s3: Fix a memory leak in check_sam_security_info3

Abartlet, this commit makes check_sam_security_info3 use talloc_tos() and also
cleans up the temporary talloc stackframe.

The old code created a temporary talloc context off "mem_ctx" but failed to
clean up the tmp_ctx in all but one return paths.

talloc_stackframe()/talloc_tos() is designed as a defense against exactly this
error: Even if we failed to free the frame when returning from the routine, it
would be cleaned up very soon, in our main event loop.

Please check this patch!

Thanks,

Volker

Autobuild-User: Volker Lendecke <vlendec@samba.org>
Autobuild-Date: Sat Mar  5 14:08:37 CET 2011 on sn-devel-104

diff --git a/source3/auth/check_samsec.c b/source3/auth/check_samsec.c
index 299f43a1e995c95e5c61e1fe1857b497d5eb32e5..db5f68fdfeb0b0cf89da09228ee254047d0f0e6a 100644 (file)
--- a/source3/auth/check_samsec.c
+++ b/source3/auth/check_samsec.c
@@ -519,29 +519,31 @@ NTSTATUS check_sam_security_info3(const DATA_BLOB *challenge,
        struct auth_serversupplied_info *server_info = NULL;
        struct netr_SamInfo3 *info3;
        NTSTATUS status;
-       TALLOC_CTX *tmp_ctx = talloc_new(mem_ctx);
-       if (!tmp_ctx) {
-               return NT_STATUS_NO_MEMORY;
-       }
-       status = check_sam_security(challenge, tmp_ctx, user_info, &server_info);
+       TALLOC_CTX *frame = talloc_stackframe();
+
+       status = check_sam_security(challenge, talloc_tos(), user_info,
+                                   &server_info);
        if (!NT_STATUS_IS_OK(status)) {
                DEBUG(10, ("check_sam_security failed: %s\n",
                           nt_errstr(status)));
-               return status;
+               goto done;
        }
 
        info3 = TALLOC_ZERO_P(mem_ctx, struct netr_SamInfo3);
        if (info3 == NULL) {
-               talloc_free(tmp_ctx);
-               return NT_STATUS_NO_MEMORY;
+               status = NT_STATUS_NO_MEMORY;
+               goto done;
        }
 
        status = serverinfo_to_SamInfo3(server_info, NULL, 0, info3);
        if (!NT_STATUS_IS_OK(status)) {
                DEBUG(10, ("serverinfo_to_SamInfo3 failed: %s\n",
                           nt_errstr(status)));
-               return status;
+               goto done;
        }
        *pinfo3 = info3;
-       return NT_STATUS_OK;
+       status =  NT_STATUS_OK;
+done:
+       TALLOC_FREE(frame);
+       return status;
 }