libcli/security/access_check.c - fix a memory leak

author: Matthias Dieter Wallnöfer <mdw@samba.org> 2010-10-20 13:40:19 +0200
committer: Matthias Dieter Wallnöfer <mdw@samba.org> 2010-10-20 12:31:05 +0000
commit: caf6b3686fb7f18b17e0b89f519f216ac98df3be (patch)
tree: 5cb894161604222f1114a937ab5ac03fc68d0dc5 /libcli/security/access_check.c
parent: efb22bf782fe49ca60650c87a0ead8ae93c06eca (diff)
download: samba-caf6b3686fb7f18b17e0b89f519f216ac98df3be.tar.gz
samba-caf6b3686fb7f18b17e0b89f519f216ac98df3be.tar.bz2
samba-caf6b3686fb7f18b17e0b89f519f216ac98df3be.zip
1 files changed, 12 insertions, 7 deletions
diff --git a/libcli/security/access_check.c b/libcli/security/access_check.c
index 35ee05716e..a00e42b520 100644
--- a/libcli/security/access_check.c
+++ b/libcli/security/access_check.c
@@ -287,7 +287,7 @@ NTSTATUS sec_access_check_ds(const struct security_descriptor *sd,
         uint32_t bits_remaining;
         struct object_tree *node;
         const struct GUID *type;
-	struct dom_sid *ps_sid = dom_sid_parse_talloc(NULL, SID_NT_SELF);
+        struct dom_sid *ps_sid = dom_sid_parse_talloc(sd, SID_NT_SELF);
 
         *access_granted = access_desired;
         bits_remaining = access_desired;
@@ -304,13 +304,15 @@ NTSTATUS sec_access_check_ds(const struct security_descriptor *sd,
                 if (security_token_has_privilege(token, SEC_PRIV_SECURITY)) {
                         bits_remaining &= ~SEC_FLAG_SYSTEM_SECURITY;
                 } else {
+                        talloc_free(ps_sid);
                         return NT_STATUS_PRIVILEGE_NOT_HELD;
                 }
         }
 
         /* a NULL dacl allows access */
         if ((sd->type & SEC_DESC_DACL_PRESENT) && sd->dacl == NULL) {
-		*access_granted = access_desired;
+                *access_granted = access_desired;
+                talloc_free(ps_sid);
                 return NT_STATUS_OK;
         }
 
@@ -356,6 +358,7 @@ NTSTATUS sec_access_check_ds(const struct security_descriptor *sd,
                         break;
                 case SEC_ACE_TYPE_ACCESS_DENIED:
                         if (bits_remaining & ace->access_mask) {
+                                talloc_free(ps_sid);
                                 return NT_STATUS_ACCESS_DENIED;
                         }
                         break;
@@ -377,12 +380,13 @@ NTSTATUS sec_access_check_ds(const struct security_descriptor *sd,
 
                         if (ace->type == SEC_ACE_TYPE_ACCESS_ALLOWED_OBJECT) {
                                 object_tree_modify_access(node, ace->access_mask);
-				if (node->remaining_access == 0) {
-					return NT_STATUS_OK;
-				}
-                        }
-                        else {
+                                if (node->remaining_access == 0) {
+                                        talloc_free(ps_sid);
+                                        return NT_STATUS_OK;
+                                }
+                        } else {
                                 if (node->remaining_access & ace->access_mask){
+                                        talloc_free(ps_sid);
                                         return NT_STATUS_ACCESS_DENIED;
                                 }
                         }
@@ -393,6 +397,7 @@ NTSTATUS sec_access_check_ds(const struct security_descriptor *sd,
         }
 
 done:
+        talloc_free(ps_sid);
         if (bits_remaining != 0) {
                 return NT_STATUS_ACCESS_DENIED;
         }
author	Matthias Dieter Wallnöfer <mdw@samba.org>	2010-10-20 13:40:19 +0200
committer	Matthias Dieter Wallnöfer <mdw@samba.org>	2010-10-20 12:31:05 +0000
commit	caf6b3686fb7f18b17e0b89f519f216ac98df3be (patch)
tree	5cb894161604222f1114a937ab5ac03fc68d0dc5 /libcli/security/access_check.c
parent	efb22bf782fe49ca60650c87a0ead8ae93c06eca (diff)
download	samba-caf6b3686fb7f18b17e0b89f519f216ac98df3be.tar.gz samba-caf6b3686fb7f18b17e0b89f519f216ac98df3be.tar.bz2 samba-caf6b3686fb7f18b17e0b89f519f216ac98df3be.zip