git.samba.org / kamenim / samba.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: bfdd85d)
s3:smbd Fix segfault if register_existing_vuid() fails
authorAndrew Bartlett <abartlet@samba.org>
Mon, 12 Jul 2010 04:21:34 +0000 (14:21 +1000)
committerAndrew Tridgell <tridge@samba.org>
Wed, 14 Jul 2010 06:22:49 +0000 (16:22 +1000)
The register_existing_vuid() call will handle both the ntlmssp_end and
vuid invalidation internally, so we don't want to do it again.

Andrew Bartlett

Signed-off-by: Jelmer Vernooij <jelmer@samba.org>
Signed-off-by: Andrew Tridgell <tridge@samba.org>
source3/smbd/sesssetup.c patch | blob | history

diff --git a/source3/smbd/sesssetup.c b/source3/smbd/sesssetup.c
index b296a1f47c25b9182e07ac43b61e47ae6a0578c5..6ae7758eade00a7135cd9ead5dec9eba1595f468 100644 (file)
--- a/source3/smbd/sesssetup.c
+++ b/source3/smbd/sesssetup.c
@@ -629,6 +629,7 @@ static void reply_spnego_ntlmssp(struct smb_request *req,
                                 const char *OID,
                                 bool wrap)
 {
+       bool do_invalidate = true;
        DATA_BLOB response;
        struct auth_serversupplied_info *server_info = NULL;
        struct smbd_server_connection *sconn = req->sconn;
@@ -663,6 +664,11 @@ static void reply_spnego_ntlmssp(struct smb_request *req,
                                           server_info, nullblob,
                                           auth_ntlmssp_get_username(*auth_ntlmssp_state)) !=
                                           vuid) {
+                       /* The problem is, *auth_ntlmssp_state points
+                        * into the vuser this will have
+                        * talloc_free()'ed in
+                        * register_existing_vuid() */
+                       do_invalidate = false;
                        nt_status = NT_STATUS_LOGON_FAILURE;
                        goto out;
                }
@@ -696,10 +702,12 @@ static void reply_spnego_ntlmssp(struct smb_request *req,
 
        if (!NT_STATUS_EQUAL(nt_status, NT_STATUS_MORE_PROCESSING_REQUIRED)) {
                /* NB. This is *NOT* an error case. JRA */
-               auth_ntlmssp_end(auth_ntlmssp_state);
-               if (!NT_STATUS_IS_OK(nt_status)) {
-                       /* Kill the intermediate vuid */
-                       invalidate_vuid(sconn, vuid);
+               if (do_invalidate) {
+                       auth_ntlmssp_end(auth_ntlmssp_state);
+                       if (!NT_STATUS_IS_OK(nt_status)) {
+                               /* Kill the intermediate vuid */
+                               invalidate_vuid(sconn, vuid);
+                       }
                }
        }
 }
kamenim's wip repo