diff options
| author | Sumit Bose <sbose@redhat.com> | 2015-11-18 12:34:49 +0100 |
|---|---|---|
| committer | Tomas Babej <tbabej@redhat.com> | 2015-11-23 14:45:54 +0100 |
| commit | 657cf958c6fc6767d09cfbd2d84046d5b84e9f80 (patch) | |
| tree | daa00f70545e3b67ddd3ac2b8da3ddc608a11560 /daemons/ipa-sam/ipa_sam.c | |
| parent | 99cfc979d51213007569b51e48f43c99780148eb (diff) | |
| download | freeipa-657cf958c6fc6767d09cfbd2d84046d5b84e9f80.tar.gz freeipa-657cf958c6fc6767d09cfbd2d84046d5b84e9f80.tar.xz freeipa-657cf958c6fc6767d09cfbd2d84046d5b84e9f80.zip | |
ipasam: fix a use-after-free issue
Since endptr points to a location inside of dummy, dummy should be freed
only after dereferencing endptr.
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
Diffstat (limited to 'daemons/ipa-sam/ipa_sam.c')
| -rw-r--r-- | daemons/ipa-sam/ipa_sam.c | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/daemons/ipa-sam/ipa_sam.c b/daemons/ipa-sam/ipa_sam.c index 27c547cd5..7274d600b 100644 --- a/daemons/ipa-sam/ipa_sam.c +++ b/daemons/ipa-sam/ipa_sam.c @@ -2103,11 +2103,12 @@ static bool get_uint32_t_from_ldap_msg(struct ldapsam_privates *ldap_state, } l = strtoul(dummy, &endptr, 10); - TALLOC_FREE(dummy); if (l < 0 || l > UINT32_MAX || *endptr != '\0') { + TALLOC_FREE(dummy); return false; } + TALLOC_FREE(dummy); *val = l; |