mirror of
https://github.com/samba-team/samba.git
synced 2024-12-23 17:34:34 +03:00
passdb: Avoid use-after-free when setting a plaintext password
The issue here is that pdb_set_plaintext_passwd() re-used the memory from pdb_get_pw_history() as input We need to free this after we copy and set it. Found by AddressSanitizer Andrew Bartlett Change-Id: I4e148e23ccbbe5444c969ff8f91709791c7696bb Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Kamen Mazdrashki <kamenim@samba.org>
This commit is contained in:
parent
3cd5e67226
commit
c0dfda35f7
@ -873,9 +873,10 @@ bool pdb_set_lanman_passwd(struct samu *sampass, const uint8 pwd[LM_HASH_LEN], e
|
||||
bool pdb_set_pw_history(struct samu *sampass, const uint8 *pwd, uint32_t historyLen, enum pdb_value_state flag)
|
||||
{
|
||||
if (historyLen && pwd){
|
||||
data_blob_free(&(sampass->nt_pw_his));
|
||||
DATA_BLOB *old_nt_pw_his = &(sampass->nt_pw_his);
|
||||
sampass->nt_pw_his = data_blob_talloc(sampass,
|
||||
pwd, historyLen*PW_HISTORY_ENTRY_LEN);
|
||||
pwd, historyLen*PW_HISTORY_ENTRY_LEN);
|
||||
data_blob_free(old_nt_pw_his);
|
||||
if (!sampass->nt_pw_his.length) {
|
||||
DEBUG(0, ("pdb_set_pw_history: data_blob_talloc() failed!\n"));
|
||||
return False;
|
||||
|
Loading…
Reference in New Issue
Block a user