krb5 commit [krb5-1.18]: Fix use-after-free during krad remote_shutdown()
Greg Hudson
ghudson at mit.edu
Mon Jul 12 12:41:41 EDT 2021
https://github.com/krb5/krb5/commit/ed1ee79e90ccf485eed370dbda83829046502139
commit ed1ee79e90ccf485eed370dbda83829046502139
Author: Robbie Harwood <rharwood at redhat.com>
Date: Sat May 29 13:25:59 2021 -0400
Fix use-after-free during krad remote_shutdown()
Since elements of the queue can be removed on out-of-memory errors,
the correct call is K5_TAILQ_FOREACH_SAFE, not K5_TAILQ_FOREACH.
Reported by Coverity.
(cherry picked from commit 8c88defb16b34937d5b72b4832c854ce2dbe32d1)
ticket: 9015
version_fixed: 1.18.4
src/lib/krad/remote.c | 4 ++--
1 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/src/lib/krad/remote.c b/src/lib/krad/remote.c
index 437f7e9..12e33cf 100644
--- a/src/lib/krad/remote.c
+++ b/src/lib/krad/remote.c
@@ -220,12 +220,12 @@ static void
remote_shutdown(krad_remote *rr)
{
krb5_error_code retval;
- request *r;
+ request *r, *next;
remote_disconnect(rr);
/* Start timers for all unsent packets. */
- K5_TAILQ_FOREACH(r, &rr->list, list) {
+ K5_TAILQ_FOREACH_SAFE(r, &rr->list, list, next) {
if (r->timer == NULL) {
retval = request_start_timer(r, rr->vctx);
if (retval != 0)
More information about the cvs-krb5
mailing list