nsswitch pam_winbind: Fix Asan use after free

Fix use after free condition detected by Address Sanitizer triggered by wbcLogonUserInfoDestructor, wbcFreeMemory has code to detect and prevent a double free. This patch prevents the Address Sanitizer error, allowing tests to be run with Address Sanitizer enabled. Bug: https://bugzilla.samba.org/show_bug.cgi?id=13927 Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Mon May 6 08:55:22 UTC 2019 on sn-devel-184
author: Gary Lockyer <gary@catalyst.net.nz> 2019-04-18 09:29:28 +1200
committer: Andrew Bartlett <abartlet@samba.org> 2019-05-06 08:55:22 +0000
commit: 193b44466ba05deba8f2b1fdc16ab55c102e82ad (patch)
tree: ea81f298db5c40d2860230472d1990295831e28f /nsswitch
parent: e129d4ea3e0f6455d1eb6d5df7118e31fcb1670e (diff)
download: samba-193b44466ba05deba8f2b1fdc16ab55c102e82ad.tar.gz
1 files changed, 5 insertions, 0 deletions
diff --git a/nsswitch/pam_winbind.c b/nsswitch/pam_winbind.c
index 757fdae6e3c..0ba1955f007 100644
--- a/nsswitch/pam_winbind.c
+++ b/nsswitch/pam_winbind.c
@@ -1931,6 +1931,11 @@ static int winbind_auth_request(struct pwb_context *ctx,
 	wbcFreeMemory(logon.blobs);
 	if (info && info->blobs && !p_info) {
 		wbcFreeMemory(info->blobs);
+		/*
+		 * We set blobs to NULL to prevent a use after free in the
+		 * in the wbcLogonUserInfoDestructor
+		 */
+		info->blobs = NULL;
 	}
 	if (error && !p_error) {
 		wbcFreeMemory(error);
author	Gary Lockyer <gary@catalyst.net.nz>	2019-04-18 09:29:28 +1200
committer	Andrew Bartlett <abartlet@samba.org>	2019-05-06 08:55:22 +0000
commit	193b44466ba05deba8f2b1fdc16ab55c102e82ad (patch)
tree	ea81f298db5c40d2860230472d1990295831e28f /nsswitch
parent	e129d4ea3e0f6455d1eb6d5df7118e31fcb1670e (diff)
download	samba-193b44466ba05deba8f2b1fdc16ab55c102e82ad.tar.gz