libcli/security: use talloc_free at the end of sub-tests

Memory should be free by talloc_free() if it is allocated using talloc_new()

Signed-off-by: Rabinarayan Panigrahi <rapanigr@redhat.com>
Reviewed-by: Anoop C S <anoopcs@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Autobuild-User(master): Anoop C S <anoopcs@samba.org>
Autobuild-Date(master): Thu Aug  7 09:02:29 UTC 2025 on atb-devel-224

diff --git a/libcli/security/tests/test_run_conditional_ace.c b/libcli/security/tests/test_run_conditional_ace.c
index dc02e33859461ca134dd8aacfca1357aff8af5cf..70fe78c53526d48397dc6a5d2411a2d40d966f79 100644 (file)
--- a/libcli/security/tests/test_run_conditional_ace.c
+++ b/libcli/security/tests/test_run_conditional_ace.c
@@ -153,6 +153,7 @@ static void test_device_claims_composite(void **state)
        assert_non_null(sd);
        status = se_access_check(sd, &token, 0x10, &access_granted);
        assert_ntstatus_equal(status, NT_STATUS_OK, "access check failed\n");
+       TALLOC_FREE(mem_ctx);
 }
 
 
@@ -228,7 +229,8 @@ static bool fill_sd(TALLOC_CTX *mem_ctx,
        };                                                      \
        struct security_descriptor *sd = NULL;
 
-
+#define DEINIT()                                               \
+       TALLOC_FREE(mem_ctx);
 
 static void test_composite_different_order(void **state)
 {
@@ -240,6 +242,7 @@ static void test_composite_different_order(void **state)
         * Claim arrays are sets, so we assume conditional ACE ones are too.
         */
        ALLOW_CHECK(0x10);
+       DEINIT()
 }
 
 static void test_composite_different_order_with_dupes(void **state)
@@ -249,6 +252,7 @@ static void test_composite_different_order_with_dupes(void **state)
        USER_SIDS("WD", "AA");
        DEVICE_CLAIMS("colour", "{\"orange\", \"blue\", \"orange\"}");
        DENY_CHECK(0x10);
+       DEINIT()
 }
 
 static void test_composite_different_order_with_dupes_in_composite(void **state)
@@ -258,6 +262,7 @@ static void test_composite_different_order_with_dupes_in_composite(void **state)
        USER_SIDS("WD", "AA");
        DEVICE_CLAIMS("colour", "{\"orange\", \"blue\"}");
        ALLOW_CHECK(0x10);
+       DEINIT()
 }
 
 static void test_composite_different_order_with_SID_dupes(void **state)
@@ -267,6 +272,7 @@ static void test_composite_different_order_with_SID_dupes(void **state)
        USER_SIDS("WD", "AA");
        DEVICE_CLAIMS("colour", "{SID(AA), SID(AA), SID(WD)}");
        DENY_CHECK(0x10);
+       DEINIT()
 }
 
 static void test_composite_different_order_with_SID_dupes_in_composite(void **state)
@@ -276,6 +282,7 @@ static void test_composite_different_order_with_SID_dupes_in_composite(void **st
        USER_SIDS("WD", "AA");
        DEVICE_CLAIMS("colour", "{SID(AA), SID(WD)}");
        ALLOW_CHECK(0x10);
+       DEINIT()
 }
 
 static void test_composite_mixed_types(void **state)
@@ -289,6 +296,7 @@ static void test_composite_mixed_types(void **state)
        USER_SIDS("WD", "AA");
        DEVICE_CLAIMS("colour", "{SID(AA), SID(WD)}");
        DENY_CHECK(0x10);
+       DEINIT()
 }
 
 static void test_composite_mixed_types_different_last(void **state)
@@ -302,6 +310,7 @@ static void test_composite_mixed_types_different_last(void **state)
        USER_SIDS("WD", "AA");
        DEVICE_CLAIMS("colour", "{SID(AA), SID(WD)}");
        DENY_CHECK(0x10);
+       DEINIT()
 }
 
 static void test_composite_mixed_types_deny(void **state)
@@ -316,6 +325,7 @@ static void test_composite_mixed_types_deny(void **state)
        USER_SIDS("WD", "AA");
        DEVICE_CLAIMS("colour", "{SID(AA), SID(WD)}");
        DENY_CHECK(0x10);
+       DEINIT()
 }
 
 static void test_different_case(void **state)
@@ -325,6 +335,7 @@ static void test_different_case(void **state)
        USER_SIDS("WD", "AA");
        DEVICE_CLAIMS("colour", "{\"orange\", \"blue\"}");
        ALLOW_CHECK(0x10);
+       DEINIT()
 }
 
 static void test_different_case_with_case_sensitive_flag(void **state)
@@ -336,6 +347,7 @@ static void test_different_case_with_case_sensitive_flag(void **state)
        /* set the flag bit */
        token.device_claims[0].flags = CLAIM_SECURITY_ATTRIBUTE_VALUE_CASE_SENSITIVE;
        DENY_CHECK(0x10);
+       DEINIT()
 }
 
 
@@ -346,6 +358,7 @@ static void test_claim_name_different_case(void **state)
        USER_SIDS("WD", "AA");
        DEVICE_CLAIMS("colour", "{\"orange\", \"blue\"}");
        ALLOW_CHECK(0x10);
+       DEINIT()
 }
 
 static void test_claim_name_different_case_case_flag(void **state)
@@ -359,6 +372,7 @@ static void test_claim_name_different_case_case_flag(void **state)
         */
        token.device_claims[0].flags = CLAIM_SECURITY_ATTRIBUTE_VALUE_CASE_SENSITIVE;
        ALLOW_CHECK(0x10);
+       DEINIT()
 }
 
 static void test_more_values_not_equal(void **state)
@@ -368,6 +382,7 @@ static void test_more_values_not_equal(void **state)
        USER_SIDS("WD", "AA");
        DEVICE_CLAIMS("colour", "{\"orange\", \"blue\"}");
        ALLOW_CHECK(0x10);
+       DEINIT()
 }
 
 static void test_contains(void **state)
@@ -377,6 +392,7 @@ static void test_contains(void **state)
        USER_SIDS("WD", "AA");
        DEVICE_CLAIMS("colour", "{\"orange\", \"blue\"}");
        ALLOW_CHECK(0x10);
+       DEINIT()
 }
 
 static void test_contains_incomplete(void **state)
@@ -386,6 +402,7 @@ static void test_contains_incomplete(void **state)
        USER_SIDS("WD", "AA");
        DEVICE_CLAIMS("colour", "{\"orange\", \"blue\"}");
        DENY_CHECK(0x10);
+       DEINIT()
 }
 
 static void test_any_of(void **state)
@@ -395,6 +412,7 @@ static void test_any_of(void **state)
        USER_SIDS("WD", "AA");
        DEVICE_CLAIMS("colour", "{\"orange\", \"blue\"}");
        ALLOW_CHECK(0x10);
+       DEINIT()
 }
 
 static void test_any_of_match_last(void **state)
@@ -404,6 +422,7 @@ static void test_any_of_match_last(void **state)
        USER_SIDS("WD", "AA");
        DEVICE_CLAIMS("colour", "{\"orange\", \"blue\"}");
        ALLOW_CHECK(0x10);
+       DEINIT()
 }
 
 static void test_any_of_1(void **state)
@@ -413,6 +432,7 @@ static void test_any_of_1(void **state)
        USER_SIDS("WD", "AA");
        DEVICE_CLAIMS("colour", "{\"orange\", \"blue\"}");
        ALLOW_CHECK(0x10);
+       DEINIT()
 }
 
 static void test_contains_1(void **state)
@@ -422,6 +442,7 @@ static void test_contains_1(void **state)
        USER_SIDS("WD", "AA");
        DEVICE_CLAIMS("colour", "{\"orange\", \"blue\"}");
        ALLOW_CHECK(0x10);
+       DEINIT()
 }
 
 static void test_contains_1_fail(void **state)
@@ -431,6 +452,7 @@ static void test_contains_1_fail(void **state)
        USER_SIDS("WD", "AA");
        DEVICE_CLAIMS("colour", "{\"orange\", \"blue\"}");
        DENY_CHECK(0x10);
+       DEINIT()
 }
 
 static void test_any_of_1_fail(void **state)
@@ -440,6 +462,7 @@ static void test_any_of_1_fail(void **state)
        USER_SIDS("WD", "AA");
        DEVICE_CLAIMS("colour", "{\"orange\", \"blue\"}");
        DENY_CHECK(0x10);
+       DEINIT()
 }
 
 
@@ -450,6 +473,7 @@ static void test_not_any_of_1_fail(void **state)
        USER_SIDS("WD", "AA");
        DEVICE_CLAIMS("colour", "{\"orange\", \"blue\"}");
        DENY_CHECK(0x10);
+       DEINIT()
 }
 
 static void test_not_any_of_composite_1(void **state)
@@ -459,6 +483,7 @@ static void test_not_any_of_composite_1(void **state)
        USER_SIDS("WD", "AA");
        DEVICE_CLAIMS("colour", "{\"orange\", \"blue\"}");
        DENY_CHECK(0x10);
+       DEINIT()
 }
 
 static void test_not_contains_1_fail(void **state)
@@ -468,6 +493,7 @@ static void test_not_contains_1_fail(void **state)
        USER_SIDS("WD", "AA");
        DEVICE_CLAIMS("colour", "{\"orange\", \"blue\"}");
        DENY_CHECK(0x10);
+       DEINIT()
 }
 
 static void test_not_contains_1(void **state)
@@ -477,6 +503,7 @@ static void test_not_contains_1(void **state)
        USER_SIDS("WD", "AA");
        DEVICE_CLAIMS("colour", "{\"orange\", \"blue\"}");
        ALLOW_CHECK(0x10);
+       DEINIT()
 }
 
 static void test_not_any_of_1(void **state)
@@ -486,6 +513,7 @@ static void test_not_any_of_1(void **state)
        USER_SIDS("WD", "AA");
        DEVICE_CLAIMS("colour", "{\"orange\", \"blue\"}");
        ALLOW_CHECK(0x10);
+       DEINIT()
 }
 
 static void test_not_Not_Any_of_1(void **state)
@@ -495,6 +523,7 @@ static void test_not_Not_Any_of_1(void **state)
        USER_SIDS("WD", "AA");
        DEVICE_CLAIMS("colour", "{\"orange\", \"blue\"}");
        DENY_CHECK(0x10);
+       DEINIT()
 }
 
 static void test_not_Not_Contains_1(void **state)
@@ -504,6 +533,7 @@ static void test_not_Not_Contains_1(void **state)
        USER_SIDS("WD", "AA");
        DEVICE_CLAIMS("colour", "{\"orange\", \"blue\"}");
        ALLOW_CHECK(0x10);
+       DEINIT()
 }
 
 
@@ -514,6 +544,7 @@ static void test_not_not_Not_Member_of(void **state)
        USER_SIDS("WD", "AA");
        DEVICE_SIDS("BA", "BG");
        ALLOW_CHECK(0x10);
+       DEINIT()
 }
 
 static void test_not_not_Not_Member_of_fail(void **state)
@@ -523,6 +554,7 @@ static void test_not_not_Not_Member_of_fail(void **state)
        USER_SIDS("WD", "AA");
        DEVICE_SIDS("BA", "BG");
        DENY_CHECK(0x10);
+       DEINIT()
 }
 
 static void test_not_not_not_not_not_not_not_not_not_not_Not_Member_of(void **state)
@@ -533,6 +565,7 @@ static void test_not_not_not_not_not_not_not_not_not_not_Not_Member_of(void **st
        USER_SIDS("WD", "AA");
        DEVICE_SIDS("BA", "BG");
        ALLOW_CHECK(0x10);
+       DEINIT()
 }
 
 
@@ -544,6 +577,7 @@ static void test_Device_Member_of_and_Member_of(void **state)
        SD("D:(XA;;0x1f;;;AA;"
           "(Device_Member_of{SID(BA)} && Member_of{SID(WD)}))");
        ALLOW_CHECK(0x10);
+       DEINIT()
 }
 
 
@@ -555,6 +589,7 @@ static void test_Device_claim_contains_Resource_claim(void **state)
        SD("D:(XA;;0x1f;;;AA;(@Device.colour Contains @Resource.colour))"
           "S:(RA;;;;;WD;(\"colour\",TS,0,\"blue\"))");
        ALLOW_CHECK(0x10);
+       DEINIT()
 }
 
 
@@ -566,6 +601,7 @@ static void test_device_claim_contains_resource_claim(void **state)
        SD("D:(XA;;0x1f;;;AA;(@Device.colour Contains @Resource.colour))"
           "S:(RA;;;;;WD;(\"colour\",TS,0,\"blue\"))");
        ALLOW_CHECK(0x10);
+       DEINIT()
 }
 
 static void test_device_claim_eq_resource_claim(void **state)
@@ -576,6 +612,7 @@ static void test_device_claim_eq_resource_claim(void **state)
        SD("D:(XA;;0x1f;;;AA;(@Device.colour == @Resource.colour))"
           "S:(RA;;;;;WD;(\"colour\",TS,0,\"blue\"))");
        ALLOW_CHECK(0x10);
+       DEINIT()
 }
 
 static void test_user_claim_eq_device_claim(void **state)
@@ -586,6 +623,7 @@ static void test_user_claim_eq_device_claim(void **state)
        DEVICE_CLAIMS("colour", "\"blue\"");
        SD("D:(XA;;0x1f;;;AA;(@User.colour == @Device.colour))");
        ALLOW_CHECK(0x10);
+       DEINIT()
 }
 
 static void test_device_claim_eq_resource_claim_2(void **state)
@@ -595,6 +633,7 @@ static void test_device_claim_eq_resource_claim_2(void **state)
        DEVICE_CLAIMS("colour", "{\"orange\", \"blue\"}");
        SD("D:(XA;;0x1f;;;AA;(@Device.colour == {\"orange\", \"blue\"}))");
        ALLOW_CHECK(0x10);
+       DEINIT()
 }
 
 static void test_resource_ace_multi(void **state)
@@ -605,6 +644,7 @@ static void test_resource_ace_multi(void **state)
        SD("D:(XA;;0x1f;;;AA;(@Device.colour Contains @Resource.colour))"
           "S:(RA;;;;;WD;(\"colour\",TS,0,\"blue\", \"red\"))");
        ALLOW_CHECK(0x10);
+       DEINIT()
 }
 
 static void test_resource_ace_multi_any_of(void **state)
@@ -615,6 +655,7 @@ static void test_resource_ace_multi_any_of(void **state)
        SD("D:(XA;;0x1f;;;AA;(@Device.colour Any_of @Resource.colour))"
           "S:(RA;;;;;WD;(\"colour\",TS,0,\"grue\", \"blue\", \"red\"))");
        ALLOW_CHECK(0x10);
+       DEINIT()
 }
 
 static void test_horrible_fuzz_derived_test_3(void **state)
@@ -622,6 +663,7 @@ static void test_horrible_fuzz_derived_test_3(void **state)
        INIT();
        USER_SIDS("WD", "AA", "IS");
        SD_FAIL("S:PPD:(XA;OI;0x1;;;IS;(q>))");
+       DEINIT()
 }
 
 static void test_resource_ace_single(void **state)
@@ -632,6 +674,7 @@ static void test_resource_ace_single(void **state)
         SD("D:(XA;;0x1f;;;AA;(@Device.colour Contains @Resource.colour))"
           "S:(RA;;;;;WD;(\"colour\",TS,0,\"blue\"))");
         ALLOW_CHECK(0x10);
+       DEINIT()
 }
 
 
@@ -642,6 +685,7 @@ static void test_user_attr_any_of_missing_resource_and_user_attr(void **state)
         DEVICE_CLAIMS("colour", "\"blue\"");
         SD("D:(XD;;FX;;;S-1-1-0;(@User.Project Any_of @Resource.Project))");
         DENY_CHECK(0x10);
+       DEINIT()
 }
 
 static void test_user_attr_any_of_missing_resource_attr(void **state)
@@ -651,6 +695,7 @@ static void test_user_attr_any_of_missing_resource_attr(void **state)
         USER_CLAIMS("Project", "3");
         SD("D:(XD;;FX;;;S-1-1-0;(@User.Project Any_of @Resource.Project))");
         DENY_CHECK(0x10);
+       DEINIT()
 }
 
 static void test_user_attr_any_of_missing_user_attr(void **state)
@@ -660,6 +705,7 @@ static void test_user_attr_any_of_missing_user_attr(void **state)
         SD("D:(XD;;FX;;;S-1-1-0;(@User.Project Any_of @Resource.Project))"
           "S:(RA;;;;;WD;(\"Project\",TX,0,1234))");
         DENY_CHECK(0x10);
+       DEINIT()
 }
 
 

diff --git a/libcli/security/tests/test_sddl_conditional_ace.c b/libcli/security/tests/test_sddl_conditional_ace.c
index fc9281d92f48722e922476f90917d00c4a9eded0..b1b9881db68f9e007b4359bbbc7618bd70fafb4a 100644 (file)
--- a/libcli/security/tests/test_sddl_conditional_ace.c
+++ b/libcli/security/tests/test_sddl_conditional_ace.c
@@ -105,6 +105,7 @@ static void test_sddl_compile(void **state)
        }
        if (s == NULL) {
                debug_fail("%s\n", sddl);
+               TALLOC_FREE(mem_ctx);
                fail();
        }
 
@@ -115,6 +116,7 @@ static void test_sddl_compile(void **state)
        for (i = 0; i < compiled.length; i++) {
                assert_int_equal(compiled.data[i], ace[i]);
        }
+       TALLOC_FREE(mem_ctx);
 }
 
 static void test_sddl_compile2(void **state)
@@ -145,6 +147,7 @@ static void test_sddl_compile2(void **state)
        }
        if (s == NULL) {
                debug_fail("%s\n", sddl);
+               TALLOC_FREE(mem_ctx);
                fail();
        }
 
@@ -155,6 +158,7 @@ static void test_sddl_compile2(void **state)
        for (i = 0; i < compiled.length; i++) {
                assert_int_equal(compiled.data[i], ace[i]);
        }
+       TALLOC_FREE(mem_ctx);
 }
 
 static void test_full_sddl_compile(void **state)
@@ -577,6 +581,7 @@ static void test_full_sddl_ra_escapes(void **state)
                (ndr_pull_flags_fn_t)ndr_pull_security_descriptor);
 
        assert_true(NDR_ERR_CODE_IS_SUCCESS(ndr_err));
+       TALLOC_FREE(mem_ctx);
 }
 
 static void test_round_trips(void **state)
@@ -722,6 +727,7 @@ static void test_round_trips(void **state)
                }
        }
        assert_false(failed);
+       TALLOC_FREE(mem_ctx);
 }
 
 static void test_a_number_of_valid_strings(void **state)
@@ -769,6 +775,7 @@ static void test_a_number_of_valid_strings(void **state)
                }
        }
        assert_false(failed);
+       TALLOC_FREE(mem_ctx);
 }
 
 
@@ -842,6 +849,7 @@ static void test_a_number_of_invalid_strings(void **state)
                }
        }
        assert_false(failed_to_fail);
+       TALLOC_FREE(mem_ctx);
 }
 
 
@@ -928,6 +936,7 @@ static void test_a_number_of_invalid_full_sddl_strings(void **state)
        }
        assert_false(failed_to_fail);
        assert_false(message_wrong);
+       TALLOC_FREE(mem_ctx);
 }
 
 
@@ -979,6 +988,7 @@ static void test_valid_strings_with_trailing_crap(void **state)
                }
        }
        assert_false(failed);
+       TALLOC_FREE(mem_ctx);
 }