r19299: Fix possible memleaks

(This used to be commit 6fad80bb09)

source4/auth/gensec/schannel_state.c

@@ -198,12 +198,14 @@ NTSTATUS schannel_fetch_session_key_ldb(TALLOC_CTX *mem_ctx,
 	ret = ldb_search(ldb, NULL, LDB_SCOPE_SUBTREE, expr, NULL, &res);
 	if (ret != LDB_SUCCESS || res->count != 1) {
 		DEBUG(3,("schannel: Failed to find a record for client: %s\n", computer_name));
+		talloc_free(res);
 		return NT_STATUS_INVALID_HANDLE;
 	}
 
 	val = ldb_msg_find_ldb_val(res->msgs[0], "sessionKey");
 	if (val == NULL || val->length != 16) {
 		DEBUG(1,("schannel: record in schannel DB must contain a sessionKey of length 16, when searching for client: %s\n", computer_name));
+		talloc_free(res);
 		return NT_STATUS_INTERNAL_ERROR;
 	}
 
@@ -212,6 +214,7 @@ NTSTATUS schannel_fetch_session_key_ldb(TALLOC_CTX *mem_ctx,
 	val = ldb_msg_find_ldb_val(res->msgs[0], "seed");
 	if (val == NULL || val->length != 8) {
 		DEBUG(1,("schannel: record in schannel DB must contain a vaid seed of length 8, when searching for client: %s\n", computer_name));
+		talloc_free(res);
 		return NT_STATUS_INTERNAL_ERROR;
 	}
 
@@ -220,6 +223,7 @@ NTSTATUS schannel_fetch_session_key_ldb(TALLOC_CTX *mem_ctx,
 	val = ldb_msg_find_ldb_val(res->msgs[0], "clientState");
 	if (val == NULL || val->length != 8) {
 		DEBUG(1,("schannel: record in schannel DB must contain a vaid clientState of length 8, when searching for client: %s\n", computer_name));
+		talloc_free(res);
 		return NT_STATUS_INTERNAL_ERROR;
 	}
 	memcpy((*creds)->client.data, val->data, 8);
@@ -227,6 +231,7 @@ NTSTATUS schannel_fetch_session_key_ldb(TALLOC_CTX *mem_ctx,
 	val = ldb_msg_find_ldb_val(res->msgs[0], "serverState");
 	if (val == NULL || val->length != 8) {
 		DEBUG(1,("schannel: record in schannel DB must contain a vaid serverState of length 8, when searching for client: %s\n", computer_name));
+		talloc_free(res);
 		return NT_STATUS_INTERNAL_ERROR;
 	}
 	memcpy((*creds)->server.data, val->data, 8);
@@ -235,14 +240,27 @@ NTSTATUS schannel_fetch_session_key_ldb(TALLOC_CTX *mem_ctx,
 
 	(*creds)->secure_channel_type = ldb_msg_find_attr_as_int(res->msgs[0], "secureChannelType", 0);
 
-	(*creds)->account_name = talloc_reference(*creds, ldb_msg_find_attr_as_string(res->msgs[0], "accountName", NULL));
+	(*creds)->account_name = talloc_strdup(*creds, ldb_msg_find_attr_as_string(res->msgs[0], "accountName", NULL));
+	if ((*creds)->account_name == NULL) {
+		talloc_free(res);
+		return NT_STATUS_NO_MEMORY;
+	}
 
-	(*creds)->computer_name = talloc_reference(*creds, ldb_msg_find_attr_as_string(res->msgs[0], "computerName", NULL));
+	(*creds)->computer_name = talloc_strdup(*creds, ldb_msg_find_attr_as_string(res->msgs[0], "computerName", NULL));
+	if ((*creds)->computer_name == NULL) {
+		talloc_free(res);
+		return NT_STATUS_NO_MEMORY;
+	}
 
-	(*creds)->domain = talloc_reference(*creds, ldb_msg_find_attr_as_string(res->msgs[0], "flatname", NULL));
+	(*creds)->domain = talloc_strdup(*creds, ldb_msg_find_attr_as_string(res->msgs[0], "flatname", NULL));
+	if ((*creds)->domain == NULL) {
+		talloc_free(res);
+		return NT_STATUS_NO_MEMORY;
+	}
 
 	(*creds)->sid = samdb_result_dom_sid(*creds, res->msgs[0], "objectSid");
 
+	talloc_free(res);
 	return NT_STATUS_OK;
 }
 

source4/dsdb/samdb/ldb_modules/entryUUID.c

@@ -468,7 +468,9 @@ static int fetch_objectclass_schema(struct ldb_context *ldb, struct ldb_dn *sche
 	if (ret != LDB_SUCCESS) {
 		return ret;
 	}
-	
+
+	talloc_steal(mem_ctx, objectclass_res);
+
 	return ret;
 }
 

source4/kdc/hdb-ldb.c

@@ -458,8 +458,6 @@ static krb5_error_code LDB_lookup_principal(krb5_context context, struct ldb_con
 	char *short_princ;
 	char *short_princ_talloc;
 
-	char *realm_dn_str;
-
 	struct ldb_result *res = NULL;
 
 	ret = krb5_unparse_name_norealm(context, principal, &short_princ);
@@ -501,13 +499,12 @@ static krb5_error_code LDB_lookup_principal(krb5_context context, struct ldb_con
 
 	lret = ldb_search(ldb_ctx, realm_dn, LDB_SCOPE_SUBTREE, filter, princ_attrs, &res);
 
-	realm_dn_str = ldb_dn_linearize(mem_ctx, realm_dn);
-
 	if (lret != LDB_SUCCESS) {
 		DEBUG(3, ("Failed to search for %s: %s\n", filter, ldb_errstring(ldb_ctx)));
 		return HDB_ERR_NOENTRY;
 	} else if (res->count == 0 || res->count > 1) {
 		DEBUG(3, ("Failed find a single entry for %s: got %d\n", filter, res->count));
+		talloc_free(res);
 		return HDB_ERR_NOENTRY;
 	}
 	talloc_steal(mem_ctx, res->msgs);

source4/lib/ldb/modules/ldb_map.c

@@ -1233,11 +1233,13 @@ static int map_init_dns(struct ldb_module *module, struct ldb_map_context *data,
 	if (res->count == 0) {
 		ldb_debug(module->ldb, LDB_DEBUG_ERROR, "ldb_map: "
 			  "No results for '%s=%s'!\n", MAP_DN_NAME, name);
+		talloc_free(res);
 		return LDB_ERR_CONSTRAINT_VIOLATION;
 	}
 	if (res->count > 1) {
 		ldb_debug(module->ldb, LDB_DEBUG_ERROR, "ldb_map: "
 			  "Too many results for '%s=%s'!\n", MAP_DN_NAME, name);
+		talloc_free(res);
 		return LDB_ERR_CONSTRAINT_VIOLATION;
 	}
 

source4/lib/registry/reg_backend_ldb.c

@@ -240,6 +240,7 @@ static WERROR ldb_open_key(TALLOC_CTX *mem_ctx, const struct registry_key *h, co
 		DEBUG(0, ("Error opening key '%s': %s\n", ldb_dn_linearize(ldap_path, ldap_path), ldb_errstring(c)));
 		return WERR_FOOBAR;
 	} else if (res->count == 0) {
+		talloc_free(res);
 		return WERR_BADFILE;
 	}
 

source4/libnet/libnet_join.c

@@ -247,6 +247,7 @@ static NTSTATUS libnet_JoinADSDomain(struct libnet_context *ctx, struct libnet_J
 	/* search for the user's record */
 	ret = ldb_search(remote_ldb, account_dn, LDB_SCOPE_BASE, 
 			     NULL, attrs, &res);
+	talloc_steal(tmp_ctx, res);
 	if (ret != LDB_SUCCESS || res->count != 1) {
 		r->out.error_string = talloc_asprintf(r, "ldb_search for %s failed - %s",
 						      account_dn_str, ldb_errstring(remote_ldb));

source4/nbt_server/wins/winsdb.c

@@ -85,6 +85,7 @@ uint64_t winsdb_set_maxVersion(struct winsdb_handle *h, uint64_t newMaxVersion)
 	ret = ldb_search(wins_db, dn, LDB_SCOPE_BASE, NULL, NULL, &res);
 
 	if (ret != LDB_SUCCESS) goto failed;
+	talloc_steal(tmp_ctx, res);
 	if (res->count > 1) goto failed;
 
 	talloc_steal(tmp_ctx, res);
@@ -588,6 +589,7 @@ NTSTATUS winsdb_lookup(struct winsdb_handle *h,
 	ret = ldb_search(wins_db, winsdb_dn(tmp_ctx, name), LDB_SCOPE_BASE, 
 			 NULL, NULL, &res);
 
+	talloc_steal(tmp_ctx, res);
 	if (ret != LDB_SUCCESS || res->count > 1) {
 		status = NT_STATUS_INTERNAL_DB_CORRUPTION;
 		goto failed;
@@ -596,8 +598,6 @@ NTSTATUS winsdb_lookup(struct winsdb_handle *h,
 		goto failed;
 	}
 
-	talloc_steal(tmp_ctx, res);
-
 	status = winsdb_record(h, res->msgs[0], tmp_ctx, now, &rec);
 	if (!NT_STATUS_IS_OK(status)) goto failed;
 

source4/param/share_ldb.c

@@ -172,11 +172,11 @@ static NTSTATUS sldb_list_all(TALLOC_CTX *mem_ctx,
 	ldb = talloc_get_type(ctx->priv_data, struct ldb_context);
 
 	ret = ldb_search(ldb, ldb_dn_explode(tmp_ctx, "CN=SHARES"), LDB_SCOPE_SUBTREE, "(name=*)", NULL, &res);
+	talloc_steal(tmp_ctx, res);
 	if (ret != LDB_SUCCESS) {
 		talloc_free(tmp_ctx);
 		return NT_STATUS_BAD_NETWORK_NAME;
 	}
-	talloc_steal(tmp_ctx, res);
 
 	n = talloc_array(mem_ctx, const char *, res->count);
 	if (!n) {
@@ -228,11 +228,11 @@ static NTSTATUS sldb_get_config(TALLOC_CTX *mem_ctx,
 		return NT_STATUS_NO_MEMORY;
 	}
 	ret = ldb_search(ldb, ldb_dn_explode(tmp_ctx, "CN=SHARES"), LDB_SCOPE_SUBTREE, filter, NULL, &res);
+	talloc_steal(tmp_ctx, res);
 	if (ret != LDB_SUCCESS || res->count != 1) {
 		talloc_free(tmp_ctx);
 		return NT_STATUS_BAD_NETWORK_NAME;
 	}
-	talloc_steal(tmp_ctx, res);
 
 	s = talloc(tmp_ctx, struct share_config);
 	if (!s) {

source4/torture/ldap/schema.c

@@ -124,6 +124,7 @@ static BOOL test_search_rootDSE(struct ldb_context *ldb, struct test_rootDSE *ro
 	if (ret != LDB_SUCCESS) {
 		return False;
 	} else if (r->count != 1) {
+		talloc_free(r);
 		return False;
 	}