Repost: Memory leaks in smbd.

kawasa_r at itg.hitachi.co.jp kawasa_r at itg.hitachi.co.jp
Mon May 17 09:57:31 GMT 2004 

I posted winbindd's memory leak in mistake for smbd's one.
-----------------------------
Several(around 10) memory leak problems are found in smbd. So we made patches 
for them. Some free functions are added.

Index: source/auth/auth_util.c
===================================================================
RCS file: /cvs/samba-302/source/auth/auth_util.c,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- samba-302/source/auth/auth_util.c	16 Feb 2004 01:13:34 -0000	1.1
+++ samba-302/source/auth/auth_util.c	17 Mar 2004 06:21:32 -0000	1.2
@@ -1216,12 +1216,15 @@
 				info3->gids[i].g_rid));			
 				
 			SAFE_FREE(lgroupSIDs);
+			SAFE_FREE(all_group_SIDs);
 			free_server_info(server_info);
 			
 			return nt_status;
 			
 		}
 	}
+
+	SAFE_FREE(lgroupSIDs);
 
 	/* Copy 'other' sids.  We need to do sid filtering here to
  	   prevent possible elevation of privileges.  See:
Index: source/auth/auth_winbind.c
===================================================================
RCS file: /cvs/samba-302/source/auth/auth_winbind.c,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- samba-302/source/auth/auth_winbind.c	16 Feb 2004 01:13:34 -0000	1.1
+++ samba-302/source/auth/auth_winbind.c	17 Mar 2004 06:21:55 -0000	1.2
@@ -141,6 +141,8 @@
 		nt_status = NT_STATUS_NO_LOGON_SERVERS;
 	}
 
+	SAFE_FREE(response.extra_data);
+
         return nt_status;
 }
 
Index: source/smbd/posix_acls.c
===================================================================
RCS file: /cvs/samba-302/source/smbd/posix_acls.c,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- samba-302/source/smbd/posix_acls.c	16 Feb 2004 01:13:38 -0000	1.1
+++ samba-302/source/smbd/posix_acls.c	1 Apr 2004 02:56:04 -0000	1.2
@@ -2109,8 +2109,10 @@
 					 * entries out of the blue when setting ACLs, so a get/set
 					 * cycle will drop them.
 					 */
-					if (the_acl_type == SMB_ACL_TYPE_ACCESS && *puid == psbuf->st_uid)
+					if (the_acl_type == SMB_ACL_TYPE_ACCESS && *puid == psbuf->st_uid){
+						SMB_VFS_SYS_ACL_FREE_QUALIFIER(conn, (void *)puid,tagtype);
 						continue;
+					}
 					uid_to_sid( &sid, *puid);
 					unix_ug.uid = *puid;
 					owner_type = UID_ACE;
Index: source/smbd/sesssetup.c
===================================================================
RCS file: /cvs/samba-302/source/smbd/sesssetup.c,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- samba-302/source/smbd/sesssetup.c	16 Feb 2004 01:13:38 -0000	1.1
+++ samba-302/source/smbd/sesssetup.c	29 Mar 2004 05:33:33 -0000	1.2
@@ -182,6 +182,7 @@
 	if (!p) {
 		DEBUG(3,("Doesn't look like a valid principal\n"));
 		data_blob_free(&ap_rep);
+		data_blob_free(&session_key);
 		SAFE_FREE(client);
 		return ERROR_NT(NT_STATUS_LOGON_FAILURE);
 	}
@@ -191,6 +192,7 @@
 		DEBUG(3,("Ticket for foreign realm %s@%s\n", client, p+1));
 		if (!lp_allow_trusted_domains()) {
 			data_blob_free(&ap_rep);
+			data_blob_free(&session_key);
 			SAFE_FREE(client);
 			return ERROR_NT(NT_STATUS_LOGON_FAILURE);
 		}
@@ -246,6 +248,7 @@
 		SAFE_FREE(user);
 		SAFE_FREE(client);
 		data_blob_free(&ap_rep);
+		data_blob_free(&session_key);
 		return ERROR_NT(NT_STATUS_LOGON_FAILURE);
 	}
 
@@ -259,6 +262,7 @@
 		SAFE_FREE(user);
 		SAFE_FREE(client);
 		data_blob_free(&ap_rep);
+		data_blob_free(&session_key);
 		return ERROR_NT(ret);
 	}
 
Index: source/rpc_server/srv_pipe_hnd.c
===================================================================
RCS file: /cvs/samba-302/source/rpc_server/srv_pipe_hnd.c,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- samba-302/source/rpc_server/srv_pipe_hnd.c	16 Feb 2004 01:13:37 -0000	1.1
+++ samba-302/source/rpc_server/srv_pipe_hnd.c	29 Mar 2004 05:30:04 -0000	1.2
@@ -1116,7 +1116,7 @@
 
 	delete_nt_token(&p->pipe_user.nt_user_token);
 	SAFE_FREE(p->pipe_user.groups);
-
+	data_blob_free( &(p->session_key) );
 	DLIST_REMOVE(InternalPipes, p);
 
 	p->conn->num_files_open--;
Index: source/libsmb/trustdom_cache.c
===================================================================
RCS file: /cvs/samba-302/source/libsmb/trustdom_cache.c,v
retrieving revision 1.1
retrieving revision 1.3
diff -u -r1.1 -r1.3
--- samba-302/source/libsmb/trustdom_cache.c	16 Feb 2004 01:13:35 -0000	1.1
+++ samba-302/source/libsmb/trustdom_cache.c	29 Mar 2004 05:37:45 -0000	1.3
@@ -114,6 +114,7 @@
 {
 	char *key, *alt_key;
 	fstring sid_string;
+	BOOL ret;
 
 	/*
 	 * we use gecache call to avoid annoying debug messages
@@ -134,11 +135,18 @@
 	 * try to put the names in the cache
 	 */
 	if (alt_key) {
-		return (gencache_set(alt_key, sid_string, timeout)
-		        && gencache_set(key, sid_string, timeout));
+		ret = gencache_set(alt_key, sid_string, timeout);
+		if ( ret ) {
+			ret = gencache_set(key, sid_string, timeout);
+		}
+		SAFE_FREE(alt_key);
+		SAFE_FREE(key);
+		return ret;
 	}
 		 
-	return gencache_set(key, sid_string, timeout);
+	ret = gencache_set(key, sid_string, timeout);
+	SAFE_FREE(key);
+	return ret;
 }
 
 
@@ -171,6 +179,7 @@
 	if (!gencache_get(key, &value, &timeout)) {
 		DEBUG(5, ("no entry for trusted domain %s found.\n", name));
 		SAFE_FREE(key);
+		SAFE_FREE(value);
 		return False;
 	} else {
 		SAFE_FREE(key);
@@ -179,9 +188,12 @@
 
 	/* convert ip string representation into in_addr structure */
 	if(! string_to_sid(sid, value)) {
+		SAFE_FREE(value);
 		sid = NULL;
 		return False;
 	}
+
+	SAFE_FREE(value);
 	
 	return True;
 }
@@ -203,11 +215,13 @@
 		
 	if (!gencache_get(TDOMTSKEY, &value, &timeout)) {
 		DEBUG(5, ("no timestamp for trusted domain cache located.\n"));
+		SAFE_FREE(value);
 		return 0;
 	} 
 
 	timestamp = atoi(value);
 		
+	SAFE_FREE(value);
 	return timestamp;
 }
 
Index: samba-302/source/param/loadparm.c
===================================================================
RCS file: /cvs/samba-302/source/param/loadparm.c,v
retrieving revision 1.1
retrieving revision 1.4
diff -u -r1.1 -r1.4
--- samba-302/source/param/loadparm.c	16 Feb 2004 01:13:36 -0000	1.1
+++ samba-302/source/param/loadparm.c	17 Mar 2004 03:19:16 -0000	1.4
@@ -1444,6 +1444,7 @@
 	   a large number of sites (tridge) */
 	Globals.bHostnameLookups = False;
 
+	str_list_free(&Globals.szPassdbBackend);
 #ifdef WITH_LDAP_SAMCONFIG
 	string_set(&Globals.szLdapServer, "localhost");
 	Globals.ldap_port = 636;
@@ -2511,6 +2512,7 @@
 					strupper_m(*(char **)dest_ptr);
 					break;
 				case P_LIST:
+					str_list_free((char ***)dest_ptr);
 					str_list_copy((char ***)dest_ptr, *(const char ***)src_ptr);
 					break;
 				default:
@@ -2733,6 +2735,7 @@
 
 static BOOL handle_netbios_aliases(const char *pszParmValue, char **ptr)
 {
+	str_list_free(&Globals.szNetbiosAliases);
 	Globals.szNetbiosAliases = str_list_make(pszParmValue, NULL);
 	return set_netbios_aliases((const char **)Globals.szNetbiosAliases);
 }

More information about the samba-technical mailing list