From 4695cc95fe576b6da0d0cb0686f208fc306b2646 Mon Sep 17 00:00:00 2001
From: Jeremy Allison <jra@samba.org>
Date: Wed, 19 May 2004 21:49:58 +0000
Subject: [PATCH] r786: Memory leak fixes in (mostly) error code paths from
 kawasa_r@itg.hitachi.co.jp. A couple of mem leak fixes in mainline code paths
 though :-). Jeremy.

---
 source/auth/auth_util.c          |  3 +++
 source/auth/auth_winbind.c       |  5 ++---
 source/libsmb/trustdom_cache.c   | 37 +++++++++++++++++++++++---------
 source/param/loadparm.c          |  3 +++
 source/rpc_server/srv_pipe_hnd.c |  1 +
 source/smbd/posix_acls.c         |  4 +++-
 source/smbd/sesssetup.c          |  8 ++++++-
 7 files changed, 46 insertions(+), 15 deletions(-)

diff --git a/source/auth/auth_util.c b/source/auth/auth_util.c
index e6ed83a79af..9a03e7fe13c 100644
--- a/source/auth/auth_util.c
+++ b/source/auth/auth_util.c
@@ -1236,6 +1236,7 @@ NTSTATUS make_server_info_info3(TALLOC_CTX *mem_ctx,
 				info3->gids[i].g_rid));			
 				
 			SAFE_FREE(lgroupSIDs);
+			SAFE_FREE(all_group_SIDs);
 			free_server_info(server_info);
 			
 			return nt_status;
@@ -1264,6 +1265,7 @@ NTSTATUS make_server_info_info3(TALLOC_CTX *mem_ctx,
 		
 	if ( !NT_STATUS_IS_OK(nt_status) ) {
 		DEBUG(4,("create_nt_user_token failed\n"));
+		SAFE_FREE(lgroupSIDs);
 		SAFE_FREE(all_group_SIDs);
 		free_server_info(server_info);
 		return nt_status;
@@ -1271,6 +1273,7 @@ NTSTATUS make_server_info_info3(TALLOC_CTX *mem_ctx,
 
 	(*server_info)->ptok = token; 
 
+	SAFE_FREE(lgroupSIDs);
 	SAFE_FREE(all_group_SIDs);
 
 	/* ensure we are never given NULL session keys */
diff --git a/source/auth/auth_winbind.c b/source/auth/auth_winbind.c
index 0e2820313e3..4260a0e80b4 100644
--- a/source/auth/auth_winbind.c
+++ b/source/auth/auth_winbind.c
@@ -127,9 +127,7 @@ static NTSTATUS check_winbind_security(const struct auth_context *auth_context,
 
 	if (result == NSS_STATUS_SUCCESS && response.extra_data) {
 		if (NT_STATUS_IS_OK(nt_status)) {
-		
-			if (NT_STATUS_IS_OK(nt_status = get_info3_from_ndr(mem_ctx, &response, &info3))) 
-			{ 
+			if (NT_STATUS_IS_OK(nt_status = get_info3_from_ndr(mem_ctx, &response, &info3))) { 
 				nt_status = make_server_info_info3(mem_ctx, 
 					user_info->internal_username.str, 
 					user_info->smb_name.str, user_info->domain.str, 
@@ -141,6 +139,7 @@ static NTSTATUS check_winbind_security(const struct auth_context *auth_context,
 		nt_status = NT_STATUS_NO_LOGON_SERVERS;
 	}
 
+	SAFE_FREE(response.extra_data);
         return nt_status;
 }
 
diff --git a/source/libsmb/trustdom_cache.c b/source/libsmb/trustdom_cache.c
index 0128d080062..e63acd18c4f 100644
--- a/source/libsmb/trustdom_cache.c
+++ b/source/libsmb/trustdom_cache.c
@@ -114,12 +114,14 @@ BOOL trustdom_cache_store(char* name, char* alt_name, const DOM_SID *sid,
 {
 	char *key, *alt_key;
 	fstring sid_string;
+	BOOL ret;
 
 	/*
 	 * we use gecache call to avoid annoying debug messages
 	 * about initialised trustdom 
 	 */
-	if (!gencache_init()) return False;
+	if (!gencache_init())
+		return False;
 
 	DEBUG(5, ("trustdom_store: storing SID %s of domain %s\n",
 	          sid_string_static(sid), name));
@@ -134,11 +136,18 @@ BOOL trustdom_cache_store(char* name, char* alt_name, const DOM_SID *sid,
 	 * try to put the names in the cache
 	 */
 	if (alt_key) {
-		return (gencache_set(alt_key, sid_string, timeout)
-		        && gencache_set(key, sid_string, timeout));
+		ret = gencache_set(alt_key, sid_string, timeout);
+		if ( ret ) {
+			ret = gencache_set(key, sid_string, timeout);
+		}
+		SAFE_FREE(alt_key);
+		SAFE_FREE(key);
+		return ret;
 	}
-		 
-	return gencache_set(key, sid_string, timeout);
+
+	ret = gencache_set(key, sid_string, timeout);
+	SAFE_FREE(key);
+	return ret;
 }
 
 
@@ -155,22 +164,26 @@ BOOL trustdom_cache_store(char* name, char* alt_name, const DOM_SID *sid,
  
 BOOL trustdom_cache_fetch(const char* name, DOM_SID* sid)
 {
-	char *key, *value;
+	char *key = NULL, *value = NULL;
 	time_t timeout;
 
 	/* init the cache */
-	if (!gencache_init()) return False;
+	if (!gencache_init())
+		return False;
 	
 	/* exit now if null pointers were passed as they're required further */
-	if (!sid) return False;
+	if (!sid)
+		return False;
 
 	/* prepare a key and get the value */
 	key = trustdom_cache_key(name);
-	if (!key) return False;
+	if (!key)
+		return False;
 	
 	if (!gencache_get(key, &value, &timeout)) {
 		DEBUG(5, ("no entry for trusted domain %s found.\n", name));
 		SAFE_FREE(key);
+		SAFE_FREE(value);
 		return False;
 	} else {
 		SAFE_FREE(key);
@@ -180,9 +193,11 @@ BOOL trustdom_cache_fetch(const char* name, DOM_SID* sid)
 	/* convert ip string representation into in_addr structure */
 	if(! string_to_sid(sid, value)) {
 		sid = NULL;
+		SAFE_FREE(value);
 		return False;
 	}
 	
+	SAFE_FREE(value);
 	return True;
 }
 
@@ -193,7 +208,7 @@ BOOL trustdom_cache_fetch(const char* name, DOM_SID* sid)
 
 uint32 trustdom_cache_fetch_timestamp( void )
 {
-	char *value;
+	char *value = NULL;
 	time_t timeout;
 	uint32 timestamp;
 
@@ -203,11 +218,13 @@ uint32 trustdom_cache_fetch_timestamp( void )
 		
 	if (!gencache_get(TDOMTSKEY, &value, &timeout)) {
 		DEBUG(5, ("no timestamp for trusted domain cache located.\n"));
+		SAFE_FREE(value);
 		return 0;
 	} 
 
 	timestamp = atoi(value);
 		
+	SAFE_FREE(value);
 	return timestamp;
 }
 
diff --git a/source/param/loadparm.c b/source/param/loadparm.c
index 30fbc9713e1..b5bd14cdde2 100644
--- a/source/param/loadparm.c
+++ b/source/param/loadparm.c
@@ -1447,6 +1447,7 @@ static void init_globals(void)
 	   a large number of sites (tridge) */
 	Globals.bHostnameLookups = False;
 
+	str_list_free(&Globals.szPassdbBackend);
 #ifdef WITH_LDAP_SAMCONFIG
 	string_set(&Globals.szLdapServer, "localhost");
 	Globals.ldap_port = 636;
@@ -2517,6 +2518,7 @@ static void copy_service(service * pserviceDest, service * pserviceSource, BOOL
 					strupper_m(*(char **)dest_ptr);
 					break;
 				case P_LIST:
+					str_list_free((char ***)dest_ptr);
 					str_list_copy((char ***)dest_ptr, *(const char ***)src_ptr);
 					break;
 				default:
@@ -2748,6 +2750,7 @@ static BOOL handle_netbios_scope(int snum, const char *pszParmValue, char **ptr)
 
 static BOOL handle_netbios_aliases(int snum, const char *pszParmValue, char **ptr)
 {
+	str_list_free(&Globals.szNetbiosAliases);
 	Globals.szNetbiosAliases = str_list_make(pszParmValue, NULL);
 	return set_netbios_aliases((const char **)Globals.szNetbiosAliases);
 }
diff --git a/source/rpc_server/srv_pipe_hnd.c b/source/rpc_server/srv_pipe_hnd.c
index 44fec78c505..ccf571a0e2c 100644
--- a/source/rpc_server/srv_pipe_hnd.c
+++ b/source/rpc_server/srv_pipe_hnd.c
@@ -1118,6 +1118,7 @@ static BOOL close_internal_rpc_pipe_hnd(void *np_conn)
 		data_blob_free(&p->session_key);
 
 	delete_nt_token(&p->pipe_user.nt_user_token);
+	data_blob_free(&p->session_key);
 	SAFE_FREE(p->pipe_user.groups);
 
 	DLIST_REMOVE(InternalPipes, p);
diff --git a/source/smbd/posix_acls.c b/source/smbd/posix_acls.c
index 158f1a0ede8..584164e9309 100644
--- a/source/smbd/posix_acls.c
+++ b/source/smbd/posix_acls.c
@@ -2110,8 +2110,10 @@ static canon_ace *canonicalise_acl( files_struct *fsp, SMB_ACL_T posix_acl, SMB_
 					 * entries out of the blue when setting ACLs, so a get/set
 					 * cycle will drop them.
 					 */
-					if (the_acl_type == SMB_ACL_TYPE_ACCESS && *puid == psbuf->st_uid)
+					if (the_acl_type == SMB_ACL_TYPE_ACCESS && *puid == psbuf->st_uid) {
+						SMB_VFS_SYS_ACL_FREE_QUALIFIER(conn, (void *)puid,tagtype);
 						continue;
+					}
 					uid_to_sid( &sid, *puid);
 					unix_ug.uid = *puid;
 					owner_type = UID_ACE;
diff --git a/source/smbd/sesssetup.c b/source/smbd/sesssetup.c
index 902db2d2886..8a56478929f 100644
--- a/source/smbd/sesssetup.c
+++ b/source/smbd/sesssetup.c
@@ -150,7 +150,7 @@ static int reply_spnego_kerberos(connection_struct *conn,
 	DATA_BLOB auth_data;
 	DATA_BLOB ap_rep, ap_rep_wrapped, response;
 	auth_serversupplied_info *server_info = NULL;
-	DATA_BLOB session_key;
+	DATA_BLOB session_key = data_blob(NULL, 0);
 	uint8 tok_id[2];
 	BOOL foreign = False;
 	DATA_BLOB nullblob = data_blob(NULL, 0);
@@ -183,6 +183,7 @@ static int reply_spnego_kerberos(connection_struct *conn,
 	if (!p) {
 		DEBUG(3,("Doesn't look like a valid principal\n"));
 		data_blob_free(&ap_rep);
+		data_blob_free(&session_key);
 		SAFE_FREE(client);
 		return ERROR_NT(NT_STATUS_LOGON_FAILURE);
 	}
@@ -192,6 +193,7 @@ static int reply_spnego_kerberos(connection_struct *conn,
 		DEBUG(3,("Ticket for foreign realm %s@%s\n", client, p+1));
 		if (!lp_allow_trusted_domains()) {
 			data_blob_free(&ap_rep);
+			data_blob_free(&session_key);
 			SAFE_FREE(client);
 			return ERROR_NT(NT_STATUS_LOGON_FAILURE);
 		}
@@ -249,6 +251,7 @@ static int reply_spnego_kerberos(connection_struct *conn,
 		SAFE_FREE(user);
 		SAFE_FREE(client);
 		data_blob_free(&ap_rep);
+		data_blob_free(&session_key);
 		return ERROR_NT(NT_STATUS_LOGON_FAILURE);
 	}
 
@@ -263,6 +266,7 @@ static int reply_spnego_kerberos(connection_struct *conn,
 		SAFE_FREE(user);
 		SAFE_FREE(client);
 		data_blob_free(&ap_rep);
+		data_blob_free(&session_key);
 		return ERROR_NT(ret);
 	}
 
@@ -274,6 +278,8 @@ static int reply_spnego_kerberos(connection_struct *conn,
         }
 
 	/* register_vuid keeps the server info */
+	/* register_vuid takes ownership of session_key, no need to free after this.
+ 	   A better interface would copy it.... */
 	sess_vuid = register_vuid(server_info, session_key, nullblob, client);
 
 	SAFE_FREE(user);
-- 
2.34.1