ntlmssp_update allocates the reply_blob as a child of ntlmssp_state. This means
with ntlmss_end() it will be gone. winbindd_dual_ccache_ntlm_auth used the blob
after the ntlmssp_end().
(cherry picked from commit
43c841b6bd92e987109df81b6b8a2b85f21b0181)
Addresses bug #7027 (winbindd crash in winbindd_dual_ccache_ntlm_auth due to
freed memory reference.)
data_blob_free(&reply);
goto done;
}
- *auth_msg = reply;
+ *auth_msg = data_blob(reply.data, reply.length);
status = NT_STATUS_OK;
done: