From 34cc5bd260a9c7139d8d1e822f4e139e9c0ec2c0 Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet@samba.org>
Date: Tue, 2 Sep 2014 17:03:34 +1200
Subject: [PATCH] winbindd: Do not use user_list->out.resume_index after free

Found by AddressSanitizer

Change-Id: I9f8b95b65de788994a7404fa8889fce45ccb3a30
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Kamen Mazdrashki <kamenim@samba.org>
---
 source4/winbind/wb_cmd_setpwent.c | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/source4/winbind/wb_cmd_setpwent.c b/source4/winbind/wb_cmd_setpwent.c
index 8164d6f1998..ab9fd2ef949 100644
--- a/source4/winbind/wb_cmd_setpwent.c
+++ b/source4/winbind/wb_cmd_setpwent.c
@@ -115,6 +115,9 @@ static void cmd_setpwent_recv_user_list(struct composite_context *ctx)
 						  user_list);
 	if (NT_STATUS_IS_OK(state->ctx->status) ||
 		NT_STATUS_EQUAL(state->ctx->status, STATUS_MORE_ENTRIES)) {
+
+		uint32_t resume_index = user_list->out.resume_index;
+
 		if (state->result->page_index == -1) { /* First run*/
 			state->result->user_list = user_list;
 			state->result->page_index = 0;
@@ -133,7 +136,7 @@ static void cmd_setpwent_recv_user_list(struct composite_context *ctx)
 					= talloc_strdup(state->result, user_list->out.users[i].username);
 			}
 			state->result->user_list->out.count = cnt;
-			talloc_free(user_list);
+			TALLOC_FREE(user_list);
 		}
 
 		if (NT_STATUS_IS_OK(state->ctx->status) ) {
@@ -142,7 +145,7 @@ static void cmd_setpwent_recv_user_list(struct composite_context *ctx)
 			user_list_send = talloc(state->result, struct libnet_UserList);
 			if (composite_nomem(user_list_send, state->ctx)) return;
 			user_list_send->in.domain_name =  talloc_strdup(state, state->domain_name);
-			user_list_send->in.resume_index = user_list->out.resume_index;
+			user_list_send->in.resume_index = resume_index;
 			user_list_send->in.page_size = 128;
 			ctx = libnet_UserList_send(state->libnet_ctx, state->result, user_list_send, NULL);
 			composite_continue(state->ctx, ctx, cmd_setpwent_recv_user_list, state);
-- 
2.11.4.GIT