From 593c004b74693aeddfffdf80945d37bac7276969 Mon Sep 17 00:00:00 2001
From: Volker Lendecke <vl@samba.org>
Date: Sun, 2 Jan 2011 05:57:09 +0100
Subject: s3: Fix a memleak in receive_getdc_response

It's the free_packet() that was missing. On the way, I've changed the
"return false;" to a "goto fail;", which makes the patch a bit larger.

Autobuild-User: Volker Lendecke <vlendec@samba.org>
Autobuild-Date: Sun Jan  2 14:27:56 CET 2011 on sn-devel-104
---
 source3/libsmb/clidgram.c | 37 ++++++++++++++++++++++---------------
 1 file changed, 22 insertions(+), 15 deletions(-)

(limited to 'source3/libsmb/clidgram.c')

diff --git a/source3/libsmb/clidgram.c b/source3/libsmb/clidgram.c
index 05a0edc59d..c9592a15ac 100644
--- a/source3/libsmb/clidgram.c
+++ b/source3/libsmb/clidgram.c
@@ -107,7 +107,7 @@ static bool cli_prep_mailslot(bool unique, const char *mailslot,
 	return true;
 }
 
-static const char *mailslot_name(TALLOC_CTX *mem_ctx, struct in_addr dc_ip)
+static char *mailslot_name(TALLOC_CTX *mem_ctx, struct in_addr dc_ip)
 {
 	return talloc_asprintf(mem_ctx, "%s%X",
 			       NBT_MAILSLOT_GETDC, dc_ip.s_addr);
@@ -220,11 +220,11 @@ bool receive_getdc_response(TALLOC_CTX *mem_ctx,
 			    const char **dc_name,
 			    struct netlogon_samlogon_response **samlogon_response)
 {
-	struct packet_struct *packet;
-	const char *my_mailslot = NULL;
+	struct packet_struct *packet = NULL;
+	char *my_mailslot = NULL;
 	struct in_addr dc_ip;
 	DATA_BLOB blob;
-	struct netlogon_samlogon_response *r;
+	struct netlogon_samlogon_response *r = NULL;
 	union dgram_message_body p;
 	enum ndr_err_code ndr_err;
 	NTSTATUS status;
@@ -257,12 +257,12 @@ bool receive_getdc_response(TALLOC_CTX *mem_ctx,
 
 	if (blob.length < 4) {
 		DEBUG(0,("invalid length: %d\n", (int)blob.length));
-		return false;
+		goto fail;
 	}
 
 	if (RIVAL(blob.data,0) != DGRAM_SMB) {
 		DEBUG(0,("invalid packet\n"));
-		return false;
+		goto fail;
 	}
 
 	blob.data += 4;
@@ -272,12 +272,12 @@ bool receive_getdc_response(TALLOC_CTX *mem_ctx,
 		       (ndr_pull_flags_fn_t)ndr_pull_dgram_smb_packet);
 	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
 		DEBUG(0,("failed to parse packet\n"));
-		return false;
+		goto fail;
 	}
 
 	if (p.smb.smb_command != SMB_TRANSACTION) {
 		DEBUG(0,("invalid smb_command: %d\n", p.smb.smb_command));
-		return false;
+		goto fail;
 	}
 
 	if (DEBUGLEVEL >= 10) {
@@ -288,13 +288,12 @@ bool receive_getdc_response(TALLOC_CTX *mem_ctx,
 
 	r = TALLOC_ZERO_P(mem_ctx, struct netlogon_samlogon_response);
 	if (!r) {
-		return false;
+		goto fail;
 	}
 
 	status = pull_netlogon_samlogon_response(&blob, mem_ctx, r);
 	if (!NT_STATUS_IS_OK(status)) {
-		TALLOC_FREE(r);
-		return false;
+		goto fail;
 	}
 
 	map_netlogon_samlogon_response(r);
@@ -308,14 +307,12 @@ bool receive_getdc_response(TALLOC_CTX *mem_ctx,
 	if (!strequal(returned_domain, domain_name)) {
 		DEBUG(3, ("GetDC: Expected domain %s, got %s\n",
 			  domain_name, returned_domain));
-		TALLOC_FREE(r);
-		return false;
+		goto fail;
 	}
 
 	*dc_name = talloc_strdup(mem_ctx, returned_dc);
 	if (!*dc_name) {
-		TALLOC_FREE(r);
-		return false;
+		goto fail;
 	}
 
 	if (**dc_name == '\\')	*dc_name += 1;
@@ -330,5 +327,15 @@ bool receive_getdc_response(TALLOC_CTX *mem_ctx,
 	DEBUG(10, ("GetDC gave name %s for domain %s\n",
 		   *dc_name, returned_domain));
 
+	free_packet(packet);
+	TALLOC_FREE(my_mailslot);
 	return True;
+
+fail:
+	TALLOC_FREE(my_mailslot);
+	TALLOC_FREE(r);
+	if (packet != NULL) {
+		free_packet(packet);
+	}
+	return false;
 }
-- 
cgit