From a653057ff453a0d340c8153615aa44ae1679c892 Mon Sep 17 00:00:00 2001
From: Jeffrey Altman <jaltman@secure-endpoints.com>
Date: Mon, 1 Sep 2008 13:35:42 +0000
Subject: [PATCH] windows-smb-free-lsa-response-20080901

LICENSE MIT

Whether or not LsaCallAuthenticationPackage succeeds, it may return
a response buffer.  If it does, free it.
---
 src/WINNT/afsd/smb.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/src/WINNT/afsd/smb.c b/src/WINNT/afsd/smb.c
index 1fd56363f..3b8122ff2 100644
--- a/src/WINNT/afsd/smb.c
+++ b/src/WINNT/afsd/smb.c
@@ -884,7 +884,6 @@ smb_vc_t *smb_FindVC(unsigned short lsn, int flags, int lana)
 
             if (ntsEx == STATUS_SUCCESS) {
                 memcpy(vcp->encKey, lsaResp->ChallengeToClient, MSV1_0_CHALLENGE_LENGTH);
-                LsaFreeReturnBuffer(lsaResp);
             } else {
                 /* 
                  * This will cause the subsequent authentication to fail but
@@ -893,6 +892,8 @@ smb_vc_t *smb_FindVC(unsigned short lsn, int flags, int lana)
                  */
                 memset(vcp->encKey, 0, MSV1_0_CHALLENGE_LENGTH);
             }
+            if (lsaResp)
+                LsaFreeReturnBuffer(lsaResp);
         }
         else
             memset(vcp->encKey, 0, MSV1_0_CHALLENGE_LENGTH);
-- 
2.39.5