SDAP: fix use after free in async_initgroups

Request is freed if creation of subrequest fails and ENOMEM is returned. This would lead to use after free as returned value is checked on caller's side and (already freed) request would be marked as erroneous. Reviewed-by: Pavel Březina <pbrezina@redhat.com>
author: Pavel Reichl <preichl@redhat.com> 2014-07-23 22:02:44 +0200
committer: Jakub Hrozek <jhrozek@redhat.com> 2014-07-24 13:47:29 +0200
commit: 52bd4998195dd6d42db92d963522206f2a63f6a5 (patch)
tree: ab569cb6b3a7e6ad7eee32fe3c98534dd93d51c6
parent: 8a8618717c99b7331125fa736b45d9155da797d3 (diff)
download: sssd-52bd4998195dd6d42db92d963522206f2a63f6a5.tar.gz
sssd-52bd4998195dd6d42db92d963522206f2a63f6a5.tar.xz
sssd-52bd4998195dd6d42db92d963522206f2a63f6a5.zip
1 files changed, 0 insertions, 1 deletions
diff --git a/src/providers/ldap/sdap_async_initgroups.c b/src/providers/ldap/sdap_async_initgroups.c
index d3c727591..2eecdf9a3 100644
--- a/src/providers/ldap/sdap_async_initgroups.c
+++ b/src/providers/ldap/sdap_async_initgroups.c
@@ -1638,7 +1638,6 @@ static errno_t sdap_initgr_rfc2307bis_next_base(struct tevent_req *req)
             state->timeout,
             true);
     if (!subreq) {
-        talloc_zfree(req);
         return ENOMEM;
     }
     tevent_req_set_callback(subreq, sdap_initgr_rfc2307bis_process, req);
author	Pavel Reichl <preichl@redhat.com>	2014-07-23 22:02:44 +0200
committer	Jakub Hrozek <jhrozek@redhat.com>	2014-07-24 13:47:29 +0200
commit	52bd4998195dd6d42db92d963522206f2a63f6a5 (patch)
tree	ab569cb6b3a7e6ad7eee32fe3c98534dd93d51c6
parent	8a8618717c99b7331125fa736b45d9155da797d3 (diff)
download	sssd-52bd4998195dd6d42db92d963522206f2a63f6a5.tar.gz sssd-52bd4998195dd6d42db92d963522206f2a63f6a5.tar.xz sssd-52bd4998195dd6d42db92d963522206f2a63f6a5.zip