From 41a36191f671d4e7e172da6b50ca07c3530ff561 Mon Sep 17 00:00:00 2001
From: Andreas Schneider <asn@samba.org>
Date: Mon, 9 Aug 2021 17:25:53 +0200
Subject: [PATCH] CVE-2020-25719 mit_samba: Create the talloc context earlier

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14561

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
---
 source4/kdc/mit_samba.c | 20 ++++++++++++--------
 1 file changed, 12 insertions(+), 8 deletions(-)

diff --git a/source4/kdc/mit_samba.c b/source4/kdc/mit_samba.c
index 8651fc2979e..eee364fb617 100644
--- a/source4/kdc/mit_samba.c
+++ b/source4/kdc/mit_samba.c
@@ -528,6 +528,12 @@ krb5_error_code mit_samba_reget_pac(struct mit_samba_context *ctx,
 	krb5_pac new_pac = NULL;
 	bool ok;
 
+	/* Create a memory context early so code can use talloc_stackframe() */
+	tmp_ctx = talloc_named(ctx, 0, "mit_samba_reget_pac context");
+	if (tmp_ctx == NULL) {
+		return ENOMEM;
+	}
+
 	if (client != NULL) {
 		client_skdc_entry =
 			talloc_get_type_abort(client->e_data,
@@ -535,7 +541,8 @@ krb5_error_code mit_samba_reget_pac(struct mit_samba_context *ctx,
 	}
 
 	if (server == NULL) {
-		return EINVAL;
+		code = EINVAL;
+		goto done;
 	}
 
 	server_skdc_entry =
@@ -545,21 +552,18 @@ krb5_error_code mit_samba_reget_pac(struct mit_samba_context *ctx,
 	/* The account may be set not to want the PAC */
 	ok = samba_princ_needs_pac(server_skdc_entry);
 	if (!ok) {
-		return EINVAL;
+		code = EINVAL;
+		goto done;
 	}
 
 	if (krbtgt == NULL) {
-		return EINVAL;
+		code = EINVAL;
+		goto done;
 	}
 	krbtgt_skdc_entry =
 		talloc_get_type_abort(krbtgt->e_data,
 				      struct samba_kdc_entry);
 
-	tmp_ctx = talloc_named(ctx, 0, "mit_samba_reget_pac context");
-	if (tmp_ctx == NULL) {
-		return ENOMEM;
-	}
-
 	code = samba_krbtgt_is_in_db(krbtgt_skdc_entry,
 				     &is_in_db,
 				     &is_untrusted);
-- 
2.11.4.GIT