From c6b37a0e1dff557ca8e200b47eff50d89c180e30 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Fri, 16 Jun 2017 18:03:11 +0200 Subject: [PATCH] auth/ntlmssp: remove useless talloc_steal calls in ntlmssp_server_check_password() We only create a temporary auth_usersupplied_info structure and pass it down as const, lets keep the values on ntlmssp_state otherwise we may derefence stale pointers. We finally free the memory at the end of ntlmssp_server_postauth() now. Signed-off-by: Stefan Metzmacher Reviewed-by: Andrew Bartlett --- auth/ntlmssp/ntlmssp_server.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/auth/ntlmssp/ntlmssp_server.c b/auth/ntlmssp/ntlmssp_server.c index c525a93941f..35aa54911ac 100644 --- a/auth/ntlmssp/ntlmssp_server.c +++ b/auth/ntlmssp/ntlmssp_server.c @@ -732,9 +732,7 @@ static NTSTATUS ntlmssp_server_check_password(struct gensec_security *gensec_sec user_info->password_state = AUTH_PASSWORD_RESPONSE; user_info->password.response.lanman = ntlmssp_state->lm_resp; - user_info->password.response.lanman.data = talloc_steal(user_info, ntlmssp_state->lm_resp.data); user_info->password.response.nt = ntlmssp_state->nt_resp; - user_info->password.response.nt.data = talloc_steal(user_info, ntlmssp_state->nt_resp.data); if (auth_context->check_ntlm_password) { uint8_t authoritative = 0; @@ -977,6 +975,11 @@ static NTSTATUS ntlmssp_server_postauth(struct gensec_security *gensec_security, nt_status = ntlmssp_sign_init(ntlmssp_state); } + data_blob_clear_free(&ntlmssp_state->internal_chal); + data_blob_clear_free(&ntlmssp_state->chal); + data_blob_clear_free(&ntlmssp_state->lm_resp); + data_blob_clear_free(&ntlmssp_state->nt_resp); + ntlmssp_state->expected_state = NTLMSSP_DONE; return nt_status; -- 2.47.2