[Pkg-gnupg-maint] Bug#773523: [PATCH] * dirmngr/ldapserver.c (ldapserver_parse_one) return NULL on 'fail'.
Joshua Rogers
git at internot.info
Sat Dec 20 17:35:27 UTC 2014
--
If something inside the ldapserver_parse_one function failed, 'server' would be freed, then returned, leading to a use-after-free.
This code is likely copied from sm/gpgsm.c, which was also susceptible to this bug.
---
dirmngr/ldapserver.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/dirmngr/ldapserver.c b/dirmngr/ldapserver.c
index 0752d95..318d3b0 100644
--- a/dirmngr/ldapserver.c
+++ b/dirmngr/ldapserver.c
@@ -125,6 +125,7 @@ ldapserver_parse_one (char *line,
{
log_info (_("%s:%u: skipping this line\n"), filename, lineno);
ldapserver_list_free (server);
+ server = NULL;
}
return server;
--
1.9.1
More information about the Pkg-gnupg-maint
mailing list