diff options
| author | Michael Adam <obnox@samba.org> | 2009-11-10 00:32:17 +0100 | 
|---|---|---|
| committer | Michael Adam <obnox@samba.org> | 2009-11-10 00:37:57 +0100 | 
| commit | 4292fe7795cb3abfabb7196783779794c97ceb5c (patch) | |
| tree | 159355c8ce6b7c6eb43d91e6c2a8f7e727f2c03d /data/templates/debug.html | |
| parent | 2b73e2183f2a31b4c267fe5991747c8cd55b8b2d (diff) | |
| download | tinyproxy-4292fe7795cb3abfabb7196783779794c97ceb5c.tar.gz tinyproxy-4292fe7795cb3abfabb7196783779794c97ceb5c.zip | |
Fix a segfault in insert_acl and checks against string-type acls
The "address" member of struct acl_s is a union of a char *
and the numeric ip. So freeing the string after appending it to the
vector list is bad in two respects:
1. If the acl type was numeric, then this could (and would)
   lead to a segfault due to the numeric IP data interpreted
   as pointer to the string to be freed.
2. If the acl type was string, then the acl inserted into the
   list contained a reference to this address string that
   was freed. So in the worst case dereferencing this freed
   string could segfault, or at least this could lead to
   unexpectedly failing acl checks.
Michael
Diffstat (limited to '')
0 files changed, 0 insertions, 0 deletions
