Found by boyang, the code in winbind_name_to_sid_string() frees memory and then references a pointer to the just freed value. Bug exists in 3.4.x and 3.3.x. Jeremy.
Created attachment 4846 [details] git-am format patch for 3.4.3.
Created attachment 4847 [details] git-am format patch for 3.3.9. Same fix for 3.3.9. Jeremy.
Created attachment 4848 [details] git-am format patch for 3.4.3. Correct fix - initializes sid_str to NULL so we don't free an uninitialized pointer. Jeremy.
Created attachment 4849 [details] git-am format patch for 3.3.9. git-am format patch for 3.3.9. Correct fix - initializes sid_str to NULL so we don't free an uninitialized pointer. Jeremy.
Comment on attachment 4848 [details] git-am format patch for 3.4.3. Yes. This is correct and we need it for 3.4.3.
Comment on attachment 4849 [details] git-am format patch for 3.3.9. Yes. Correct and we need it for 3.3.9
Karo - please apply to v3-3-test and v3-4-test.
Sorry, too late for 3.3.9, will be included in 3.3.10. Pushed to v3-3-test and v3-4-test. Closing out bug report. Thanks!