Fix bug #8477 - Map to guest can return uninitialized blob of data.

Found by Codenomicon at SNIA SDC.

Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Fri Sep 23 03:19:46 CEST 2011 on sn-devel-104

diff --git a/source3/smbd/smb2_sesssetup.c b/source3/smbd/smb2_sesssetup.c
index 95badaf136629f84aefd0458f68a09dad72999c4..e645770014b4cc08219b9730c64903087b377d1a 100644 (file)
--- a/source3/smbd/smb2_sesssetup.c
+++ b/source3/smbd/smb2_sesssetup.c
@@ -58,7 +58,7 @@ NTSTATUS smbd_smb2_request_process_sesssetup(struct smbd_smb2_request *smb2req)
        uint16_t out_session_flags;
        uint64_t out_session_id;
        uint16_t out_security_offset;
-       DATA_BLOB out_security_buffer;
+       DATA_BLOB out_security_buffer = data_blob_null;
        NTSTATUS status;
 
        status = smbd_smb2_request_verify_sizes(smb2req, 0x19);
@@ -637,6 +637,8 @@ static NTSTATUS smbd_smb2_raw_ntlmssp_auth(struct smbd_smb2_session *session,
 {
        NTSTATUS status;
 
+       *out_security_buffer = data_blob_null;
+
        if (session->auth_ntlmssp_state == NULL) {
                status = auth_ntlmssp_prepare(session->sconn->remote_address,
                                            &session->auth_ntlmssp_state);