mirror of
https://github.com/samba-team/samba.git
synced 2025-04-16 18:50:26 +03:00
f0da821926
The issue here is that only the size of the pointer, not the size of the struture was allocated with calloc(). This means that the malloc() for the freshness token bytes would have the memory address written beyond the end of the allocated memory. Additionally, the allocation was not free()ed, resulting in a memory leak. This means that a user could trigger ongoing memory allocation in the server. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15491 Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> (cherry picked from commit 3280893ae80507e36653a0c7da03c82b88ece30b) Autobuild-User(v4-19-test): Jule Anger <janger@samba.org> Autobuild-Date(v4-19-test): Mon Oct 16 08:28:32 UTC 2023 on atb-devel-224