curl-library
Re: PATCH: prevent a double free() with a malformed LDAP URL
Date: Thu, 22 Aug 2013 17:41:53 -0400
On 8/22/13 5:23 PM, "Daniel Stenberg" <daniel_at_haxx.se> wrote:
>On Wed, 21 Aug 2013, Geoff Beier wrote:
>
>> Yes. This made it harder to read for me. Upon success
>>_ldap_free_urldesc()
>> was properly freeing elements of ->lud_attrs that had been allocated by
>> unescape_elements. Upon error, those elements had been populated by
>>strtok_r
>> and didn't need to be freed but were being freed anyway.
>
>Ah yes indeed! That seems to be the culprit.
>
>> So I think the right fix is to free the array but not the individual
>> elements whenever we're returning an error code prior to the
>> unescape_elements() call.
>>
>> Does that match your read? If so I'll rewrite the patch.
>
>Yes it does.
>
>I guess that information, if each line was individually allocated or not,
>needs to be stored somewhere so that _ldap_free_urldesc can do the right
>thing.
I'd imagine setting lud_attr elements to NULL (instead of setting
lud_attrs to NULL) is the right thing to do upon error. That'd leave
_ldap_free_urldesc as is.
>
>--
>
> / daniel.haxx.se
>-------------------------------------------------------------------
>List admin: http://cool.haxx.se/list/listinfo/curl-library
>Etiquette: http://curl.haxx.se/mail/etiquette.html
-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette: http://curl.haxx.se/mail/etiquette.html
Received on 2013-08-22