From 3d02bf10d7738fe604b524863764de3ca1faa081 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?G=C3=BCnther=20Deschner?= Date: Thu, 4 Nov 2021 22:22:44 +0100 Subject: [PATCH] s3-winexe: Fix winexe core dump (use-after-free) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit BUG: https://bugzilla.samba.org/show_bug.cgi?id=14893 Guenther Signed-off-by: Guenther Deschner Reviewed-by: Andreas Schneider Autobuild-User(master): Günther Deschner Autobuild-Date(master): Fri Nov 5 11:43:57 UTC 2021 on sn-devel-184 (cherry picked from commit e9495d2ed28a26899dc3dd77bdfe56e284980218) --- examples/winexe/winexe.c | 16 ++++++++++++---- 1 file changed, 12 insertions(+), 4 deletions(-) diff --git a/examples/winexe/winexe.c b/examples/winexe/winexe.c index 3e0813a4091..59fb9dbdebb 100644 --- a/examples/winexe/winexe.c +++ b/examples/winexe/winexe.c @@ -220,8 +220,6 @@ static void parse_args(int argc, const char *argv[], *port_str = '\0'; } - poptFreeContext(pc); - if (options->runas == NULL && options->runas_file != NULL) { struct cli_credentials *runas_cred; const char *user; @@ -253,9 +251,19 @@ static void parse_args(int argc, const char *argv[], options->credentials = samba_cmdline_get_creds(); - options->hostname = argv_new[0] + 2; + options->hostname = talloc_strdup(mem_ctx, argv_new[0] + 2); + if (options->hostname == NULL) { + DBG_ERR("Out of memory\n"); + exit(1); + } options->port = port; - options->cmd = argv_new[1]; + options->cmd = talloc_strdup(mem_ctx, argv_new[1]); + if (options->cmd == NULL) { + DBG_ERR("Out of memory\n"); + exit(1); + } + + poptFreeContext(pc); options->flags = flag_interactive; if (flag_reinstall) { -- 2.33.1