From f9022a1a30dbe57c6b6226c1f3d749b0ba87ce66 Mon Sep 17 00:00:00 2001
From: Andrew Tridgell <tridge@samba.org>
Date: Wed, 30 Jun 2010 13:49:05 +1000
Subject: s4-dsdb: fixed use after free of sasl mechanisms opaque

the supportedSASLMechanisms opaque must live for at least as long as
the ldb, or we can crash when the first connection is torn down

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
---
 source4/ldap_server/ldap_backend.c | 6 ++++++
 1 file changed, 6 insertions(+)

(limited to 'source4/ldap_server/ldap_backend.c')

diff --git a/source4/ldap_server/ldap_backend.c b/source4/ldap_server/ldap_backend.c
index 086069fe19..23210fa176 100644
--- a/source4/ldap_server/ldap_backend.c
+++ b/source4/ldap_server/ldap_backend.c
@@ -219,6 +219,12 @@ NTSTATUS ldapsrv_backend_Init(struct ldapsrv_connection *conn)
 			}
 		}
 		talloc_unlink(conn, ops);
+
+		/* ldb can have a different lifetime to conn, so we
+		   need to ensure that sasl_mechs lives as long as the
+		   ldb does */
+		talloc_steal(conn->ldb, sasl_mechs);
+
 		ldb_set_opaque(conn->ldb, "supportedSASLMechanisms", sasl_mechs);
 	}
 
-- 
cgit