CVE-2021-20251 auth4: Return only the result message and free the surrounding result

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14611

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>

diff --git a/selftest/knownfail.d/auth-sam b/selftest/knownfail.d/auth-sam
index 048459e655557380ac626234f19f8d99cbb56877..438cea46415b95bd4d781dc1ba602a34dad924f8 100644 (file)
--- a/selftest/knownfail.d/auth-sam
+++ b/selftest/knownfail.d/auth-sam
@@ -1,4 +1,3 @@
-^samba.unittests.auth.sam.test_reread_account_not_locked.none
 ^samba.unittests.auth.sam.test_success_accounting_add_control_failed.none
 ^samba.unittests.auth.sam.test_success_accounting_build_mod_req_failed.none
 ^samba.unittests.auth.sam.test_success_accounting_commit_failed.none

diff --git a/source4/auth/sam.c b/source4/auth/sam.c
index b12a7c981e6a2c8e96cd80a0f63d9ecec4f13f53..69e50e9da18440876145ba38344efd9c7b03269b 100644 (file)
--- a/source4/auth/sam.c
+++ b/source4/auth/sam.c
@@ -885,7 +885,8 @@ NTSTATUS authsam_reread_user_logon_data(
                TALLOC_FREE(res);
                return NT_STATUS_ACCOUNT_LOCKED_OUT;
        }
-       *current = res->msgs[0];
+       *current = talloc_steal(mem_ctx, res->msgs[0]);
+       TALLOC_FREE(res);
        return NT_STATUS_OK;
 }