mirror of
https://salsa.debian.org/freeipa-team/freeipa.git
synced 2024-12-24 08:00:02 -06:00
Use of pointer after free in ipa-join
In some cases recently freed memory was used/freed again. This patch introduces more consistency between functions join_ldap/join_krb5 when dealing with affected variables. https://fedorahosted.org/freeipa/ticket/709
This commit is contained in:
parent
380fed3bb1
commit
6503813608
@ -373,6 +373,8 @@ join_ldap(const char *ipaserver, char *hostname, const char ** binddn, const cha
|
|||||||
int has_principal = 0;
|
int has_principal = 0;
|
||||||
|
|
||||||
*binddn = NULL;
|
*binddn = NULL;
|
||||||
|
*princ = NULL;
|
||||||
|
*subject = NULL;
|
||||||
|
|
||||||
if (get_root_dn(ipaserver, &ldap_base) != 0) {
|
if (get_root_dn(ipaserver, &ldap_base) != 0) {
|
||||||
if (!quiet)
|
if (!quiet)
|
||||||
@ -482,7 +484,7 @@ ldap_done:
|
|||||||
free(filter);
|
free(filter);
|
||||||
free(search_base);
|
free(search_base);
|
||||||
free(ldap_base);
|
free(ldap_base);
|
||||||
free((void *)*subject);
|
|
||||||
if (ld != NULL) {
|
if (ld != NULL) {
|
||||||
ldap_unbind_ext(ld, NULL, NULL);
|
ldap_unbind_ext(ld, NULL, NULL);
|
||||||
}
|
}
|
||||||
@ -511,6 +513,10 @@ join_krb5(const char *ipaserver, char *hostname, const char **hostdn, const char
|
|||||||
char * url = NULL;
|
char * url = NULL;
|
||||||
int rval = 0;
|
int rval = 0;
|
||||||
|
|
||||||
|
*hostdn = NULL;
|
||||||
|
*subject = NULL;
|
||||||
|
*princ = NULL;
|
||||||
|
|
||||||
/* Start up our XML-RPC client library. */
|
/* Start up our XML-RPC client library. */
|
||||||
xmlrpc_client_init(XMLRPC_CLIENT_NO_FLAGS, NAME, VERSION);
|
xmlrpc_client_init(XMLRPC_CLIENT_NO_FLAGS, NAME, VERSION);
|
||||||
|
|
||||||
@ -614,8 +620,6 @@ cleanup:
|
|||||||
|
|
||||||
cleanup_xmlrpc:
|
cleanup_xmlrpc:
|
||||||
free(url);
|
free(url);
|
||||||
// free((char *)princ);
|
|
||||||
// free((char *)hostdn);
|
|
||||||
free((char *)krblastpwdchange);
|
free((char *)krblastpwdchange);
|
||||||
xmlrpc_env_clean(&env);
|
xmlrpc_env_clean(&env);
|
||||||
xmlrpc_client_cleanup();
|
xmlrpc_client_cleanup();
|
||||||
@ -940,15 +944,17 @@ join(const char *server, const char *hostname, const char *bindpw, const char *k
|
|||||||
}
|
}
|
||||||
|
|
||||||
cleanup:
|
cleanup:
|
||||||
if (NULL != subject)
|
if (NULL != subject && !quiet)
|
||||||
fprintf(stderr, _("Certificate subject base is: %s\n"), subject);
|
fprintf(stderr, _("Certificate subject base is: %s\n"), subject);
|
||||||
|
|
||||||
free((char *)princ);
|
free((char *)princ);
|
||||||
free((char *)subject);
|
free((char *)subject);
|
||||||
|
|
||||||
if (bindpw)
|
if (bindpw)
|
||||||
ldap_memfree((void *)hostdn);
|
ldap_memfree((void *)hostdn);
|
||||||
else
|
else
|
||||||
free((char *)hostdn);
|
free((char *)hostdn);
|
||||||
|
|
||||||
free((char *)ipaserver);
|
free((char *)ipaserver);
|
||||||
free((char *)iparealm);
|
free((char *)iparealm);
|
||||||
if (uprinc) krb5_free_principal(krbctx, uprinc);
|
if (uprinc) krb5_free_principal(krbctx, uprinc);
|
||||||
|
Loading…
Reference in New Issue
Block a user