auth/ntlmssp: Avoid use-after-free of user_info after logon failure at log level 5

author Andrew Bartlett <abartlet@samba.org>

Fri, 15 Mar 2013 02:00:55 +0000 (13:00 +1100)

committer Jeremy Allison <jra@samba.org>

Wed, 27 Mar 2013 16:28:50 +0000 (09:28 -0700)
author Andrew Bartlett <abartlet@samba.org>
Fri, 15 Mar 2013 02:00:55 +0000 (13:00 +1100)
committer Jeremy Allison <jra@samba.org>
Wed, 27 Mar 2013 16:28:50 +0000 (09:28 -0700)
diff --git a/auth/ntlmssp/ntlmssp_server.c b/auth/ntlmssp/ntlmssp_server.c

index d9bea1cde4b97734ff8e2bc7e2e0b93789b49ee9..442bd5db494caf639f1a3c04081d934eed395320 100644 (file)
--- a/auth/ntlmssp/ntlmssp_server.c
+++ b/auth/ntlmssp/ntlmssp_server.c
@@ -449,11 +449,11 @@ static NTSTATUS ntlmssp_server_check_password(struct gensec_security *gensec_sec
                                                               &gensec_ntlmssp->server_returned_info,
                                                               user_session_key, lm_session_key);
         }
-       talloc_free(user_info);
  
         if (!NT_STATUS_IS_OK(nt_status)) {
                 DEBUG(5, (__location__ ": Checking NTLMSSP password for %s\\%s failed: %s\n", user_info->client.domain_name, user_info->client.account_name, nt_errstr(nt_status)));
         }
+       TALLOC_FREE(user_info);
  
         NT_STATUS_NOT_OK_RETURN(nt_status);
author	Andrew Bartlett <abartlet@samba.org>
	Fri, 15 Mar 2013 02:00:55 +0000 (13:00 +1100)
committer	Jeremy Allison <jra@samba.org>
	Wed, 27 Mar 2013 16:28:50 +0000 (09:28 -0700)