1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-22 13:34:15 +03:00

s4-lsa: Fix use-after-free in LSA server

This is a regression introduced in ab7988aa2f.

The state variable contains the data to be returned to the client
and packed into NDR after the function returned.

This memory needs to be kept (on mem_ctx as parent) until that is
pushed and freed by the caller.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13420

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
This commit is contained in:
Andrew Bartlett 2018-05-03 16:22:19 +12:00
parent 2096d13274
commit 7e091e5051

View File

@ -805,7 +805,6 @@ NTSTATUS dcesrv_lsa_LookupSids(struct dcesrv_call_state *dce_call, TALLOC_CTX *m
state->r.out.result = status;
dcesrv_lsa_LookupSids_base_map(state);
TALLOC_FREE(state);
return status;
}
@ -1284,7 +1283,6 @@ NTSTATUS dcesrv_lsa_LookupNames3(struct dcesrv_call_state *dce_call,
state->r.out.result = status;
dcesrv_lsa_LookupNames_base_map(state);
TALLOC_FREE(state);
return status;
}
@ -1357,7 +1355,6 @@ NTSTATUS dcesrv_lsa_LookupNames4(struct dcesrv_call_state *dce_call, TALLOC_CTX
state->r.out.result = status;
dcesrv_lsa_LookupNames_base_map(state);
TALLOC_FREE(state);
return status;
}