s4-dsdb: fixed use after free of sasl mechanisms opaque

the supportedSASLMechanisms opaque must live for at least as long as
the ldb, or we can crash when the first connection is torn down

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>

diff --git a/source4/ldap_server/ldap_backend.c b/source4/ldap_server/ldap_backend.c
index 086069fe19b5435e80903e58d5b0c8e24a60532f..23210fa17689fed4e796c924fa457515988fe799 100644 (file)
--- a/source4/ldap_server/ldap_backend.c
+++ b/source4/ldap_server/ldap_backend.c
@@ -219,6 +219,12 @@ NTSTATUS ldapsrv_backend_Init(struct ldapsrv_connection *conn)
                        }
                }
                talloc_unlink(conn, ops);
+
+               /* ldb can have a different lifetime to conn, so we
+                  need to ensure that sasl_mechs lives as long as the
+                  ldb does */
+               talloc_steal(conn->ldb, sasl_mechs);
+
                ldb_set_opaque(conn->ldb, "supportedSASLMechanisms", sasl_mechs);
        }