[27155] in Athena Bugs
Re: Memory used after being freed in liblocker
daemon@ATHENA.MIT.EDU (Robert Basch)
Fri Dec 14 17:32:37 2007
Message-ID: <47630474.2020106@mit.edu>
Date: Fri, 14 Dec 2007 17:32:20 -0500
From: Robert Basch <rbasch@mit.edu>
MIME-Version: 1.0
To: Geoffrey Thomas <geofft@mit.edu>
In-Reply-To: <Pine.LNX.4.64L.0712140157050.10327@geminorum.mit.edu>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
X-Spam-Flag: NO
X-Spam-Score: 0.00
Cc: debathena@mit.edu, bugs@mit.edu
Errors-To: bugs-bounces@mit.edu
Geoffrey Thomas wrote:
> On line 560 of afs.c in liblocker (according to
> /mit/source/athena/lib/locker), memory for the variable user is freed.
> However, the variable is used again in line 591, in an error message if
> authenticating to the cell failed. This can cause garbage to be spewed
> as part of the error if one e.g. attempts to add a locker when the AFS
> client is not running.
You are correct; the memory should not be used after having
been freed. Thank you for reporting this.
> I think this can be solved by moving free(user); to just after the close
> brace on line 593, since nothing uses the variable or so much as
> allocates memory in between. I've attached a tiny patch that does this.
Moving the free() is correct, but doing only that would leave
a few code paths where the function would return without having
freed the memory. I will check in a revised version of your
patch which will free() the memory in those cases as well.
Thanks again.
Robert Basch
Infrastructure Software Development and Architecture
Information Services & Technology
