diff options
author | Simo Sorce <idra@samba.org> | 2010-02-19 09:34:48 -0500 |
---|---|---|
committer | Simo Sorce <idra@samba.org> | 2010-02-23 12:46:50 -0500 |
commit | e5ab64a79902e710636352b01ccd0012d5df1c31 (patch) | |
tree | 2c24988438bec6d72139162e44387531930b9b9e | |
parent | bb9014d5cbbc2ebb8fbd9fab05a3f3fc57e725b8 (diff) | |
download | samba-e5ab64a79902e710636352b01ccd0012d5df1c31.tar.gz samba-e5ab64a79902e710636352b01ccd0012d5df1c31.tar.xz samba-e5ab64a79902e710636352b01ccd0012d5df1c31.zip |
s3:schannel fix memory hierarchy
passing mem_ctx was causing creds->sid to be allocated on mem_ctx and not be
child of creds as expected. When later in schannel_check_creds_state() we
stole the creds on a different memory context the sid was left behind and the
memory it points to freed when the temporary context was freed.
-rw-r--r-- | libcli/auth/schannel_state_tdb.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/libcli/auth/schannel_state_tdb.c b/libcli/auth/schannel_state_tdb.c index 3da7618e2c1..49c89085be2 100644 --- a/libcli/auth/schannel_state_tdb.c +++ b/libcli/auth/schannel_state_tdb.c @@ -117,7 +117,7 @@ NTSTATUS schannel_fetch_session_key_tdb(struct tdb_context *tdb, blob = data_blob_const(value.dptr, value.dsize); - ndr_err = ndr_pull_struct_blob(&blob, mem_ctx, NULL, creds, + ndr_err = ndr_pull_struct_blob(&blob, creds, NULL, creds, (ndr_pull_flags_fn_t)ndr_pull_netlogon_creds_CredentialState); if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { status = ndr_map_error2ntstatus(ndr_err); |