[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SPU] samba upload fixing memory leaks (2:3.2.5-4lenny11)

In some situations (particularly when interdomain trust is involved),
samba 3.2.5, which we have in lenny, has memory leaks that can make
servers, in some setups, impossible to work properly, with smbd
processes gradually eating up all available memory.

This was reported in Debian as #538819 with severity important as this
potentially affects users in some quite common situations.
 
The problem was fixed in 3.4 series of samba, specifically 3.4.4 but
the fix applies to 3.2 series as well.

The fix has been confirmed effective by one of the people who followed
up in this bug report.

The patch is listed below.

I uploaded samba 2:3.2.5-4lenny11 to s-p-u and would appreciate if
this is included in the next point release.

PS: sorry for the two successive uploads in s-p-u. It happens that the
confirmation of the fix being successful arrived in an infortunate timing.

Goal: Fix some memleaks regarding trustdom passwords

Fixes: #538819

Status wrt upstream: Fixed in 3.4.4

Author: Volker Lendecke <vl@samba.org>

---
 source/passdb/pdb_ldap.c |   18 +++++++++++++++---
 1 files changed, 15 insertions(+), 3 deletions(-)

diff --git a/source/passdb/pdb_ldap.c b/source/passdb/pdb_ldap.c
index 9c135c1..7e6764e 100644
--- a/source/passdb/pdb_ldap.c
+++ b/source/passdb/pdb_ldap.c
@@ -5760,6 +5760,7 @@ static char *trusteddom_dn(struct ldapsam_privates *ldap_state,
 }
 
 static bool get_trusteddom_pw_int(struct ldapsam_privates *ldap_state,
+				  TALLOC_CTX *mem_ctx,
 				  const char *domain, LDAPMessage **entry)
 {
 	int rc;
@@ -5782,6 +5783,10 @@ static bool get_trusteddom_pw_int(struct ldapsam_privates *ldap_state,
 	rc = smbldap_search(ldap_state->smbldap_state, trusted_dn, scope,
 			    filter, attrs, attrsonly, &result);
 
+	if (result != NULL) {
+		talloc_autofree_ldapmsg(mem_ctx, result);
+	}
+
 	if (rc == LDAP_NO_SUCH_OBJECT) {
 		*entry = NULL;
 		return True;
@@ -5824,7 +5829,7 @@ static bool ldapsam_get_trusteddom_pw(struct pdb_methods *methods,
 
 	DEBUG(10, ("ldapsam_get_trusteddom_pw called for domain %s\n", domain));
 
-	if (!get_trusteddom_pw_int(ldap_state, domain, &entry) ||
+	if (!get_trusteddom_pw_int(ldap_state, talloc_tos(), domain, &entry) ||
 	    (entry == NULL))
 	{
 		return False;
@@ -5895,7 +5900,7 @@ static bool ldapsam_set_trusteddom_pw(struct pdb_methods *methods,
 	 * get the current entry (if there is one) in order to put the
 	 * current password into the previous password attribute
 	 */
-	if (!get_trusteddom_pw_int(ldap_state, domain, &entry)) {
+	if (!get_trusteddom_pw_int(ldap_state, talloc_tos(), domain, &entry)) {
 		return False;
 	}
 
@@ -5910,6 +5915,9 @@ static bool ldapsam_set_trusteddom_pw(struct pdb_methods *methods,
 			 talloc_asprintf(talloc_tos(), "%li", time(NULL)));
 	smbldap_make_mod(priv2ld(ldap_state), entry, &mods,
 			 "sambaClearTextPassword", pwd);
+
+	talloc_autofree_ldapmod(talloc_tos(), mods);
+
 	if (entry != NULL) {
 		prev_pwd = smbldap_talloc_single_attribute(priv2ld(ldap_state),
 				entry, "sambaClearTextPassword", talloc_tos());
@@ -5947,7 +5955,7 @@ static bool ldapsam_del_trusteddom_pw(struct pdb_methods *methods,
 	LDAPMessage *entry = NULL;
 	const char *trusted_dn;
 
-	if (!get_trusteddom_pw_int(ldap_state, domain, &entry)) {
+	if (!get_trusteddom_pw_int(ldap_state, talloc_tos(), domain, &entry)) {
 		return False;
 	}
 
@@ -5998,6 +6006,10 @@ static NTSTATUS ldapsam_enum_trusteddoms(struct pdb_methods *methods,
 			    attrsonly,
 			    &result);
 
+	if (result != NULL) {
+		talloc_autofree_ldapmsg(mem_ctx, result);
+	}
+
 	if (rc != LDAP_SUCCESS) {
 		return NT_STATUS_UNSUCCESSFUL;
 	}
-- 
1.6.0.4

Attachment: signature.asc
Description: Digital signature

Reply to: