URL: https://github.com/SSSD/sssd/pull/5411 Author: sumit-bose Title: #5411: ifp: fix original fix use-after-free Action: synchronized
To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/5411/head:pr5411 git checkout pr5411
From 8720c0d6df0c56ac0e6a7d626065c6e2b4d32d55 Mon Sep 17 00:00:00 2001 From: Sumit Bose <sb...@redhat.com> Date: Thu, 19 Nov 2020 18:05:00 +0100 Subject: [PATCH] ifp: fix original fix use-after-free The original fix stole the fqdn too earlier. Only for SSS_DP_USER requests the steal is important. For other request where the first result is returned to the caller the original version might even cause issues since the name does not belong to the memory hierarchy of the result anymore. Resolves: https://github.com/SSSD/sssd/issues/5382 --- src/responder/ifp/ifpsrv_cmd.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/responder/ifp/ifpsrv_cmd.c b/src/responder/ifp/ifpsrv_cmd.c index d956181276..8cf1ec84c8 100644 --- a/src/responder/ifp/ifpsrv_cmd.c +++ b/src/responder/ifp/ifpsrv_cmd.c @@ -128,10 +128,10 @@ static void ifp_user_get_attr_done(struct tevent_req *subreq) tevent_req_error(req, ERR_INTERNAL); return; } - fqdn = talloc_steal(state, fqdn); if (state->search_type == SSS_DP_USER) { - /* throw away the result and perform attr search */ + /* throw away the result but keep the fqdn and perform attr search */ + fqdn = talloc_steal(state, fqdn); talloc_zfree(state->res); ret = sysdb_get_user_attr_with_views(state, state->dom, fqdn,
_______________________________________________ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
