[PATCH] asn1: fix use-after-free in asn1_write
Jeff Layton
jlayton at samba.org
Sun Oct 13 19:26:55 MDT 2013
On talloc_realloc failure, asn1_write calls talloc_free on an asn1_data
pointer and then tries to immediately set the has_error flag on it.
Skip the free and just set the has_error flag.
Signed-off-by: Jeff Layton <jlayton at redhat.com>
---
lib/util/asn1.c | 1 -
1 file changed, 1 deletion(-)
diff --git a/lib/util/asn1.c b/lib/util/asn1.c
index 70637a3..7e85d4b 100644
--- a/lib/util/asn1.c
+++ b/lib/util/asn1.c
@@ -44,7 +44,6 @@ bool asn1_write(struct asn1_data *data, const void *p, int len)
uint8_t *newp;
newp = talloc_realloc(data, data->data, uint8_t, data->ofs+len);
if (!newp) {
- asn1_free(data);
data->has_error = true;
return false;
}
--
1.8.3.1
More information about the samba-technical
mailing list