s4:dsdb/samdb/cracknames.c - fix various KRB5 memory leaks

author Matthias Dieter Wallnöfer <mdw@samba.org>

Thu, 2 Dec 2010 10:49:56 +0000 (11:49 +0100)

committer Matthias Dieter Wallnöfer <mdw@samba.org>

Thu, 2 Dec 2010 11:35:03 +0000 (12:35 +0100)
author Matthias Dieter Wallnöfer <mdw@samba.org>
Thu, 2 Dec 2010 10:49:56 +0000 (11:49 +0100)
committer Matthias Dieter Wallnöfer <mdw@samba.org>
Thu, 2 Dec 2010 11:35:03 +0000 (12:35 +0100)
diff --git a/source4/dsdb/samdb/cracknames.c b/source4/dsdb/samdb/cracknames.c

index 6df140fed376bfd7efd819fae6d14bba62f423f2..0b7b6ed1c5c957775ae051e0257696875b3c82db 100644 (file)
--- a/source4/dsdb/samdb/cracknames.c
+++ b/source4/dsdb/samdb/cracknames.c
@@ -206,6 +206,7 @@ static WERROR DsCrackNameSPNAlias(struct ldb_context *sam_ctx, TALLOC_CTX *mem_c
         /* This is checked for in callers, but be safe */
         if (principal->name.name_string.len < 2) {
                 info1->status = DRSUAPI_DS_NAME_STATUS_NOT_FOUND;
+               krb5_free_principal(smb_krb5_context->krb5_context, principal);
                 return WERR_OK;
         }
         service = principal->name.name_string.val[0];
@@ -217,13 +218,14 @@ static WERROR DsCrackNameSPNAlias(struct ldb_context *sam_ctx, TALLOC_CTX *mem_c
                                           service, &new_service);
  
         if (namestatus == DRSUAPI_DS_NAME_STATUS_NOT_FOUND) {
+               wret = WERR_OK;
                 info1->status           = DRSUAPI_DS_NAME_STATUS_DOMAIN_ONLY;
                 info1->dns_domain_name  = talloc_strdup(mem_ctx, dns_name);
                 if (!info1->dns_domain_name) {
-                       krb5_free_principal(smb_krb5_context->krb5_context, principal);
-                       return WERR_NOMEM;
+                       wret = WERR_NOMEM;
                 }
-               return WERR_OK;
+               krb5_free_principal(smb_krb5_context->krb5_context, principal);
+               return wret;
         } else if (namestatus != DRSUAPI_DS_NAME_STATUS_OK) {
                 info1->status = namestatus;
                 krb5_free_principal(smb_krb5_context->krb5_context, principal);
@@ -293,7 +295,8 @@ static WERROR DsCrackNameUPN(struct ldb_context *sam_ctx, TALLOC_CTX *mem_ctx,
                 return WERR_OK;
         }
  
-       realm = krb5_principal_get_realm(smb_krb5_context->krb5_context, principal);
+       realm = krb5_principal_get_realm(smb_krb5_context->krb5_context,
+                                        principal);
  
         ldb_ret = ldb_search(sam_ctx, mem_ctx, &domain_res,
                                      samdb_partitions_dn(sam_ctx, mem_ctx), 
@@ -306,6 +309,7 @@ static WERROR DsCrackNameUPN(struct ldb_context *sam_ctx, TALLOC_CTX *mem_ctx,
         if (ldb_ret != LDB_SUCCESS) {
                 DEBUG(2, ("DsCrackNameUPN domain ref search failed: %s", ldb_errstring(sam_ctx)));
                 info1->status = DRSUAPI_DS_NAME_STATUS_RESOLVE_ERROR;
+               krb5_free_principal(smb_krb5_context->krb5_context, principal);
                 return WERR_OK;
         }
  
@@ -313,10 +317,12 @@ static WERROR DsCrackNameUPN(struct ldb_context *sam_ctx, TALLOC_CTX *mem_ctx,
         case 1:
                 break;
         case 0:
+               krb5_free_principal(smb_krb5_context->krb5_context, principal);
                 return dns_domain_from_principal(mem_ctx, smb_krb5_context, 
                                                  name, info1);
         default:
                 info1->status = DRSUAPI_DS_NAME_STATUS_NOT_UNIQUE;
+               krb5_free_principal(smb_krb5_context->krb5_context, principal);
                 return WERR_OK;
         }
  
@@ -616,12 +622,12 @@ WERROR DsCrackNameOneName(struct ldb_context *sam_ctx, TALLOC_CTX *mem_ctx,
                         info1->status = DRSUAPI_DS_NAME_STATUS_NOT_FOUND;
                         krb5_free_principal(smb_krb5_context->krb5_context, principal);
                         return WERR_OK;
+               } else if (ret == 0) {
+                       krb5_free_principal(smb_krb5_context->krb5_context, principal);
                 }
                 ret = krb5_parse_name_flags(smb_krb5_context->krb5_context, name, 
                                             KRB5_PRINCIPAL_PARSE_NO_REALM, &principal);
                 if (ret) {
-                       krb5_free_principal(smb_krb5_context->krb5_context, principal);
-
                         return dns_domain_from_principal(mem_ctx, smb_krb5_context,
                                                          name, info1);
                 }
@@ -642,6 +648,7 @@ WERROR DsCrackNameOneName(struct ldb_context *sam_ctx, TALLOC_CTX *mem_ctx,
                         computer_name = talloc_strndup(mem_ctx, principal->name.name_string.val[1], 
                                                       strcspn(principal->name.name_string.val[1], "."));
                         if (computer_name == NULL) {
+                               krb5_free_principal(smb_krb5_context->krb5_context, principal);
                                 return WERR_NOMEM;
                         }
  
@@ -662,7 +669,6 @@ WERROR DsCrackNameOneName(struct ldb_context *sam_ctx, TALLOC_CTX *mem_ctx,
                 info1->status = DRSUAPI_DS_NAME_STATUS_NOT_FOUND;
                 return WERR_OK;
         }
-
         }
  
         if (format_flags & DRSUAPI_DS_NAME_FLAG_SYNTACTICAL_ONLY) {
author	Matthias Dieter Wallnöfer <mdw@samba.org>
	Thu, 2 Dec 2010 10:49:56 +0000 (11:49 +0100)
committer	Matthias Dieter Wallnöfer <mdw@samba.org>
	Thu, 2 Dec 2010 11:35:03 +0000 (12:35 +0100)