From e5ab64a79902e710636352b01ccd0012d5df1c31 Mon Sep 17 00:00:00 2001 From: Simo Sorce Date: Fri, 19 Feb 2010 09:34:48 -0500 Subject: s3:schannel fix memory hierarchy passing mem_ctx was causing creds->sid to be allocated on mem_ctx and not be child of creds as expected. When later in schannel_check_creds_state() we stole the creds on a different memory context the sid was left behind and the memory it points to freed when the temporary context was freed. --- libcli/auth/schannel_state_tdb.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'libcli/auth/schannel_state_tdb.c') diff --git a/libcli/auth/schannel_state_tdb.c b/libcli/auth/schannel_state_tdb.c index 3da7618e2c..49c89085be 100644 --- a/libcli/auth/schannel_state_tdb.c +++ b/libcli/auth/schannel_state_tdb.c @@ -117,7 +117,7 @@ NTSTATUS schannel_fetch_session_key_tdb(struct tdb_context *tdb, blob = data_blob_const(value.dptr, value.dsize); - ndr_err = ndr_pull_struct_blob(&blob, mem_ctx, NULL, creds, + ndr_err = ndr_pull_struct_blob(&blob, creds, NULL, creds, (ndr_pull_flags_fn_t)ndr_pull_netlogon_creds_CredentialState); if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { status = ndr_map_error2ntstatus(ndr_err); -- cgit