diff options
| author | Sumit Bose <sbose@redhat.com> | 2013-08-07 13:01:09 +0200 |
|---|---|---|
| committer | Jakub Hrozek <jhrozek@redhat.com> | 2013-08-08 00:30:57 +0200 |
| commit | f7aef1e3ca5bdcddb6fb7c7e6556315faa96165d (patch) | |
| tree | 04d1fc4510c3e78bf23ffcf05ae7f33dd0e3b436 | |
| parent | d35ff4d0db1cd87c94091a85846b46e4732b1eee (diff) | |
| download | sssd_unused-f7aef1e3ca5bdcddb6fb7c7e6556315faa96165d.tar.gz sssd_unused-f7aef1e3ca5bdcddb6fb7c7e6556315faa96165d.tar.xz sssd_unused-f7aef1e3ca5bdcddb6fb7c7e6556315faa96165d.zip | |
Fix memory context for hash entries
In sdap_nested_group_populate_users() username and orignal_dn are
allocated on a temporary memory context. If the corresponding user is
not found in the cache both are added to a hash which is later on
returned to the caller. To avoid a use-after-free when the hash entries
are looked up both must be reassigned to the memory context of the hash.
| -rw-r--r-- | src/providers/ldap/sdap_async_groups.c | 6 |
1 files changed, 4 insertions, 2 deletions
diff --git a/src/providers/ldap/sdap_async_groups.c b/src/providers/ldap/sdap_async_groups.c index 9f667320..a2e5106f 100644 --- a/src/providers/ldap/sdap_async_groups.c +++ b/src/providers/ldap/sdap_async_groups.c @@ -2107,11 +2107,13 @@ static errno_t sdap_nested_group_populate_users(TALLOC_CTX *mem_ctx, if (ret != EOK) goto done; } else { key.type = HASH_KEY_STRING; - key.str = discard_const(original_dn); + key.str = talloc_steal(ghosts, discard_const(original_dn)); value.type = HASH_VALUE_PTR; - value.ptr = discard_const(username); + value.ptr = talloc_steal(ghosts, discard_const(username)); ret = hash_enter(ghosts, &key, &value); if (ret != HASH_SUCCESS) { + talloc_free(key.str); + talloc_free(value.ptr); ret = ENOMEM; goto done; } |