In some cases recently freed memory was used/freed again. This patch introduces more consistency between functions join_ldap/join_krb5 when dealing with affected variables.
https://fedorahosted.org/freeipa/ticket/709
>From 48cfd9c6c5e94d21cabacc9f1e81a59882931f8d Mon Sep 17 00:00:00 2001 From: Martin Kosek <mko...@redhat.com> Date: Fri, 7 Jan 2011 15:17:59 +0100 Subject: [PATCH] Use of pointer after free in ipa-join In some cases recently freed memory was used/freed again. This patch introduces more consistency between functions join_ldap/join_krb5 when dealing with affected variables. https://fedorahosted.org/freeipa/ticket/709 --- ipa-client/ipa-join.c | 28 ++++++++++++++++++---------- 1 files changed, 18 insertions(+), 10 deletions(-) diff --git a/ipa-client/ipa-join.c b/ipa-client/ipa-join.c index ff0fed9a4205f7840c2cb561a4f7d24e773117ed..0e6dd7ba0fe7d5a79d6ef579ef08a794afc43c32 100644 --- a/ipa-client/ipa-join.c +++ b/ipa-client/ipa-join.c @@ -373,6 +373,8 @@ join_ldap(const char *ipaserver, char *hostname, const char ** binddn, const cha int has_principal = 0; *binddn = NULL; + *princ = NULL; + *subject = NULL; if (get_root_dn(ipaserver, &ldap_base) != 0) { if (!quiet) @@ -482,7 +484,7 @@ ldap_done: free(filter); free(search_base); free(ldap_base); - free((void *)*subject); + if (ld != NULL) { ldap_unbind_ext(ld, NULL, NULL); } @@ -511,6 +513,10 @@ join_krb5(const char *ipaserver, char *hostname, const char **hostdn, const char char * url = NULL; int rval = 0; + *hostdn = NULL; + *subject = NULL; + *princ = NULL; + /* Start up our XML-RPC client library. */ xmlrpc_client_init(XMLRPC_CLIENT_NO_FLAGS, NAME, VERSION); @@ -614,8 +620,6 @@ cleanup: cleanup_xmlrpc: free(url); -// free((char *)princ); -// free((char *)hostdn); free((char *)krblastpwdchange); xmlrpc_env_clean(&env); xmlrpc_client_cleanup(); @@ -940,15 +944,19 @@ join(const char *server, const char *hostname, const char *bindpw, const char *k } cleanup: - if (NULL != subject) + if (NULL != subject && !quiet) fprintf(stderr, _("Certificate subject base is: %s\n"), subject); - free((char *)princ); - free((char *)subject); - if (bindpw) - ldap_memfree((void *)hostdn); - else - free((char *)hostdn); + if (princ) free((char *)princ); + if (subject) free((char *)subject); + + if (hostdn) + { + if (bindpw) + ldap_memfree((void *)hostdn); + else + free((char *)hostdn); + } free((char *)ipaserver); free((char *)iparealm); if (uprinc) krb5_free_principal(krbctx, uprinc); -- 1.7.3.4
_______________________________________________ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel