auth/ntlmssp: remove useless talloc_steal calls in ntlmssp_server_check_password()

We only create a temporary auth_usersupplied_info structure and pass it
down as const, lets keep the values on ntlmssp_state otherwise we may derefence
stale pointers.

We finally free the memory at the end of ntlmssp_server_postauth() now.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

1 files changed, 5 insertions, 2 deletions

diff --git a/auth/ntlmssp/ntlmssp_server.c b/auth/ntlmssp/ntlmssp_server.c
index c525a93941f..35aa54911ac 100644
--- a/auth/ntlmssp/ntlmssp_server.c
+++ b/auth/ntlmssp/ntlmssp_server.c
@@ -732,9 +732,7 @@ static NTSTATUS ntlmssp_server_check_password(struct gensec_security *gensec_sec
 
 	user_info->password_state = AUTH_PASSWORD_RESPONSE;
 	user_info->password.response.lanman = ntlmssp_state->lm_resp;
-	user_info->password.response.lanman.data = talloc_steal(user_info, ntlmssp_state->lm_resp.data);
 	user_info->password.response.nt = ntlmssp_state->nt_resp;
-	user_info->password.response.nt.data = talloc_steal(user_info, ntlmssp_state->nt_resp.data);
 
 	if (auth_context->check_ntlm_password) {
 		uint8_t authoritative = 0;
@@ -977,6 +975,11 @@ static NTSTATUS ntlmssp_server_postauth(struct gensec_security *gensec_security,
 		nt_status = ntlmssp_sign_init(ntlmssp_state);
 	}
 
+	data_blob_clear_free(&ntlmssp_state->internal_chal);
+	data_blob_clear_free(&ntlmssp_state->chal);
+	data_blob_clear_free(&ntlmssp_state->lm_resp);
+	data_blob_clear_free(&ntlmssp_state->nt_resp);
+
 	ntlmssp_state->expected_state = NTLMSSP_DONE;
 
 	return nt_status;