From: Michael Adam <obnox@samba.org>
Date: Wed, 6 Jan 2010 11:32:51 +0000 (+0100)
Subject: s3:auth:check_sam_security: null out sampass after it has been stolen.
X-Git-Tag: release-4-0-0alpha11~161
X-Git-Url: http://git.samba.org/?p=amitay%2Fsamba.git;a=commitdiff_plain;h=de4fb80beec59999dd9ce074d4fff0b310fb08da;ds=sidebyside

s3:auth:check_sam_security: null out sampass after it has been stolen.

So that a later talloc_free would not harm. I could have used
talloc_move instead of talloc steal in make_server_info_sam(),
but this would have required a change of the signature.

Michael
---

diff --git a/source3/auth/auth_sam.c b/source3/auth/auth_sam.c
index add74f611a5..3573de13758 100644
--- a/source3/auth/auth_sam.c
+++ b/source3/auth/auth_sam.c
@@ -402,6 +402,7 @@ static NTSTATUS check_sam_security(const struct auth_context *auth_context,
 	become_root();
 	nt_status = make_server_info_sam(server_info, sampass);
 	unbecome_root();
+	sampass = NULL;
 
 	if (!NT_STATUS_IS_OK(nt_status)) {
 		DEBUG(0,("check_sam_security: make_server_info_sam() failed with '%s'\n", nt_errstr(nt_status)));