On Mon, May 11, 2015 at 10:53:35AM +0200, Lukas Slebodnik wrote:
On (11/05/15 10:00), Lukas Slebodnik wrote:
>On (11/05/15 09:53), Jakub Hrozek wrote:
>>Hi,
>>
>>please review this trivial attached patch.
>
>>From 7fdd592a2630d57d0ba5102bca1b85d8418bf912 Mon Sep 17 00:00:00 2001
>>From: Jakub Hrozek <jhrozek(a)redhat.com>
>>Date: Tue, 21 Apr 2015 09:34:24 +0200
>>Subject: [PATCH] LDAP: return after tevent_req_error
>>
>>---
>> src/providers/ldap/sdap_async_connection.c | 1 +
>> 1 file changed, 1 insertion(+)
>>
>>diff --git a/src/providers/ldap/sdap_async_connection.c
b/src/providers/ldap/sdap_async_connection.c
>>index
bffe787c945f07852a5b0ca3626dd393e0344349..15232efa6bb0454498db58c7aef8a5536248d54b 100644
>>--- a/src/providers/ldap/sdap_async_connection.c
>>+++ b/src/providers/ldap/sdap_async_connection.c
>>@@ -1218,6 +1218,7 @@ static void sdap_kinit_done(struct tevent_req *subreq)
>> DEBUG(SSSDBG_OP_FAILURE,
>> "Unable to set env. variable KRB5CCNAME!\n");
>> tevent_req_error(req, ERR_AUTH_FAILED);
>>+ return;
>> }
>>
>> state->expire_time = expire_time;
>
>It is not clear for this patch but it would be use after free.
>BTW it is a quite old code.
>
>2013-02-26 16:25:07 -0500 1220) tevent_req_error(req, ERR_AUTH_FAILED);
>2009-11-19 18:47:56 -0500 1221) }
>2009-11-19 18:47:56 -0500 1222)
>2010-07-02 18:38:48 +0400 1223) state->expire_time = expire_time;
>2009-11-19 18:47:56 -0500 1224) tevent_req_done(req);
>2009-11-19 18:47:56 -0500 1225) return;
>
>ACK
>
>Do we want this patch to stable branches as well (1.12, 1.11)
>It's potential crash,
I think yes, this kind of bugs is otherwise impossible to track down and
the patch is very low-risk.
* master: f1f5854566c1ee44320a1111a33c12bcc409f00a
* sssd-1-12: fec528a3929792d4ec2981d6f3db30d6286197e7
* sssd-1-11: 1ec5ef62d63937727187419b36549edacd98a271