The branch, master has been updated
via fec8411 asn1: fix use-after-free in asn1_write
from 13a10d4 s4-samldb: Do not allow deletion of objects with RID < 1000
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit fec84112f3f7bdca9088ed7cabfe827bb21b0118
Author: Jeff Layton <jlay...@samba.org>
Date: Sun Oct 13 21:26:55 2013 -0400
asn1: fix use-after-free in asn1_write
On talloc_realloc failure, asn1_write calls talloc_free on an asn1_data
pointer and then tries to immediately set the has_error flag on it.
Skip the free and just set the has_error flag.
Signed-off-by: Jeff Layton <jlay...@redhat.com>
Reviewed-by: Volker Lendecke <v...@samba.org>
Autobuild-User(master): Volker Lendecke <v...@samba.org>
Autobuild-Date(master): Mon Oct 14 16:54:35 CEST 2013 on sn-devel-104
-----------------------------------------------------------------------
Summary of changes:
lib/util/asn1.c | 1 -
1 files changed, 0 insertions(+), 1 deletions(-)
Changeset truncated at 500 lines:
diff --git a/lib/util/asn1.c b/lib/util/asn1.c
index 70637a3..7e85d4b 100644
--- a/lib/util/asn1.c
+++ b/lib/util/asn1.c
@@ -44,7 +44,6 @@ bool asn1_write(struct asn1_data *data, const void *p, int
len)
uint8_t *newp;
newp = talloc_realloc(data, data->data, uint8_t, data->ofs+len);
if (!newp) {
- asn1_free(data);
data->has_error = true;
return false;
}
--
Samba Shared Repository
