Bug 14994 - talloc_steal in PAC handling creates memory corruption
Summary: talloc_steal in PAC handling creates memory corruption
Status: RESOLVED DUPLICATE of bug 14993
Alias: None
Product: Samba 4.1 and newer
Classification: Unclassified
Component: AD: LDB/DSDB/SAMDB (show other bugs)
Version: 4.16.0rc3
Hardware: All All
: P5 normal (vote)
Target Milestone: ---
Assignee: Samba QA Contact
QA Contact: Samba QA Contact
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2022-03-01 08:38 UTC by Andrew Bartlett
Modified: 2022-03-01 09:52 UTC (History)
0 users

See Also:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Andrew Bartlett 2022-03-01 08:38:45 UTC
It was noticed during the Heimdal 8.0 upgrade that there was a use-after-free due to talloc_steal() rather than talloc_strdup of PAC elements in the Samba authorization code.
Comment 1 Andrew Bartlett 2022-03-01 09:52:21 UTC

*** This bug has been marked as a duplicate of bug 14993 ***