r8627: fixed a big memory leak in the spnego gensec code in session
authorAndrew Tridgell <tridge@samba.org>
Wed, 20 Jul 2005 04:19:45 +0000 (04:19 +0000)
committerGerald (Jerry) Carter <jerry@samba.org>
Wed, 10 Oct 2007 18:29:45 +0000 (13:29 -0500)
setup. Andrew, please check over this.

What happens is this:

 - run the BASE-SECLEAK test
 - with each failed session setup using spnego a gensec ctx is leaked into the smb_conn structure
 - after the client disconnects these are finally cleaned up as they
   are all children of the connection structure
 - the cleanup of the millions of memory objects takes long enough
   that the next operation in test_posix.sh sometimes fails with a timeout

Andrew, can you also look at the talloc_reference() on line 332 of
sesssetup.c ? I suspect it isn't needed (I don't think it does any
actual harm though)
(This used to be commit b40fb6a4569ccc1fa1750a1e534e18a020764b4c)

source4/smb_server/sesssetup.c

index c4126b8805652dbb16a820ad07b263721027b05f..d209d96aad2eecc499edeb2dc4a68865918a1a83 100644 (file)
@@ -247,7 +247,7 @@ static NTSTATUS sesssetup_spnego(struct smbsrv_request *req, union smb_sesssetup
 {
        NTSTATUS status = NT_STATUS_ACCESS_DENIED;
        struct smbsrv_session *smb_sess;
-       struct gensec_security *gensec_ctx ;
+       struct gensec_security *gensec_ctx;
        struct auth_session_info *session_info = NULL;
        uint16_t vuid;
 
@@ -270,7 +270,7 @@ static NTSTATUS sesssetup_spnego(struct smbsrv_request *req, union smb_sesssetup
                gensec_ctx = smb_sess->gensec_ctx;
                status = gensec_update(gensec_ctx, req, sess->spnego.in.secblob, &sess->spnego.out.secblob);
        } else {
-               status = gensec_server_start(req->smb_conn, &gensec_ctx,
+               status = gensec_server_start(req, &gensec_ctx,
                                             req->smb_conn->connection->event.ctx);
                if (!NT_STATUS_IS_OK(status)) {
                        DEBUG(1, ("Failed to start GENSEC server code: %s\n", nt_errstr(status)));
@@ -327,6 +327,7 @@ static NTSTATUS sesssetup_spnego(struct smbsrv_request *req, union smb_sesssetup
                        return NT_STATUS_ACCESS_DENIED;
                }
                req->session = smb_sess;
+               talloc_steal(smb_sess, gensec_ctx);
        } else {
                smb_sess->session_info = talloc_reference(smb_sess, session_info);
        }