Fix NULL pointer deref on memory allocation failure
This commit is contained in:
yixiangzhike
parent
62b6d62522
commit
4c86ed4fc6
@ -0,0 +1,46 @@
|
||||
From 91bb8c995f977d289077e6a6dceff74f4aed60b6 Mon Sep 17 00:00:00 2001
|
||||
From: Arthur de Jong <arthur@arthurdejong.org>
|
||||
Date: Tue, 27 Aug 2024 21:20:29 +0200
|
||||
Subject: [PATCH] Fix NULL pointer deref on memory allocation failure
|
||||
|
||||
This fixes a NULL pointer dereference when a call to malloc() failed.
|
||||
|
||||
Closes https://github.com/arthurdejong/nss-pam-ldapd/issues/70
|
||||
---
|
||||
nslcd/passwd.c | 12 ++++++++++--
|
||||
1 file changed, 10 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/nslcd/passwd.c b/nslcd/passwd.c
|
||||
index a4e2678..59b21d0 100644
|
||||
--- a/nslcd/passwd.c
|
||||
+++ b/nslcd/passwd.c
|
||||
@@ -5,7 +5,7 @@
|
||||
|
||||
Copyright (C) 1997-2005 Luke Howard
|
||||
Copyright (C) 2006 West Consulting
|
||||
- Copyright (C) 2006-2017 Arthur de Jong
|
||||
+ Copyright (C) 2006-2024 Arthur de Jong
|
||||
|
||||
This library is free software; you can redistribute it and/or
|
||||
modify it under the terms of the GNU Lesser General Public
|
||||
@@ -293,8 +293,16 @@ char *dn2uid(MYLDAP_SESSION *session, const char *dn, char *buf, size_t buflen)
|
||||
/* see if we have a cached entry */
|
||||
pthread_mutex_lock(&dn2uid_cache_mutex);
|
||||
if (dn2uid_cache == NULL)
|
||||
+ {
|
||||
dn2uid_cache = dict_new();
|
||||
- if ((dn2uid_cache != NULL) && ((cacheentry = dict_get(dn2uid_cache, dn)) != NULL))
|
||||
+ if (dn2uid_cache == NULL)
|
||||
+ {
|
||||
+ log_log(LOG_ERR, "dict_new() failed to allocate memory");
|
||||
+ pthread_mutex_unlock(&dn2uid_cache_mutex);
|
||||
+ return NULL;
|
||||
+ }
|
||||
+ }
|
||||
+ if ((cacheentry = dict_get(dn2uid_cache, dn)) != NULL)
|
||||
{
|
||||
if ((cacheentry->uid != NULL) && (strlen(cacheentry->uid) < buflen))
|
||||
{
|
||||
--
|
||||
2.33.0
|
||||
|
||||
@ -2,7 +2,7 @@
|
||||
|
||||
Name: nss-pam-ldapd
|
||||
Version: 0.9.12
|
||||
Release: 4
|
||||
Release: 5
|
||||
Summary: NSS and PAM libraries for name lookups and authentication using LDAP
|
||||
License: LGPLv2+
|
||||
URL: http://arthurdejong.org/nss-pam-ldapd/
|
||||
@ -15,6 +15,7 @@ Patch0: 0001-Disable-pylint-tests.patch
|
||||
Patch1: 0002-Watch-for-uint32_t-overflows.patch
|
||||
Patch2: backport-Fix-off-by-one-error-in-closing-file-descriptors.patch
|
||||
Patch3: backport-Fix-memory-leak-in-config-parsing.patch
|
||||
Patch4: backport-Fix-NULL-pointer-deref-on-memory-allocation-failure.patch
|
||||
|
||||
BuildRequires: gcc, openldap-devel, krb5-devel, autoconf, automake, pam-devel, systemd-units
|
||||
%{?systemd_requires}
|
||||
@ -102,6 +103,12 @@ getent passwd nslcd > /dev/null || \
|
||||
%{_mandir}/*/*
|
||||
|
||||
%changelog
|
||||
* Thu Oct 24 2024 yixiangzhike <yixiangzhike007@163.com> - 0.9.12-5
|
||||
- Type:bugfix
|
||||
- CVE:NA
|
||||
- SUG:NA
|
||||
- DESC:Fix NULL pointer deref on memory allocation failure
|
||||
|
||||
* Wed Oct 09 2024 yixiangzhike <yixiangzhike007@163.com> - 0.9.12-4
|
||||
- Type:bugfix
|
||||
- CVE:NA
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user