From 369f5fd1d7a6e6298bc3cbe01e3aaed0106f6cf4 Mon Sep 17 00:00:00 2001
From: Jeremy Allison <jra@samba.org>
Date: Fri, 15 Dec 2000 01:02:11 +0000
Subject: Fixed memory leaks in lsa_XX calls. Fixed memory leaks in smbcacls.
 Merged in fixes from appliance-head and 2.2. Fixed multiple connection.tdb
 open problem. Jeremy. (This used to be commit
 0a40bc83e14c69a09948ec09bb6fc5026c4f4c14)

---
 source3/libsmb/cli_lsarpc.c | 28 +++++++++++++++++++++++++++-
 source3/libsmb/clientgen.c  |  4 ++--
 source3/libsmb/clisecdesc.c | 39 ++++++++++++++++++++++++---------------
 source3/libsmb/clitrans.c   |  7 ++++++-
 4 files changed, 59 insertions(+), 19 deletions(-)

(limited to 'source3/libsmb')

diff --git a/source3/libsmb/cli_lsarpc.c b/source3/libsmb/cli_lsarpc.c
index 4199ab2648..60fab75cca 100644
--- a/source3/libsmb/cli_lsarpc.c
+++ b/source3/libsmb/cli_lsarpc.c
@@ -109,12 +109,16 @@ uint32 cli_lsa_open_policy(struct cli_state *cli, BOOL sec_qos,
 
 	if (!lsa_io_q_open_pol("", &q, &qbuf, 0) ||
 	    !rpc_api_pipe_req(cli, LSA_OPENPOLICY, &qbuf, &rbuf)) {
+		prs_mem_free(&qbuf);
+		prs_mem_free(&rbuf);
 		return NT_STATUS_UNSUCCESSFUL;
 	}
 
 	/* Unmarshall response */
 
 	if (!lsa_io_r_open_pol("", &r, &rbuf, 0)) {
+		prs_mem_free(&qbuf);
+		prs_mem_free(&rbuf);
 		return NT_STATUS_UNSUCCESSFUL;
 	}
 
@@ -126,6 +130,8 @@ uint32 cli_lsa_open_policy(struct cli_state *cli, BOOL sec_qos,
 		*hnd = r.pol;
 	}
 
+	prs_mem_free(&qbuf);
+	prs_mem_free(&rbuf);
 	return result;
 }
 
@@ -152,12 +158,16 @@ uint32 cli_lsa_close(struct cli_state *cli, POLICY_HND *hnd)
 
 	if (!lsa_io_q_close("", &q, &qbuf, 0) ||
 	    !rpc_api_pipe_req(cli, LSA_CLOSE, &qbuf, &rbuf)) {
+		prs_mem_free(&qbuf);
+		prs_mem_free(&rbuf);
 		return NT_STATUS_UNSUCCESSFUL;
 	}
 
 	/* Unmarshall response */
 
 	if (!lsa_io_r_close("", &r, &rbuf, 0)) {
+		prs_mem_free(&qbuf);
+		prs_mem_free(&rbuf);
 		return NT_STATUS_UNSUCCESSFUL;
 	}
 
@@ -169,6 +179,8 @@ uint32 cli_lsa_close(struct cli_state *cli, POLICY_HND *hnd)
 		*hnd = r.pol;
 	}
 
+	prs_mem_free(&qbuf);
+	prs_mem_free(&rbuf);
 	return result;
 }
 
@@ -200,6 +212,8 @@ uint32 cli_lsa_lookup_sids(struct cli_state *cli, POLICY_HND *hnd,
 
 	if (!lsa_io_q_lookup_sids("", &q, &qbuf, 0) ||
 	    !rpc_api_pipe_req(cli, LSA_LOOKUPSIDS, &qbuf, &rbuf)) {
+		prs_mem_free(&qbuf);
+		prs_mem_free(&rbuf);
 		return NT_STATUS_UNSUCCESSFUL;
 	}
 
@@ -212,6 +226,8 @@ uint32 cli_lsa_lookup_sids(struct cli_state *cli, POLICY_HND *hnd,
 	r.names = &t_names;
 
 	if (!lsa_io_r_lookup_sids("", &r, &rbuf, 0)) {
+		prs_mem_free(&qbuf);
+		prs_mem_free(&rbuf);
 		return NT_STATUS_UNSUCCESSFUL;
 	}
 
@@ -271,6 +287,9 @@ uint32 cli_lsa_lookup_sids(struct cli_state *cli, POLICY_HND *hnd,
 	}
 
  done:
+	prs_mem_free(&qbuf);
+	prs_mem_free(&rbuf);
+
 	return result;
 }
 
@@ -301,6 +320,8 @@ uint32 cli_lsa_lookup_names(struct cli_state *cli, POLICY_HND *hnd,
 
 	if (!lsa_io_q_lookup_names("", &q, &qbuf, 0) ||
 	    !rpc_api_pipe_req(cli, LSA_LOOKUPNAMES, &qbuf, &rbuf)) {
+		prs_mem_free(&qbuf);
+		prs_mem_free(&rbuf);
 		return NT_STATUS_UNSUCCESSFUL;
 	}
 	
@@ -309,7 +330,9 @@ uint32 cli_lsa_lookup_names(struct cli_state *cli, POLICY_HND *hnd,
 	ZERO_STRUCT(ref);
 	r.dom_ref = &ref;
 
-	if (!lsa_io_r_lookup_names(cli->mem_ctx, "", &r, &rbuf, 0)) {
+	if (!lsa_io_r_lookup_names("", &r, &rbuf, 0)) {
+		prs_mem_free(&qbuf);
+		prs_mem_free(&rbuf);
 		return NT_STATUS_UNSUCCESSFUL;
 	}
 
@@ -366,5 +389,8 @@ uint32 cli_lsa_lookup_names(struct cli_state *cli, POLICY_HND *hnd,
 	}
 
  done:
+	prs_mem_free(&qbuf);
+	prs_mem_free(&rbuf);
+
 	return result;
 }
diff --git a/source3/libsmb/clientgen.c b/source3/libsmb/clientgen.c
index 8d9e2f034f..1938049806 100644
--- a/source3/libsmb/clientgen.c
+++ b/source3/libsmb/clientgen.c
@@ -209,13 +209,13 @@ struct cli_state *cli_initialise(struct cli_state *cli)
 	cli->inbuf = (char *)malloc(cli->bufsize);
 	if (!cli->outbuf || !cli->inbuf)
 	{
-		return False;
+		return NULL;
 	}
 
 	if ((cli->mem_ctx = talloc_init()) == NULL) {
 		free(cli->outbuf);
 		free(cli->inbuf);
-		return False;
+		return NULL;
 	}
 
 	memset(cli->outbuf, '\0', cli->bufsize);
diff --git a/source3/libsmb/clisecdesc.c b/source3/libsmb/clisecdesc.c
index b56e1ea688..d53b3073b2 100644
--- a/source3/libsmb/clisecdesc.c
+++ b/source3/libsmb/clisecdesc.c
@@ -36,7 +36,6 @@ SEC_DESC *cli_query_secdesc(struct cli_state *cli,int fd)
 	TALLOC_CTX *mem_ctx;
 	prs_struct pd;
 	SEC_DESC *psd = NULL;
-	SEC_DESC *ret;
 
 	SIVAL(param, 0, fd);
 	SSVAL(param, 4, 0x7);
@@ -48,7 +47,7 @@ SEC_DESC *cli_query_secdesc(struct cli_state *cli,int fd)
 			       param, 8, 4,
 			       NULL, 0, 0x10000)) {
 		DEBUG(1,("Failed to send NT_TRANSACT_QUERY_SECURITY_DESC\n"));
-		return NULL;
+		goto cleanup;
 	}
 
 
@@ -56,12 +55,12 @@ SEC_DESC *cli_query_secdesc(struct cli_state *cli,int fd)
 				  &rparam, &rparam_count,
 				  &rdata, &rdata_count)) {
 		DEBUG(1,("Failed to recv NT_TRANSACT_QUERY_SECURITY_DESC\n"));
-		return NULL;
+		goto cleanup;
 	}
 
 	if ((mem_ctx = talloc_init()) == NULL) {
 		DEBUG(0,("talloc_init failed.\n"));
-		return NULL;
+		goto cleanup;
 	}
 
 	prs_init(&pd, rdata_count, 4, mem_ctx, UNMARSHALL);
@@ -70,13 +69,17 @@ SEC_DESC *cli_query_secdesc(struct cli_state *cli,int fd)
 
 	if (!sec_io_desc("sd data", &psd, &pd, 1)) {
 		DEBUG(1,("Failed to parse secdesc\n"));
-		talloc_destroy(mem_ctx);
-		return NULL;
+		goto cleanup;
 	}
 
-	ret = dup_sec_desc(psd);
+ cleanup:
+
 	talloc_destroy(mem_ctx);
-	return ret;
+	safe_free(rparam);
+	safe_free(rdata);
+
+	prs_mem_free(&pd);
+	return psd;
 }
 
 
@@ -92,10 +95,11 @@ BOOL cli_set_secdesc(struct cli_state *cli,int fd, SEC_DESC *sd)
 	int rparam_count=0, rdata_count=0;
 	TALLOC_CTX *mem_ctx;
 	prs_struct pd;
+	BOOL ret = False;
 
 	if ((mem_ctx = talloc_init()) == NULL) {
 		DEBUG(0,("talloc_init failed.\n"));
-		return False;
+		goto cleanup;
 	}
 
 	prs_init(&pd, 0, 4, mem_ctx, MARSHALL);
@@ -103,7 +107,7 @@ BOOL cli_set_secdesc(struct cli_state *cli,int fd, SEC_DESC *sd)
 
 	if (!sec_io_desc("sd data", &sd, &pd, 1)) {
 		DEBUG(1,("Failed to marshall secdesc\n"));
-		return False;
+		goto cleanup;
 	}
 
 	SIVAL(param, 0, fd);
@@ -116,7 +120,7 @@ BOOL cli_set_secdesc(struct cli_state *cli,int fd, SEC_DESC *sd)
 			       param, 8, 0,
 			       pd.data_p, pd.data_offset, 0)) {
 		DEBUG(1,("Failed to send NT_TRANSACT_SET_SECURITY_DESC\n"));
-		return False;
+		goto cleanup;
 	}
 
 
@@ -124,14 +128,19 @@ BOOL cli_set_secdesc(struct cli_state *cli,int fd, SEC_DESC *sd)
 				  &rparam, &rparam_count,
 				  &rdata, &rdata_count)) {
 		DEBUG(1,("NT_TRANSACT_SET_SECURITY_DESC failed\n"));
-		return False;
+		goto cleanup;
 	}
 
-	if (rparam) free(rparam);
-	if (rdata) free(rdata);
+	ret = True;
+
+  cleanup:
+
+	safe_free(rparam);
+	safe_free(rdata);
 
 	talloc_destroy(mem_ctx);
 
-	return True;
+	prs_mem_free(&pd);
+	return ret;
 }
 
diff --git a/source3/libsmb/clitrans.c b/source3/libsmb/clitrans.c
index 50ed68ee16..5cd6ae30ce 100644
--- a/source3/libsmb/clitrans.c
+++ b/source3/libsmb/clitrans.c
@@ -170,8 +170,13 @@ BOOL cli_receive_trans(struct cli_state *cli,int trans,
 
 	if (cli_error(cli, &eclass, &ecode, NULL))
 	{
-        if(cli->nt_pipe_fnum == 0 || !(eclass == ERRDOS && ecode == ERRmoredata))
+        if(cli->nt_pipe_fnum == 0)
 			return(False);
+
+        if(!(eclass == ERRDOS && ecode == ERRmoredata)) {
+			if (eclass != 0 && (ecode != (0x80000000 | STATUS_BUFFER_OVERFLOW)))
+				return(False);
+		}
 	}
 
 	/* parse out the lengths */
-- 
cgit