Fix a segfault in insert_acl and checks against string-type acls

The "address" member of struct acl_s is a union of a char *
and the numeric ip. So freeing the string after appending it to the
vector list is bad in two respects:

1. If the acl type was numeric, then this could (and would)
   lead to a segfault due to the numeric IP data interpreted
   as pointer to the string to be freed.

2. If the acl type was string, then the acl inserted into the
   list contained a reference to this address string that
   was freed. So in the worst case dereferencing this freed
   string could segfault, or at least this could lead to
   unexpectedly failing acl checks.

Michael
This commit is contained in:
Michael Adam 2009-11-10 00:32:17 +01:00
parent 2b73e2183f
commit 4292fe7795

View File

@ -179,11 +179,7 @@ int insert_acl (char *location, acl_access_t access_type)
}
}
/*
* Add the entry and then clean up.
*/
ret = vector_append (access_list, &acl, sizeof (struct acl_s));
safefree (acl.address.string);
return ret;
}