auth/ntlmssp: remove useless talloc_steal calls in ntlmssp_server_check_password()

We only create a temporary auth_usersupplied_info structure and pass it
down as const, lets keep the values on ntlmssp_state otherwise we may derefence
stale pointers.

We finally free the memory at the end of ntlmssp_server_postauth() now.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

diff --git a/auth/ntlmssp/ntlmssp_server.c b/auth/ntlmssp/ntlmssp_server.c
index c525a93941f45d3109c6338a60d06a646f1f50d4..35aa54911ac077b1bb5d5f129023dcb1276e4520 100644 (file)
--- a/auth/ntlmssp/ntlmssp_server.c
+++ b/auth/ntlmssp/ntlmssp_server.c
@@ -732,9 +732,7 @@ static NTSTATUS ntlmssp_server_check_password(struct gensec_security *gensec_sec
 
        user_info->password_state = AUTH_PASSWORD_RESPONSE;
        user_info->password.response.lanman = ntlmssp_state->lm_resp;
-       user_info->password.response.lanman.data = talloc_steal(user_info, ntlmssp_state->lm_resp.data);
        user_info->password.response.nt = ntlmssp_state->nt_resp;
-       user_info->password.response.nt.data = talloc_steal(user_info, ntlmssp_state->nt_resp.data);
 
        if (auth_context->check_ntlm_password) {
                uint8_t authoritative = 0;
@@ -977,6 +975,11 @@ static NTSTATUS ntlmssp_server_postauth(struct gensec_security *gensec_security,
                nt_status = ntlmssp_sign_init(ntlmssp_state);
        }
 
+       data_blob_clear_free(&ntlmssp_state->internal_chal);
+       data_blob_clear_free(&ntlmssp_state->chal);
+       data_blob_clear_free(&ntlmssp_state->lm_resp);
+       data_blob_clear_free(&ntlmssp_state->nt_resp);
+
        ntlmssp_state->expected_state = NTLMSSP_DONE;
 
        return nt_status;