diff options
author | Andrew Bartlett <abartlet@samba.org> | 2012-08-17 23:04:56 +1000 |
---|---|---|
committer | Andrew Bartlett <abartlet@samba.org> | 2012-08-17 18:24:09 +0200 |
commit | 2e1ab13f6ebb2c2cf746457d4783fe9bc5e86de0 (patch) | |
tree | 8d5f677fc4e480c9e505f20b6b05db4e34677ac5 /source4 | |
parent | 26bfe70def9905674c74bfe6f9d687b243af4891 (diff) | |
download | samba-2e1ab13f6ebb2c2cf746457d4783fe9bc5e86de0.tar.gz |
s4-dsdb: Use tmp_ctx in kccsrv_check_deleted to avoid leaking memory onto part->dn
The confusing use of do_dn as a memory context while legitimate
created a bug when it was copied and modified to search on a DN from
long-term state.
By always using a temporary memory context it is clear what paramter
is the memory context.
This was found based on a log provided by Ricky Nance
<ricky.nance@weaubleau.k12.mo.us>. Thanks Ricky!
Andrew Bartlett
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Fri Aug 17 18:24:10 CEST 2012 on sn-devel-104
Diffstat (limited to 'source4')
-rw-r--r-- | source4/dsdb/kcc/kcc_deleted.c | 17 |
1 files changed, 11 insertions, 6 deletions
diff --git a/source4/dsdb/kcc/kcc_deleted.c b/source4/dsdb/kcc/kcc_deleted.c index 0e1a42826c..63bb97c08d 100644 --- a/source4/dsdb/kcc/kcc_deleted.c +++ b/source4/dsdb/kcc/kcc_deleted.c @@ -83,30 +83,35 @@ NTSTATUS kccsrv_check_deleted(struct kccsrv_service *s, TALLOC_CTX *mem_ctx) struct ldb_result *res; const char *attrs[] = { "whenChanged", NULL }; unsigned int i; + TALLOC_CTX *tmp_ctx = talloc_new(mem_ctx); + if (!tmp_ctx) { + return NT_STATUS_NO_MEMORY; + } - ret = dsdb_get_deleted_objects_dn(s->samdb, mem_ctx, part->dn, &do_dn); + ret = dsdb_get_deleted_objects_dn(s->samdb, tmp_ctx, part->dn, &do_dn); if (ret != LDB_SUCCESS) { + TALLOC_FREE(tmp_ctx); /* some partitions have no Deleted Objects container */ continue; } if (!do_fs && ldb_dn_compare(ldb_get_config_basedn(s->samdb), part->dn)) { - ret = dsdb_search(s->samdb, do_dn, &res, do_dn, LDB_SCOPE_ONELEVEL, attrs, + ret = dsdb_search(s->samdb, tmp_ctx, &res, do_dn, LDB_SCOPE_ONELEVEL, attrs, DSDB_SEARCH_SHOW_RECYCLED, NULL); } else { if (do_fs) { DEBUG(1, ("Doing a full scan on %s and looking for deleted object\n", ldb_dn_get_linearized(part->dn))); } - ret = dsdb_search(s->samdb, part->dn, &res, part->dn, LDB_SCOPE_SUBTREE, attrs, + ret = dsdb_search(s->samdb, tmp_ctx, &res, part->dn, LDB_SCOPE_SUBTREE, attrs, DSDB_SEARCH_SHOW_RECYCLED, "(isDeleted=TRUE)"); } if (ret != LDB_SUCCESS) { DEBUG(1,(__location__ ": Failed to search for deleted objects in %s\n", - ldb_dn_get_linearized(do_dn))); - talloc_free(do_dn); + ldb_dn_get_linearized(do_dn))); + TALLOC_FREE(tmp_ctx); continue; } @@ -134,7 +139,7 @@ NTSTATUS kccsrv_check_deleted(struct kccsrv_service *s, TALLOC_CTX *mem_ctx) } } - talloc_free(do_dn); + TALLOC_FREE(tmp_ctx); } return NT_STATUS_OK; |