Fix crash bug in NTLMSSP caused by msrpc_parse() moving to talloc

author Andrew Bartlett <abartlet@samba.org>

Thu, 16 Apr 2009 04:08:00 +0000 (14:08 +1000)

committer Andrew Bartlett <abartlet@samba.org>

Thu, 16 Apr 2009 04:08:00 +0000 (14:08 +1000)
author Andrew Bartlett <abartlet@samba.org>
Thu, 16 Apr 2009 04:08:00 +0000 (14:08 +1000)
committer Andrew Bartlett <abartlet@samba.org>
Thu, 16 Apr 2009 04:08:00 +0000 (14:08 +1000)
diff --git a/source3/libsmb/ntlmssp.c b/source3/libsmb/ntlmssp.c

index 80c003283e112f50f14015d3722d6cbf2d2521dc..a1672af068c149e0f70f2fa5a1bca6e3f87e36b0 100644 (file)
--- a/source3/libsmb/ntlmssp.c
+++ b/source3/libsmb/ntlmssp.c
@@ -1046,7 +1046,7 @@ static NTSTATUS ntlmssp_client_challenge(struct ntlmssp_state *ntlmssp_state,
         DEBUG(3, ("NTLMSSP: Set final flags:\n"));
         debug_ntlmssp_flags(ntlmssp_state->neg_flags);
  
-       if (!msrpc_parse(NULL, &reply, chal_parse_string,
+       if (!msrpc_parse(ntlmssp_state, &reply, chal_parse_string,
                          "NTLMSSP",
                          &ntlmssp_command, 
                          &server_domain,
@@ -1059,10 +1059,8 @@ static NTSTATUS ntlmssp_client_challenge(struct ntlmssp_state *ntlmssp_state,
                 return NT_STATUS_INVALID_PARAMETER;
         }
  
-       ntlmssp_state->server_domain = talloc_strdup(ntlmssp_state,
-                                                    server_domain);
+       ntlmssp_state->server_domain = server_domain;
  
-       SAFE_FREE(server_domain);
         if (challenge_blob.length != 8) {
                 data_blob_free(&struct_blob);
                 return NT_STATUS_INVALID_PARAMETER;
author	Andrew Bartlett <abartlet@samba.org>
	Thu, 16 Apr 2009 04:08:00 +0000 (14:08 +1000)
committer	Andrew Bartlett <abartlet@samba.org>
	Thu, 16 Apr 2009 04:08:00 +0000 (14:08 +1000)