[PATCH] NTLM_AUTH leaks memory when used with old version of curl

Volker Lendecke Volker.Lendecke at SerNet.DE
Fri Nov 20 04:35:28 MST 2009

On Fri, Nov 20, 2009 at 08:24:49AM +0100, Kai Blin wrote:
> That code seems to exist in master as well. However, I think not duplicating 
> the data blob is the wrong fix. The correct fix seems to be to use 
> data_blob_talloc() in winbind_pw_check() to hang the memory off the 
> ntlmssp_state instead of the NULL context. That way it's freed on calling 
> ntlmssp_end() once the reference count drops to 0.
> Volker, what do you think of attached patch (and above reasoning for that 
> matter)?

Haven't looked at that piece in the ntlm_auth code, but what
you are saying sounds right. Your patch also looks good, and
if you have run it at least once with it, just push it.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: Digital signature
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20091120/7a976de2/attachment.pgp>

More information about the samba-technical mailing list