From: Andreas Schneider <asn@samba.org>
Date: Thu, 7 Nov 2013 14:55:29 +0000 (+0100)
Subject: s4-lsa: Fix a user after free in dcesrv_lsa_lookup_name().
X-Git-Url: http://git.samba.org/?a=commitdiff_plain;h=0aa73958f0679f8b7389295c4601903f3f8f3a53;p=metze%2Fsamba%2Fwip.git

s4-lsa: Fix a user after free in dcesrv_lsa_lookup_name().

Pair-Programmed-With: Volker Lendecke <vl@samba.org>
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
---

diff --git a/source4/rpc_server/lsa/lsa_lookup.c b/source4/rpc_server/lsa/lsa_lookup.c
index 07d5c2ff862e..40842f02bd00 100644
--- a/source4/rpc_server/lsa/lsa_lookup.c
+++ b/source4/rpc_server/lsa/lsa_lookup.c
@@ -305,19 +305,25 @@ static NTSTATUS dcesrv_lsa_lookup_name(struct tevent_context *ev_ctx,
 		}
 		if (strcasecmp_m(username, state->domain_dns) == 0) { 
 			*authority_name = state->domain_name;
-			*sid =  state->domain_sid;
+			*sid =  dom_sid_dup(mem_ctx, state->domain_sid);
+			if (*sid == NULL) {
+				return NT_STATUS_NO_MEMORY;
+			}
 			*rtype = SID_NAME_DOMAIN;
 			*rid = 0xFFFFFFFF;
 			return NT_STATUS_OK;
 		}
 		if (strcasecmp_m(username, state->domain_name) == 0) { 
 			*authority_name = state->domain_name;
-			*sid =  state->domain_sid;
+			*sid =  dom_sid_dup(mem_ctx, state->domain_sid);
+			if (*sid == NULL) {
+				return NT_STATUS_NO_MEMORY;
+			}
 			*rtype = SID_NAME_DOMAIN;
 			*rid = 0xFFFFFFFF;
 			return NT_STATUS_OK;
 		}
-		
+
 		/* Perhaps this is a well known user? */
 		name = talloc_asprintf(mem_ctx, "%s\\%s", NAME_NT_AUTHORITY, username);
 		if (!name) {