From 00c05a4b01a18a0df3725abd9980cdf4b124d33d Mon Sep 17 00:00:00 2001
From: Andreas Schneider <asn@samba.org>
Date: Wed, 20 Feb 2013 09:11:48 +0100
Subject: [PATCH 01/10] s3-lsasd: Don't leak file descriptors. Reviewed-by:
 Alexander Bokovoy <ab@samba.org>

---
 source3/rpc_server/lsasd.c | 29 ++++++++++++++++++-----------
 1 file changed, 18 insertions(+), 11 deletions(-)

diff --git a/source3/rpc_server/lsasd.c b/source3/rpc_server/lsasd.c
index fd6c248..fc6823f 100644
--- a/source3/rpc_server/lsasd.c
+++ b/source3/rpc_server/lsasd.c
@@ -597,7 +597,7 @@ static bool lsasd_create_sockets(struct tevent_context *ev_ctx,
 	TALLOC_CTX *tmp_ctx;
 	NTSTATUS status;
 	uint32_t i;
-	int fd;
+	int fd = -1;
 	int rc;
 	bool ok = true;
 
@@ -640,8 +640,6 @@ static bool lsasd_create_sockets(struct tevent_context *ev_ctx,
 		ok = false;
 		goto done;
 	}
-	listen_fd[*listen_fd_size] = fd;
-	(*listen_fd_size)++;
 
 	rc = listen(fd, pf_lsasd_cfg.max_allowed_clients);
 	if (rc == -1) {
@@ -650,14 +648,14 @@ static bool lsasd_create_sockets(struct tevent_context *ev_ctx,
 		ok = false;
 		goto done;
 	}
+	listen_fd[*listen_fd_size] = fd;
+	(*listen_fd_size)++;
 
 	fd = create_named_pipe_socket("lsass");
 	if (fd < 0) {
 		ok = false;
 		goto done;
 	}
-	listen_fd[*listen_fd_size] = fd;
-	(*listen_fd_size)++;
 
 	rc = listen(fd, pf_lsasd_cfg.max_allowed_clients);
 	if (rc == -1) {
@@ -666,14 +664,14 @@ static bool lsasd_create_sockets(struct tevent_context *ev_ctx,
 		ok = false;
 		goto done;
 	}
+	listen_fd[*listen_fd_size] = fd;
+	(*listen_fd_size)++;
 
 	fd = create_dcerpc_ncalrpc_socket("lsarpc");
 	if (fd < 0) {
 		ok = false;
 		goto done;
 	}
-	listen_fd[*listen_fd_size] = fd;
-	(*listen_fd_size)++;
 
 	rc = listen(fd, pf_lsasd_cfg.max_allowed_clients);
 	if (rc == -1) {
@@ -682,6 +680,9 @@ static bool lsasd_create_sockets(struct tevent_context *ev_ctx,
 		ok = false;
 		goto done;
 	}
+	listen_fd[*listen_fd_size] = fd;
+	(*listen_fd_size)++;
+	fd = -1;
 
 	v = dcerpc_binding_vector_dup(tmp_ctx, v_orig);
 	if (v == NULL) {
@@ -734,8 +735,6 @@ static bool lsasd_create_sockets(struct tevent_context *ev_ctx,
 		ok = false;
 		goto done;
 	}
-	listen_fd[*listen_fd_size] = fd;
-	(*listen_fd_size)++;
 
 	rc = listen(fd, pf_lsasd_cfg.max_allowed_clients);
 	if (rc == -1) {
@@ -744,6 +743,9 @@ static bool lsasd_create_sockets(struct tevent_context *ev_ctx,
 		ok = false;
 		goto done;
 	}
+	listen_fd[*listen_fd_size] = fd;
+	(*listen_fd_size)++;
+	fd = -1;
 
 	v = dcerpc_binding_vector_dup(tmp_ctx, v_orig);
 	if (v == NULL) {
@@ -796,16 +798,18 @@ static bool lsasd_create_sockets(struct tevent_context *ev_ctx,
 		ok = false;
 		goto done;
 	}
-	listen_fd[*listen_fd_size] = fd;
-	(*listen_fd_size)++;
 
 	rc = listen(fd, pf_lsasd_cfg.max_allowed_clients);
 	if (rc == -1) {
 		DEBUG(0, ("Failed to listen on netlogon ncalrpc - %s\n",
 			  strerror(errno)));
+		close(fd);
 		ok = false;
 		goto done;
 	}
+	listen_fd[*listen_fd_size] = fd;
+	(*listen_fd_size)++;
+	fd = -1;
 
 	v = dcerpc_binding_vector_dup(tmp_ctx, v_orig);
 	if (v == NULL) {
@@ -837,6 +841,9 @@ static bool lsasd_create_sockets(struct tevent_context *ev_ctx,
 	}
 
 done:
+	if (fd != -1) {
+		close(fd);
+	}
 	talloc_free(tmp_ctx);
 	return ok;
 }
-- 
1.8.1.4


From 8d005350b2661faab96ebeec9bc2bd4c698c1390 Mon Sep 17 00:00:00 2001
From: Andreas Schneider <asn@samba.org>
Date: Wed, 20 Feb 2013 09:15:26 +0100
Subject: [PATCH 02/10] s3-param: Don't leak file descriptor. Reviewed-by:
 Alexander Bokovoy <ab@samba.org>

---
 source3/param/loadparm.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/source3/param/loadparm.c b/source3/param/loadparm.c
index 0e1b019..cbcab78 100644
--- a/source3/param/loadparm.c
+++ b/source3/param/loadparm.c
@@ -4399,6 +4399,7 @@ static int process_usershare_file(const char *dir_name, const char *file_name, i
 	/* This must be a regular file, not a symlink, directory or
 	   other strange filetype. */
 	if (!check_usershare_stat(fname, &sbuf)) {
+		close(fd);
 		goto out;
 	}
 
-- 
1.8.1.4


From a730face8716dad9aff01d26c41814e999d0978a Mon Sep 17 00:00:00 2001
From: Andreas Schneider <asn@samba.org>
Date: Wed, 20 Feb 2013 09:16:25 +0100
Subject: [PATCH 03/10] s3-vfs: Don't leak file descriptor. Reviewed-by:
 Alexander Bokovoy <ab@samba.org>

---
 source3/modules/vfs_aio_fork.c | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/source3/modules/vfs_aio_fork.c b/source3/modules/vfs_aio_fork.c
index 3db336f..0e7259b 100644
--- a/source3/modules/vfs_aio_fork.c
+++ b/source3/modules/vfs_aio_fork.c
@@ -68,13 +68,12 @@ static struct mmap_area *mmap_area_init(TALLOC_CTX *mem_ctx, size_t size)
 
 	result->ptr = mmap(NULL, size, PROT_READ|PROT_WRITE,
 			   MAP_SHARED|MAP_FILE, fd, 0);
+	close(fd);
 	if (result->ptr == MAP_FAILED) {
 		DEBUG(1, ("mmap failed: %s\n", strerror(errno)));
 		goto fail;
 	}
 
-	close(fd);
-
 	result->size = size;
 	talloc_set_destructor(result, mmap_area_destructor);
 
-- 
1.8.1.4


From f98f8ffd1e2a9e9edac79df66c2bd591204a12a8 Mon Sep 17 00:00:00 2001
From: Andreas Schneider <asn@samba.org>
Date: Wed, 20 Feb 2013 09:31:17 +0100
Subject: [PATCH 04/10] s3-smbd: Don't leak subcntarr array. Reviewed-by:
 Alexander Bokovoy <ab@samba.org>

---
 source3/smbd/lanman.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/source3/smbd/lanman.c b/source3/smbd/lanman.c
index d54e1d5..b5598a4 100644
--- a/source3/smbd/lanman.c
+++ b/source3/smbd/lanman.c
@@ -1159,8 +1159,8 @@ static bool api_DosPrintQEnum(struct smbd_server_connection *sconn,
 		}
 	}
 
-	SAFE_FREE(subcntarr);
  out:
+	SAFE_FREE(subcntarr);
 	*rdata_len = desc.usedlen;
 	*rparam_len = 8;
 	*rparam = smb_realloc_limit(*rparam,*rparam_len);
-- 
1.8.1.4


From 39fdd9e22c8b39da5325e4210c30867e57f932c9 Mon Sep 17 00:00:00 2001
From: Andreas Schneider <asn@samba.org>
Date: Wed, 20 Feb 2013 09:41:55 +0100
Subject: [PATCH 05/10] winbind: Don't leak memory on return. Reviewed-by:
 Alexander Bokovoy <ab@samba.org>

---
 source3/winbindd/winbindd_cm.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/source3/winbindd/winbindd_cm.c b/source3/winbindd/winbindd_cm.c
index 33eeb32..38c2f7d 100644
--- a/source3/winbindd/winbindd_cm.c
+++ b/source3/winbindd/winbindd_cm.c
@@ -1013,6 +1013,9 @@ static NTSTATUS cm_prepare_connection(const struct winbindd_domain *domain,
 	if ( !(*cli)->domain[0] ) {
 		result = cli_set_domain((*cli), domain->name);
 		if (!NT_STATUS_IS_OK(result)) {
+			SAFE_FREE(ipc_username);
+			SAFE_FREE(ipc_domain);
+			SAFE_FREE(ipc_password);
 			return result;
 		}
 	}
-- 
1.8.1.4


From dbea9de2027966d689c29e88d06ecbca25155aaa Mon Sep 17 00:00:00 2001
From: Andreas Schneider <asn@samba.org>
Date: Wed, 20 Feb 2013 09:51:43 +0100
Subject: [PATCH 06/10] winbind: Don't leak centry memory. Reviewed-by:
 Alexander Bokovoy <ab@samba.org>

---
 source3/winbindd/winbindd_cache.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/source3/winbindd/winbindd_cache.c b/source3/winbindd/winbindd_cache.c
index 517a302..6ae46db 100644
--- a/source3/winbindd/winbindd_cache.c
+++ b/source3/winbindd/winbindd_cache.c
@@ -2140,6 +2140,7 @@ static NTSTATUS rids_to_names(struct winbindd_domain *domain,
 				} else {
 					/* something's definitely wrong */
 					result = centry->status;
+					centry_free(centry);
 					goto error;
 				}
 
-- 
1.8.1.4


From 1dd4869e601d6bf29675750456c94e05d1bd7021 Mon Sep 17 00:00:00 2001
From: Andreas Schneider <asn@samba.org>
Date: Wed, 20 Feb 2013 10:38:13 +0100
Subject: [PATCH 07/10] s3-libsmb: Don't leak memory on error. Reviewed-by:
 Alexander Bokovoy <ab@samba.org>

---
 source3/libsmb/libsmb_server.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/source3/libsmb/libsmb_server.c b/source3/libsmb/libsmb_server.c
index 99aa74c..3f86d50 100644
--- a/source3/libsmb/libsmb_server.c
+++ b/source3/libsmb/libsmb_server.c
@@ -812,6 +812,7 @@ SMBC_attr_server(TALLOC_CTX *ctx,
                 if (!NT_STATUS_IS_OK(nt_status)) {
                         errno = SMBC_errno(context, ipc_srv->cli);
                         cli_shutdown(ipc_srv->cli);
+                        free(ipc_srv);
                         return NULL;
                 }
 
-- 
1.8.1.4


From 4c34dda9e406d1c29a6dd60ec912bb0dbcf95f0a Mon Sep 17 00:00:00 2001
From: Andreas Schneider <asn@samba.org>
Date: Wed, 20 Feb 2013 10:45:06 +0100
Subject: [PATCH 08/10] s3-vfs: Don't leak file descriptor on error.
 Reviewed-by: Alexander Bokovoy <ab@samba.org>

---
 source3/modules/vfs_crossrename.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/source3/modules/vfs_crossrename.c b/source3/modules/vfs_crossrename.c
index 19a182c..9bb42b9 100644
--- a/source3/modules/vfs_crossrename.c
+++ b/source3/modules/vfs_crossrename.c
@@ -73,8 +73,10 @@ static int copy_reg(const char *source, const char *dest)
 	if((ifd = open (source, O_RDONLY, 0)) < 0)
 		return -1;
 
-	if (unlink (dest) && errno != ENOENT)
+	if (unlink (dest) && errno != ENOENT) {
+		close(ifd);
 		return -1;
+	}
 
 #ifdef O_NOFOLLOW
 	if((ofd = open (dest, O_WRONLY | O_CREAT | O_TRUNC | O_NOFOLLOW, 0600)) < 0 )
-- 
1.8.1.4


From 5ae1b6c8b9aa46ceabd8d47c4ffda866af8df1e5 Mon Sep 17 00:00:00 2001
From: Andreas Schneider <asn@samba.org>
Date: Wed, 20 Feb 2013 10:48:05 +0100
Subject: [PATCH 09/10] lib-util: Don't leak file descriptor on error.
 Reviewed-by: Alexander Bokovoy <ab@samba.org>

---
 lib/util/become_daemon.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/lib/util/become_daemon.c b/lib/util/become_daemon.c
index 373927c..2ca0478 100644
--- a/lib/util/become_daemon.c
+++ b/lib/util/become_daemon.c
@@ -62,6 +62,7 @@ _PUBLIC_ void close_low_fds(bool stdin_too, bool stdout_too, bool stderr_too)
 		}
 		if (fd != i) {
 			DEBUG(0,("Didn't get file descriptor %d\n",i));
+			close(fd);
 			return;
 		}
 	}
-- 
1.8.1.4


From 40cc5d052a4f414b7fb91eb769524cd731f3cb98 Mon Sep 17 00:00:00 2001
From: Andreas Schneider <asn@samba.org>
Date: Wed, 20 Feb 2013 10:52:37 +0100
Subject: [PATCH 10/10] s3-rpc_server: Make sure that fd is really closed on
 error. Reviewed-by: Alexander Bokovoy <ab@samba.org>

---
 source3/rpc_server/rpc_sock_helper.c | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/source3/rpc_server/rpc_sock_helper.c b/source3/rpc_server/rpc_sock_helper.c
index 198df90..dc88f25 100644
--- a/source3/rpc_server/rpc_sock_helper.c
+++ b/source3/rpc_server/rpc_sock_helper.c
@@ -63,6 +63,9 @@ NTSTATUS rpc_create_tcpip_sockets(const struct ndr_interface_table *iface,
 			fd = create_tcpip_socket(ifss, &p);
 			if (fd < 0 || p == 0) {
 				status = NT_STATUS_UNSUCCESSFUL;
+				if (fd != -1) {
+					close(fd);
+				}
 				goto done;
 			}
 			listen_fd[*listen_fd_size] = fd;
@@ -124,6 +127,9 @@ NTSTATUS rpc_create_tcpip_sockets(const struct ndr_interface_table *iface,
 			fd = create_tcpip_socket(&ss, &p);
 			if (fd < 0 || p == 0) {
 				status = NT_STATUS_UNSUCCESSFUL;
+				if (fd != -1) {
+					close(fd);
+				}
 				goto done;
 			}
 			listen_fd[*listen_fd_size] = fd;
-- 
1.8.1.4