From a95978111089e2963c39c84204a8482c9e9fcc65 Mon Sep 17 00:00:00 2001
From: Simo Sorce <ssorce@redhat.com>
Date: Wed, 19 Nov 2008 19:05:34 -0500
Subject: We must always zero out the target ientry unconditionally where it is
 used and never free it in the destructor.

---
 .../ipa-slapi-plugins/ipa-pwd-extop/ipa_pwd_extop.c  | 20 ++++++--------------
 1 file changed, 6 insertions(+), 14 deletions(-)

diff --git a/ipa-server/ipa-slapi-plugins/ipa-pwd-extop/ipa_pwd_extop.c b/ipa-server/ipa-slapi-plugins/ipa-pwd-extop/ipa_pwd_extop.c
index 627deecb3..5b62a23ad 100644
--- a/ipa-server/ipa-slapi-plugins/ipa-pwd-extop/ipa_pwd_extop.c
+++ b/ipa-server/ipa-slapi-plugins/ipa-pwd-extop/ipa_pwd_extop.c
@@ -3045,10 +3045,6 @@ static void ipapwd_op_ext_destructor(void *ext, void *object, void *parent)
     if (pwdop->pwd_op != IPAPWD_OP_NULL) {
         slapi_ch_free_string(&(pwdop->pwdata.dn));
         slapi_ch_free_string(&(pwdop->pwdata.password));
-
-        /* target should never be set, but just in case ... */
-        if (pwdop->pwdata.target)
-            slapi_entry_free(pwdop->pwdata.target);
     }
     slapi_ch_free((void **)&pwdop);
 }
@@ -3340,13 +3336,10 @@ static int ipapwd_pre_add(Slapi_PBlock *pb)
         }
     }
 
-    /* we do not know if the entry pointer will still be valid after the op
-     * make sure we do not reference it by mistake later on */
-    pwdop->pwdata.target = NULL;
-
     rc = LDAP_SUCCESS;
 
 done:
+    if (pwdop) pwdop->pwdata.target = NULL;
     free_ipapwd_krbcfg(&krbcfg);
     slapi_ch_free_string(&userpw);
     if (rc != LDAP_SUCCESS) {
@@ -3800,8 +3793,7 @@ static int ipapwd_post_op(Slapi_PBlock *pb)
     if (!gmtime_r(&(pwdop->pwdata.timeNow), &utctime)) {
         slapi_log_error(SLAPI_LOG_PLUGIN, IPAPWD_PLUGIN_NAME,
                         "failed to parse current date (buggy gmtime_r ?)\n");
-        slapi_mods_free(&smods);
-        return 0;
+        goto done;
     }
     strftime(timestr, GENERALIZED_TIME_LENGTH+1,
              "%Y%m%d%H%M%SZ", &utctime);
@@ -3812,8 +3804,7 @@ static int ipapwd_post_op(Slapi_PBlock *pb)
     if (!gmtime_r(&(pwdop->pwdata.expireTime), &utctime)) {
         slapi_log_error(SLAPI_LOG_PLUGIN, IPAPWD_PLUGIN_NAME,
                         "failed to parse expiration date (buggy gmtime_r ?)\n");
-        slapi_mods_free(&smods);
-        return 0;
+        goto done;
     }
     strftime(timestr, GENERALIZED_TIME_LENGTH+1,
              "%Y%m%d%H%M%SZ", &utctime);
@@ -3832,8 +3823,7 @@ static int ipapwd_post_op(Slapi_PBlock *pb)
             if (ret != LDAP_SUCCESS) {
                 slapi_log_error(SLAPI_LOG_PLUGIN, IPAPWD_PLUGIN_NAME,
                                 "Failed tpo retrieve entry?!?\n");
-                slapi_mods_free(&smods);
-                return 0;
+                goto done;
             }
         }
         pwvals = ipapwd_setPasswordHistory(smods, &pwdop->pwdata);
@@ -3848,6 +3838,8 @@ static int ipapwd_post_op(Slapi_PBlock *pb)
         slapi_log_error(SLAPI_LOG_PLUGIN, IPAPWD_PLUGIN_NAME,
            "Failed to set additional password attributes in the post-op!\n");
 
+done:
+    if (pwdop && pwdop->pwdata.target) slapi_entry_free(pwdop->pwdata.target);
     slapi_mods_free(&smods);
     return 0;
 }
-- 
cgit