#3250 Use-after free in resolver in case the fd is writeable and readable at the same time
Closed: Fixed None Opened 7 years ago by jhrozek.

Carl Henrik Holth Lunde found a bug in SSSD resolver code in case the file descriptor we use to integrate c-ares with libtevent is both readable and writable at the same time. In this case, we process the request twice, both for TEVENT_FD_WRITE and TEVENT_FD_READ. The first callback processing frees the internal watch structure and the second callback invocation accesses invalid memory.

Carl also proposed a patch for this bug himself.


Fields changed

version: 1.14.2 => 1.13.4

Fields changed

milestone: NEEDS_TRIAGE => SSSD 1.13.5

resolution: => fixed
status: new => closed

Metadata Update from @jhrozek:
- Issue set to the milestone: SSSD 1.13.5

7 years ago

SSSD is moving from Pagure to Github. This means that new issues and pull requests
will be accepted only in SSSD's github repository.

This issue has been cloned to Github and is available here:
- https://github.com/SSSD/sssd/issues/4283

If you want to receive further updates on the issue, please navigate to the github issue
and click on subscribe button.

Thank you for understanding. We apologize for all inconvenience.

Login to comment on this ticket.

Metadata