More insure detected pdb_getsampwnam() missing pdb_sam_free() memory leaks.

Jeremy.

5 files changed, 25 insertions, 7 deletions

diff --git a/source/rpc_server/srv_netlog_nt.c b/source/rpc_server/srv_netlog_nt.c
index 3d338d7e343..ed60dd0a67a 100644
--- a/source/rpc_server/srv_netlog_nt.c
+++ b/source/rpc_server/srv_netlog_nt.c
@@ -652,19 +652,25 @@ NTSTATUS _net_sam_logon(pipes_struct *p, NET_Q_SAM_LOGON *q_u, NET_R_SAM_LOGON *
 		}
 	}
 
-	if (!NT_STATUS_IS_OK(status))
+	if (!NT_STATUS_IS_OK(status)) {
+		pdb_free_sam(sampass);
 		return status;
+	}
 
 #ifdef WITH_PAM
 	become_root();
 	status = smb_pam_accountcheck(pdb_get_username(sampass));
 	unbecome_root();
-	if (!NT_STATUS_IS_OK(status))
+	if (!NT_STATUS_IS_OK(status)) {
+		pdb_free_sam(sampass);
 		return status;
+	}
 #endif
 
-	if (acct_ctrl & ACB_DISABLED)
+	if (acct_ctrl & ACB_DISABLED) {
+		pdb_free_sam(sampass);
 		return NT_STATUS_ACCOUNT_DISABLED;
+	}
     
 	/* lkclXXXX this is the point at which, if the login was
 		successful, that the SAM Local Security Authority should
@@ -713,7 +719,8 @@ NTSTATUS _net_sam_logon(pipes_struct *p, NET_Q_SAM_LOGON *q_u, NET_R_SAM_LOGON *
                             &global_sam_sid,     /* DOM_SID *dom_sid */
                             NULL); /* char *other_sids */
         
-    }
+	}
 
-    return status;
+	pdb_free_sam(sampass);
+	return status;
 }
diff --git a/source/rpc_server/srv_pipe.c b/source/rpc_server/srv_pipe.c
index 310ea34d064..bece0ebee07 100644
--- a/source/rpc_server/srv_pipe.c
+++ b/source/rpc_server/srv_pipe.c
@@ -457,6 +457,7 @@ failed authentication on named pipe %s.\n", domain, pipe_user_name, wks, p->name
 						guest_user, NULL);
 
 	p->ntlmssp_auth_validated = True;
+	pdb_free_sam(sampass);
 	return True;
 }
 
diff --git a/source/smbd/chgpasswd.c b/source/smbd/chgpasswd.c
index c790dfcf172..bc91d776936 100644
--- a/source/smbd/chgpasswd.c
+++ b/source/smbd/chgpasswd.c
@@ -759,6 +759,7 @@ BOOL check_oem_password(char *user,
 
 	if (ret == False) {
 		DEBUG(0, ("check_oem_password: getsmbpwnam returned NULL\n"));
+		pdb_free_sam(sampass);
 		return False;
 	}
 
diff --git a/source/smbd/lanman.c b/source/smbd/lanman.c
index 0c97c8a23cf..149d8e8d9f5 100644
--- a/source/smbd/lanman.c
+++ b/source/smbd/lanman.c
@@ -1793,6 +1793,8 @@ static BOOL api_SetUserPassword(connection_struct *conn,uint16 vuid, char *param
       if(lp_unix_password_sync() && !chgpasswd(user,pass1,saved_pass2,False))
         SSVAL(*rparam,0,NERR_badpass);
     }
+
+    pdb_free_sam(sampass);
   }
 
   /*
@@ -1828,6 +1830,7 @@ static BOOL api_SetUserPassword(connection_struct *conn,uint16 vuid, char *param
     {
       SSVAL(*rparam,0,NERR_Success);
     }
+    pdb_free_sam(sampass);
   }
 
   memset((char *)pass1,'\0',sizeof(fstring));
diff --git a/source/smbd/password.c b/source/smbd/password.c
index 22fc02e4e3b..eb8dd9c97d8 100644
--- a/source/smbd/password.c
+++ b/source/smbd/password.c
@@ -559,6 +559,7 @@ BOOL pass_check_smb(char *user, char *domain, uchar *chal,
 	/* Quit if the account was disabled. */
 	if(pdb_get_acct_ctrl(sampass) & ACB_DISABLED) {
 		DEBUG(1,("Account for user '%s' was disabled.\n", user));
+		pdb_free_sam(sampass);
 		return(False);
 	}
 
@@ -566,18 +567,23 @@ BOOL pass_check_smb(char *user, char *domain, uchar *chal,
 	if (pdb_get_acct_ctrl(sampass) & ACB_PWNOTREQ) {
 		if (lp_null_passwords()) {
 			DEBUG(3,("Account for user '%s' has no password and null passwords are allowed.\n", user));
+			pdb_free_sam(sampass);
 			return(True);
 		} else {
 			DEBUG(3,("Account for user '%s' has no password and null passwords are NOT allowed.\n", user));
+			pdb_free_sam(sampass);
 			return(False);
 		}		
 	}
 
-	if (smb_password_ok(sampass, chal, lm_pwd, nt_pwd))
+	if (smb_password_ok(sampass, chal, lm_pwd, nt_pwd)) {
+		pdb_free_sam(sampass);
 		return(True);
-	
+	}
+
 	DEBUG(2,("pass_check_smb failed - invalid password for user [%s]\n", user));
 
+	pdb_free_sam(sampass);
 	return False;
 }