summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorSimo Sorce <idra@samba.org>2010-02-19 09:34:48 -0500
committerSimo Sorce <idra@samba.org>2010-02-23 12:46:50 -0500
commite5ab64a79902e710636352b01ccd0012d5df1c31 (patch)
tree2c24988438bec6d72139162e44387531930b9b9e
parentbb9014d5cbbc2ebb8fbd9fab05a3f3fc57e725b8 (diff)
downloadsamba-e5ab64a79902e710636352b01ccd0012d5df1c31.tar.gz
samba-e5ab64a79902e710636352b01ccd0012d5df1c31.tar.xz
samba-e5ab64a79902e710636352b01ccd0012d5df1c31.zip
s3:schannel fix memory hierarchy
passing mem_ctx was causing creds->sid to be allocated on mem_ctx and not be child of creds as expected. When later in schannel_check_creds_state() we stole the creds on a different memory context the sid was left behind and the memory it points to freed when the temporary context was freed.
-rw-r--r--libcli/auth/schannel_state_tdb.c2
1 files changed, 1 insertions, 1 deletions
diff --git a/libcli/auth/schannel_state_tdb.c b/libcli/auth/schannel_state_tdb.c
index 3da7618e2c1..49c89085be2 100644
--- a/libcli/auth/schannel_state_tdb.c
+++ b/libcli/auth/schannel_state_tdb.c
@@ -117,7 +117,7 @@ NTSTATUS schannel_fetch_session_key_tdb(struct tdb_context *tdb,
blob = data_blob_const(value.dptr, value.dsize);
- ndr_err = ndr_pull_struct_blob(&blob, mem_ctx, NULL, creds,
+ ndr_err = ndr_pull_struct_blob(&blob, creds, NULL, creds,
(ndr_pull_flags_fn_t)ndr_pull_netlogon_creds_CredentialState);
if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
status = ndr_map_error2ntstatus(ndr_err);