In ipa-join.c:
834 if (bindpw) "join_ldap" frees "subject". [hide details] 835 rval = join_ldap(ipaserver, host, &hostdn, bindpw, &princ, &subject, quiet);
join_ldap() frees subject:
461 free(ldap_base); "free" frees parameter "*subject". 462 free((void *)*subject);
At the top, level, subject is used again and freed again:
At conditional (2): "NULL != subject" taking the true branch. 920 if (NULL != subject) Passing freed pointer "subject" as an argument to function "fprintf". 921 fprintf(stderr, _("Certificate subject base is: %s\n"), subject); 922 923 free((char *)princ); Calling "free" frees pointer "subject" which has already been freed. 924 free((char *)subject);
We should either set {{{*subject}}} to {{{NULL}}} or make it local to {{{join_ldap()}}} as it its only use is for debugging output outside {{{join_ldap()}}}
master: 6503813
Metadata Update from @jhrozek: - Issue assigned to mkosek - Issue set to the milestone: FreeIPA 2.0 - 2011/01 (cleanup)
Login to comment on this ticket.