Memory leaks
Atsushi Nakabayashi
nakabayashi at miraclelinux.com
Thu Aug 2 06:06:01 GMT 2007
Gerald (Jerry) Carter wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Atsushi Nakabayashi wrote:
>
>> Hi, samba-tech,
>>
>> I have found a memory leak in the error path of the samba-3.0.24.
>>
>
> I believe this has already been fixed in the current code.
> Would you check and confirm that this has been fixed
> in SAMBA_3_2_0? Thanks.
>
Thanks a lot,
I have checked it in the current code below,
but it seems to me that the memory leak is not fixed yet.
http://viewcvs.samba.org/cgi-bin/viewcvs.cgi/branches/SAMBA_3_2_0/source/smbd/
---- reply_sesssetup_and_X[source/smbd/sesssetup.c]
1557 /* register_vuid keeps the server info */
1558 sess_vuid = register_vuid(server_info, session_key,
1559 nt_resp.data ? nt_resp
: lm_resp,
1560 sub_user);
1561 if (sess_vuid == UID_FIELD_INVALID) {
1562 data_blob_free(&nt_resp);
1563 data_blob_free(&lm_resp);
1564 return
ERROR_NT(nt_status_squash(NT_STATUS_LOGON_FAILURE));
1565 }
When the register_vuid function returns UID_FIELD_INVALID,
the reply_sesssetup_and_X doesn't release the server_info value.
---- register_vuid[source/smbd/password.c]
141 int register_vuid(auth_serversupplied_info *server_info,
142 DATA_BLOB session_key, DATA_BLOB response_blob,
143 const char *smb_name)
144 {
145 user_struct *vuser;
146
147 /* Paranoia check. */
148 if(lp_security() == SEC_SHARE) {
149 smb_panic("Tried to register uid in
security=share");
150 }
151
152 /* Limit allowed vuids to 16bits - VUID_OFFSET. */
153 if (num_validated_vuids >= 0xFFFF-VUID_OFFSET) {
154 data_blob_free(&session_key);
155 return UID_FIELD_INVALID;
156 }
157
158 if((vuser = talloc_zero(NULL, user_struct)) == NULL) {
159 DEBUG(0,("Failed to talloc users struct!\n"));
160 data_blob_free(&session_key);
161 return UID_FIELD_INVALID;
162 }
There are two points that does not release the server_info above.
[Line 153-155, 158-161]
So I thought it was the memory leak.
And after checking in the current code,
Maybe, I have found the other memory leak in the error path in the
reply_sesssetup_and_X function.
Would you please review the attached patch ? ( I apologize for not
sending the patches at once. )
Thanks in advance,
-------------- next part --------------
A non-text attachment was scrubbed...
Name: samba-3.2.0-memoryleaks.patch
Type: text/x-patch
Size: 1204 bytes
Desc: not available
Url : http://lists.samba.org/archive/samba-technical/attachments/20070802/9b1b96b1/samba-3.2.0-memoryleaks.bin
More information about the samba-technical
mailing list