[Date Prev][Date Next] [Chronological] [Thread] [Top]

(ITS#7783) tlsm_ctx_free crashes if ctx->tc_pin_file is null



Full_Name: Chris Martin
Version: 2.4.23-32.el6_4.1 but also present in git repository version
OS: Oracle Linux 6
URL: 
Submission from: (NULL) (148.87.19.206)


If tlsm_ctx_free is entered with ctx->tc_pin_file null it will crash when it
calls PL_strfree with that null pointer.

http://www.openldap.org/devel/gitweb.cgi?p=openldap.git;a=blob;f=libraries/libldap/tls_m.c;h=36dc989ef0c42fd84f226a6194e8ec2b10a5ccae;hb=HEAD
2039 static void
2040 tlsm_ctx_free ( tls_ctx *ctx )
2041 {
...
2069         PL_strfree( c->tc_pin_file )

I propose that an "if ( c->tc_pin_file )" be added before this line to protect
against this.


The specific use case when we hit this involves automount calling openldap
ldap_start_tls_s which fails with LDAP_CONNECT_ERROR.  automount then calls
openldap ldap_unbind_ext which calls ldap_ld_free which calls
ldap_int_tls_destroy which triggers this crash above.