[jira] [Comment Edited] (AXIS2C-1705) Possible dereference after null

Fri, 25 Mar 2022 01:43:10 -0700 


    [ 
https://issues.apache.org/jira/browse/AXIS2C-1705?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17512255#comment-17512255
 ] 

Stanislav Osipov edited comment on AXIS2C-1705 at 3/25/22, 8:42 AM:
--------------------------------------------------------------------

Possible derereference after null check

File: /src/core/deployment/dep_engine.c

Null check: line 924

Dereference: line 941

Use after free

File: /src/core/deployment/dep_engine.c

Free: line 928

Use after free: line 938

 

Code:

    if(!(dep_engine->conf_builder)) *//Null check*

   

{ 

axis2_conf_set_dep_engine(dep_engine->conf,env,NULL);        

axis2_conf_free(dep_engine->conf, env);         *//Free

* dep_engine->conf = NULL;      }

 

 

    axis2_conf_set_axis2_flag(dep_engine->conf, env, dep_engine->file_flag); 
*//Use-after-free*

    axis2_conf_set_axis2_xml(dep_engine->conf, env, dep_engine->conf_name);

 

    status = axis2_conf_builder_populate_conf(dep_engine->conf_builder, env); 
*// Null pointer dereference*


was (Author: JIRAUSER287103):
Possible derereference after null check

File: /src/core/deployment/dep_engine.c

Null check: line 924

Dereference: line 941

Use after free

File: /src/core/deployment/dep_engine.c

Free: line 928

Use after free: line 938

 

Code:

    if(!(dep_engine->conf_builder)) *//Null check*

   

{         /* Set the dep_engine to NULL before freeing conf in order to         
 avoid deleting it twice*/        

axis2_conf_set_dep_engine(dep_engine->conf,env,NULL);        

axis2_conf_free(dep_engine->conf, env);         *//Free*

dep_engine->conf = NULL;      }

 

    /**

     Very important: Only after populating we will be able to access

     parameters in axis2 xml.

     */

 

    axis2_conf_set_axis2_flag(dep_engine->conf, env, dep_engine->file_flag); 
*//Use-after-free*

    axis2_conf_set_axis2_xml(dep_engine->conf, env, dep_engine->conf_name);

 

    status = axis2_conf_builder_populate_conf(dep_engine->conf_builder, env); 
*// Null pointer dereference*

> Possible dereference after null
> -------------------------------
>
>                 Key: AXIS2C-1705
>                 URL: https://issues.apache.org/jira/browse/AXIS2C-1705
>             Project: Axis2-C
>          Issue Type: Bug
>          Components: core/deployment
>    Affects Versions: 1.6.0
>            Reporter: Stanislav Osipov
>            Priority: Minor
>
> File: /src/core/deployment/dep_engine.c
> Null check: line 746
> Dereference: line 755
>  
> Code:
>     if(!(dep_engine->conf_builder)) *//Null check*
>    
> {         axis2_conf_free(dep_engine->conf, env);         
> AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI, "Configuration builder creation 
> failed");         dep_engine->conf = NULL;     }
>  
>     /* Populate the axis2 configuration from reading axis2.xml.
>      */
>     status = axis2_conf_builder_populate_conf(dep_engine->conf_builder, env); 
> *//Null pointer dereference*



--
This message was sent by Atlassian Jira
(v8.20.1#820001)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to