diff options
author | Martin Kosek <mkosek@redhat.com> | 2011-01-07 15:17:59 +0100 |
---|---|---|
committer | Rob Crittenden <rcritten@redhat.com> | 2011-01-12 11:20:42 -0500 |
commit | 6503813608d05a94b998939a0efcbda0dbd40202 (patch) | |
tree | cbbd1d32b77697302fd40835a976185fd7bf0d23 /ipa-client/ipa-join.c | |
parent | 380fed3bb1c08e1d02c442007fdfc64ca56078ca (diff) | |
download | freeipa-6503813608d05a94b998939a0efcbda0dbd40202.tar.gz freeipa-6503813608d05a94b998939a0efcbda0dbd40202.tar.xz freeipa-6503813608d05a94b998939a0efcbda0dbd40202.zip |
Use of pointer after free in ipa-join
In some cases recently freed memory was used/freed again. This
patch introduces more consistency between functions
join_ldap/join_krb5 when dealing with affected variables.
https://fedorahosted.org/freeipa/ticket/709
Diffstat (limited to 'ipa-client/ipa-join.c')
-rw-r--r-- | ipa-client/ipa-join.c | 14 |
1 files changed, 10 insertions, 4 deletions
diff --git a/ipa-client/ipa-join.c b/ipa-client/ipa-join.c index ff0fed9a4..921a41237 100644 --- a/ipa-client/ipa-join.c +++ b/ipa-client/ipa-join.c @@ -373,6 +373,8 @@ join_ldap(const char *ipaserver, char *hostname, const char ** binddn, const cha int has_principal = 0; *binddn = NULL; + *princ = NULL; + *subject = NULL; if (get_root_dn(ipaserver, &ldap_base) != 0) { if (!quiet) @@ -482,7 +484,7 @@ ldap_done: free(filter); free(search_base); free(ldap_base); - free((void *)*subject); + if (ld != NULL) { ldap_unbind_ext(ld, NULL, NULL); } @@ -511,6 +513,10 @@ join_krb5(const char *ipaserver, char *hostname, const char **hostdn, const char char * url = NULL; int rval = 0; + *hostdn = NULL; + *subject = NULL; + *princ = NULL; + /* Start up our XML-RPC client library. */ xmlrpc_client_init(XMLRPC_CLIENT_NO_FLAGS, NAME, VERSION); @@ -614,8 +620,6 @@ cleanup: cleanup_xmlrpc: free(url); -// free((char *)princ); -// free((char *)hostdn); free((char *)krblastpwdchange); xmlrpc_env_clean(&env); xmlrpc_client_cleanup(); @@ -940,15 +944,17 @@ join(const char *server, const char *hostname, const char *bindpw, const char *k } cleanup: - if (NULL != subject) + if (NULL != subject && !quiet) fprintf(stderr, _("Certificate subject base is: %s\n"), subject); free((char *)princ); free((char *)subject); + if (bindpw) ldap_memfree((void *)hostdn); else free((char *)hostdn); + free((char *)ipaserver); free((char *)iparealm); if (uprinc) krb5_free_principal(krbctx, uprinc); |