Memory leaks

Atsushi Nakabayashi nakabayashi at miraclelinux.com
Thu Aug 2 06:06:01 GMT 2007 

Gerald (Jerry) Carter wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Atsushi Nakabayashi wrote:
>   
>> Hi, samba-tech,
>>
>> I have found a memory leak in the error path of the samba-3.0.24.
>>     
>
> I believe this has already been fixed in the current code.
> Would you check and confirm that this has been fixed
> in SAMBA_3_2_0?  Thanks.
>   
Thanks a lot,

  I have checked it in the current code below,
  but it seems to me that the memory leak is not fixed yet.

http://viewcvs.samba.org/cgi-bin/viewcvs.cgi/branches/SAMBA_3_2_0/source/smbd/

---- reply_sesssetup_and_X[source/smbd/sesssetup.c]
   1557                 /* register_vuid keeps the server info */
   1558                 sess_vuid = register_vuid(server_info, session_key,
   1559                                           nt_resp.data ? nt_resp 
: lm_resp,
   1560                                           sub_user);
   1561                 if (sess_vuid == UID_FIELD_INVALID) {
   1562                         data_blob_free(&nt_resp);
   1563                         data_blob_free(&lm_resp);
   1564                         return 
ERROR_NT(nt_status_squash(NT_STATUS_LOGON_FAILURE));
   1565                 }

   When the register_vuid function returns UID_FIELD_INVALID,
   the reply_sesssetup_and_X doesn't release the server_info value.

---- register_vuid[source/smbd/password.c]
    141 int register_vuid(auth_serversupplied_info *server_info,
    142                   DATA_BLOB session_key, DATA_BLOB response_blob,
    143                   const char *smb_name)
    144 {
    145         user_struct *vuser;
    146
    147         /* Paranoia check. */
    148         if(lp_security() == SEC_SHARE) {
    149                 smb_panic("Tried to register uid in 
security=share");
    150         }
    151
    152         /* Limit allowed vuids to 16bits - VUID_OFFSET. */
    153         if (num_validated_vuids >= 0xFFFF-VUID_OFFSET) {
    154                 data_blob_free(&session_key);
    155                 return UID_FIELD_INVALID;
    156         }
    157
    158         if((vuser = talloc_zero(NULL, user_struct)) == NULL) {
    159                 DEBUG(0,("Failed to talloc users struct!\n"));
    160                 data_blob_free(&session_key);
    161                 return UID_FIELD_INVALID;
    162         }

    There are two points that does not release the server_info above. 
[Line 153-155, 158-161]
    So I thought it was the memory leak.

And after checking in the current code,
Maybe, I have found the other memory leak in the error path in the 
reply_sesssetup_and_X function.
Would you please review the attached patch ? ( I apologize for not 
sending the patches at once. )

Thanks in advance,

-------------- next part --------------
A non-text attachment was scrubbed...
Name: samba-3.2.0-memoryleaks.patch
Type: text/x-patch
Size: 1204 bytes
Desc: not available
Url : http://lists.samba.org/archive/samba-technical/attachments/20070802/9b1b96b1/samba-3.2.0-memoryleaks.bin

More information about the samba-technical mailing list