[Date Prev][Date Next] [Chronological] [Thread] [Top]

(ITS#7783) tlsm_ctx_free crashes if ctx->tc_pin_file is null

Full_Name: Chris Martin
Version: 2.4.23-32.el6_4.1 but also present in git repository version
OS: Oracle Linux 6
Submission from: (NULL) (

If tlsm_ctx_free is entered with ctx->tc_pin_file null it will crash when it
calls PL_strfree with that null pointer.

2039 static void
2040 tlsm_ctx_free ( tls_ctx *ctx )
2041 {
2069         PL_strfree( c->tc_pin_file )

I propose that an "if ( c->tc_pin_file )" be added before this line to protect
against this.

The specific use case when we hit this involves automount calling openldap
ldap_start_tls_s which fails with LDAP_CONNECT_ERROR.  automount then calls
openldap ldap_unbind_ext which calls ldap_ld_free which calls
ldap_int_tls_destroy which triggers this crash above.