rpms / autofs

Clone
Source Code
GIT

Blame autofs-5.0.4-fix-double-free-in-do_sasl_bind.patch

c4 c5 c5-plus c6 c6-plus c7 c7-alt c8-beta f10 f11 f12 f13 f14 f15 f16 f17 f18 f19 f20 f21 f22 f23 f24 f25 f26 f27 f28 f29 f7 f8 f9 master origin/f14/master private-autofs-segv-test-branch private-cthon-branch private-map-expiry-branch
  1.   63aa74aa5fd22d37d6d48c2f2f1051a2d2663bd2
  2.   autofs-5.0.4-fix-double-free-in-do_sasl_bind.patch
Blob History Raw
Ian Kent 5d76ad 
autofs-5.0.4 - fix double free in do_sasl_bind()
Ian Kent 5d76ad
Ian Kent 5d76ad 
From: Ian Kent <raven@themaw.net>
Ian Kent 5d76ad
Ian Kent 5d76ad 
In do_sasl_bind() the connection negotiation loop can exit with the
Ian Kent 5d76ad 
local variable server_cred non-null after it has been freed, leading
Ian Kent 5d76ad 
to a double free.
Ian Kent 5d76ad 
---
Ian Kent 5d76ad
Ian Kent 5d76ad 
 CHANGELOG            |    1 +
Ian Kent 5d76ad 
 modules/cyrus-sasl.c |    4 +++-
Ian Kent 5d76ad 
 2 files changed, 4 insertions(+), 1 deletions(-)
Ian Kent 5d76ad
Ian Kent 5d76ad
Ian Kent 5d76ad 
diff --git a/CHANGELOG b/CHANGELOG
Ian Kent 5d76ad 
index e138ca3..f0d0e58 100644
Ian Kent 5d76ad 
--- a/CHANGELOG
Ian Kent 5d76ad 
+++ b/CHANGELOG
Ian Kent 5d76ad 
@@ -53,6 +53,7 @@
Ian Kent 5d76ad 
 - fix not releasing resources when using submounts.
Ian Kent 5d76ad 
 - fix notify mount message path.
Ian Kent 5d76ad 
 - remount we created mount point fix.
Ian Kent 5d76ad 
+- fix double free in sasl_bind().
Ian Kent 5d76ad
Ian Kent 5d76ad 
 4/11/2008 autofs-5.0.4
Ian Kent 5d76ad 
 -----------------------
Ian Kent 5d76ad 
diff --git a/modules/cyrus-sasl.c b/modules/cyrus-sasl.c
Ian Kent 5d76ad 
index ec2ab0c..04001d0 100644
Ian Kent 5d76ad 
--- a/modules/cyrus-sasl.c
Ian Kent 5d76ad 
+++ b/modules/cyrus-sasl.c
Ian Kent 5d76ad 
@@ -348,8 +348,10 @@ do_sasl_bind(unsigned logopt, LDAP *ld, sasl_conn_t *conn, const char **clientou
Ian Kent 5d76ad 
 			}
Ian Kent 5d76ad 
 		}
Ian Kent 5d76ad
Ian Kent 5d76ad 
-		if (server_cred && server_cred->bv_len > 0)
Ian Kent 5d76ad 
+		if (server_cred && server_cred->bv_len > 0) {
Ian Kent 5d76ad 
 			ber_bvfree(server_cred);
Ian Kent 5d76ad 
+			server_cred = NULL;
Ian Kent 5d76ad 
+		}
Ian Kent 5d76ad
Ian Kent 5d76ad 
 	} while ((bind_result == LDAP_SASL_BIND_IN_PROGRESS) ||
Ian Kent 5d76ad 
 		 (sasl_result == SASL_CONTINUE));

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation