git.samba.org / kamenim / samba.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: fc956cf)
s3:smbd Fix segfault if register_existing_vuid() fails
authorAndrew Bartlett <abartlet@samba.org>
Tue, 1 Jun 2010 09:19:01 +0000 (19:19 +1000)
committerAndrew Bartlett <abartlet@samba.org>
Mon, 7 Jun 2010 13:34:28 +0000 (23:34 +1000)
The register_existing_vuid() call will handle both the ntlmssp_end and
vuid invalidation internally, so we don't want to do it again.

Andrew Bartlett

source3/smbd/sesssetup.c patch | blob | history

diff --git a/source3/smbd/sesssetup.c b/source3/smbd/sesssetup.c
index dba6dabd267b2095c3f00b4433d350cb14db81cc..486b4d137fc92c57513ad783f6fd49f09039e2ee 100644 (file)
--- a/source3/smbd/sesssetup.c
+++ b/source3/smbd/sesssetup.c
@@ -629,6 +629,7 @@ static void reply_spnego_ntlmssp(struct smb_request *req,
                                 const char *OID,
                                 bool wrap)
 {
+       bool do_invalidate = true;
        DATA_BLOB response;
        struct auth_serversupplied_info *server_info = NULL;
        struct smbd_server_connection *sconn = smbd_server_conn;
@@ -663,6 +664,11 @@ static void reply_spnego_ntlmssp(struct smb_request *req,
                                           server_info, nullblob,
                                           auth_ntlmssp_get_username(*auth_ntlmssp_state)) !=
                                           vuid) {
+                       /* The problem is, *auth_ntlmssp_state points
+                        * into the vuser this will have
+                        * talloc_free()'ed in
+                        * register_existing_vuid() */
+                       do_invalidate = false;
                        nt_status = NT_STATUS_LOGON_FAILURE;
                        goto out;
                }
@@ -696,10 +702,12 @@ static void reply_spnego_ntlmssp(struct smb_request *req,
 
        if (!NT_STATUS_EQUAL(nt_status, NT_STATUS_MORE_PROCESSING_REQUIRED)) {
                /* NB. This is *NOT* an error case. JRA */
-               auth_ntlmssp_end(auth_ntlmssp_state);
-               if (!NT_STATUS_IS_OK(nt_status)) {
-                       /* Kill the intermediate vuid */
-                       invalidate_vuid(sconn, vuid);
+               if (do_invalidate) {
+                       auth_ntlmssp_end(auth_ntlmssp_state);
+                       if (!NT_STATUS_IS_OK(nt_status)) {
+                               /* Kill the intermediate vuid */
+                               invalidate_vuid(sconn, vuid);
+                       }
                }
        }
 }
kamenim's wip repo