From eea5451daaa645f1be758fb839bb764fbef4a80c Mon Sep 17 00:00:00 2001
From: Andreas Schneider <asn@samba.org>
Date: Tue, 21 Oct 2025 10:30:29 +0200
Subject: [PATCH] s3:passdb: Fix memory leak in pdb_default_add_groupmem()

Indirect leak of 496 byte(s) in 1 object(s) allocated from:
    #0 0x7f068f921c2b in malloc (/lib64/libasan.so.8+0x121c2b) (BuildId: 388ee9ac193f74c177c6f52988d2d0dab110de41)
    #1 0x7f068f4266a0 in __talloc_with_prefix ../../lib/talloc/talloc.c:783
    #2 0x7f068f427f75 in __talloc ../../lib/talloc/talloc.c:825
    #3 0x7f068f427f75 in _talloc_named_const ../../lib/talloc/talloc.c:982
    #4 0x7f068f427f75 in _talloc_zero ../../lib/talloc/talloc.c:2421
    #5 0x7f068cbba260 in samu_new ../../source3/passdb/passdb.c:63
    #6 0x7f068cbda444 in pdb_default_add_groupmem ../../source3/passdb/pdb_interface.c:1022
    #7 0x7f068cbd825d in pdb_add_groupmem ../../source3/passdb/pdb_interface.c:1054
    #8 0x000000389322 in net_sam_addmem ../../source3/utils/net_sam.c:1255
    #9 0x00000038ff79 in net_run_function ../../source3/utils/net_util.c:451
    #10 0x00000038bfb6 in net_sam ../../source3/utils/net_sam.c:2306
    #11 0x00000038ff79 in net_run_function ../../source3/utils/net_util.c:451
    #12 0x0000002ea182 in main ../../source3/utils/net.c:1474
    #13 0x7f068a42b2fa in __libc_start_call_main (/lib64/libc.so.6+0x2b2fa) (BuildId: 8523b213e7586a93ab00f6dd476418b1e521e62c)
    #14 0x7ffe0a90b7a1  ([stack]+0x207a1)

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Anoop C S <anoopcs@samba.org>
---
 source3/passdb/pdb_interface.c | 13 ++++++++++---
 1 file changed, 10 insertions(+), 3 deletions(-)

diff --git a/source3/passdb/pdb_interface.c b/source3/passdb/pdb_interface.c
index 79b2a0bf445..af42918fd1f 100644
--- a/source3/passdb/pdb_interface.c
+++ b/source3/passdb/pdb_interface.c
@@ -994,6 +994,7 @@ static NTSTATUS pdb_default_add_groupmem(struct pdb_methods *methods,
 	struct passwd *pwd;
 	const char *group_name;
 	uid_t uid;
+	bool in_group;
 
 	map = talloc_zero(mem_ctx, GROUP_MAP);
 	if (!map) {
@@ -1019,17 +1020,21 @@ static NTSTATUS pdb_default_add_groupmem(struct pdb_methods *methods,
 		return NT_STATUS_NO_MEMORY;
 	}
 
-	if ( !(account = samu_new( NULL )) ) {
+	account = samu_new(mem_ctx);
+	if (account == NULL) {
 		return NT_STATUS_NO_MEMORY;
 	}
 
 	if (!pdb_getsampwsid(account, &member_sid) ||
 	    !sid_to_uid(&member_sid, &uid) ||
 	    ((pwd = getpwuid_alloc(mem_ctx, uid)) == NULL)) {
+		TALLOC_FREE(account);
 		return NT_STATUS_NO_SUCH_USER;
 	}
 
-	if (pdb_user_in_group(mem_ctx, account, &group_sid)) {
+	in_group = pdb_user_in_group(mem_ctx, account, &group_sid);
+	if (in_group) {
+		TALLOC_FREE(account);
 		return NT_STATUS_MEMBER_IN_GROUP;
 	}
 
@@ -1040,7 +1045,9 @@ static NTSTATUS pdb_default_add_groupmem(struct pdb_methods *methods,
 
 	smb_add_user_group(group_name, pwd->pw_name);
 
-	if (!pdb_user_in_group(mem_ctx, account, &group_sid)) {
+	in_group = pdb_user_in_group(mem_ctx, account, &group_sid);
+	TALLOC_FREE(account);
+	if (!in_group) {
 		return NT_STATUS_ACCESS_DENIED;
 	}
 
-- 
2.47.3