From: Kai Blin <kai@samba.org>
Date: Fri, 26 Mar 2010 21:28:43 +0000 (-0700)
Subject: s3 ntlm_auth: Don't malloc data that will be talloc_free()d
X-Git-Tag: samba-3.4.8~52
X-Git-Url: http://git.samba.org/?a=commitdiff_plain;h=76019d6506a7f2b677ef1dd49e22dda2f73c3f52;p=samba.git

s3 ntlm_auth: Don't malloc data that will be talloc_free()d

This fixes bug #7290
Thanks to Mohan <mohann@silver-peak.com> for the bug report.
(cherry picked from commit 36ecc6bed9bbf7ed6437433d89ec9d49da43e5ee)
---

diff --git a/source3/utils/ntlm_auth.c b/source3/utils/ntlm_auth.c
index 70c1d050193..f84f1fd7f55 100644
--- a/source3/utils/ntlm_auth.c
+++ b/source3/utils/ntlm_auth.c
@@ -1082,18 +1082,18 @@ static void offer_gss_spnego_mechs(void) {
 
 	/* Server negTokenInit (mech offerings) */
 	spnego.type = SPNEGO_NEG_TOKEN_INIT;
-	spnego.negTokenInit.mechTypes = SMB_XMALLOC_ARRAY(const char *, 2);
+	spnego.negTokenInit.mechTypes = talloc_array(ctx, const char *, 2);
 #ifdef HAVE_KRB5
-	spnego.negTokenInit.mechTypes[0] = smb_xstrdup(OID_KERBEROS5_OLD);
-	spnego.negTokenInit.mechTypes[1] = smb_xstrdup(OID_NTLMSSP);
+	spnego.negTokenInit.mechTypes[0] = talloc_strdup(ctx, OID_KERBEROS5_OLD);
+	spnego.negTokenInit.mechTypes[1] = talloc_strdup(ctx, OID_NTLMSSP);
 	spnego.negTokenInit.mechTypes[2] = NULL;
 #else
-	spnego.negTokenInit.mechTypes[0] = smb_xstrdup(OID_NTLMSSP);
+	spnego.negTokenInit.mechTypes[0] = talloc_strdup(ctx, OID_NTLMSSP);
 	spnego.negTokenInit.mechTypes[1] = NULL;
 #endif
 
 
-	spnego.negTokenInit.mechListMIC = data_blob(principal,
+	spnego.negTokenInit.mechListMIC = data_blob_talloc(ctx, principal,
 						    strlen(principal));
 
 	len = write_spnego_data(&token, &spnego);
@@ -1218,8 +1218,8 @@ static void manage_gss_spnego_request(struct ntlm_auth_state *state,
 				  request.negTokenInit.mechToken.length);
 
 			response.type = SPNEGO_NEG_TOKEN_TARG;
-			response.negTokenTarg.supportedMech = SMB_STRDUP(OID_NTLMSSP);
-			response.negTokenTarg.mechListMIC = data_blob_null;
+			response.negTokenTarg.supportedMech = talloc_strdup(ctx, OID_NTLMSSP);
+			response.negTokenTarg.mechListMIC = data_blob_talloc(ctx, NULL, 0);
 
 			status = ntlmssp_update(ntlmssp_state,
 						       request.negTokenInit.mechToken,
@@ -1243,9 +1243,9 @@ static void manage_gss_spnego_request(struct ntlm_auth_state *state,
 			}
 
 			response.type = SPNEGO_NEG_TOKEN_TARG;
-			response.negTokenTarg.supportedMech = SMB_STRDUP(OID_KERBEROS5_OLD);
-			response.negTokenTarg.mechListMIC = data_blob_null;
-			response.negTokenTarg.responseToken = data_blob_null;
+			response.negTokenTarg.supportedMech = talloc_strdup(ctx, OID_KERBEROS5_OLD);
+			response.negTokenTarg.mechListMIC = data_blob_talloc(ctx, NULL, 0);
+			response.negTokenTarg.responseToken = data_blob_talloc(ctx, NULL, 0);
 
 			status = ads_verify_ticket(mem_ctx, lp_realm(), 0,
 						   &request.negTokenInit.mechToken,
@@ -1304,8 +1304,8 @@ static void manage_gss_spnego_request(struct ntlm_auth_state *state,
 					       &response.negTokenTarg.responseToken);
 
 		response.type = SPNEGO_NEG_TOKEN_TARG;
-		response.negTokenTarg.supportedMech = SMB_STRDUP(OID_NTLMSSP);
-		response.negTokenTarg.mechListMIC = data_blob_null;
+		response.negTokenTarg.supportedMech = talloc_strdup(ctx, OID_NTLMSSP);
+		response.negTokenTarg.mechListMIC = data_blob_talloc(ctx, NULL, 0);
 
 		if (NT_STATUS_IS_OK(status)) {
 			user = SMB_STRDUP(ntlmssp_state->user);