From 7ab7d5926fb35a8e125bcc44db7c37283e5b8d72 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Tue, 25 Sep 2012 01:09:55 +0200 Subject: [PATCH 1/4] s4:rpc_server/drsuapi: fix a crash in dcesrv_drsuapi_DsGetDomainControllerInfo_1() metze --- source4/rpc_server/drsuapi/dcesrv_drsuapi.c | 12 ++++++------ 1 files changed, 6 insertions(+), 6 deletions(-) diff --git a/source4/rpc_server/drsuapi/dcesrv_drsuapi.c b/source4/rpc_server/drsuapi/dcesrv_drsuapi.c index c7b7976..f09c447 100644 --- a/source4/rpc_server/drsuapi/dcesrv_drsuapi.c +++ b/source4/rpc_server/drsuapi/dcesrv_drsuapi.c @@ -577,14 +577,9 @@ static WERROR dcesrv_drsuapi_DsGetDomainControllerInfo_1(struct drsuapi_bind_sta unsigned int i; *r->out.level_out = r->in.req->req1.level; - r->out.ctr = talloc(mem_ctx, union drsuapi_DsGetDCInfoCtr); + r->out.ctr = talloc_zero(mem_ctx, union drsuapi_DsGetDCInfoCtr); W_ERROR_HAVE_NO_MEMORY(r->out.ctr); - sites_dn = samdb_sites_dn(b_state->sam_ctx, mem_ctx); - if (!sites_dn) { - return WERR_DS_OBJ_NOT_FOUND; - } - switch (*r->out.level_out) { case -1: /* this level is not like the others */ @@ -599,6 +594,11 @@ static WERROR dcesrv_drsuapi_DsGetDomainControllerInfo_1(struct drsuapi_bind_sta return WERR_UNKNOWN_LEVEL; } + sites_dn = samdb_sites_dn(b_state->sam_ctx, mem_ctx); + if (!sites_dn) { + return WERR_DS_OBJ_NOT_FOUND; + } + ret = ldb_search(b_state->sam_ctx, mem_ctx, &res, sites_dn, LDB_SCOPE_SUBTREE, attrs, "objectClass=server"); -- 1.7.7 From 3d635a6e31440bab20a34aa8f56a98886382abbf Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Tue, 25 Sep 2012 01:13:12 +0200 Subject: [PATCH 2/4] s4:rpc_server/drsuapi: use talloc_zero instead of talloc() in dcesrv_drsuapi_DsBind() metze Autobuild-User(master): Stefan Metzmacher Autobuild-Date(master): Tue Sep 25 03:06:13 CEST 2012 on sn-devel-104 --- source4/rpc_server/drsuapi/dcesrv_drsuapi.c | 2 +- 1 files changed, 1 insertions(+), 1 deletions(-) diff --git a/source4/rpc_server/drsuapi/dcesrv_drsuapi.c b/source4/rpc_server/drsuapi/dcesrv_drsuapi.c index f09c447..f5d5df5 100644 --- a/source4/rpc_server/drsuapi/dcesrv_drsuapi.c +++ b/source4/rpc_server/drsuapi/dcesrv_drsuapi.c @@ -220,7 +220,7 @@ static WERROR dcesrv_drsuapi_DsBind(struct dcesrv_call_state *dce_call, TALLOC_C /* * allocate the return bind_info */ - bind_info = talloc(mem_ctx, struct drsuapi_DsBindInfoCtr); + bind_info = talloc_zero(mem_ctx, struct drsuapi_DsBindInfoCtr); W_ERROR_HAVE_NO_MEMORY(bind_info); bind_info->length = 28; -- 1.7.7 From 61ef147503ea3a65c34ebd8fec7461a743689fe0 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Tue, 25 Sep 2012 10:41:05 +1000 Subject: [PATCH 3/4] client: Fix talloc_stackframe() free order assertion in developer mode Reported-by: Ricky Nance --- source3/client/client.c | 1 + 1 files changed, 1 insertions(+), 0 deletions(-) diff --git a/source3/client/client.c b/source3/client/client.c index 1ee9856..ab0e77f 100644 --- a/source3/client/client.c +++ b/source3/client/client.c @@ -4970,6 +4970,7 @@ static char **remote_completion(const char *text, int len) info.matches[0] = SMB_STRNDUP(info.matches[1], info.samelen); info.matches[info.count] = NULL; + TALLOC_FREE(ctx); return info.matches; cleanup: -- 1.7.7 From c6d17b1cd2ffe775f4a5983f03178adfa4194fa5 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Mon, 5 Nov 2012 09:46:49 +1100 Subject: [PATCH 4/4] libads: Always free the talloc_stackframe() on error path Reviewed-by: Michael Adam Autobuild-User(master): Andrew Bartlett Autobuild-Date(master): Mon Nov 5 03:33:32 CET 2012 on sn-devel-104 (cherry picked from commit 71e1c080cbd033b3118952c2da05186252fc411a) --- source3/libads/kerberos.c | 1 + 1 files changed, 1 insertions(+), 0 deletions(-) diff --git a/source3/libads/kerberos.c b/source3/libads/kerberos.c index 3183e26..50a409c 100644 --- a/source3/libads/kerberos.c +++ b/source3/libads/kerberos.c @@ -701,6 +701,7 @@ static char *get_kdc_ip_string(char *mem_ctx, char *kdc_str = print_kdc_line(mem_ctx, "", pss, kdc_name); if (kdc_str == NULL) { + TALLOC_FREE(frame); return NULL; } -- 1.7.7