Hello,
There's possibility of double free error in SLPDKnownDAAdd()
(openslp-2.0.0/slpd/slpd_knownda.c) if ENABLE_SLPv2_SECURITY
is defined.
Pointer "dh" is freed by SLPDatabaseClose() on lines 847 and 858
(and not set to NULL after that), then freed again on line 945.
Attached patch fixes the issue.
Please consider applying it upstream.
Best regards,
Vitezslav Crhonek
--- openslp-2.0.0/slpd/slpd_knownda.c.orig 2014-08-05 12:34:08.644230275 +0200
+++ openslp-2.0.0/slpd/slpd_knownda.c 2014-08-05 13:17:53.979614638 +0200
@@ -844,7 +844,6 @@
&(((struct sockaddr_in6 *)&msg->peer)->sin6_addr),
sizeof(struct in6_addr))))
{
- SLPDatabaseClose(dh);
result = SLP_ERROR_AUTHENTICATION_FAILED;
goto CLEANUP;
}
@@ -855,7 +854,6 @@
if (entrydaadvert->authcount
&& entrydaadvert->authcount != daadvert->authcount)
{
- SLPDatabaseClose(dh);
result = SLP_ERROR_AUTHENTICATION_FAILED;
goto CLEANUP;
}
------------------------------------------------------------------------------
Infragistics Professional
Build stunning WinForms apps today!
Reboot your WinForms applications with our WinForms controls.
Build a bridge from your legacy apps to the future.
http://pubads.g.doubleclick.net/gampad/clk?id=153845071&iu=/4140/ostg.clktrk
_______________________________________________
Openslp-devel mailing list
Openslp-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openslp-devel
