From 02ecdd8f292812b886ea3ae3d69d0e221346f9e7 Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet@samba.org>
Date: Mon, 20 Apr 2009 10:54:57 +0200
Subject: libcli/auth: Don't pass back lm_sess_key as the same pointer as
 user_sess_key

This ensures that a talloc_free() of both pointers won't double-free
(sharing pointers like this is evil anyway).

Andrew Bartlett
---
 libcli/auth/ntlm_check.c | 20 +++++++-------------
 1 file changed, 7 insertions(+), 13 deletions(-)

(limited to 'libcli/auth')

diff --git a/libcli/auth/ntlm_check.c b/libcli/auth/ntlm_check.c
index 5ad03cfe12..2cfe8e1ef8 100644
--- a/libcli/auth/ntlm_check.c
+++ b/libcli/auth/ntlm_check.c
@@ -356,9 +356,8 @@ NTSTATUS ntlm_password_check(TALLOC_CTX *mem_ctx,
 					 client_domain,
 					 false,
 					 user_sess_key)) {
-			*lm_sess_key = *user_sess_key;
 			if (user_sess_key->length) {
-				lm_sess_key->length = 8;
+				*lm_sess_key = data_blob_talloc(mem_ctx, user_sess_key->data, MIN(8, user_sess_key->length));
 			}
 			return NT_STATUS_OK;
 		}
@@ -371,9 +370,8 @@ NTSTATUS ntlm_password_check(TALLOC_CTX *mem_ctx,
 					 client_domain,
 					 true,
 					 user_sess_key)) {
-			*lm_sess_key = *user_sess_key;
 			if (user_sess_key->length) {
-				lm_sess_key->length = 8;
+				*lm_sess_key = data_blob_talloc(mem_ctx, user_sess_key->data, MIN(8, user_sess_key->length));
 			}
 			return NT_STATUS_OK;
 		}
@@ -386,9 +384,8 @@ NTSTATUS ntlm_password_check(TALLOC_CTX *mem_ctx,
 					 "",
 					 false,
 					 user_sess_key)) {
-			*lm_sess_key = *user_sess_key;
 			if (user_sess_key->length) {
-				lm_sess_key->length = 8;
+				*lm_sess_key = data_blob_talloc(mem_ctx, user_sess_key->data, MIN(8, user_sess_key->length));
 			}
 			return NT_STATUS_OK;
 		} else {
@@ -408,7 +405,7 @@ NTSTATUS ntlm_password_check(TALLOC_CTX *mem_ctx,
 				   so use it only if we otherwise allow LM authentication */
 				
 				if (lanman_auth && stored_lanman) {
-					*lm_sess_key = data_blob_talloc(mem_ctx, stored_lanman->hash, 8);
+					*lm_sess_key = data_blob_talloc(mem_ctx, stored_lanman->hash, MIN(8, user_sess_key->length));
 				}
 				return NT_STATUS_OK;
 			} else {
@@ -497,9 +494,8 @@ NTSTATUS ntlm_password_check(TALLOC_CTX *mem_ctx,
 			/* Otherwise, use the LMv2 session key */
 			*user_sess_key = tmp_sess_key;
 		}
-		*lm_sess_key = *user_sess_key;
 		if (user_sess_key->length) {
-			lm_sess_key->length = 8;
+			*lm_sess_key = data_blob_talloc(mem_ctx, user_sess_key->data, MIN(8, user_sess_key->length));
 		}
 		return NT_STATUS_OK;
 	}
@@ -528,9 +524,8 @@ NTSTATUS ntlm_password_check(TALLOC_CTX *mem_ctx,
 			/* Otherwise, use the LMv2 session key */
 			*user_sess_key = tmp_sess_key;
 		}
-		*lm_sess_key = *user_sess_key;
 		if (user_sess_key->length) {
-			lm_sess_key->length = 8;
+			*lm_sess_key = data_blob_talloc(mem_ctx, user_sess_key->data, MIN(8, user_sess_key->length));
 		}
 		return NT_STATUS_OK;
 	}
@@ -559,9 +554,8 @@ NTSTATUS ntlm_password_check(TALLOC_CTX *mem_ctx,
 			/* Otherwise, use the LMv2 session key */
 			*user_sess_key = tmp_sess_key;
 		}
-		*lm_sess_key = *user_sess_key;
 		if (user_sess_key->length) {
-			lm_sess_key->length = 8;
+			*lm_sess_key = data_blob_talloc(mem_ctx, user_sess_key->data, MIN(8, user_sess_key->length));
 		}
 		return NT_STATUS_OK;
 	}
-- 
cgit