Memory leaks

Atsushi Nakabayashi nakabayashi at miraclelinux.com
Tue Jul 31 01:20:58 GMT 2007


Hi, samba-tech,

I have found a memory leak in the error path of the samba-3.0.24.

---- register_vuid function [ source/smbd/password.c ]
    163         /* Limit allowed vuids to 16bits - VUID_OFFSET. */
    164         if (num_validated_vuids >= 0xFFFF-VUID_OFFSET) {
    165                 data_blob_free(&session_key);
    166                 return UID_FIELD_INVALID;
    167         }
    168
    169         if((vuser = SMB_MALLOC_P(user_struct)) == NULL) {
    170                 DEBUG(0,("Failed to malloc users struct!\n"));
    171                 data_blob_free(&session_key);
    172                 return UID_FIELD_INVALID;
    173         }

    The server_info is not released,
    because its function's parent(calling this register_vuid function) 
doesn't release the server_info as below.

----- reply_sesssetup_and_X[source/smbd/sesssetup.c]
   1140                 /* register_vuid keeps the server info */
   1141                 sess_vuid = register_vuid(server_info, session_key,
   1142                                           nt_resp.data ? nt_resp 
: lm_resp,
   1143                                           sub_user);
   1144                 if (sess_vuid == UID_FIELD_INVALID) {
   1145                         data_blob_free(&nt_resp);
   1146                         data_blob_free(&lm_resp);
   1147                         return 
ERROR_NT(nt_status_squash(NT_STATUS_LOGON_FAILURE));
   1148                 }



-------------- next part --------------
A non-text attachment was scrubbed...
Name: samba-3.0.24-memleaks.patch
Type: text/x-patch
Size: 706 bytes
Desc: not available
Url : http://lists.samba.org/archive/samba-technical/attachments/20070731/46bbd47c/samba-3.0.24-memleaks.bin


More information about the samba-technical mailing list