s3:schannel fix memory hierarchy

passing mem_ctx was causing creds->sid to be allocated on mem_ctx and not be
child of creds as expected. When later in schannel_check_creds_state() we
stole the creds on a different memory context the sid was left behind and the
memory it points to freed when the temporary context was freed.

diff --git a/libcli/auth/schannel_state_tdb.c b/libcli/auth/schannel_state_tdb.c
index 3da7618e2c1c3d39b5e8c4a6462de1e1bf99a5b4..49c89085be2a0340c59d11350a20e92424dd078b 100644 (file)
--- a/libcli/auth/schannel_state_tdb.c
+++ b/libcli/auth/schannel_state_tdb.c
@@ -117,7 +117,7 @@ NTSTATUS schannel_fetch_session_key_tdb(struct tdb_context *tdb,
 
        blob = data_blob_const(value.dptr, value.dsize);
 
-       ndr_err = ndr_pull_struct_blob(&blob, mem_ctx, NULL, creds,
+       ndr_err = ndr_pull_struct_blob(&blob, creds, NULL, creds,
                        (ndr_pull_flags_fn_t)ndr_pull_netlogon_creds_CredentialState);
        if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
                status = ndr_map_error2ntstatus(ndr_err);