Stop use after free

Fixes bug #10087

Thanks to Man Min Yan for their analysis and providing a solution to the issue.

Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Fri Sep 27 14:29:46 CEST 2013 on sn-devel-104

diff --git a/source3/utils/ntlm_auth.c b/source3/utils/ntlm_auth.c
index 8d556298ca22f90c9817e753534d51e8f90177f3..1df615c1e7dbf9a363740db59d2e34597b802e67 100644 (file)
--- a/source3/utils/ntlm_auth.c
+++ b/source3/utils/ntlm_auth.c
@@ -1678,7 +1678,11 @@ static void manage_gensec_request(enum stdio_helper_mode stdio_helper_mode,
                } else {
 
                        reply_code = "AF";
-                       reply_arg = session_info->unix_info->unix_name;
+                       reply_arg = talloc_strdup(state->gensec_state, session_info->unix_info->unix_name);
+                       if (reply_arg == NULL) {
+                               reply_code = "BH out of memory";
+                               reply_arg = nt_errstr(NT_STATUS_NO_MEMORY);
+                       }
                        talloc_free(session_info);
                }
        } else if (state->gensec_state->gensec_role == GENSEC_CLIENT) {