mirror of
https://salsa.debian.org/freeipa-team/freeipa.git
synced 2024-12-22 23:23:30 -06:00
ipa-kdb: protect against context corruption
Early in startup LDAP server might not respond well yet and should_support_pac_tkt_sign() will bail out with KRB5_KDB_SERVER_INTERNAL_ERR. We should postpone this call but for time being we should prevent a crash. Crash happens because init_module() returns with an error and KDC then calls fini_module() which will free the DB context which is already corrupted for some reason. Do not call any free() call because the whole context is corrupted as tests do show. Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com> Reviewed-By: Julien Rische <jrische@redhat.com>
This commit is contained in:
parent
e00f457f75
commit
4ef8258d58
@ -49,6 +49,11 @@ static void ipadb_context_free(krb5_context kcontext,
|
||||
size_t c;
|
||||
|
||||
if (*ctx != NULL) {
|
||||
if ((*ctx)->magic != IPA_CONTEXT_MAGIC) {
|
||||
krb5_klog_syslog(LOG_ERR, "IPA context is corrupted");
|
||||
*ctx = NULL;
|
||||
return;
|
||||
}
|
||||
free((*ctx)->uri);
|
||||
free((*ctx)->base);
|
||||
free((*ctx)->realm_base);
|
||||
|
Loading…
Reference in New Issue
Block a user