From 318682b00377605a26d0b7fd4b59713c6c429b81 Mon Sep 17 00:00:00 2001
From: Andrew Tridgell <tridge@samba.org>
Date: Thu, 28 Sep 2006 06:44:47 +0000
Subject: r18971: avoid strndup is a few places. Fixes a minor memory leak, and
 should fix RPC-LSA on AIX. (This used to be commit
 6cce709d08579f4e00b44b692332a557b0ea3b86)

---
 source4/lib/registry/common/reg_util.c |  4 ++--
 source4/libcli/auth/session.c          | 11 ++++++++---
 source4/torture/rpc/lsa.c              | 15 ++++++++++-----
 source4/torture/rpc/session_key.c      |  2 +-
 4 files changed, 21 insertions(+), 11 deletions(-)

(limited to 'source4')

diff --git a/source4/lib/registry/common/reg_util.c b/source4/lib/registry/common/reg_util.c
index 3d0cdf5a6a..a8d7accb3d 100644
--- a/source4/lib/registry/common/reg_util.c
+++ b/source4/lib/registry/common/reg_util.c
@@ -171,9 +171,9 @@ WERROR reg_open_key_abs(TALLOC_CTX *mem_ctx, struct registry_context *handle, co
 	if(strchr(name, '\\')) predeflength = strchr(name, '\\')-name;
 	else predeflength = strlen(name);
 
-	predefname = strndup(name, predeflength);
+	predefname = talloc_strndup(mem_ctx, name, predeflength);
 	error = reg_get_predefined_key_by_name(handle, predefname, &predef);
-	SAFE_FREE(predefname);
+	talloc_free(predefname);
 
 	if(!W_ERROR_IS_OK(error)) {
 		return error;
diff --git a/source4/libcli/auth/session.c b/source4/libcli/auth/session.c
index 280a0d282c..430eecd78f 100644
--- a/source4/libcli/auth/session.c
+++ b/source4/libcli/auth/session.c
@@ -97,7 +97,8 @@ DATA_BLOB sess_encrypt_string(const char *str, const DATA_BLOB *session_key)
 
   caller should free the returned string
 */
-char *sess_decrypt_string(DATA_BLOB *blob, const DATA_BLOB *session_key)
+char *sess_decrypt_string(TALLOC_CTX *mem_ctx, 
+			  DATA_BLOB *blob, const DATA_BLOB *session_key)
 {
 	DATA_BLOB out;
 	int slen;
@@ -107,7 +108,7 @@ char *sess_decrypt_string(DATA_BLOB *blob, const DATA_BLOB *session_key)
 		return NULL;
 	}
 	
-	out = data_blob(NULL, blob->length);
+	out = data_blob_talloc(mem_ctx, NULL, blob->length);
 	if (!out.data) {
 		return NULL;
 	}
@@ -117,19 +118,23 @@ char *sess_decrypt_string(DATA_BLOB *blob, const DATA_BLOB *session_key)
 	if (IVAL(out.data, 4) != 1) {
 		DEBUG(0,("Unexpected revision number %d in session crypted string\n",
 			 IVAL(out.data, 4)));
+		data_blob_free(&out);
 		return NULL;
 	}
 
 	slen = IVAL(out.data, 0);
 	if (slen > blob->length - 8) {
 		DEBUG(0,("Invalid crypt length %d\n", slen));
+		data_blob_free(&out);
 		return NULL;
 	}
 
-	ret = strndup((const char *)(out.data+8), slen);
+	ret = talloc_strndup(mem_ctx, (const char *)(out.data+8), slen);
 
 	data_blob_free(&out);
 
+	DEBUG(0,("decrypted string '%s' of length %d\n", ret, slen));
+
 	return ret;
 }
 
diff --git a/source4/torture/rpc/lsa.c b/source4/torture/rpc/lsa.c
index 84bc90963d..575426a409 100644
--- a/source4/torture/rpc/lsa.c
+++ b/source4/torture/rpc/lsa.c
@@ -976,7 +976,8 @@ static BOOL test_CreateSecret(struct dcerpc_pipe *p,
 				
 				blob2 = data_blob_talloc(mem_ctx, NULL, blob1.length);
 				
-				secret2 = sess_decrypt_string(&blob1, &session_key);
+				secret2 = sess_decrypt_string(mem_ctx, 
+							      &blob1, &session_key);
 				
 				if (strcmp(secret1, secret2) != 0) {
 					printf("Returned secret '%s' doesn't match '%s'\n", 
@@ -1036,7 +1037,8 @@ static BOOL test_CreateSecret(struct dcerpc_pipe *p,
 				
 				blob2 = data_blob_talloc(mem_ctx, NULL, blob1.length);
 				
-				secret4 = sess_decrypt_string(&blob1, &session_key);
+				secret4 = sess_decrypt_string(mem_ctx, 
+							      &blob1, &session_key);
 				
 				if (strcmp(secret3, secret4) != 0) {
 					printf("Returned NEW secret %s doesn't match %s\n", secret4, secret3);
@@ -1048,7 +1050,8 @@ static BOOL test_CreateSecret(struct dcerpc_pipe *p,
 				
 				blob2 = data_blob_talloc(mem_ctx, NULL, blob1.length);
 				
-				secret2 = sess_decrypt_string(&blob1, &session_key);
+				secret2 = sess_decrypt_string(mem_ctx, 
+							      &blob1, &session_key);
 				
 				if (strcmp(secret1, secret2) != 0) {
 					printf("Returned OLD secret %s doesn't match %s\n", secret2, secret1);
@@ -1122,7 +1125,8 @@ static BOOL test_CreateSecret(struct dcerpc_pipe *p,
 				
 				blob2 = data_blob_talloc(mem_ctx, NULL, blob1.length);
 				
-				secret6 = sess_decrypt_string(&blob1, &session_key);
+				secret6 = sess_decrypt_string(mem_ctx,
+							      &blob1, &session_key);
 				
 				if (strcmp(secret3, secret4) != 0) {
 					printf("Returned NEW secret '%s' doesn't match '%s'\n", secret4, secret3);
@@ -1134,7 +1138,8 @@ static BOOL test_CreateSecret(struct dcerpc_pipe *p,
 				
 				blob2 = data_blob_talloc(mem_ctx, NULL, blob1.length);
 				
-				secret6 = sess_decrypt_string(&blob1, &session_key);
+				secret6 = sess_decrypt_string(mem_ctx,
+							      &blob1, &session_key);
 				
 				if (strcmp(secret5, secret6) != 0) {
 					printf("Returned OLD secret %s doesn't match %s\n", secret5, secret6);
diff --git a/source4/torture/rpc/session_key.c b/source4/torture/rpc/session_key.c
index d70fc95b18..6785946770 100644
--- a/source4/torture/rpc/session_key.c
+++ b/source4/torture/rpc/session_key.c
@@ -139,7 +139,7 @@ static BOOL test_CreateSecret_basic(struct dcerpc_pipe *p,
 			
 			blob2 = data_blob_talloc(mem_ctx, NULL, blob1.length);
 			
-			secret2 = sess_decrypt_string(&blob1, &session_key);
+			secret2 = sess_decrypt_string(mem_ctx, &blob1, &session_key);
 			
 			if (strcmp(secret1, secret2) != 0) {
 				printf("Returned secret '%s' doesn't match '%s'\n", 
-- 
cgit