From e6cdaa7b45c4d18ec52c0ba55e678250ed7420a5 Mon Sep 17 00:00:00 2001
From: Samuel Cabrero <scabrero@zentyal.com>
Date: Thu, 12 Jun 2014 10:39:02 +0200
Subject: [PATCH] s4-auth-krb: Fix talloc access after free in
 smb_krb5_update_keytab

Signed-off-by: Samuel Cabrero <scabrero@zentyal.com>
---
 source4/auth/kerberos/srv_keytab.c | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/source4/auth/kerberos/srv_keytab.c b/source4/auth/kerberos/srv_keytab.c
index 1fc8b4c..bd42316 100644
--- a/source4/auth/kerberos/srv_keytab.c
+++ b/source4/auth/kerberos/srv_keytab.c
@@ -277,7 +277,8 @@ static krb5_error_code create_keytab(TALLOC_CTX *parent_ctx,
 
 	mem_ctx = talloc_new(parent_ctx);
 	if (!mem_ctx) {
-		*error_string = "unable to allocate tmp_ctx for create_keytab";
+		*error_string = talloc_strdup(parent_ctx,
+			"unable to allocate tmp_ctx for create_keytab");
 		return ENOMEM;
 	}
 
@@ -304,6 +305,7 @@ static krb5_error_code create_keytab(TALLOC_CTX *parent_ctx,
 			      salt_princ, kvno, new_secret,
 			      context, enctypes, keytab, error_string);
 	if (ret) {
+		talloc_steal(parent_ctx, *error_string);
 		goto done;
 	}
 
@@ -311,6 +313,9 @@ static krb5_error_code create_keytab(TALLOC_CTX *parent_ctx,
 		ret = keytab_add_keys(mem_ctx, principals,
 				      salt_princ, kvno - 1, old_secret,
 				      context, enctypes, keytab, error_string);
+		if (ret) {
+			talloc_steal(parent_ctx, *error_string);
+		}
 	}
 
 done:
-- 
1.9.1