1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-23 17:34:34 +03:00

passdb: Avoid use-after-free when setting a plaintext password

The issue here is that pdb_set_plaintext_passwd() re-used the memory from pdb_get_pw_history() as input

We need to free this after we copy and set it.

Found by AddressSanitizer

Andrew Bartlett

Change-Id: I4e148e23ccbbe5444c969ff8f91709791c7696bb
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Kamen Mazdrashki <kamenim@samba.org>
This commit is contained in:
Andrew Bartlett 2014-09-02 10:47:57 +12:00
parent 3cd5e67226
commit c0dfda35f7

View File

@ -873,9 +873,10 @@ bool pdb_set_lanman_passwd(struct samu *sampass, const uint8 pwd[LM_HASH_LEN], e
bool pdb_set_pw_history(struct samu *sampass, const uint8 *pwd, uint32_t historyLen, enum pdb_value_state flag)
{
if (historyLen && pwd){
data_blob_free(&(sampass->nt_pw_his));
DATA_BLOB *old_nt_pw_his = &(sampass->nt_pw_his);
sampass->nt_pw_his = data_blob_talloc(sampass,
pwd, historyLen*PW_HISTORY_ENTRY_LEN);
pwd, historyLen*PW_HISTORY_ENTRY_LEN);
data_blob_free(old_nt_pw_his);
if (!sampass->nt_pw_his.length) {
DEBUG(0, ("pdb_set_pw_history: data_blob_talloc() failed!\n"));
return False;