cURL / Mailing Lists / curl-library / Single Mail

curl-library

Re: PATCH: prevent a double free() with a malformed LDAP URL

From: Daniel Stenberg <daniel_at_haxx.se>
Date: Thu, 22 Aug 2013 23:23:29 +0200 (CEST)

On Wed, 21 Aug 2013, Geoff Beier wrote:

> Yes. This made it harder to read for me. Upon success _ldap_free_urldesc()
> was properly freeing elements of ->lud_attrs that had been allocated by
> unescape_elements. Upon error, those elements had been populated by strtok_r
> and didn't need to be freed but were being freed anyway.

Ah yes indeed! That seems to be the culprit.

> So I think the right fix is to free the array but not the individual
> elements whenever we're returning an error code prior to the
> unescape_elements() call.
>
> Does that match your read? If so I'll rewrite the patch.

Yes it does.

I guess that information, if each line was individually allocated or not,
needs to be stored somewhere so that _ldap_free_urldesc can do the right
thing.

-- 
  / daniel.haxx.se
-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette:  http://curl.haxx.se/mail/etiquette.html
Received on 2013-08-22