From 8e00e9d7a6114089fc176bc3446c6c97a01543d6 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Thu, 1 Mar 2007 02:43:33 +0000 Subject: r21609: Fix memory leaks in error code paths (and one in winbindd_group.c). Patch from Zack Kirsch . Jeremy. (This used to be commit df07a662e32367a52c1e8473475423db2ff5bc51) --- source3/include/doserr.h | 1 + source3/libsmb/cliquota.c | 2 ++ source3/libsmb/doserr.c | 4 +++- source3/modules/vfs_netatalk.c | 8 ++++---- source3/nsswitch/idmap_ldap.c | 3 +++ source3/nsswitch/winbindd_group.c | 6 ++++-- source3/passdb/pdb_ldap.c | 2 ++ source3/rpcclient/cmd_samr.c | 1 + source3/torture/torture.c | 5 +++++ source3/utils/net_ads.c | 9 +++++++++ source3/utils/net_rpc.c | 22 ++++++++++++++++++++++ 11 files changed, 56 insertions(+), 7 deletions(-) (limited to 'source3') diff --git a/source3/include/doserr.h b/source3/include/doserr.h index 4e3a85ff73f..3c3978a5b9f 100644 --- a/source3/include/doserr.h +++ b/source3/include/doserr.h @@ -202,6 +202,7 @@ #define WERR_SERVICE_NEVER_STARTED W_ERROR(1077) #define WERR_MACHINE_LOCKED W_ERROR(1271) #define WERR_NO_LOGON_SERVERS W_ERROR(1311) +#define WERR_LOGON_FAILURE W_ERROR(1326) #define WERR_NO_SUCH_DOMAIN W_ERROR(1355) #define WERR_INVALID_SECURITY_DESCRIPTOR W_ERROR(1338) #define WERR_TIME_SKEW W_ERROR(1398) diff --git a/source3/libsmb/cliquota.c b/source3/libsmb/cliquota.c index 25c36c214fc..5627d28bb5d 100644 --- a/source3/libsmb/cliquota.c +++ b/source3/libsmb/cliquota.c @@ -323,11 +323,13 @@ BOOL cli_list_user_quota(struct cli_state *cli, int quota_fnum, SMB_NTQUOTA_LIST if ((tmp_list_ent=TALLOC_ZERO_P(mem_ctx,SMB_NTQUOTA_LIST))==NULL) { DEBUG(0,("talloc_zero() failed\n")); + talloc_destroy(mem_ctx); return (-1); } if ((tmp_list_ent->quotas=TALLOC_ZERO_P(mem_ctx,SMB_NTQUOTA_STRUCT))==NULL) { DEBUG(0,("talloc_zero() failed\n")); + talloc_destroy(mem_ctx); return (-1); } diff --git a/source3/libsmb/doserr.c b/source3/libsmb/doserr.c index 8628db3abc9..414c2d49168 100644 --- a/source3/libsmb/doserr.c +++ b/source3/libsmb/doserr.c @@ -68,6 +68,7 @@ werror_code_struct dos_errs[] = { "WERR_DFS_CANT_CREATE_JUNCT", WERR_DFS_CANT_CREATE_JUNCT }, { "WERR_MACHINE_LOCKED", WERR_MACHINE_LOCKED }, { "WERR_NO_LOGON_SERVERS", WERR_NO_LOGON_SERVERS }, + { "WERR_LOGON_FAILURE", WERR_LOGON_FAILURE }, { "WERR_NO_SUCH_DOMAIN", WERR_NO_SUCH_DOMAIN }, { "WERR_INVALID_SECURITY_DESCRIPTOR", WERR_INVALID_SECURITY_DESCRIPTOR }, { "WERR_INVALID_OWNER", WERR_INVALID_OWNER }, @@ -83,8 +84,9 @@ werror_code_struct dos_errs[] = }; /***************************************************************************** - returns a DOS error message. not amazingly helpful, but better than a number. + Returns a DOS error message. not amazingly helpful, but better than a number. *****************************************************************************/ + const char *dos_errstr(WERROR werror) { static pstring msg; diff --git a/source3/modules/vfs_netatalk.c b/source3/modules/vfs_netatalk.c index 7176919a7dc..efcc9816794 100644 --- a/source3/modules/vfs_netatalk.c +++ b/source3/modules/vfs_netatalk.c @@ -241,7 +241,7 @@ static int atalk_rename(struct vfs_handle_struct *handle, const char *oldname, c if (atalk_build_paths(ctx, handle->conn->origpath, oldname, &adbl_path, &orig_path, &adbl_info, &orig_info) != 0) - return ret; + goto exit_rename; if (S_ISDIR(orig_info.st_mode) || S_ISREG(orig_info.st_mode)) { DEBUG(3, ("ATALK: %s has passed..\n", adbl_path)); @@ -297,7 +297,7 @@ static int atalk_unlink(struct vfs_handle_struct *handle, const char *path) if (atalk_build_paths(ctx, handle->conn->origpath, path, &adbl_path, &orig_path, &adbl_info, &orig_info) != 0) - return ret; + goto exit_unlink; if (S_ISDIR(orig_info.st_mode) || S_ISREG(orig_info.st_mode)) { DEBUG(3, ("ATALK: %s has passed..\n", adbl_path)); @@ -329,7 +329,7 @@ static int atalk_chmod(struct vfs_handle_struct *handle, const char *path, mode_ if (atalk_build_paths(ctx, handle->conn->origpath, path, &adbl_path, &orig_path, &adbl_info, &orig_info) != 0) - return ret; + goto exit_chmod; if (!S_ISDIR(orig_info.st_mode) && !S_ISREG(orig_info.st_mode)) { DEBUG(3, ("ATALK: %s has passed..\n", orig_path)); @@ -361,7 +361,7 @@ static int atalk_chown(struct vfs_handle_struct *handle, const char *path, uid_t if (atalk_build_paths(ctx, handle->conn->origpath, path, &adbl_path, &orig_path, &adbl_info, &orig_info) != 0) - return ret; + goto exit_chown; if (!S_ISDIR(orig_info.st_mode) && !S_ISREG(orig_info.st_mode)) { DEBUG(3, ("ATALK: %s has passed..\n", orig_path)); diff --git a/source3/nsswitch/idmap_ldap.c b/source3/nsswitch/idmap_ldap.c index 8cccbcecf4c..f74372eceab 100644 --- a/source3/nsswitch/idmap_ldap.c +++ b/source3/nsswitch/idmap_ldap.c @@ -1283,6 +1283,9 @@ static NTSTATUS idmap_ldap_set_mapping(struct idmap_domain *dom, const struct id sid, (unsigned long)map->xid.id, type)); DEBUG(0, ("ldap_set_mapping_internals: Error was: %s (%s)\n", ld_error ? ld_error : "(NULL)", ldap_err2string (rc))); + if (ld_error) { + ldap_memfree(ld_error); + } ret = NT_STATUS_UNSUCCESSFUL; goto done; } diff --git a/source3/nsswitch/winbindd_group.c b/source3/nsswitch/winbindd_group.c index 7edb755f1c0..f47d08ee857 100644 --- a/source3/nsswitch/winbindd_group.c +++ b/source3/nsswitch/winbindd_group.c @@ -228,10 +228,12 @@ static BOOL fill_grent_mem(struct winbindd_domain *domain, * from more than one domain, ie aliases. Thus we have to work it out * ourselves in a special routine. */ - if (domain->internal) - return fill_passdb_alias_grmem(domain, group_sid, + if (domain->internal) { + result = fill_passdb_alias_grmem(domain, group_sid, num_gr_mem, gr_mem, gr_mem_len); + goto done; + } if ( !((group_name_type==SID_NAME_DOM_GRP) || ((group_name_type==SID_NAME_ALIAS) && domain->primary)) ) diff --git a/source3/passdb/pdb_ldap.c b/source3/passdb/pdb_ldap.c index 5fd607a7fce..c4c53c30664 100644 --- a/source3/passdb/pdb_ldap.c +++ b/source3/passdb/pdb_ldap.c @@ -5673,6 +5673,7 @@ NTSTATUS pdb_init_ldapsam(struct pdb_methods **pdb_method, const char *location) dn = smbldap_get_dn(ldap_state->smbldap_state->ldap_struct, entry); if (!dn) { + ldap_msgfree(result); return NT_STATUS_UNSUCCESSFUL; } @@ -5689,6 +5690,7 @@ NTSTATUS pdb_init_ldapsam(struct pdb_methods **pdb_method, const char *location) if (!string_to_sid(&ldap_domain_sid, domain_sid_string)) { DEBUG(1, ("pdb_init_ldapsam: SID [%s] could not be " "read as a valid SID\n", domain_sid_string)); + ldap_msgfree(result); return NT_STATUS_INVALID_PARAMETER; } found_sid = secrets_fetch_domain_sid(ldap_state->domain_name, diff --git a/source3/rpcclient/cmd_samr.c b/source3/rpcclient/cmd_samr.c index fc11739ad52..08febc95976 100644 --- a/source3/rpcclient/cmd_samr.c +++ b/source3/rpcclient/cmd_samr.c @@ -1988,6 +1988,7 @@ static NTSTATUS cmd_samr_query_sec_obj(struct rpc_pipe_client *cli, if ((argc < 1) || (argc > 3)) { printf("Usage: %s [rid|-d] [sec_info]\n", argv[0]); printf("\tSpecify rid for security on user, -d for security on domain\n"); + talloc_destroy(ctx); return NT_STATUS_OK; } diff --git a/source3/torture/torture.c b/source3/torture/torture.c index 79444946122..5ab28438f21 100644 --- a/source3/torture/torture.c +++ b/source3/torture/torture.c @@ -4479,6 +4479,7 @@ static BOOL run_eatest(int dummy) printf("starting eatest\n"); if (!torture_open_connection(&cli, 0)) { + talloc_destroy(mem_ctx); return False; } @@ -4490,6 +4491,7 @@ static BOOL run_eatest(int dummy) if (fnum == -1) { printf("open failed - %s\n", cli_errstr(cli)); + talloc_destroy(mem_ctx); return False; } @@ -4500,6 +4502,7 @@ static BOOL run_eatest(int dummy) memset(ea_val, (char)i+1, i+1); if (!cli_set_ea_fnum(cli, fnum, ea_name, ea_val, i+1)) { printf("ea_set of name %s failed - %s\n", ea_name, cli_errstr(cli)); + talloc_destroy(mem_ctx); return False; } } @@ -4512,6 +4515,7 @@ static BOOL run_eatest(int dummy) memset(ea_val, (char)i+1, i+1); if (!cli_set_ea_path(cli, fname, ea_name, ea_val, i+1)) { printf("ea_set of name %s failed - %s\n", ea_name, cli_errstr(cli)); + talloc_destroy(mem_ctx); return False; } } @@ -4545,6 +4549,7 @@ static BOOL run_eatest(int dummy) slprintf(ea_name, sizeof(ea_name), "ea_%d", i); if (!cli_set_ea_path(cli, fname, ea_name, "", 0)) { printf("ea_set of name %s failed - %s\n", ea_name, cli_errstr(cli)); + talloc_destroy(mem_ctx); return False; } } diff --git a/source3/utils/net_ads.c b/source3/utils/net_ads.c index b1ac40fd72e..363bfbc6669 100644 --- a/source3/utils/net_ads.c +++ b/source3/utils/net_ads.c @@ -1823,10 +1823,12 @@ static int net_ads_printer_publish(int argc, const char **argv) LDAPMessage *res = NULL; if (!ADS_ERR_OK(ads_startup(True, &ads))) { + talloc_destroy(mem_ctx); return -1; } if (argc < 1) { + talloc_destroy(mem_ctx); return net_ads_printer_usage(argc, argv); } @@ -1854,6 +1856,7 @@ static int net_ads_printer_publish(int argc, const char **argv) d_fprintf(stderr, "Unable to open a connnection to %s to obtain data " "for %s\n", servername, printername); ads_destroy(&ads); + talloc_destroy(mem_ctx); return -1; } @@ -1865,6 +1868,7 @@ static int net_ads_printer_publish(int argc, const char **argv) d_fprintf(stderr, "Could not find machine account for server %s\n", servername); ads_destroy(&ads); + talloc_destroy(mem_ctx); return -1; } @@ -1878,6 +1882,7 @@ static int net_ads_printer_publish(int argc, const char **argv) SAFE_FREE(printername_escaped); d_fprintf(stderr, "Internal error, out of memory!"); ads_destroy(&ads); + talloc_destroy(mem_ctx); return -1; } @@ -1892,6 +1897,7 @@ static int net_ads_printer_publish(int argc, const char **argv) servername); SAFE_FREE(prt_dn); ads_destroy(&ads); + talloc_destroy(mem_ctx); return -1; } @@ -1899,6 +1905,7 @@ static int net_ads_printer_publish(int argc, const char **argv) printername))) { SAFE_FREE(prt_dn); ads_destroy(&ads); + talloc_destroy(mem_ctx); return -1; } @@ -1907,12 +1914,14 @@ static int net_ads_printer_publish(int argc, const char **argv) d_fprintf(stderr, "ads_publish_printer: %s\n", ads_errstr(rc)); SAFE_FREE(prt_dn); ads_destroy(&ads); + talloc_destroy(mem_ctx); return -1; } d_printf("published printer\n"); SAFE_FREE(prt_dn); ads_destroy(&ads); + talloc_destroy(mem_ctx); return 0; } diff --git a/source3/utils/net_rpc.c b/source3/utils/net_rpc.c index 94708ad2ccf..c1d812a8f0b 100644 --- a/source3/utils/net_rpc.c +++ b/source3/utils/net_rpc.c @@ -5574,6 +5574,7 @@ static int rpc_trustdom_establish(int argc, const char **argv) if (!pipe_hnd) { DEBUG(0, ("Could not initialise lsa pipe. Error was %s\n", nt_errstr(nt_status) )); cli_shutdown(cli); + talloc_destroy(mem_ctx); return -1; } @@ -5583,6 +5584,7 @@ static int rpc_trustdom_establish(int argc, const char **argv) DEBUG(0, ("Couldn't open policy handle. Error was %s\n", nt_errstr(nt_status))); cli_shutdown(cli); + talloc_destroy(mem_ctx); return -1; } @@ -5595,6 +5597,7 @@ static int rpc_trustdom_establish(int argc, const char **argv) DEBUG(0, ("LSA Query Info failed. Returned error was %s\n", nt_errstr(nt_status))); cli_shutdown(cli); + talloc_destroy(mem_ctx); return -1; } @@ -5608,6 +5611,7 @@ static int rpc_trustdom_establish(int argc, const char **argv) if (!pdb_set_trusteddom_pw(domain_name, opt_password, domain_sid)) { DEBUG(0, ("Storing password for trusted domain failed.\n")); cli_shutdown(cli); + talloc_destroy(mem_ctx); return -1; } @@ -5620,6 +5624,7 @@ static int rpc_trustdom_establish(int argc, const char **argv) DEBUG(0, ("Couldn't close LSA pipe. Error was %s\n", nt_errstr(nt_status))); cli_shutdown(cli); + talloc_destroy(mem_ctx); return -1; } @@ -5807,6 +5812,7 @@ static int rpc_trustdom_vampire(int argc, const char **argv) /* open \PIPE\lsarpc and open policy handle */ if (!(cli = net_make_ipc_connection(NET_FLAGS_PDC))) { DEBUG(0, ("Couldn't connect to domain controller\n")); + talloc_destroy(mem_ctx); return -1; }; @@ -5815,6 +5821,7 @@ static int rpc_trustdom_vampire(int argc, const char **argv) DEBUG(0, ("Could not initialise lsa pipe. Error was %s\n", nt_errstr(nt_status) )); cli_shutdown(cli); + talloc_destroy(mem_ctx); return -1; }; @@ -5824,6 +5831,7 @@ static int rpc_trustdom_vampire(int argc, const char **argv) DEBUG(0, ("Couldn't open policy handle. Error was %s\n", nt_errstr(nt_status))); cli_shutdown(cli); + talloc_destroy(mem_ctx); return -1; }; @@ -5836,6 +5844,7 @@ static int rpc_trustdom_vampire(int argc, const char **argv) DEBUG(0, ("LSA Query Info failed. Returned error was %s\n", nt_errstr(nt_status))); cli_shutdown(cli); + talloc_destroy(mem_ctx); return -1; } @@ -5855,6 +5864,7 @@ static int rpc_trustdom_vampire(int argc, const char **argv) DEBUG(0, ("Couldn't enumerate trusted domains. Error was %s\n", nt_errstr(nt_status))); cli_shutdown(cli); + talloc_destroy(mem_ctx); return -1; }; @@ -5866,6 +5876,7 @@ static int rpc_trustdom_vampire(int argc, const char **argv) domain_sids[i], trusted_dom_names[i]); if (!NT_STATUS_IS_OK(nt_status)) { cli_shutdown(cli); + talloc_destroy(mem_ctx); return -1; } }; @@ -5884,6 +5895,7 @@ static int rpc_trustdom_vampire(int argc, const char **argv) DEBUG(0, ("Couldn't properly close lsa policy handle. Error was %s\n", nt_errstr(nt_status))); cli_shutdown(cli); + talloc_destroy(mem_ctx); return -1; }; @@ -5943,6 +5955,7 @@ static int rpc_trustdom_list(int argc, const char **argv) /* open \PIPE\lsarpc and open policy handle */ if (!(cli = net_make_ipc_connection(NET_FLAGS_PDC))) { DEBUG(0, ("Couldn't connect to domain controller\n")); + talloc_destroy(mem_ctx); return -1; }; @@ -5950,6 +5963,7 @@ static int rpc_trustdom_list(int argc, const char **argv) if (!pipe_hnd) { DEBUG(0, ("Could not initialise lsa pipe. Error was %s\n", nt_errstr(nt_status) )); + talloc_destroy(mem_ctx); return -1; }; @@ -5958,6 +5972,7 @@ static int rpc_trustdom_list(int argc, const char **argv) if (NT_STATUS_IS_ERR(nt_status)) { DEBUG(0, ("Couldn't open policy handle. Error was %s\n", nt_errstr(nt_status))); + talloc_destroy(mem_ctx); return -1; }; @@ -5969,6 +5984,7 @@ static int rpc_trustdom_list(int argc, const char **argv) if (NT_STATUS_IS_ERR(nt_status)) { DEBUG(0, ("LSA Query Info failed. Returned error was %s\n", nt_errstr(nt_status))); + talloc_destroy(mem_ctx); return -1; } @@ -5987,6 +6003,7 @@ static int rpc_trustdom_list(int argc, const char **argv) if (NT_STATUS_IS_ERR(nt_status)) { DEBUG(0, ("Couldn't enumerate trusted domains. Error was %s\n", nt_errstr(nt_status))); + talloc_destroy(mem_ctx); return -1; }; @@ -6007,6 +6024,7 @@ static int rpc_trustdom_list(int argc, const char **argv) if (NT_STATUS_IS_ERR(nt_status)) { DEBUG(0, ("Couldn't properly close lsa policy handle. Error was %s\n", nt_errstr(nt_status))); + talloc_destroy(mem_ctx); return -1; }; @@ -6024,6 +6042,7 @@ static int rpc_trustdom_list(int argc, const char **argv) pipe_hnd = cli_rpc_pipe_open_noauth(cli, PI_SAMR, &nt_status); if (!pipe_hnd) { DEBUG(0, ("Could not initialise samr pipe. Error was %s\n", nt_errstr(nt_status))); + talloc_destroy(mem_ctx); return -1; }; @@ -6033,6 +6052,7 @@ static int rpc_trustdom_list(int argc, const char **argv) if (!NT_STATUS_IS_OK(nt_status)) { DEBUG(0, ("Couldn't open SAMR policy handle. Error was %s\n", nt_errstr(nt_status))); + talloc_destroy(mem_ctx); return -1; }; @@ -6044,6 +6064,7 @@ static int rpc_trustdom_list(int argc, const char **argv) if (!NT_STATUS_IS_OK(nt_status)) { DEBUG(0, ("Couldn't open domain object. Error was %s\n", nt_errstr(nt_status))); + talloc_destroy(mem_ctx); return -1; }; @@ -6061,6 +6082,7 @@ static int rpc_trustdom_list(int argc, const char **argv) if (NT_STATUS_IS_ERR(nt_status)) { DEBUG(0, ("Couldn't enumerate accounts. Error was: %s\n", nt_errstr(nt_status))); + talloc_destroy(mem_ctx); return -1; }; -- cgit v1.2.1