summaryrefslogtreecommitdiff
path: root/src/providers
diff options
context:
space:
mode:
authorSumit Bose <sbose@redhat.com>2013-08-07 13:01:09 +0200
committerJakub Hrozek <jhrozek@redhat.com>2013-08-08 00:30:57 +0200
commitf7aef1e3ca5bdcddb6fb7c7e6556315faa96165d (patch)
tree04d1fc4510c3e78bf23ffcf05ae7f33dd0e3b436 /src/providers
parentd35ff4d0db1cd87c94091a85846b46e4732b1eee (diff)
downloadsssd-f7aef1e3ca5bdcddb6fb7c7e6556315faa96165d.tar.gz
sssd-f7aef1e3ca5bdcddb6fb7c7e6556315faa96165d.tar.bz2
sssd-f7aef1e3ca5bdcddb6fb7c7e6556315faa96165d.zip
Fix memory context for hash entries
In sdap_nested_group_populate_users() username and orignal_dn are allocated on a temporary memory context. If the corresponding user is not found in the cache both are added to a hash which is later on returned to the caller. To avoid a use-after-free when the hash entries are looked up both must be reassigned to the memory context of the hash.
Diffstat (limited to 'src/providers')
-rw-r--r--src/providers/ldap/sdap_async_groups.c6
1 files changed, 4 insertions, 2 deletions
diff --git a/src/providers/ldap/sdap_async_groups.c b/src/providers/ldap/sdap_async_groups.c
index 9f667320..a2e5106f 100644
--- a/src/providers/ldap/sdap_async_groups.c
+++ b/src/providers/ldap/sdap_async_groups.c
@@ -2107,11 +2107,13 @@ static errno_t sdap_nested_group_populate_users(TALLOC_CTX *mem_ctx,
if (ret != EOK) goto done;
} else {
key.type = HASH_KEY_STRING;
- key.str = discard_const(original_dn);
+ key.str = talloc_steal(ghosts, discard_const(original_dn));
value.type = HASH_VALUE_PTR;
- value.ptr = discard_const(username);
+ value.ptr = talloc_steal(ghosts, discard_const(username));
ret = hash_enter(ghosts, &key, &value);
if (ret != HASH_SUCCESS) {
+ talloc_free(key.str);
+ talloc_free(value.ptr);
ret = ENOMEM;
goto done;
}