ldap_child: Fix use after free
In case on any krb5 related error, we tried to send string
interpretation of krb5 error tb parrent in prepare_response.
However, we cannot use global krb5 context (krb5_error_ctx)
because the context is every time released in done section of
ldap_child_get_tgt_sync.
This patch rather return duplicated string to prevent use after free.
Backtrace:
#0 __strchr_sse42 () at ../sysdeps/x86_64/multiarch/strchr.S:100
100 ../sysdeps/x86_64/multiarch/strchr.S: No such file or directory.
Thread 1 (Thread 0x7fc96cad5880 (LWP 11201)):
#0 __strchr_sse42 () at ../sysdeps/x86_64/multiarch/strchr.S:100
No locals.
#1 0x00007fc96be43725 in err_fmt_fmt (msg=0x7fc96d1cf8d0 "Cannot find KDC for requested realm",
code=-1765328230,
err_fmt=<optimized out>) at kerrs.c:152
buf = {buftype = K5BUF_DYNAMIC, data = 0x7fc96d1cdb10,
space = 128, len = 0}
p = <optimized out>
s = 0xdededededededede <Address 0xdededededededede out of bounds>
#2 krb5_get_error_message (ctx=<optimized out>,
code=code@entry=-1765328230) at kerrs.c:184
std = 0x7fc96d1cf8d0 "Cannot find KDC for requested realm"
#3 0x00007fc96cb224e5 in sss_krb5_get_error_message (ctx=<optimized out>,
ec=ec@entry=-1765328230) at src/util/sss_krb5.c:424
No locals.
#4 0x00007fc96cb1fbb0 in prepare_response (rsp=<synthetic pointer>,
kerr=-1765328230, expire_time=0,
ccname=0x0,
mem_ctx=0x7fc96d1cb390) at src/providers/ldap/ldap_child.c:553
ret = <optimized out>
r = 0x7fc96d1cd8b0
krb5_msg = 0x0
Reviewed-by: Fabiano FidĂȘncio <fidencio@redhat.com>
