Fix bug #8477 - Map to guest can return uninitialized blob of data.

Found by Codenomicon at SNIA SDC.

Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Fri Sep 23 03:19:46 CEST 2011 on sn-devel-104
(cherry picked from commit f0f91d0117b2ccf778382e61a411b5e4f0ea2b14)

diff --git a/source3/smbd/smb2_sesssetup.c b/source3/smbd/smb2_sesssetup.c
index 6649cfb59a2ef9767a0dd66ed32056003d10edfb..49aabdb7a7abd4600dbbf2e7b6c4a11df27b93b9 100644 (file)
--- a/source3/smbd/smb2_sesssetup.c
+++ b/source3/smbd/smb2_sesssetup.c
@@ -57,7 +57,7 @@ NTSTATUS smbd_smb2_request_process_sesssetup(struct smbd_smb2_request *smb2req)
        uint16_t out_session_flags;
        uint64_t out_session_id;
        uint16_t out_security_offset;
-       DATA_BLOB out_security_buffer;
+       DATA_BLOB out_security_buffer = data_blob_null;
        NTSTATUS status;
 
        inhdr = (const uint8_t *)smb2req->in.vector[i+0].iov_base;
@@ -679,6 +679,8 @@ static NTSTATUS smbd_smb2_raw_ntlmssp_auth(struct smbd_smb2_session *session,
        NTSTATUS status;
        DATA_BLOB secblob_out = data_blob_null;
 
+       *out_security_buffer = data_blob_null;
+
        if (session->auth_ntlmssp_state == NULL) {
                status = auth_ntlmssp_start(&session->auth_ntlmssp_state);
                if (!NT_STATUS_IS_OK(status)) {