From 860a3ff6477db1004773742e019603032239991e Mon Sep 17 00:00:00 2001 From: Alexander Bokovoy Date: Mon, 9 Sep 2013 15:52:17 +0300 Subject: ipa-sam: do not leak LDAPMessage on ipa-sam initialization We used to handle some of code paths to free memory allocated by the LDAP library but there are few more unhandled. In addition, search result wasn't freed on successful initialization, leaking for long time. https://fedorahosted.org/freeipa/ticket/3913 --- daemons/ipa-sam/ipa_sam.c | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) (limited to 'daemons') diff --git a/daemons/ipa-sam/ipa_sam.c b/daemons/ipa-sam/ipa_sam.c index cf39bb91a..b4d1a32c4 100644 --- a/daemons/ipa-sam/ipa_sam.c +++ b/daemons/ipa-sam/ipa_sam.c @@ -4273,6 +4273,7 @@ static NTSTATUS pdb_init_ipasam(struct pdb_methods **pdb_method, if (ldap_state->ipasam_privates->flat_name == NULL) { DEBUG(0, ("Missing mandatory attribute %s.\n", LDAP_ATTRIBUTE_FLAT_NAME)); + ldap_msgfree(result); return NT_STATUS_INVALID_PARAMETER; } @@ -4280,8 +4281,9 @@ static NTSTATUS pdb_init_ipasam(struct pdb_methods **pdb_method, idmap_talloc_free, &ldap_state->ipasam_privates->idmap_ctx); if (err != IDMAP_SUCCESS) { - DEBUG(1, ("Failed to setup idmap context.\n")); - return NT_STATUS_UNSUCCESSFUL; + DEBUG(1, ("Failed to setup idmap context.\n")); + ldap_msgfree(result); + return NT_STATUS_UNSUCCESSFUL; } fallback_group_sid = get_fallback_group_sid(ldap_state, @@ -4290,6 +4292,7 @@ static NTSTATUS pdb_init_ipasam(struct pdb_methods **pdb_method, result); if (fallback_group_sid == NULL) { DEBUG(0, ("Cannot find SID of fallback group.\n")); + ldap_msgfree(result); return NT_STATUS_INVALID_PARAMETER; } sid_copy(&ldap_state->ipasam_privates->fallback_primary_group, @@ -4319,10 +4322,12 @@ static NTSTATUS pdb_init_ipasam(struct pdb_methods **pdb_method, status = save_sid_to_secret(ldap_state); if (!NT_STATUS_IS_OK(status)) { + ldap_msgfree(result); return status; } } + ldap_msgfree(result); (*pdb_method)->getsampwnam = ldapsam_getsampwnam; (*pdb_method)->search_users = ldapsam_search_users; (*pdb_method)->search_groups = ldapsam_search_groups; -- cgit