Content-Type: text/plain Content-Disposition: inline Content-Transfer-Encoding: binary MIME-Version: 1.0 X-Mailer: MIME-tools 5.509 (Entity 5.509) From: ghudson@mit.edu Subject: git commit Content-Length: 1019 Avoid use after free during libkrad cleanup libkrad client requests contain a list of references to remotes, with no back-references or reference counts. To prevent accesses to dangling references during cleanup, cancel all requests on all remotes before freeing any remotes. Remove the code for aging out unused servers. This code was fairly safe as all requests referencing a remote should have completed or timed out during an hour of disuse, but in the current design we have no way to guarantee or check that. The set of addresses we send RADIUS requests to will generally be small, so aging out servers is unnecessary. https://github.com/krb5/krb5/commit/ce160f8826bae223876a6527a731c36b6912db15 Author: Greg Hudson Commit: ce160f8826bae223876a6527a731c36b6912db15 Branch: master src/lib/krad/client.c | 42 ++++++++++++++---------------------------- src/lib/krad/internal.h | 4 ++++ src/lib/krad/remote.c | 11 ++++++++--- 3 files changed, 26 insertions(+), 31 deletions(-)