s4-lsa: Fix use-after-free in LSA server
authorAndrew Bartlett <abartlet@samba.org>
Thu, 3 May 2018 04:22:19 +0000 (16:22 +1200)
committerAndrew Bartlett <abartlet@samba.org>
Thu, 3 May 2018 06:17:44 +0000 (08:17 +0200)
commit7e091e505156381e385235ab4518b4d133a98497
tree823351ece8435ba05953313a2ecff66e8871fa82
parent2096d13274b679c282bdb85c63900eba0d76d1be
s4-lsa: Fix use-after-free in LSA server

This is a regression introduced in ab7988aa2fd1a43f576a4b73a6893c61c7ef1957.

The state variable contains the data to be returned to the client
and packed into NDR after the function returned.

This memory needs to be kept (on mem_ctx as parent) until that is
pushed and freed by the caller.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13420

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
source4/rpc_server/lsa/lsa_lookup.c