Memory leaks in winbind

kawasa_r at itg.hitachi.co.jp kawasa_r at itg.hitachi.co.jp
Thu May 6 10:55:31 GMT 2004


We've found several memory leaks in winbind daemon. We are not sure whether
some of the problems are already fixed or not, but going to post them.
Some free managements are added in the following patches.

Index: source/libsmb/cliconnect.c
===================================================================
RCS file: /cvs/samba-302/source/libsmb/cliconnect.c,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- samba-302/source/libsmb/cliconnect.c	16 Feb 2004 01:13:35 -0000	1.1
+++ samba-302/source/libsmb/cliconnect.c	15 Mar 2004 05:39:43 -0000	1.2
@@ -531,6 +531,7 @@
 	cli_set_session_key(cli, session_key_krb5);
 
 	data_blob_free(&negTokenTarg);
+	data_blob_free(&session_key_krb5);
 
 	if (cli_is_error(cli)) {
 		if (NT_STATUS_IS_OK(cli_nt_error(cli))) {
@@ -672,6 +673,7 @@
 	int i;
 	BOOL got_kerberos_mechanism = False;
 	DATA_BLOB blob;
+	ADS_STATUS rc;
 
 	DEBUG(3,("Doing spnego session setup (blob length=%lu)\n", (unsigned long)cli->secblob.length));
 
@@ -721,12 +723,15 @@
 			ret = kerberos_kinit_password(user, pass, 0 /* no time correction for now */);
 			
 			if (ret){
+				SAFE_FREE(principal);
 				DEBUG(0, ("Kinit failed: %s\n", error_message(ret)));
 				return ADS_ERROR_KRB5(ret);
 			}
 		}
 		
-		return cli_session_setup_kerberos(cli, principal, domain);
+		rc = cli_session_setup_kerberos(cli, principal, domain);
+		SAFE_FREE(principal);
+		return rc;
 	}
 #endif
 
Index: source/libsmb/clikrb5.c
===================================================================
RCS file: /cvs/samba-302/source/libsmb/clikrb5.c,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- samba-302/source/libsmb/clikrb5.c	16 Feb 2004 01:13:35 -0000	1.1
+++ samba-302/source/libsmb/clikrb5.c	15 Mar 2004 05:38:24 -0000	1.2
@@ -343,7 +343,7 @@
 	if ((retval = krb5_set_default_tgs_ktypes(context, enc_types))) {
 		DEBUG(1,("krb5_set_default_tgs_ktypes failed (%s)\n",
 			 error_message(retval)));
-		goto failed;
+		goto failed1;
 	}
 
 	if ((retval = ads_krb5_mk_req(context, 
@@ -351,7 +351,7 @@
 					AP_OPTS_USE_SUBKEY, 
 					principal,
 					ccdef, &packet))) {
-		goto failed;
+		goto failed1;
 	}
 
 	get_krb5_smb_session_key(context, auth_context, session_key_krb5, False);
@@ -362,6 +362,11 @@
 #ifdef HAVE_KRB5_FREE_DATA_CONTENTS
  	krb5_free_data_contents(context, &packet); 
 #endif
+
+	krb5_auth_con_free(context,auth_context);
+
+failed1:
+	krb5_cc_close(context,ccdef);
 
 failed:
 	if ( context )
Index: source/libads/sasl.c
===================================================================
RCS file: /cvs/samba-302/source/libads/sasl.c,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- samba-302/source/libads/sasl.c	16 Feb 2004 01:13:35 -0000	1.1
+++ samba-302/source/libads/sasl.c	15 Mar 2004 05:40:44 -0000	1.2
@@ -34,7 +34,7 @@
 	uint8 challenge[8];
 	uint8 nthash[24], lmhash[24], sess_key[16];
 	uint32 neg_flags;
-	struct berval cred, *scred;
+	struct berval cred, *scred = NULL;
 	ADS_STATUS status;
 	int rc;
 
@@ -111,9 +111,13 @@
 
 	rc = ldap_sasl_bind_s(ads->ld, NULL, "GSS-SPNEGO", &cred, NULL, NULL, &scred);
 
+	ber_bvfree(scred);
+	SAFE_FREE(cred.bv_val);
+
 	return ADS_ERROR(rc);
 
 failed:
+	if(scred) ber_bvfree(scred);
 	return status;
 }
 
@@ -123,7 +127,7 @@
 static ADS_STATUS ads_sasl_spnego_krb5_bind(ADS_STRUCT *ads, const char *principal)
 {
 	DATA_BLOB blob;
-	struct berval cred, *scred;
+	struct berval cred, *scred = NULL;
 	DATA_BLOB session_key;
 	int rc;
 
@@ -141,6 +145,7 @@
 
 	data_blob_free(&blob);
 	data_blob_free(&session_key);
+	if(scred) ber_bvfree(scred);
 
 	return ADS_ERROR(rc);
 }
@@ -197,8 +202,10 @@
 	if (!(ads->auth.flags & ADS_AUTH_DISABLE_KERBEROS) &&
 	    got_kerberos_mechanism) {
 		status = ads_sasl_spnego_krb5_bind(ads, principal);
-		if (ADS_ERR_OK(status))
+		if (ADS_ERR_OK(status)) {
+			SAFE_FREE(principal);
 			return status;
+		}
 
 		status = ADS_ERROR_KRB5(ads_kinit_password(ads)); 
 
@@ -209,11 +216,13 @@
 		/* only fallback to NTLMSSP if allowed */
 		if (ADS_ERR_OK(status) || 
 		    !(ads->auth.flags & ADS_AUTH_ALLOW_NTLMSSP)) {
+			SAFE_FREE(principal);
 			return status;
 		}
 	}
 #endif
 
+	SAFE_FREE(principal);
 	/* lets do NTLMSSP ... this has the big advantage that we don't need
 	   to sync clocks, and we don't rely on special versions of the krb5 
 	   library for HMAC_MD4 encryption */
@@ -242,7 +251,7 @@
 	gss_buffer_desc output_token, input_token;
 	uint32 ret_flags, conf_state;
 	struct berval cred;
-	struct berval *scred;
+	struct berval *scred = NULL;
 	int i=0;
 	int gss_rc, rc;
 	uint8 *p;
@@ -385,6 +394,7 @@
 	gss_release_buffer(&minor_status, &input_token);
 
 failed:
+	if(scred) ber_bvfree(scred);
 	return status;
 }
 #endif
Index: source/nsswitch/winbindd_cache.c
===================================================================
RCS file: /cvs/samba-302/source/nsswitch/winbindd_cache.c,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- samba-302/source/nsswitch/winbindd_cache.c	16 Feb 2004 01:13:36 -0000	1.1
+++ samba-302/source/nsswitch/winbindd_cache.c	15 Mar 2004 05:26:10 -0000	1.2
@@ -275,6 +275,8 @@
 	
 	domain->sequence_number = IVAL(data.dptr, 0);
 	domain->last_seq_check  = IVAL(data.dptr, 4);
+
+	SAFE_FREE(data.dptr);
 	
 	/* have we expired? */
 	
Index: source/nsswitch/winbindd_cm.c
===================================================================
RCS file: /cvs/samba-302/source/nsswitch/winbindd_cm.c,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- samba-302/source/nsswitch/winbindd_cm.c	16 Feb 2004 01:13:36 -0000	1.1
+++ samba-302/source/nsswitch/winbindd_cm.c	15 Mar 2004 05:35:56 -0000	1.2
@@ -260,6 +260,7 @@
 	SAFE_FREE(ipc_domain);
 	SAFE_FREE(ipc_password);
 	SAFE_FREE(machine_password);
+	SAFE_FREE(machine_krb5_principal);
 
 	if (!NT_STATUS_IS_OK(result)) {
 		add_failed_connection_entry(domain->name, new_conn->controller, result);
Index: source/nsswitch/winbindd_user.c
===================================================================
RCS file: /cvs/samba-302/source/nsswitch/winbindd_user.c,v
retrieving revision 1.3
retrieving revision 1.4
diff -u -r1.3 -r1.4
--- samba-302/source/nsswitch/winbindd_user.c	15 Mar 2004 01:29:37 -0000	1.3
+++ samba-302/source/nsswitch/winbindd_user.c	15 Mar 2004 05:34:25 -0000	1.4
@@ -94,6 +94,8 @@
 	safe_strcpy(pw->pw_shell, shell, 
 		    sizeof(pw->pw_shell) - 1);
 	
+	SAFE_FREE(shell);
+
 	/* Password - set to "x" as we can't generate anything useful here.
 	   Authentication can be done using the pam_winbind module. */
 
Index: source/libsmb/namequery_dc.c
===================================================================
RCS file: /cvs/samba-302/source/libsmb/namequery_dc.c,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- samba-302/source/libsmb/namequery_dc.c	16 Feb 2004 01:13:35 -0000	1.1
+++ samba-302/source/libsmb/namequery_dc.c	17 Mar 2004 06:24:18 -0000	1.2
@@ -49,8 +49,10 @@
 	ads_connect(ads);
 #endif
 
-	if (!ads->config.realm)
+	if (!ads->config.realm) {
+		ads_destroy(&ads);
 		return False;
+	}
 
 	fstrcpy(srv_name, ads->config.ldap_server_name);
 	strupper_m(srv_name);
Index: samba-302/source/nsswitch/winbindd_wins.c
===================================================================
RCS file: /cvs/samba-302/source/nsswitch/winbindd_wins.c,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- samba-302/source/nsswitch/winbindd_wins.c	16 Feb 2004 01:13:36 -0000	1.1
+++ samba-302/source/nsswitch/winbindd_wins.c	7 Apr 2004 04:13:59 -0000	1.2
@@ -106,6 +106,7 @@
 		for ( i=0; i<(*count); i++ ) 
 			return_ip[i] = ret[i].ip;
 		
+		free( ret );
 		return return_ip;
 	}
 


More information about the samba-technical mailing list