s3:passdb: Fix memory leak in pdb_default_add_groupmem()

Indirect leak of 496 byte(s) in 1 object(s) allocated from:
    #0 0x7f068f921c2b in malloc (/lib64/libasan.so.8+0x121c2b) (BuildId: 388ee9ac193f74c177c6f52988d2d0dab110de41)
    #1 0x7f068f4266a0 in __talloc_with_prefix ../../lib/talloc/talloc.c:783
    #2 0x7f068f427f75 in __talloc ../../lib/talloc/talloc.c:825
    #3 0x7f068f427f75 in _talloc_named_const ../../lib/talloc/talloc.c:982
    #4 0x7f068f427f75 in _talloc_zero ../../lib/talloc/talloc.c:2421
    #5 0x7f068cbba260 in samu_new ../../source3/passdb/passdb.c:63
    #6 0x7f068cbda444 in pdb_default_add_groupmem ../../source3/passdb/pdb_interface.c:1022
    #7 0x7f068cbd825d in pdb_add_groupmem ../../source3/passdb/pdb_interface.c:1054
    #8 0x000000389322 in net_sam_addmem ../../source3/utils/net_sam.c:1255
    #9 0x00000038ff79 in net_run_function ../../source3/utils/net_util.c:451
    #10 0x00000038bfb6 in net_sam ../../source3/utils/net_sam.c:2306
    #11 0x00000038ff79 in net_run_function ../../source3/utils/net_util.c:451
    #12 0x0000002ea182 in main ../../source3/utils/net.c:1474
    #13 0x7f068a42b2fa in __libc_start_call_main (/lib64/libc.so.6+0x2b2fa) (BuildId: 8523b213e7586a93ab00f6dd476418b1e521e62c)
    #14 0x7ffe0a90b7a1  ([stack]+0x207a1)

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Anoop C S <anoopcs@samba.org>

diff --git a/source3/passdb/pdb_interface.c b/source3/passdb/pdb_interface.c
index 79b2a0bf4457da20908c12582aa6fcf24913298e..af42918fd1faa622bf9a5a24c184663201f870da 100644 (file)
--- a/source3/passdb/pdb_interface.c
+++ b/source3/passdb/pdb_interface.c
@@ -994,6 +994,7 @@ static NTSTATUS pdb_default_add_groupmem(struct pdb_methods *methods,
        struct passwd *pwd;
        const char *group_name;
        uid_t uid;
+       bool in_group;
 
        map = talloc_zero(mem_ctx, GROUP_MAP);
        if (!map) {
@@ -1019,17 +1020,21 @@ static NTSTATUS pdb_default_add_groupmem(struct pdb_methods *methods,
                return NT_STATUS_NO_MEMORY;
        }
 
-       if ( !(account = samu_new( NULL )) ) {
+       account = samu_new(mem_ctx);
+       if (account == NULL) {
                return NT_STATUS_NO_MEMORY;
        }
 
        if (!pdb_getsampwsid(account, &member_sid) ||
            !sid_to_uid(&member_sid, &uid) ||
            ((pwd = getpwuid_alloc(mem_ctx, uid)) == NULL)) {
+               TALLOC_FREE(account);
                return NT_STATUS_NO_SUCH_USER;
        }
 
-       if (pdb_user_in_group(mem_ctx, account, &group_sid)) {
+       in_group = pdb_user_in_group(mem_ctx, account, &group_sid);
+       if (in_group) {
+               TALLOC_FREE(account);
                return NT_STATUS_MEMBER_IN_GROUP;
        }
 
@@ -1040,7 +1045,9 @@ static NTSTATUS pdb_default_add_groupmem(struct pdb_methods *methods,
 
        smb_add_user_group(group_name, pwd->pw_name);
 
-       if (!pdb_user_in_group(mem_ctx, account, &group_sid)) {
+       in_group = pdb_user_in_group(mem_ctx, account, &group_sid);
+       TALLOC_FREE(account);
+       if (!in_group) {
                return NT_STATUS_ACCESS_DENIED;
        }