Memory leaks patch

Jeremy Allison jra at samba.org
Wed Mar 7 22:28:02 GMT 2007


On Wed, Mar 07, 2007 at 01:44:25PM -0800, Zack Kirsch wrote:
> Hi Jeremy and samba-technical,
> 
> I've got another round of memory leak fixes for you guys. As you might
> guess, we've run into a few memory leak problems. :)
> 
> Please let me know if the patch is committed as-is or if it needs to be
> altered at all so that I can change my local code here.

Here's my version. You missed initializing os1,os2,os3 to
zero blobs so you could potentially have been freeing
uninitialized memory, other than that it's the same
I think.

Jeremy.
-------------- next part --------------
Index: libsmb/cliconnect.c
===================================================================
--- libsmb/cliconnect.c	(revision 21753)
+++ libsmb/cliconnect.c	(working copy)
@@ -693,8 +693,6 @@
 				DEBUG(3, ("Failed to send NTLMSSP/SPNEGO blob to server!\n"));
 				nt_status = NT_STATUS_UNSUCCESSFUL;
 			} else {
-				data_blob_free(&msg1);
-				
 				blob = cli_session_setup_blob_receive(cli);
 				
 				nt_status = cli_nt_error(cli);
@@ -706,6 +704,7 @@
 					}
 				}
 			}
+			data_blob_free(&msg1);
 		}
 		
 		if (!blob.length) {
@@ -736,6 +735,8 @@
 		turn++;
 	} while (NT_STATUS_EQUAL(nt_status, NT_STATUS_MORE_PROCESSING_REQUIRED));
 
+	data_blob_free(&blob_in);
+
 	if (NT_STATUS_IS_OK(nt_status)) {
 
 		DATA_BLOB key = data_blob(ntlmssp_state->session_key.data,
Index: libads/cldap.c
===================================================================
--- libads/cldap.c	(revision 21753)
+++ libads/cldap.c	(working copy)
@@ -187,8 +187,10 @@
 {
 	int ret;
 	ASN1_DATA data;
-	DATA_BLOB blob;
-	DATA_BLOB os1, os2, os3;
+	DATA_BLOB blob = data_blob(NULL, 0);
+	DATA_BLOB os1 = data_blob(NULL, 0);
+	DATA_BLOB os2 = data_blob(NULL, 0);
+	DATA_BLOB os3 = data_blob(NULL, 0);
 	int i1;
 	/* half the time of a regular ldap timeout, not less than 3 seconds. */
 	unsigned int al_secs = MAX(3,lp_ldap_timeout()/2);
@@ -238,6 +240,9 @@
 
 	if (data.has_error) {
 		data_blob_free(&blob);
+		data_blob_free(&os1);
+		data_blob_free(&os2);
+		data_blob_free(&os3);
 		asn1_free(&data);
 		DEBUG(1,("Failed to parse cldap reply\n"));
 		return -1;
Index: utils/pdbedit.c
===================================================================
--- utils/pdbedit.c	(revision 21753)
+++ utils/pdbedit.c	(working copy)
@@ -573,6 +573,7 @@
 			
 			if (sscanf(user_sid, "%d", &u_rid) != 1) {
 				fprintf(stderr, "Error passed string is not a complete user SID or RID!\n");
+				TALLOC_FREE(sam_pwent);
 				return -1;
 			}
 			sid_copy(&u_sid, get_global_sam_sid());
Index: utils/net_rpc.c
===================================================================
--- utils/net_rpc.c	(revision 21753)
+++ utils/net_rpc.c	(working copy)
@@ -6072,6 +6072,7 @@
 	if (!pipe_hnd) {
 		DEBUG(0, ("Could not initialise lsa pipe. Error was %s\n",
 			nt_errstr(nt_status) ));
+		cli_shutdown(cli);
 		talloc_destroy(mem_ctx);
 		return -1;
 	};
@@ -6081,6 +6082,7 @@
 	if (NT_STATUS_IS_ERR(nt_status)) {
 		DEBUG(0, ("Couldn't open policy handle. Error was %s\n",
  			nt_errstr(nt_status)));
+		cli_shutdown(cli);
 		talloc_destroy(mem_ctx);
 		return -1;
 	};
@@ -6093,6 +6095,7 @@
 	if (NT_STATUS_IS_ERR(nt_status)) {
 		DEBUG(0, ("LSA Query Info failed. Returned error was %s\n",
 			nt_errstr(nt_status)));
+		cli_shutdown(cli);
 		talloc_destroy(mem_ctx);
 		return -1;
 	}
@@ -6112,6 +6115,7 @@
 		if (NT_STATUS_IS_ERR(nt_status)) {
 			DEBUG(0, ("Couldn't enumerate trusted domains. Error was %s\n",
 				nt_errstr(nt_status)));
+			cli_shutdown(cli);
 			talloc_destroy(mem_ctx);
 			return -1;
 		};
@@ -6133,6 +6137,7 @@
 	if (NT_STATUS_IS_ERR(nt_status)) {
 		DEBUG(0, ("Couldn't properly close lsa policy handle. Error was %s\n",
 			nt_errstr(nt_status)));
+		cli_shutdown(cli);
 		talloc_destroy(mem_ctx);
 		return -1;
 	};
@@ -6151,6 +6156,7 @@
 	pipe_hnd = cli_rpc_pipe_open_noauth(cli, PI_SAMR, &nt_status);
 	if (!pipe_hnd) {
 		DEBUG(0, ("Could not initialise samr pipe. Error was %s\n", nt_errstr(nt_status)));
+		cli_shutdown(cli);
 		talloc_destroy(mem_ctx);
 		return -1;
 	};
@@ -6161,6 +6167,7 @@
 	if (!NT_STATUS_IS_OK(nt_status)) {
 		DEBUG(0, ("Couldn't open SAMR policy handle. Error was %s\n",
 			nt_errstr(nt_status)));
+		cli_shutdown(cli);
 		talloc_destroy(mem_ctx);
 		return -1;
 	};
@@ -6173,6 +6180,7 @@
 	if (!NT_STATUS_IS_OK(nt_status)) {
 		DEBUG(0, ("Couldn't open domain object. Error was %s\n",
 			nt_errstr(nt_status)));
+		cli_shutdown(cli);
 		talloc_destroy(mem_ctx);
 		return -1;
 	};
@@ -6191,6 +6199,7 @@
 		if (NT_STATUS_IS_ERR(nt_status)) {
 			DEBUG(0, ("Couldn't enumerate accounts. Error was: %s\n",
 				nt_errstr(nt_status)));
+			cli_shutdown(cli);
 			talloc_destroy(mem_ctx);
 			return -1;
 		};
Index: torture/nsstest.c
===================================================================
--- torture/nsstest.c	(revision 21753)
+++ torture/nsstest.c	(working copy)
@@ -229,12 +229,15 @@
 		goto again;
 	}
 	if (status == NSS_STATUS_NOTFOUND) {
+		SAFE_FREE(buf);
 		return NULL;
 	}
 	if (status != NSS_STATUS_SUCCESS) {
 		report_nss_error("getgrnam", status);
+		SAFE_FREE(buf);
 		return NULL;
 	}
+	SAFE_FREE(buf);
 	return &grp;
 }
 
@@ -266,12 +269,15 @@
 		goto again;
 	}
 	if (status == NSS_STATUS_NOTFOUND) {
+		SAFE_FREE(buf);
 		return NULL;
 	}
 	if (status != NSS_STATUS_SUCCESS) {
 		report_nss_error("getgrgid", status);
+		SAFE_FREE(buf);
 		return NULL;
 	}
+	SAFE_FREE(buf);
 	return &grp;
 }
 


More information about the samba-technical mailing list