From 1cb30972d1c8edfe0ee9844547abfc9267be07b0 Mon Sep 17 00:00:00 2001
From: Namjae Jeon <linkinjeon@kernel.org>
Date: Wed, 18 Oct 2023 23:04:42 +0900
Subject: [PATCH] ksmbd-tools: fix memleak in rpc samr
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Atte reported memleak that found using valgrind.

==103365== 1,800 bytes in 100 blocks are definitely lost in loss record 29 of 32
==103365==    at 0x4841848: malloc (vg_replace_malloc.c:431)
==103365==    by 0x48E9502: g_malloc (gmem.c:130)
==103365==    by 0x48BE53C: g_convert_with_iconv (gconvert.c:421)
==103365==    by 0x48BE831: g_convert (gconvert.c:587)
==103365==    by 0x112313: ksmbd_gconvert (tools.c:191)
==103365==    by 0x11921D: ndr_read_vstring (rpc.c:547)
==103365==    by 0x1192F4: ndr_read_uniq_vstring_ptr (rpc.c:579)
==103365==    by 0x11C4C0: samr_lookup_domain_invoke (rpc_samr.c:229)
==103365==    by 0x11C4C0: samr_invoke (rpc_samr.c:888)
==103365==    by 0x11C4C0: rpc_samr_write_request (rpc_samr.c:1005)
==103365==    by 0x11A471: rpc_ioctl_request (rpc.c:1240)
==103365==    by 0x1179A5: rpc_request (worker.c:248)
==103365==    by 0x1179A5: worker_pool_fn (worker.c:295)
==103365==    by 0x4916CB2: g_thread_pool_thread_proxy.lto_priv.0 (gthreadpool.c:350)
==103365==    by 0x4913CD4: g_thread_proxy (gthread.c:831)
==103365==
==103365== 8,400 bytes in 300 blocks are definitely lost in loss record 30 of 32
==103365==    at 0x4841848: malloc (vg_replace_malloc.c:431)
==103365==    by 0x48E9502: g_malloc (gmem.c:130)
==103365==    by 0x48BE53C: g_convert_with_iconv (gconvert.c:421)
==103365==    by 0x48BE831: g_convert (gconvert.c:587)
==103365==    by 0x112313: ksmbd_gconvert (tools.c:191)
==103365==    by 0x11921D: ndr_read_vstring (rpc.c:547)
==103365==    by 0x1192F4: ndr_read_uniq_vstring_ptr (rpc.c:579)
==103365==    by 0x11C522: samr_connect5_invoke (rpc_samr.c:87)
==103365==    by 0x11C522: samr_invoke (rpc_samr.c:882)
==103365==    by 0x11C522: rpc_samr_write_request (rpc_samr.c:1005)
==103365==    by 0x11A471: rpc_ioctl_request (rpc.c:1240)
==103365==    by 0x1179A5: rpc_request (worker.c:248)
==103365==    by 0x1179A5: worker_pool_fn (worker.c:295)
==103365==    by 0x4916CB2: g_thread_pool_thread_proxy.lto_priv.0 (gthreadpool.c:350)
==103365==    by 0x4913CD4: g_thread_proxy (gthread.c:831)

Reported-by: Atte Heikkilä <atteh.mailbox@gmail.com>
Signed-off-by: Namjae Jeon <linkinjeon@kernel.org>
---
 mountd/rpc_samr.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/mountd/rpc_samr.c b/mountd/rpc_samr.c
index 3b4541d3a960..8d262c0257f7 100644
--- a/mountd/rpc_samr.c
+++ b/mountd/rpc_samr.c
@@ -86,6 +86,8 @@ static int samr_connect5_invoke(struct ksmbd_rpc_pipe *pipe)
 
 	if (ndr_read_uniq_vstring_ptr(dce, &server_name))
 		return KSMBD_RPC_EINVALID_PARAMETER;
+	ndr_free_uniq_vstring_ptr(&server_name);
+
 	// Access mask
 	if (ndr_read_int32(dce, NULL))
 		return KSMBD_RPC_EINVALID_PARAMETER;
@@ -260,6 +262,7 @@ static int samr_lookup_domain_return(struct ksmbd_rpc_pipe *pipe)
 				return KSMBD_RPC_EBAD_DATA;
 		}
 	}
+	ndr_free_uniq_vstring_ptr(&dce->sm_req.name);
 
 	return KSMBD_RPC_OK;
 }
-- 
2.34.1

