Openwrt/obsolete-buildroot/sources/openwrt/patches/ppp/auth_hook_segfault

34 lines
967 B
Plaintext
Raw Normal View History

To: md@linux.it, mjt@corpit.ru
Subject: pppd-auth-hook.patch
Message-Id: <20040604231517.3E9AD11DC4@paltus.tls.msk.ru>
Date: Sat, 5 Jun 2004 03:15:17 +0400 (MSD)
From: mjt@corpit.ru (Michael Tokarev)
The patch below fixes pppd segfault when using auth_hook that sets
options for the user (use-after-free problem).
/mjt
--- ppp/pppd/auth.c.orig Mon Jun 23 18:12:04 2003
+++ ppp/pppd/auth.c Sat Jun 5 03:11:36 2004
@@ -1251,14 +1251,14 @@
if (pap_auth_hook) {
ret = (*pap_auth_hook)(user, passwd, msg, &addrs, &opts);
if (ret >= 0) {
+ /* note: set_allowed_addrs() saves opts (but not addrs): don't free it! */
if (ret)
set_allowed_addrs(unit, addrs, opts);
- BZERO(passwd, sizeof(passwd));
+ else if (opts != 0)
+ free_wordlist(opts);
if (addrs != 0)
free_wordlist(addrs);
- if (opts != 0) {
- free_wordlist(opts);
- }
+ BZERO(passwd, sizeof(passwd));
return ret? UPAP_AUTHACK: UPAP_AUTHNAK;
}
}