From fc68eddf262898f3d9e95a328ea0a74b9d9c3986 Mon Sep 17 00:00:00 2001
From: Gary Lockyer <gary@catalyst.net.nz>
Date: Tue, 14 May 2019 13:10:22 +1200
Subject: [PATCH] s4 dsdb: fix use after free in
 samldb_rename_search_base_callback

Fix use after free detected by AddressSanitizer

AddressSanitizer: heap-use-after-free on address 0x60f0002b2738
                  at pc 0x7f89b1a213b5 bp 0x7ffce9528810 sp 0x7ffce9528800
                  READ of size 8 at 0x60f0002b2738 thread T0
    #0 0x7f89b1a213b4 in samldb_rename_search_base_callback
        ../../source4/dsdb/samdb/ldb_modules/samldb.c:4203
    #1 0x7f89d3a0db4a in ldb_module_send_entry
        ../../lib/ldb/common/ldb_modules.c:793
    #2 0x7f89b6f27356 in es_callback
        ../../source4/dsdb/samdb/ldb_modules/encrypted_secrets.c:1418

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13942

Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit b0cc6d217485c317b2138347216fac5d74684328)
---
 source4/dsdb/samdb/ldb_modules/samldb.c | 1 -
 1 file changed, 1 deletion(-)

diff --git a/source4/dsdb/samdb/ldb_modules/samldb.c b/source4/dsdb/samdb/ldb_modules/samldb.c
index e69228c32c7..c1188c432f6 100644
--- a/source4/dsdb/samdb/ldb_modules/samldb.c
+++ b/source4/dsdb/samdb/ldb_modules/samldb.c
@@ -4063,7 +4063,6 @@ static int check_rename_constraints(struct ldb_message *msg,
 	if (samdb_find_attribute(ldb, msg, "objectclass", "subnet") != NULL) {
 		ret = samldb_verify_subnet(ac, newdn);
 		if (ret != LDB_SUCCESS) {
-			talloc_free(ac);
 			return ret;
 		}
 	}
-- 
2.17.1