From 8f1cec5faf4e26de8b9797777059e99f2a66558b Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Tue, 1 Jun 2010 19:19:01 +1000 Subject: s3:smbd Fix segfault if register_existing_vuid() fails The register_existing_vuid() call will handle both the ntlmssp_end and vuid invalidation internally, so we don't want to do it again. Andrew Bartlett --- source3/smbd/sesssetup.c | 16 ++++++++++++---- 1 file changed, 12 insertions(+), 4 deletions(-) (limited to 'source3') diff --git a/source3/smbd/sesssetup.c b/source3/smbd/sesssetup.c index dba6dabd26..486b4d137f 100644 --- a/source3/smbd/sesssetup.c +++ b/source3/smbd/sesssetup.c @@ -629,6 +629,7 @@ static void reply_spnego_ntlmssp(struct smb_request *req, const char *OID, bool wrap) { + bool do_invalidate = true; DATA_BLOB response; struct auth_serversupplied_info *server_info = NULL; struct smbd_server_connection *sconn = smbd_server_conn; @@ -663,6 +664,11 @@ static void reply_spnego_ntlmssp(struct smb_request *req, server_info, nullblob, auth_ntlmssp_get_username(*auth_ntlmssp_state)) != vuid) { + /* The problem is, *auth_ntlmssp_state points + * into the vuser this will have + * talloc_free()'ed in + * register_existing_vuid() */ + do_invalidate = false; nt_status = NT_STATUS_LOGON_FAILURE; goto out; } @@ -696,10 +702,12 @@ static void reply_spnego_ntlmssp(struct smb_request *req, if (!NT_STATUS_EQUAL(nt_status, NT_STATUS_MORE_PROCESSING_REQUIRED)) { /* NB. This is *NOT* an error case. JRA */ - auth_ntlmssp_end(auth_ntlmssp_state); - if (!NT_STATUS_IS_OK(nt_status)) { - /* Kill the intermediate vuid */ - invalidate_vuid(sconn, vuid); + if (do_invalidate) { + auth_ntlmssp_end(auth_ntlmssp_state); + if (!NT_STATUS_IS_OK(nt_status)) { + /* Kill the intermediate vuid */ + invalidate_vuid(sconn, vuid); + } } } } -- cgit