CVE-2016-2112: s4:ldap_server: reduce scope of old_session_info variable
authorStefan Metzmacher <metze@samba.org>
Fri, 18 Dec 2015 11:45:56 +0000 (12:45 +0100)
committerStefan Metzmacher <metze@samba.org>
Tue, 12 Apr 2016 17:25:25 +0000 (19:25 +0200)
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11644

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: G√ľnther Deschner <gd@samba.org>
source4/ldap_server/ldap_bind.c

index f907b3daf2213f034d2e299a57cc1d99a29f4c29..d1137e058c0ddb0adf96ad320839492df88a0b72 100644 (file)
@@ -218,7 +218,6 @@ static NTSTATUS ldapsrv_BindSASL(struct ldapsrv_call *call)
                result = LDAP_SASL_BIND_IN_PROGRESS;
                errstr = NULL;
        } else if (NT_STATUS_IS_OK(status)) {
-               struct auth_session_info *old_session_info=NULL;
                struct ldapsrv_sasl_postprocess_context *context = NULL;
 
                result = LDAP_SUCCESS;
@@ -266,14 +265,13 @@ static NTSTATUS ldapsrv_BindSASL(struct ldapsrv_call *call)
                }
 
                if (result != LDAP_SUCCESS) {
-                       conn->session_info = old_session_info;
                } else if (!NT_STATUS_IS_OK(status)) {
-                       conn->session_info = old_session_info;
                        result = LDAP_OPERATIONS_ERROR;
                        errstr = talloc_asprintf(reply, 
                                                 "SASL:[%s]: Failed to setup SASL socket: %s", 
                                                 req->creds.SASL.mechanism, nt_errstr(status));
                } else {
+                       struct auth_session_info *old_session_info=NULL;
 
                        old_session_info = conn->session_info;
                        conn->session_info = NULL;