~mcepl/ldapvi

d520d9d72a8cf89f494ba12dfa429dd47888a8c1 — Enrico Scholz 11 years ago a8137aa
fix use-after-free in sasl code

==20127== Invalid read of size 4
==20127==    at 0x412AC4: finish_sasl_redirection (sasl.c:67)
==20127==    by 0x406901: rebind (ldapvi.c:611)
==20127==    by 0x407843: do_connect (ldapvi.c:732)
==20127==    by 0x4042F3: main (ldapvi.c:1739)
==20127==  Address 0x4c6498c is 28 bytes inside a block of size 40 free'd
==20127==    at 0x4A077E6: free (vg_replace_malloc.c:446)
==20127==    by 0x4068EE: rebind (ldapvi.c:609)
==20127==    by 0x407843: do_connect (ldapvi.c:732)
==20127==    by 0x4042F3: main (ldapvi.c:1739)

Originally filed as a resolution of
https://bugzilla.redhat.com/show_bug.cgi?id=949157

Signed-off-by: Enrico Scholz <enrico.scholz@sigma-chemnitz.de>
1 files changed, 1 insertions(+), 1 deletions(-)

M ldapvi/ldapvi.c
M ldapvi/ldapvi.c => ldapvi/ldapvi.c +1 -1
@@ 606,11 606,11 @@ rebind_sasl(LDAP *ld, bind_options *bind_options, char *dir, int verbose)
		ld, bind_options->user, bind_options->sasl_mech, NULL,
		NULL, sasl_mode, ldapvi_sasl_interact, defaults);

	sasl_defaults_free(defaults);
	if (defaults->fd != -1) {
		finish_sasl_redirection(defaults);
		free(defaults->pathname);
	}
	sasl_defaults_free(defaults);

	if (rc != LDAP_SUCCESS) {
		ldap_perror(ld, "ldap_sasl_interactive_bind_s");