CVE-2020-25717: s3:ntlm_auth: fix memory leaks in ntlm_auth_generate_session_info_pac()

author Stefan Metzmacher <metze@samba.org>

Tue, 21 Sep 2021 10:27:28 +0000 (12:27 +0200)

committer Jule Anger <janger@samba.org>

Tue, 9 Nov 2021 19:45:33 +0000 (19:45 +0000)
author Stefan Metzmacher <metze@samba.org>
Tue, 21 Sep 2021 10:27:28 +0000 (12:27 +0200)
committer Jule Anger <janger@samba.org>
Tue, 9 Nov 2021 19:45:33 +0000 (19:45 +0000)
diff --git a/source3/utils/ntlm_auth.c b/source3/utils/ntlm_auth.c

index df1a87c8b555706bf7fa155616027cac6594fc06..b94a5268ea7d809a96579352585a1b3b4cc3bee5 100644 (file)
--- a/source3/utils/ntlm_auth.c
+++ b/source3/utils/ntlm_auth.c
@@ -818,23 +818,27 @@ static NTSTATUS ntlm_auth_generate_session_info_pac(struct auth4_context *auth_c
         if (!p) {
                 DEBUG(3, ("[%s] Doesn't look like a valid principal\n",
                           princ_name));
-               return NT_STATUS_LOGON_FAILURE;
+               status = NT_STATUS_LOGON_FAILURE;
+               goto done;
         }
  
         user = talloc_strndup(mem_ctx, princ_name, p - princ_name);
         if (!user) {
-               return NT_STATUS_NO_MEMORY;
+               status = NT_STATUS_NO_MEMORY;
+               goto done;
         }
  
         realm = talloc_strdup(talloc_tos(), p + 1);
         if (!realm) {
-               return NT_STATUS_NO_MEMORY;
+               status = NT_STATUS_NO_MEMORY;
+               goto done;
         }
  
         if (!strequal(realm, lp_realm())) {
                 DEBUG(3, ("Ticket for foreign realm %s@%s\n", user, realm));
                 if (!lp_allow_trusted_domains()) {
-                       return NT_STATUS_LOGON_FAILURE;
+                       status = NT_STATUS_LOGON_FAILURE;
+                       goto done;
                 }
         }
  
@@ -842,7 +846,8 @@ static NTSTATUS ntlm_auth_generate_session_info_pac(struct auth4_context *auth_c
                 domain = talloc_strdup(mem_ctx,
                                         logon_info->info3.base.logon_domain.string);
                 if (!domain) {
-                       return NT_STATUS_NO_MEMORY;
+                       status = NT_STATUS_NO_MEMORY;
+                       goto done;
                 }
                 DEBUG(10, ("Domain is [%s] (using PAC)\n", domain));
         } else {
@@ -872,7 +877,8 @@ static NTSTATUS ntlm_auth_generate_session_info_pac(struct auth4_context *auth_c
                         domain = talloc_strdup(mem_ctx, realm);
                 }
                 if (!domain) {
-                       return NT_STATUS_NO_MEMORY;
+                       status = NT_STATUS_NO_MEMORY;
+                       goto done;
                 }
                 DEBUG(10, ("Domain is [%s] (using Winbind)\n", domain));
         }
author	Stefan Metzmacher <metze@samba.org>
	Tue, 21 Sep 2021 10:27:28 +0000 (12:27 +0200)
committer	Jule Anger <janger@samba.org>
	Tue, 9 Nov 2021 19:45:33 +0000 (19:45 +0000)