CID 1363286: Resource leak by failing to free tmp_ctx

There are a few oddities in this function, including a duplicated NULL
check, a talloc_free of a context which is passed in and a number of
missing frees before a return.

Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Autobuild-User(master): Gary Lockyer <gary@samba.org>
Autobuild-Date(master): Wed May  8 00:36:14 UTC 2019 on sn-devel-184

diff --git a/source4/auth/session.c b/source4/auth/session.c
index 3a8c40b7fb83ab74425d13a9fa65797657305ae0..71d236aa3e19bf3bc532e3679a5f7956474718f0 100644 (file)
--- a/source4/auth/session.c
+++ b/source4/auth/session.c
@@ -115,10 +115,6 @@ _PUBLIC_ NTSTATUS auth_generate_session_info(TALLOC_CTX *mem_ctx,
                TALLOC_FREE(tmp_ctx);
                return NT_STATUS_NO_MEMORY;
        }
-       if (!sids) {
-               talloc_free(tmp_ctx);
-               return NT_STATUS_NO_MEMORY;
-       }
 
        num_sids = user_info_dc->num_sids;
 
@@ -134,14 +130,19 @@ _PUBLIC_ NTSTATUS auth_generate_session_info(TALLOC_CTX *mem_ctx,
 
        if (session_info_flags & AUTH_SESSION_INFO_DEFAULT_GROUPS) {
                sids = talloc_realloc(tmp_ctx, sids, struct dom_sid, num_sids + 2);
-               NT_STATUS_HAVE_NO_MEMORY(sids);
+               if (sids == NULL) {
+                       TALLOC_FREE(tmp_ctx);
+                       return NT_STATUS_NO_MEMORY;
+               }
 
                if (!dom_sid_parse(SID_WORLD, &sids[num_sids])) {
+                       TALLOC_FREE(tmp_ctx);
                        return NT_STATUS_INTERNAL_ERROR;
                }
                num_sids++;
 
                if (!dom_sid_parse(SID_NT_NETWORK, &sids[num_sids])) {
+                       TALLOC_FREE(tmp_ctx);
                        return NT_STATUS_INTERNAL_ERROR;
                }
                num_sids++;
@@ -149,9 +150,13 @@ _PUBLIC_ NTSTATUS auth_generate_session_info(TALLOC_CTX *mem_ctx,
 
        if (session_info_flags & AUTH_SESSION_INFO_AUTHENTICATED) {
                sids = talloc_realloc(tmp_ctx, sids, struct dom_sid, num_sids + 1);
-               NT_STATUS_HAVE_NO_MEMORY(sids);
+               if (sids == NULL) {
+                       TALLOC_FREE(tmp_ctx);
+                       return NT_STATUS_NO_MEMORY;
+               }
 
                if (!dom_sid_parse(SID_NT_AUTHENTICATED_USERS, &sids[num_sids])) {
+                       TALLOC_FREE(tmp_ctx);
                        return NT_STATUS_INTERNAL_ERROR;
                }
                num_sids++;
@@ -159,9 +164,13 @@ _PUBLIC_ NTSTATUS auth_generate_session_info(TALLOC_CTX *mem_ctx,
 
        if (session_info_flags & AUTH_SESSION_INFO_NTLM) {
                sids = talloc_realloc(tmp_ctx, sids, struct dom_sid, num_sids + 1);
-               NT_STATUS_HAVE_NO_MEMORY(sids);
+               if (sids == NULL) {
+                       TALLOC_FREE(tmp_ctx);
+                       return NT_STATUS_NO_MEMORY;
+               }
 
                if (!dom_sid_parse(SID_NT_NTLM_AUTHENTICATION, &sids[num_sids])) {
+                       TALLOC_FREE(tmp_ctx);
                        return NT_STATUS_INTERNAL_ERROR;
                }
                num_sids++;
@@ -187,11 +196,11 @@ _PUBLIC_ NTSTATUS auth_generate_session_info(TALLOC_CTX *mem_ctx,
                                "<SID=%s>",
                                dom_sid_str_buf(&sids[i], &buf));
                        if (sid_dn == NULL) {
-                               TALLOC_FREE(user_info_dc);
+                               TALLOC_FREE(tmp_ctx);
                                return NT_STATUS_NO_MEMORY;
                        }
                        sid_blob = data_blob_string_const(sid_dn);
-                       
+
                        /* This function takes in memberOf values and expands
                         * them, as long as they meet the filter - so only
                         * builtin groups