FW: [PATCH] Stop use after free (try 2)

Andreas Schneider asn at samba.org
Fri Sep 27 04:36:52 MDT 2013 

On Friday 27 September 2013 03:12:56 Jeremy Allison wrote:
> On Fri, Sep 27, 2013 at 07:49:55PM +1000, Alistair Leslie-Hughes wrote:
> > On 27/09/2013 6:55 PM, Jeremy Allison wrote:
> > >>  			reply_code = "AF";
> > >>
> > >>-			reply_arg = session_info->unix_info->unix_name;
> > >>+			reply_arg = talloc_strdup(state->gensec_state,
> > >>session_info->unix_info->unix_name);> >>
> > >>  			talloc_free(session_info);
> > >>  		
> > >>  		}
> > >>  	
> > >>  	} else if (state->gensec_state->gensec_role == GENSEC_CLIENT) {
> > >>
> > >>--
> > 
> > Attached.
> > 
> > Best Regards
> > 
> >  Alistair Leslie-Hughes
> >  
> > >From 2d79ecfba81c879a67110667808ab21e3952fc8a Mon Sep 17 00:00:00 2001
> > 
> > From: Alistair Leslie-Hughes <leslie_alistair at hotmail.com>
> > Date: Fri, 27 Sep 2013 08:31:00 +1000
> > Subject: [PATCH] Stop use after free
> > 
> > Fixes bug #10087
> > 
> > Thanks to Man Min Yan for their analysis and providing a solution to the
> > issue. ---
> > 
> >  source3/utils/ntlm_auth.c | 6 +++++-
> >  1 file changed, 5 insertions(+), 1 deletion(-)
> > 
> > diff --git a/source3/utils/ntlm_auth.c b/source3/utils/ntlm_auth.c
> > index 8d55629..1df615c 100644
> > --- a/source3/utils/ntlm_auth.c
> > +++ b/source3/utils/ntlm_auth.c
> > @@ -1678,7 +1678,11 @@ static void manage_gensec_request(enum
> > stdio_helper_mode stdio_helper_mode,> 
> >  		} else {
> >  		
> >  			reply_code = "AF";
> > 
> > -			reply_arg = session_info->unix_info->unix_name;
> > +			reply_arg = talloc_strdup(state->gensec_state,
> > session_info->unix_info->unix_name); +			if (reply_arg == NULL) {
> > +				reply_code = "BH out of memory";
> > +				reply_arg = nt_errstr(NT_STATUS_NO_MEMORY);
> > +			}
> > 
> >  			talloc_free(session_info);
> >  		
> >  		}
> >  	
> >  	} else if (state->gensec_state->gensec_role == GENSEC_CLIENT) {
> 
> +1 Reviewed-by: Jeremy Allison <jra at samba.org>

Reviewed-by: Andreas Schneider <asn at samba.org>


-- 
Andreas Schneider                   GPG-ID: F33E3FC6
Samba Team                             asn at samba.org
www.samba.org

More information about the samba-technical mailing list