diff options
author | Sumit Bose <sbose@redhat.com> | 2013-08-07 13:01:09 +0200 |
---|---|---|
committer | Jakub Hrozek <jhrozek@redhat.com> | 2013-08-08 00:30:57 +0200 |
commit | f7aef1e3ca5bdcddb6fb7c7e6556315faa96165d (patch) | |
tree | 04d1fc4510c3e78bf23ffcf05ae7f33dd0e3b436 /src/providers | |
parent | d35ff4d0db1cd87c94091a85846b46e4732b1eee (diff) | |
download | sssd-f7aef1e3ca5bdcddb6fb7c7e6556315faa96165d.tar.gz sssd-f7aef1e3ca5bdcddb6fb7c7e6556315faa96165d.tar.bz2 sssd-f7aef1e3ca5bdcddb6fb7c7e6556315faa96165d.zip |
Fix memory context for hash entries
In sdap_nested_group_populate_users() username and orignal_dn are
allocated on a temporary memory context. If the corresponding user is
not found in the cache both are added to a hash which is later on
returned to the caller. To avoid a use-after-free when the hash entries
are looked up both must be reassigned to the memory context of the hash.
Diffstat (limited to 'src/providers')
-rw-r--r-- | src/providers/ldap/sdap_async_groups.c | 6 |
1 files changed, 4 insertions, 2 deletions
diff --git a/src/providers/ldap/sdap_async_groups.c b/src/providers/ldap/sdap_async_groups.c index 9f667320..a2e5106f 100644 --- a/src/providers/ldap/sdap_async_groups.c +++ b/src/providers/ldap/sdap_async_groups.c @@ -2107,11 +2107,13 @@ static errno_t sdap_nested_group_populate_users(TALLOC_CTX *mem_ctx, if (ret != EOK) goto done; } else { key.type = HASH_KEY_STRING; - key.str = discard_const(original_dn); + key.str = talloc_steal(ghosts, discard_const(original_dn)); value.type = HASH_VALUE_PTR; - value.ptr = discard_const(username); + value.ptr = talloc_steal(ghosts, discard_const(username)); ret = hash_enter(ghosts, &key, &value); if (ret != HASH_SUCCESS) { + talloc_free(key.str); + talloc_free(value.ptr); ret = ENOMEM; goto done; } |