[Patch] rpc_pipe_client memory leaks due to long term memory context passed to rpc_pipe_open_interface (bug #12890)

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

[Patch] rpc_pipe_client memory leaks due to long term memory context passed to rpc_pipe_open_interface (bug #12890)

Samba - samba-technical mailing list
Hi,

here's a patch that avoids memory leaks of rpc_pipe_open_interface()
in source3/smbd/lanman.c and source3/smbd/reply.c. We need to use
talloc_tos() memory instead of a long term memory context as
'connection_struct'.

We already have this in some places, but some where left...

There's a similar bug https://bugzilla.samba.org/show_bug.cgi?id=12892,
but that's something real printing experts should have a look at.

Please review and push:-)

Thanks!
metze

tmp.diff.txt (5K) Download Attachment
signature.asc (853 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: [Patch] rpc_pipe_client memory leaks due to long term memory context passed to rpc_pipe_open_interface (bug #12890)

Samba - samba-technical mailing list
On Mon, Jul 10, 2017 at 12:46:25PM +0200, Stefan Metzmacher via samba-technical wrote:

> Hi,
>
> here's a patch that avoids memory leaks of rpc_pipe_open_interface()
> in source3/smbd/lanman.c and source3/smbd/reply.c. We need to use
> talloc_tos() memory instead of a long term memory context as
> 'connection_struct'.
>
> We already have this in some places, but some where left...
>
> There's a similar bug https://bugzilla.samba.org/show_bug.cgi?id=12892,
> but that's something real printing experts should have a look at.
>
> Please review and push:-)

Reviewed and pushed. Obviously correct, thanks !


> From dd39d1a090d3094fb1eb009da0a8a3ebbb584870 Mon Sep 17 00:00:00 2001
> From: Stefan Metzmacher <[hidden email]>
> Date: Mon, 10 Jul 2017 11:29:58 +0200
> Subject: [PATCH] s3:smbd: consistently use talloc_tos() memory for
>  rpc_pipe_open_interface()
>
> The result is only used temporary and should not be leaked on a long term
> memory context as 'conn'.
>
> BUG: https://bugzilla.samba.org/show_bug.cgi?id=12890
>
> Signed-off-by: Stefan Metzmacher <[hidden email]>
> ---
>  source3/smbd/lanman.c | 20 ++++++++++----------
>  source3/smbd/reply.c  |  2 +-
>  2 files changed, 11 insertions(+), 11 deletions(-)
>
> diff --git a/source3/smbd/lanman.c b/source3/smbd/lanman.c
> index c3e540f..6854527 100644
> --- a/source3/smbd/lanman.c
> +++ b/source3/smbd/lanman.c
> @@ -831,7 +831,7 @@ static bool api_DosPrintQGetInfo(struct smbd_server_connection *sconn,
>   goto out;
>   }
>  
> - status = rpc_pipe_open_interface(conn,
> + status = rpc_pipe_open_interface(mem_ctx,
>   &ndr_table_spoolss,
>   conn->session_info,
>   conn->sconn->remote_address,
> @@ -1029,7 +1029,7 @@ static bool api_DosPrintQEnum(struct smbd_server_connection *sconn,
>   return(True);
>   }
>  
> - status = rpc_pipe_open_interface(conn,
> + status = rpc_pipe_open_interface(mem_ctx,
>   &ndr_table_spoolss,
>   conn->session_info,
>   conn->sconn->remote_address,
> @@ -3144,7 +3144,7 @@ static bool api_RDosPrintJobDel(struct smbd_server_connection *sconn,
>  
>   ZERO_STRUCT(handle);
>  
> - status = rpc_pipe_open_interface(conn,
> + status = rpc_pipe_open_interface(mem_ctx,
>   &ndr_table_spoolss,
>   conn->session_info,
>   conn->sconn->remote_address,
> @@ -3273,7 +3273,7 @@ static bool api_WPrintQueueCtrl(struct smbd_server_connection *sconn,
>  
>   ZERO_STRUCT(handle);
>  
> - status = rpc_pipe_open_interface(conn,
> + status = rpc_pipe_open_interface(mem_ctx,
>   &ndr_table_spoolss,
>   conn->session_info,
>   conn->sconn->remote_address,
> @@ -3456,7 +3456,7 @@ static bool api_PrintJobInfo(struct smbd_server_connection *sconn,
>  
>   ZERO_STRUCT(handle);
>  
> - status = rpc_pipe_open_interface(conn,
> + status = rpc_pipe_open_interface(mem_ctx,
>   &ndr_table_spoolss,
>   conn->session_info,
>   conn->sconn->remote_address,
> @@ -4601,7 +4601,7 @@ static bool api_WPrintJobGetInfo(struct smbd_server_connection *sconn,
>  
>   ZERO_STRUCT(handle);
>  
> - status = rpc_pipe_open_interface(conn,
> + status = rpc_pipe_open_interface(mem_ctx,
>   &ndr_table_spoolss,
>   conn->session_info,
>   conn->sconn->remote_address,
> @@ -4744,7 +4744,7 @@ static bool api_WPrintJobEnumerate(struct smbd_server_connection *sconn,
>  
>   ZERO_STRUCT(handle);
>  
> - status = rpc_pipe_open_interface(conn,
> + status = rpc_pipe_open_interface(mem_ctx,
>   &ndr_table_spoolss,
>   conn->session_info,
>   conn->sconn->remote_address,
> @@ -4945,7 +4945,7 @@ static bool api_WPrintDestGetInfo(struct smbd_server_connection *sconn,
>  
>   ZERO_STRUCT(handle);
>  
> - status = rpc_pipe_open_interface(conn,
> + status = rpc_pipe_open_interface(mem_ctx,
>   &ndr_table_spoolss,
>   conn->session_info,
>   conn->sconn->remote_address,
> @@ -5078,7 +5078,7 @@ static bool api_WPrintDestEnum(struct smbd_server_connection *sconn,
>  
>   queuecnt = 0;
>  
> - status = rpc_pipe_open_interface(conn,
> + status = rpc_pipe_open_interface(mem_ctx,
>   &ndr_table_spoolss,
>   conn->session_info,
>   conn->sconn->remote_address,
> @@ -5390,7 +5390,7 @@ static bool api_RNetSessionEnum(struct smbd_server_connection *sconn,
>   return False;
>   }
>  
> - status = rpc_pipe_open_interface(conn,
> + status = rpc_pipe_open_interface(mem_ctx,
>   &ndr_table_srvsvc,
>   conn->session_info,
>   conn->sconn->remote_address,
> diff --git a/source3/smbd/reply.c b/source3/smbd/reply.c
> index e430a8e..d102b7a 100644
> --- a/source3/smbd/reply.c
> +++ b/source3/smbd/reply.c
> @@ -5942,7 +5942,7 @@ void reply_printqueue(struct smb_request *req)
>  
>   ZERO_STRUCT(handle);
>  
> - status = rpc_pipe_open_interface(conn,
> + status = rpc_pipe_open_interface(mem_ctx,
>   &ndr_table_spoolss,
>   conn->session_info,
>   conn->sconn->remote_address,
> --
> 1.9.1
>





Loading...