Home Explore Help
Register Sign In
Apq
/
389-ds-base
mirror of https://github.com/389ds/389-ds-base.git
1
0
Fork 0
Files Issues 0 Wiki
Browse Source

Fix double-free in _cl5NewDBFile() error path

Although slapi_ch_free should prevent double-free errors, it doesn't work
in old code because after assignment

(*dbFile)->name = name;

two independent pointers points to the same allocated area and both pointers
are free()-ed (one directly in error path in _cl5NewDBFile and the second
in _cl5DBCloseFile, called in error path as well).

Signed-off-by: Mark Reynolds <[email protected]>
Adam Tkac 8 years ago
parent
314e9ecf31
commit
13e89e5fe9
1 changed files with 4 additions and 3 deletions
Split View Show Diff Stats
  1. 4 3
      ldap/servers/plugins/replication/cl5_api.c

+ 4 - 3
ldap/servers/plugins/replication/cl5_api.c
View File 

@@ -6269,9 +6269,10 @@ out:
 
 	}
 
 
     (*dbFile)->db = db;
 
-    (*dbFile)->name = name;  
-    (*dbFile)->replName = slapi_ch_strdup (replName);  
-    (*dbFile)->replGen = slapi_ch_strdup (replGen);  
+    (*dbFile)->name = name;
 
+    name = NULL; /* transfer ownership to dbFile struct */
 
+    (*dbFile)->replName = slapi_ch_strdup (replName);
 
+    (*dbFile)->replGen = slapi_ch_strdup (replGen);
 
 
 	/*
 
 	 * Considerations for setting up cl semaphore: