From ed5cc1964883207d4224b19b1705e2d937f95b87 Mon Sep 17 00:00:00 2001
From: Stefan Metzmacher <metze@samba.org>
Date: Fri, 11 May 2018 06:43:14 +0200
Subject: [PATCH] s4:lsa_lookup: remove TALLOC_FREE(state) after all
 dcesrv_lsa_Lookup{Names,Sids}_base_map() calls

This completes the regression fix of commit 7e091e505156381e385235ab4518b4d133a98497.

There might be strings allocated on state, which are part of the
result.

The reason for the TALLOC_FREE(state) was to cleanup the possible
irpc_handle before leaving the function. Now we call
TALLOC_FREE(state->wb.irpc_handle) explicitly in
dcesrv_lsa_Lookup{Names,Sids}_base_done() instead.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13420

Signed-off-by: Stefan Metzmacher <metze@samba.org>
---
 source4/rpc_server/lsa/lsa_lookup.c | 8 ++------
 1 file changed, 2 insertions(+), 6 deletions(-)

diff --git a/source4/rpc_server/lsa/lsa_lookup.c b/source4/rpc_server/lsa/lsa_lookup.c
index f7d367e..7e28791 100644
--- a/source4/rpc_server/lsa/lsa_lookup.c
+++ b/source4/rpc_server/lsa/lsa_lookup.c
@@ -533,6 +533,7 @@ static void dcesrv_lsa_LookupSids_base_done(struct tevent_req *subreq)
 	status = dcerpc_lsa_LookupSids3_recv(subreq, state->mem_ctx,
 					     &state->wb.result);
 	TALLOC_FREE(subreq);
+	TALLOC_FREE(state->wb.irpc_handle);
 	if (NT_STATUS_EQUAL(status, NT_STATUS_IO_TIMEOUT)) {
 		DEBUG(0,(__location__ ": IRPC callback failed %s\n",
 			 nt_errstr(status)));
@@ -598,7 +599,6 @@ static void dcesrv_lsa_LookupSids_base_done(struct tevent_req *subreq)
  finished:
 	state->r.out.result = status;
 	dcesrv_lsa_LookupSids_base_map(state);
-	TALLOC_FREE(state);
 
 	status = dcesrv_reply(dce_call);
 	if (!NT_STATUS_IS_OK(status)) {
@@ -660,7 +660,6 @@ NTSTATUS dcesrv_lsa_LookupSids2(struct dcesrv_call_state *dce_call,
 
 	state->r.out.result = status;
 	dcesrv_lsa_LookupSids_base_map(state);
-	TALLOC_FREE(state);
 	return status;
 }
 
@@ -734,7 +733,6 @@ NTSTATUS dcesrv_lsa_LookupSids3(struct dcesrv_call_state *dce_call,
 
 	state->r.out.result = status;
 	dcesrv_lsa_LookupSids_base_map(state);
-	TALLOC_FREE(state);
 	return status;
 }
 
@@ -1155,6 +1153,7 @@ static void dcesrv_lsa_LookupNames_base_done(struct tevent_req *subreq)
 	status = dcerpc_lsa_LookupNames4_recv(subreq, state->mem_ctx,
 					      &state->wb.result);
 	TALLOC_FREE(subreq);
+	TALLOC_FREE(state->wb.irpc_handle);
 	if (NT_STATUS_EQUAL(status, NT_STATUS_IO_TIMEOUT)) {
 		DEBUG(0,(__location__ ": IRPC callback failed %s\n",
 			 nt_errstr(status)));
@@ -1220,7 +1219,6 @@ static void dcesrv_lsa_LookupNames_base_done(struct tevent_req *subreq)
  finished:
 	state->r.out.result = status;
 	dcesrv_lsa_LookupNames_base_map(state);
-	TALLOC_FREE(state);
 
 	status = dcesrv_reply(dce_call);
 	if (!NT_STATUS_IS_OK(status)) {
@@ -1433,7 +1431,6 @@ NTSTATUS dcesrv_lsa_LookupNames2(struct dcesrv_call_state *dce_call,
 
 	state->r.out.result = status;
 	dcesrv_lsa_LookupNames_base_map(state);
-	TALLOC_FREE(state);
 	return status;
 }
 
@@ -1504,7 +1501,6 @@ NTSTATUS dcesrv_lsa_LookupNames(struct dcesrv_call_state *dce_call, TALLOC_CTX *
 
 	state->r.out.result = status;
 	dcesrv_lsa_LookupNames_base_map(state);
-	TALLOC_FREE(state);
 	return status;
 }
 
-- 
1.9.1