rpms / freeradius

Clone
Source Code
GIT

Blame SOURCES/freeradius-Fix-double-free-in-rlm_sql-acct_redundant.patch

c4 c5 c5-plus c6 c6-plus c7 c7-alt c7-beta c8-beta-stream-3.0 c8-stream-3.0 c8s-stream-3.0 c9 c9-beta
  1.   c7
  2.   SOURCES
  3.   freeradius-Fix-double-free-in-rlm_sql-acct_redundant.patch
Blob History Raw
63f9cc 
From 7a1085292deb832d7cbf6b0e8f64b8253c3f2a78 Mon Sep 17 00:00:00 2001
63f9cc 
From: Nikolai Kondrashov <Nikolai.Kondrashov@redhat.com>
63f9cc 
Date: Tue, 13 Feb 2018 16:56:10 +0200
63f9cc 
Subject: [PATCH] Fix double free in rlm_sql acct_redundant
63f9cc
63f9cc 
Do not free "expanded" buffer twice in "acct_redundant" in rlm_sql.c.
63f9cc 
This fixes a crash in the case of an accounting packet not matching a
63f9cc 
Start entry in the database.
63f9cc
63f9cc 
See also https://bugzilla.redhat.com/show_bug.cgi?id=1540580
63f9cc
63f9cc 
Found and fixed by Benoit Welterlen.
63f9cc 
---
63f9cc 
 src/modules/rlm_sql/rlm_sql.c | 1 -
63f9cc 
 1 file changed, 1 deletion(-)
63f9cc
63f9cc 
diff --git a/src/modules/rlm_sql/rlm_sql.c b/src/modules/rlm_sql/rlm_sql.c
63f9cc 
index 3a032d32e..11f6c5d4c 100644
63f9cc 
--- a/src/modules/rlm_sql/rlm_sql.c
63f9cc 
+++ b/src/modules/rlm_sql/rlm_sql.c
63f9cc 
@@ -1439,7 +1439,6 @@ static int acct_redundant(rlm_sql_t *inst, REQUEST *request, sql_acct_section_t
63f9cc 
 		if (!*expanded) {
63f9cc 
 			RDEBUG("Ignoring null query");
63f9cc 
 			rcode = RLM_MODULE_NOOP;
63f9cc 
-			talloc_free(expanded);
63f9cc
63f9cc 
 			goto finish;
63f9cc 
 		}
63f9cc 
--
63f9cc 
2.16.1
63f9cc

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation