smbd: Fix a memleak in async search ask sharemode

fetch_share_mode_unlocked_parser() takes a "struct
fetch_share_mode_unlocked_state *" as
"private_data". fetch_share_mode_send() used a talloc_zero'ed "struct
share_mode_lock". This lead to the parser putting a "struct
share_mode_lock on the NULL talloc_context where nobody really picked it
up.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13602
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit 0bd109b733fbce774feae2142d25f7e828b56bcb)

diff --git a/source3/locking/share_mode_lock.c b/source3/locking/share_mode_lock.c
index cee00458079b86bc76a37aa011955b4276521547..ec17bca98a66e2b9ccc90abdd9b43831d0d7cf54 100644 (file)
--- a/source3/locking/share_mode_lock.c
+++ b/source3/locking/share_mode_lock.c
@@ -673,7 +673,7 @@ static void fetch_share_mode_done(struct tevent_req *subreq);
 struct fetch_share_mode_state {
        struct file_id id;
        TDB_DATA key;
-       struct share_mode_lock *lck;
+       struct fetch_share_mode_unlocked_state parser_state;
        enum dbwrap_req_state req_state;
 };
 
@@ -721,17 +721,14 @@ struct tevent_req *fetch_share_mode_send(TALLOC_CTX *mem_ctx,
 
        state->id = id;
        state->key = locking_key(&state->id);
-       state->lck = talloc_zero(state, struct share_mode_lock);
-       if (tevent_req_nomem(state->lck, req)) {
-               return tevent_req_post(req, ev);
-       }
+       state->parser_state.mem_ctx = state;
 
        subreq = dbwrap_parse_record_send(state,
                                          ev,
                                          lock_db,
                                          state->key,
                                          fetch_share_mode_unlocked_parser,
-                                         state->lck,
+                                         &state->parser_state,
                                          &state->req_state);
        if (tevent_req_nomem(subreq, req)) {
                return tevent_req_post(req, ev);
@@ -775,12 +772,12 @@ NTSTATUS fetch_share_mode_recv(struct tevent_req *req,
                return status;
        }
 
-       if (state->lck->data == NULL) {
+       if (state->parser_state.lck->data == NULL) {
                tevent_req_received(req);
                return NT_STATUS_NOT_FOUND;
        }
 
-       lck = talloc_move(mem_ctx, &state->lck);
+       lck = talloc_move(mem_ctx, &state->parser_state.lck);
 
        if (DEBUGLEVEL >= 10) {
                DBG_DEBUG("share_mode_data:\n");