Fix bug #9213 - Bad ASN.1 NegTokenInit packet can cause invalid free.

Not the correct fix for the specific issue, but a general fix to
make sure this can never happen again.

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed Sep 26 04:07:57 CEST 2012 on sn-devel-104
(cherry picked from commit 83f60672e1b3069e6b1b90b376460da895e37df3)
(cherry picked from commit d0b872ea7ca112d047b9ee2d10d1a75a2ee4aed3)
(cherry picked from commit 1b85990b833fe4ef2007e82ffe26ee18f87cb464)

diff --git a/source3/libsmb/clispnego.c b/source3/libsmb/clispnego.c
index 33225290f9ebab325f41f4aa2aaa6f2247cd2a5c..49b484b56c2405fc69198c2644da46412f38d497 100644 (file)
--- a/source3/libsmb/clispnego.c
+++ b/source3/libsmb/clispnego.c
@@ -136,6 +136,10 @@ bool spnego_parse_negTokenInit(DATA_BLOB blob,
        bool ret;
        ASN1_DATA *data;
 
+       for (i = 0; i < ASN1_MAX_OIDS; i++) {
+               OIDs[i] = NULL;
+       }
+
        data = asn1_init(talloc_tos());
        if (data == NULL) {
                return false;