From c123c8454142d17d2884ae9dd951b7f2a0b1a343 Mon Sep 17 00:00:00 2001
From: Andrew Tridgell <tridge@samba.org>
Date: Wed, 26 Nov 2003 02:08:41 +0000
Subject: fixed some memory leaks in the dcerpc use of ntlmssp signing (This
 used to be commit abbc9993b8f7eb9f57e079db1d0b170d0b9aa443)

---
 source4/librpc/rpc/dcerpc.c      |  5 +++++
 source4/librpc/rpc/dcerpc_auth.c | 26 ++++++++++++++++++++++----
 2 files changed, 27 insertions(+), 4 deletions(-)

(limited to 'source4/librpc')

diff --git a/source4/librpc/rpc/dcerpc.c b/source4/librpc/rpc/dcerpc.c
index bf5da4edb4..83fb0b592c 100644
--- a/source4/librpc/rpc/dcerpc.c
+++ b/source4/librpc/rpc/dcerpc.c
@@ -53,6 +53,9 @@ void dcerpc_pipe_close(struct dcerpc_pipe *p)
 	if (!p) return;
 	p->reference_count--;
 	if (p->reference_count <= 0) {
+		if (p->ntlmssp_state) {
+			ntlmssp_end(&p->ntlmssp_state);
+		}
 		p->transport.shutdown_pipe(p);
 		talloc_destroy(p->mem_ctx);
 	}
@@ -238,6 +241,8 @@ static NTSTATUS dcerpc_push_request_sign(struct dcerpc_pipe *p,
 	SSVAL(blob->data,  8, blob->length);
 	SSVAL(blob->data, 10, p->auth_info->credentials.length);
 
+	data_blob_free(&p->auth_info->credentials);
+
 	return NT_STATUS_OK;
 }
 
diff --git a/source4/librpc/rpc/dcerpc_auth.c b/source4/librpc/rpc/dcerpc_auth.c
index 32fdcb0b86..103a3c70d8 100644
--- a/source4/librpc/rpc/dcerpc_auth.c
+++ b/source4/librpc/rpc/dcerpc_auth.c
@@ -34,6 +34,7 @@ NTSTATUS dcerpc_bind_auth_ntlm(struct dcerpc_pipe *p,
 	NTSTATUS status;
 	struct ntlmssp_state *state;
 	TALLOC_CTX *mem_ctx;
+	DATA_BLOB credentials;
 
 	mem_ctx = talloc_init("dcerpc_bind_auth_ntlm");
 	if (!mem_ctx) {
@@ -76,27 +77,44 @@ NTSTATUS dcerpc_bind_auth_ntlm(struct dcerpc_pipe *p,
 
 	status = ntlmssp_update(state, 
 				p->auth_info->credentials,
-				&p->auth_info->credentials);
+				&credentials);
 	if (!NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED)) {
 		goto done;
 	}
+
+	p->auth_info->credentials = data_blob_talloc(mem_ctx, 
+						     credentials.data, 
+						     credentials.length);
+	data_blob_free(&credentials);
+
 	status = dcerpc_bind_byuuid(p, mem_ctx, uuid, version);
 	if (!NT_STATUS_IS_OK(status)) {
 		goto done;
 	}
 
+
 	status = ntlmssp_update(state, 
 				p->auth_info->credentials, 
-				&p->auth_info->credentials);
+				&credentials);
 	if (!NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED)) {
 		goto done;
 	}
 
+	p->auth_info->credentials = data_blob_talloc(mem_ctx, 
+						     credentials.data, 
+						     credentials.length);
+	data_blob_free(&credentials);
+
 	status = dcerpc_auth3(p, mem_ctx);
+
+	if (!NT_STATUS_IS_OK(status)) {
+		goto done;
+	}
+
 	p->ntlmssp_state = state;
-	p->auth_info->credentials = data_blob(NULL, 0);
 
-	ntlmssp_sign_init(state);
+	/* setup for signing */
+	status = ntlmssp_sign_init(state);
 
 done:
 	talloc_destroy(mem_ctx);
-- 
cgit