diff options
author | Pavel Reichl <preichl@redhat.com> | 2014-07-23 22:02:44 +0200 |
---|---|---|
committer | Jakub Hrozek <jhrozek@redhat.com> | 2014-07-24 13:47:29 +0200 |
commit | 52bd4998195dd6d42db92d963522206f2a63f6a5 (patch) | |
tree | ab569cb6b3a7e6ad7eee32fe3c98534dd93d51c6 /src | |
parent | 8a8618717c99b7331125fa736b45d9155da797d3 (diff) | |
download | sssd-52bd4998195dd6d42db92d963522206f2a63f6a5.tar.gz sssd-52bd4998195dd6d42db92d963522206f2a63f6a5.tar.xz sssd-52bd4998195dd6d42db92d963522206f2a63f6a5.zip |
SDAP: fix use after free in async_initgroups
Request is freed if creation of subrequest fails and ENOMEM is returned.
This would lead to use after free as returned value is checked on
caller's side and (already freed) request would be marked as erroneous.
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
Diffstat (limited to 'src')
-rw-r--r-- | src/providers/ldap/sdap_async_initgroups.c | 1 |
1 files changed, 0 insertions, 1 deletions
diff --git a/src/providers/ldap/sdap_async_initgroups.c b/src/providers/ldap/sdap_async_initgroups.c index d3c727591..2eecdf9a3 100644 --- a/src/providers/ldap/sdap_async_initgroups.c +++ b/src/providers/ldap/sdap_async_initgroups.c @@ -1638,7 +1638,6 @@ static errno_t sdap_initgr_rfc2307bis_next_base(struct tevent_req *req) state->timeout, true); if (!subreq) { - talloc_zfree(req); return ENOMEM; } tevent_req_set_callback(subreq, sdap_initgr_rfc2307bis_process, req); |