14441 – Do we miss free in lib/util/util_paths.c?

Bug 14441 - Do we miss free in lib/util/util_paths.c?

Summary: Do we miss free in lib/util/util_paths.c?

Status:	RESOLVED FIXED

Alias:	None

Product:	Samba 4.1 and newer
Classification:	Unclassified
Component:	Other (show other bugs)
Version:	unspecified
Hardware:	All All

Importance:	P5 normal (vote)
Target Milestone:	---
Assignee:	Samba QA Contact
QA Contact:	Samba QA Contact

URL:
Keywords:

Depends on:
Blocks:

Reported:	2020-07-13 13:46 UTC by Alexander Pyhalov
Modified:	2022-09-07 00:25 UTC (History)
CC List:	0 users

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Alexander Pyhalov 2020-07-13 13:46:56 UTC

Commit https://github.com/samba-team/samba/commit/847208cd8ac68c4c7d1dae63767820db1c69292b introduced the following code in lib/util/util_paths.c:


        buf = talloc_size(mem_ctx, len);
	if (buf == NULL) {
		return NULL;
	}

	rc = getpwuid_r(getuid(), &pwd, buf, len, &pwdbuf);
	if (rc != 0 || pwdbuf == NULL ) {
		const char *szPath = getenv("HOME");
		if (szPath == NULL) {
			goto done;
		}
		len = strnlen(szPath, PATH_MAX);
		if (len >= PATH_MAX) {
			return NULL;
		}
		out = talloc_strdup(mem_ctx, szPath);
		goto done;
	}

	out = talloc_strdup(mem_ctx, pwd.pw_dir);
done:
	TALLOC_FREE(buf);
	return out;


Should lines 

                if (len >= PATH_MAX) {
			return NULL;
		}

Look like 

                if (len >= PATH_MAX) {
			goto done;
		}
		
		
Or we can forget to free buf?

Comment 1 Jeremy Allison 2020-07-13 17:09:29 UTC

Yes, that looks correct - thanks !

Comment 2 Jo Sutton 2022-09-07 00:25:15 UTC

Fixed in Samba 4.14 with aa4d135710e0fdcf92f522b3c6228717105c0775.