[27154] in Athena Bugs
Memory used after being freed in liblocker
daemon@ATHENA.MIT.EDU (Geoffrey Thomas)
Fri Dec 14 02:07:09 2007
Date: Fri, 14 Dec 2007 02:06:55 -0500 (EST)
From: Geoffrey Thomas <geofft@mit.edu>
To: bugs@mit.edu
Message-ID: <Pine.LNX.4.64L.0712140157050.10327@geminorum.mit.edu>
MIME-Version: 1.0
Content-Type: MULTIPART/MIXED;
BOUNDARY="-233693952-996576088-1197616015=:10327"
X-Spam-Flag: NO
X-Spam-Score: 0.00
Cc: debathena@mit.edu
Errors-To: bugs-bounces@mit.edu
This message is in MIME format. The first part should be readable text,
while the remaining parts are likely unreadable without MIME-aware tools.
---233693952-996576088-1197616015=:10327
Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed
Hi,
On line 560 of afs.c in liblocker (according to
/mit/source/athena/lib/locker), memory for the variable user is freed.
However, the variable is used again in line 591, in an error message if
authenticating to the cell failed. This can cause garbage to be spewed as
part of the error if one e.g. attempts to add a locker when the AFS client
is not running.
I think this can be solved by moving free(user); to just after the close
brace on line 593, since nothing uses the variable or so much as allocates
memory in between. I've attached a tiny patch that does this.
--
Geoffrey Thomas
geofft@mit.edu
---233693952-996576088-1197616015=:10327
Content-Type: TEXT/x-diff; charset=US-ASCII; name=afs.c.patch
Content-Transfer-Encoding: BASE64
Content-ID: <Pine.LNX.4.64L.0712140206550.10327@geminorum.mit.edu>
Content-Description:
Content-Disposition: attachment; filename=afs.c.patch
LS0tIC9taXQvc291cmNlL2F0aGVuYS9saWIvbG9ja2VyL2Fmcy5jCTIwMDYt
MDgtMDggMTg6MjQ6MjMuMDAwMDAwMDAwIC0wNDAwDQorKysgYWZzLmMJMjAw
Ny0xMi0xNCAwMjowMToxOC4wMDAwMDAwMDAgLTA1MDANCkBAIC01NTcsNyAr
NTU3LDYgQEANCiAgICAgc3RybmNweShjbGllbnQubmFtZSwgdXNlciwgTUFY
S1RDTkFNRUxFTiAtIDEpOw0KICAgZWxzZQ0KICAgICBzcHJpbnRmKGNsaWVu
dC5uYW1lLCAiQUZTIElEICVsZCIsIChsb25nKSB2aWNlX2lkKTsNCi0gIGZy
ZWUodXNlcik7DQogICBzdHJjcHkoY2xpZW50Lmluc3RhbmNlLCAiIik7DQog
ICBzdHJuY3B5KGNsaWVudC5jZWxsLCBjcmVhbG0sIE1BWEtUQ1JFQUxNTEVO
IC0gMSk7DQogICBjbGllbnQuY2VsbFtNQVhLVENSRUFMTUxFTiAtIDFdID0g
J1wwJzsNCkBAIC01OTEsNiArNTkwLDcgQEANCiAJCSAgICAiJXM6XG4lcy5c
biIsIG5hbWUsIHVzZXIsIGNlbGwsIGVycm9yX21lc3NhZ2Uoc3RhdHVzKSk7
DQogICAgICAgcmV0dXJuIExPQ0tFUl9FQVVUSDsNCiAgICAgfQ0KKyAgZnJl
ZSh1c2VyKTsNCiANCiAgIHJldHVybiBMT0NLRVJfU1VDQ0VTUzsNCiB9DQo=
---233693952-996576088-1197616015=:10327--
