summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorSimo Sorce <idra@samba.org>2006-10-15 23:14:19 +0000
committerGerald (Jerry) Carter <jerry@samba.org>2007-10-10 14:21:04 -0500
commit59b66744f7318d8197f0d2029bf3b641dafa327e (patch)
tree03d44cfb4bc655088a411552743531246e06974b
parenta719444f68c7448f53ce61dc9f02e552a98fedcf (diff)
downloadsamba-59b66744f7318d8197f0d2029bf3b641dafa327e.tar.gz
samba-59b66744f7318d8197f0d2029bf3b641dafa327e.tar.bz2
samba-59b66744f7318d8197f0d2029bf3b641dafa327e.zip
r19299: Fix possible memleaks
(This used to be commit 6fad80bb09113a60689061a2de67711c9924708b)
-rw-r--r--source4/auth/gensec/schannel_state.c24
-rw-r--r--source4/dsdb/samdb/ldb_modules/entryUUID.c4
-rw-r--r--source4/kdc/hdb-ldb.c5
-rw-r--r--source4/lib/ldb/modules/ldb_map.c2
-rw-r--r--source4/lib/registry/reg_backend_ldb.c1
-rw-r--r--source4/libnet/libnet_join.c1
-rw-r--r--source4/nbt_server/wins/winsdb.c4
-rw-r--r--source4/param/share_ldb.c4
-rw-r--r--source4/torture/ldap/schema.c1
9 files changed, 34 insertions, 12 deletions
diff --git a/source4/auth/gensec/schannel_state.c b/source4/auth/gensec/schannel_state.c
index e8d0f8388b..855f159981 100644
--- a/source4/auth/gensec/schannel_state.c
+++ b/source4/auth/gensec/schannel_state.c
@@ -198,12 +198,14 @@ NTSTATUS schannel_fetch_session_key_ldb(TALLOC_CTX *mem_ctx,
ret = ldb_search(ldb, NULL, LDB_SCOPE_SUBTREE, expr, NULL, &res);
if (ret != LDB_SUCCESS || res->count != 1) {
DEBUG(3,("schannel: Failed to find a record for client: %s\n", computer_name));
+ talloc_free(res);
return NT_STATUS_INVALID_HANDLE;
}
val = ldb_msg_find_ldb_val(res->msgs[0], "sessionKey");
if (val == NULL || val->length != 16) {
DEBUG(1,("schannel: record in schannel DB must contain a sessionKey of length 16, when searching for client: %s\n", computer_name));
+ talloc_free(res);
return NT_STATUS_INTERNAL_ERROR;
}
@@ -212,6 +214,7 @@ NTSTATUS schannel_fetch_session_key_ldb(TALLOC_CTX *mem_ctx,
val = ldb_msg_find_ldb_val(res->msgs[0], "seed");
if (val == NULL || val->length != 8) {
DEBUG(1,("schannel: record in schannel DB must contain a vaid seed of length 8, when searching for client: %s\n", computer_name));
+ talloc_free(res);
return NT_STATUS_INTERNAL_ERROR;
}
@@ -220,6 +223,7 @@ NTSTATUS schannel_fetch_session_key_ldb(TALLOC_CTX *mem_ctx,
val = ldb_msg_find_ldb_val(res->msgs[0], "clientState");
if (val == NULL || val->length != 8) {
DEBUG(1,("schannel: record in schannel DB must contain a vaid clientState of length 8, when searching for client: %s\n", computer_name));
+ talloc_free(res);
return NT_STATUS_INTERNAL_ERROR;
}
memcpy((*creds)->client.data, val->data, 8);
@@ -227,6 +231,7 @@ NTSTATUS schannel_fetch_session_key_ldb(TALLOC_CTX *mem_ctx,
val = ldb_msg_find_ldb_val(res->msgs[0], "serverState");
if (val == NULL || val->length != 8) {
DEBUG(1,("schannel: record in schannel DB must contain a vaid serverState of length 8, when searching for client: %s\n", computer_name));
+ talloc_free(res);
return NT_STATUS_INTERNAL_ERROR;
}
memcpy((*creds)->server.data, val->data, 8);
@@ -235,14 +240,27 @@ NTSTATUS schannel_fetch_session_key_ldb(TALLOC_CTX *mem_ctx,
(*creds)->secure_channel_type = ldb_msg_find_attr_as_int(res->msgs[0], "secureChannelType", 0);
- (*creds)->account_name = talloc_reference(*creds, ldb_msg_find_attr_as_string(res->msgs[0], "accountName", NULL));
+ (*creds)->account_name = talloc_strdup(*creds, ldb_msg_find_attr_as_string(res->msgs[0], "accountName", NULL));
+ if ((*creds)->account_name == NULL) {
+ talloc_free(res);
+ return NT_STATUS_NO_MEMORY;
+ }
- (*creds)->computer_name = talloc_reference(*creds, ldb_msg_find_attr_as_string(res->msgs[0], "computerName", NULL));
+ (*creds)->computer_name = talloc_strdup(*creds, ldb_msg_find_attr_as_string(res->msgs[0], "computerName", NULL));
+ if ((*creds)->computer_name == NULL) {
+ talloc_free(res);
+ return NT_STATUS_NO_MEMORY;
+ }
- (*creds)->domain = talloc_reference(*creds, ldb_msg_find_attr_as_string(res->msgs[0], "flatname", NULL));
+ (*creds)->domain = talloc_strdup(*creds, ldb_msg_find_attr_as_string(res->msgs[0], "flatname", NULL));
+ if ((*creds)->domain == NULL) {
+ talloc_free(res);
+ return NT_STATUS_NO_MEMORY;
+ }
(*creds)->sid = samdb_result_dom_sid(*creds, res->msgs[0], "objectSid");
+ talloc_free(res);
return NT_STATUS_OK;
}
diff --git a/source4/dsdb/samdb/ldb_modules/entryUUID.c b/source4/dsdb/samdb/ldb_modules/entryUUID.c
index 328a7654ed..215d777d00 100644
--- a/source4/dsdb/samdb/ldb_modules/entryUUID.c
+++ b/source4/dsdb/samdb/ldb_modules/entryUUID.c
@@ -468,7 +468,9 @@ static int fetch_objectclass_schema(struct ldb_context *ldb, struct ldb_dn *sche
if (ret != LDB_SUCCESS) {
return ret;
}
-
+
+ talloc_steal(mem_ctx, objectclass_res);
+
return ret;
}
diff --git a/source4/kdc/hdb-ldb.c b/source4/kdc/hdb-ldb.c
index 551b0cc0f2..827c66b86d 100644
--- a/source4/kdc/hdb-ldb.c
+++ b/source4/kdc/hdb-ldb.c
@@ -458,8 +458,6 @@ static krb5_error_code LDB_lookup_principal(krb5_context context, struct ldb_con
char *short_princ;
char *short_princ_talloc;
- char *realm_dn_str;
-
struct ldb_result *res = NULL;
ret = krb5_unparse_name_norealm(context, principal, &short_princ);
@@ -501,13 +499,12 @@ static krb5_error_code LDB_lookup_principal(krb5_context context, struct ldb_con
lret = ldb_search(ldb_ctx, realm_dn, LDB_SCOPE_SUBTREE, filter, princ_attrs, &res);
- realm_dn_str = ldb_dn_linearize(mem_ctx, realm_dn);
-
if (lret != LDB_SUCCESS) {
DEBUG(3, ("Failed to search for %s: %s\n", filter, ldb_errstring(ldb_ctx)));
return HDB_ERR_NOENTRY;
} else if (res->count == 0 || res->count > 1) {
DEBUG(3, ("Failed find a single entry for %s: got %d\n", filter, res->count));
+ talloc_free(res);
return HDB_ERR_NOENTRY;
}
talloc_steal(mem_ctx, res->msgs);
diff --git a/source4/lib/ldb/modules/ldb_map.c b/source4/lib/ldb/modules/ldb_map.c
index 0c58687ddb..f9ae66a2aa 100644
--- a/source4/lib/ldb/modules/ldb_map.c
+++ b/source4/lib/ldb/modules/ldb_map.c
@@ -1233,11 +1233,13 @@ static int map_init_dns(struct ldb_module *module, struct ldb_map_context *data,
if (res->count == 0) {
ldb_debug(module->ldb, LDB_DEBUG_ERROR, "ldb_map: "
"No results for '%s=%s'!\n", MAP_DN_NAME, name);
+ talloc_free(res);
return LDB_ERR_CONSTRAINT_VIOLATION;
}
if (res->count > 1) {
ldb_debug(module->ldb, LDB_DEBUG_ERROR, "ldb_map: "
"Too many results for '%s=%s'!\n", MAP_DN_NAME, name);
+ talloc_free(res);
return LDB_ERR_CONSTRAINT_VIOLATION;
}
diff --git a/source4/lib/registry/reg_backend_ldb.c b/source4/lib/registry/reg_backend_ldb.c
index d723b1dbe4..8edbc5a085 100644
--- a/source4/lib/registry/reg_backend_ldb.c
+++ b/source4/lib/registry/reg_backend_ldb.c
@@ -240,6 +240,7 @@ static WERROR ldb_open_key(TALLOC_CTX *mem_ctx, const struct registry_key *h, co
DEBUG(0, ("Error opening key '%s': %s\n", ldb_dn_linearize(ldap_path, ldap_path), ldb_errstring(c)));
return WERR_FOOBAR;
} else if (res->count == 0) {
+ talloc_free(res);
return WERR_BADFILE;
}
diff --git a/source4/libnet/libnet_join.c b/source4/libnet/libnet_join.c
index 57ecddd9da..8112d043f6 100644
--- a/source4/libnet/libnet_join.c
+++ b/source4/libnet/libnet_join.c
@@ -247,6 +247,7 @@ static NTSTATUS libnet_JoinADSDomain(struct libnet_context *ctx, struct libnet_J
/* search for the user's record */
ret = ldb_search(remote_ldb, account_dn, LDB_SCOPE_BASE,
NULL, attrs, &res);
+ talloc_steal(tmp_ctx, res);
if (ret != LDB_SUCCESS || res->count != 1) {
r->out.error_string = talloc_asprintf(r, "ldb_search for %s failed - %s",
account_dn_str, ldb_errstring(remote_ldb));
diff --git a/source4/nbt_server/wins/winsdb.c b/source4/nbt_server/wins/winsdb.c
index f423458073..0ac7a4bb7f 100644
--- a/source4/nbt_server/wins/winsdb.c
+++ b/source4/nbt_server/wins/winsdb.c
@@ -85,6 +85,7 @@ uint64_t winsdb_set_maxVersion(struct winsdb_handle *h, uint64_t newMaxVersion)
ret = ldb_search(wins_db, dn, LDB_SCOPE_BASE, NULL, NULL, &res);
if (ret != LDB_SUCCESS) goto failed;
+ talloc_steal(tmp_ctx, res);
if (res->count > 1) goto failed;
talloc_steal(tmp_ctx, res);
@@ -588,6 +589,7 @@ NTSTATUS winsdb_lookup(struct winsdb_handle *h,
ret = ldb_search(wins_db, winsdb_dn(tmp_ctx, name), LDB_SCOPE_BASE,
NULL, NULL, &res);
+ talloc_steal(tmp_ctx, res);
if (ret != LDB_SUCCESS || res->count > 1) {
status = NT_STATUS_INTERNAL_DB_CORRUPTION;
goto failed;
@@ -596,8 +598,6 @@ NTSTATUS winsdb_lookup(struct winsdb_handle *h,
goto failed;
}
- talloc_steal(tmp_ctx, res);
-
status = winsdb_record(h, res->msgs[0], tmp_ctx, now, &rec);
if (!NT_STATUS_IS_OK(status)) goto failed;
diff --git a/source4/param/share_ldb.c b/source4/param/share_ldb.c
index fba204c834..ac56b950c8 100644
--- a/source4/param/share_ldb.c
+++ b/source4/param/share_ldb.c
@@ -172,11 +172,11 @@ static NTSTATUS sldb_list_all(TALLOC_CTX *mem_ctx,
ldb = talloc_get_type(ctx->priv_data, struct ldb_context);
ret = ldb_search(ldb, ldb_dn_explode(tmp_ctx, "CN=SHARES"), LDB_SCOPE_SUBTREE, "(name=*)", NULL, &res);
+ talloc_steal(tmp_ctx, res);
if (ret != LDB_SUCCESS) {
talloc_free(tmp_ctx);
return NT_STATUS_BAD_NETWORK_NAME;
}
- talloc_steal(tmp_ctx, res);
n = talloc_array(mem_ctx, const char *, res->count);
if (!n) {
@@ -228,11 +228,11 @@ static NTSTATUS sldb_get_config(TALLOC_CTX *mem_ctx,
return NT_STATUS_NO_MEMORY;
}
ret = ldb_search(ldb, ldb_dn_explode(tmp_ctx, "CN=SHARES"), LDB_SCOPE_SUBTREE, filter, NULL, &res);
+ talloc_steal(tmp_ctx, res);
if (ret != LDB_SUCCESS || res->count != 1) {
talloc_free(tmp_ctx);
return NT_STATUS_BAD_NETWORK_NAME;
}
- talloc_steal(tmp_ctx, res);
s = talloc(tmp_ctx, struct share_config);
if (!s) {
diff --git a/source4/torture/ldap/schema.c b/source4/torture/ldap/schema.c
index 69750826ce..1f4ec22825 100644
--- a/source4/torture/ldap/schema.c
+++ b/source4/torture/ldap/schema.c
@@ -124,6 +124,7 @@ static BOOL test_search_rootDSE(struct ldb_context *ldb, struct test_rootDSE *ro
if (ret != LDB_SUCCESS) {
return False;
} else if (r->count != 1) {
+ talloc_free(r);
return False;
}