Use of pointer after free in ipa-join

In some cases recently freed memory was used/freed again. This
patch introduces more consistency between functions
join_ldap/join_krb5 when dealing with affected variables.

https://fedorahosted.org/freeipa/ticket/709
This commit is contained in:
Martin Kosek 2011-01-07 15:17:59 +01:00 committed by Rob Crittenden
parent 380fed3bb1
commit 6503813608

View File

@ -373,6 +373,8 @@ join_ldap(const char *ipaserver, char *hostname, const char ** binddn, const cha
int has_principal = 0; int has_principal = 0;
*binddn = NULL; *binddn = NULL;
*princ = NULL;
*subject = NULL;
if (get_root_dn(ipaserver, &ldap_base) != 0) { if (get_root_dn(ipaserver, &ldap_base) != 0) {
if (!quiet) if (!quiet)
@ -482,7 +484,7 @@ ldap_done:
free(filter); free(filter);
free(search_base); free(search_base);
free(ldap_base); free(ldap_base);
free((void *)*subject);
if (ld != NULL) { if (ld != NULL) {
ldap_unbind_ext(ld, NULL, NULL); ldap_unbind_ext(ld, NULL, NULL);
} }
@ -511,6 +513,10 @@ join_krb5(const char *ipaserver, char *hostname, const char **hostdn, const char
char * url = NULL; char * url = NULL;
int rval = 0; int rval = 0;
*hostdn = NULL;
*subject = NULL;
*princ = NULL;
/* Start up our XML-RPC client library. */ /* Start up our XML-RPC client library. */
xmlrpc_client_init(XMLRPC_CLIENT_NO_FLAGS, NAME, VERSION); xmlrpc_client_init(XMLRPC_CLIENT_NO_FLAGS, NAME, VERSION);
@ -614,8 +620,6 @@ cleanup:
cleanup_xmlrpc: cleanup_xmlrpc:
free(url); free(url);
// free((char *)princ);
// free((char *)hostdn);
free((char *)krblastpwdchange); free((char *)krblastpwdchange);
xmlrpc_env_clean(&env); xmlrpc_env_clean(&env);
xmlrpc_client_cleanup(); xmlrpc_client_cleanup();
@ -940,15 +944,17 @@ join(const char *server, const char *hostname, const char *bindpw, const char *k
} }
cleanup: cleanup:
if (NULL != subject) if (NULL != subject && !quiet)
fprintf(stderr, _("Certificate subject base is: %s\n"), subject); fprintf(stderr, _("Certificate subject base is: %s\n"), subject);
free((char *)princ); free((char *)princ);
free((char *)subject); free((char *)subject);
if (bindpw) if (bindpw)
ldap_memfree((void *)hostdn); ldap_memfree((void *)hostdn);
else else
free((char *)hostdn); free((char *)hostdn);
free((char *)ipaserver); free((char *)ipaserver);
free((char *)iparealm); free((char *)iparealm);
if (uprinc) krb5_free_principal(krbctx, uprinc); if (uprinc) krb5_free_principal(krbctx, uprinc);