diff options
| author | Garming Sam <garming@catalyst.net.nz> | 2019-05-07 13:28:49 +1200 |
|---|---|---|
| committer | Gary Lockyer <gary@samba.org> | 2019-05-08 00:36:14 +0000 |
| commit | 93061fb822d5af5c29f223e9fe1ce91b7264f082 (patch) | |
| tree | 04d6cbae86e94e746f6788be85f27791b7239325 /source4/auth | |
| parent | a4973270423203d9881cdbf2d24fadd02c3228c0 (diff) | |
| download | samba-93061fb822d5af5c29f223e9fe1ce91b7264f082.tar.gz | |
CID 1363286: Resource leak by failing to free tmp_ctx
There are a few oddities in this function, including a duplicated NULL
check, a talloc_free of a context which is passed in and a number of
missing frees before a return.
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Autobuild-User(master): Gary Lockyer <gary@samba.org>
Autobuild-Date(master): Wed May 8 00:36:14 UTC 2019 on sn-devel-184
Diffstat (limited to 'source4/auth')
| -rw-r--r-- | source4/auth/session.c | 27 |
1 files changed, 18 insertions, 9 deletions
diff --git a/source4/auth/session.c b/source4/auth/session.c index 3a8c40b7fb8..71d236aa3e1 100644 --- a/source4/auth/session.c +++ b/source4/auth/session.c @@ -115,10 +115,6 @@ _PUBLIC_ NTSTATUS auth_generate_session_info(TALLOC_CTX *mem_ctx, TALLOC_FREE(tmp_ctx); return NT_STATUS_NO_MEMORY; } - if (!sids) { - talloc_free(tmp_ctx); - return NT_STATUS_NO_MEMORY; - } num_sids = user_info_dc->num_sids; @@ -134,14 +130,19 @@ _PUBLIC_ NTSTATUS auth_generate_session_info(TALLOC_CTX *mem_ctx, if (session_info_flags & AUTH_SESSION_INFO_DEFAULT_GROUPS) { sids = talloc_realloc(tmp_ctx, sids, struct dom_sid, num_sids + 2); - NT_STATUS_HAVE_NO_MEMORY(sids); + if (sids == NULL) { + TALLOC_FREE(tmp_ctx); + return NT_STATUS_NO_MEMORY; + } if (!dom_sid_parse(SID_WORLD, &sids[num_sids])) { + TALLOC_FREE(tmp_ctx); return NT_STATUS_INTERNAL_ERROR; } num_sids++; if (!dom_sid_parse(SID_NT_NETWORK, &sids[num_sids])) { + TALLOC_FREE(tmp_ctx); return NT_STATUS_INTERNAL_ERROR; } num_sids++; @@ -149,9 +150,13 @@ _PUBLIC_ NTSTATUS auth_generate_session_info(TALLOC_CTX *mem_ctx, if (session_info_flags & AUTH_SESSION_INFO_AUTHENTICATED) { sids = talloc_realloc(tmp_ctx, sids, struct dom_sid, num_sids + 1); - NT_STATUS_HAVE_NO_MEMORY(sids); + if (sids == NULL) { + TALLOC_FREE(tmp_ctx); + return NT_STATUS_NO_MEMORY; + } if (!dom_sid_parse(SID_NT_AUTHENTICATED_USERS, &sids[num_sids])) { + TALLOC_FREE(tmp_ctx); return NT_STATUS_INTERNAL_ERROR; } num_sids++; @@ -159,9 +164,13 @@ _PUBLIC_ NTSTATUS auth_generate_session_info(TALLOC_CTX *mem_ctx, if (session_info_flags & AUTH_SESSION_INFO_NTLM) { sids = talloc_realloc(tmp_ctx, sids, struct dom_sid, num_sids + 1); - NT_STATUS_HAVE_NO_MEMORY(sids); + if (sids == NULL) { + TALLOC_FREE(tmp_ctx); + return NT_STATUS_NO_MEMORY; + } if (!dom_sid_parse(SID_NT_NTLM_AUTHENTICATION, &sids[num_sids])) { + TALLOC_FREE(tmp_ctx); return NT_STATUS_INTERNAL_ERROR; } num_sids++; @@ -187,11 +196,11 @@ _PUBLIC_ NTSTATUS auth_generate_session_info(TALLOC_CTX *mem_ctx, "<SID=%s>", dom_sid_str_buf(&sids[i], &buf)); if (sid_dn == NULL) { - TALLOC_FREE(user_info_dc); + TALLOC_FREE(tmp_ctx); return NT_STATUS_NO_MEMORY; } sid_blob = data_blob_string_const(sid_dn); - + /* This function takes in memberOf values and expands * them, as long as they meet the filter - so only * builtin groups |