Memory leaks in smbd.
kawasa_r at itg.hitachi.co.jp
kawasa_r at itg.hitachi.co.jp
Thu May 6 10:55:31 GMT 2004
Several(around 10) memory leak problems are found in smbd. So we made patches
for them. Some free functions are added.
Index: source/libsmb/cliconnect.c
===================================================================
RCS file: /cvs/samba-302/source/libsmb/cliconnect.c,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- samba-302/source/libsmb/cliconnect.c 16 Feb 2004 01:13:35 -0000 1.1
+++ samba-302/source/libsmb/cliconnect.c 15 Mar 2004 05:39:43 -0000 1.2
@@ -531,6 +531,7 @@
cli_set_session_key(cli, session_key_krb5);
data_blob_free(&negTokenTarg);
+ data_blob_free(&session_key_krb5);
if (cli_is_error(cli)) {
if (NT_STATUS_IS_OK(cli_nt_error(cli))) {
@@ -672,6 +673,7 @@
int i;
BOOL got_kerberos_mechanism = False;
DATA_BLOB blob;
+ ADS_STATUS rc;
DEBUG(3,("Doing spnego session setup (blob length=%lu)\n", (unsigned long)cli->secblob.length));
@@ -721,12 +723,15 @@
ret = kerberos_kinit_password(user, pass, 0 /* no time correction for now */);
if (ret){
+ SAFE_FREE(principal);
DEBUG(0, ("Kinit failed: %s\n", error_message(ret)));
return ADS_ERROR_KRB5(ret);
}
}
- return cli_session_setup_kerberos(cli, principal, domain);
+ rc = cli_session_setup_kerberos(cli, principal, domain);
+ SAFE_FREE(principal);
+ return rc;
}
#endif
Index: source/libsmb/clikrb5.c
===================================================================
RCS file: /cvs/samba-302/source/libsmb/clikrb5.c,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- samba-302/source/libsmb/clikrb5.c 16 Feb 2004 01:13:35 -0000 1.1
+++ samba-302/source/libsmb/clikrb5.c 15 Mar 2004 05:38:24 -0000 1.2
@@ -343,7 +343,7 @@
if ((retval = krb5_set_default_tgs_ktypes(context, enc_types))) {
DEBUG(1,("krb5_set_default_tgs_ktypes failed (%s)\n",
error_message(retval)));
- goto failed;
+ goto failed1;
}
if ((retval = ads_krb5_mk_req(context,
@@ -351,7 +351,7 @@
AP_OPTS_USE_SUBKEY,
principal,
ccdef, &packet))) {
- goto failed;
+ goto failed1;
}
get_krb5_smb_session_key(context, auth_context, session_key_krb5, False);
@@ -362,6 +362,11 @@
#ifdef HAVE_KRB5_FREE_DATA_CONTENTS
krb5_free_data_contents(context, &packet);
#endif
+
+ krb5_auth_con_free(context,auth_context);
+
+failed1:
+ krb5_cc_close(context,ccdef);
failed:
if ( context )
Index: source/libads/sasl.c
===================================================================
RCS file: /cvs/samba-302/source/libads/sasl.c,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- samba-302/source/libads/sasl.c 16 Feb 2004 01:13:35 -0000 1.1
+++ samba-302/source/libads/sasl.c 15 Mar 2004 05:40:44 -0000 1.2
@@ -34,7 +34,7 @@
uint8 challenge[8];
uint8 nthash[24], lmhash[24], sess_key[16];
uint32 neg_flags;
- struct berval cred, *scred;
+ struct berval cred, *scred = NULL;
ADS_STATUS status;
int rc;
@@ -111,9 +111,13 @@
rc = ldap_sasl_bind_s(ads->ld, NULL, "GSS-SPNEGO", &cred, NULL, NULL, &scred);
+ ber_bvfree(scred);
+ SAFE_FREE(cred.bv_val);
+
return ADS_ERROR(rc);
failed:
+ if(scred) ber_bvfree(scred);
return status;
}
@@ -123,7 +127,7 @@
static ADS_STATUS ads_sasl_spnego_krb5_bind(ADS_STRUCT *ads, const char *principal)
{
DATA_BLOB blob;
- struct berval cred, *scred;
+ struct berval cred, *scred = NULL;
DATA_BLOB session_key;
int rc;
@@ -141,6 +145,7 @@
data_blob_free(&blob);
data_blob_free(&session_key);
+ if(scred) ber_bvfree(scred);
return ADS_ERROR(rc);
}
@@ -197,8 +202,10 @@
if (!(ads->auth.flags & ADS_AUTH_DISABLE_KERBEROS) &&
got_kerberos_mechanism) {
status = ads_sasl_spnego_krb5_bind(ads, principal);
- if (ADS_ERR_OK(status))
+ if (ADS_ERR_OK(status)) {
+ SAFE_FREE(principal);
return status;
+ }
status = ADS_ERROR_KRB5(ads_kinit_password(ads));
@@ -209,11 +216,13 @@
/* only fallback to NTLMSSP if allowed */
if (ADS_ERR_OK(status) ||
!(ads->auth.flags & ADS_AUTH_ALLOW_NTLMSSP)) {
+ SAFE_FREE(principal);
return status;
}
}
#endif
+ SAFE_FREE(principal);
/* lets do NTLMSSP ... this has the big advantage that we don't need
to sync clocks, and we don't rely on special versions of the krb5
library for HMAC_MD4 encryption */
@@ -242,7 +251,7 @@
gss_buffer_desc output_token, input_token;
uint32 ret_flags, conf_state;
struct berval cred;
- struct berval *scred;
+ struct berval *scred = NULL;
int i=0;
int gss_rc, rc;
uint8 *p;
@@ -385,6 +394,7 @@
gss_release_buffer(&minor_status, &input_token);
failed:
+ if(scred) ber_bvfree(scred);
return status;
}
#endif
Index: source/nsswitch/winbindd_cache.c
===================================================================
RCS file: /cvs/samba-302/source/nsswitch/winbindd_cache.c,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- samba-302/source/nsswitch/winbindd_cache.c 16 Feb 2004 01:13:36 -0000 1.1
+++ samba-302/source/nsswitch/winbindd_cache.c 15 Mar 2004 05:26:10 -0000 1.2
@@ -275,6 +275,8 @@
domain->sequence_number = IVAL(data.dptr, 0);
domain->last_seq_check = IVAL(data.dptr, 4);
+
+ SAFE_FREE(data.dptr);
/* have we expired? */
Index: source/nsswitch/winbindd_cm.c
===================================================================
RCS file: /cvs/samba-302/source/nsswitch/winbindd_cm.c,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- samba-302/source/nsswitch/winbindd_cm.c 16 Feb 2004 01:13:36 -0000 1.1
+++ samba-302/source/nsswitch/winbindd_cm.c 15 Mar 2004 05:35:56 -0000 1.2
@@ -260,6 +260,7 @@
SAFE_FREE(ipc_domain);
SAFE_FREE(ipc_password);
SAFE_FREE(machine_password);
+ SAFE_FREE(machine_krb5_principal);
if (!NT_STATUS_IS_OK(result)) {
add_failed_connection_entry(domain->name, new_conn->controller, result);
Index: source/nsswitch/winbindd_user.c
===================================================================
RCS file: /cvs/samba-302/source/nsswitch/winbindd_user.c,v
retrieving revision 1.3
retrieving revision 1.4
diff -u -r1.3 -r1.4
--- samba-302/source/nsswitch/winbindd_user.c 15 Mar 2004 01:29:37 -0000 1.3
+++ samba-302/source/nsswitch/winbindd_user.c 15 Mar 2004 05:34:25 -0000 1.4
@@ -94,6 +94,8 @@
safe_strcpy(pw->pw_shell, shell,
sizeof(pw->pw_shell) - 1);
+ SAFE_FREE(shell);
+
/* Password - set to "x" as we can't generate anything useful here.
Authentication can be done using the pam_winbind module. */
Index: source/libsmb/namequery_dc.c
===================================================================
RCS file: /cvs/samba-302/source/libsmb/namequery_dc.c,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- samba-302/source/libsmb/namequery_dc.c 16 Feb 2004 01:13:35 -0000 1.1
+++ samba-302/source/libsmb/namequery_dc.c 17 Mar 2004 06:24:18 -0000 1.2
@@ -49,8 +49,10 @@
ads_connect(ads);
#endif
- if (!ads->config.realm)
+ if (!ads->config.realm) {
+ ads_destroy(&ads);
return False;
+ }
fstrcpy(srv_name, ads->config.ldap_server_name);
strupper_m(srv_name);
Index: samba-302/source/nsswitch/winbindd_wins.c
===================================================================
RCS file: /cvs/samba-302/source/nsswitch/winbindd_wins.c,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- samba-302/source/nsswitch/winbindd_wins.c 16 Feb 2004 01:13:36 -0000 1.1
+++ samba-302/source/nsswitch/winbindd_wins.c 7 Apr 2004 04:13:59 -0000 1.2
@@ -106,6 +106,7 @@
for ( i=0; i<(*count); i++ )
return_ip[i] = ret[i].ip;
+ free( ret );
return return_ip;
}
More information about the samba-technical
mailing list