diff options
author | Stefan Metzmacher <metze@samba.org> | 2021-08-05 13:30:41 +0200 |
---|---|---|
committer | Jule Anger <janger@samba.org> | 2021-11-08 10:46:45 +0100 |
commit | 258710a9f2145939d959a8512e0d40dfd32ef1b7 (patch) | |
tree | 43f16c0468f8ae0784866c8d67c517c26efb55ff | |
parent | 50c0ac89d52e4313d5c9cb502077df9062c6b7e6 (diff) | |
download | samba-258710a9f2145939d959a8512e0d40dfd32ef1b7.tar.gz |
CVE-2021-3738 auth_util: avoid talloc_tos() in copy_session_info()
We want to use this also in code without existing
stackframe.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14468
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
-rw-r--r-- | auth/auth_util.c | 9 |
1 files changed, 6 insertions, 3 deletions
diff --git a/auth/auth_util.c b/auth/auth_util.c index f3586f1fc1e..fe01babd107 100644 --- a/auth/auth_util.c +++ b/auth/auth_util.c @@ -26,26 +26,28 @@ struct auth_session_info *copy_session_info(TALLOC_CTX *mem_ctx, const struct auth_session_info *src) { + TALLOC_CTX *frame = talloc_stackframe(); struct auth_session_info *dst; DATA_BLOB blob; enum ndr_err_code ndr_err; ndr_err = ndr_push_struct_blob( &blob, - talloc_tos(), + frame, src, (ndr_push_flags_fn_t)ndr_push_auth_session_info); if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { DBG_ERR("copy_session_info(): ndr_push_auth_session_info " "failed: %s\n", ndr_errstr(ndr_err)); + TALLOC_FREE(frame); return NULL; } dst = talloc(mem_ctx, struct auth_session_info); if (dst == NULL) { DBG_ERR("talloc failed\n"); - TALLOC_FREE(blob.data); + TALLOC_FREE(frame); return NULL; } @@ -54,15 +56,16 @@ struct auth_session_info *copy_session_info(TALLOC_CTX *mem_ctx, dst, dst, (ndr_pull_flags_fn_t)ndr_pull_auth_session_info); - TALLOC_FREE(blob.data); if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { DBG_ERR("copy_session_info(): ndr_pull_auth_session_info " "failed: %s\n", ndr_errstr(ndr_err)); TALLOC_FREE(dst); + TALLOC_FREE(frame); return NULL; } + TALLOC_FREE(frame); return dst; } |