certmonger/SOURCES/0032-Fix-use-after-free-issue.patch
2021-09-09 15:18:21 +00:00

35 lines
1.2 KiB
Diff

From c6f2737747cbb70adfdd1a77412b669838f9c419 Mon Sep 17 00:00:00 2001
From: Rob Crittenden <rcritten@redhat.com>
Date: Mon, 2 Dec 2019 15:08:54 -0500
Subject: [PATCH] Fix use-after-free issue
The basedn value was freed after the first search but a second
one could be initiated.
---
src/ipa.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/ipa.c b/src/ipa.c
index 40a4b52c..41ca9081 100644
--- a/src/ipa.c
+++ b/src/ipa.c
@@ -540,7 +540,6 @@ fetch_roots(const char *server, int ldap_uri_cmd, const char *ldap_uri,
/* Now look up the root certificates for the domain. */
snprintf(lfilter, sizeof(lfilter), "(%s=*)", lattrs[0]);
snprintf(ldn, sizeof(ldn), "%s,%s", relativedn, basedn);
- free(basedn);
rc = ldap_search_ext_s(ld, ldn, LDAP_SCOPE_SUBTREE,
lfilter, lattrs, 0, NULL, NULL, NULL,
LDAP_NO_LIMIT, &lresult);
@@ -551,6 +550,7 @@ fetch_roots(const char *server, int ldap_uri_cmd, const char *ldap_uri,
lfilter, lattrs, 0, NULL, NULL, NULL,
LDAP_NO_LIMIT, &lresult);
}
+ free(basedn);
if (rc != LDAP_SUCCESS) {
fprintf(stderr, "Error searching '%s': %s.\n",
ldn, ldap_err2string(rc));
--
2.21.0