[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Correct fix for freeing prompts->result (ITS#2325)

To: openldap-its@OpenLDAP.org
Subject: Re: Correct fix for freeing prompts->result (ITS#2325)
From: sfrost@snowman.net
Date: Fri, 21 Feb 2003 18:08:19 GMT

--FVoU9VXBP3PcghKQ
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline

* Kurt D. Zeilenga (Kurt@OpenLDAP.org) wrote:
> I've committed an alternative fix to libldap/cyrus.c and
> liblutil/sasl.c, aside from ensuring that prompt results
> are freed, performs this free in the same library which
> allocates the results.  Please test.  Thanks, Kurt

Unfortunately this runs basically the same code path the first did, with
the same problem.  The problem is that the call to sasl_client_start
will populate 'prompts' with some value but does not touch
'prompts->result', which can therefore be anything.  When this is
not-NULL the 'if( interact && interact->result ) {' check in sasl.c will
return true and an attempt will be made to free an unallocated pointer,
thus the segfault.

In general I like the idea of having the pointer freed in the same
library where it's allocated.  Unless you can keep track of if the
allocation has *actually* happened in that library you won't be able to
do that though.

	Stephen

--FVoU9VXBP3PcghKQ
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iD8DBQE+VmsKrzgMPqB3kigRAhzEAJ9Ycea9Ak0rMXXVoU7iwqKUoh1MtQCff9Vv
x+JV/jUlXKLn7Weurrah1FY=
=atSG
-----END PGP SIGNATURE-----

--FVoU9VXBP3PcghKQ--

Prev by Date: Re: Correct fix for freeing prompts->result (ITS#2325)
Next by Date: Re: Correct fix for freeing prompts->result (ITS#2325)
Index(es):
- Chronological
- Thread