sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-01-11 05:18:09 +03:00
Code

s3: Fix a memleak in receive_getdc_response

Browse Source 
It's the free_packet() that was missing. On the way, I've changed the
"return false;" to a "goto fail;", which makes the patch a bit larger.

Autobuild-User: Volker Lendecke <vlendec@samba.org>
Autobuild-Date: Sun Jan  2 14:27:56 CET 2011 on sn-devel-104
This commit is contained in:
Volker Lendecke 2011-01-02 05:57:09 +01:00 committed by Volker Lendecke
parent 45cb9bba37
commit 593c004b74
1 changed files with 22 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

37
source3/libsmb/clidgram.c
View File

@ -107,7 +107,7 @@ static bool cli_prep_mailslot(bool unique, const char *mailslot,
return true; return true;
} }
static const char *mailslot_name(TALLOC_CTX *mem_ctx, struct in_addr dc_ip) static char *mailslot_name(TALLOC_CTX *mem_ctx, struct in_addr dc_ip)
{ {
return talloc_asprintf(mem_ctx, "%s%X", return talloc_asprintf(mem_ctx, "%s%X",
NBT_MAILSLOT_GETDC, dc_ip.s_addr); NBT_MAILSLOT_GETDC, dc_ip.s_addr);
@ -220,11 +220,11 @@ bool receive_getdc_response(TALLOC_CTX *mem_ctx,
const char **dc_name, const char **dc_name,
struct netlogon_samlogon_response **samlogon_response) struct netlogon_samlogon_response **samlogon_response)
{ {
struct packet_struct *packet; struct packet_struct *packet = NULL;
const char *my_mailslot = NULL; char *my_mailslot = NULL;
struct in_addr dc_ip; struct in_addr dc_ip;
DATA_BLOB blob; DATA_BLOB blob;
struct netlogon_samlogon_response *r; struct netlogon_samlogon_response *r = NULL;
union dgram_message_body p; union dgram_message_body p;
enum ndr_err_code ndr_err; enum ndr_err_code ndr_err;
NTSTATUS status; NTSTATUS status;
@ -257,12 +257,12 @@ bool receive_getdc_response(TALLOC_CTX *mem_ctx,
if (blob.length < 4) { if (blob.length < 4) {
DEBUG(0,("invalid length: %d\n", (int)blob.length)); DEBUG(0,("invalid length: %d\n", (int)blob.length));
return false; goto fail;
} }
if (RIVAL(blob.data,0) != DGRAM_SMB) { if (RIVAL(blob.data,0) != DGRAM_SMB) {
DEBUG(0,("invalid packet\n")); DEBUG(0,("invalid packet\n"));
return false; goto fail;
} }
blob.data += 4; blob.data += 4;
@ -272,12 +272,12 @@ bool receive_getdc_response(TALLOC_CTX *mem_ctx,
(ndr_pull_flags_fn_t)ndr_pull_dgram_smb_packet); (ndr_pull_flags_fn_t)ndr_pull_dgram_smb_packet);
if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
DEBUG(0,("failed to parse packet\n")); DEBUG(0,("failed to parse packet\n"));
return false; goto fail;
} }
if (p.smb.smb_command != SMB_TRANSACTION) { if (p.smb.smb_command != SMB_TRANSACTION) {
DEBUG(0,("invalid smb_command: %d\n", p.smb.smb_command)); DEBUG(0,("invalid smb_command: %d\n", p.smb.smb_command));
return false; goto fail;
} }
if (DEBUGLEVEL >= 10) { if (DEBUGLEVEL >= 10) {
@ -288,13 +288,12 @@ bool receive_getdc_response(TALLOC_CTX *mem_ctx,
r = TALLOC_ZERO_P(mem_ctx, struct netlogon_samlogon_response); r = TALLOC_ZERO_P(mem_ctx, struct netlogon_samlogon_response);
if (!r) { if (!r) {
return false; goto fail;
} }
status = pull_netlogon_samlogon_response(&blob, mem_ctx, r); status = pull_netlogon_samlogon_response(&blob, mem_ctx, r);
if (!NT_STATUS_IS_OK(status)) { if (!NT_STATUS_IS_OK(status)) {
TALLOC_FREE(r); goto fail;
return false;
} }
map_netlogon_samlogon_response(r); map_netlogon_samlogon_response(r);
@ -308,14 +307,12 @@ bool receive_getdc_response(TALLOC_CTX *mem_ctx,
if (!strequal(returned_domain, domain_name)) { if (!strequal(returned_domain, domain_name)) {
DEBUG(3, ("GetDC: Expected domain %s, got %s\n", DEBUG(3, ("GetDC: Expected domain %s, got %s\n",
domain_name, returned_domain)); domain_name, returned_domain));
TALLOC_FREE(r); goto fail;
return false;
} }
*dc_name = talloc_strdup(mem_ctx, returned_dc); *dc_name = talloc_strdup(mem_ctx, returned_dc);
if (!*dc_name) { if (!*dc_name) {
TALLOC_FREE(r); goto fail;
return false;
} }
if (**dc_name == '\\') *dc_name += 1; if (**dc_name == '\\') *dc_name += 1;
@ -330,5 +327,15 @@ bool receive_getdc_response(TALLOC_CTX *mem_ctx,
DEBUG(10, ("GetDC gave name %s for domain %s\n", DEBUG(10, ("GetDC gave name %s for domain %s\n",
*dc_name, returned_domain)); *dc_name, returned_domain));
free_packet(packet);
TALLOC_FREE(my_mailslot);
return True; return True;
fail:
TALLOC_FREE(my_mailslot);
TALLOC_FREE(r);
if (packet != NULL) {
free_packet(packet);
}
return false;
} }