From 13d98c8fa6d1971adc687f2de01586a3c4739f55 Mon Sep 17 00:00:00 2001
From: Andreas Schneider <asn@samba.org>
Date: Tue, 23 Jan 2024 11:07:19 +0100
Subject: [PATCH] s3:passdb: Fix memory leak caused by recursion of
 get_global_sam_sid()

Direct leak of 68 byte(s) in 1 object(s) allocated from:
    #0 0x7f4f39cdc03f in malloc (/lib64/libasan.so.8+0xdc03f) (BuildId: 3e1694ad218c99a8b1b69231666a27df63cf19d0)
    #1 0x7f4f36fbe427 in malloc_ ../../source3/lib/util_malloc.c:38
    #2 0x7f4f394b5e19 in pdb_generate_sam_sid ../../source3/passdb/machine_sid.c:90
    #3 0x7f4f394b5e19 in get_global_sam_sid ../../source3/passdb/machine_sid.c:211
    #4 0x7f4f394af366 in secrets_store_domain_sid ../../source3/passdb/machine_account_secrets.c:143
    #5 0x7f4f394b5eb5 in pdb_generate_sam_sid ../../source3/passdb/machine_sid.c:110
    #6 0x7f4f394b5eb5 in get_global_sam_sid ../../source3/passdb/machine_sid.c:211
    #7 0x7f4f394af366 in secrets_store_domain_sid ../../source3/passdb/machine_account_secrets.c:143
    #8 0x557a1f11d62c in net_setlocalsid ../../source3/utils/net.c:416
    #9 0x557a1f1c9972 in net_run_function ../../source3/utils/net_util.c:464
    #10 0x557a1f121129 in main ../../source3/utils/net.c:1372
    #11 0x7f4f34c281af in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>

Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Tue Jan 23 14:30:58 UTC 2024 on atb-devel-224
---
 source3/passdb/machine_account_secrets.c | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

diff --git a/source3/passdb/machine_account_secrets.c b/source3/passdb/machine_account_secrets.c
index a80b1633892..c97b35e7e52 100644
--- a/source3/passdb/machine_account_secrets.c
+++ b/source3/passdb/machine_account_secrets.c
@@ -138,11 +138,13 @@ bool secrets_store_domain_sid(const char *domain, const struct dom_sid  *sid)
 			    &clean_sid,
 			    sizeof(struct dom_sid));
 
-	/* Force a re-query, in the case where we modified our domain */
+	/* Force a re-query */
 	if (ret) {
-		if (dom_sid_equal(get_global_sam_sid(), sid) == false) {
-			reset_global_sam_sid();
-		}
+		/*
+		 * Do not call get_global_domain_sid() here, or we will call it
+		 * recursively.
+		 */
+		reset_global_sam_sid();
 	}
 	return ret;
 }
-- 
2.11.4.GIT