From f80a0142f048156217498ac51ed79b8a146b3108 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Wed, 9 Nov 2016 16:07:26 -0800 Subject: [PATCH] s3: libsmb: Fix memory hierarchy leak of gensec_security struct. BUG: https://bugzilla.samba.org/show_bug.cgi?id=12408 Signed-off-by: Jeremy Allison --- source3/libsmb/clifsinfo.c | 17 ++++++----------- 1 file changed, 6 insertions(+), 11 deletions(-) diff --git a/source3/libsmb/clifsinfo.c b/source3/libsmb/clifsinfo.c index 31a2c02..9712d5d 100644 --- a/source3/libsmb/clifsinfo.c +++ b/source3/libsmb/clifsinfo.c @@ -588,7 +588,8 @@ NTSTATUS cli_raw_ntlm_smb_encryption_start(struct cli_state *cli, DATA_BLOB param_out = data_blob_null; NTSTATUS status = NT_STATUS_UNSUCCESSFUL; struct auth_generic_state *auth_generic_state; - struct smb_trans_enc_state *es = talloc_zero(NULL, struct smb_trans_enc_state); + struct smb_trans_enc_state *es = talloc_zero(cli, + struct smb_trans_enc_state); if (!es) { return NT_STATUS_NO_MEMORY; } @@ -642,11 +643,8 @@ NTSTATUS cli_raw_ntlm_smb_encryption_start(struct cli_state *cli, if (NT_STATUS_IS_OK(status)) { es->enc_on = true; - /* Replace the old state, if any. */ - /* We only need the gensec_security part from here. - * es is a malloc()ed pointer, so we cannot make - * gensec_security a talloc child */ - es->gensec_security = talloc_move(NULL, + /* We only need the gensec_security part from here. */ + es->gensec_security = talloc_move(es, &auth_generic_state->gensec_security); smb1cli_conn_set_encryption(cli->conn, es); es = NULL; @@ -668,7 +666,7 @@ NTSTATUS cli_gss_smb_encryption_start(struct cli_state *cli) DATA_BLOB param_out = data_blob_null; NTSTATUS status = NT_STATUS_UNSUCCESSFUL; struct auth_generic_state *auth_generic_state; - struct smb_trans_enc_state *es = talloc_zero(NULL, struct smb_trans_enc_state); + struct smb_trans_enc_state *es = talloc_zero(cli, struct smb_trans_enc_state); if (!es) { return NT_STATUS_NO_MEMORY; @@ -727,10 +725,7 @@ NTSTATUS cli_gss_smb_encryption_start(struct cli_state *cli) if (NT_STATUS_IS_OK(status)) { es->enc_on = true; - /* Replace the old state, if any. */ - /* We only need the gensec_security part from here. - * es is a malloc()ed pointer, so we cannot make - * gensec_security a talloc child */ + /* We only need the gensec_security part from here. */ es->gensec_security = talloc_move(es, &auth_generic_state->gensec_security); smb1cli_conn_set_encryption(cli->conn, es); -- 2.8.0.rc3.226.g39d4020