[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (ITS#7783) tlsm_ctx_free crashes if ctx->tc_pin_file is null

To: openldap-its@OpenLDAP.org
Subject: Re: (ITS#7783) tlsm_ctx_free crashes if ctx->tc_pin_file is null
From: hyc@symas.com
Date: Sun, 12 Jan 2014 21:54:11 GMT
Auto-submitted: auto-generated (OpenLDAP-ITS)

chris.w.martin@oracle.com wrote:
> Full_Name: Chris Martin
> Version: 2.4.23-32.el6_4.1 but also present in git repository version
> OS: Oracle Linux 6
> URL:
> Submission from: (NULL) (148.87.19.206)
>
>
> If tlsm_ctx_free is entered with ctx->tc_pin_file null it will crash when it
> calls PL_strfree with that null pointer.
>
> http://www.openldap.org/devel/gitweb.cgi?p=openldap.git;a=blob;f=libraries/libldap/tls_m.c;h=36dc989ef0c42fd84f226a6194e8ec2b10a5ccae;hb=HEAD
> 2039 static void
> 2040 tlsm_ctx_free ( tls_ctx *ctx )
> 2041 {
> ...
> 2069         PL_strfree( c->tc_pin_file )
>
> I propose that an "if ( c->tc_pin_file )" be added before this line to protect
> against this.
>
>
> The specific use case when we hit this involves automount calling openldap
> ldap_start_tls_s which fails with LDAP_CONNECT_ERROR.  automount then calls
> openldap ldap_unbind_ext which calls ldap_ld_free which calls
> ldap_int_tls_destroy which triggers this crash above.

Thanks for the report. This is now fixed in git master, plus another potential 
instance of the same issue.

You guys are crazy to even be using this MozNSS POS.

-- 
   -- Howard Chu
   CTO, Symas Corp.           http://www.symas.com
   Director, Highland Sun     http://highlandsun.com/hyc/
   Chief Architect, OpenLDAP  http://www.openldap.org/project/

Prev by Date: Re: (ITS#7778) Index and derived attribute bug
Next by Date: Re: (ITS#7778) Index and derived attribute bug
Index(es):
- Chronological
- Thread