diff options
author | Gary Lockyer <gary@catalyst.net.nz> | 2019-04-18 09:29:28 +1200 |
---|---|---|
committer | Andrew Bartlett <abartlet@samba.org> | 2019-05-06 08:55:22 +0000 |
commit | 193b44466ba05deba8f2b1fdc16ab55c102e82ad (patch) | |
tree | ea81f298db5c40d2860230472d1990295831e28f /nsswitch | |
parent | e129d4ea3e0f6455d1eb6d5df7118e31fcb1670e (diff) | |
download | samba-193b44466ba05deba8f2b1fdc16ab55c102e82ad.tar.gz |
nsswitch pam_winbind: Fix Asan use after free
Fix use after free condition detected by Address Sanitizer triggered by
wbcLogonUserInfoDestructor, wbcFreeMemory has code to detect and prevent a
double free. This patch prevents the Address Sanitizer error, allowing
tests to be run with Address Sanitizer enabled.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13927
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Mon May 6 08:55:22 UTC 2019 on sn-devel-184
Diffstat (limited to 'nsswitch')
-rw-r--r-- | nsswitch/pam_winbind.c | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/nsswitch/pam_winbind.c b/nsswitch/pam_winbind.c index 757fdae6e3c..0ba1955f007 100644 --- a/nsswitch/pam_winbind.c +++ b/nsswitch/pam_winbind.c @@ -1931,6 +1931,11 @@ static int winbind_auth_request(struct pwb_context *ctx, wbcFreeMemory(logon.blobs); if (info && info->blobs && !p_info) { wbcFreeMemory(info->blobs); + /* + * We set blobs to NULL to prevent a use after free in the + * in the wbcLogonUserInfoDestructor + */ + info->blobs = NULL; } if (error && !p_error) { wbcFreeMemory(error); |