s4-auth-krb: Fix talloc access after free in smb_krb5_update_keytab

Change-Id: Iaa168d520f124e0c43c7edd649318f0b8ee25020
Signed-off-by: Samuel Cabrero <scabrero@zentyal.com>
Reviewed-by: Kamen Mazdrashki <kamenim@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Kamen Mazdrashki <kamenim@samba.org>
Autobuild-Date(master): Tue Jul  8 16:51:09 CEST 2014 on sn-devel-104

diff --git a/source4/auth/kerberos/srv_keytab.c b/source4/auth/kerberos/srv_keytab.c
index 1fc8b4cfed288eb474b20e70628bec6099a87515..bd423166873fdb75596aa0e58c73ed8a5f74ccbe 100644 (file)
--- a/source4/auth/kerberos/srv_keytab.c
+++ b/source4/auth/kerberos/srv_keytab.c
@@ -277,7 +277,8 @@ static krb5_error_code create_keytab(TALLOC_CTX *parent_ctx,
 
        mem_ctx = talloc_new(parent_ctx);
        if (!mem_ctx) {
-               *error_string = "unable to allocate tmp_ctx for create_keytab";
+               *error_string = talloc_strdup(parent_ctx,
+                       "unable to allocate tmp_ctx for create_keytab");
                return ENOMEM;
        }
 
@@ -304,6 +305,7 @@ static krb5_error_code create_keytab(TALLOC_CTX *parent_ctx,
                              salt_princ, kvno, new_secret,
                              context, enctypes, keytab, error_string);
        if (ret) {
+               talloc_steal(parent_ctx, *error_string);
                goto done;
        }
 
@@ -311,6 +313,9 @@ static krb5_error_code create_keytab(TALLOC_CTX *parent_ctx,
                ret = keytab_add_keys(mem_ctx, principals,
                                      salt_princ, kvno - 1, old_secret,
                                      context, enctypes, keytab, error_string);
+               if (ret) {
+                       talloc_steal(parent_ctx, *error_string);
+               }
        }
 
 done: