summaryrefslogtreecommitdiffhomepage
diff options
context:
space:
mode:
authorMichael Adam <obnox@samba.org>2009-11-10 00:32:17 +0100
committerMichael Adam <obnox@samba.org>2009-11-10 00:37:57 +0100
commit4292fe7795cb3abfabb7196783779794c97ceb5c (patch)
tree159355c8ce6b7c6eb43d91e6c2a8f7e727f2c03d
parent2b73e2183f2a31b4c267fe5991747c8cd55b8b2d (diff)
Fix a segfault in insert_acl and checks against string-type acls
The "address" member of struct acl_s is a union of a char * and the numeric ip. So freeing the string after appending it to the vector list is bad in two respects: 1. If the acl type was numeric, then this could (and would) lead to a segfault due to the numeric IP data interpreted as pointer to the string to be freed. 2. If the acl type was string, then the acl inserted into the list contained a reference to this address string that was freed. So in the worst case dereferencing this freed string could segfault, or at least this could lead to unexpectedly failing acl checks. Michael
-rw-r--r--src/acl.c4
1 files changed, 0 insertions, 4 deletions
diff --git a/src/acl.c b/src/acl.c
index 6f0418e..5802769 100644
--- a/src/acl.c
+++ b/src/acl.c
@@ -179,11 +179,7 @@ int insert_acl (char *location, acl_access_t access_type)
}
}
- /*
- * Add the entry and then clean up.
- */
ret = vector_append (access_list, &acl, sizeof (struct acl_s));
- safefree (acl.address.string);
return ret;
}