CVE-2013-4496:s3:auth: fix memory leak in the ACCOUNT_LOCKED_OUT case.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=10245

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

diff --git a/source3/auth/check_samsec.c b/source3/auth/check_samsec.c
index f918dc0db198772aeca30c068c364ea51241da19..e2c42d6dc471566467df1b65f5847b949768568f 100644 (file)
--- a/source3/auth/check_samsec.c
+++ b/source3/auth/check_samsec.c
@@ -408,6 +408,7 @@ NTSTATUS check_sam_security(const DATA_BLOB *challenge,
        /* Quit if the account was locked out. */
        if (pdb_get_acct_ctrl(sampass) & ACB_AUTOLOCK) {
                DEBUG(3,("check_sam_security: Account for user %s was locked out.\n", username));
+               TALLOC_FREE(sampass);
                return NT_STATUS_ACCOUNT_LOCKED_OUT;
        }