[Patch] rpc_pipe_client memory leaks due to long term memory context passed to rpc_pipe_open_interface (bug #12890)
Stefan Metzmacher
metze at samba.org
Mon Jul 10 10:46:25 UTC 2017
Hi,
here's a patch that avoids memory leaks of rpc_pipe_open_interface()
in source3/smbd/lanman.c and source3/smbd/reply.c. We need to use
talloc_tos() memory instead of a long term memory context as
'connection_struct'.
We already have this in some places, but some where left...
There's a similar bug https://bugzilla.samba.org/show_bug.cgi?id=12892,
but that's something real printing experts should have a look at.
Please review and push:-)
Thanks!
metze
-------------- next part --------------
From dd39d1a090d3094fb1eb009da0a8a3ebbb584870 Mon Sep 17 00:00:00 2001
From: Stefan Metzmacher <metze at samba.org>
Date: Mon, 10 Jul 2017 11:29:58 +0200
Subject: [PATCH] s3:smbd: consistently use talloc_tos() memory for
rpc_pipe_open_interface()
The result is only used temporary and should not be leaked on a long term
memory context as 'conn'.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12890
Signed-off-by: Stefan Metzmacher <metze at samba.org>
---
source3/smbd/lanman.c | 20 ++++++++++----------
source3/smbd/reply.c | 2 +-
2 files changed, 11 insertions(+), 11 deletions(-)
diff --git a/source3/smbd/lanman.c b/source3/smbd/lanman.c
index c3e540f..6854527 100644
--- a/source3/smbd/lanman.c
+++ b/source3/smbd/lanman.c
@@ -831,7 +831,7 @@ static bool api_DosPrintQGetInfo(struct smbd_server_connection *sconn,
goto out;
}
- status = rpc_pipe_open_interface(conn,
+ status = rpc_pipe_open_interface(mem_ctx,
&ndr_table_spoolss,
conn->session_info,
conn->sconn->remote_address,
@@ -1029,7 +1029,7 @@ static bool api_DosPrintQEnum(struct smbd_server_connection *sconn,
return(True);
}
- status = rpc_pipe_open_interface(conn,
+ status = rpc_pipe_open_interface(mem_ctx,
&ndr_table_spoolss,
conn->session_info,
conn->sconn->remote_address,
@@ -3144,7 +3144,7 @@ static bool api_RDosPrintJobDel(struct smbd_server_connection *sconn,
ZERO_STRUCT(handle);
- status = rpc_pipe_open_interface(conn,
+ status = rpc_pipe_open_interface(mem_ctx,
&ndr_table_spoolss,
conn->session_info,
conn->sconn->remote_address,
@@ -3273,7 +3273,7 @@ static bool api_WPrintQueueCtrl(struct smbd_server_connection *sconn,
ZERO_STRUCT(handle);
- status = rpc_pipe_open_interface(conn,
+ status = rpc_pipe_open_interface(mem_ctx,
&ndr_table_spoolss,
conn->session_info,
conn->sconn->remote_address,
@@ -3456,7 +3456,7 @@ static bool api_PrintJobInfo(struct smbd_server_connection *sconn,
ZERO_STRUCT(handle);
- status = rpc_pipe_open_interface(conn,
+ status = rpc_pipe_open_interface(mem_ctx,
&ndr_table_spoolss,
conn->session_info,
conn->sconn->remote_address,
@@ -4601,7 +4601,7 @@ static bool api_WPrintJobGetInfo(struct smbd_server_connection *sconn,
ZERO_STRUCT(handle);
- status = rpc_pipe_open_interface(conn,
+ status = rpc_pipe_open_interface(mem_ctx,
&ndr_table_spoolss,
conn->session_info,
conn->sconn->remote_address,
@@ -4744,7 +4744,7 @@ static bool api_WPrintJobEnumerate(struct smbd_server_connection *sconn,
ZERO_STRUCT(handle);
- status = rpc_pipe_open_interface(conn,
+ status = rpc_pipe_open_interface(mem_ctx,
&ndr_table_spoolss,
conn->session_info,
conn->sconn->remote_address,
@@ -4945,7 +4945,7 @@ static bool api_WPrintDestGetInfo(struct smbd_server_connection *sconn,
ZERO_STRUCT(handle);
- status = rpc_pipe_open_interface(conn,
+ status = rpc_pipe_open_interface(mem_ctx,
&ndr_table_spoolss,
conn->session_info,
conn->sconn->remote_address,
@@ -5078,7 +5078,7 @@ static bool api_WPrintDestEnum(struct smbd_server_connection *sconn,
queuecnt = 0;
- status = rpc_pipe_open_interface(conn,
+ status = rpc_pipe_open_interface(mem_ctx,
&ndr_table_spoolss,
conn->session_info,
conn->sconn->remote_address,
@@ -5390,7 +5390,7 @@ static bool api_RNetSessionEnum(struct smbd_server_connection *sconn,
return False;
}
- status = rpc_pipe_open_interface(conn,
+ status = rpc_pipe_open_interface(mem_ctx,
&ndr_table_srvsvc,
conn->session_info,
conn->sconn->remote_address,
diff --git a/source3/smbd/reply.c b/source3/smbd/reply.c
index e430a8e..d102b7a 100644
--- a/source3/smbd/reply.c
+++ b/source3/smbd/reply.c
@@ -5942,7 +5942,7 @@ void reply_printqueue(struct smb_request *req)
ZERO_STRUCT(handle);
- status = rpc_pipe_open_interface(conn,
+ status = rpc_pipe_open_interface(mem_ctx,
&ndr_table_spoolss,
conn->session_info,
conn->sconn->remote_address,
--
1.9.1
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: OpenPGP digital signature
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20170710/e0267b0e/signature.sig>
More information about the samba-technical
mailing list