summaryrefslogtreecommitdiffstats
path: root/ipa-client/ipa-join.c
diff options
context:
space:
mode:
authorMartin Kosek <mkosek@redhat.com>2011-01-07 15:17:59 +0100
committerRob Crittenden <rcritten@redhat.com>2011-01-12 11:20:42 -0500
commit6503813608d05a94b998939a0efcbda0dbd40202 (patch)
treecbbd1d32b77697302fd40835a976185fd7bf0d23 /ipa-client/ipa-join.c
parent380fed3bb1c08e1d02c442007fdfc64ca56078ca (diff)
downloadfreeipa-6503813608d05a94b998939a0efcbda0dbd40202.tar.gz
freeipa-6503813608d05a94b998939a0efcbda0dbd40202.tar.xz
freeipa-6503813608d05a94b998939a0efcbda0dbd40202.zip
Use of pointer after free in ipa-join
In some cases recently freed memory was used/freed again. This patch introduces more consistency between functions join_ldap/join_krb5 when dealing with affected variables. https://fedorahosted.org/freeipa/ticket/709
Diffstat (limited to 'ipa-client/ipa-join.c')
-rw-r--r--ipa-client/ipa-join.c14
1 files changed, 10 insertions, 4 deletions
diff --git a/ipa-client/ipa-join.c b/ipa-client/ipa-join.c
index ff0fed9a4..921a41237 100644
--- a/ipa-client/ipa-join.c
+++ b/ipa-client/ipa-join.c
@@ -373,6 +373,8 @@ join_ldap(const char *ipaserver, char *hostname, const char ** binddn, const cha
int has_principal = 0;
*binddn = NULL;
+ *princ = NULL;
+ *subject = NULL;
if (get_root_dn(ipaserver, &ldap_base) != 0) {
if (!quiet)
@@ -482,7 +484,7 @@ ldap_done:
free(filter);
free(search_base);
free(ldap_base);
- free((void *)*subject);
+
if (ld != NULL) {
ldap_unbind_ext(ld, NULL, NULL);
}
@@ -511,6 +513,10 @@ join_krb5(const char *ipaserver, char *hostname, const char **hostdn, const char
char * url = NULL;
int rval = 0;
+ *hostdn = NULL;
+ *subject = NULL;
+ *princ = NULL;
+
/* Start up our XML-RPC client library. */
xmlrpc_client_init(XMLRPC_CLIENT_NO_FLAGS, NAME, VERSION);
@@ -614,8 +620,6 @@ cleanup:
cleanup_xmlrpc:
free(url);
-// free((char *)princ);
-// free((char *)hostdn);
free((char *)krblastpwdchange);
xmlrpc_env_clean(&env);
xmlrpc_client_cleanup();
@@ -940,15 +944,17 @@ join(const char *server, const char *hostname, const char *bindpw, const char *k
}
cleanup:
- if (NULL != subject)
+ if (NULL != subject && !quiet)
fprintf(stderr, _("Certificate subject base is: %s\n"), subject);
free((char *)princ);
free((char *)subject);
+
if (bindpw)
ldap_memfree((void *)hostdn);
else
free((char *)hostdn);
+
free((char *)ipaserver);
free((char *)iparealm);
if (uprinc) krb5_free_principal(krbctx, uprinc);