From: Stefan Metzmacher <metze@samba.org>
Date: Mon, 7 Nov 2022 16:40:07 +0000 (+0100)
Subject: s4:kdc: make sure reset_bad_password_netlogon() stops subreq before return
X-Git-Tag: talloc-2.4.0~487
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=44192d5f2cae2350d7de109690799dea1a2a2e16;p=thirdparty%2Fsamba.git

s4:kdc: make sure reset_bad_password_netlogon() stops subreq before return

We pass the stack variable 'req' to dcerpc_winbind_SendToSam_r_send(),
so we need to make sure the runtime of the subreq in not longer
than the stack variable.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15253

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
---

diff --git a/source4/kdc/hdb-samba4.c b/source4/kdc/hdb-samba4.c
index 527fa6b627b..6720511756e 100644
--- a/source4/kdc/hdb-samba4.c
+++ b/source4/kdc/hdb-samba4.c
@@ -504,6 +504,7 @@ static void reset_bad_password_netlogon(TALLOC_CTX *mem_ctx,
 {
 	struct dcerpc_binding_handle *irpc_handle;
 	struct winbind_SendToSam req;
+	struct tevent_req *subreq = NULL;
 
 	irpc_handle = irpc_binding_handle_by_name(mem_ctx, kdc_db_ctx->msg_ctx,
 						  "winbind_server",
@@ -516,8 +517,18 @@ static void reset_bad_password_netlogon(TALLOC_CTX *mem_ctx,
 
 	req.in.message = *send_to_sam;
 
-	dcerpc_winbind_SendToSam_r_send(mem_ctx, kdc_db_ctx->ev_ctx,
-					irpc_handle, &req);
+	/*
+	 * This seem to rely on the current IRPC implementation,
+	 * which delivers the message in the _send function.
+	 *
+	 * TODO: we need a ONE_WAY IRPC handle and register
+	 * a callback and wait for it to be triggered!
+	 */
+	subreq = dcerpc_winbind_SendToSam_r_send(mem_ctx, kdc_db_ctx->ev_ctx,
+						 irpc_handle, &req);
+
+	/* we aren't interested in a reply */
+	TALLOC_FREE(subreq);
 }
 
 static krb5_error_code hdb_samba4_audit(krb5_context context,