projects / packages / autofs.git / blame
| Commit | Line | Data |
|---|---|---|
| e5fd101c PS |
1 | autofs-5.0.4 - fix double free in do_sasl_bind() |
| 2 | ||
| 3 | From: Ian Kent <raven@themaw.net> | |
| 4 | ||
| 5 | In do_sasl_bind() the connection negotiation loop can exit with the | |
| 6 | local variable server_cred non-null after it has been freed, leading | |
| 7 | to a double free. | |
| 8 | --- | |
| 9 | ||
| 10 | CHANGELOG | 1 + | |
| 11 | modules/cyrus-sasl.c | 4 +++- | |
| 12 | 2 files changed, 4 insertions(+), 1 deletions(-) | |
| 13 | ||
| 14 | ||
| 15 | diff --git a/CHANGELOG b/CHANGELOG | |
| 16 | index e138ca3..f0d0e58 100644 | |
| 17 | --- a/CHANGELOG | |
| 18 | +++ b/CHANGELOG | |
| 19 | @@ -53,6 +53,7 @@ | |
| 20 | - fix not releasing resources when using submounts. | |
| 21 | - fix notify mount message path. | |
| 22 | - remount we created mount point fix. | |
| 23 | +- fix double free in sasl_bind(). | |
| 24 | ||
| 25 | 4/11/2008 autofs-5.0.4 | |
| 26 | ----------------------- | |
| 27 | diff --git a/modules/cyrus-sasl.c b/modules/cyrus-sasl.c | |
| 28 | index ec2ab0c..04001d0 100644 | |
| 29 | --- a/modules/cyrus-sasl.c | |
| 30 | +++ b/modules/cyrus-sasl.c | |
| 31 | @@ -348,8 +348,10 @@ do_sasl_bind(unsigned logopt, LDAP *ld, sasl_conn_t *conn, const char **clientou | |
| 32 | } | |
| 33 | } | |
| 34 | ||
| 35 | - if (server_cred && server_cred->bv_len > 0) | |
| 36 | + if (server_cred && server_cred->bv_len > 0) { | |
| 37 | ber_bvfree(server_cred); | |
| 38 | + server_cred = NULL; | |
| 39 | + } | |
| 40 | ||
| 41 | } while ((bind_result == LDAP_SASL_BIND_IN_PROGRESS) || | |
| 42 | (sasl_result == SASL_CONTINUE)); |