION_INFO_DEFAULT_GROUPS) {
sids = talloc_realloc(tmp_ctx, sids, struct dom_sid, num_sids + 2);
- NT_STATUS_HAVE_NO_MEMORY(sids);
+ if (sids == NULL) {
+ TALLOC_FREE(tmp_ctx);
+ return NT_STATUS_NO_MEMORY;
+ }
if (!dom_sid_parse(SID_WORLD, &sids[num_sids])) {
+ TALLOC_FREE(tmp_ctx);
return NT_STATUS_INTERNAL_ERROR;
}
num_sids++;
if (!dom_sid_parse(SID_NT_NETWORK, &sids[num_sids])) {
+ TALLOC_FREE(tmp_ctx);
return NT_STATUS_INTERNAL_ERROR;
}
num_sids++;
@@ -149,9 +150,13 @@ _PUBLIC_ NTSTATUS auth_generate_session_info(TALLOC_CTX *mem_ctx,
if (session_info_flags & AUTH_SESSION_INFO_AUTHENTICATED) {
sids = talloc_realloc(tmp_ctx, sids, struct dom_sid, num_sids + 1);
- NT_STATUS_HAVE_NO_MEMORY(sids);
+ if (sids == NULL) {
+ TALLOC_FREE(tmp_ctx);
+ return NT_STATUS_NO_MEMORY;
+ }
if (!dom_sid_parse(SID_NT_AUTHENTICATED_USERS, &sids[num_sids])) {
+ TALLOC_FREE(tmp_ctx);
return NT_STATUS_INTERNAL_ERROR;
}
num_sids++;
@@ -159,9 +164,13 @@ _PUBLIC_ NTSTATUS auth_generate_session_info(TALLOC_CTX *mem_ctx,
if (session_info_flags & AUTH_SESSION_INFO_NTLM) {
sids = talloc_realloc(tmp_ctx, sids, struct dom_sid, num_sids + 1);
- NT_STATUS_HAVE_NO_MEMORY(sids);
+ if (sids == NULL) {
+ TALLOC_FREE(tmp_ctx);
+ return NT_STATUS_NO_MEMORY;
+ }
if (!dom_sid_parse(SID_NT_NTLM_AUTHENTICATION, &sids[num_sids])) {
+ TALLOC_FREE(tmp_ctx);
return NT_STATUS_INTERNAL_ERROR;
}
num_sids++;
@@ -187,11 +196,11 @@ _PUBLIC_ NTSTATUS auth_generate_session_info(TALLOC_CTX *mem_ctx,
"<SID=%s>",
dom_sid_str_buf(&sids[i], &buf));
if (sid_dn == NULL) {
- TALLOC_FREE(user_info_dc);
+ TALLOC_FREE(tmp_ctx);
return NT_STATUS_NO_MEMORY;
}
sid_blob = data_blob_string_const(sid_dn);
-
+
/* This function takes in memberOf values and expands
* them, as long as they meet the filter - so only
* builtin groups
diff --git a/source4/dsdb/samdb/ldb_modules/samba_dsdb.c b/source4/dsdb/samdb/ldb_modules/samba_dsdb.c
index 95967c33e12..a522c363fae 100644
--- a/source4/dsdb/samdb/ldb_modules/samba_dsdb.c
+++ b/source4/dsdb/samdb/ldb_modules/samba_dsdb.c
@@ -123,6 +123,10 @@ static int prepare_modules_line(struct ldb_context *ldb,
}
mod_list_string = str_list_join(tmp_ctx, backend_full_list, ',');
+
+ /* str_list_append allocates on NULL */
+ talloc_free(backend_full_list);
+
if (!mod_list_string) {
talloc_free(tmp_ctx);
return ldb_oom(ldb);
--
Samba Shared Repository
More information about the samba-cvs
mailing list