From 9da5d4fd69d1e3a0c3129a41d185abcb1744d8be Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet@samba.org>
Date: Tue, 4 Jul 2006 03:32:39 +0000
Subject: r16795: Fix crash found by Dave Fenwick <djf@samba.org>.

The session_info was not being attached to the connection, so
subsequent checks in the kludge_acl module were looking at free()ed
memory.

Andrew Bartlett
(This used to be commit 7e9079ac7af0bcd5d22040c7418cf58f86a72a1d)
---
 source4/ldap_server/ldap_bind.c | 2 ++
 1 file changed, 2 insertions(+)

(limited to 'source4')

diff --git a/source4/ldap_server/ldap_bind.c b/source4/ldap_server/ldap_bind.c
index 5341b9f741..35b6ad5fbf 100644
--- a/source4/ldap_server/ldap_bind.c
+++ b/source4/ldap_server/ldap_bind.c
@@ -60,6 +60,7 @@ static NTSTATUS ldapsrv_BindSimple(struct ldapsrv_call *call)
 
 		talloc_free(call->conn->session_info);
 		call->conn->session_info = session_info;
+		talloc_steal(call->conn, session_info);
 
 		/* don't leak the old LDB */
 		talloc_free(call->conn->ldb);
@@ -187,6 +188,7 @@ static NTSTATUS ldapsrv_BindSASL(struct ldapsrv_call *call)
 			errstr = talloc_asprintf(reply, "SASL:[%s]: Failed to get session info: %s", req->creds.SASL.mechanism, nt_errstr(status));
 		} else {
 			talloc_free(old_session_info);
+			talloc_steal(conn, conn->session_info);
 
 			/* don't leak the old LDB */
 			talloc_free(conn->ldb);
-- 
cgit