ZoneMinder Forums

ZoneMinder Forums
https://forums.zoneminder.com/

Mysql_free_result () called twice to free same result

https://forums.zoneminder.com/viewtopic.php?t=30396

Page 1 of 1

Mysql_free_result () called twice to free same result

Posted: Fri Jan 15, 2021 1:14 pm
by Paranoid
The zmLoadUser function in zm_user.cpp has this section of code:

Code: Select all

  if ( mysql_num_rows(result) == 1 ) {
    MYSQL_ROW dbrow = mysql_fetch_row(result);
    User *user = new User(dbrow);
    mysql_free_result(result);

    if ( 
        (! password )  // relay type must be none
        ||
        verifyPassword(username, password, user->getPassword()) ) {
      Info("Authenticated user '%s'", user->getUsername());
      return user;
    } 
  }  // end if 1 result from db
  mysql_free_result(result);
If you use a valid username but an incorrect password then mysql_free_result() gets called twice. Once in the first if construct and again when the if finishes.
The code should be:

Code: Select all

  if ( mysql_num_rows(result) == 1 ) {
    MYSQL_ROW dbrow = mysql_fetch_row(result);
    User *user = new User(dbrow);

    if ( 
        (! password )  // relay type must be none
        ||
        verifyPassword(username, password, user->getPassword()) ) {
      mysql_free_result(result);
      Info("Authenticated user '%s'", user->getUsername());
      return user;
    } 
  }  // end if 1 result from db
  mysql_free_result(result);
All times are UTC
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited