From c123c8454142d17d2884ae9dd951b7f2a0b1a343 Mon Sep 17 00:00:00 2001
From: Andrew Tridgell <tridge@samba.org>
Date: Wed, 26 Nov 2003 02:08:41 +0000
Subject: fixed some memory leaks in the dcerpc use of ntlmssp signing (This
 used to be commit abbc9993b8f7eb9f57e079db1d0b170d0b9aa443)

---
 source4/lib/data_blob.c            |  5 ++---
 source4/libcli/auth/ntlmssp_sign.c |  8 ++++++--
 source4/librpc/rpc/dcerpc.c        |  5 +++++
 source4/librpc/rpc/dcerpc_auth.c   | 26 ++++++++++++++++++++++----
 source4/param/loadparm.c           |  2 +-
 5 files changed, 36 insertions(+), 10 deletions(-)

(limited to 'source4')

diff --git a/source4/lib/data_blob.c b/source4/lib/data_blob.c
index d51cffbca4..933617e9ee 100644
--- a/source4/lib/data_blob.c
+++ b/source4/lib/data_blob.c
@@ -73,6 +73,7 @@ DATA_BLOB data_blob_talloc(TALLOC_CTX *mem_ctx, const void *p, size_t length)
 		}
 		ret.length = length;
 		memset(ret.data, 0, ret.length);
+		ret.free = NULL;
 		return ret;
 	}
 
@@ -91,8 +92,6 @@ free a data blob
 *******************************************************************/
 void data_blob_free(DATA_BLOB *d)
 {
-	return;
-
 	if (d) {
 		if (d->free) {
 			(d->free)(d);
@@ -124,7 +123,7 @@ void data_blob_clear_free(DATA_BLOB *d)
 /*******************************************************************
 check if two data blobs are equal
 *******************************************************************/
-BOOL data_blob_equal(DATA_BLOB *d1, DATA_BLOB *d2)
+BOOL data_blob_equal(const DATA_BLOB *d1, const DATA_BLOB *d2)
 {
 	if (d1->length != d2->length) {
 		return False;
diff --git a/source4/libcli/auth/ntlmssp_sign.c b/source4/libcli/auth/ntlmssp_sign.c
index 11d63ec5f3..2f510b0f98 100644
--- a/source4/libcli/auth/ntlmssp_sign.c
+++ b/source4/libcli/auth/ntlmssp_sign.c
@@ -180,8 +180,10 @@ NTSTATUS ntlmssp_check_packet(NTLMSSP_STATE *ntlmssp_state,
 		DEBUG(0, ("NTLMSSP packet check failed with %s\n", nt_errstr(nt_status)));
 		return nt_status;
 	}
-	
-	if (memcmp(sig->data+sig->length - 8, local_sig.data+local_sig.length - 8, 8) != 0) {
+
+	if (local_sig.length != sig->length ||
+	    memcmp(local_sig.data + local_sig.length - 8, 
+		   sig->data + sig->length - 8, 8) != 0) {
 		DEBUG(5, ("BAD SIG: wanted signature of\n"));
 		dump_data(5, (const char *)local_sig.data, local_sig.length);
 		
@@ -192,6 +194,8 @@ NTSTATUS ntlmssp_check_packet(NTLMSSP_STATE *ntlmssp_state,
 		return NT_STATUS_ACCESS_DENIED;
 	}
 
+	data_blob_free(&local_sig);
+
 	/* increment counter on recieive */
 	ntlmssp_state->ntlmssp_seq_num++;
 
diff --git a/source4/librpc/rpc/dcerpc.c b/source4/librpc/rpc/dcerpc.c
index bf5da4edb4..83fb0b592c 100644
--- a/source4/librpc/rpc/dcerpc.c
+++ b/source4/librpc/rpc/dcerpc.c
@@ -53,6 +53,9 @@ void dcerpc_pipe_close(struct dcerpc_pipe *p)
 	if (!p) return;
 	p->reference_count--;
 	if (p->reference_count <= 0) {
+		if (p->ntlmssp_state) {
+			ntlmssp_end(&p->ntlmssp_state);
+		}
 		p->transport.shutdown_pipe(p);
 		talloc_destroy(p->mem_ctx);
 	}
@@ -238,6 +241,8 @@ static NTSTATUS dcerpc_push_request_sign(struct dcerpc_pipe *p,
 	SSVAL(blob->data,  8, blob->length);
 	SSVAL(blob->data, 10, p->auth_info->credentials.length);
 
+	data_blob_free(&p->auth_info->credentials);
+
 	return NT_STATUS_OK;
 }
 
diff --git a/source4/librpc/rpc/dcerpc_auth.c b/source4/librpc/rpc/dcerpc_auth.c
index 32fdcb0b86..103a3c70d8 100644
--- a/source4/librpc/rpc/dcerpc_auth.c
+++ b/source4/librpc/rpc/dcerpc_auth.c
@@ -34,6 +34,7 @@ NTSTATUS dcerpc_bind_auth_ntlm(struct dcerpc_pipe *p,
 	NTSTATUS status;
 	struct ntlmssp_state *state;
 	TALLOC_CTX *mem_ctx;
+	DATA_BLOB credentials;
 
 	mem_ctx = talloc_init("dcerpc_bind_auth_ntlm");
 	if (!mem_ctx) {
@@ -76,27 +77,44 @@ NTSTATUS dcerpc_bind_auth_ntlm(struct dcerpc_pipe *p,
 
 	status = ntlmssp_update(state, 
 				p->auth_info->credentials,
-				&p->auth_info->credentials);
+				&credentials);
 	if (!NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED)) {
 		goto done;
 	}
+
+	p->auth_info->credentials = data_blob_talloc(mem_ctx, 
+						     credentials.data, 
+						     credentials.length);
+	data_blob_free(&credentials);
+
 	status = dcerpc_bind_byuuid(p, mem_ctx, uuid, version);
 	if (!NT_STATUS_IS_OK(status)) {
 		goto done;
 	}
 
+
 	status = ntlmssp_update(state, 
 				p->auth_info->credentials, 
-				&p->auth_info->credentials);
+				&credentials);
 	if (!NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED)) {
 		goto done;
 	}
 
+	p->auth_info->credentials = data_blob_talloc(mem_ctx, 
+						     credentials.data, 
+						     credentials.length);
+	data_blob_free(&credentials);
+
 	status = dcerpc_auth3(p, mem_ctx);
+
+	if (!NT_STATUS_IS_OK(status)) {
+		goto done;
+	}
+
 	p->ntlmssp_state = state;
-	p->auth_info->credentials = data_blob(NULL, 0);
 
-	ntlmssp_sign_init(state);
+	/* setup for signing */
+	status = ntlmssp_sign_init(state);
 
 done:
 	talloc_destroy(mem_ctx);
diff --git a/source4/param/loadparm.c b/source4/param/loadparm.c
index 9aceaaa12a..6ec4842c6d 100644
--- a/source4/param/loadparm.c
+++ b/source4/param/loadparm.c
@@ -3801,7 +3801,7 @@ BOOL lp_load(const char *pszFname, BOOL global_only, BOOL save_defaults,
 
 	bRetval = False;
 
-	DEBUG(0, ("lp_load: refreshing parameters from %s\n", pszFname));
+	DEBUG(2, ("lp_load: refreshing parameters from %s\n", pszFname));
 	
 	bInGlobalSection = True;
 	bGlobalOnly = global_only;
-- 
cgit