From: Stefan Metzmacher <metze@samba.org>
Date: Fri, 18 Dec 2015 11:45:56 +0000 (+0100)
Subject: CVE-2016-2112: s4:ldap_server: reduce scope of old_session_info variable
X-Git-Tag: samba-4.2.10~160
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=5a26043267c5287481f677f773724cf4edb76699;p=thirdparty%2Fsamba.git

CVE-2016-2112: s4:ldap_server: reduce scope of old_session_info variable

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11644

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
---

diff --git a/source4/ldap_server/ldap_bind.c b/source4/ldap_server/ldap_bind.c
index fb7a6edd4db..7113b63f93d 100644
--- a/source4/ldap_server/ldap_bind.c
+++ b/source4/ldap_server/ldap_bind.c
@@ -218,7 +218,6 @@ static NTSTATUS ldapsrv_BindSASL(struct ldapsrv_call *call)
 		result = LDAP_SASL_BIND_IN_PROGRESS;
 		errstr = NULL;
 	} else if (NT_STATUS_IS_OK(status)) {
-		struct auth_session_info *old_session_info=NULL;
 		struct ldapsrv_sasl_postprocess_context *context = NULL;
 
 		result = LDAP_SUCCESS;
@@ -266,14 +265,13 @@ static NTSTATUS ldapsrv_BindSASL(struct ldapsrv_call *call)
 		}
 
 		if (result != LDAP_SUCCESS) {
-			conn->session_info = old_session_info;
 		} else if (!NT_STATUS_IS_OK(status)) {
-			conn->session_info = old_session_info;
 			result = LDAP_OPERATIONS_ERROR;
 			errstr = talloc_asprintf(reply, 
 						 "SASL:[%s]: Failed to setup SASL socket: %s", 
 						 req->creds.SASL.mechanism, nt_errstr(status));
 		} else {
+			struct auth_session_info *old_session_info=NULL;
 
 			old_session_info = conn->session_info;
 			conn->session_info = NULL;