s3/utils: Fix use after free with popt 1.19

popt1.19 fixes a leak that exposes a use as free,
make sure we duplicate return of poptGetArg if
poptFreeContext is called before we use it.

==6055== Command: ./bin/testparm /etc/samba/smb.conf
==6055==
==6055== Invalid read of size 1
==6055==    at 0x4849782: strlen (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==6055==    by 0x4C1E50F: __vfprintf_internal (in /usr/lib64/libc.so.6)
==6055==    by 0x4C1EB74: buffered_vfprintf (in /usr/lib64/libc.so.6)
==6055==    by 0x4C119E9: fprintf (in /usr/lib64/libc.so.6)
==6055==    by 0x10EBFA: main (testparm.c:862)
==6055==  Address 0x72dab70 is 0 bytes inside a block of size 20 free'd
==6055==    at 0x484617B: free (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==6055==    by 0x4BB28B8: poptResetContext (in /usr/lib64/libpopt.so.0.0.2)
==6055==    by 0x4BB35D4: poptFreeContext (in /usr/lib64/libpopt.so.0.0.2)
==6055==    by 0x10EBAC: main (testparm.c:854)
==6055==  Block was alloc'd at
==6055==    at 0x48437B4: malloc (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==6055==    by 0x4BB42EE: poptGetNextOpt (in /usr/lib64/libpopt.so.0.0.2)
==6055==    by 0x10EB2E: main (testparm.c:830)
==6055==
==6055== Invalid read of size 1
==6055==    at 0x4849794: strlen (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==6055==    by 0x4C1E50F: __vfprintf_internal (in /usr/lib64/libc.so.6)
==6055==    by 0x4C1EB74: buffered_vfprintf (in /usr/lib64/libc.so.6)
==6055==    by 0x4C119E9: fprintf (in /usr/lib64/libc.so.6)
==6055==    by 0x10EBFA: main (testparm.c:862)
==6055==  Address 0x72dab71 is 1 bytes inside a block of size 20 free'd
==6055==    at 0x484617B: free (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==6055==    by 0x4BB28B8: poptResetContext (in /usr/lib64/libpopt.so.0.0.2)
==6055==    by 0x4BB35D4: poptFreeContext (in /usr/lib64/libpopt.so.0.0.2)
==6055==    by 0x10EBAC: main (testparm.c:854)
==6055==  Block was alloc'd at
==6055==    at 0x48437B4: malloc (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==6055==    by 0x4BB42EE: poptGetNextOpt (in /usr/lib64/libpopt.so.0.0.2)
==6055==    by 0x10EB2E: main (testparm.c:830)
==6055==
==6055== Invalid read of size 1
==6055==    at 0x4C44DD0: _IO_default_xsputn (in /usr/lib64/libc.so.6)
==6055==    by 0x4C1E39E: __vfprintf_internal (in /usr/lib64/libc.so.6)
==6055==    by 0x4C1EB74: buffered_vfprintf (in /usr/lib64/libc.so.6)
==6055==    by 0x4C119E9: fprintf (in /usr/lib64/libc.so.6)
==6055==    by 0x10EBFA: main (testparm.c:862)
==6055==  Address 0x72dab70 is 0 bytes inside a block of size 20 free'd
==6055==    at 0x484617B: free (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==6055==    by 0x4BB28B8: poptResetContext (in /usr/lib64/libpopt.so.0.0.2)
==6055==    by 0x4BB35D4: poptFreeContext (in /usr/lib64/libpopt.so.0.0.2)
==6055==    by 0x10EBAC: main (testparm.c:854)
==6055==  Block was alloc'd at
==6055==    at 0x48437B4: malloc (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==6055==    by 0x4BB42EE: poptGetNextOpt (in /usr/lib64/libpopt.so.0.0.2)
==6055==    by 0x10EB2E: main (testparm.c:830)
==6055==
==6055== Invalid read of size 1
==6055==    at 0x4C44DDF: _IO_default_xsputn (in /usr/lib64/libc.so.6)
==6055==    by 0x4C1E39E: __vfprintf_internal (in /usr/lib64/libc.so.6)
==6055==    by 0x4C1EB74: buffered_vfprintf (in /usr/lib64/libc.so.6)
==6055==    by 0x4C119E9: fprintf (in /usr/lib64/libc.so.6)
==6055==    by 0x10EBFA: main (testparm.c:862)
==6055==  Address 0x72dab72 is 2 bytes inside a block of size 20 free'd
==6055==    at 0x484617B: free (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==6055==    by 0x4BB28B8: poptResetContext (in /usr/lib64/libpopt.so.0.0.2)
==6055==    by 0x4BB35D4: poptFreeContext (in /usr/lib64/libpopt.so.0.0.2)
==6055==    by 0x10EBAC: main (testparm.c:854)
==6055==  Block was alloc'd at
==6055==    at 0x48437B4: malloc (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==6055==    by 0x4BB42EE: poptGetNextOpt (in /usr/lib64/libpopt.so.0.0.2)
==6055==    by 0x10EB2E: main (testparm.c:830)
==6055==
Load smb config files from /etc/samba/smb.conf
==6055== Invalid read of size 1
==6055==    at 0x4849782: strlen (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==6055==    by 0x4927E1C: talloc_strdup (talloc.c:2470)
==6055==    by 0x48B5D37: talloc_sub_basic (substitute.c:303)
==6055==    by 0x4889B98: lp_load_ex (loadparm.c:4004)
==6055==    by 0x488A29E: lp_load_with_registry_shares (loadparm.c:4237)
==6055==    by 0x10EC06: main (testparm.c:864)
==6055==  Address 0x72dab70 is 0 bytes inside a block of size 20 free'd
==6055==    at 0x484617B: free (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==6055==    by 0x4BB28B8: poptResetContext (in /usr/lib64/libpopt.so.0.0.2)
==6055==    by 0x4BB35D4: poptFreeContext (in /usr/lib64/libpopt.so.0.0.2)
==6055==    by 0x10EBAC: main (testparm.c:854)
==6055==  Block was alloc'd at
==6055==    at 0x48437B4: malloc (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==6055==    by 0x4BB42EE: poptGetNextOpt (in /usr/lib64/libpopt.so.0.0.2)
==6055==    by 0x10EB2E: main (testparm.c:830)
==6055==
==6055== Invalid read of size 1
==6055==    at 0x4849794: strlen (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==6055==    by 0x4927E1C: talloc_strdup (talloc.c:2470)
==6055==    by 0x48B5D37: talloc_sub_basic (substitute.c:303)
==6055==    by 0x4889B98: lp_load_ex (loadparm.c:4004)
==6055==    by 0x488A29E: lp_load_with_registry_shares (loadparm.c:4237)
==6055==    by 0x10EC06: main (testparm.c:864)
==6055==  Address 0x72dab71 is 1 bytes inside a block of size 20 free'd
==6055==    at 0x484617B: free (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==6055==    by 0x4BB28B8: poptResetContext (in /usr/lib64/libpopt.so.0.0.2)
==6055==    by 0x4BB35D4: poptFreeContext (in /usr/lib64/libpopt.so.0.0.2)
==6055==    by 0x10EBAC: main (testparm.c:854)
==6055==  Block was alloc'd at
==6055==    at 0x48437B4: malloc (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==6055==    by 0x4BB42EE: poptGetNextOpt (in /usr/lib64/libpopt.so.0.0.2)
==6055==    by 0x10EB2E: main (testparm.c:830)
==6055==
==6055== Invalid read of size 8
==6055==    at 0x484D3AE: memmove (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==6055==    by 0x4927DC2: __talloc_strlendup (talloc.c:2457)
==6055==    by 0x4927E32: talloc_strdup (talloc.c:2470)
==6055==    by 0x48B5D37: talloc_sub_basic (substitute.c:303)
==6055==    by 0x4889B98: lp_load_ex (loadparm.c:4004)
==6055==    by 0x488A29E: lp_load_with_registry_shares (loadparm.c:4237)
==6055==    by 0x10EC06: main (testparm.c:864)
==6055==  Address 0x72dab70 is 0 bytes inside a block of size 20 free'd
==6055==    at 0x484617B: free (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==6055==    by 0x4BB28B8: poptResetContext (in /usr/lib64/libpopt.so.0.0.2)
==6055==    by 0x4BB35D4: poptFreeContext (in /usr/lib64/libpopt.so.0.0.2)
==6055==    by 0x10EBAC: main (testparm.c:854)
==6055==  Block was alloc'd at
==6055==    at 0x48437B4: malloc (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==6055==    by 0x4BB42EE: poptGetNextOpt (in /usr/lib64/libpopt.so.0.0.2)
==6055==    by 0x10EB2E: main (testparm.c:830)
==6055==
==6055== Invalid read of size 2
==6055==    at 0x484D400: memmove (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==6055==    by 0x4927DC2: __talloc_strlendup (talloc.c:2457)
==6055==    by 0x4927E32: talloc_strdup (talloc.c:2470)
==6055==    by 0x48B5D37: talloc_sub_basic (substitute.c:303)
==6055==    by 0x4889B98: lp_load_ex (loadparm.c:4004)
==6055==    by 0x488A29E: lp_load_with_registry_shares (loadparm.c:4237)
==6055==    by 0x10EC06: main (testparm.c:864)
==6055==  Address 0x72dab80 is 16 bytes inside a block of size 20 free'd
==6055==    at 0x484617B: free (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==6055==    by 0x4BB28B8: poptResetContext (in /usr/lib64/libpopt.so.0.0.2)
==6055==    by 0x4BB35D4: poptFreeContext (in /usr/lib64/libpopt.so.0.0.2)
==6055==    by 0x10EBAC: main (testparm.c:854)
==6055==  Block was alloc'd at
==6055==    at 0x48437B4: malloc (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==6055==    by 0x4BB42EE: poptGetNextOpt (in /usr/lib64/libpopt.so.0.0.2)
==6055==    by 0x10EB2E: main (testparm.c:830)
==6055==
==6055== Invalid read of size 1
==6055==    at 0x484D430: memmove (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==6055==    by 0x4927DC2: __talloc_strlendup (talloc.c:2457)
==6055==    by 0x4927E32: talloc_strdup (talloc.c:2470)
==6055==    by 0x48B5D37: talloc_sub_basic (substitute.c:303)
==6055==    by 0x4889B98: lp_load_ex (loadparm.c:4004)
==6055==    by 0x488A29E: lp_load_with_registry_shares (loadparm.c:4237)
==6055==    by 0x10EC06: main (testparm.c:864)
==6055==  Address 0x72dab82 is 18 bytes inside a block of size 20 free'd
==6055==    at 0x484617B: free (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==6055==    by 0x4BB28B8: poptResetContext (in /usr/lib64/libpopt.so.0.0.2)
==6055==    by 0x4BB35D4: poptFreeContext (in /usr/lib64/libpopt.so.0.0.2)
==6055==    by 0x10EBAC: main (testparm.c:854)
==6055==  Block was alloc'd at
==6055==    at 0x48437B4: malloc (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==6055==    by 0x4BB42EE: poptGetNextOpt (in /usr/lib64/libpopt.so.0.0.2)
==6055==    by 0x10EB2E: main (testparm.c:830)
==6055==
==6055== Invalid read of size 1
==6055==    at 0x4849782: strlen (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==6055==    by 0x4927E1C: talloc_strdup (talloc.c:2470)
==6055==    by 0x4B5974B: add_to_file_list (loadparm.c:1023)
==6055==    by 0x4889BD4: lp_load_ex (loadparm.c:4011)
==6055==    by 0x488A29E: lp_load_with_registry_shares (loadparm.c:4237)
==6055==    by 0x10EC06: main (testparm.c:864)
==6055==  Address 0x72dab70 is 0 bytes inside a block of size 20 free'd
==6055==    at 0x484617B: free (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==6055==    by 0x4BB28B8: poptResetContext (in /usr/lib64/libpopt.so.0.0.2)
==6055==    by 0x4BB35D4: poptFreeContext (in /usr/lib64/libpopt.so.0.0.2)
==6055==    by 0x10EBAC: main (testparm.c:854)
==6055==  Block was alloc'd at
==6055==    at 0x48437B4: malloc (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==6055==    by 0x4BB42EE: poptGetNextOpt (in /usr/lib64/libpopt.so.0.0.2)
==6055==    by 0x10EB2E: main (testparm.c:830)
==6055==
==6055== Invalid read of size 1
==6055==    at 0x4849794: strlen (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==6055==    by 0x4927E1C: talloc_strdup (talloc.c:2470)
==6055==    by 0x4B5974B: add_to_file_list (loadparm.c:1023)
==6055==    by 0x4889BD4: lp_load_ex (loadparm.c:4011)
==6055==    by 0x488A29E: lp_load_with_registry_shares (loadparm.c:4237)
==6055==    by 0x10EC06: main (testparm.c:864)
==6055==  Address 0x72dab71 is 1 bytes inside a block of size 20 free'd
==6055==    at 0x484617B: free (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==6055==    by 0x4BB28B8: poptResetContext (in /usr/lib64/libpopt.so.0.0.2)
==6055==    by 0x4BB35D4: poptFreeContext (in /usr/lib64/libpopt.so.0.0.2)
==6055==    by 0x10EBAC: main (testparm.c:854)
==6055==  Block was alloc'd at
==6055==    at 0x48437B4: malloc (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==6055==    by 0x4BB42EE: poptGetNextOpt (in /usr/lib64/libpopt.so.0.0.2)
==6055==    by 0x10EB2E: main (testparm.c:830)
==6055==
==6055== Invalid read of size 8
==6055==    at 0x484D3AE: memmove (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==6055==    by 0x4927DC2: __talloc_strlendup (talloc.c:2457)
==6055==    by 0x4927E32: talloc_strdup (talloc.c:2470)
==6055==    by 0x4B5974B: add_to_file_list (loadparm.c:1023)
==6055==    by 0x4889BD4: lp_load_ex (loadparm.c:4011)
==6055==    by 0x488A29E: lp_load_with_registry_shares (loadparm.c:4237)
==6055==    by 0x10EC06: main (testparm.c:864)
==6055==  Address 0x72dab70 is 0 bytes inside a block of size 20 free'd
==6055==    at 0x484617B: free (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==6055==    by 0x4BB28B8: poptResetContext (in /usr/lib64/libpopt.so.0.0.2)
==6055==    by 0x4BB35D4: poptFreeContext (in /usr/lib64/libpopt.so.0.0.2)
==6055==    by 0x10EBAC: main (testparm.c:854)
==6055==  Block was alloc'd at
==6055==    at 0x48437B4: malloc (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==6055==    by 0x4BB42EE: poptGetNextOpt (in /usr/lib64/libpopt.so.0.0.2)
==6055==    by 0x10EB2E: main (testparm.c:830)
==6055==
==6055== Invalid read of size 2
==6055==    at 0x484D400: memmove (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==6055==    by 0x4927DC2: __talloc_strlendup (talloc.c:2457)
==6055==    by 0x4927E32: talloc_strdup (talloc.c:2470)
==6055==    by 0x4B5974B: add_to_file_list (loadparm.c:1023)
==6055==    by 0x4889BD4: lp_load_ex (loadparm.c:4011)
==6055==    by 0x488A29E: lp_load_with_registry_shares (loadparm.c:4237)
==6055==    by 0x10EC06: main (testparm.c:864)
==6055==  Address 0x72dab80 is 16 bytes inside a block of size 20 free'd
==6055==    at 0x484617B: free (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==6055==    by 0x4BB28B8: poptResetContext (in /usr/lib64/libpopt.so.0.0.2)
==6055==    by 0x4BB35D4: poptFreeContext (in /usr/lib64/libpopt.so.0.0.2)
==6055==    by 0x10EBAC: main (testparm.c:854)
==6055==  Block was alloc'd at
==6055==    at 0x48437B4: malloc (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==6055==    by 0x4BB42EE: poptGetNextOpt (in /usr/lib64/libpopt.so.0.0.2)
==6055==    by 0x10EB2E: main (testparm.c:830)
==6055==
==6055== Invalid read of size 1
==6055==    at 0x484D430: memmove (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==6055==    by 0x4927DC2: __talloc_strlendup (talloc.c:2457)
==6055==    by 0x4927E32: talloc_strdup (talloc.c:2470)
==6055==    by 0x4B5974B: add_to_file_list (loadparm.c:1023)
==6055==    by 0x4889BD4: lp_load_ex (loadparm.c:4011)
==6055==    by 0x488A29E: lp_load_with_registry_shares (loadparm.c:4237)
==6055==    by 0x10EC06: main (testparm.c:864)
==6055==  Address 0x72dab82 is 18 bytes inside a block of size 20 free'd
==6055==    at 0x484617B: free (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==6055==    by 0x4BB28B8: poptResetContext (in /usr/lib64/libpopt.so.0.0.2)
==6055==    by 0x4BB35D4: poptFreeContext (in /usr/lib64/libpopt.so.0.0.2)
==6055==    by 0x10EBAC: main (testparm.c:854)
==6055==  Block was alloc'd at
==6055==    at 0x48437B4: malloc (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==6055==    by 0x4BB42EE: poptGetNextOpt (in /usr/lib64/libpopt.so.0.0.2)
==6055==    by 0x10EB2E: main (testparm.c:830)
==6055==

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15205

Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Ralph Boehme <slow@samba.org>

source3/utils/testparm.c

@@ -843,13 +843,13 @@ static void do_per_share_checks(int s)
 	}
 
 	if (poptPeekArg(pc)) {
-		config_file = poptGetArg(pc);
+		config_file = talloc_strdup(frame, poptGetArg(pc));
 	} else {
 		config_file = get_dyn_CONFIGFILE();
 	}
 
-	cname = poptGetArg(pc);
-	caddr = poptGetArg(pc);
+	cname = talloc_strdup(frame, poptGetArg(pc));
+	caddr = talloc_strdup(frame, poptGetArg(pc));
 
 	poptFreeContext(pc);