From 8173b8e375ea99d06773ea4de18fa2f32ddc1039 Mon Sep 17 00:00:00 2001 From: Martin Kosek Date: Thu, 13 Jan 2011 11:12:36 +0100 Subject: Potential memory leaks in ipa-pwd-extop This patch fixes several potential memory leaks in ipa-pwd-extop SLAPI plugin. Common function ipapwd_gen_hashes() now cleans after itself when it fails. Other changes are local and self-explanatory. https://fedorahosted.org/freeipa/ticket/715 --- daemons/ipa-slapi-plugins/ipa-pwd-extop/ipapwd_common.c | 11 +++++++++-- daemons/ipa-slapi-plugins/ipa-pwd-extop/ipapwd_encoding.c | 13 ++++++++++++- 2 files changed, 21 insertions(+), 3 deletions(-) (limited to 'daemons/ipa-slapi-plugins') diff --git a/daemons/ipa-slapi-plugins/ipa-pwd-extop/ipapwd_common.c b/daemons/ipa-slapi-plugins/ipa-pwd-extop/ipapwd_common.c index 2bc36c09e..3b5b3c8dc 100644 --- a/daemons/ipa-slapi-plugins/ipa-pwd-extop/ipapwd_common.c +++ b/daemons/ipa-slapi-plugins/ipa-pwd-extop/ipapwd_common.c @@ -74,12 +74,14 @@ static int new_ipapwd_encsalt(krb5_context krbctx, { struct ipapwd_encsalt *es; int nes, i; + int rc; for (i = 0; encsalts[i]; i++) /* count */ ; es = calloc(i + 1, sizeof(struct ipapwd_encsalt)); if (!es) { LOG_OOM(); - return LDAP_OPERATIONS_ERROR; + rc = LDAP_OPERATIONS_ERROR; + goto fail; } for (i = 0, nes = 0; encsalts[i]; i++) { @@ -93,7 +95,8 @@ static int new_ipapwd_encsalt(krb5_context krbctx, enc = strdup(encsalts[i]); if (!enc) { LOG_OOM(); - return LDAP_OPERATIONS_ERROR; + rc = LDAP_OPERATIONS_ERROR; + goto fail; } salt = strchr(enc, ':'); if (!salt) { @@ -133,6 +136,10 @@ static int new_ipapwd_encsalt(krb5_context krbctx, *num_es_types = nes; return LDAP_SUCCESS; + +fail: + free(es); + return rc; } static struct ipapwd_krbcfg *ipapwd_getConfig(void) diff --git a/daemons/ipa-slapi-plugins/ipa-pwd-extop/ipapwd_encoding.c b/daemons/ipa-slapi-plugins/ipa-pwd-extop/ipapwd_encoding.c index c19c5a566..129320340 100644 --- a/daemons/ipa-slapi-plugins/ipa-pwd-extop/ipapwd_encoding.c +++ b/daemons/ipa-slapi-plugins/ipa-pwd-extop/ipapwd_encoding.c @@ -280,7 +280,7 @@ static Slapi_Value **encrypt_encode_key(struct ipapwd_krbcfg *krbcfg, if (!krbPrincipalName) { *errMesg = "no krbPrincipalName present in this entry\n"; LOG_FATAL("%s", *errMesg); - return NULL; + goto enc_error; } krberr = krb5_parse_name(krbctx, krbPrincipalName, &princ); @@ -680,6 +680,7 @@ static int encode_ntlm_keys(char *newPasswd, ucs2Passwd = calloc(ol, 1); if (!ucs2Passwd) { ret = -1; + iconv_close(cd); goto done; } @@ -735,6 +736,11 @@ int ipapwd_gen_hashes(struct ipapwd_krbcfg *krbcfg, { int rc; + *svals = NULL; + *nthash = NULL; + *lmhash = NULL; + *errMesg = NULL; + if (is_krb) { *svals = encrypt_encode_key(krbcfg, data, errMesg); @@ -778,6 +784,11 @@ int ipapwd_gen_hashes(struct ipapwd_krbcfg *krbcfg, done: + /* when error, free possibly allocated output parameters */ + if (rc) { + ipapwd_free_slapi_value_array(svals); + } + return rc; } -- cgit