nsswitch pam_winbind: Fix Asan use after free

Fix use after free condition detected by Address Sanitizer triggered by
wbcLogonUserInfoDestructor, wbcFreeMemory has code to detect and prevent a
double free.  This patch prevents the Address Sanitizer error, allowing
tests to be run with Address Sanitizer enabled.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13927

Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Mon May  6 08:55:22 UTC 2019 on sn-devel-184

diff --git a/nsswitch/pam_winbind.c b/nsswitch/pam_winbind.c
index 757fdae6e3c631d131bbcfdc446a4651d1a4bd76..0ba1955f0078c2c94c1055e9f1c8ae20fc4679e2 100644 (file)
--- a/nsswitch/pam_winbind.c
+++ b/nsswitch/pam_winbind.c
@@ -1931,6 +1931,11 @@ static int winbind_auth_request(struct pwb_context *ctx,
        wbcFreeMemory(logon.blobs);
        if (info && info->blobs && !p_info) {
                wbcFreeMemory(info->blobs);
+               /*
+                * We set blobs to NULL to prevent a use after free in the
+                * in the wbcLogonUserInfoDestructor
+                */
+               info->blobs = NULL;
        }
        if (error && !p_error) {
                wbcFreeMemory(error);