From 657cf958c6fc6767d09cfbd2d84046d5b84e9f80 Mon Sep 17 00:00:00 2001
From: Sumit Bose <sbose@redhat.com>
Date: Wed, 18 Nov 2015 12:34:49 +0100
Subject: ipasam: fix a use-after-free issue

Since endptr points to a location inside of dummy, dummy should be freed
only after dereferencing endptr.

Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
---
 daemons/ipa-sam/ipa_sam.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/daemons/ipa-sam/ipa_sam.c b/daemons/ipa-sam/ipa_sam.c
index 27c547cd5..7274d600b 100644
--- a/daemons/ipa-sam/ipa_sam.c
+++ b/daemons/ipa-sam/ipa_sam.c
@@ -2103,11 +2103,12 @@ static bool get_uint32_t_from_ldap_msg(struct ldapsam_privates *ldap_state,
 	}
 
 	l = strtoul(dummy, &endptr, 10);
-	TALLOC_FREE(dummy);
 
 	if (l < 0 || l > UINT32_MAX || *endptr != '\0') {
+		TALLOC_FREE(dummy);
 		return false;
 	}
+	TALLOC_FREE(dummy);
 
 	*val = l;
 
-- 
cgit