libcli/security: avoid leak on SDDL encode failure

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

diff --git a/libcli/security/sddl.c b/libcli/security/sddl.c
index 1f2ac644f67f5272ec5346184f460fd3fbe1dc22..3b92404634c33a03f361f718088ecbfba3c64c63 100644 (file)
--- a/libcli/security/sddl.c
+++ b/libcli/security/sddl.c
@@ -1289,7 +1289,10 @@ char *sddl_encode(TALLOC_CTX *mem_ctx, const struct security_descriptor *sd,
        sddl = talloc_strdup(mem_ctx, "");
        if (sddl == NULL) goto failed;
 
-       tmp_ctx = talloc_new(mem_ctx);
+       tmp_ctx = talloc_new(sddl);
+       if (tmp_ctx == NULL) {
+               goto failed;
+       }
 
        if (sd->owner_sid != NULL) {
                char *sid = sddl_transition_encode_sid(tmp_ctx, sd->owner_sid, &state);