From 3b158934cbb8f87cbfaf1650389b8dcd654b92ca Mon Sep 17 00:00:00 2001
From: Sumit Bose <sbose@redhat.com>
Date: Thu, 19 Nov 2020 18:05:00 +0100
Subject: [PATCH] ifp: fix original fix use-after-free
The original fix stole the fqdn too earlier. Only for SSS_DP_USER
requests the steal is important. For other request where the first
result is returned to the caller the original version
might even cause issues since the name does not belong to the memory
hierarchy of the result anymore.
Resolves: https://github.com/SSSD/sssd/issues/5382
Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
---
src/responder/ifp/ifpsrv_cmd.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/src/responder/ifp/ifpsrv_cmd.c b/src/responder/ifp/ifpsrv_cmd.c
index d95618127..8cf1ec84c 100644
--- a/src/responder/ifp/ifpsrv_cmd.c
+++ b/src/responder/ifp/ifpsrv_cmd.c
@@ -128,10 +128,10 @@ static void ifp_user_get_attr_done(struct tevent_req *subreq)
tevent_req_error(req, ERR_INTERNAL);
return;
}
- fqdn = talloc_steal(state, fqdn);
if (state->search_type == SSS_DP_USER) {
- /* throw away the result and perform attr search */
+ /* throw away the result but keep the fqdn and perform attr search */
+ fqdn = talloc_steal(state, fqdn);
talloc_zfree(state->res);
ret = sysdb_get_user_attr_with_views(state, state->dom, fqdn,
--
2.21.3