summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAndrew Tridgell <tridge@samba.org>2009-12-04 17:45:38 +1100
committerAndrew Tridgell <tridge@samba.org>2009-12-04 17:49:19 +1100
commitced3eef776dd44d0f3e9219f77e2660f9e49fa92 (patch)
tree727b3afc5c6d8ed6037ffd51532e06dfd214ea96
parent4f6d5d0b865a077185e2441d401709325c3e7304 (diff)
downloadsamba-ced3eef776dd44d0f3e9219f77e2660f9e49fa92.tar.gz
samba-ced3eef776dd44d0f3e9219f77e2660f9e49fa92.tar.bz2
samba-ced3eef776dd44d0f3e9219f77e2660f9e49fa92.zip
s4-drsutil: fixed a memory leak in samdb_search_count
In general functions that don't return any memory should not take a memory context. Otherwise it is too easy to have a bug like this where memory is leaked
-rw-r--r--source4/dsdb/common/util.c9
-rw-r--r--source4/dsdb/samdb/ldb_modules/operational.c5
-rw-r--r--source4/rpc_server/samr/dcesrv_samr.c6
3 files changed, 12 insertions, 8 deletions
diff --git a/source4/dsdb/common/util.c b/source4/dsdb/common/util.c
index feebab8d45..8c9c98201b 100644
--- a/source4/dsdb/common/util.c
+++ b/source4/dsdb/common/util.c
@@ -187,18 +187,19 @@ struct dom_sid *samdb_search_dom_sid(struct ldb_context *sam_ldb,
return the count of the number of records in the sam matching the query
*/
int samdb_search_count(struct ldb_context *sam_ldb,
- TALLOC_CTX *mem_ctx,
struct ldb_dn *basedn,
- const char *format, ...) _PRINTF_ATTRIBUTE(4,5)
+ const char *format, ...) _PRINTF_ATTRIBUTE(3,4)
{
va_list ap;
struct ldb_message **res;
- const char * const attrs[] = { NULL };
+ const char *attrs[] = { NULL };
int ret;
+ TALLOC_CTX *tmp_ctx = talloc_new(sam_ldb);
va_start(ap, format);
- ret = gendb_search_v(sam_ldb, mem_ctx, basedn, &res, attrs, format, ap);
+ ret = gendb_search_v(sam_ldb, tmp_ctx, basedn, &res, attrs, format, ap);
va_end(ap);
+ talloc_free(tmp_ctx);
return ret;
}
diff --git a/source4/dsdb/samdb/ldb_modules/operational.c b/source4/dsdb/samdb/ldb_modules/operational.c
index 031544d6a8..cc29476665 100644
--- a/source4/dsdb/samdb/ldb_modules/operational.c
+++ b/source4/dsdb/samdb/ldb_modules/operational.c
@@ -104,7 +104,10 @@ static int construct_primary_group_token(struct ldb_module *module,
ldb = ldb_module_get_ctx(module);
- if (samdb_search_count(ldb, ldb, msg->dn, "(objectclass=group)") == 1) {
+ /* this is horrendously inefficient! we're doing a subtree
+ * search for every DN we return. So that's N^2 in the
+ * total number of objects! */
+ if (samdb_search_count(ldb, msg->dn, "(objectclass=group)") == 1) {
primary_group_token
= samdb_result_rid_from_sid(ldb, msg, "objectSid", 0);
return samdb_msg_add_int(ldb, ldb, msg, "primaryGroupToken",
diff --git a/source4/rpc_server/samr/dcesrv_samr.c b/source4/rpc_server/samr/dcesrv_samr.c
index 725ecba21f..1621003ea3 100644
--- a/source4/rpc_server/samr/dcesrv_samr.c
+++ b/source4/rpc_server/samr/dcesrv_samr.c
@@ -518,12 +518,12 @@ static NTSTATUS dcesrv_samr_info_DomGeneralInformation(struct samr_domain_state
}
/* No users in BUILTIN, and the LOCAL group types are only in builtin, and the global group type is never in BUILTIN */
- info->num_users = samdb_search_count(state->sam_ctx, mem_ctx, state->domain_dn,
+ info->num_users = samdb_search_count(state->sam_ctx, state->domain_dn,
"(objectClass=user)");
- info->num_groups = samdb_search_count(state->sam_ctx, mem_ctx, state->domain_dn,
+ info->num_groups = samdb_search_count(state->sam_ctx, state->domain_dn,
"(&(objectClass=group)(sAMAccountType=%u))",
ATYPE_GLOBAL_GROUP);
- info->num_aliases = samdb_search_count(state->sam_ctx, mem_ctx, state->domain_dn,
+ info->num_aliases = samdb_search_count(state->sam_ctx, state->domain_dn,
"(&(objectClass=group)(sAMAccountType=%u))",
ATYPE_LOCAL_GROUP);