[PATCH] build and use-after free fixes found during Solaris work
Jeremy Allison
jra at samba.org
Wed Mar 27 10:47:22 MDT 2013
On Wed, Mar 27, 2013 at 11:26:36AM +0100, Volker Lendecke wrote:
> On Wed, Mar 27, 2013 at 12:34:19PM +1100, Andrew Bartlett wrote:
> > On Solaris-derived systems (OpenIndiana in this case) I found we needed
> > to avoid the libidmap.so name, and I found a use-after-free in the auth
> > code at debug level 5.
> >
> > See Attached, please review and or push.
>
> > diff --git a/auth/ntlmssp/ntlmssp_server.c b/auth/ntlmssp/ntlmssp_server.c
> > index d9bea1c..70ce638 100644
> > --- a/auth/ntlmssp/ntlmssp_server.c
> > +++ b/auth/ntlmssp/ntlmssp_server.c
> > @@ -449,11 +449,11 @@ static NTSTATUS ntlmssp_server_check_password(struct gensec_security *gensec_sec
> > &gensec_ntlmssp->server_returned_info,
> > user_session_key, lm_session_key);
> > }
> > - talloc_free(user_info);
> >
> > if (!NT_STATUS_IS_OK(nt_status)) {
> > DEBUG(5, (__location__ ": Checking NTLMSSP password for %s\\%s failed: %s\n", user_info->client.domain_name, user_info->client.account_name, nt_errstr(nt_status)));
> > }
> > + talloc_free(user_info);
>
> Can we make that a TALLOC_FREE? This nulls out the
> user_info, which would have detected the use-after-free with
> a nice segfault :-)
Pushed to autobuild with talloc_free -> TALLOC_FREE change.
Cheers,
Jeremy.
More information about the samba-technical
mailing list