FW: s4:hdb-samba4 - Don't double-free "db"

Tue Oct 13 22:31:34 MDT 2009

-----Original Message-----
From: samba-technical-bounces at lists.samba.org [mailto:samba-technical-bounces at lists.samba.org] On Behalf Of Andrew Bartlett
Sent: Wednesday, October 14, 2009 3:00 AM
To: samba-technical at lists.samba.org
Subject: s4:hdb-samba4 - Don't double-free "db"

On Tue, 2009-10-13 at 10:39 -0500, Matthias Dieter Wallnöfer wrote:
> The branch, master has been updated
>        via  11a8a54... s4:hdb-samba4 - Don't double-free "db"
>        via  c183acc... s4:dcesrv_samr - add another constant
>       from  6b91a2a... s4:dcesrv_samr - prevent "ldb_modify" on a 
> possibly empty message
> 
> http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
> 
> 
> - Log 
> -----------------------------------------------------------------
> commit 11a8a54c825a52d7dd6ab78bc7aeff2d719327d2
> Author: Matthias Dieter Wallnöfer <mwallnoefer at yahoo.de>
> Date:   Tue Oct 13 17:36:58 2009 +0200
> 
>     s4:hdb-samba4 - Don't double-free "db"
>     
>     "db" is freed anyway after the destructor terminates so this does really make
>     no sense here (rather it makes code crash).
>     
>     Should fix bug #6801.

> Changeset truncated at 500 lines:
> 
> diff --git a/source4/kdc/hdb-samba4.c b/source4/kdc/hdb-samba4.c index 
> 4062e13..bed6ee9 100644
> --- a/source4/kdc/hdb-samba4.c
> +++ b/source4/kdc/hdb-samba4.c
> @@ -1442,7 +1442,6 @@ static krb5_error_code 
> hdb_samba4_nextkey(krb5_context context, HDB *db, unsigne
>  
>  static krb5_error_code hdb_samba4_destroy(krb5_context context, HDB 
> *db)  {
> -	talloc_free(db);
>  	return 0;
>  }
>  

Unfortunately this is not correct - you are confusing the database and the entry, and with your change we now leak the database pointer.  The actual bug is in hdb_end_seq_get().  We should free the entry before we close the database.  I'll push a fix shortly. 

Andrew Bartlett

-- 
Andrew Bartlett                                http://samba.org/~abartlet/
Authentication Developer, Samba Team           http://samba.org
Samba Developer, Cisco Inc.
DISCLAIMER:

This email message and all attachments are  confidential and may contain information that
is privileged,  confidential or exempt from  disclosure under applicable law.  If you are
not  the intended  recipient,  you  are notified  that any dissemination, distribution or 
copying  of this email  is strictly prohibited. If you have received this email in error, 
please notify us immediately by return email or to mailadmin at spanservices.com and destroy 
the original message.

Opinions, conclusions, and other  information in  this message that  do not relate to the 
official business of SPAN, shall be understood to be neither given nor endorsed by SPAN.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 196 bytes
Desc: signature.asc
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20091014/50d48481/attachment.pgp>