Re: [OATH-Toolkit-help] pskc_build

oath-toolkit-help

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [OATH-Toolkit-help] pskc_build_xml() use-after-free

From:	David Woodhouse
Subject:	Re: [OATH-Toolkit-help] pskc_build_xml() use-after-free
Date:	Thu, 14 Aug 2014 14:45:47 +0100

On Thu, 2014-08-14 at 13:37 +0200, Simon Josefsson wrote:
> Thanks for the bug report!
> 
> I'm a little uncertain how well the proposed patch works.  What happens
> if you call pskc_build_xml() multiple times? 

If you call pskc_build_xml() multiple times, we can throw away the
xmlDoc that's created each time (apart from the latest). Nothing points
*into* those.

It's only the original xmlDoc from pskc_parse_from_memory() that needs
to be kept around, because the individual fields in the pskc_t container
structure (e.g. container->id) will be pointing into it.

So in pskc_build_xml() we free the old container->xmldoc but only if it
*isn't* equal to container->original_xmldoc.

https://bugzilla.redhat.com/show_bug.cgi?id=1129491#c1 is probably the
nicer approach, *changing* the pointers to point into the new xmlDoc
instead of having to keep the original one around. But needs more work.

-- 
David Woodhouse                            Open Source Technology Centre
address@hidden                              Intel Corporation

smime.p7s
Description: S/MIME cryptographic signature

[Prev in Thread]

Current Thread

[Next in Thread]

[OATH-Toolkit-help] pskc_build_xml() use-after-free, David Woodhouse, 2014/08/14
- Re: [OATH-Toolkit-help] pskc_build_xml() use-after-free, Simon Josefsson, 2014/08/14
  - Re: [OATH-Toolkit-help] pskc_build_xml() use-after-free, David Woodhouse <=

Prev by Date: Re: [OATH-Toolkit-help] oath-toolkit build problem
Next by Date: Re: [OATH-Toolkit-help] PSKC file locking
Previous by thread: Re: [OATH-Toolkit-help] pskc_build_xml() use-after-free
Next by thread: [OATH-Toolkit-help] PSKC file locking
Index(es):
- Date
- Thread