From: Rabinarayan Panigrahi Date: Sun, 3 Aug 2025 14:44:17 +0000 (+0530) Subject: libcli/security: use talloc_free at the end of sub-tests X-Git-Tag: tdb-1.4.14~2 X-Git-Url: http://git.ipfire.org/gitweb/gitweb.cgi?a=commitdiff_plain;h=0ef50512489fed57322cb5df7fcb3c8a2e7880c4;p=thirdparty%2Fsamba.git libcli/security: use talloc_free at the end of sub-tests Memory should be free by talloc_free() if it is allocated using talloc_new() Signed-off-by: Rabinarayan Panigrahi Reviewed-by: Anoop C S Reviewed-by: Douglas Bagnall Autobuild-User(master): Anoop C S Autobuild-Date(master): Thu Aug 7 09:02:29 UTC 2025 on atb-devel-224 --- diff --git a/libcli/security/tests/test_run_conditional_ace.c b/libcli/security/tests/test_run_conditional_ace.c index dc02e338594..70fe78c5352 100644 --- a/libcli/security/tests/test_run_conditional_ace.c +++ b/libcli/security/tests/test_run_conditional_ace.c @@ -153,6 +153,7 @@ static void test_device_claims_composite(void **state) assert_non_null(sd); status = se_access_check(sd, &token, 0x10, &access_granted); assert_ntstatus_equal(status, NT_STATUS_OK, "access check failed\n"); + TALLOC_FREE(mem_ctx); } @@ -228,7 +229,8 @@ static bool fill_sd(TALLOC_CTX *mem_ctx, }; \ struct security_descriptor *sd = NULL; - +#define DEINIT() \ + TALLOC_FREE(mem_ctx); static void test_composite_different_order(void **state) { @@ -240,6 +242,7 @@ static void test_composite_different_order(void **state) * Claim arrays are sets, so we assume conditional ACE ones are too. */ ALLOW_CHECK(0x10); + DEINIT() } static void test_composite_different_order_with_dupes(void **state) @@ -249,6 +252,7 @@ static void test_composite_different_order_with_dupes(void **state) USER_SIDS("WD", "AA"); DEVICE_CLAIMS("colour", "{\"orange\", \"blue\", \"orange\"}"); DENY_CHECK(0x10); + DEINIT() } static void test_composite_different_order_with_dupes_in_composite(void **state) @@ -258,6 +262,7 @@ static void test_composite_different_order_with_dupes_in_composite(void **state) USER_SIDS("WD", "AA"); DEVICE_CLAIMS("colour", "{\"orange\", \"blue\"}"); ALLOW_CHECK(0x10); + DEINIT() } static void test_composite_different_order_with_SID_dupes(void **state) @@ -267,6 +272,7 @@ static void test_composite_different_order_with_SID_dupes(void **state) USER_SIDS("WD", "AA"); DEVICE_CLAIMS("colour", "{SID(AA), SID(AA), SID(WD)}"); DENY_CHECK(0x10); + DEINIT() } static void test_composite_different_order_with_SID_dupes_in_composite(void **state) @@ -276,6 +282,7 @@ static void test_composite_different_order_with_SID_dupes_in_composite(void **st USER_SIDS("WD", "AA"); DEVICE_CLAIMS("colour", "{SID(AA), SID(WD)}"); ALLOW_CHECK(0x10); + DEINIT() } static void test_composite_mixed_types(void **state) @@ -289,6 +296,7 @@ static void test_composite_mixed_types(void **state) USER_SIDS("WD", "AA"); DEVICE_CLAIMS("colour", "{SID(AA), SID(WD)}"); DENY_CHECK(0x10); + DEINIT() } static void test_composite_mixed_types_different_last(void **state) @@ -302,6 +310,7 @@ static void test_composite_mixed_types_different_last(void **state) USER_SIDS("WD", "AA"); DEVICE_CLAIMS("colour", "{SID(AA), SID(WD)}"); DENY_CHECK(0x10); + DEINIT() } static void test_composite_mixed_types_deny(void **state) @@ -316,6 +325,7 @@ static void test_composite_mixed_types_deny(void **state) USER_SIDS("WD", "AA"); DEVICE_CLAIMS("colour", "{SID(AA), SID(WD)}"); DENY_CHECK(0x10); + DEINIT() } static void test_different_case(void **state) @@ -325,6 +335,7 @@ static void test_different_case(void **state) USER_SIDS("WD", "AA"); DEVICE_CLAIMS("colour", "{\"orange\", \"blue\"}"); ALLOW_CHECK(0x10); + DEINIT() } static void test_different_case_with_case_sensitive_flag(void **state) @@ -336,6 +347,7 @@ static void test_different_case_with_case_sensitive_flag(void **state) /* set the flag bit */ token.device_claims[0].flags = CLAIM_SECURITY_ATTRIBUTE_VALUE_CASE_SENSITIVE; DENY_CHECK(0x10); + DEINIT() } @@ -346,6 +358,7 @@ static void test_claim_name_different_case(void **state) USER_SIDS("WD", "AA"); DEVICE_CLAIMS("colour", "{\"orange\", \"blue\"}"); ALLOW_CHECK(0x10); + DEINIT() } static void test_claim_name_different_case_case_flag(void **state) @@ -359,6 +372,7 @@ static void test_claim_name_different_case_case_flag(void **state) */ token.device_claims[0].flags = CLAIM_SECURITY_ATTRIBUTE_VALUE_CASE_SENSITIVE; ALLOW_CHECK(0x10); + DEINIT() } static void test_more_values_not_equal(void **state) @@ -368,6 +382,7 @@ static void test_more_values_not_equal(void **state) USER_SIDS("WD", "AA"); DEVICE_CLAIMS("colour", "{\"orange\", \"blue\"}"); ALLOW_CHECK(0x10); + DEINIT() } static void test_contains(void **state) @@ -377,6 +392,7 @@ static void test_contains(void **state) USER_SIDS("WD", "AA"); DEVICE_CLAIMS("colour", "{\"orange\", \"blue\"}"); ALLOW_CHECK(0x10); + DEINIT() } static void test_contains_incomplete(void **state) @@ -386,6 +402,7 @@ static void test_contains_incomplete(void **state) USER_SIDS("WD", "AA"); DEVICE_CLAIMS("colour", "{\"orange\", \"blue\"}"); DENY_CHECK(0x10); + DEINIT() } static void test_any_of(void **state) @@ -395,6 +412,7 @@ static void test_any_of(void **state) USER_SIDS("WD", "AA"); DEVICE_CLAIMS("colour", "{\"orange\", \"blue\"}"); ALLOW_CHECK(0x10); + DEINIT() } static void test_any_of_match_last(void **state) @@ -404,6 +422,7 @@ static void test_any_of_match_last(void **state) USER_SIDS("WD", "AA"); DEVICE_CLAIMS("colour", "{\"orange\", \"blue\"}"); ALLOW_CHECK(0x10); + DEINIT() } static void test_any_of_1(void **state) @@ -413,6 +432,7 @@ static void test_any_of_1(void **state) USER_SIDS("WD", "AA"); DEVICE_CLAIMS("colour", "{\"orange\", \"blue\"}"); ALLOW_CHECK(0x10); + DEINIT() } static void test_contains_1(void **state) @@ -422,6 +442,7 @@ static void test_contains_1(void **state) USER_SIDS("WD", "AA"); DEVICE_CLAIMS("colour", "{\"orange\", \"blue\"}"); ALLOW_CHECK(0x10); + DEINIT() } static void test_contains_1_fail(void **state) @@ -431,6 +452,7 @@ static void test_contains_1_fail(void **state) USER_SIDS("WD", "AA"); DEVICE_CLAIMS("colour", "{\"orange\", \"blue\"}"); DENY_CHECK(0x10); + DEINIT() } static void test_any_of_1_fail(void **state) @@ -440,6 +462,7 @@ static void test_any_of_1_fail(void **state) USER_SIDS("WD", "AA"); DEVICE_CLAIMS("colour", "{\"orange\", \"blue\"}"); DENY_CHECK(0x10); + DEINIT() } @@ -450,6 +473,7 @@ static void test_not_any_of_1_fail(void **state) USER_SIDS("WD", "AA"); DEVICE_CLAIMS("colour", "{\"orange\", \"blue\"}"); DENY_CHECK(0x10); + DEINIT() } static void test_not_any_of_composite_1(void **state) @@ -459,6 +483,7 @@ static void test_not_any_of_composite_1(void **state) USER_SIDS("WD", "AA"); DEVICE_CLAIMS("colour", "{\"orange\", \"blue\"}"); DENY_CHECK(0x10); + DEINIT() } static void test_not_contains_1_fail(void **state) @@ -468,6 +493,7 @@ static void test_not_contains_1_fail(void **state) USER_SIDS("WD", "AA"); DEVICE_CLAIMS("colour", "{\"orange\", \"blue\"}"); DENY_CHECK(0x10); + DEINIT() } static void test_not_contains_1(void **state) @@ -477,6 +503,7 @@ static void test_not_contains_1(void **state) USER_SIDS("WD", "AA"); DEVICE_CLAIMS("colour", "{\"orange\", \"blue\"}"); ALLOW_CHECK(0x10); + DEINIT() } static void test_not_any_of_1(void **state) @@ -486,6 +513,7 @@ static void test_not_any_of_1(void **state) USER_SIDS("WD", "AA"); DEVICE_CLAIMS("colour", "{\"orange\", \"blue\"}"); ALLOW_CHECK(0x10); + DEINIT() } static void test_not_Not_Any_of_1(void **state) @@ -495,6 +523,7 @@ static void test_not_Not_Any_of_1(void **state) USER_SIDS("WD", "AA"); DEVICE_CLAIMS("colour", "{\"orange\", \"blue\"}"); DENY_CHECK(0x10); + DEINIT() } static void test_not_Not_Contains_1(void **state) @@ -504,6 +533,7 @@ static void test_not_Not_Contains_1(void **state) USER_SIDS("WD", "AA"); DEVICE_CLAIMS("colour", "{\"orange\", \"blue\"}"); ALLOW_CHECK(0x10); + DEINIT() } @@ -514,6 +544,7 @@ static void test_not_not_Not_Member_of(void **state) USER_SIDS("WD", "AA"); DEVICE_SIDS("BA", "BG"); ALLOW_CHECK(0x10); + DEINIT() } static void test_not_not_Not_Member_of_fail(void **state) @@ -523,6 +554,7 @@ static void test_not_not_Not_Member_of_fail(void **state) USER_SIDS("WD", "AA"); DEVICE_SIDS("BA", "BG"); DENY_CHECK(0x10); + DEINIT() } static void test_not_not_not_not_not_not_not_not_not_not_Not_Member_of(void **state) @@ -533,6 +565,7 @@ static void test_not_not_not_not_not_not_not_not_not_not_Not_Member_of(void **st USER_SIDS("WD", "AA"); DEVICE_SIDS("BA", "BG"); ALLOW_CHECK(0x10); + DEINIT() } @@ -544,6 +577,7 @@ static void test_Device_Member_of_and_Member_of(void **state) SD("D:(XA;;0x1f;;;AA;" "(Device_Member_of{SID(BA)} && Member_of{SID(WD)}))"); ALLOW_CHECK(0x10); + DEINIT() } @@ -555,6 +589,7 @@ static void test_Device_claim_contains_Resource_claim(void **state) SD("D:(XA;;0x1f;;;AA;(@Device.colour Contains @Resource.colour))" "S:(RA;;;;;WD;(\"colour\",TS,0,\"blue\"))"); ALLOW_CHECK(0x10); + DEINIT() } @@ -566,6 +601,7 @@ static void test_device_claim_contains_resource_claim(void **state) SD("D:(XA;;0x1f;;;AA;(@Device.colour Contains @Resource.colour))" "S:(RA;;;;;WD;(\"colour\",TS,0,\"blue\"))"); ALLOW_CHECK(0x10); + DEINIT() } static void test_device_claim_eq_resource_claim(void **state) @@ -576,6 +612,7 @@ static void test_device_claim_eq_resource_claim(void **state) SD("D:(XA;;0x1f;;;AA;(@Device.colour == @Resource.colour))" "S:(RA;;;;;WD;(\"colour\",TS,0,\"blue\"))"); ALLOW_CHECK(0x10); + DEINIT() } static void test_user_claim_eq_device_claim(void **state) @@ -586,6 +623,7 @@ static void test_user_claim_eq_device_claim(void **state) DEVICE_CLAIMS("colour", "\"blue\""); SD("D:(XA;;0x1f;;;AA;(@User.colour == @Device.colour))"); ALLOW_CHECK(0x10); + DEINIT() } static void test_device_claim_eq_resource_claim_2(void **state) @@ -595,6 +633,7 @@ static void test_device_claim_eq_resource_claim_2(void **state) DEVICE_CLAIMS("colour", "{\"orange\", \"blue\"}"); SD("D:(XA;;0x1f;;;AA;(@Device.colour == {\"orange\", \"blue\"}))"); ALLOW_CHECK(0x10); + DEINIT() } static void test_resource_ace_multi(void **state) @@ -605,6 +644,7 @@ static void test_resource_ace_multi(void **state) SD("D:(XA;;0x1f;;;AA;(@Device.colour Contains @Resource.colour))" "S:(RA;;;;;WD;(\"colour\",TS,0,\"blue\", \"red\"))"); ALLOW_CHECK(0x10); + DEINIT() } static void test_resource_ace_multi_any_of(void **state) @@ -615,6 +655,7 @@ static void test_resource_ace_multi_any_of(void **state) SD("D:(XA;;0x1f;;;AA;(@Device.colour Any_of @Resource.colour))" "S:(RA;;;;;WD;(\"colour\",TS,0,\"grue\", \"blue\", \"red\"))"); ALLOW_CHECK(0x10); + DEINIT() } static void test_horrible_fuzz_derived_test_3(void **state) @@ -622,6 +663,7 @@ static void test_horrible_fuzz_derived_test_3(void **state) INIT(); USER_SIDS("WD", "AA", "IS"); SD_FAIL("S:PPD:(XA;OI;0x1;;;IS;(q>))"); + DEINIT() } static void test_resource_ace_single(void **state) @@ -632,6 +674,7 @@ static void test_resource_ace_single(void **state) SD("D:(XA;;0x1f;;;AA;(@Device.colour Contains @Resource.colour))" "S:(RA;;;;;WD;(\"colour\",TS,0,\"blue\"))"); ALLOW_CHECK(0x10); + DEINIT() } @@ -642,6 +685,7 @@ static void test_user_attr_any_of_missing_resource_and_user_attr(void **state) DEVICE_CLAIMS("colour", "\"blue\""); SD("D:(XD;;FX;;;S-1-1-0;(@User.Project Any_of @Resource.Project))"); DENY_CHECK(0x10); + DEINIT() } static void test_user_attr_any_of_missing_resource_attr(void **state) @@ -651,6 +695,7 @@ static void test_user_attr_any_of_missing_resource_attr(void **state) USER_CLAIMS("Project", "3"); SD("D:(XD;;FX;;;S-1-1-0;(@User.Project Any_of @Resource.Project))"); DENY_CHECK(0x10); + DEINIT() } static void test_user_attr_any_of_missing_user_attr(void **state) @@ -660,6 +705,7 @@ static void test_user_attr_any_of_missing_user_attr(void **state) SD("D:(XD;;FX;;;S-1-1-0;(@User.Project Any_of @Resource.Project))" "S:(RA;;;;;WD;(\"Project\",TX,0,1234))"); DENY_CHECK(0x10); + DEINIT() } diff --git a/libcli/security/tests/test_sddl_conditional_ace.c b/libcli/security/tests/test_sddl_conditional_ace.c index fc9281d92f4..b1b9881db68 100644 --- a/libcli/security/tests/test_sddl_conditional_ace.c +++ b/libcli/security/tests/test_sddl_conditional_ace.c @@ -105,6 +105,7 @@ static void test_sddl_compile(void **state) } if (s == NULL) { debug_fail("%s\n", sddl); + TALLOC_FREE(mem_ctx); fail(); } @@ -115,6 +116,7 @@ static void test_sddl_compile(void **state) for (i = 0; i < compiled.length; i++) { assert_int_equal(compiled.data[i], ace[i]); } + TALLOC_FREE(mem_ctx); } static void test_sddl_compile2(void **state) @@ -145,6 +147,7 @@ static void test_sddl_compile2(void **state) } if (s == NULL) { debug_fail("%s\n", sddl); + TALLOC_FREE(mem_ctx); fail(); } @@ -155,6 +158,7 @@ static void test_sddl_compile2(void **state) for (i = 0; i < compiled.length; i++) { assert_int_equal(compiled.data[i], ace[i]); } + TALLOC_FREE(mem_ctx); } static void test_full_sddl_compile(void **state) @@ -577,6 +581,7 @@ static void test_full_sddl_ra_escapes(void **state) (ndr_pull_flags_fn_t)ndr_pull_security_descriptor); assert_true(NDR_ERR_CODE_IS_SUCCESS(ndr_err)); + TALLOC_FREE(mem_ctx); } static void test_round_trips(void **state) @@ -722,6 +727,7 @@ static void test_round_trips(void **state) } } assert_false(failed); + TALLOC_FREE(mem_ctx); } static void test_a_number_of_valid_strings(void **state) @@ -769,6 +775,7 @@ static void test_a_number_of_valid_strings(void **state) } } assert_false(failed); + TALLOC_FREE(mem_ctx); } @@ -842,6 +849,7 @@ static void test_a_number_of_invalid_strings(void **state) } } assert_false(failed_to_fail); + TALLOC_FREE(mem_ctx); } @@ -928,6 +936,7 @@ static void test_a_number_of_invalid_full_sddl_strings(void **state) } assert_false(failed_to_fail); assert_false(message_wrong); + TALLOC_FREE(mem_ctx); } @@ -979,6 +988,7 @@ static void test_valid_strings_with_trailing_crap(void **state) } } assert_false(failed); + TALLOC_FREE(mem_ctx); }