CVE-2013-4496:s3:auth: fix memory leak in the ACCOUNT_LOCKED_OUT case.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=10245

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

diff --git a/source3/auth/check_samsec.c b/source3/auth/check_samsec.c
index 7ed8cc2341d56a5f925d3d4b25c26d78aae0444d..94f30b14f380f55807506e2241605493376f2ff8 100644 (file)
--- a/source3/auth/check_samsec.c
+++ b/source3/auth/check_samsec.c
@@ -408,6 +408,7 @@ NTSTATUS check_sam_security(const DATA_BLOB *challenge,
        /* Quit if the account was locked out. */
        if (pdb_get_acct_ctrl(sampass) & ACB_AUTOLOCK) {
                DEBUG(3,("check_sam_security: Account for user %s was locked out.\n", username));
+               TALLOC_FREE(sampass);
                return NT_STATUS_ACCOUNT_LOCKED_OUT;
        }