s3:auth: Fix Coverity ID 1646934: memory leak in make_pw_chat

make_pw_chat may succeed in the first call to SMB_CALLOC_ARRAY but fail
in one of the following loop iterations, in which the list is already
populated with dynamically allocated entries. Make sure that we free the
list before bailing out with NULL.

Fixes Coverity issue 1646934

Signed-off-by: Shachar Sharon <ssharon@redhat.com>
Reviewed-by: Anoop C S <anoopcs@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Sat Jun 14 07:41:48 UTC 2025 on atb-devel-224

diff --git a/source3/auth/pampass.c b/source3/auth/pampass.c
index 03d2fe69286c5a26ec3caf387445188645de2bae..88a909b7bd26578a1ad5a0a158a28078714c5658 100644 (file)
--- a/source3/auth/pampass.c
+++ b/source3/auth/pampass.c
@@ -223,6 +223,8 @@ struct chat_struct {
        fstring reply;
 };
 
+static void free_pw_chat(struct chat_struct *list);
+
 /**************************************************************
  Create a linked list containing chat data.
 ***************************************************************/
@@ -239,6 +241,7 @@ static struct chat_struct *make_pw_chat(const char *p)
                t = SMB_CALLOC_ARRAY(struct chat_struct, 1);
                if (!t) {
                        DEBUG(0,("make_pw_chat: malloc failed!\n"));
+                       free_pw_chat(list);
                        TALLOC_FREE(frame);
                        return NULL;
                }