diff options
author | Alistair Leslie-Hughes <leslie_alistair@hotmail.com> | 2013-09-27 08:31:00 +1000 |
---|---|---|
committer | Jeremy Allison <jra@samba.org> | 2013-09-27 14:29:43 +0200 |
commit | 6bf9a774718917c3429fa1492f5b0268ae5e01c3 (patch) | |
tree | ca38898b650a6736e2ee62c33c97aee2cd26a0c1 | |
parent | 89200c227f36a063612eb38927ac8dee18e044d5 (diff) | |
download | samba-6bf9a774718917c3429fa1492f5b0268ae5e01c3.tar.gz samba-6bf9a774718917c3429fa1492f5b0268ae5e01c3.tar.bz2 samba-6bf9a774718917c3429fa1492f5b0268ae5e01c3.zip |
Stop use after free
Fixes bug #10087
Thanks to Man Min Yan for their analysis and providing a solution to the issue.
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Fri Sep 27 14:29:46 CEST 2013 on sn-devel-104
-rw-r--r-- | source3/utils/ntlm_auth.c | 6 |
1 files changed, 5 insertions, 1 deletions
diff --git a/source3/utils/ntlm_auth.c b/source3/utils/ntlm_auth.c index 8d556298ca..1df615c1e7 100644 --- a/source3/utils/ntlm_auth.c +++ b/source3/utils/ntlm_auth.c @@ -1678,7 +1678,11 @@ static void manage_gensec_request(enum stdio_helper_mode stdio_helper_mode, } else { reply_code = "AF"; - reply_arg = session_info->unix_info->unix_name; + reply_arg = talloc_strdup(state->gensec_state, session_info->unix_info->unix_name); + if (reply_arg == NULL) { + reply_code = "BH out of memory"; + reply_arg = nt_errstr(NT_STATUS_NO_MEMORY); + } talloc_free(session_info); } } else if (state->gensec_state->gensec_role == GENSEC_CLIENT) { |