File 12000-2984214-bnc595258-double-free-error-cimXmlGen.c-triggered-by-Assocator.patch of Package sblim-sfcb-sle11-sp1

From e87bf6548a1c1796d25458959f19cafc733d65a0 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Klaus=20K=C3=A4mpf?= <kkaempf@suse.de>
Date: Fri, 9 Apr 2010 09:53:20 +0200
Subject: [PATCH] double free error cimXmlGen.c: triggered by AssocatorNames - ID: 2984214

cimXmlGen.c: nsPath2xml triggers a double free error with get
AssocatorNames if CIM object path contains a hostname.

In this case, cim object path's hostname string gets put on the
managed_thread heap  and a ptr to that heap's string is returned.

The free at the bottom of nsPath2xml erroneously tries to free that
Heap tracked hostname string (in char *hn) resulting in a double free
error when __flush_mt is called later.

In the case of  SFCB builtin instances in root/interop, they don't
seem to have hostname initialized, so nsPath2xml calls malloc locally
and gethostname() to fill char *hn. So free'ing
this malloc'd string is all good.
---
 cimXmlGen.c |    2 +-
 1 files changed, 1 insertions(+), 1 deletions(-)

diff --git a/cimXmlGen.c b/cimXmlGen.c
index d2f210c..4179315 100644
--- a/cimXmlGen.c
+++ b/cimXmlGen.c
@@ -561,10 +561,10 @@ static int nsPath2xml(CMPIObjectPath * ci, UtilStringBuffer * sb)
        } else {
         SFCB_APPENDCHARS_BLOCK(sb, "localhost");
       }
+      free (hn);
    }
    SFCB_APPENDCHARS_BLOCK(sb, "</HOST>\n");
    
-   free (hn);
    lnsPath2xml(ci, sb);
    SFCB_APPENDCHARS_BLOCK(sb, "</NAMESPACEPATH>\n");
    _SFCB_RETURN(0);
-- 
1.6.4.2

Places

File 12000-2984214-bnc595258-double-free-error-cimXmlGen.c-triggered-by-Assocator.patch of Package sblim-sfcb-sle11-sp1

Places