From 61578c2308f7e3bbeca6e5effb29cebee5e17e8e Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Wed, 28 Jun 2006 04:43:19 +0000 Subject: r16610: Subtle one from Klocwork #2076. If multiple flags are set in a winbindd request it might overwrite existing state->response.extra_data.data values without freeing. Jeremy. (This used to be commit 4e7262c81ad2945048cb8d0789af032a05008988) --- source3/nsswitch/winbindd_pam.c | 3 +++ 1 file changed, 3 insertions(+) (limited to 'source3/nsswitch') diff --git a/source3/nsswitch/winbindd_pam.c b/source3/nsswitch/winbindd_pam.c index 1eb2659905..34d23ebf8f 100644 --- a/source3/nsswitch/winbindd_pam.c +++ b/source3/nsswitch/winbindd_pam.c @@ -97,6 +97,7 @@ static NTSTATUS append_info3_as_ndr(TALLOC_CTX *mem_ctx, } size = prs_data_size(&ps); + SAFE_FREE(state->response.extra_data.data); state->response.extra_data.data = SMB_MALLOC(size); if (!state->response.extra_data.data) { prs_mem_free(&ps); @@ -1365,6 +1366,7 @@ done: cell += 1; /* Append an AFS token string */ + SAFE_FREE(state->response.extra_data.data); state->response.extra_data.data = afs_createtoken_str(afsname, cell); @@ -1614,6 +1616,7 @@ enum winbindd_result winbindd_dual_pam_auth_crap(struct winbindd_domain *domain, DEBUG(5, ("Setting unix username to [%s]\n", username_out)); + SAFE_FREE(state->response.extra_data.data); state->response.extra_data.data = SMB_STRDUP(username_out); if (!state->response.extra_data.data) { result = NT_STATUS_NO_MEMORY; -- cgit