| commit | 614434f80352d76fb829250b847805dd4c86d293 | |
| author | Petr Písař <petr.pisar@atlas.cz> | |
| Sun, 14 Dec 2014 17:03:21 +0000 (14 18:03 +0100) | ||
| committer | Petr Písař <petr.pisar@atlas.cz> | |
| Sun, 14 Dec 2014 17:09:58 +0000 (14 18:09 +0100) | ||
| tree | 681f1837181dc5e7f68a362a62abfaf314e6fdd0 | treesnapshot (tar.gz zip) |
| parent | 559712d0e49b0271f722a3c86e39d3b636d44def | commitdiff |
Remove a use-after-free when parsing SOAP response
_isds_soap() returned a copy of an XML node list with content of the SOAP
Body element. However, the copy still linked to the original XML document
dictionary and the original XML document was deallocated before leaving
_isds_soap().
This patch changes the API of the internal _isds_soap() function to return
original XML document and a pointer to the content of the SOAP Body.
So the problem moves to the upper layer. Namely _isds() and _czp_czpdeposit().
I'm not sure the the two upper functions build a new XML document from the
SOAP Body content properly, maybe it introduces some memory leaks. It will
need reading libxml2 sources more thoroughly.
_isds_soap() returned a copy of an XML node list with content of the SOAP
Body element. However, the copy still linked to the original XML document
dictionary and the original XML document was deallocated before leaving
_isds_soap().
This patch changes the API of the internal _isds_soap() function to return
original XML document and a pointer to the content of the SOAP Body.
So the problem moves to the upper layer. Namely _isds() and _czp_czpdeposit().
I'm not sure the the two upper functions build a new XML document from the
SOAP Body content properly, maybe it introduces some memory leaks. It will
need reading libxml2 sources more thoroughly.
| src/isds.c | diffblobblamehistory | |
| src/soap.c | diffblobblamehistory | |
| src/soap.h | diffblobblamehistory | |
| src/validator.c | diffblobblamehistory |