diff --git a/source3/auth/auth_util.c b/source3/auth/auth_util.c index e6ed83a79af..9a03e7fe13c 100644 --- a/source3/auth/auth_util.c +++ b/source3/auth/auth_util.c @@ -1236,6 +1236,7 @@ NTSTATUS make_server_info_info3(TALLOC_CTX *mem_ctx, info3->gids[i].g_rid)); SAFE_FREE(lgroupSIDs); + SAFE_FREE(all_group_SIDs); free_server_info(server_info); return nt_status; @@ -1264,6 +1265,7 @@ NTSTATUS make_server_info_info3(TALLOC_CTX *mem_ctx, if ( !NT_STATUS_IS_OK(nt_status) ) { DEBUG(4,("create_nt_user_token failed\n")); + SAFE_FREE(lgroupSIDs); SAFE_FREE(all_group_SIDs); free_server_info(server_info); return nt_status; @@ -1271,6 +1273,7 @@ NTSTATUS make_server_info_info3(TALLOC_CTX *mem_ctx, (*server_info)->ptok = token; + SAFE_FREE(lgroupSIDs); SAFE_FREE(all_group_SIDs); /* ensure we are never given NULL session keys */ diff --git a/source3/auth/auth_winbind.c b/source3/auth/auth_winbind.c index 0e2820313e3..4260a0e80b4 100644 --- a/source3/auth/auth_winbind.c +++ b/source3/auth/auth_winbind.c @@ -127,9 +127,7 @@ static NTSTATUS check_winbind_security(const struct auth_context *auth_context, if (result == NSS_STATUS_SUCCESS && response.extra_data) { if (NT_STATUS_IS_OK(nt_status)) { - - if (NT_STATUS_IS_OK(nt_status = get_info3_from_ndr(mem_ctx, &response, &info3))) - { + if (NT_STATUS_IS_OK(nt_status = get_info3_from_ndr(mem_ctx, &response, &info3))) { nt_status = make_server_info_info3(mem_ctx, user_info->internal_username.str, user_info->smb_name.str, user_info->domain.str, @@ -141,6 +139,7 @@ static NTSTATUS check_winbind_security(const struct auth_context *auth_context, nt_status = NT_STATUS_NO_LOGON_SERVERS; } + SAFE_FREE(response.extra_data); return nt_status; } diff --git a/source3/libsmb/trustdom_cache.c b/source3/libsmb/trustdom_cache.c index 0128d080062..e63acd18c4f 100644 --- a/source3/libsmb/trustdom_cache.c +++ b/source3/libsmb/trustdom_cache.c @@ -114,12 +114,14 @@ BOOL trustdom_cache_store(char* name, char* alt_name, const DOM_SID *sid, { char *key, *alt_key; fstring sid_string; + BOOL ret; /* * we use gecache call to avoid annoying debug messages * about initialised trustdom */ - if (!gencache_init()) return False; + if (!gencache_init()) + return False; DEBUG(5, ("trustdom_store: storing SID %s of domain %s\n", sid_string_static(sid), name)); @@ -134,11 +136,18 @@ BOOL trustdom_cache_store(char* name, char* alt_name, const DOM_SID *sid, * try to put the names in the cache */ if (alt_key) { - return (gencache_set(alt_key, sid_string, timeout) - && gencache_set(key, sid_string, timeout)); + ret = gencache_set(alt_key, sid_string, timeout); + if ( ret ) { + ret = gencache_set(key, sid_string, timeout); + } + SAFE_FREE(alt_key); + SAFE_FREE(key); + return ret; } - - return gencache_set(key, sid_string, timeout); + + ret = gencache_set(key, sid_string, timeout); + SAFE_FREE(key); + return ret; } @@ -155,22 +164,26 @@ BOOL trustdom_cache_store(char* name, char* alt_name, const DOM_SID *sid, BOOL trustdom_cache_fetch(const char* name, DOM_SID* sid) { - char *key, *value; + char *key = NULL, *value = NULL; time_t timeout; /* init the cache */ - if (!gencache_init()) return False; + if (!gencache_init()) + return False; /* exit now if null pointers were passed as they're required further */ - if (!sid) return False; + if (!sid) + return False; /* prepare a key and get the value */ key = trustdom_cache_key(name); - if (!key) return False; + if (!key) + return False; if (!gencache_get(key, &value, &timeout)) { DEBUG(5, ("no entry for trusted domain %s found.\n", name)); SAFE_FREE(key); + SAFE_FREE(value); return False; } else { SAFE_FREE(key); @@ -180,9 +193,11 @@ BOOL trustdom_cache_fetch(const char* name, DOM_SID* sid) /* convert ip string representation into in_addr structure */ if(! string_to_sid(sid, value)) { sid = NULL; + SAFE_FREE(value); return False; } + SAFE_FREE(value); return True; } @@ -193,7 +208,7 @@ BOOL trustdom_cache_fetch(const char* name, DOM_SID* sid) uint32 trustdom_cache_fetch_timestamp( void ) { - char *value; + char *value = NULL; time_t timeout; uint32 timestamp; @@ -203,11 +218,13 @@ uint32 trustdom_cache_fetch_timestamp( void ) if (!gencache_get(TDOMTSKEY, &value, &timeout)) { DEBUG(5, ("no timestamp for trusted domain cache located.\n")); + SAFE_FREE(value); return 0; } timestamp = atoi(value); + SAFE_FREE(value); return timestamp; } diff --git a/source3/param/loadparm.c b/source3/param/loadparm.c index 30fbc9713e1..b5bd14cdde2 100644 --- a/source3/param/loadparm.c +++ b/source3/param/loadparm.c @@ -1447,6 +1447,7 @@ static void init_globals(void) a large number of sites (tridge) */ Globals.bHostnameLookups = False; + str_list_free(&Globals.szPassdbBackend); #ifdef WITH_LDAP_SAMCONFIG string_set(&Globals.szLdapServer, "localhost"); Globals.ldap_port = 636; @@ -2517,6 +2518,7 @@ static void copy_service(service * pserviceDest, service * pserviceSource, BOOL strupper_m(*(char **)dest_ptr); break; case P_LIST: + str_list_free((char ***)dest_ptr); str_list_copy((char ***)dest_ptr, *(const char ***)src_ptr); break; default: @@ -2748,6 +2750,7 @@ static BOOL handle_netbios_scope(int snum, const char *pszParmValue, char **ptr) static BOOL handle_netbios_aliases(int snum, const char *pszParmValue, char **ptr) { + str_list_free(&Globals.szNetbiosAliases); Globals.szNetbiosAliases = str_list_make(pszParmValue, NULL); return set_netbios_aliases((const char **)Globals.szNetbiosAliases); } diff --git a/source3/rpc_server/srv_pipe_hnd.c b/source3/rpc_server/srv_pipe_hnd.c index 44fec78c505..ccf571a0e2c 100644 --- a/source3/rpc_server/srv_pipe_hnd.c +++ b/source3/rpc_server/srv_pipe_hnd.c @@ -1118,6 +1118,7 @@ static BOOL close_internal_rpc_pipe_hnd(void *np_conn) data_blob_free(&p->session_key); delete_nt_token(&p->pipe_user.nt_user_token); + data_blob_free(&p->session_key); SAFE_FREE(p->pipe_user.groups); DLIST_REMOVE(InternalPipes, p); diff --git a/source3/smbd/posix_acls.c b/source3/smbd/posix_acls.c index 158f1a0ede8..584164e9309 100644 --- a/source3/smbd/posix_acls.c +++ b/source3/smbd/posix_acls.c @@ -2110,8 +2110,10 @@ static canon_ace *canonicalise_acl( files_struct *fsp, SMB_ACL_T posix_acl, SMB_ * entries out of the blue when setting ACLs, so a get/set * cycle will drop them. */ - if (the_acl_type == SMB_ACL_TYPE_ACCESS && *puid == psbuf->st_uid) + if (the_acl_type == SMB_ACL_TYPE_ACCESS && *puid == psbuf->st_uid) { + SMB_VFS_SYS_ACL_FREE_QUALIFIER(conn, (void *)puid,tagtype); continue; + } uid_to_sid( &sid, *puid); unix_ug.uid = *puid; owner_type = UID_ACE; diff --git a/source3/smbd/sesssetup.c b/source3/smbd/sesssetup.c index 902db2d2886..8a56478929f 100644 --- a/source3/smbd/sesssetup.c +++ b/source3/smbd/sesssetup.c @@ -150,7 +150,7 @@ static int reply_spnego_kerberos(connection_struct *conn, DATA_BLOB auth_data; DATA_BLOB ap_rep, ap_rep_wrapped, response; auth_serversupplied_info *server_info = NULL; - DATA_BLOB session_key; + DATA_BLOB session_key = data_blob(NULL, 0); uint8 tok_id[2]; BOOL foreign = False; DATA_BLOB nullblob = data_blob(NULL, 0); @@ -183,6 +183,7 @@ static int reply_spnego_kerberos(connection_struct *conn, if (!p) { DEBUG(3,("Doesn't look like a valid principal\n")); data_blob_free(&ap_rep); + data_blob_free(&session_key); SAFE_FREE(client); return ERROR_NT(NT_STATUS_LOGON_FAILURE); } @@ -192,6 +193,7 @@ static int reply_spnego_kerberos(connection_struct *conn, DEBUG(3,("Ticket for foreign realm %s@%s\n", client, p+1)); if (!lp_allow_trusted_domains()) { data_blob_free(&ap_rep); + data_blob_free(&session_key); SAFE_FREE(client); return ERROR_NT(NT_STATUS_LOGON_FAILURE); } @@ -249,6 +251,7 @@ static int reply_spnego_kerberos(connection_struct *conn, SAFE_FREE(user); SAFE_FREE(client); data_blob_free(&ap_rep); + data_blob_free(&session_key); return ERROR_NT(NT_STATUS_LOGON_FAILURE); } @@ -263,6 +266,7 @@ static int reply_spnego_kerberos(connection_struct *conn, SAFE_FREE(user); SAFE_FREE(client); data_blob_free(&ap_rep); + data_blob_free(&session_key); return ERROR_NT(ret); } @@ -274,6 +278,8 @@ static int reply_spnego_kerberos(connection_struct *conn, } /* register_vuid keeps the server info */ + /* register_vuid takes ownership of session_key, no need to free after this. + A better interface would copy it.... */ sess_vuid = register_vuid(server_info, session_key, nullblob, client); SAFE_FREE(user);