From: Volker Lendecke Date: Sat, 5 Mar 2011 11:57:59 +0000 (+0100) Subject: s3: Fix a memory leak in check_sam_security_info3 X-Git-Tag: 3.6.0pre1-ctdb-4~27 X-Git-Url: http://git.samba.org/?a=commitdiff_plain;h=bcfbaf937f4e27010cdd5c7cbd378fd1f298664d;p=obnox%2Fsamba-ctdb.git s3: Fix a memory leak in check_sam_security_info3 Abartlet, this commit makes check_sam_security_info3 use talloc_tos() and also cleans up the temporary talloc stackframe. The old code created a temporary talloc context off "mem_ctx" but failed to clean up the tmp_ctx in all but one return paths. talloc_stackframe()/talloc_tos() is designed as a defense against exactly this error: Even if we failed to free the frame when returning from the routine, it would be cleaned up very soon, in our main event loop. Please check this patch! Thanks, Volker Autobuild-User: Volker Lendecke Autobuild-Date: Sat Mar 5 14:08:37 CET 2011 on sn-devel-104 (cherry picked from commit dcbfb6fc0b9050168e2010673caccb7ec8807bd1) --- diff --git a/source3/auth/check_samsec.c b/source3/auth/check_samsec.c index 299f43a1e9..db5f68fdfe 100644 --- a/source3/auth/check_samsec.c +++ b/source3/auth/check_samsec.c @@ -519,29 +519,31 @@ NTSTATUS check_sam_security_info3(const DATA_BLOB *challenge, struct auth_serversupplied_info *server_info = NULL; struct netr_SamInfo3 *info3; NTSTATUS status; - TALLOC_CTX *tmp_ctx = talloc_new(mem_ctx); - if (!tmp_ctx) { - return NT_STATUS_NO_MEMORY; - } - status = check_sam_security(challenge, tmp_ctx, user_info, &server_info); + TALLOC_CTX *frame = talloc_stackframe(); + + status = check_sam_security(challenge, talloc_tos(), user_info, + &server_info); if (!NT_STATUS_IS_OK(status)) { DEBUG(10, ("check_sam_security failed: %s\n", nt_errstr(status))); - return status; + goto done; } info3 = TALLOC_ZERO_P(mem_ctx, struct netr_SamInfo3); if (info3 == NULL) { - talloc_free(tmp_ctx); - return NT_STATUS_NO_MEMORY; + status = NT_STATUS_NO_MEMORY; + goto done; } status = serverinfo_to_SamInfo3(server_info, NULL, 0, info3); if (!NT_STATUS_IS_OK(status)) { DEBUG(10, ("serverinfo_to_SamInfo3 failed: %s\n", nt_errstr(status))); - return status; + goto done; } *pinfo3 = info3; - return NT_STATUS_OK; + status = NT_STATUS_OK; +done: + TALLOC_FREE(frame); + return status; }