[PATCH 4/8] s3:schannel fix memory hierarchy

Simo Sorce idra at samba.org
Fri Feb 19 07:34:48 MST 2010

passing mem_ctx was causing creds->sid to be allocated on mem_ctx and not be
child of creds as expected. When later in schannel_check_creds_state() we
stole the creds on a different memory context the sid was left behind and the
memory it points to freed when the temporary context was freed.
 libcli/auth/schannel_state_tdb.c |    2 +-
 1 files changed, 1 insertions(+), 1 deletions(-)

diff --git a/libcli/auth/schannel_state_tdb.c b/libcli/auth/schannel_state_tdb.c
index 3da7618..49c8908 100644
--- a/libcli/auth/schannel_state_tdb.c
+++ b/libcli/auth/schannel_state_tdb.c
@@ -117,7 +117,7 @@ NTSTATUS schannel_fetch_session_key_tdb(struct tdb_context *tdb,
 	blob = data_blob_const(value.dptr, value.dsize);
-	ndr_err = ndr_pull_struct_blob(&blob, mem_ctx, NULL, creds,
+	ndr_err = ndr_pull_struct_blob(&blob, creds, NULL, creds,
 	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
 		status = ndr_map_error2ntstatus(ndr_err);

Content-Disposition: attachment; filename="0005-s3-schannel-streamline-interface.patch"
Content-Type: text/x-patch; name="0005-s3-schannel-streamline-interface.patch"; charset="UTF-8"
Content-Transfer-Encoding: 7bit

More information about the samba-technical mailing list