diff options
author | Andrew Tridgell <tridge@samba.org> | 2009-12-04 17:45:38 +1100 |
---|---|---|
committer | Andrew Tridgell <tridge@samba.org> | 2009-12-04 17:49:19 +1100 |
commit | ced3eef776dd44d0f3e9219f77e2660f9e49fa92 (patch) | |
tree | 727b3afc5c6d8ed6037ffd51532e06dfd214ea96 | |
parent | 4f6d5d0b865a077185e2441d401709325c3e7304 (diff) | |
download | samba-ced3eef776dd44d0f3e9219f77e2660f9e49fa92.tar.gz samba-ced3eef776dd44d0f3e9219f77e2660f9e49fa92.tar.bz2 samba-ced3eef776dd44d0f3e9219f77e2660f9e49fa92.zip |
s4-drsutil: fixed a memory leak in samdb_search_count
In general functions that don't return any memory should not take a memory context.
Otherwise it is too easy to have a bug like this where memory is leaked
-rw-r--r-- | source4/dsdb/common/util.c | 9 | ||||
-rw-r--r-- | source4/dsdb/samdb/ldb_modules/operational.c | 5 | ||||
-rw-r--r-- | source4/rpc_server/samr/dcesrv_samr.c | 6 |
3 files changed, 12 insertions, 8 deletions
diff --git a/source4/dsdb/common/util.c b/source4/dsdb/common/util.c index feebab8d45..8c9c98201b 100644 --- a/source4/dsdb/common/util.c +++ b/source4/dsdb/common/util.c @@ -187,18 +187,19 @@ struct dom_sid *samdb_search_dom_sid(struct ldb_context *sam_ldb, return the count of the number of records in the sam matching the query */ int samdb_search_count(struct ldb_context *sam_ldb, - TALLOC_CTX *mem_ctx, struct ldb_dn *basedn, - const char *format, ...) _PRINTF_ATTRIBUTE(4,5) + const char *format, ...) _PRINTF_ATTRIBUTE(3,4) { va_list ap; struct ldb_message **res; - const char * const attrs[] = { NULL }; + const char *attrs[] = { NULL }; int ret; + TALLOC_CTX *tmp_ctx = talloc_new(sam_ldb); va_start(ap, format); - ret = gendb_search_v(sam_ldb, mem_ctx, basedn, &res, attrs, format, ap); + ret = gendb_search_v(sam_ldb, tmp_ctx, basedn, &res, attrs, format, ap); va_end(ap); + talloc_free(tmp_ctx); return ret; } diff --git a/source4/dsdb/samdb/ldb_modules/operational.c b/source4/dsdb/samdb/ldb_modules/operational.c index 031544d6a8..cc29476665 100644 --- a/source4/dsdb/samdb/ldb_modules/operational.c +++ b/source4/dsdb/samdb/ldb_modules/operational.c @@ -104,7 +104,10 @@ static int construct_primary_group_token(struct ldb_module *module, ldb = ldb_module_get_ctx(module); - if (samdb_search_count(ldb, ldb, msg->dn, "(objectclass=group)") == 1) { + /* this is horrendously inefficient! we're doing a subtree + * search for every DN we return. So that's N^2 in the + * total number of objects! */ + if (samdb_search_count(ldb, msg->dn, "(objectclass=group)") == 1) { primary_group_token = samdb_result_rid_from_sid(ldb, msg, "objectSid", 0); return samdb_msg_add_int(ldb, ldb, msg, "primaryGroupToken", diff --git a/source4/rpc_server/samr/dcesrv_samr.c b/source4/rpc_server/samr/dcesrv_samr.c index 725ecba21f..1621003ea3 100644 --- a/source4/rpc_server/samr/dcesrv_samr.c +++ b/source4/rpc_server/samr/dcesrv_samr.c @@ -518,12 +518,12 @@ static NTSTATUS dcesrv_samr_info_DomGeneralInformation(struct samr_domain_state } /* No users in BUILTIN, and the LOCAL group types are only in builtin, and the global group type is never in BUILTIN */ - info->num_users = samdb_search_count(state->sam_ctx, mem_ctx, state->domain_dn, + info->num_users = samdb_search_count(state->sam_ctx, state->domain_dn, "(objectClass=user)"); - info->num_groups = samdb_search_count(state->sam_ctx, mem_ctx, state->domain_dn, + info->num_groups = samdb_search_count(state->sam_ctx, state->domain_dn, "(&(objectClass=group)(sAMAccountType=%u))", ATYPE_GLOBAL_GROUP); - info->num_aliases = samdb_search_count(state->sam_ctx, mem_ctx, state->domain_dn, + info->num_aliases = samdb_search_count(state->sam_ctx, state->domain_dn, "(&(objectClass=group)(sAMAccountType=%u))", ATYPE_LOCAL_GROUP); |