wbclient: ensure response struct is initialized

Prior to asking for a winbindd private pipe we need to initialize
response structure to deal with a possible response failure.

winbind_open_pipe_sock() issues two winbindd requests:
 - asks for interface version
 - asks for a private pipe

The first call returns interface version in a response structure (which
is a union). The second call might fail -- in this case response
structure will not be initialized or filled in with any information.

As result, if the second call failed, response structure will have data
from an interface string interpreted as a pointer to a string during
SAFE_FREE() at the end of the winbind_open_pipe_sock().

To avoid that, ensure response struct is initialized before asking for
a private pipe.

https://bugzilla.samba.org/show_bug.cgi?id=10596

Signed-off-by: Alexander Bokovoy <ab@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu May  8 04:24:53 CEST 2014 on sn-devel-104

1 files changed, 7 insertions, 0 deletions

diff --git a/nsswitch/wb_common.c b/nsswitch/wb_common.c
index f4a31a95fe..b34ab33048 100644
--- a/nsswitch/wb_common.c
+++ b/nsswitch/wb_common.c
@@ -374,6 +374,13 @@ static int winbind_open_pipe_sock(int recursing, int need_priv)
 	/* try and get priv pipe */
 
 	request.wb_flags = WBFLAG_RECURSE;
+
+	/* Note that response needs to be initialized to avoid
+	 * crashing on clean up after WINBINDD_PRIV_PIPE_DIR call failed
+	 * as interface version (from the first request) returned as a fstring,
+	 * thus response.extra_data.data will not be NULL even though
+	 * winbindd response did not write over it due to a failure */
+	ZERO_STRUCT(response);
 	if (winbindd_request_response(WINBINDD_PRIV_PIPE_DIR, &request, &response) == NSS_STATUS_SUCCESS) {
 		int fd;
 		if ((fd = winbind_named_pipe_sock((char *)response.extra_data.data)) != -1) {