s3:passdb: Fix memory leak in pdb_default_del_groupmem()

Indirect leak of 496 byte(s) in 1 object(s) allocated from:
    #0 0x7f1e45121c2b in malloc (/lib64/libasan.so.8+0x121c2b) (BuildId: 388ee9ac193f74c177c6f52988d2d0dab110de41)
    #1 0x7f1e44b586a0 in __talloc_with_prefix ../../lib/talloc/talloc.c:783
    #2 0x7f1e44b59f75 in __talloc ../../lib/talloc/talloc.c:825
    #3 0x7f1e44b59f75 in _talloc_named_const ../../lib/talloc/talloc.c:982
    #4 0x7f1e44b59f75 in _talloc_zero ../../lib/talloc/talloc.c:2421
    #5 0x7f1e42a18460 in samu_new ../../source3/passdb/passdb.c:63
    #6 0x7f1e42a381ef in pdb_default_del_groupmem ../../source3/passdb/pdb_interface.c:1098
    #7 0x7f1e42a364b1 in pdb_del_groupmem ../../source3/passdb/pdb_interface.c:1130
    #8 0x000000388a57 in net_sam_delmem ../../source3/utils/net_sam.c:1324
    #9 0x00000038ff79 in net_run_function ../../source3/utils/net_util.c:451
    #10 0x00000038bfb6 in net_sam ../../source3/utils/net_sam.c:2306
    #11 0x00000038ff79 in net_run_function ../../source3/utils/net_util.c:451
    #12 0x0000002ea182 in main ../../source3/utils/net.c:1474
    #13 0x7f1e3fc2b2fa in __libc_start_call_main (/lib64/libc.so.6+0x2b2fa) (BuildId: 8523b213e7586a93ab00f6dd476418b1e521e62c)
    #14 0x7ffe6b22b79f  ([stack]+0x2079f)

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Anoop C S <anoopcs@samba.org>
Autobuild-User(master): Anoop C S <anoopcs@samba.org>
Autobuild-Date(master): Wed Oct 22 15:21:22 UTC 2025 on atb-devel-224

diff --git a/source3/passdb/pdb_interface.c b/source3/passdb/pdb_interface.c
index af42918fd1faa622bf9a5a24c184663201f870da..8678d5d42f344381ca84d435a33eb8b20cdd7c13 100644 (file)
--- a/source3/passdb/pdb_interface.c
+++ b/source3/passdb/pdb_interface.c
@@ -1073,6 +1073,7 @@ static NTSTATUS pdb_default_del_groupmem(struct pdb_methods *methods,
        struct passwd *pwd;
        const char *group_name;
        uid_t uid;
+       bool in_group;
 
        map = talloc_zero(mem_ctx, GROUP_MAP);
        if (!map) {
@@ -1095,17 +1096,21 @@ static NTSTATUS pdb_default_del_groupmem(struct pdb_methods *methods,
                return NT_STATUS_NO_MEMORY;
        }
 
-       if ( !(account = samu_new( NULL )) ) {
+       account = samu_new(mem_ctx);
+       if (account == NULL) {
                return NT_STATUS_NO_MEMORY;
        }
 
        if (!pdb_getsampwsid(account, &member_sid) ||
            !sid_to_uid(&member_sid, &uid) ||
            ((pwd = getpwuid_alloc(mem_ctx, uid)) == NULL)) {
+               TALLOC_FREE(account);
                return NT_STATUS_NO_SUCH_USER;
        }
 
-       if (!pdb_user_in_group(mem_ctx, account, &group_sid)) {
+       in_group = pdb_user_in_group(mem_ctx, account, &group_sid);
+       if (!in_group) {
+               TALLOC_FREE(account);
                return NT_STATUS_MEMBER_NOT_IN_GROUP;
        }
 
@@ -1116,7 +1121,9 @@ static NTSTATUS pdb_default_del_groupmem(struct pdb_methods *methods,
 
        smb_delete_user_group(group_name, pwd->pw_name);
 
-       if (pdb_user_in_group(mem_ctx, account, &group_sid)) {
+       in_group = pdb_user_in_group(mem_ctx, account, &group_sid);
+       TALLOC_FREE(account);
+       if (in_group) {
                return NT_STATUS_ACCESS_DENIED;
        }