From abd5f6752d693b7f313c19604f0723ecec4d39a6 Mon Sep 17 00:00:00 2001
From: Werner Koch <wk@gnupg.org>
Date: Mon, 22 Dec 2014 12:16:46 +0100
Subject: dirmngr,gpgsm: Return NULL on fail

* dirmngr/ldapserver.c (ldapserver_parse_one): Set SERVER to NULL.
* sm/gpgsm.c (parse_keyserver_line): Ditto.
--

Reported-by: Joshua Rogers <git@internot.info>

  "If something inside the ldapserver_parse_one function failed,
   'server' would be freed, then returned, leading to a
   use-after-free.  This code is likely copied from sm/gpgsm.c, which
   was also susceptible to this bug."

Signed-off-by: Werner Koch <wk@gnupg.org>
---
 dirmngr/ldapserver.c | 1 +
 1 file changed, 1 insertion(+)

(limited to 'dirmngr/ldapserver.c')

diff --git a/dirmngr/ldapserver.c b/dirmngr/ldapserver.c
index 20a574cb6..5808c5b02 100644
--- a/dirmngr/ldapserver.c
+++ b/dirmngr/ldapserver.c
@@ -125,6 +125,7 @@ ldapserver_parse_one (char *line,
     {
       log_info (_("%s:%u: skipping this line\n"), filename, lineno);
       ldapserver_list_free (server);
+      server = NULL;
     }
 
   return server;
-- 
cgit v1.2.3