[PATCH 11/12] torture: Fix use-after-free in ldap.nested-search
abartlet at samba.org
abartlet at samba.org
Sun Sep 7 17:30:37 MDT 2014
From: Andrew Bartlett <abartlet at samba.org>
Found by AddressSanitizer
Change-Id: Ie3bb4054201382cacb4b296308d561a3548f8cff
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
---
source4/torture/ldap/nested_search.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/source4/torture/ldap/nested_search.c b/source4/torture/ldap/nested_search.c
index 47299c2..04b7f4d 100644
--- a/source4/torture/ldap/nested_search.c
+++ b/source4/torture/ldap/nested_search.c
@@ -60,11 +60,13 @@ static int nested_search_callback(struct ldb_request *req,
"defaultNamingContext",
NULL
};
+ int type;
sctx = talloc_get_type(req->context, struct nested_search_context);
+ type = ares->type;
/* sanity check */
- switch (ares->type) {
+ switch (type) {
case LDB_REPLY_ENTRY:
torture_comment(sctx->tctx, "nested_search_callback: LDB_REPLY_ENTRY\n");
ldb_msg = ares->message;
@@ -89,7 +91,7 @@ static int nested_search_callback(struct ldb_request *req,
}
/* not a search reply, then get out */
- if (ares->type != LDB_REPLY_ENTRY) {
+ if (type != LDB_REPLY_ENTRY) {
return res;
}
--
2.1.0
More information about the samba-technical
mailing list