From 59b66744f7318d8197f0d2029bf3b641dafa327e Mon Sep 17 00:00:00 2001 From: Simo Sorce Date: Sun, 15 Oct 2006 23:14:19 +0000 Subject: r19299: Fix possible memleaks (This used to be commit 6fad80bb09113a60689061a2de67711c9924708b) --- source4/auth/gensec/schannel_state.c | 24 +++++++++++++++++++++--- source4/dsdb/samdb/ldb_modules/entryUUID.c | 4 +++- source4/kdc/hdb-ldb.c | 5 +---- source4/lib/ldb/modules/ldb_map.c | 2 ++ source4/lib/registry/reg_backend_ldb.c | 1 + source4/libnet/libnet_join.c | 1 + source4/nbt_server/wins/winsdb.c | 4 ++-- source4/param/share_ldb.c | 4 ++-- source4/torture/ldap/schema.c | 1 + 9 files changed, 34 insertions(+), 12 deletions(-) (limited to 'source4') diff --git a/source4/auth/gensec/schannel_state.c b/source4/auth/gensec/schannel_state.c index e8d0f8388b..855f159981 100644 --- a/source4/auth/gensec/schannel_state.c +++ b/source4/auth/gensec/schannel_state.c @@ -198,12 +198,14 @@ NTSTATUS schannel_fetch_session_key_ldb(TALLOC_CTX *mem_ctx, ret = ldb_search(ldb, NULL, LDB_SCOPE_SUBTREE, expr, NULL, &res); if (ret != LDB_SUCCESS || res->count != 1) { DEBUG(3,("schannel: Failed to find a record for client: %s\n", computer_name)); + talloc_free(res); return NT_STATUS_INVALID_HANDLE; } val = ldb_msg_find_ldb_val(res->msgs[0], "sessionKey"); if (val == NULL || val->length != 16) { DEBUG(1,("schannel: record in schannel DB must contain a sessionKey of length 16, when searching for client: %s\n", computer_name)); + talloc_free(res); return NT_STATUS_INTERNAL_ERROR; } @@ -212,6 +214,7 @@ NTSTATUS schannel_fetch_session_key_ldb(TALLOC_CTX *mem_ctx, val = ldb_msg_find_ldb_val(res->msgs[0], "seed"); if (val == NULL || val->length != 8) { DEBUG(1,("schannel: record in schannel DB must contain a vaid seed of length 8, when searching for client: %s\n", computer_name)); + talloc_free(res); return NT_STATUS_INTERNAL_ERROR; } @@ -220,6 +223,7 @@ NTSTATUS schannel_fetch_session_key_ldb(TALLOC_CTX *mem_ctx, val = ldb_msg_find_ldb_val(res->msgs[0], "clientState"); if (val == NULL || val->length != 8) { DEBUG(1,("schannel: record in schannel DB must contain a vaid clientState of length 8, when searching for client: %s\n", computer_name)); + talloc_free(res); return NT_STATUS_INTERNAL_ERROR; } memcpy((*creds)->client.data, val->data, 8); @@ -227,6 +231,7 @@ NTSTATUS schannel_fetch_session_key_ldb(TALLOC_CTX *mem_ctx, val = ldb_msg_find_ldb_val(res->msgs[0], "serverState"); if (val == NULL || val->length != 8) { DEBUG(1,("schannel: record in schannel DB must contain a vaid serverState of length 8, when searching for client: %s\n", computer_name)); + talloc_free(res); return NT_STATUS_INTERNAL_ERROR; } memcpy((*creds)->server.data, val->data, 8); @@ -235,14 +240,27 @@ NTSTATUS schannel_fetch_session_key_ldb(TALLOC_CTX *mem_ctx, (*creds)->secure_channel_type = ldb_msg_find_attr_as_int(res->msgs[0], "secureChannelType", 0); - (*creds)->account_name = talloc_reference(*creds, ldb_msg_find_attr_as_string(res->msgs[0], "accountName", NULL)); + (*creds)->account_name = talloc_strdup(*creds, ldb_msg_find_attr_as_string(res->msgs[0], "accountName", NULL)); + if ((*creds)->account_name == NULL) { + talloc_free(res); + return NT_STATUS_NO_MEMORY; + } - (*creds)->computer_name = talloc_reference(*creds, ldb_msg_find_attr_as_string(res->msgs[0], "computerName", NULL)); + (*creds)->computer_name = talloc_strdup(*creds, ldb_msg_find_attr_as_string(res->msgs[0], "computerName", NULL)); + if ((*creds)->computer_name == NULL) { + talloc_free(res); + return NT_STATUS_NO_MEMORY; + } - (*creds)->domain = talloc_reference(*creds, ldb_msg_find_attr_as_string(res->msgs[0], "flatname", NULL)); + (*creds)->domain = talloc_strdup(*creds, ldb_msg_find_attr_as_string(res->msgs[0], "flatname", NULL)); + if ((*creds)->domain == NULL) { + talloc_free(res); + return NT_STATUS_NO_MEMORY; + } (*creds)->sid = samdb_result_dom_sid(*creds, res->msgs[0], "objectSid"); + talloc_free(res); return NT_STATUS_OK; } diff --git a/source4/dsdb/samdb/ldb_modules/entryUUID.c b/source4/dsdb/samdb/ldb_modules/entryUUID.c index 328a7654ed..215d777d00 100644 --- a/source4/dsdb/samdb/ldb_modules/entryUUID.c +++ b/source4/dsdb/samdb/ldb_modules/entryUUID.c @@ -468,7 +468,9 @@ static int fetch_objectclass_schema(struct ldb_context *ldb, struct ldb_dn *sche if (ret != LDB_SUCCESS) { return ret; } - + + talloc_steal(mem_ctx, objectclass_res); + return ret; } diff --git a/source4/kdc/hdb-ldb.c b/source4/kdc/hdb-ldb.c index 551b0cc0f2..827c66b86d 100644 --- a/source4/kdc/hdb-ldb.c +++ b/source4/kdc/hdb-ldb.c @@ -458,8 +458,6 @@ static krb5_error_code LDB_lookup_principal(krb5_context context, struct ldb_con char *short_princ; char *short_princ_talloc; - char *realm_dn_str; - struct ldb_result *res = NULL; ret = krb5_unparse_name_norealm(context, principal, &short_princ); @@ -501,13 +499,12 @@ static krb5_error_code LDB_lookup_principal(krb5_context context, struct ldb_con lret = ldb_search(ldb_ctx, realm_dn, LDB_SCOPE_SUBTREE, filter, princ_attrs, &res); - realm_dn_str = ldb_dn_linearize(mem_ctx, realm_dn); - if (lret != LDB_SUCCESS) { DEBUG(3, ("Failed to search for %s: %s\n", filter, ldb_errstring(ldb_ctx))); return HDB_ERR_NOENTRY; } else if (res->count == 0 || res->count > 1) { DEBUG(3, ("Failed find a single entry for %s: got %d\n", filter, res->count)); + talloc_free(res); return HDB_ERR_NOENTRY; } talloc_steal(mem_ctx, res->msgs); diff --git a/source4/lib/ldb/modules/ldb_map.c b/source4/lib/ldb/modules/ldb_map.c index 0c58687ddb..f9ae66a2aa 100644 --- a/source4/lib/ldb/modules/ldb_map.c +++ b/source4/lib/ldb/modules/ldb_map.c @@ -1233,11 +1233,13 @@ static int map_init_dns(struct ldb_module *module, struct ldb_map_context *data, if (res->count == 0) { ldb_debug(module->ldb, LDB_DEBUG_ERROR, "ldb_map: " "No results for '%s=%s'!\n", MAP_DN_NAME, name); + talloc_free(res); return LDB_ERR_CONSTRAINT_VIOLATION; } if (res->count > 1) { ldb_debug(module->ldb, LDB_DEBUG_ERROR, "ldb_map: " "Too many results for '%s=%s'!\n", MAP_DN_NAME, name); + talloc_free(res); return LDB_ERR_CONSTRAINT_VIOLATION; } diff --git a/source4/lib/registry/reg_backend_ldb.c b/source4/lib/registry/reg_backend_ldb.c index d723b1dbe4..8edbc5a085 100644 --- a/source4/lib/registry/reg_backend_ldb.c +++ b/source4/lib/registry/reg_backend_ldb.c @@ -240,6 +240,7 @@ static WERROR ldb_open_key(TALLOC_CTX *mem_ctx, const struct registry_key *h, co DEBUG(0, ("Error opening key '%s': %s\n", ldb_dn_linearize(ldap_path, ldap_path), ldb_errstring(c))); return WERR_FOOBAR; } else if (res->count == 0) { + talloc_free(res); return WERR_BADFILE; } diff --git a/source4/libnet/libnet_join.c b/source4/libnet/libnet_join.c index 57ecddd9da..8112d043f6 100644 --- a/source4/libnet/libnet_join.c +++ b/source4/libnet/libnet_join.c @@ -247,6 +247,7 @@ static NTSTATUS libnet_JoinADSDomain(struct libnet_context *ctx, struct libnet_J /* search for the user's record */ ret = ldb_search(remote_ldb, account_dn, LDB_SCOPE_BASE, NULL, attrs, &res); + talloc_steal(tmp_ctx, res); if (ret != LDB_SUCCESS || res->count != 1) { r->out.error_string = talloc_asprintf(r, "ldb_search for %s failed - %s", account_dn_str, ldb_errstring(remote_ldb)); diff --git a/source4/nbt_server/wins/winsdb.c b/source4/nbt_server/wins/winsdb.c index f423458073..0ac7a4bb7f 100644 --- a/source4/nbt_server/wins/winsdb.c +++ b/source4/nbt_server/wins/winsdb.c @@ -85,6 +85,7 @@ uint64_t winsdb_set_maxVersion(struct winsdb_handle *h, uint64_t newMaxVersion) ret = ldb_search(wins_db, dn, LDB_SCOPE_BASE, NULL, NULL, &res); if (ret != LDB_SUCCESS) goto failed; + talloc_steal(tmp_ctx, res); if (res->count > 1) goto failed; talloc_steal(tmp_ctx, res); @@ -588,6 +589,7 @@ NTSTATUS winsdb_lookup(struct winsdb_handle *h, ret = ldb_search(wins_db, winsdb_dn(tmp_ctx, name), LDB_SCOPE_BASE, NULL, NULL, &res); + talloc_steal(tmp_ctx, res); if (ret != LDB_SUCCESS || res->count > 1) { status = NT_STATUS_INTERNAL_DB_CORRUPTION; goto failed; @@ -596,8 +598,6 @@ NTSTATUS winsdb_lookup(struct winsdb_handle *h, goto failed; } - talloc_steal(tmp_ctx, res); - status = winsdb_record(h, res->msgs[0], tmp_ctx, now, &rec); if (!NT_STATUS_IS_OK(status)) goto failed; diff --git a/source4/param/share_ldb.c b/source4/param/share_ldb.c index fba204c834..ac56b950c8 100644 --- a/source4/param/share_ldb.c +++ b/source4/param/share_ldb.c @@ -172,11 +172,11 @@ static NTSTATUS sldb_list_all(TALLOC_CTX *mem_ctx, ldb = talloc_get_type(ctx->priv_data, struct ldb_context); ret = ldb_search(ldb, ldb_dn_explode(tmp_ctx, "CN=SHARES"), LDB_SCOPE_SUBTREE, "(name=*)", NULL, &res); + talloc_steal(tmp_ctx, res); if (ret != LDB_SUCCESS) { talloc_free(tmp_ctx); return NT_STATUS_BAD_NETWORK_NAME; } - talloc_steal(tmp_ctx, res); n = talloc_array(mem_ctx, const char *, res->count); if (!n) { @@ -228,11 +228,11 @@ static NTSTATUS sldb_get_config(TALLOC_CTX *mem_ctx, return NT_STATUS_NO_MEMORY; } ret = ldb_search(ldb, ldb_dn_explode(tmp_ctx, "CN=SHARES"), LDB_SCOPE_SUBTREE, filter, NULL, &res); + talloc_steal(tmp_ctx, res); if (ret != LDB_SUCCESS || res->count != 1) { talloc_free(tmp_ctx); return NT_STATUS_BAD_NETWORK_NAME; } - talloc_steal(tmp_ctx, res); s = talloc(tmp_ctx, struct share_config); if (!s) { diff --git a/source4/torture/ldap/schema.c b/source4/torture/ldap/schema.c index 69750826ce..1f4ec22825 100644 --- a/source4/torture/ldap/schema.c +++ b/source4/torture/ldap/schema.c @@ -124,6 +124,7 @@ static BOOL test_search_rootDSE(struct ldb_context *ldb, struct test_rootDSE *ro if (ret != LDB_SUCCESS) { return False; } else if (r->count != 1) { + talloc_free(r); return False; } -- cgit