Bug#773523: [PATCH] * dirmngr/ldapserver.c (ldapserver_parse_one) return NULL on 'fail'.

Joshua Rogers Sat, 20 Dec 2014 09:48:34 -0800

--

If something inside the ldapserver_parse_one function failed, 'server' would be 
freed, then returned, leading to a use-after-free.


This code is likely copied from sm/gpgsm.c, which was also susceptible to this 
bug.
---
 dirmngr/ldapserver.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/dirmngr/ldapserver.c b/dirmngr/ldapserver.c
index 0752d95..318d3b0 100644
--- a/dirmngr/ldapserver.c
+++ b/dirmngr/ldapserver.c
@@ -125,6 +125,7 @@ ldapserver_parse_one (char *line,
     {
       log_info (_("%s:%u: skipping this line\n"), filename, lineno);
       ldapserver_list_free (server);
+      server = NULL;
     }
 
   return server;
-- 
1.9.1


-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#773523: [PATCH] * dirmngr/ldapserver.c (ldapserver_parse_one) return NULL on 'fail'.

Reply via email to