From 4b69727d69d28bd04d2f3444425d45155805c57f Mon Sep 17 00:00:00 2001
From: Andreas Schneider <asn@samba.org>
Date: Wed, 25 Oct 2017 19:30:28 +0200
Subject: [PATCH 1/3] s3:secrets: Do not leak memory of pw and old_pw

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13101

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit d6a418c13f0a41851ecc0579765502e076a5cd3b)
---
 source3/passdb/machine_account_secrets.c | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/source3/passdb/machine_account_secrets.c b/source3/passdb/machine_account_secrets.c
index 5a0f7a8405c..fbc87c5619c 100644
--- a/source3/passdb/machine_account_secrets.c
+++ b/source3/passdb/machine_account_secrets.c
@@ -1367,6 +1367,8 @@ NTSTATUS secrets_fetch_or_upgrade_domain_info(const char *domain,
 		DBG_ERR("secrets_fetch_domain_sid(%s) failed\n",
 			domain);
 		dbwrap_transaction_cancel(db);
+		SAFE_FREE(old_pw);
+		SAFE_FREE(pw);
 		TALLOC_FREE(frame);
 		return NT_STATUS_CANT_ACCESS_DOMAIN_INFO;
 	}
@@ -1381,6 +1383,8 @@ NTSTATUS secrets_fetch_or_upgrade_domain_info(const char *domain,
 	if (info->account_name == NULL) {
 		DBG_ERR("talloc_asprintf(%s$) failed\n", info->computer_name);
 		dbwrap_transaction_cancel(db);
+		SAFE_FREE(old_pw);
+		SAFE_FREE(pw);
 		TALLOC_FREE(frame);
 		return NT_STATUS_NO_MEMORY;
 	}
@@ -1418,6 +1422,8 @@ NTSTATUS secrets_fetch_or_upgrade_domain_info(const char *domain,
 			DBG_ERR("talloc_asprintf(%s#%02X) failed\n",
 				domain, NBT_NAME_PDC);
 			dbwrap_transaction_cancel(db);
+			SAFE_FREE(pw);
+			SAFE_FREE(old_pw);
 			TALLOC_FREE(frame);
 			return NT_STATUS_NO_MEMORY;
 		}
@@ -1438,6 +1444,8 @@ NTSTATUS secrets_fetch_or_upgrade_domain_info(const char *domain,
 		p = kerberos_secrets_fetch_salt_princ();
 		if (p == NULL) {
 			dbwrap_transaction_cancel(db);
+			SAFE_FREE(old_pw);
+			SAFE_FREE(pw);
 			TALLOC_FREE(frame);
 			return NT_STATUS_INTERNAL_ERROR;
 		}
@@ -1445,6 +1453,8 @@ NTSTATUS secrets_fetch_or_upgrade_domain_info(const char *domain,
 		SAFE_FREE(p);
 		if (info->salt_principal == NULL) {
 			dbwrap_transaction_cancel(db);
+			SAFE_FREE(pw);
+			SAFE_FREE(old_pw);
 			TALLOC_FREE(frame);
 			return NT_STATUS_NO_MEMORY;
 		}
@@ -1459,6 +1469,7 @@ NTSTATUS secrets_fetch_or_upgrade_domain_info(const char *domain,
 						     info->salt_principal,
 						     last_set_nt, server,
 						     &info->password);
+	SAFE_FREE(pw);
 	if (!NT_STATUS_IS_OK(status)) {
 		DBG_ERR("secrets_domain_info_password_create(pw) failed "
 			"for %s - %s\n", domain, nt_errstr(status));
@@ -1476,6 +1487,7 @@ NTSTATUS secrets_fetch_or_upgrade_domain_info(const char *domain,
 							     info->salt_principal,
 							     0, server,
 							     &info->old_password);
+		SAFE_FREE(old_pw);
 		if (!NT_STATUS_IS_OK(status)) {
 			DBG_ERR("secrets_domain_info_password_create(old) failed "
 				"for %s - %s\n", domain, nt_errstr(status));
-- 
2.14.3


From 0e8a3726202d7671e02683829002b8129906668d Mon Sep 17 00:00:00 2001
From: Andreas Schneider <asn@samba.org>
Date: Wed, 25 Oct 2017 19:50:57 +0200
Subject: [PATCH 2/3] s3:passdb: Make sure the salt is fully initialized before
 passing

Otherwise the magic member is not initialized.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13101

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit 5274beba4cf722a34403dc07bf287815a6df6281)
---
 source3/passdb/machine_account_secrets.c | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/source3/passdb/machine_account_secrets.c b/source3/passdb/machine_account_secrets.c
index fbc87c5619c..75f31cb04e2 100644
--- a/source3/passdb/machine_account_secrets.c
+++ b/source3/passdb/machine_account_secrets.c
@@ -1090,8 +1090,10 @@ static int secrets_domain_info_kerberos_keys(struct secrets_domain_info1_passwor
 		return krb5_ret;
 	}
 
-	salt.data = discard_const(salt_data);
-	salt.length = strlen(salt_data);
+	salt = (krb5_data) {
+		.data = discard_const(salt_data),
+		.length = strlen(salt_data),
+	};
 
 	ok = convert_string_talloc(keys, CH_UTF16MUNGED, CH_UTF8,
 				   p->cleartext_blob.data,
-- 
2.14.3


From 3e58e8e9162726445d953b140a127edc4de865c3 Mon Sep 17 00:00:00 2001
From: Andreas Schneider <asn@samba.org>
Date: Wed, 25 Oct 2017 19:25:20 +0200
Subject: [PATCH 3/3] s4:pyparam: Fix resource leaks on error

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13101

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit e56626e864492831a3dbbca2d4fb8f3281547a90)
---
 source4/param/pyparam.c | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/source4/param/pyparam.c b/source4/param/pyparam.c
index 60c46452447..8395a913e47 100644
--- a/source4/param/pyparam.c
+++ b/source4/param/pyparam.c
@@ -315,6 +315,9 @@ static PyObject *py_lp_dump_a_parameter(PyObject *self, PyObject *args)
 
 	if (!ret) {
 		PyErr_Format(PyExc_RuntimeError, "Parameter %s unknown for section %s", param_name, section_name);
+		if (f != stdout) {
+			fclose(f);
+		}
 		return NULL;
 	}
 
@@ -454,6 +457,9 @@ static PyObject *py_lp_service_dump(PyObject *self, PyObject *args)
 
 	if (!PyObject_TypeCheck(py_default_service, &PyLoadparmService)) {
 		PyErr_SetNone(PyExc_TypeError);
+		if (f != stdout) {
+			fclose(f);
+		}
 		return NULL;
 	}
 
-- 
2.14.3