Startsida Utforska Hjälp
Registrera dig Logga in
Apq
/
389-ds-base
spegling av https://github.com/389ds/389-ds-base.git
1
0
Fork 0
Filer Ärenden 0 Wiki
Bläddra i källkod

Resolves: bug 458506
Bug Description: SASL bind can leak credentials in some cases
Reviewed by: nkinder, nhosoi (Thanks!)
Branch: HEAD
Fix Description: There is this call in saslbind.c line 767:
/* can't do any harm */
if (cred->bv_len == 0) cred->bv_val = NULL;
apparently in some cases, cred bv_len is 0 but cred->bv_val is not-null. This
causes a leak of cred->bv_val.
The fix is to make sure cred->bv_val is freed if bv_len is 0. This should
catch all cases where this erroneous assumption is made.
Platforms tested: RHEL5, Fedora 8
Flag Day: no
Doc impact: no
QA impact: should be covered by regular nightly and manual testing
New Tests integrated into TET: none

Rich Megginson 17 år sedan
förälder
f38168d047
incheckning
3cbd862d52
1 ändrade filer med 6 tillägg och 0 borttagningar
Delad Vy Visa Diff Statistik
  1. 6 0
      ldap/servers/slapd/bind.c

+ 6 - 0
ldap/servers/slapd/bind.c
Visa fil 

@@ -189,6 +189,9 @@ do_bind( Slapi_PBlock *pb )
 
             ber_len_t clen;
 
             if (( ber_peek_tag( ber, &clen )) == LBER_OCTETSTRING ) {
 
                 rc = ber_scanf( ber, "o}}", &cred );
 
+                if (cred.bv_len == 0) {
 
+                    slapi_ch_free_string(&cred.bv_val);
 
+                }
 
             } else {
 
                 rc = ber_scanf( ber, "}}" );
 
             }
 
@@ -210,6 +213,9 @@ do_bind( Slapi_PBlock *pb )
 
         /* FALLTHROUGH */
 
     case LDAP_AUTH_SIMPLE:
 
         rc = ber_scanf( ber, "o}", &cred );
 
+        if (cred.bv_len == 0) {
 
+            slapi_ch_free_string(&cred.bv_val);
 
+        }
 
         break;
 
     default:
 
         log_bind_access (pb, slapi_sdn_get_dn (&sdn), method, version, saslmech, "Unknown bind method");