From 3fa9e6ad35c7768ccba7381599119656b18e5eb9 Mon Sep 17 00:00:00 2001 From: Dmitry Kozlov Date: Fri, 4 Mar 2016 22:08:17 +0300 Subject: ppp_auth: fixed possible use after free --- accel-pppd/ppp/ppp_auth.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) (limited to 'accel-pppd/ppp') diff --git a/accel-pppd/ppp/ppp_auth.c b/accel-pppd/ppp/ppp_auth.c index aa663bf0..79272886 100644 --- a/accel-pppd/ppp/ppp_auth.c +++ b/accel-pppd/ppp/ppp_auth.c @@ -343,10 +343,8 @@ int __export ppp_auth_succeeded(struct ppp_t *ppp, char *username) { struct auth_layer_data_t *ad = container_of(ppp_find_layer_data(ppp, &auth_layer), typeof(*ad), ld); - if (ap_session_set_username(&ppp->ses, username)) { - _free(username); + if (ap_session_set_username(&ppp->ses, username)) return -1; - } if (connect_ppp_channel(ppp)) return -1; @@ -361,7 +359,9 @@ void __export ppp_auth_failed(struct ppp_t *ppp, char *username) if (username) { pthread_rwlock_wrlock(&ses_lock); if (!ppp->ses.username) - ppp->ses.username = _strdup(username); + ppp->ses.username = username; + else + _free(username); ppp->ses.terminate_cause = TERM_AUTH_ERROR; pthread_rwlock_unlock(&ses_lock); log_ppp_info1("%s: authentication failed\n", username); -- cgit v1.2.3