FW: [PATCH] Stop use after free (try 2)
Andreas Schneider
asn at samba.org
Fri Sep 27 04:36:52 MDT 2013
On Friday 27 September 2013 03:12:56 Jeremy Allison wrote:
> On Fri, Sep 27, 2013 at 07:49:55PM +1000, Alistair Leslie-Hughes wrote:
> > On 27/09/2013 6:55 PM, Jeremy Allison wrote:
> > >> reply_code = "AF";
> > >>
> > >>- reply_arg = session_info->unix_info->unix_name;
> > >>+ reply_arg = talloc_strdup(state->gensec_state,
> > >>session_info->unix_info->unix_name);> >>
> > >> talloc_free(session_info);
> > >>
> > >> }
> > >>
> > >> } else if (state->gensec_state->gensec_role == GENSEC_CLIENT) {
> > >>
> > >>--
> >
> > Attached.
> >
> > Best Regards
> >
> > Alistair Leslie-Hughes
> >
> > >From 2d79ecfba81c879a67110667808ab21e3952fc8a Mon Sep 17 00:00:00 2001
> >
> > From: Alistair Leslie-Hughes <leslie_alistair at hotmail.com>
> > Date: Fri, 27 Sep 2013 08:31:00 +1000
> > Subject: [PATCH] Stop use after free
> >
> > Fixes bug #10087
> >
> > Thanks to Man Min Yan for their analysis and providing a solution to the
> > issue. ---
> >
> > source3/utils/ntlm_auth.c | 6 +++++-
> > 1 file changed, 5 insertions(+), 1 deletion(-)
> >
> > diff --git a/source3/utils/ntlm_auth.c b/source3/utils/ntlm_auth.c
> > index 8d55629..1df615c 100644
> > --- a/source3/utils/ntlm_auth.c
> > +++ b/source3/utils/ntlm_auth.c
> > @@ -1678,7 +1678,11 @@ static void manage_gensec_request(enum
> > stdio_helper_mode stdio_helper_mode,>
> > } else {
> >
> > reply_code = "AF";
> >
> > - reply_arg = session_info->unix_info->unix_name;
> > + reply_arg = talloc_strdup(state->gensec_state,
> > session_info->unix_info->unix_name); + if (reply_arg == NULL) {
> > + reply_code = "BH out of memory";
> > + reply_arg = nt_errstr(NT_STATUS_NO_MEMORY);
> > + }
> >
> > talloc_free(session_info);
> >
> > }
> >
> > } else if (state->gensec_state->gensec_role == GENSEC_CLIENT) {
>
> +1 Reviewed-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
--
Andreas Schneider GPG-ID: F33E3FC6
Samba Team asn at samba.org
www.samba.org
More information about the samba-technical
mailing list