s4:rpc-server: fix use after free in dcesrv_lsa_lookup_sid()

Authority name may be accessed after state has gone away and take domain_name with it. Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
author: Michael Adam <obnox@samba.org> 2013-11-08 11:15:33 +0100
committer: Andreas Schneider <asn@samba.org> 2013-11-13 11:40:28 +0100
commit: 29d8edfe4349aa80c4f4a4da53aaaab50871f60c (patch)
tree: 48a9dbf2b6b412128e6de04328394c86afbc3275 /source4
parent: 00c674985fda152eea366d6b94712ba183527f9a (diff)
download: samba-29d8edfe4349aa80c4f4a4da53aaaab50871f60c.tar.gz
1 files changed, 4 insertions, 1 deletions
diff --git a/source4/rpc_server/lsa/lsa_lookup.c b/source4/rpc_server/lsa/lsa_lookup.c
index c9c07cffb25..d9fba938369 100644
--- a/source4/rpc_server/lsa/lsa_lookup.c
+++ b/source4/rpc_server/lsa/lsa_lookup.c
@@ -532,7 +532,10 @@ static NTSTATUS dcesrv_lsa_lookup_sid(struct lsa_policy_state *state, TALLOC_CTX
 	}
 
 	if (dom_sid_in_domain(state->domain_sid, sid)) {
-		*authority_name = state->domain_name;
+		*authority_name = talloc_strdup(mem_ctx, state->domain_name);
+		if (*authority_name == NULL) {
+			return NT_STATUS_NO_MEMORY;
+		}
 		domain_dn = state->domain_dn;
 	} else if (dom_sid_in_domain(state->builtin_sid, sid)) {
 		*authority_name = NAME_BUILTIN;
author	Michael Adam <obnox@samba.org>	2013-11-08 11:15:33 +0100
committer	Andreas Schneider <asn@samba.org>	2013-11-13 11:40:28 +0100
commit	29d8edfe4349aa80c4f4a4da53aaaab50871f60c (patch)
tree	48a9dbf2b6b412128e6de04328394c86afbc3275 /source4
parent	00c674985fda152eea366d6b94712ba183527f9a (diff)
download	samba-29d8edfe4349aa80c4f4a4da53aaaab50871f60c.tar.gz