[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Correct fix for freeing prompts->result (ITS#2325)

Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline

* Kurt D. Zeilenga (Kurt@OpenLDAP.org) wrote:
> I've committed an alternative fix to libldap/cyrus.c and
> liblutil/sasl.c, aside from ensuring that prompt results
> are freed, performs this free in the same library which
> allocates the results.  Please test.  Thanks, Kurt

Unfortunately this runs basically the same code path the first did, with
the same problem.  The problem is that the call to sasl_client_start
will populate 'prompts' with some value but does not touch
'prompts->result', which can therefore be anything.  When this is
not-NULL the 'if( interact && interact->result ) {' check in sasl.c will
return true and an attempt will be made to free an unallocated pointer,
thus the segfault.

In general I like the idea of having the pointer freed in the same
library where it's allocated.  Unless you can keep track of if the
allocation has *actually* happened in that library you won't be able to
do that though.


Content-Type: application/pgp-signature
Content-Disposition: inline

Version: GnuPG v1.2.1 (GNU/Linux)