diff options
author | Simo Sorce <ssorce@redhat.com> | 2008-11-14 09:55:28 -0500 |
---|---|---|
committer | Simo Sorce <ssorce@redhat.com> | 2008-11-14 09:55:28 -0500 |
commit | 7bf1e6a8aaeabd049b0cdfad7df329a089c233c8 (patch) | |
tree | 133313df7684e698f8e6d384ebc741d85bba6fb5 /ipa-server/ipa-slapi-plugins/ipa-pwd-extop/ipa_pwd_extop.c | |
parent | f8da71cc6e45ff322e8d8dbabe17dca3c7302e1f (diff) | |
download | freeipa.git-0db345e09010741a765ae9c290340c295eb89725.tar.gz freeipa.git-0db345e09010741a765ae9c290340c295eb89725.tar.xz freeipa.git-0db345e09010741a765ae9c290340c295eb89725.zip |
Fix a free before use bug, it may lead to crashes but usually just corruptsrelease-1-2-0
the changepw dn we store so that it won't match. This causes normal password
changes to be interpreted as password resets instead, and the new legit
password is immediately expired.
Diffstat (limited to 'ipa-server/ipa-slapi-plugins/ipa-pwd-extop/ipa_pwd_extop.c')
-rw-r--r-- | ipa-server/ipa-slapi-plugins/ipa-pwd-extop/ipa_pwd_extop.c | 5 |
1 files changed, 2 insertions, 3 deletions
diff --git a/ipa-server/ipa-slapi-plugins/ipa-pwd-extop/ipa_pwd_extop.c b/ipa-server/ipa-slapi-plugins/ipa-pwd-extop/ipa_pwd_extop.c index 90474809..ca367c81 100644 --- a/ipa-server/ipa-slapi-plugins/ipa-pwd-extop/ipa_pwd_extop.c +++ b/ipa-server/ipa-slapi-plugins/ipa-pwd-extop/ipa_pwd_extop.c @@ -3821,7 +3821,7 @@ static int ipapwd_start( Slapi_PBlock *pb ) { krb5_context krbctx; krb5_error_code krberr; - char *realm; + char *realm = NULL; char *config_dn; char *partition_dn; Slapi_Entry *config_entry = NULL; @@ -3861,11 +3861,9 @@ static int ipapwd_start( Slapi_PBlock *pb ) ipa_realm_dn = slapi_ch_smprintf("cn=%s,cn=kerberos,%s", realm, partition_dn); if (!ipa_realm_dn) { slapi_log_error( SLAPI_LOG_FATAL, "ipapwd_start", "Out of memory ?\n"); - free(realm); ret = LDAP_OPERATIONS_ERROR; goto done; } - free(realm); ipa_pwd_config_dn = slapi_ch_strdup(config_dn); if (!ipa_pwd_config_dn) { @@ -3885,6 +3883,7 @@ static int ipapwd_start( Slapi_PBlock *pb ) ret = LDAP_SUCCESS; done: + free(realm); krb5_free_context(krbctx); if (config_entry) slapi_entry_free(config_entry); return ret; |