diff --git a/source3/smbd/seal.c b/source3/smbd/seal.c index e9dc46aa3cd..18d8b643ddf 100644 --- a/source3/smbd/seal.c +++ b/source3/smbd/seal.c @@ -426,9 +426,14 @@ static NTSTATUS srv_enc_spnego_gss_negotiate(unsigned char **ppdata, size_t *p_d data_blob_free(&auth_reply); SAFE_FREE(*ppdata); - *ppdata = response.data; + *ppdata = memdup(response.data, response.length); + if ((*ppdata) == NULL && response.length > 0) { + status = NT_STATUS_NO_MEMORY; + } *p_data_size = response.length; + data_blob_free(&response); + return status; } #endif @@ -463,8 +468,13 @@ static NTSTATUS srv_enc_ntlm_negotiate(unsigned char **ppdata, size_t *p_data_si } SAFE_FREE(*ppdata); - *ppdata = response.data; + *ppdata = memdup(response.data, response.length); + if ((*ppdata) == NULL && response.length > 0) { + status = NT_STATUS_NO_MEMORY; + } *p_data_size = response.length; + data_blob_free(&response); + return status; } @@ -585,8 +595,11 @@ static NTSTATUS srv_enc_spnego_ntlm_auth(connection_struct *conn, } SAFE_FREE(*ppdata); - *ppdata = response.data; + *ppdata = memdup(response.data, response.length); + if ((*ppdata) == NULL && response.length > 0) + return NT_STATUS_NO_MEMORY; *p_data_size = response.length; + data_blob_free(&response); return status; } @@ -636,8 +649,11 @@ static NTSTATUS srv_enc_raw_ntlm_auth(connection_struct *conn, /* Return the raw blob. */ SAFE_FREE(*ppdata); - *ppdata = response.data; + *ppdata = memdup(response.data, response.length); + if ((*ppdata) == NULL && response.length > 0) + return NT_STATUS_NO_MEMORY; *p_data_size = response.length; + data_blob_free(&response); return status; }