s3:ntlm_auth: fix memory leak in manage_gensec_request()

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12736

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

diff --git a/source3/utils/ntlm_auth.c b/source3/utils/ntlm_auth.c
index 6a7a269987c67f86a7afc39b61e24297ef76df12..5a10e27719f8b05d099d0728687c6a093ffd25bb 100644 (file)
--- a/source3/utils/ntlm_auth.c
+++ b/source3/utils/ntlm_auth.c
@@ -1306,6 +1306,8 @@ static void manage_gensec_request(enum stdio_helper_mode stdio_helper_mode,
 
        TALLOC_CTX *mem_ctx;
 
+       mem_ctx = talloc_named(NULL, 0, "manage_gensec_request internal mem_ctx");
+
        if (*private1) {
                state = (struct gensec_ntlm_state *)*private1;
        } else {
@@ -1323,6 +1325,7 @@ static void manage_gensec_request(enum stdio_helper_mode stdio_helper_mode,
        if (strlen(buf) < 2) {
                DEBUG(1, ("query [%s] invalid", buf));
                printf("BH Query invalid\n");
+               talloc_free(mem_ctx);
                return;
        }
 
@@ -1332,9 +1335,10 @@ static void manage_gensec_request(enum stdio_helper_mode stdio_helper_mode,
                        talloc_free(want_feature_list);
                        want_feature_list = talloc_strndup(state, buf+3, strlen(buf)-3);
                        printf("OK\n");
+                       talloc_free(mem_ctx);
                        return;
                }
-               in = base64_decode_data_blob(buf + 3);
+               in = base64_decode_data_blob_talloc(mem_ctx, buf + 3);
        } else {
                in = data_blob(NULL, 0);
        }
@@ -1347,7 +1351,7 @@ static void manage_gensec_request(enum stdio_helper_mode stdio_helper_mode,
        } else if ( (strncmp(buf, "OK", 2) == 0)) {
                /* Just return BH, like ntlm_auth from Samba 3 does. */
                printf("BH Command expected\n");
-               data_blob_free(&in);
+               talloc_free(mem_ctx);
                return;
        } else if ( (strncmp(buf, "TT ", 3) != 0) &&
                    (strncmp(buf, "KK ", 3) != 0) &&
@@ -1359,12 +1363,10 @@ static void manage_gensec_request(enum stdio_helper_mode stdio_helper_mode,
                    (strncmp(buf, "GF", 2) != 0)) {
                DEBUG(1, ("SPNEGO request [%s] invalid prefix\n", buf));
                printf("BH SPNEGO request invalid prefix\n");
-               data_blob_free(&in);
+               talloc_free(mem_ctx);
                return;
        }
 
-       mem_ctx = talloc_named(NULL, 0, "manage_gensec_request internal mem_ctx");
-
        /* setup gensec */
        if (!(state->gensec_state)) {
                switch (stdio_helper_mode) {
@@ -1499,7 +1501,6 @@ static void manage_gensec_request(enum stdio_helper_mode stdio_helper_mode,
                                             state->set_password,
                                             CRED_SPECIFIED);
                printf("OK\n");
-               data_blob_free(&in);
                talloc_free(mem_ctx);
                return;
        }
@@ -1531,10 +1532,12 @@ static void manage_gensec_request(enum stdio_helper_mode stdio_helper_mode,
                neg_flags = gensec_ntlmssp_neg_flags(state->gensec_state);
                if (neg_flags == 0) {
                        printf("BH\n");
+                       talloc_free(mem_ctx);
                        return;
                }
 
                printf("GF 0x%08x\n", neg_flags);
+               talloc_free(mem_ctx);
                return;
        }