File 0022-AD-avoid-memory-leak-in-netlogon_get_domain_info-and.patch of Package sssd.33681
From 215237b6755520897dc6eac42aff1560309dbd89 Mon Sep 17 00:00:00 2001
From: Sumit Bose <sbose@redhat.com>
Date: Tue, 12 Jul 2016 13:16:43 +0200
Subject: [PATCH 1/4] AD: avoid memory leak in netlogon_get_domain_info() and
make it public
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
(cherry picked from commit 74bef2150c76c8814bf4c1654ecd3660604eb4e6)
---
src/providers/ad/ad_common.h | 6 ++++++
src/providers/ad/ad_domain_info.c | 29 ++++++++++++++++++++---------
2 files changed, 26 insertions(+), 9 deletions(-)
diff --git a/src/providers/ad/ad_common.h b/src/providers/ad/ad_common.h
index e2b62d735..3f1414f2b 100644
--- a/src/providers/ad/ad_common.h
+++ b/src/providers/ad/ad_common.h
@@ -187,4 +187,10 @@ int ad_autofs_init(struct be_ctx *be_ctx,
errno_t ad_machine_account_password_renewal_init(struct be_ctx *be_ctx,
struct ad_options *ad_opts);
+errno_t netlogon_get_domain_info(TALLOC_CTX *mem_ctx,
+ struct sysdb_attrs *reply,
+ char **_flat_name,
+ char **_site,
+ char **_forest);
+
#endif /* AD_COMMON_H_ */
diff --git a/src/providers/ad/ad_domain_info.c b/src/providers/ad/ad_domain_info.c
index 5f17ae542..a06379c26 100644
--- a/src/providers/ad/ad_domain_info.c
+++ b/src/providers/ad/ad_domain_info.c
@@ -35,12 +35,11 @@
#include "providers/ad/ad_common.h"
#include "util/util.h"
-static errno_t
-netlogon_get_domain_info(TALLOC_CTX *mem_ctx,
- struct sysdb_attrs *reply,
- char **_flat_name,
- char **_site,
- char **_forest)
+errno_t netlogon_get_domain_info(TALLOC_CTX *mem_ctx,
+ struct sysdb_attrs *reply,
+ char **_flat_name,
+ char **_site,
+ char **_forest)
{
errno_t ret;
struct ldb_message_element *el;
@@ -51,6 +50,7 @@ netlogon_get_domain_info(TALLOC_CTX *mem_ctx,
const char *flat_name;
const char *site;
const char *forest;
+ TALLOC_CTX *tmp_ctx;
ret = sysdb_attrs_get_el(reply, AD_AT_NETLOGON, &el);
if (ret != EOK) {
@@ -66,13 +66,24 @@ netlogon_get_domain_info(TALLOC_CTX *mem_ctx,
return EIO;
}
+ tmp_ctx = talloc_new(NULL);
+ if (tmp_ctx == NULL) {
+ DEBUG(SSSDBG_OP_FAILURE, "talloc_new failed.\n");
+ return ENOMEM;
+ }
+
blob.data = el->values[0].data;
blob.length = el->values[0].length;
- ndr_pull = ndr_pull_init_blob(&blob, mem_ctx);
+ /* The ndr_pull_* calls do not use ndr_pull as a talloc context to
+ * allocate memory but the second argument of ndr_pull_init_blob(). To
+ * make sure no memory is leaked here a temporary talloc context is
+ * needed. */
+ ndr_pull = ndr_pull_init_blob(&blob, tmp_ctx);
if (ndr_pull == NULL) {
DEBUG(SSSDBG_OP_FAILURE, "ndr_pull_init_blob() failed.\n");
- return ENOMEM;
+ ret = ENOMEM;
+ goto done;
}
ndr_err = ndr_pull_netlogon_samlogon_response(ndr_pull, NDR_SCALARS,
@@ -146,7 +157,7 @@ netlogon_get_domain_info(TALLOC_CTX *mem_ctx,
ret = EOK;
done:
- talloc_free(ndr_pull);
+ talloc_free(tmp_ctx);
return ret;
}
--
2.23.0
