From 1b523ba2a6bfba6974c9c909d6180590d16cc6bd Mon Sep 17 00:00:00 2001

From: Sumit Bose <sbose@redhat.com>

Date: Mon, 23 Nov 2020 13:40:30 +0100

Subject: [PATCH] fp: fix original fix use-after-free - 1.16 version

This should have been a cherry-pick of

3b158934cbb8f87cbfaf1650389b8dcd654b92ca but the cherry-pick of the

original patch was broken and placed the change into a different function.

This patch fixes this by directly placing the change at the right place.

Resolves:

https://github.com/SSSD/sssd/issues/5382

Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>

---

 src/responder/ifp/ifpsrv_cmd.c | 4 ++--

 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/responder/ifp/ifpsrv_cmd.c b/src/responder/ifp/ifpsrv_cmd.c

index d83600681..620afe86a 100644

--- a/src/responder/ifp/ifpsrv_cmd.c

+++ b/src/responder/ifp/ifpsrv_cmd.c

@@ -124,7 +124,6 @@ ifp_user_get_attr_unpack_msg(struct ifp_attr_req *attr_req)

     if (attr_req->attrs == NULL) {

         return ENOMEM;

     }

-    fqdn = talloc_steal(state, fqdn);

     ai = 0;

     for (i = 0; i < nattrs; i++) {

@@ -576,7 +575,8 @@ static void ifp_user_get_attr_done(struct tevent_req *subreq)

     }

     if (state->search_type == SSS_DP_USER) {

-        /* throw away the result and perform attr search */

+        /* throw away the result but keep the fqdn and perform attr search */

+        fqdn = talloc_steal(state, fqdn);

         talloc_zfree(state->res);

         ret = sysdb_get_user_attr_with_views(state, state->dom, fqdn,

-- 

2.21.3