sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-02-02 09:47:23 +03:00
Code

CVE-2020-25719 mit_samba: Create the talloc context earlier

Browse Source 
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14561

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
This commit is contained in:
Andreas Schneider 2021-08-09 17:25:53 +02:00 committed by Jule Anger
parent bdf07fc421
commit 41a36191f6
1 changed files with 12 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
source4/kdc/mit_samba.c
View File

@ -528,6 +528,12 @@ krb5_error_code mit_samba_reget_pac(struct mit_samba_context *ctx,
krb5_pac new_pac = NULL;
bool ok;
/* Create a memory context early so code can use talloc_stackframe() */
tmp_ctx = talloc_named(ctx, 0, "mit_samba_reget_pac context");
if (tmp_ctx == NULL) {
return ENOMEM;
}
if (client != NULL) {
client_skdc_entry =
talloc_get_type_abort(client->e_data,
@ -535,7 +541,8 @@ krb5_error_code mit_samba_reget_pac(struct mit_samba_context *ctx,
}
if (server == NULL) {
return EINVAL;
code = EINVAL;
goto done;
}
server_skdc_entry =
@ -545,21 +552,18 @@ krb5_error_code mit_samba_reget_pac(struct mit_samba_context *ctx,
/* The account may be set not to want the PAC */
ok = samba_princ_needs_pac(server_skdc_entry);
if (!ok) {
return EINVAL;
code = EINVAL;
goto done;
}
if (krbtgt == NULL) {
return EINVAL;
code = EINVAL;
goto done;
}
krbtgt_skdc_entry =
talloc_get_type_abort(krbtgt->e_data,
struct samba_kdc_entry);
tmp_ctx = talloc_named(ctx, 0, "mit_samba_reget_pac context");
if (tmp_ctx == NULL) {
return ENOMEM;
}
code = samba_krbtgt_is_in_db(krbtgt_skdc_entry,
&is_in_db,
&is_untrusted);