From e6f789c8965dc6744162458566cf945fcde43bde Mon Sep 17 00:00:00 2001 From: Gary Lockyer Date: Thu, 18 Apr 2019 09:29:28 +1200 Subject: [PATCH] nsswitch pam_winbind: Fix Asan use after free Fix use after free condition detected by Address Sanitizer triggered by wbcLogonUserInfoDestructor, wbcFreeMemory has code to detect and prevent a double free. This patch prevents the Address Sanitizer error, allowing tests to be run with Address Sanitizer enabled. Bug: https://bugzilla.samba.org/show_bug.cgi?id=13927 Signed-off-by: Gary Lockyer --- nsswitch/pam_winbind.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/nsswitch/pam_winbind.c b/nsswitch/pam_winbind.c index 757fdae6e3c..0ba1955f007 100644 --- a/nsswitch/pam_winbind.c +++ b/nsswitch/pam_winbind.c @@ -1931,6 +1931,11 @@ static int winbind_auth_request(struct pwb_context *ctx, wbcFreeMemory(logon.blobs); if (info && info->blobs && !p_info) { wbcFreeMemory(info->blobs); + /* + * We set blobs to NULL to prevent a use after free in the + * in the wbcLogonUserInfoDestructor + */ + info->blobs = NULL; } if (error && !p_error) { wbcFreeMemory(error); -- 2.17.1