packages/samba
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
samba/backport-0020-CVE-2020-25717-s3-ntlm_auth-fix-memory-leaks-in-ntlm.patch
haochenstar 8378df4821 fix CVE-2020-25717,CVE-2020-25718,CVE-2020-25719,CVE-2020-25721,CVE-2020-25722,CVE-2016-2124,CVE-2021-3738 
(cherry picked from commit aee849c6c0708056f62f6445e3b5274d1cec6408)
2022-01-19 11:41:35 +08:00

78 lines
2.3 KiB
Diff
Raw Blame History

From 9f73360e17d1e519d25cb4b60d7506fca9fd02fe Mon Sep 17 00:00:00 2001
From: Stefan Metzmacher <metze@samba.org>
Date: Tue, 21 Sep 2021 12:27:28 +0200
Subject: [PATCH 126/266] CVE-2020-25717: s3:ntlm_auth: fix memory leaks in
ntlm_auth_generate_session_info_pac()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14801
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14556
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
---
source3/utils/ntlm_auth.c | 18 ++++++++++++------
1 file changed, 12 insertions(+), 6 deletions(-)
Conflict:NA
Reference:https://git.samba.org/samba.git/?p=samba.git;a=patch;h=9f73360e17d1e519d25cb4b60d7506fca9fd02fe
diff --git a/source3/utils/ntlm_auth.c b/source3/utils/ntlm_auth.c
index 1d22a48c57c..e6efdfcec5c 100644
--- a/source3/utils/ntlm_auth.c
+++ b/source3/utils/ntlm_auth.c
@@ -817,23 +817,27 @@ static NTSTATUS ntlm_auth_generate_session_info_pac(struct auth4_context *auth_c
if (!p) {
DEBUG(3, ("[%s] Doesn't look like a valid principal\n",
princ_name));
- return NT_STATUS_LOGON_FAILURE;
+ status = NT_STATUS_LOGON_FAILURE;
+ goto done;
}
user = talloc_strndup(mem_ctx, princ_name, p - princ_name);
if (!user) {
- return NT_STATUS_NO_MEMORY;
+ status = NT_STATUS_NO_MEMORY;
+ goto done;
}
realm = talloc_strdup(talloc_tos(), p + 1);
if (!realm) {
- return NT_STATUS_NO_MEMORY;
+ status = NT_STATUS_NO_MEMORY;
+ goto done;
}
if (!strequal(realm, lp_realm())) {
DEBUG(3, ("Ticket for foreign realm %s@%s\n", user, realm));
if (!lp_allow_trusted_domains()) {
- return NT_STATUS_LOGON_FAILURE;
+ status = NT_STATUS_LOGON_FAILURE;
+ goto done;
}
}
@@ -841,7 +845,8 @@ static NTSTATUS ntlm_auth_generate_session_info_pac(struct auth4_context *auth_c
domain = talloc_strdup(mem_ctx,
logon_info->info3.base.logon_domain.string);
if (!domain) {
- return NT_STATUS_NO_MEMORY;
+ status = NT_STATUS_NO_MEMORY;
+ goto done;
}
DEBUG(10, ("Domain is [%s] (using PAC)\n", domain));
} else {
@@ -871,7 +876,8 @@ static NTSTATUS ntlm_auth_generate_session_info_pac(struct auth4_context *auth_c
domain = talloc_strdup(mem_ctx, realm);
}
if (!domain) {
- return NT_STATUS_NO_MEMORY;
+ status = NT_STATUS_NO_MEMORY;
+ goto done;
}
DEBUG(10, ("Domain is [%s] (using Winbind)\n", domain));
}
--
2.23.0
Reference in New Issue View Git Blame Copy Permalink