From 123954d94ee783bd241c89fa53fc902312176875 Mon Sep 17 00:00:00 2001
From: Matthieu Patou <mat@matws.net>
Date: Mon, 24 Dec 2012 10:01:30 -0800
Subject: [PATCH] dsdb-cracknames: Fix potential double free and memory leaks

Reviewed-by: Andrew Bartlett <abartlet@samba.org>
---
 source4/dsdb/samdb/cracknames.c | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/source4/dsdb/samdb/cracknames.c b/source4/dsdb/samdb/cracknames.c
index bcf82c62388..15463a78757 100644
--- a/source4/dsdb/samdb/cracknames.c
+++ b/source4/dsdb/samdb/cracknames.c
@@ -394,10 +394,10 @@ static WERROR get_format_functional_filtering_param(struct ldb_context *sam_ctx,
 
 		account = name;
 		s = strchr(account, '/');
+		talloc_free(domain_res);
 		while(s) {
 			s[0] = '\0';
 			s++;
-			talloc_free(domain_res);
 
 			ldb_ret = ldb_search(sam_ctx, mem_ctx, &domain_res,
 						tmp_dn,
@@ -410,18 +410,20 @@ static WERROR get_format_functional_filtering_param(struct ldb_context *sam_ctx,
 				info1->status = DRSUAPI_DS_NAME_STATUS_RESOLVE_ERROR;
 				return WERR_OK;
 			}
+			talloc_free(tmp_dn);
 			switch (domain_res->count) {
 			case 1:
 				break;
 			case 0:
+				talloc_free(domain_res);
 				info1->status = DRSUAPI_DS_NAME_STATUS_NOT_FOUND;
 				return WERR_OK;
 			default:
+				talloc_free(domain_res);
 				info1->status = DRSUAPI_DS_NAME_STATUS_NOT_UNIQUE;
 				return WERR_OK;
 			}
 
-			talloc_free(tmp_dn);
 			tmp_dn = talloc_steal(mem_ctx, domain_res->msgs[0]->dn);
 			talloc_free(domain_res);
 			search_dn = tmp_dn;
-- 
2.11.4.GIT