From 5f9f9242ce709c17422d07bd58e8fccd9f6737ad Mon Sep 17 00:00:00 2001
From: Joseph Sutton <josephsutton@catalyst.net.nz>
Date: Tue, 7 Nov 2023 12:16:12 +1300
Subject: [PATCH] s4:librpc: Fix leak

We should not leak error messages returned by sddl_decode_err_msg().

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
---
 source4/librpc/ndr/py_security.c | 14 +++++++++++++-
 1 file changed, 13 insertions(+), 1 deletion(-)

diff --git a/source4/librpc/ndr/py_security.c b/source4/librpc/ndr/py_security.c
index 74f323c3f56..5f185b69bed 100644
--- a/source4/librpc/ndr/py_security.c
+++ b/source4/librpc/ndr/py_security.c
@@ -272,6 +272,7 @@ static PyObject *py_descriptor_new(PyTypeObject *self, PyObject *args, PyObject
 
 static PyObject *py_descriptor_from_sddl(PyObject *self, PyObject *args)
 {
+	TALLOC_CTX *tmp_ctx = NULL;
 	struct security_descriptor *secdesc;
 	char *sddl;
 	PyObject *py_sid;
@@ -291,7 +292,13 @@ static PyObject *py_descriptor_from_sddl(PyObject *self, PyObject *args)
 
 	sid = pytalloc_get_ptr(py_sid);
 
-	secdesc = sddl_decode_err_msg(NULL, sddl, sid,
+	tmp_ctx = talloc_new(NULL);
+	if (tmp_ctx == NULL) {
+		PyErr_NoMemory();
+		return NULL;
+	}
+
+	secdesc = sddl_decode_err_msg(tmp_ctx, sddl, sid,
 				      &err_msg, &err_msg_offset);
 	if (secdesc == NULL) {
 		PyObject *exc = NULL;
@@ -315,14 +322,19 @@ static PyObject *py_descriptor_from_sddl(PyObject *self, PyObject *args)
 				    err_msg_offset,
 				    sddl);
 		if (exc == NULL) {
+			talloc_free(tmp_ctx);
 			/* an exception was set by Py_BuildValue() */
 			return NULL;
 		}
 		PyErr_SetObject(PyExc_SDDLValueError, exc);
 		Py_DECREF(exc);
+		talloc_free(tmp_ctx);
 		return NULL;
 	}
 
+	secdesc = talloc_steal(NULL, secdesc);
+	talloc_free(tmp_ctx);
+
 	return pytalloc_steal((PyTypeObject *)self, secdesc);
 }
 
-- 
2.47.3