From ab227bbe8e4b344bb54c5fc656d2835ef1c03c83 Mon Sep 17 00:00:00 2001
From: Joseph Sutton <josephsutton@catalyst.net.nz>
Date: Thu, 21 Sep 2023 14:21:55 +1200
Subject: [PATCH] =?utf8?q?s4:auth:=20Fix=20=E2=80=98user=5Finfo=5Fdc=5Fout?=
 =?utf8?q?=E2=80=99=20leak?=
MIME-Version: 1.0
Content-Type: text/plain; charset=utf8
Content-Transfer-Encoding: 8bit

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
---
 source4/auth/kerberos/kerberos_pac.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/source4/auth/kerberos/kerberos_pac.c b/source4/auth/kerberos/kerberos_pac.c
index 46b9b235854..4f291d81064 100644
--- a/source4/auth/kerberos/kerberos_pac.c
+++ b/source4/auth/kerberos/kerberos_pac.c
@@ -392,7 +392,7 @@ krb5_error_code kerberos_pac_to_user_info_dc(TALLOC_CTX *mem_ctx,
 	}
 
 	/* Pull this right into the normal auth system structures */
-	nt_status = make_user_info_dc_pac(mem_ctx,
+	nt_status = make_user_info_dc_pac(tmp_ctx,
 					 info.logon_info.info,
 					 upn_dns_info,
 					 group_inclusion,
@@ -492,7 +492,7 @@ krb5_error_code kerberos_pac_to_user_info_dc(TALLOC_CTX *mem_ctx,
 		};
 	}
 
-	*user_info_dc = user_info_dc_out;
+	*user_info_dc = talloc_steal(mem_ctx, user_info_dc_out);
 	if (resource_groups_out != NULL) {
 		*resource_groups = talloc_steal(mem_ctx, resource_groups_out);
 	}
-- 
2.47.3