summaryrefslogtreecommitdiff
path: root/libcli
diff options
context:
space:
mode:
authorMatthias Dieter Wallnöfer <mdw@samba.org>2010-10-20 13:40:19 +0200
committerMatthias Dieter Wallnöfer <mdw@samba.org>2010-10-20 12:31:05 +0000
commitcaf6b3686fb7f18b17e0b89f519f216ac98df3be (patch)
tree5cb894161604222f1114a937ab5ac03fc68d0dc5 /libcli
parentefb22bf782fe49ca60650c87a0ead8ae93c06eca (diff)
downloadsamba-caf6b3686fb7f18b17e0b89f519f216ac98df3be.tar.gz
samba-caf6b3686fb7f18b17e0b89f519f216ac98df3be.tar.bz2
samba-caf6b3686fb7f18b17e0b89f519f216ac98df3be.zip
libcli/security/access_check.c - fix a memory leak
Diffstat (limited to 'libcli')
-rw-r--r--libcli/security/access_check.c19
1 files changed, 12 insertions, 7 deletions
diff --git a/libcli/security/access_check.c b/libcli/security/access_check.c
index 35ee05716e..a00e42b520 100644
--- a/libcli/security/access_check.c
+++ b/libcli/security/access_check.c
@@ -287,7 +287,7 @@ NTSTATUS sec_access_check_ds(const struct security_descriptor *sd,
uint32_t bits_remaining;
struct object_tree *node;
const struct GUID *type;
- struct dom_sid *ps_sid = dom_sid_parse_talloc(NULL, SID_NT_SELF);
+ struct dom_sid *ps_sid = dom_sid_parse_talloc(sd, SID_NT_SELF);
*access_granted = access_desired;
bits_remaining = access_desired;
@@ -304,13 +304,15 @@ NTSTATUS sec_access_check_ds(const struct security_descriptor *sd,
if (security_token_has_privilege(token, SEC_PRIV_SECURITY)) {
bits_remaining &= ~SEC_FLAG_SYSTEM_SECURITY;
} else {
+ talloc_free(ps_sid);
return NT_STATUS_PRIVILEGE_NOT_HELD;
}
}
/* a NULL dacl allows access */
if ((sd->type & SEC_DESC_DACL_PRESENT) && sd->dacl == NULL) {
- *access_granted = access_desired;
+ *access_granted = access_desired;
+ talloc_free(ps_sid);
return NT_STATUS_OK;
}
@@ -356,6 +358,7 @@ NTSTATUS sec_access_check_ds(const struct security_descriptor *sd,
break;
case SEC_ACE_TYPE_ACCESS_DENIED:
if (bits_remaining & ace->access_mask) {
+ talloc_free(ps_sid);
return NT_STATUS_ACCESS_DENIED;
}
break;
@@ -377,12 +380,13 @@ NTSTATUS sec_access_check_ds(const struct security_descriptor *sd,
if (ace->type == SEC_ACE_TYPE_ACCESS_ALLOWED_OBJECT) {
object_tree_modify_access(node, ace->access_mask);
- if (node->remaining_access == 0) {
- return NT_STATUS_OK;
- }
- }
- else {
+ if (node->remaining_access == 0) {
+ talloc_free(ps_sid);
+ return NT_STATUS_OK;
+ }
+ } else {
if (node->remaining_access & ace->access_mask){
+ talloc_free(ps_sid);
return NT_STATUS_ACCESS_DENIED;
}
}
@@ -393,6 +397,7 @@ NTSTATUS sec_access_check_ds(const struct security_descriptor *sd,
}
done:
+ talloc_free(ps_sid);
if (bits_remaining != 0) {
return NT_STATUS_ACCESS_DENIED;
}