autofs-5.0.1 - fix double free in do_sasl_bind()
From: Ian Kent <raven@themaw.net>
In do_sasl_bind() the connection negotiation loop can exit with the
local variable server_cred non-null after it has been freed, leading
to a double free.
---
modules/cyrus-sasl.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
--- autofs-5.0.1.orig/modules/cyrus-sasl.c
+++ autofs-5.0.1/modules/cyrus-sasl.c
@@ -349,8 +349,10 @@ do_sasl_bind(unsigned logopt, LDAP *ld,
}
}
- if (server_cred && server_cred->bv_len > 0)
+ if (server_cred && server_cred->bv_len > 0) {
ber_bvfree(server_cred);
+ server_cred = NULL;
+ }
} while ((bind_result == LDAP_SASL_BIND_IN_PROGRESS) ||
(sasl_result == SASL_CONTINUE));
distrib
>
Scientific%20Linux
>
5x
>
x86_64
>
by-pkgid
>
130701790bf2d95e902edf16031ff596
>
files
>
54
