From: Joseph Sutton <josephsutton@catalyst.net.nz>
Date: Thu, 5 Oct 2023 22:55:46 +0000 (+1300)
Subject: Revert "smbd: Fix CID 1504457 Resource leak"
X-Git-Tag: tevent-0.16.0~61
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=68fb12cb79751c4fce59ea981e7e36daa2023662;p=thirdparty%2Fsamba.git

Revert "smbd: Fix CID 1504457 Resource leak"

We cannot free ‘enc’ — it may be a copy of ‘buffer’, in which parameter
both construct_reply_chain() and smb_request_done() pass arrays of
automatic storage duration!

Fixes CID 1505354.

This reverts commit a395f752f0748751d4ade533c41066903f26c2dd.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
---

diff --git a/source3/smbd/smb1_process.c b/source3/smbd/smb1_process.c
index b775a3691f3..e4f6cdf4578 100644
--- a/source3/smbd/smb1_process.c
+++ b/source3/smbd/smb1_process.c
@@ -239,17 +239,14 @@ bool smb1_srv_send(struct smbXsrv_connection *xconn,
 	}
 
 	if (do_encrypt) {
-		char *enc = NULL;
-		NTSTATUS status = srv_encrypt_buffer(xconn, buffer, &enc);
+		NTSTATUS status = srv_encrypt_buffer(xconn, buffer, &buf_out);
 		if (!NT_STATUS_IS_OK(status)) {
 			DEBUG(0, ("send_smb: SMB encryption failed "
 				"on outgoing packet! Error %s\n",
 				nt_errstr(status) ));
-			SAFE_FREE(enc);
 			ret = -1;
 			goto out;
 		}
-		buf_out = enc;
 	}
 
 	len = smb_len_large(buf_out) + 4;