git.samba.org / ddiss / samba.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: ec7a5f2)
s3: Fix uninitialized memory read in talloc_free()
authorVolker Lendecke <vl@samba.org>
Tue, 29 May 2012 13:31:49 +0000 (15:31 +0200)
committerKarolin Seeger <kseeger@samba.org>
Wed, 13 Jun 2012 17:39:58 +0000 (19:39 +0200)
Thanks to laurent gaffie <laurent.gaffie@gmail.com> for reporting
this issue!

source3/libsmb/clispnego.c patch | blob | history

diff --git a/source3/libsmb/clispnego.c b/source3/libsmb/clispnego.c
index 4581ce40267eaf6a829356b8b10f4c93121558aa..0a907ba7197d3fbbd15fe68b70aab53358cf28be 100644 (file)
--- a/source3/libsmb/clispnego.c
+++ b/source3/libsmb/clispnego.c
@@ -127,6 +127,9 @@ bool spnego_parse_negTokenInit(TALLOC_CTX *ctx,
        asn1_start_tag(data,ASN1_SEQUENCE(0));
        for (i=0; asn1_tag_remaining(data) > 0 && i < ASN1_MAX_OIDS-1; i++) {
                asn1_read_OID(data,ctx, &OIDs[i]);
+               if (data->has_error) {
+                       break;
+               }
        }
        OIDs[i] = NULL;
        asn1_end_tag(data);
ddiss' public Samba repository