[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[bug-mailutils] Re: crash in imap4d/auth_gsasl.c:66 gsasl_replace_stream
|
From: |
Simon Josefsson |
|
Subject: |
[bug-mailutils] Re: crash in imap4d/auth_gsasl.c:66 gsasl_replace_streams |
|
Date: |
Thu, 18 Mar 2010 17:26:23 +0100 |
|
User-agent: |
Gnus/5.110011 (No Gnus v0.11) Emacs/23.1 (gnu/linux) |
Sergey Poznyakoff <address@hidden> writes:
> Hi Simon,
>
>> > first 'free' above should be removed. This solves the problem for me,
>> > but I'm not sure if I introduce a memory leak.
>>
>> Sorry, I meant s/first/second/.
>
> Yes, definitely, the *second* one is superfluous. Thanks!
Here is a patch for that bug, and another I found.
/Simon
>From 8d8dabea17898fad888bd940cbfc4789d6c4f5fa Mon Sep 17 00:00:00 2001
From: Simon Josefsson <address@hidden>
Date: Thu, 18 Mar 2010 17:25:31 +0100
Subject: [PATCH] Fix crashes.
* imap4d/auth_gsasl.c (gsasl_replace_streams): Don't free already
deallocated variable self.
(auth_gsasl): De-allocate buffer after use of it completed.
---
imap4d/auth_gsasl.c | 5 ++---
1 files changed, 2 insertions(+), 3 deletions(-)
diff --git a/imap4d/auth_gsasl.c b/imap4d/auth_gsasl.c
index 3f137b0..acc0645 100644
--- a/imap4d/auth_gsasl.c
+++ b/imap4d/auth_gsasl.c
@@ -63,7 +63,6 @@ gsasl_replace_streams (void *self, void *data)
util_set_output (s[1]);
free (s);
util_event_remove (self);
- free (self);
return 0;
}
@@ -99,8 +98,7 @@ auth_gsasl (struct imap4d_command *command, char *auth_type,
char **username)
util_send ("+ %s\r\n", output);
imap4d_getline (&input_str, &input_size, &input_len);
}
-
- free (input_str);
+
if (rc != GSASL_OK)
{
mu_diag_output (MU_DIAG_NOTICE, _("GSASL error: %s"),
@@ -115,6 +113,7 @@ auth_gsasl (struct imap4d_command *command, char
*auth_type, char **username)
{
util_send ("+ %s\r\n", output);
imap4d_getline (&input_str, &input_size, &input_len);
+ free (input_str);
if (input_len != 0)
{
mu_diag_output (MU_DIAG_NOTICE, _("non-empty client response"));
--
1.7.0