summaryrefslogtreecommitdiff
path: root/source4/smb_server
diff options
context:
space:
mode:
authorAndreas Schneider <asn@samba.org>2013-11-08 16:14:35 +0100
committerJeremy Allison <jra@samba.org>2013-11-08 09:45:10 -0800
commit12a2230581b3ff5c7a29819532652d7ddfe61521 (patch)
tree8cc07fefda0dd5508d7fcdf76772cd8c6d279abc /source4/smb_server
parent29f12e7d5960906935e3af1405e9759a07d64750 (diff)
downloadsamba-12a2230581b3ff5c7a29819532652d7ddfe61521.tar.gz
s4-smb_server: Fix a use after free.
If we haven't allocated the smbsrv_session then we should not free it. Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
Diffstat (limited to 'source4/smb_server')
-rw-r--r--source4/smb_server/smb/sesssetup.c6
1 files changed, 5 insertions, 1 deletions
diff --git a/source4/smb_server/smb/sesssetup.c b/source4/smb_server/smb/sesssetup.c
index b26c1281dda..4ebc0c47718 100644
--- a/source4/smb_server/smb/sesssetup.c
+++ b/source4/smb_server/smb/sesssetup.c
@@ -415,6 +415,7 @@ static void sesssetup_spnego(struct smbsrv_request *req, union smb_sesssetup *se
{
NTSTATUS status;
struct smbsrv_session *smb_sess = NULL;
+ bool is_smb_sess_new = false;
struct sesssetup_spnego_state *s = NULL;
uint16_t vuid;
struct tevent_req *subreq;
@@ -465,6 +466,7 @@ static void sesssetup_spnego(struct smbsrv_request *req, union smb_sesssetup *se
status = NT_STATUS_INSUFFICIENT_RESOURCES;
goto failed;
}
+ is_smb_sess_new = true;
} else {
smb_sess = smbsrv_session_find_sesssetup(req->smb_conn, vuid);
}
@@ -510,7 +512,9 @@ static void sesssetup_spnego(struct smbsrv_request *req, union smb_sesssetup *se
nomem:
status = NT_STATUS_NO_MEMORY;
failed:
- talloc_free(smb_sess);
+ if (is_smb_sess_new) {
+ talloc_free(smb_sess);
+ }
status = nt_status_squash(status);
smbsrv_sesssetup_backend_send(req, sess, status);
}
View Lorry Controller Status