s3:rpc_server/srv_netlogon: make sure we don't use an unitialized variable

metze

The last 3 patches address bug #8562 (talloc: double free error).

1 files changed, 10 insertions, 2 deletions

diff --git a/source3/rpc_server/srv_netlog_nt.c b/source3/rpc_server/srv_netlog_nt.c
index 1ebe361cb82..972d902781d 100644
--- a/source3/rpc_server/srv_netlog_nt.c
+++ b/source3/rpc_server/srv_netlog_nt.c
@@ -977,7 +977,7 @@ NTSTATUS _netr_ServerPasswordSet2(pipes_struct *p,
 				  struct netr_ServerPasswordSet2 *r)
 {
 	NTSTATUS status;
-	struct netlogon_creds_CredentialState *creds;
+	struct netlogon_creds_CredentialState *creds = NULL;
 	struct samu *sampass;
 	DATA_BLOB plaintext;
 	struct samr_CryptPassword password_buf;
@@ -992,9 +992,15 @@ NTSTATUS _netr_ServerPasswordSet2(pipes_struct *p,
 	unbecome_root();
 
 	if (!NT_STATUS_IS_OK(status)) {
+		const char *computer_name = "<unknown>";
+
+		if (creds && creds->computer_name) {
+			computer_name = creds->computer_name;
+		}
+
 		DEBUG(2,("_netr_ServerPasswordSet2: netlogon_creds_server_step "
 			"failed. Rejecting auth request from client %s machine account %s\n",
-			r->in.computer_name, creds->computer_name));
+			r->in.computer_name, computer_name));
 		TALLOC_FREE(creds);
 		return status;
 	}
@@ -1004,6 +1010,7 @@ NTSTATUS _netr_ServerPasswordSet2(pipes_struct *p,
 	netlogon_creds_arcfour_crypt(creds, password_buf.data, 516);
 
 	if (!extract_pw_from_buffer(p->mem_ctx, password_buf.data, &plaintext)) {
+		TALLOC_FREE(creds);
 		return NT_STATUS_WRONG_PASSWORD;
 	}
 
@@ -1012,6 +1019,7 @@ NTSTATUS _netr_ServerPasswordSet2(pipes_struct *p,
 	status = netr_find_machine_account(p->mem_ctx,
 					   creds->account_name,
 					   &sampass);
+	TALLOC_FREE(creds);
 	if (!NT_STATUS_IS_OK(status)) {
 		return status;
 	}