From: Gary Lockyer <gary@catalyst.net.nz>
Date: Wed, 24 Mar 2021 22:30:59 +0000 (+1300)
Subject: CVE-2021-20251 auth4: Return only the result message and free the surrounding result
X-Git-Tag: talloc-2.4.0~1079
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=b954acfde258a1909ed60c1c3e1015701582719f;p=thirdparty%2Fsamba.git

CVE-2021-20251 auth4: Return only the result message and free the surrounding result

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14611

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
---

diff --git a/selftest/knownfail.d/auth-sam b/selftest/knownfail.d/auth-sam
index 048459e6555..438cea46415 100644
--- a/selftest/knownfail.d/auth-sam
+++ b/selftest/knownfail.d/auth-sam
@@ -1,4 +1,3 @@
-^samba.unittests.auth.sam.test_reread_account_not_locked.none
 ^samba.unittests.auth.sam.test_success_accounting_add_control_failed.none
 ^samba.unittests.auth.sam.test_success_accounting_build_mod_req_failed.none
 ^samba.unittests.auth.sam.test_success_accounting_commit_failed.none
diff --git a/source4/auth/sam.c b/source4/auth/sam.c
index b12a7c981e6..69e50e9da18 100644
--- a/source4/auth/sam.c
+++ b/source4/auth/sam.c
@@ -885,7 +885,8 @@ NTSTATUS authsam_reread_user_logon_data(
 		TALLOC_FREE(res);
 		return NT_STATUS_ACCOUNT_LOCKED_OUT;
 	}
-	*current = res->msgs[0];
+	*current = talloc_steal(mem_ctx, res->msgs[0]);
+	TALLOC_FREE(res);
 	return NT_STATUS_OK;
 }