git.samba.org / samba.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: c75fbea)
s4 dsdb: fix use after free in samldb_rename_search_base_callback
authorGary Lockyer <gary@catalyst.net.nz>
Tue, 14 May 2019 01:10:22 +0000 (13:10 +1200)
committerAndrew Bartlett <abartlet@samba.org>
Tue, 14 May 2019 06:07:25 +0000 (06:07 +0000)
Fix use after free detected by AddressSanitizer

AddressSanitizer: heap-use-after-free on address 0x60f0002b2738
                  at pc 0x7f89b1a213b5 bp 0x7ffce9528810 sp 0x7ffce9528800
                  READ of size 8 at 0x60f0002b2738 thread T0
    #0 0x7f89b1a213b4 in samldb_rename_search_base_callback
        ../../source4/dsdb/samdb/ldb_modules/samldb.c:4203
    #1 0x7f89d3a0db4a in ldb_module_send_entry
        ../../lib/ldb/common/ldb_modules.c:793
    #2 0x7f89b6f27356 in es_callback
        ../../source4/dsdb/samdb/ldb_modules/encrypted_secrets.c:1418

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13942

Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
source4/dsdb/samdb/ldb_modules/samldb.c patch | blob | history

diff --git a/source4/dsdb/samdb/ldb_modules/samldb.c b/source4/dsdb/samdb/ldb_modules/samldb.c
index 4c773da5b19473957fb5992e0b3eb7294ecaf8bf..094f254c8fc8faf2f66e58fc65b3062fa13958d4 100644 (file)
--- a/source4/dsdb/samdb/ldb_modules/samldb.c
+++ b/source4/dsdb/samdb/ldb_modules/samldb.c
@@ -4064,7 +4064,6 @@ static int check_rename_constraints(struct ldb_message *msg,
        if (samdb_find_attribute(ldb, msg, "objectclass", "subnet") != NULL) {
                ret = samldb_verify_subnet(ac, newdn);
                if (ret != LDB_SUCCESS) {
-                       talloc_free(ac);
                        return ret;
                }
        }
Samba Shared Repository