Blame SOURCES/0050-Fix-elements-not-being-removed-in-otpd_queue_pop_msg.patch
|
 |
2737e7 |
From 006986b0f004b4cdbc3620b417d5a7f62931ecb6 Mon Sep 17 00:00:00 2001
|
|
|
2737e7 |
From: Robbie Harwood <rharwood@redhat.com>
|
|
|
2737e7 |
Date: Wed, 30 May 2018 14:54:54 -0400
|
|
|
2737e7 |
Subject: [PATCH] Fix elements not being removed in otpd_queue_pop_msgid()
|
|
|
2737e7 |
|
|
|
2737e7 |
If the element being removed were not the queue head,
|
|
|
2737e7 |
otpd_queue_pop_msgid() would not actually remove the element, leading
|
|
|
2737e7 |
to potential double frees and request replays.
|
|
|
2737e7 |
|
|
|
2737e7 |
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
|
|
|
2737e7 |
Reviewed-By: Stanislav Laznicka <slaznick@redhat.com>
|
|
|
2737e7 |
---
|
|
|
2737e7 |
daemons/ipa-otpd/queue.c | 2 +-
|
|
|
2737e7 |
1 file changed, 1 insertion(+), 1 deletion(-)
|
|
|
2737e7 |
|
|
|
2737e7 |
diff --git a/daemons/ipa-otpd/queue.c b/daemons/ipa-otpd/queue.c
|
|
|
2737e7 |
index 730bbc40b864b9dc65a69049c0a0e516e3daac0e..9e29fb238d5c7a7395bcf3860ce7445c27ca98ac 100644
|
|
|
2737e7 |
--- a/daemons/ipa-otpd/queue.c
|
|
|
2737e7 |
+++ b/daemons/ipa-otpd/queue.c
|
|
|
2737e7 |
@@ -155,7 +155,7 @@ struct otpd_queue_item *otpd_queue_pop_msgid(struct otpd_queue *q, int msgid)
|
|
|
2737e7 |
|
|
|
2737e7 |
for (item = q->head, prev = &q->head;
|
|
|
2737e7 |
item != NULL;
|
|
|
2737e7 |
- item = item->next, prev = &item->next) {
|
|
|
2737e7 |
+ prev = &item->next, item = item->next) {
|
|
|
2737e7 |
if (item->msgid == msgid) {
|
|
|
2737e7 |
*prev = item->next;
|
|
|
2737e7 |
if (q->head == NULL)
|
|
|
2737e7 |
--
|
|
|
2737e7 |
2.17.1
|
|
|
2737e7 |
|