From 6832d5e9334f93d2b41fa50580379a2381311748 Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet@samba.org>
Date: Thu, 16 Sep 2010 14:37:20 +1000
Subject: libcli/auth/ntlmssp Be clear about talloc parents for session keys

The previous API was not clear as to who owned the returned session key.
This fixes a valgrind-found use-after-free in the NTLMSSP key derivation code,
and avoids making allocations - we steal and zero instead.

Andrew Bartlett

Signed-off-by: Andrew Tridgell <tridge@samba.org>
---
 source3/smbd/sesssetup.c | 1 +
 1 file changed, 1 insertion(+)

(limited to 'source3/smbd')

diff --git a/source3/smbd/sesssetup.c b/source3/smbd/sesssetup.c
index 58b446da17..0b999b348a 100644
--- a/source3/smbd/sesssetup.c
+++ b/source3/smbd/sesssetup.c
@@ -405,6 +405,7 @@ static void reply_spnego_kerberos(struct smb_request *req,
 	}
 
 	data_blob_free(&server_info->user_session_key);
+	/* Set the kerberos-derived session key onto the server_info */
 	server_info->user_session_key = session_key;
 	talloc_steal(server_info, session_key.data);
 
-- 
cgit