|
|
5e5f7c |
From c6f2737747cbb70adfdd1a77412b669838f9c419 Mon Sep 17 00:00:00 2001
|
|
|
5e5f7c |
From: Rob Crittenden <rcritten@redhat.com>
|
|
|
5e5f7c |
Date: Mon, 2 Dec 2019 15:08:54 -0500
|
|
|
5e5f7c |
Subject: [PATCH] Fix use-after-free issue
|
|
|
5e5f7c |
|
|
|
5e5f7c |
The basedn value was freed after the first search but a second
|
|
|
5e5f7c |
one could be initiated.
|
|
|
5e5f7c |
---
|
|
|
5e5f7c |
src/ipa.c | 2 +-
|
|
|
5e5f7c |
1 file changed, 1 insertion(+), 1 deletion(-)
|
|
|
5e5f7c |
|
|
|
5e5f7c |
diff --git a/src/ipa.c b/src/ipa.c
|
|
|
5e5f7c |
index 40a4b52c..41ca9081 100644
|
|
|
5e5f7c |
--- a/src/ipa.c
|
|
|
5e5f7c |
+++ b/src/ipa.c
|
|
|
5e5f7c |
@@ -540,7 +540,6 @@ fetch_roots(const char *server, int ldap_uri_cmd, const char *ldap_uri,
|
|
|
5e5f7c |
/* Now look up the root certificates for the domain. */
|
|
|
5e5f7c |
snprintf(lfilter, sizeof(lfilter), "(%s=*)", lattrs[0]);
|
|
|
5e5f7c |
snprintf(ldn, sizeof(ldn), "%s,%s", relativedn, basedn);
|
|
|
5e5f7c |
- free(basedn);
|
|
|
5e5f7c |
rc = ldap_search_ext_s(ld, ldn, LDAP_SCOPE_SUBTREE,
|
|
|
5e5f7c |
lfilter, lattrs, 0, NULL, NULL, NULL,
|
|
|
5e5f7c |
LDAP_NO_LIMIT, &lresult);
|
|
|
5e5f7c |
@@ -551,6 +550,7 @@ fetch_roots(const char *server, int ldap_uri_cmd, const char *ldap_uri,
|
|
|
5e5f7c |
lfilter, lattrs, 0, NULL, NULL, NULL,
|
|
|
5e5f7c |
LDAP_NO_LIMIT, &lresult);
|
|
|
5e5f7c |
}
|
|
|
5e5f7c |
+ free(basedn);
|
|
|
5e5f7c |
if (rc != LDAP_SUCCESS) {
|
|
|
5e5f7c |
fprintf(stderr, "Error searching '%s': %s.\n",
|
|
|
5e5f7c |
ldn, ldap_err2string(rc));
|
|
|
5e5f7c |
--
|
|
|
5e5f7c |
2.21.0
|
|
|
5e5f7c |
|