39 lines
1.4 KiB
Diff
39 lines
1.4 KiB
Diff
From 3b158934cbb8f87cbfaf1650389b8dcd654b92ca Mon Sep 17 00:00:00 2001
|
|
From: Sumit Bose <sbose@redhat.com>
|
|
Date: Thu, 19 Nov 2020 18:05:00 +0100
|
|
Subject: [PATCH] ifp: fix original fix use-after-free
|
|
|
|
The original fix stole the fqdn too earlier. Only for SSS_DP_USER
|
|
requests the steal is important. For other request where the first
|
|
result is returned to the caller the original version
|
|
might even cause issues since the name does not belong to the memory
|
|
hierarchy of the result anymore.
|
|
|
|
Resolves: https://github.com/SSSD/sssd/issues/5382
|
|
|
|
Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
|
|
---
|
|
src/responder/ifp/ifpsrv_cmd.c | 4 ++--
|
|
1 file changed, 2 insertions(+), 2 deletions(-)
|
|
|
|
diff --git a/src/responder/ifp/ifpsrv_cmd.c b/src/responder/ifp/ifpsrv_cmd.c
|
|
index d95618127..8cf1ec84c 100644
|
|
--- a/src/responder/ifp/ifpsrv_cmd.c
|
|
+++ b/src/responder/ifp/ifpsrv_cmd.c
|
|
@@ -128,10 +128,10 @@ static void ifp_user_get_attr_done(struct tevent_req *subreq)
|
|
tevent_req_error(req, ERR_INTERNAL);
|
|
return;
|
|
}
|
|
- fqdn = talloc_steal(state, fqdn);
|
|
|
|
if (state->search_type == SSS_DP_USER) {
|
|
- /* throw away the result and perform attr search */
|
|
+ /* throw away the result but keep the fqdn and perform attr search */
|
|
+ fqdn = talloc_steal(state, fqdn);
|
|
talloc_zfree(state->res);
|
|
|
|
ret = sysdb_get_user_attr_with_views(state, state->dom, fqdn,
|
|
--
|
|
2.21.3
|
|
|