1 autofs-5.0.4 - fix double free in do_sasl_bind()
3 From: Ian Kent <raven@themaw.net>
5 In do_sasl_bind() the connection negotiation loop can exit with the
6 local variable server_cred non-null after it has been freed, leading
11 modules/cyrus-sasl.c | 4 +++-
12 2 files changed, 4 insertions(+), 1 deletions(-)
15 diff --git a/CHANGELOG b/CHANGELOG
16 index e138ca3..f0d0e58 100644
20 - fix not releasing resources when using submounts.
21 - fix notify mount message path.
22 - remount we created mount point fix.
23 +- fix double free in sasl_bind().
25 4/11/2008 autofs-5.0.4
26 -----------------------
27 diff --git a/modules/cyrus-sasl.c b/modules/cyrus-sasl.c
28 index ec2ab0c..04001d0 100644
29 --- a/modules/cyrus-sasl.c
30 +++ b/modules/cyrus-sasl.c
31 @@ -348,8 +348,10 @@ do_sasl_bind(unsigned logopt, LDAP *ld, sasl_conn_t *conn, const char **clientou
35 - if (server_cred && server_cred->bv_len > 0)
36 + if (server_cred && server_cred->bv_len > 0) {
37 ber_bvfree(server_cred);
41 } while ((bind_result == LDAP_SASL_BIND_IN_PROGRESS) ||
42 (sasl_result == SASL_CONTINUE));