URL: https://github.com/SSSD/sssd/pull/517 Author: sumit-bose Title: #517: Fix two memory leaks in the AD provider Action: synchronized
To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/517/head:pr517 git checkout pr517
From 3296630559b3dfd697700cb73f32422c327e6379 Mon Sep 17 00:00:00 2001 From: Sumit Bose <sb...@redhat.com> Date: Fri, 16 Feb 2018 12:07:28 +0100 Subject: [PATCH 1/2] AD: sdap_get_ad_tokengroups_done() allocate temporary data on state Related to https://pagure.io/SSSD/sssd/issue/3639 --- src/providers/ldap/sdap_async_initgroups_ad.c | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/src/providers/ldap/sdap_async_initgroups_ad.c b/src/providers/ldap/sdap_async_initgroups_ad.c index 9da671a99..30f1d3db2 100644 --- a/src/providers/ldap/sdap_async_initgroups_ad.c +++ b/src/providers/ldap/sdap_async_initgroups_ad.c @@ -372,7 +372,6 @@ sdap_get_ad_tokengroups_send(TALLOC_CTX *mem_ctx, static void sdap_get_ad_tokengroups_done(struct tevent_req *subreq) { - TALLOC_CTX *tmp_ctx = NULL; struct sdap_get_ad_tokengroups_state *state = NULL; struct tevent_req *req = NULL; struct sysdb_attrs **users = NULL; @@ -386,7 +385,7 @@ static void sdap_get_ad_tokengroups_done(struct tevent_req *subreq) req = tevent_req_callback_data(subreq, struct tevent_req); state = tevent_req_data(req, struct sdap_get_ad_tokengroups_state); - ret = sdap_get_generic_recv(subreq, tmp_ctx, &num_users, &users); + ret = sdap_get_generic_recv(subreq, state, &num_users, &users); talloc_zfree(subreq); if (ret != EOK) { DEBUG(SSSDBG_MINOR_FAILURE, @@ -449,8 +448,6 @@ static void sdap_get_ad_tokengroups_done(struct tevent_req *subreq) ret = EOK; done: - talloc_free(tmp_ctx); - if (ret != EOK) { tevent_req_error(req, ret); return; From 95f2375a904ae489f51ce6acc4a5318d591b86f1 Mon Sep 17 00:00:00 2001 From: Sumit Bose <sb...@redhat.com> Date: Fri, 16 Feb 2018 12:09:01 +0100 Subject: [PATCH 2/2] AD: do not allocate temporary data on long living context Related to https://pagure.io/SSSD/sssd/issue/3639 --- src/providers/ad/ad_common.c | 5 +++-- src/providers/ad/ad_common.h | 3 ++- src/providers/ad/ad_id.c | 2 +- src/providers/ipa/ipa_deskprofile_rules_util.c | 1 + src/sss_client/common.c | 2 +- src/tests/cmocka/test_ad_common.c | 4 ++-- 6 files changed, 10 insertions(+), 7 deletions(-) diff --git a/src/providers/ad/ad_common.c b/src/providers/ad/ad_common.c index 84845e285..2a1647173 100644 --- a/src/providers/ad/ad_common.c +++ b/src/providers/ad/ad_common.c @@ -1402,13 +1402,14 @@ ad_ldap_conn_list(TALLOC_CTX *mem_ctx, } struct sdap_id_conn_ctx ** -ad_user_conn_list(struct ad_id_ctx *ad_ctx, +ad_user_conn_list(TALLOC_CTX *mem_ctx, + struct ad_id_ctx *ad_ctx, struct sss_domain_info *dom) { struct sdap_id_conn_ctx **clist; int cindex = 0; - clist = talloc_zero_array(ad_ctx, struct sdap_id_conn_ctx *, 3); + clist = talloc_zero_array(mem_ctx, struct sdap_id_conn_ctx *, 3); if (clist == NULL) { return NULL; } diff --git a/src/providers/ad/ad_common.h b/src/providers/ad/ad_common.h index ce33b37c7..931aafc6c 100644 --- a/src/providers/ad/ad_common.h +++ b/src/providers/ad/ad_common.h @@ -175,7 +175,8 @@ ad_ldap_conn_list(TALLOC_CTX *mem_ctx, struct sss_domain_info *dom); struct sdap_id_conn_ctx ** -ad_user_conn_list(struct ad_id_ctx *ad_ctx, +ad_user_conn_list(TALLOC_CTX *mem_ctx, + struct ad_id_ctx *ad_ctx, struct sss_domain_info *dom); struct sdap_id_conn_ctx * diff --git a/src/providers/ad/ad_id.c b/src/providers/ad/ad_id.c index 0b8f49819..782d9bc40 100644 --- a/src/providers/ad/ad_id.c +++ b/src/providers/ad/ad_id.c @@ -367,7 +367,7 @@ get_conn_list(TALLOC_CTX *mem_ctx, struct ad_id_ctx *ad_ctx, switch (ar->entry_type & BE_REQ_TYPE_MASK) { case BE_REQ_USER: /* user */ - clist = ad_user_conn_list(ad_ctx, dom); + clist = ad_user_conn_list(mem_ctx, ad_ctx, dom); break; case BE_REQ_BY_SECID: /* by SID */ case BE_REQ_USER_AND_GROUP: /* get SID */ diff --git a/src/providers/ipa/ipa_deskprofile_rules_util.c b/src/providers/ipa/ipa_deskprofile_rules_util.c index e52587378..8f4d4c90c 100644 --- a/src/providers/ipa/ipa_deskprofile_rules_util.c +++ b/src/providers/ipa/ipa_deskprofile_rules_util.c @@ -1065,6 +1065,7 @@ ipa_deskprofile_rules_remove_user_dir(const char *user_dir, if (getegid() != orig_gid) { ret = setegid(orig_gid); if (ret == -1) { + ret = errno; DEBUG(SSSDBG_CRIT_FAILURE, "Unable to set effective user id (%"PRIu32") of the " "domain's process [%d]: %s\n", diff --git a/src/sss_client/common.c b/src/sss_client/common.c index 67a460705..ba109ede8 100644 --- a/src/sss_client/common.c +++ b/src/sss_client/common.c @@ -546,7 +546,7 @@ static int sss_cli_open_socket(int *errnop, const char *socket_name, int timeout memset(&nssaddr, 0, sizeof(struct sockaddr_un)); nssaddr.sun_family = AF_UNIX; - strncpy(nssaddr.sun_path, socket_name, sizeof(nssaddr.sun_path)); + strncpy(nssaddr.sun_path, socket_name, strlen(socket_name)); sd = socket(AF_UNIX, SOCK_STREAM, 0); if (sd == -1) { diff --git a/src/tests/cmocka/test_ad_common.c b/src/tests/cmocka/test_ad_common.c index a92a15d90..94f351e19 100644 --- a/src/tests/cmocka/test_ad_common.c +++ b/src/tests/cmocka/test_ad_common.c @@ -771,7 +771,7 @@ void test_user_conn_list(void **state) struct ad_common_test_ctx); assert_non_null(test_ctx); - conn_list = ad_user_conn_list(test_ctx->ad_ctx, + conn_list = ad_user_conn_list(test_ctx, test_ctx->ad_ctx, test_ctx->dom); assert_non_null(conn_list); @@ -780,7 +780,7 @@ void test_user_conn_list(void **state) assert_null(conn_list[1]); talloc_free(conn_list); - conn_list = ad_user_conn_list(test_ctx->ad_ctx, + conn_list = ad_user_conn_list(test_ctx, test_ctx->ad_ctx, test_ctx->subdom); assert_non_null(conn_list);
_______________________________________________ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
