[Patch] rpc_pipe_client memory leaks due to long term memory context passed to rpc_pipe_open_interface (bug #12890)
Jeremy Allison
jra at samba.org
Mon Jul 10 16:58:18 UTC 2017
On Mon, Jul 10, 2017 at 12:46:25PM +0200, Stefan Metzmacher via samba-technical wrote:
> Hi,
>
> here's a patch that avoids memory leaks of rpc_pipe_open_interface()
> in source3/smbd/lanman.c and source3/smbd/reply.c. We need to use
> talloc_tos() memory instead of a long term memory context as
> 'connection_struct'.
>
> We already have this in some places, but some where left...
>
> There's a similar bug https://bugzilla.samba.org/show_bug.cgi?id=12892,
> but that's something real printing experts should have a look at.
>
> Please review and push:-)
Reviewed and pushed. Obviously correct, thanks !
> From dd39d1a090d3094fb1eb009da0a8a3ebbb584870 Mon Sep 17 00:00:00 2001
> From: Stefan Metzmacher <metze at samba.org>
> Date: Mon, 10 Jul 2017 11:29:58 +0200
> Subject: [PATCH] s3:smbd: consistently use talloc_tos() memory for
> rpc_pipe_open_interface()
>
> The result is only used temporary and should not be leaked on a long term
> memory context as 'conn'.
>
> BUG: https://bugzilla.samba.org/show_bug.cgi?id=12890
>
> Signed-off-by: Stefan Metzmacher <metze at samba.org>
> ---
> source3/smbd/lanman.c | 20 ++++++++++----------
> source3/smbd/reply.c | 2 +-
> 2 files changed, 11 insertions(+), 11 deletions(-)
>
> diff --git a/source3/smbd/lanman.c b/source3/smbd/lanman.c
> index c3e540f..6854527 100644
> --- a/source3/smbd/lanman.c
> +++ b/source3/smbd/lanman.c
> @@ -831,7 +831,7 @@ static bool api_DosPrintQGetInfo(struct smbd_server_connection *sconn,
> goto out;
> }
>
> - status = rpc_pipe_open_interface(conn,
> + status = rpc_pipe_open_interface(mem_ctx,
> &ndr_table_spoolss,
> conn->session_info,
> conn->sconn->remote_address,
> @@ -1029,7 +1029,7 @@ static bool api_DosPrintQEnum(struct smbd_server_connection *sconn,
> return(True);
> }
>
> - status = rpc_pipe_open_interface(conn,
> + status = rpc_pipe_open_interface(mem_ctx,
> &ndr_table_spoolss,
> conn->session_info,
> conn->sconn->remote_address,
> @@ -3144,7 +3144,7 @@ static bool api_RDosPrintJobDel(struct smbd_server_connection *sconn,
>
> ZERO_STRUCT(handle);
>
> - status = rpc_pipe_open_interface(conn,
> + status = rpc_pipe_open_interface(mem_ctx,
> &ndr_table_spoolss,
> conn->session_info,
> conn->sconn->remote_address,
> @@ -3273,7 +3273,7 @@ static bool api_WPrintQueueCtrl(struct smbd_server_connection *sconn,
>
> ZERO_STRUCT(handle);
>
> - status = rpc_pipe_open_interface(conn,
> + status = rpc_pipe_open_interface(mem_ctx,
> &ndr_table_spoolss,
> conn->session_info,
> conn->sconn->remote_address,
> @@ -3456,7 +3456,7 @@ static bool api_PrintJobInfo(struct smbd_server_connection *sconn,
>
> ZERO_STRUCT(handle);
>
> - status = rpc_pipe_open_interface(conn,
> + status = rpc_pipe_open_interface(mem_ctx,
> &ndr_table_spoolss,
> conn->session_info,
> conn->sconn->remote_address,
> @@ -4601,7 +4601,7 @@ static bool api_WPrintJobGetInfo(struct smbd_server_connection *sconn,
>
> ZERO_STRUCT(handle);
>
> - status = rpc_pipe_open_interface(conn,
> + status = rpc_pipe_open_interface(mem_ctx,
> &ndr_table_spoolss,
> conn->session_info,
> conn->sconn->remote_address,
> @@ -4744,7 +4744,7 @@ static bool api_WPrintJobEnumerate(struct smbd_server_connection *sconn,
>
> ZERO_STRUCT(handle);
>
> - status = rpc_pipe_open_interface(conn,
> + status = rpc_pipe_open_interface(mem_ctx,
> &ndr_table_spoolss,
> conn->session_info,
> conn->sconn->remote_address,
> @@ -4945,7 +4945,7 @@ static bool api_WPrintDestGetInfo(struct smbd_server_connection *sconn,
>
> ZERO_STRUCT(handle);
>
> - status = rpc_pipe_open_interface(conn,
> + status = rpc_pipe_open_interface(mem_ctx,
> &ndr_table_spoolss,
> conn->session_info,
> conn->sconn->remote_address,
> @@ -5078,7 +5078,7 @@ static bool api_WPrintDestEnum(struct smbd_server_connection *sconn,
>
> queuecnt = 0;
>
> - status = rpc_pipe_open_interface(conn,
> + status = rpc_pipe_open_interface(mem_ctx,
> &ndr_table_spoolss,
> conn->session_info,
> conn->sconn->remote_address,
> @@ -5390,7 +5390,7 @@ static bool api_RNetSessionEnum(struct smbd_server_connection *sconn,
> return False;
> }
>
> - status = rpc_pipe_open_interface(conn,
> + status = rpc_pipe_open_interface(mem_ctx,
> &ndr_table_srvsvc,
> conn->session_info,
> conn->sconn->remote_address,
> diff --git a/source3/smbd/reply.c b/source3/smbd/reply.c
> index e430a8e..d102b7a 100644
> --- a/source3/smbd/reply.c
> +++ b/source3/smbd/reply.c
> @@ -5942,7 +5942,7 @@ void reply_printqueue(struct smb_request *req)
>
> ZERO_STRUCT(handle);
>
> - status = rpc_pipe_open_interface(conn,
> + status = rpc_pipe_open_interface(mem_ctx,
> &ndr_table_spoolss,
> conn->session_info,
> conn->sconn->remote_address,
> --
> 1.9.1
>
More information about the samba-technical
mailing list