Skip to content

Commit

Permalink
Merge pull request #142 from anarcat/CVE-2017-10788
Browse files Browse the repository at this point in the history 
Fix use-after-free after calling mysql_stmt_close()
  • Loading branch information
@mbeijen
mbeijen committed Sep 3, 2017
2 parents 7831fcc + 18e348b commit 79718cd
Show file tree
Hide file tree
Showing 2 changed files with 4 additions and 11 deletions.
8 changes: 2 additions & 6 deletions dbdimp.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4446,12 +4446,8 @@ void dbd_st_destroy(SV *sth, imp_sth_t *imp_sth) {

if (imp_sth->stmt)
{
if (mysql_stmt_close(imp_sth->stmt))
{
do_error(DBIc_PARENT_H(imp_sth), mysql_stmt_errno(imp_sth->stmt),
mysql_stmt_error(imp_sth->stmt),
mysql_stmt_sqlstate(imp_sth->stmt));
}
mysql_stmt_close(imp_sth->stmt);
imp_sth->stmt= NULL;
}
#endif

Expand Down
7 changes: 2 additions & 5 deletions mysql.xs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -416,11 +416,8 @@ do(dbh, statement, attr=Nullsv, ...)
if (bind)
Safefree(bind);

if(mysql_stmt_close(stmt))
{
fprintf(stderr, "\n failed while closing the statement");
fprintf(stderr, "\n %s", mysql_stmt_error(stmt));
}
mysql_stmt_close(stmt);
stmt= NULL;

if (retval == -2) /* -2 means error */
{
Expand Down

0 comments on commit 79718cd

Please sign in to comment.