[SCM] Samba Shared Repository - branch master updated

Tue, 07 May 2019 17:43:56 -0700 

The branch, master has been updated
       via  93061fb822d CID 1363286: Resource leak by failing to free tmp_ctx
       via  a4973270423 CID 1363287: Resource leak using str_list_append
      from  bead4fdb88c wafsamba: Enable warnings about zero-length formats

https://git.samba.org/?p=samba.git;a=shortlog;h=master


- Log -----------------------------------------------------------------
commit 93061fb822d5af5c29f223e9fe1ce91b7264f082
Author: Garming Sam <[email protected]>
Date:   Tue May 7 13:28:49 2019 +1200

    CID 1363286: Resource leak by failing to free tmp_ctx
    
    There are a few oddities in this function, including a duplicated NULL
    check, a talloc_free of a context which is passed in and a number of
    missing frees before a return.
    
    Signed-off-by: Garming Sam <[email protected]>
    Reviewed-by: Gary Lockyer <[email protected]>
    
    Autobuild-User(master): Gary Lockyer <[email protected]>
    Autobuild-Date(master): Wed May  8 00:36:14 UTC 2019 on sn-devel-184

commit a4973270423203d9881cdbf2d24fadd02c3228c0
Author: Garming Sam <[email protected]>
Date:   Thu May 2 17:11:57 2019 +1200

    CID 1363287: Resource leak using str_list_append
    
    Signed-off-by: Garming Sam <[email protected]>
    Reviewed-by: Gary Lockyer <[email protected]>

-----------------------------------------------------------------------

Summary of changes:
 source4/auth/session.c                      | 27 ++++++++++++++++++---------
 source4/dsdb/samdb/ldb_modules/samba_dsdb.c |  4 ++++
 2 files changed, 22 insertions(+), 9 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source4/auth/session.c b/source4/auth/session.c
index 3a8c40b7fb8..71d236aa3e1 100644
--- a/source4/auth/session.c
+++ b/source4/auth/session.c
@@ -115,10 +115,6 @@ _PUBLIC_ NTSTATUS auth_generate_session_info(TALLOC_CTX 
*mem_ctx,
                TALLOC_FREE(tmp_ctx);
                return NT_STATUS_NO_MEMORY;
        }
-       if (!sids) {
-               talloc_free(tmp_ctx);
-               return NT_STATUS_NO_MEMORY;
-       }
 
        num_sids = user_info_dc->num_sids;
 
@@ -134,14 +130,19 @@ _PUBLIC_ NTSTATUS auth_generate_session_info(TALLOC_CTX 
*mem_ctx,
 
        if (session_info_flags & AUTH_SESSION_INFO_DEFAULT_GROUPS) {
                sids = talloc_realloc(tmp_ctx, sids, struct dom_sid, num_sids + 
2);
-               NT_STATUS_HAVE_NO_MEMORY(sids);
+               if (sids == NULL) {
+                       TALLOC_FREE(tmp_ctx);
+                       return NT_STATUS_NO_MEMORY;
+               }
 
                if (!dom_sid_parse(SID_WORLD, &sids[num_sids])) {
+                       TALLOC_FREE(tmp_ctx);
                        return NT_STATUS_INTERNAL_ERROR;
                }
                num_sids++;
 
                if (!dom_sid_parse(SID_NT_NETWORK, &sids[num_sids])) {
+                       TALLOC_FREE(tmp_ctx);
                        return NT_STATUS_INTERNAL_ERROR;
                }
                num_sids++;
@@ -149,9 +150,13 @@ _PUBLIC_ NTSTATUS auth_generate_session_info(TALLOC_CTX 
*mem_ctx,
 
        if (session_info_flags & AUTH_SESSION_INFO_AUTHENTICATED) {
                sids = talloc_realloc(tmp_ctx, sids, struct dom_sid, num_sids + 
1);
-               NT_STATUS_HAVE_NO_MEMORY(sids);
+               if (sids == NULL) {
+                       TALLOC_FREE(tmp_ctx);
+                       return NT_STATUS_NO_MEMORY;
+               }
 
                if (!dom_sid_parse(SID_NT_AUTHENTICATED_USERS, 
&sids[num_sids])) {
+                       TALLOC_FREE(tmp_ctx);
                        return NT_STATUS_INTERNAL_ERROR;
                }
                num_sids++;
@@ -159,9 +164,13 @@ _PUBLIC_ NTSTATUS auth_generate_session_info(TALLOC_CTX 
*mem_ctx,
 
        if (session_info_flags & AUTH_SESSION_INFO_NTLM) {
                sids = talloc_realloc(tmp_ctx, sids, struct dom_sid, num_sids + 
1);
-               NT_STATUS_HAVE_NO_MEMORY(sids);
+               if (sids == NULL) {
+                       TALLOC_FREE(tmp_ctx);
+                       return NT_STATUS_NO_MEMORY;
+               }
 
                if (!dom_sid_parse(SID_NT_NTLM_AUTHENTICATION, 
&sids[num_sids])) {
+                       TALLOC_FREE(tmp_ctx);
                        return NT_STATUS_INTERNAL_ERROR;
                }
                num_sids++;
@@ -187,11 +196,11 @@ _PUBLIC_ NTSTATUS auth_generate_session_info(TALLOC_CTX 
*mem_ctx,
                                "<SID=%s>",
                                dom_sid_str_buf(&sids[i], &buf));
                        if (sid_dn == NULL) {
-                               TALLOC_FREE(user_info_dc);
+                               TALLOC_FREE(tmp_ctx);
                                return NT_STATUS_NO_MEMORY;
                        }
                        sid_blob = data_blob_string_const(sid_dn);
-                       
+
                        /* This function takes in memberOf values and expands
                         * them, as long as they meet the filter - so only
                         * builtin groups
diff --git a/source4/dsdb/samdb/ldb_modules/samba_dsdb.c 
b/source4/dsdb/samdb/ldb_modules/samba_dsdb.c
index 95967c33e12..a522c363fae 100644
--- a/source4/dsdb/samdb/ldb_modules/samba_dsdb.c
+++ b/source4/dsdb/samdb/ldb_modules/samba_dsdb.c
@@ -123,6 +123,10 @@ static int prepare_modules_line(struct ldb_context *ldb,
        }
 
        mod_list_string = str_list_join(tmp_ctx, backend_full_list, ',');
+
+       /* str_list_append allocates on NULL */
+       talloc_free(backend_full_list);
+
        if (!mod_list_string) {
                talloc_free(tmp_ctx);
                return ldb_oom(ldb);


-- 
Samba Shared Repository

Reply via email to