From: Stefan Metzmacher <metze@samba.org>
Date: Fri, 16 Jun 2017 16:03:11 +0000 (+0200)
Subject: auth/ntlmssp: remove useless talloc_steal calls in ntlmssp_server_check_password()
X-Git-Tag: tdb-1.3.14~184
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=c6b37a0e1dff557ca8e200b47eff50d89c180e30;p=thirdparty%2Fsamba.git

auth/ntlmssp: remove useless talloc_steal calls in ntlmssp_server_check_password()

We only create a temporary auth_usersupplied_info structure and pass it
down as const, lets keep the values on ntlmssp_state otherwise we may derefence
stale pointers.

We finally free the memory at the end of ntlmssp_server_postauth() now.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
---

diff --git a/auth/ntlmssp/ntlmssp_server.c b/auth/ntlmssp/ntlmssp_server.c
index c525a93941f..35aa54911ac 100644
--- a/auth/ntlmssp/ntlmssp_server.c
+++ b/auth/ntlmssp/ntlmssp_server.c
@@ -732,9 +732,7 @@ static NTSTATUS ntlmssp_server_check_password(struct gensec_security *gensec_sec
 
 	user_info->password_state = AUTH_PASSWORD_RESPONSE;
 	user_info->password.response.lanman = ntlmssp_state->lm_resp;
-	user_info->password.response.lanman.data = talloc_steal(user_info, ntlmssp_state->lm_resp.data);
 	user_info->password.response.nt = ntlmssp_state->nt_resp;
-	user_info->password.response.nt.data = talloc_steal(user_info, ntlmssp_state->nt_resp.data);
 
 	if (auth_context->check_ntlm_password) {
 		uint8_t authoritative = 0;
@@ -977,6 +975,11 @@ static NTSTATUS ntlmssp_server_postauth(struct gensec_security *gensec_security,
 		nt_status = ntlmssp_sign_init(ntlmssp_state);
 	}
 
+	data_blob_clear_free(&ntlmssp_state->internal_chal);
+	data_blob_clear_free(&ntlmssp_state->chal);
+	data_blob_clear_free(&ntlmssp_state->lm_resp);
+	data_blob_clear_free(&ntlmssp_state->nt_resp);
+
 	ntlmssp_state->expected_state = NTLMSSP_DONE;
 
 	return nt_status;