s3:secrets: Do not leak memory of pw and old_pw

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13101

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

diff --git a/source3/passdb/machine_account_secrets.c b/source3/passdb/machine_account_secrets.c
index 5a0f7a8405ca56f9124b91ed13022e12af08694f..fbc87c5619c21eec4674fed2597d52e04f437ab1 100644 (file)
--- a/source3/passdb/machine_account_secrets.c
+++ b/source3/passdb/machine_account_secrets.c
@@ -1367,6 +1367,8 @@ NTSTATUS secrets_fetch_or_upgrade_domain_info(const char *domain,
                DBG_ERR("secrets_fetch_domain_sid(%s) failed\n",
                        domain);
                dbwrap_transaction_cancel(db);
+               SAFE_FREE(old_pw);
+               SAFE_FREE(pw);
                TALLOC_FREE(frame);
                return NT_STATUS_CANT_ACCESS_DOMAIN_INFO;
        }
@@ -1381,6 +1383,8 @@ NTSTATUS secrets_fetch_or_upgrade_domain_info(const char *domain,
        if (info->account_name == NULL) {
                DBG_ERR("talloc_asprintf(%s$) failed\n", info->computer_name);
                dbwrap_transaction_cancel(db);
+               SAFE_FREE(old_pw);
+               SAFE_FREE(pw);
                TALLOC_FREE(frame);
                return NT_STATUS_NO_MEMORY;
        }
@@ -1418,6 +1422,8 @@ NTSTATUS secrets_fetch_or_upgrade_domain_info(const char *domain,
                        DBG_ERR("talloc_asprintf(%s#%02X) failed\n",
                                domain, NBT_NAME_PDC);
                        dbwrap_transaction_cancel(db);
+                       SAFE_FREE(pw);
+                       SAFE_FREE(old_pw);
                        TALLOC_FREE(frame);
                        return NT_STATUS_NO_MEMORY;
                }
@@ -1438,6 +1444,8 @@ NTSTATUS secrets_fetch_or_upgrade_domain_info(const char *domain,
                p = kerberos_secrets_fetch_salt_princ();
                if (p == NULL) {
                        dbwrap_transaction_cancel(db);
+                       SAFE_FREE(old_pw);
+                       SAFE_FREE(pw);
                        TALLOC_FREE(frame);
                        return NT_STATUS_INTERNAL_ERROR;
                }
@@ -1445,6 +1453,8 @@ NTSTATUS secrets_fetch_or_upgrade_domain_info(const char *domain,
                SAFE_FREE(p);
                if (info->salt_principal == NULL) {
                        dbwrap_transaction_cancel(db);
+                       SAFE_FREE(pw);
+                       SAFE_FREE(old_pw);
                        TALLOC_FREE(frame);
                        return NT_STATUS_NO_MEMORY;
                }
@@ -1459,6 +1469,7 @@ NTSTATUS secrets_fetch_or_upgrade_domain_info(const char *domain,
                                                     info->salt_principal,
                                                     last_set_nt, server,
                                                     &info->password);
+       SAFE_FREE(pw);
        if (!NT_STATUS_IS_OK(status)) {
                DBG_ERR("secrets_domain_info_password_create(pw) failed "
                        "for %s - %s\n", domain, nt_errstr(status));
@@ -1476,6 +1487,7 @@ NTSTATUS secrets_fetch_or_upgrade_domain_info(const char *domain,
                                                             info->salt_principal,
                                                             0, server,
                                                             &info->old_password);
+               SAFE_FREE(old_pw);
                if (!NT_STATUS_IS_OK(status)) {
                        DBG_ERR("secrets_domain_info_password_create(old) failed "
                                "for %s - %s\n", domain, nt_errstr(status));