CVE-2022-38023 s3:rpc_server/netlogon: Avoid unnecessary loadparm_context allocations

author Samuel Cabrero <scabrero@suse.de>

Thu, 22 Dec 2022 15:32:40 +0000 (16:32 +0100)

committer Andreas Schneider <asn@cryptomilk.org>

Mon, 9 Jan 2023 15:17:14 +0000 (15:17 +0000)
author Samuel Cabrero <scabrero@suse.de>
Thu, 22 Dec 2022 15:32:40 +0000 (16:32 +0100)
committer Andreas Schneider <asn@cryptomilk.org>
Mon, 9 Jan 2023 15:17:14 +0000 (15:17 +0000)
diff --git a/source3/rpc_server/netlogon/srv_netlog_nt.c b/source3/rpc_server/netlogon/srv_netlog_nt.c

index 63ad9ac513f1bdf418cf714a0b9c650c8272721c..72c50638c7291223b23ed347ba5b33acee64955e 100644 (file)
--- a/source3/rpc_server/netlogon/srv_netlog_nt.c
+++ b/source3/rpc_server/netlogon/srv_netlog_nt.c
@@ -878,7 +878,7 @@ NTSTATUS _netr_ServerAuthenticate3(struct pipes_struct *p,
          * so use a copy to avoid destroying the client values. */
         uint32_t in_neg_flags = *r->in.negotiate_flags;
         const char *fn;
-       struct loadparm_context *lp_ctx;
+       struct loadparm_context *lp_ctx = p->dce_call->conn->dce_ctx->lp_ctx;
         struct dom_sid sid;
         struct samr_Password mach_pwd;
         struct netlogon_creds_CredentialState *creds;
@@ -1007,20 +1007,11 @@ NTSTATUS _netr_ServerAuthenticate3(struct pipes_struct *p,
                 goto out;
         }
  
-       lp_ctx = loadparm_init_s3(p->mem_ctx, loadparm_s3_helpers());
-       if (lp_ctx == NULL) {
-               DEBUG(10, ("loadparm_init_s3 failed\n"));
-               status = NT_STATUS_INTERNAL_ERROR;
-               goto out;
-       }
-
         /* Store off the state so we can continue after client disconnect. */
         become_root();
         status = schannel_save_creds_state(p->mem_ctx, lp_ctx, creds);
         unbecome_root();
  
-       talloc_unlink(p->mem_ctx, lp_ctx);
-
         if (!NT_STATUS_IS_OK(status)) {
                 ZERO_STRUCTP(r->out.return_credentials);
                 goto out;
@@ -2020,7 +2011,7 @@ NTSTATUS _netr_LogonSamLogonEx(struct pipes_struct *p,
  {
         NTSTATUS status;
         struct netlogon_creds_CredentialState *creds = NULL;
-       struct loadparm_context *lp_ctx;
+       struct loadparm_context *lp_ctx = p->dce_call->conn->dce_ctx->lp_ctx;
  
         *r->out.authoritative = true;
  
@@ -2029,18 +2020,10 @@ NTSTATUS _netr_LogonSamLogonEx(struct pipes_struct *p,
                 return status;
         }
  
-       lp_ctx = loadparm_init_s3(p->mem_ctx, loadparm_s3_helpers());
-       if (lp_ctx == NULL) {
-               DEBUG(0, ("loadparm_init_s3 failed\n"));
-               return NT_STATUS_INTERNAL_ERROR;
-       }
-
         become_root();
         status = schannel_get_creds_state(p->mem_ctx, lp_ctx,
                                           r->in.computer_name, &creds);
         unbecome_root();
-       talloc_unlink(p->mem_ctx, lp_ctx);
-
         if (!NT_STATUS_IS_OK(status)) {
                 return status;
         }
author	Samuel Cabrero <scabrero@suse.de>
	Thu, 22 Dec 2022 15:32:40 +0000 (16:32 +0100)
committer	Andreas Schneider <asn@cryptomilk.org>
	Mon, 9 Jan 2023 15:17:14 +0000 (15:17 +0000)