[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Correct fix for freeing prompts->result (ITS#2325)

At 10:08 AM 2/21/2003, Stephen Frost wrote:
>* Kurt D. Zeilenga (Kurt@OpenLDAP.org) wrote:
>> I've committed an alternative fix to libldap/cyrus.c and
>> liblutil/sasl.c, aside from ensuring that prompt results
>> are freed, performs this free in the same library which
>> allocates the results.  Please test.  Thanks, Kurt
>Unfortunately this runs basically the same code path the first did, with
>the same problem.  The problem is that the call to sasl_client_start
>will populate 'prompts' with some value but does not touch
>'prompts->result', which can therefore be anything.


Checking in libldap/cyrus.c;
/repo/OpenLDAP/pkg/ldap/libraries/libldap/cyrus.c,v  <--  cyrus.c
new revision: 1.79; previous revision: 1.78
Checking in liblutil/sasl.c;
/repo/OpenLDAP/pkg/ldap/libraries/liblutil/sasl.c,v  <--  sasl.c
new revision: 1.15; previous revision: 1.14

>When this is
>not-NULL the 'if( interact && interact->result ) {' check in sasl.c will
>return true and an attempt will be made to free an unallocated pointer,
>thus the segfault.
>In general I like the idea of having the pointer freed in the same
>library where it's allocated.

It's actually required on platforms that support multiple
heaps per library.  (which means the patch I just committed
needs a bit more work)