[PATCH 15/27] winbindd_cache: don't leak state_path onto talloc tos

David Disseldorp ddiss at samba.org
Sun Nov 2 12:21:37 MST 2014 

Also check for allocation failures.

Signed-off-by: David Disseldorp <ddiss at samba.org>
---
 source3/winbindd/winbindd_cache.c | 61 ++++++++++++++++++++++++++++++---------
 1 file changed, 48 insertions(+), 13 deletions(-)

diff --git a/source3/winbindd/winbindd_cache.c b/source3/winbindd/winbindd_cache.c
index b303ae9..443fd81 100644
--- a/source3/winbindd/winbindd_cache.c
+++ b/source3/winbindd/winbindd_cache.c
@@ -3184,6 +3184,8 @@ bool wcache_invalidate_cache_noinit(void)
 
 bool init_wcache(void)
 {
+	char *db_path;
+
 	if (wcache == NULL) {
 		wcache = SMB_XMALLOC_P(struct winbind_cache);
 		ZERO_STRUCTP(wcache);
@@ -3192,13 +3194,18 @@ bool init_wcache(void)
 	if (wcache->tdb != NULL)
 		return true;
 
+	db_path = state_path("winbindd_cache.tdb");
+	if (db_path == NULL) {
+		return false;
+	}
+
 	/* when working offline we must not clear the cache on restart */
-	wcache->tdb = tdb_open_log(state_path("winbindd_cache.tdb"),
+	wcache->tdb = tdb_open_log(db_path,
 				WINBINDD_CACHE_TDB_DEFAULT_HASH_SIZE, 
 				TDB_INCOMPATIBLE_HASH |
 					(lp_winbind_offline_logon() ? TDB_DEFAULT : (TDB_DEFAULT | TDB_CLEAR_IF_FIRST)),
 				O_RDWR|O_CREAT, 0600);
-
+	TALLOC_FREE(db_path);
 	if (wcache->tdb == NULL) {
 		DEBUG(0,("Failed to open winbindd_cache.tdb!\n"));
 		return false;
@@ -3230,6 +3237,8 @@ bool initialize_winbindd_cache(void)
 	}
 
 	if (cache_bad) {
+		char *db_path;
+
 		DEBUG(0,("initialize_winbindd_cache: clearing cache "
 			"and re-creating with version number %d\n",
 			WINBINDD_CACHE_VERSION ));
@@ -3237,12 +3246,19 @@ bool initialize_winbindd_cache(void)
 		tdb_close(wcache->tdb);
 		wcache->tdb = NULL;
 
-		if (unlink(state_path("winbindd_cache.tdb")) == -1) {
+		db_path = state_path("winbindd_cache.tdb");
+		if (db_path == NULL) {
+			return false;
+		}
+
+		if (unlink(db_path) == -1) {
 			DEBUG(0,("initialize_winbindd_cache: unlink %s failed %s ",
-				state_path("winbindd_cache.tdb"),
+				db_path,
 				strerror(errno) ));
+			TALLOC_FREE(db_path);
 			return false;
 		}
+		TALLOC_FREE(db_path);
 		if (!init_wcache()) {
 			DEBUG(0,("initialize_winbindd_cache: re-initialization "
 					"init_wcache failed.\n"));
@@ -3355,6 +3371,8 @@ static int traverse_fn_cleanup(TDB_CONTEXT *the_tdb, TDB_DATA kbuf,
 /* flush the cache */
 void wcache_flush_cache(void)
 {
+	char *db_path;
+
 	if (!wcache)
 		return;
 	if (wcache->tdb) {
@@ -3365,13 +3383,18 @@ void wcache_flush_cache(void)
 		return;
 	}
 
+	db_path = state_path("winbindd_cache.tdb");
+	if (db_path == NULL) {
+		return;
+	}
+
 	/* when working offline we must not clear the cache on restart */
-	wcache->tdb = tdb_open_log(state_path("winbindd_cache.tdb"),
-				WINBINDD_CACHE_TDB_DEFAULT_HASH_SIZE, 
+	wcache->tdb = tdb_open_log(db_path,
+				WINBINDD_CACHE_TDB_DEFAULT_HASH_SIZE,
 				TDB_INCOMPATIBLE_HASH |
 				(lp_winbind_offline_logon() ? TDB_DEFAULT : (TDB_DEFAULT | TDB_CLEAR_IF_FIRST)),
 				O_RDWR|O_CREAT, 0600);
-
+	TALLOC_FREE(db_path);
 	if (!wcache->tdb) {
 		DEBUG(0,("Failed to open winbindd_cache.tdb!\n"));
 		return;
@@ -4245,7 +4268,7 @@ static bool wbcache_upgrade_v1_to_v2(TDB_CONTEXT *tdb)
 int winbindd_validate_cache(void)
 {
 	int ret = -1;
-	const char *tdb_path = state_path("winbindd_cache.tdb");
+	char *tdb_path = NULL;
 	TDB_CONTEXT *tdb = NULL;
 	uint32_t vers_id;
 	bool ok;
@@ -4253,13 +4276,18 @@ int winbindd_validate_cache(void)
 	DEBUG(10, ("winbindd_validate_cache: replacing panic function\n"));
 	smb_panic_fn = validate_panic;
 
-	tdb = tdb_open_log(tdb_path, 
+	tdb_path = state_path("winbindd_cache.tdb");
+	if (tdb_path == NULL) {
+		goto done;
+	}
+
+	tdb = tdb_open_log(tdb_path,
 			   WINBINDD_CACHE_TDB_DEFAULT_HASH_SIZE,
 			   TDB_INCOMPATIBLE_HASH |
-			   ( lp_winbind_offline_logon() 
-			     ? TDB_DEFAULT 
+			   ( lp_winbind_offline_logon()
+			     ? TDB_DEFAULT
 			     : TDB_DEFAULT | TDB_CLEAR_IF_FIRST ),
-			   O_RDWR|O_CREAT, 
+			   O_RDWR|O_CREAT,
 			   0600);
 	if (!tdb) {
 		DEBUG(0, ("winbindd_validate_cache: "
@@ -4301,6 +4329,7 @@ int winbindd_validate_cache(void)
 	}
 
 done:
+	TALLOC_FREE(tdb_path);
 	DEBUG(10, ("winbindd_validate_cache: restoring panic function\n"));
 	smb_panic_fn = smb_panic;
 	return ret;
@@ -4313,11 +4342,15 @@ done:
 int winbindd_validate_cache_nobackup(void)
 {
 	int ret = -1;
-	const char *tdb_path = state_path("winbindd_cache.tdb");
+	char *tdb_path;
 
 	DEBUG(10, ("winbindd_validate_cache: replacing panic function\n"));
 	smb_panic_fn = validate_panic;
 
+	tdb_path = state_path("winbindd_cache.tdb");
+	if (tdb_path == NULL) {
+		goto err_panic_restore;
+	}
 
 	if (wcache == NULL || wcache->tdb == NULL) {
 		ret = tdb_validate_open(tdb_path, cache_traverse_validate_fn);
@@ -4330,6 +4363,8 @@ int winbindd_validate_cache_nobackup(void)
 			   "successful.\n"));
 	}
 
+	TALLOC_FREE(tdb_path);
+err_panic_restore:
 	DEBUG(10, ("winbindd_validate_cache_nobackup: restoring panic "
 		   "function\n"));
 	smb_panic_fn = smb_panic;
-- 
1.8.4.5

More information about the samba-technical mailing list