From: Andreas Schneider <asn@samba.org>
Date: Tue, 18 Jun 2024 13:45:53 +0000 (+0200)
Subject: nsswitch:krb5_plugin: Avoid a possible double free
X-Git-Tag: tdb-1.4.11~334
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=36fb8a3d654a4bc75abe86376de970ebc83552c6;p=thirdparty%2Fsamba.git

nsswitch:krb5_plugin: Avoid a possible double free

Found by Covscan.

"Error: USE_AFTER_FREE (CWE-416):
samba-4.20.0rc2/nsswitch/krb5_plugin/winbind_krb5_localauth.c:122: freed_arg: ""wbcFreeMemory"" frees ""pwd"".
samba-4.20.0rc2/nsswitch/krb5_plugin/winbind_krb5_localauth.c:144: pass_freed_arg: Passing freed pointer ""pwd"" as an argument to ""wbcFreeMemory"".
  142|   		break;
  143|   	}
  144|-> 	wbcFreeMemory(pwd);
  145|   	if (code != 0) {
  146|   		goto out;"

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Signed-off-by: Martin Schwenke <mschwenke@ddn.com>
---

diff --git a/nsswitch/krb5_plugin/winbind_krb5_localauth.c b/nsswitch/krb5_plugin/winbind_krb5_localauth.c
index 751dfd1674b..f610b0cdf8c 100644
--- a/nsswitch/krb5_plugin/winbind_krb5_localauth.c
+++ b/nsswitch/krb5_plugin/winbind_krb5_localauth.c
@@ -120,6 +120,7 @@ static krb5_error_code winbind_userok(krb5_context context,
 		break;
 	}
 	wbcFreeMemory(pwd);
+	pwd = NULL;
 	if (code != 0) {
 		goto out;
 	}