FW: [PATCH] Stop use after free (try 2)

[Jeremy Allison]

On Fri, Sep 27, 2013 at 01:21:46PM +1000, Alistair Leslie-Hughes wrote:
> Hi,
> 
> Changed to use talloc_strdup.

Just needs a check for talloc_strdup returning NULL.

Something like:

reply_arg = talloc_strdup(state->gensec_state, session_info->unix_info->unix_name);
if (reply_arg == NULL) {
	reply_code = "BH out of memory";
	reply_arg = nt_errstr(NT_STATUS_NO_MEMORY);
}
talloc_free(session_info);

Can you fix that up and re-submit ? Sorry for being
a pain. If you don't have time just ping me and I'll
fix it up for you.

Cheers,

	Jeremy.

> From c9c72334f0fcfab9b6b84dd290b84b3f2f4551cc Mon Sep 17 00:00:00 2001
> From: Alistair Leslie-Hughes <leslie_alistair at hotmail.com>
> Date: Fri, 27 Sep 2013 08:31:00 +1000
> Subject: [PATCH] Stop use after free
> 
> Fixes bug #10087
> 
> Thanks to Man Min Yan for their analysis and providing a solution to the issue.
> ---
>  source3/utils/ntlm_auth.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/source3/utils/ntlm_auth.c b/source3/utils/ntlm_auth.c
> index 8d55629..494e34e 100644
> --- a/source3/utils/ntlm_auth.c
> +++ b/source3/utils/ntlm_auth.c
> @@ -1678,7 +1678,7 @@ static void manage_gensec_request(enum stdio_helper_mode stdio_helper_mode,
>  		} else {
>  
>  			reply_code = "AF";
> -			reply_arg = session_info->unix_info->unix_name;
> +			reply_arg = talloc_strdup(state->gensec_state, session_info->unix_info->unix_name);
>  			talloc_free(session_info);
>  		}
>  	} else if (state->gensec_state->gensec_role == GENSEC_CLIENT) {
> -- 
> 1.8.1.2
>