[Pkg-gnupg-maint] Bug#773523: [PATCH] * dirmngr/ldapserver.c (ldapserver_parse_one) return NULL on 'fail'.

Joshua Rogers git at internot.info
Sat Dec 20 17:35:27 UTC 2014


--

If something inside the ldapserver_parse_one function failed, 'server' would be freed, then returned, leading to a use-after-free.

This code is likely copied from sm/gpgsm.c, which was also susceptible to this bug.
---
 dirmngr/ldapserver.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/dirmngr/ldapserver.c b/dirmngr/ldapserver.c
index 0752d95..318d3b0 100644
--- a/dirmngr/ldapserver.c
+++ b/dirmngr/ldapserver.c
@@ -125,6 +125,7 @@ ldapserver_parse_one (char *line,
     {
       log_info (_("%s:%u: skipping this line\n"), filename, lineno);
       ldapserver_list_free (server);
+      server = NULL;
     }
 
   return server;
-- 
1.9.1



More information about the Pkg-gnupg-maint mailing list