dovecot-2.2: ldap auth: Don't access freed memory.
dovecot at dovecot.org
dovecot at dovecot.org
Thu Apr 4 20:32:39 EEST 2013
details: http://hg.dovecot.org/dovecot-2.2/rev/2294f815a4f0
changeset: 16167:2294f815a4f0
user: Timo Sirainen <tss at iki.fi>
date: Thu Apr 04 20:32:28 2013 +0300
description:
ldap auth: Don't access freed memory.
diffstat:
src/auth/db-ldap.c | 12 ++++++++++++
src/auth/db-ldap.h | 2 ++
2 files changed, 14 insertions(+), 0 deletions(-)
diffs (50 lines):
diff -r 96381ea68124 -r 2294f815a4f0 src/auth/db-ldap.c
--- a/src/auth/db-ldap.c Thu Apr 04 20:05:37 2013 +0300
+++ b/src/auth/db-ldap.c Thu Apr 04 20:32:28 2013 +0300
@@ -788,6 +788,13 @@
res = NULL;
}
}
+ if (res == NULL && !final_result) {
+ /* wait for the final reply */
+ request->failed = TRUE;
+ return TRUE;
+ }
+ if (request->failed)
+ res = NULL;
if (final_result) {
conn->pending_count--;
aqueue_delete(conn->request_queue, idx);
@@ -837,6 +844,7 @@
static void
db_ldap_handle_result(struct ldap_connection *conn, LDAPMessage *res)
{
+ struct auth_request *auth_request;
struct ldap_request *request;
unsigned int idx;
int msgid;
@@ -854,8 +862,12 @@
ldap_msgfree(res);
return;
}
+ /* request is allocated from auth_request's pool */
+ auth_request = request->auth_request;
+ auth_request_ref(auth_request);
if (db_ldap_handle_request_result(conn, request, idx, res))
db_ldap_request_free(request, res);
+ auth_request_unref(&auth_request);
}
static void ldap_input(struct ldap_connection *conn)
diff -r 96381ea68124 -r 2294f815a4f0 src/auth/db-ldap.h
--- a/src/auth/db-ldap.h Thu Apr 04 20:05:37 2013 +0300
+++ b/src/auth/db-ldap.h Thu Apr 04 20:32:28 2013 +0300
@@ -101,6 +101,8 @@
/* timestamp when request was created */
time_t create_time;
+ bool failed;
+
db_search_callback_t *callback;
struct auth_request *auth_request;
};
More information about the dovecot-cvs
mailing list