From: Alistair Leslie-Hughes <leslie_alistair@hotmail.com>
Date: Thu, 26 Sep 2013 22:31:00 +0000 (+1000)
Subject: Stop use after free
X-Git-Tag: samba-4.0.15~12
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=6b115571b1d480476484a33eb70ca7f0e5a76c7f;p=thirdparty%2Fsamba.git

Stop use after free

Fixes bug #10087

Thanks to Man Min Yan for their analysis and providing a solution to the issue.

Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Fri Sep 27 14:29:46 CEST 2013 on sn-devel-104
(cherry picked from commit 6bf9a774718917c3429fa1492f5b0268ae5e01c3)
---

diff --git a/source3/utils/ntlm_auth.c b/source3/utils/ntlm_auth.c
index 7cf40b905de..ad75e69dd0b 100644
--- a/source3/utils/ntlm_auth.c
+++ b/source3/utils/ntlm_auth.c
@@ -1678,7 +1678,11 @@ static void manage_gensec_request(enum stdio_helper_mode stdio_helper_mode,
 		} else {
 
 			reply_code = "AF";
-			reply_arg = session_info->unix_info->unix_name;
+			reply_arg = talloc_strdup(state->gensec_state, session_info->unix_info->unix_name);
+			if (reply_arg == NULL) {
+				reply_code = "BH out of memory";
+				reply_arg = nt_errstr(NT_STATUS_NO_MEMORY);
+			}
 			talloc_free(session_info);
 		}
 	} else if (state->gensec_state->gensec_role == GENSEC_CLIENT) {