[s3] CID 1427623 and possible memory leak

Swen Schillig swen at vnet.ibm.com
Tue Jun 5 10:55:22 UTC 2018

On Tue, 2018-06-05 at 10:21 +0200, Volker Lendecke wrote:
> On Tue, Jun 05, 2018 at 09:08:49AM +0200, Swen Schillig via samba-
> technical wrote:
> > winbindd_dual_pam_auth()->winbindd_dual_pam_auth_kerberos()-
> > >winbindd_raw_kerberos_login()
> > ->kerberos_return_pac(.... talloc_move is failing =>
> > pac_data_ctr==NULL but result==NT_STATUS_OK...)
> > or 
> >  pac_data is NULL but still result==NT_STATUS_OK...)
> Can you explain how talloc_move can fail?
The API description says for talloc_move
    The pointer of the talloc chunk it has been moved to, NULL on error. 

So it can.
But even if that is unlikely what about 
	pac_data_ctr->pac_data == NULL

how unlikely is that ?

I think there is a lot of trust required to not want to add a check.

Cheers Swen

More information about the samba-technical mailing list