diff options
| -rw-r--r-- | ldap/servers/plugins/replication/repl5_total.c | 5 | ||||
| -rw-r--r-- | ldap/servers/plugins/replication/repl_controls.c | 8 | ||||
| -rw-r--r-- | ldap/servers/plugins/replication/repl_extop.c | 3 | ||||
| -rw-r--r-- | ldap/servers/plugins/replication/windows_protocol_util.c | 6 | ||||
| -rw-r--r-- | ldap/servers/plugins/views/views.c | 7 | ||||
| -rw-r--r-- | ldap/servers/slapd/add.c | 11 | ||||
| -rw-r--r-- | ldap/servers/slapd/attr.c | 2 | ||||
| -rw-r--r-- | ldap/servers/slapd/ava.c | 4 | ||||
| -rw-r--r-- | ldap/servers/slapd/back-ldbm/dn2entry.c | 118 | ||||
| -rw-r--r-- | ldap/servers/slapd/back-ldbm/import-threads.c | 8 | ||||
| -rw-r--r-- | ldap/servers/slapd/back-ldbm/sort.c | 1 | ||||
| -rw-r--r-- | ldap/servers/slapd/bind.c | 3 | ||||
| -rw-r--r-- | ldap/servers/slapd/compare.c | 14 | ||||
| -rw-r--r-- | ldap/servers/slapd/delete.c | 4 | ||||
| -rw-r--r-- | ldap/servers/slapd/dn.c | 46 | ||||
| -rw-r--r-- | ldap/servers/slapd/filter.c | 11 | ||||
| -rw-r--r-- | ldap/servers/slapd/modify.c | 7 | ||||
| -rw-r--r-- | ldap/servers/slapd/modrdn.c | 8 | ||||
| -rw-r--r-- | ldap/servers/slapd/passwd_extop.c | 20 | ||||
| -rw-r--r-- | ldap/servers/slapd/slapi-plugin.h | 1 |
20 files changed, 185 insertions, 102 deletions
diff --git a/ldap/servers/plugins/replication/repl5_total.c b/ldap/servers/plugins/replication/repl5_total.c index 65d719e4..a5cab31d 100644 --- a/ldap/servers/plugins/replication/repl5_total.c +++ b/ldap/servers/plugins/replication/repl5_total.c @@ -585,7 +585,7 @@ my_ber_scanf_attr (BerElement *ber, Slapi_Attr **attr, PRBool *deleted) char *lasti; unsigned long len; unsigned long tag; - char *str; + char *str = NULL; int rc; Slapi_Value *value; @@ -685,6 +685,9 @@ loser: if (value) slapi_value_free (&value); + slapi_ch_free_string(&attrtype); + slapi_ch_free_string(&str); + return -1; } diff --git a/ldap/servers/plugins/replication/repl_controls.c b/ldap/servers/plugins/replication/repl_controls.c index 51e9900c..2cf0f928 100644 --- a/ldap/servers/plugins/replication/repl_controls.c +++ b/ldap/servers/plugins/replication/repl_controls.c @@ -349,15 +349,15 @@ add_repl_control_mods( Slapi_PBlock *pb, Slapi_Mods *smods ) emtag != LBER_ERROR && emtag != LBER_END_OF_SEQORSET; emtag = ber_next_element( ember, &emlen, emlast )) { - struct berval **embvals; - if ( ber_scanf( ember, "{i{a[V]}}", &op, &type, &embvals ) == LBER_ERROR ) + struct berval **embvals = NULL; + type = NULL; + if ( ber_scanf( ember, "{i{a[V]}}", &op, &type, &embvals ) != LBER_ERROR ) { - continue; + slapi_mods_add_modbvps( smods, op, type, embvals); /* GGOODREPL I suspect this will cause two sets of lastmods attr values to end up in the entry. We need to remove the old ones. */ } - slapi_mods_add_modbvps( smods, op, type, embvals); free( type ); ber_bvecfree( embvals ); } diff --git a/ldap/servers/plugins/replication/repl_extop.c b/ldap/servers/plugins/replication/repl_extop.c index 22b829f7..132657ab 100644 --- a/ldap/servers/plugins/replication/repl_extop.c +++ b/ldap/servers/plugins/replication/repl_extop.c @@ -384,7 +384,8 @@ free_and_return: /* slapi_ch_free accepts NULL pointer */ slapi_ch_free ((void**)protocol_oid); slapi_ch_free ((void**)repl_root); - slapi_ch_free ((void **)extra_referrals); + slapi_ch_array_free (*extra_referrals); + *extra_referrals = NULL; slapi_ch_free ((void**)csnstr); if (*supplier_ruv) diff --git a/ldap/servers/plugins/replication/windows_protocol_util.c b/ldap/servers/plugins/replication/windows_protocol_util.c index 497d5da7..e3227f89 100644 --- a/ldap/servers/plugins/replication/windows_protocol_util.c +++ b/ldap/servers/plugins/replication/windows_protocol_util.c @@ -1570,11 +1570,12 @@ is_tombstone(Slapi_Entry *e) { int retval = 0; - char *string_deleted = "(isdeleted=*)"; + char *string_deleted = slapi_ch_strdup("(isdeleted=*)"); /* DBDB: we should allocate these filters once and keep them around for better performance */ Slapi_Filter *filter_deleted = slapi_str2filter( string_deleted ); + slapi_ch_free_string(&string_deleted); /* DBDB: this should be one filter, the code originally tested separately and hasn't been fixed yet */ if ( (slapi_filter_test_simple( e, filter_deleted ) == 0) ) { @@ -2251,9 +2252,10 @@ is_subject_of_agreemeent_local(const Slapi_Entry *local_entry, const Repl_Agmt * /* Next test for the correct kind of entry */ if (local_entry) { /* DBDB: we should allocate these filters once and keep them around for better performance */ - char *string_filter = "(&(|(objectclass=ntuser)(objectclass=ntgroup))(ntUserDomainId=*))"; + char *string_filter = slapi_ch_strdup("(&(|(objectclass=ntuser)(objectclass=ntgroup))(ntUserDomainId=*))"); Slapi_Filter *filter = slapi_str2filter( string_filter ); + slapi_ch_free_string(&string_filter); if (slapi_filter_test_simple( (Slapi_Entry*)local_entry, filter ) == 0) { retval = 1; diff --git a/ldap/servers/plugins/views/views.c b/ldap/servers/plugins/views/views.c index d5c7e69e..6d3fddfc 100644 --- a/ldap/servers/plugins/views/views.c +++ b/ldap/servers/plugins/views/views.c @@ -735,6 +735,7 @@ static void views_cache_create_applied_filter(viewEntry *pView) Slapi_Filter *pCurrentFilter = 0; Slapi_Filter *pBuiltFilter = 0; Slapi_Filter *pViewEntryExcludeFilter = 0; + char *excludeFilter; if(pView->includeAncestorFiltersFilter) { @@ -769,7 +770,11 @@ static void views_cache_create_applied_filter(viewEntry *pView) } /* filter for removing view entries from search */ - pViewEntryExcludeFilter = slapi_str2filter( "(!(objectclass=" VIEW_OBJECTCLASS "))" ); + /* richm - slapi_str2filter _writes_ to it's argument, so we have to pass in + some writeable memory, or core dump, do not pass go */ + excludeFilter = slapi_ch_strdup("(!(objectclass=" VIEW_OBJECTCLASS "))"); + pViewEntryExcludeFilter = slapi_str2filter( excludeFilter ); + slapi_ch_free_string(&excludeFilter); if(pBuiltFilter) pView->includeAncestorFiltersFilter = slapi_filter_join_ex( LDAP_FILTER_AND, pBuiltFilter, pViewEntryExcludeFilter, 0 ); diff --git a/ldap/servers/slapd/add.c b/ldap/servers/slapd/add.c index bdae324a..d8bfe328 100644 --- a/ldap/servers/slapd/add.c +++ b/ldap/servers/slapd/add.c @@ -102,8 +102,9 @@ do_add( Slapi_PBlock *pb ) */ /* get the name */ { - char *dn; + char *dn = NULL; if ( ber_scanf( ber, "{a", &dn ) == LBER_ERROR ) { + slapi_ch_free_string(&dn); LDAPDebug( LDAP_DEBUG_ANY, "ber_scanf failed (op=Add; params=DN)\n", 0, 0, 0 ); op_shared_log_error_access (pb, "ADD", "???", "decoding error"); @@ -121,11 +122,13 @@ do_add( Slapi_PBlock *pb ) tag != LBER_DEFAULT && tag != LBER_END_OF_SEQORSET; tag = ber_next_element( ber, &len, last ) ) { char *type = NULL, *normtype = NULL; - struct berval **vals; + struct berval **vals = NULL; if ( ber_scanf( ber, "{a{V}}", &type, &vals ) == LBER_ERROR ) { op_shared_log_error_access (pb, "ADD", slapi_sdn_get_dn (slapi_entry_get_sdn_const(e)), "decoding error"); send_ldap_result( pb, LDAP_PROTOCOL_ERROR, NULL, "decoding error", 0, NULL ); + slapi_ch_free_string(&type); + ber_bvecfree( vals ); goto free_and_return; } @@ -134,7 +137,7 @@ do_add( Slapi_PBlock *pb ) op_shared_log_error_access (pb, "ADD", slapi_sdn_get_dn (slapi_entry_get_sdn_const(e)), "null value"); send_ldap_result( pb, LDAP_PROTOCOL_ERROR, NULL, NULL, 0, NULL ); - free( type ); + slapi_ch_free_string(&type); goto free_and_return; } @@ -144,7 +147,7 @@ do_add( Slapi_PBlock *pb ) PR_snprintf (ebuf, BUFSIZ, "invalid type '%s'", type); op_shared_log_error_access (pb, "ADD", slapi_sdn_get_dn (slapi_entry_get_sdn_const(e)), ebuf); send_ldap_result( pb, rc, NULL, ebuf, 0, NULL ); - free( type ); + slapi_ch_free_string(&type); slapi_ch_free( (void**)&normtype ); ber_bvecfree( vals ); goto free_and_return; diff --git a/ldap/servers/slapd/attr.c b/ldap/servers/slapd/attr.c index 053cfa6d..60dea0a2 100644 --- a/ldap/servers/slapd/attr.c +++ b/ldap/servers/slapd/attr.c @@ -112,7 +112,7 @@ slapi_attr_type_cmp( const char *a1, const char *a2, int opt ) switch ( opt ) { case SLAPI_TYPE_CMP_EXACT: /* compare base name + options as given */ - rc = strcmp( a1, a2 ); + rc = strcasecmp( a1, a2 ); break; case SLAPI_TYPE_CMP_BASE: /* ignore options on both names - compare base names only */ diff --git a/ldap/servers/slapd/ava.c b/ldap/servers/slapd/ava.c index a1974db8..7ea35f0a 100644 --- a/ldap/servers/slapd/ava.c +++ b/ldap/servers/slapd/ava.c @@ -53,10 +53,12 @@ get_ava( struct ava *ava ) { - char *type; + char *type = NULL; if ( ber_scanf( ber, "{ao}", &type, &ava->ava_value ) == LBER_ERROR ) { + slapi_ch_free_string(&type); + ava_done(ava); LDAPDebug( LDAP_DEBUG_ANY, " get_ava ber_scanf\n", 0, 0, 0 ); return( LDAP_PROTOCOL_ERROR ); } diff --git a/ldap/servers/slapd/back-ldbm/dn2entry.c b/ldap/servers/slapd/back-ldbm/dn2entry.c index 92bf30db..ce9df447 100644 --- a/ldap/servers/slapd/back-ldbm/dn2entry.c +++ b/ldap/servers/slapd/back-ldbm/dn2entry.c @@ -109,58 +109,12 @@ dn2entry( } /* - * dn2entry_or_ancestor - look up dn in the cache/indexes and return the - * corresponding entry. If the entry is not found, this function returns NULL - * and sets ancestordn to the DN of highest entry in the tree matched. - * - * ancestordn should be initialized before calling this function. - * - * When the caller is finished with the entry returned, it should return it - * to the cache: - * e = dn2entry_or_ancestor( ... ); - * if ( NULL != e ) { - * cache_return( &inst->inst_cache, &e ); - * } - */ -struct backentry * -dn2entry_or_ancestor( - Slapi_Backend *be, - const Slapi_DN *sdn, - Slapi_DN *ancestordn, - back_txn *txn, - int *err -) -{ - struct backentry *e; - - LDAPDebug( LDAP_DEBUG_TRACE, "=> dn2entry_or_ancestor \"%s\"\n", slapi_sdn_get_dn(sdn), 0, 0 ); - - /* - * Fetch the entry asked for. - */ - - e= dn2entry(be,sdn,txn,err); - - if(e==NULL) - { - /* - * could not find the entry named. crawl back up the dn and - * stop at the first ancestor that does exist, or when we get - * to the suffix. - */ - e= dn2ancestor(be,sdn,ancestordn,txn,err); - } - - LDAPDebug( LDAP_DEBUG_TRACE, "<= dn2entry_or_ancestor %p\n", e, 0, 0 ); - return( e ); -} - -/* * Use the DN to fetch the parent of the entry. * If the parent entry doesn't exist, keep working * up the DN until we hit "" or an backend suffix. * - * ancestordn should be initialized before calling this function. + * ancestordn should be initialized before calling this function, and + * should be empty * * Returns NULL for no entry found. * @@ -184,18 +138,64 @@ dn2ancestor( LDAPDebug( LDAP_DEBUG_TRACE, "=> dn2ancestor \"%s\"\n", slapi_sdn_get_dn(sdn), 0, 0 ); - /* stop when we get to "", or a backend suffix point */ - slapi_sdn_done(ancestordn); /* free any previous contents */ - slapi_sdn_get_backend_parent(sdn,ancestordn,be); - if ( !slapi_sdn_isempty(ancestordn) ) - { - Slapi_DN *newsdn = slapi_sdn_dup(ancestordn); - e = dn2entry_or_ancestor( be, newsdn, ancestordn, txn, err ); - slapi_sdn_free(&newsdn); - } + /* first, check to see if the given sdn is empty or a root suffix of the + given backend - if so, it has no parent */ + if (!slapi_sdn_isempty(sdn) && !slapi_be_issuffix( be, sdn )) { + Slapi_DN ancestorndn; + const char *ptr; - LDAPDebug( LDAP_DEBUG_TRACE, "<= dn2ancestor %p\n", e, 0, 0 ); - return( e ); + /* assign ancestordn to the parent of the given dn - ancestordn will contain + the "raw" unnormalized DN from the caller, so we can give back the DN + in the same format as we received it */ + ptr = slapi_dn_find_parent(slapi_sdn_get_dn(sdn)); + /* assign the ancestordn dn pointer to the parent of dn from sdn - sdn "owns" + the memory, but ancestordn points to it */ + slapi_sdn_set_dn_byref(ancestordn, ptr); /* free any previous contents */ + /* now, do the same for the normalized version */ + /* ancestorndn holds the normalized version for iteration purposes and + because dn2entry needs the normalized dn */ + ptr = slapi_dn_find_parent(slapi_sdn_get_ndn(sdn)); + slapi_sdn_init_ndn_byref(&ancestorndn, ptr); + + /* + At this point you may be wondering why I need both ancestorndn and + ancestordn. Because, with the slapi_sdn interface, you cannot set both + the dn and ndn byref at the same time. Whenever you call set_dn or set_ndn, + it calls slapi_sdn_done which wipes out the previous contents. I suppose I + could have added another API to allow you to pass them both in. Also, using + slapi_sdn_get_ndn(ancestordn) every time would result in making a copy then + normalizing the copy every time - not efficient. + So, why not just use a char* for the ancestorndn? Because dn2entry requires + a Slapi_DN with the normalized dn. + */ + + /* stop when we get to "", or a backend suffix point */ + while (!e && !slapi_sdn_isempty(&ancestorndn) && !slapi_be_issuffix( be, &ancestorndn )) { + /* find the entry - it uses the ndn, so no further conversion is necessary */ + e= dn2entry(be,&ancestorndn,txn,err); + if (!e) { + /* not found, so set ancestordn to its parent and try again */ + ptr = slapi_dn_find_parent(slapi_sdn_get_ndn(&ancestorndn)); + /* keep in mind that ptr points to the raw ndn pointer inside + ancestorndn which is still the ndn string "owned" by sdn, the + original dn we started with - we are careful not to touch + or change it */ + slapi_sdn_set_ndn_byref(&ancestorndn, ptr); /* wipe out the previous contents */ + /* now do the same for the unnormalized one */ + ptr = slapi_dn_find_parent(slapi_sdn_get_dn(ancestordn)); + slapi_sdn_set_dn_byref(ancestordn, ptr); /* wipe out the previous contents */ + } + } + + slapi_sdn_done(&ancestorndn); + } + + /* post conditions: + e is the entry of the ancestor of sdn OR e is the suffix entry + OR e is NULL + ancestordn contains the unnormalized DN of e or is empty */ + LDAPDebug( LDAP_DEBUG_TRACE, "<= dn2ancestor %p\n", e, 0, 0 ); + return( e ); } /* diff --git a/ldap/servers/slapd/back-ldbm/import-threads.c b/ldap/servers/slapd/back-ldbm/import-threads.c index 0543e6be..74c6db17 100644 --- a/ldap/servers/slapd/back-ldbm/import-threads.c +++ b/ldap/servers/slapd/back-ldbm/import-threads.c @@ -986,7 +986,7 @@ void import_foreman(void *param) int ret = 0; struct attrinfo *parentid_ai; Slapi_PBlock *pb = slapi_pblock_new(); - int shift = 0; + int shift = 0; PR_ASSERT(info != NULL); PR_ASSERT(inst != NULL); @@ -1030,8 +1030,8 @@ void import_foreman(void *param) /* Read that entry from the cache */ fi = import_fifo_fetch(job, id, 0, shift); if (! fi) { - import_log_notice(job, "WARNING: entry id %d is missing"); - shift++; + import_log_notice(job, "WARNING: entry id %d is missing", id); + shift++; continue; } @@ -1052,7 +1052,7 @@ void import_foreman(void *param) */ if (job->flags & FLAG_ABORT) { goto error; - } + } if (parent_status == IMPORT_ADD_OP_ATTRS_NO_PARENT) { /* If this entry is a suffix entry, this is not a problem */ diff --git a/ldap/servers/slapd/back-ldbm/sort.c b/ldap/servers/slapd/back-ldbm/sort.c index 07de9e14..13e72d3a 100644 --- a/ldap/servers/slapd/back-ldbm/sort.c +++ b/ldap/servers/slapd/back-ldbm/sort.c @@ -384,6 +384,7 @@ int parse_sort_spec(struct berval *sort_spec_ber, sort_spec **ps) return_value = ber_scanf(ber,"a",&rtype); if (LBER_ERROR == return_value) { + slapi_ch_free_string(&rtype); rc = LDAP_PROTOCOL_ERROR; goto err; } diff --git a/ldap/servers/slapd/bind.c b/ldap/servers/slapd/bind.c index df8f816a..c20d5082 100644 --- a/ldap/servers/slapd/bind.c +++ b/ldap/servers/slapd/bind.c @@ -111,7 +111,7 @@ do_bind( Slapi_PBlock *pb ) long ber_version = -1; int auth_response_requested = 0; int pw_response_requested = 0; - char *dn, *saslmech = NULL; + char *dn = NULL, *saslmech = NULL; struct berval cred = {0}; Slapi_Backend *be = NULL; unsigned long rc; @@ -154,6 +154,7 @@ do_bind( Slapi_PBlock *pb ) log_bind_access (pb, "???", method, version, saslmech, "decoding error"); send_ldap_result( pb, LDAP_PROTOCOL_ERROR, NULL, "decoding error", 0, NULL ); + slapi_ch_free_string(&dn); return; } diff --git a/ldap/servers/slapd/compare.c b/ldap/servers/slapd/compare.c index e14dc490..8bd2f549 100644 --- a/ldap/servers/slapd/compare.c +++ b/ldap/servers/slapd/compare.c @@ -60,13 +60,13 @@ void do_compare( Slapi_PBlock *pb ) { BerElement *ber = pb->pb_op->o_ber; - char *dn; - struct ava ava; + char *dn = NULL; + struct ava ava = {0}; Slapi_Backend *be = NULL; int err; char ebuf[ BUFSIZ ]; Slapi_DN sdn; - Slapi_Entry *referral; + Slapi_Entry *referral = NULL; char errorbuf[BUFSIZ]; LDAPDebug( LDAP_DEBUG_TRACE, "do_compare\n", 0, 0, 0 ); @@ -74,6 +74,9 @@ do_compare( Slapi_PBlock *pb ) /* count the compare request */ PR_AtomicIncrement(g_get_global_snmp_vars()->ops_tbl.dsCompareOps); + /* have to init this here so we can "done" it below if we short circuit */ + slapi_sdn_init(&sdn); + /* * Parse the compare request. It looks like this: * @@ -86,7 +89,6 @@ do_compare( Slapi_PBlock *pb ) * } */ - if ( ber_scanf( ber, "{a{ao}}", &dn, &ava.ava_type, &ava.ava_value ) == LBER_ERROR ) { LDAPDebug( LDAP_DEBUG_ANY, @@ -94,7 +96,7 @@ do_compare( Slapi_PBlock *pb ) 0, 0, 0 ); send_ldap_result( pb, LDAP_PROTOCOL_ERROR, NULL, NULL, 0, NULL ); - return; + goto free_and_return; } /* * in LDAPv3 there can be optional control extensions on @@ -106,6 +108,7 @@ do_compare( Slapi_PBlock *pb ) goto free_and_return; } slapi_sdn_init_dn_passin(&sdn,dn); + dn = NULL; /* do not free - sdn owns it now */ /* target spec is used to decide which plugins are applicable for the operation */ operation_set_target_spec (pb->pb_op, &sdn); @@ -181,5 +184,6 @@ free_and_return:; if (be) slapi_be_Unlock(be); slapi_sdn_done(&sdn); + slapi_ch_free_string(&dn); ava_done( &ava ); } diff --git a/ldap/servers/slapd/delete.c b/ldap/servers/slapd/delete.c index 44db6463..0e590957 100644 --- a/ldap/servers/slapd/delete.c +++ b/ldap/servers/slapd/delete.c @@ -66,7 +66,7 @@ do_delete( Slapi_PBlock *pb ) { Slapi_Operation *operation; BerElement *ber; - char *dn; + char *dn = NULL; int err; LDAPDebug( LDAP_DEBUG_TRACE, "do_delete\n", 0, 0, 0 ); @@ -89,7 +89,7 @@ do_delete( Slapi_PBlock *pb ) op_shared_log_error_access (pb, "DEL", "???", "decoding error"); send_ldap_result( pb, LDAP_PROTOCOL_ERROR, NULL, NULL, 0, NULL ); - return; + goto free_and_return; } /* diff --git a/ldap/servers/slapd/dn.c b/ldap/servers/slapd/dn.c index eba02fad..90e2f6dd 100644 --- a/ldap/servers/slapd/dn.c +++ b/ldap/servers/slapd/dn.c @@ -593,8 +593,26 @@ slapi_dn_beparent( return r; } -char* -slapi_dn_parent( const char *dn ) +/* + * This function is used for speed. Instead of returning a newly allocated + * dn string that contains the parent, this function just returns a pointer + * to the address _within_ the given string where the parent dn of the + * given dn starts e.g. if you call this with "dc=example,dc=com", the + * function will return "dc=com" - that is, the char* returned will be the + * address of the 'd' after the ',' in "dc=example,dc=com". This function + * also checks for bogus things like consecutive ocurrances of unquoted + * separators e.g. DNs like cn=foo,,,,,,,,,,,cn=bar,,,,,,, + * This function is useful for "interating" over a DN returning the ancestors + * of the given dn e.g. + * + * const char *dn = somedn; + * while (dn = slapi_dn_find_parent(dn)) { + * see if parent exists + * etc. + * } + */ +const char* +slapi_dn_find_parent( const char *dn ) { const char *s; int inquote; @@ -621,14 +639,34 @@ slapi_dn_parent( const char *dn ) } else { if ( *s == '"' ) inquote = 1; - else if ( DNSEPARATOR( *s ) ) - return( slapi_ch_strdup( s + 1 ) ); + else { + if ( DNSEPARATOR( *s ) ) { + while ( *s && DNSEPARATOR( *s ) ) { + ++s; + } + if (*s) { + return( s ); + } + } + } } } return( NULL ); } +char* +slapi_dn_parent( const char *dn ) +{ + const char *s = slapi_dn_find_parent(dn); + + if ( s == NULL || *s == '\0' ) { + return( NULL ); + } + + return( slapi_ch_strdup( s ) ); +} + /* * slapi_dn_issuffix - tells whether suffix is a suffix of dn. both dn * and suffix must be normalized. diff --git a/ldap/servers/slapd/filter.c b/ldap/servers/slapd/filter.c index cd2c774a..eb2a4056 100644 --- a/ldap/servers/slapd/filter.c +++ b/ldap/servers/slapd/filter.c @@ -175,7 +175,7 @@ get_filter_internal( Connection *conn, BerElement *ber, unsigned long len; int err; struct slapi_filter *f; - char *ftmp, *type; + char *ftmp, *type = NULL; LDAPDebug( LDAP_DEBUG_FILTER, "=> get_filter_internal\n", 0, 0, 0 ); @@ -293,6 +293,7 @@ get_filter_internal( Connection *conn, BerElement *ber, case LDAP_FILTER_PRESENT: LDAPDebug( LDAP_DEBUG_FILTER, "PRESENT\n", 0, 0, 0 ); if ( ber_scanf( ber, "a", &type ) == LBER_ERROR ) { + slapi_ch_free_string(&type); err = LDAP_PROTOCOL_ERROR; } else { err = LDAP_SUCCESS; @@ -440,12 +441,13 @@ get_substring_filter( ) { unsigned long tag, len, rc; - char *val, *last, *type; + char *val, *last, *type = NULL; char ebuf[BUFSIZ]; LDAPDebug( LDAP_DEBUG_FILTER, "=> get_substring_filter\n", 0, 0, 0 ); if ( ber_scanf( ber, "{a", &type ) == LBER_ERROR ) { + slapi_ch_free_string(&type); return( LDAP_PROTOCOL_ERROR ); } f->f_sub_type = slapi_attr_syntax_normalize( type ); @@ -460,8 +462,10 @@ get_substring_filter( tag != LBER_ERROR && tag != LBER_END_OF_SEQORSET; tag = ber_next_element( ber, &len, last ) ) { + val = NULL; rc = ber_scanf( ber, "a", &val ); if ( rc == LBER_ERROR ) { + slapi_ch_free_string(&val); return( LDAP_PROTOCOL_ERROR ); } if ( val == NULL || *val == '\0' ) { @@ -573,8 +577,9 @@ get_extensible_filter( BerElement *ber, mr_filter_t* mrf ) } } { - char* type; + char* type = NULL; if (ber_scanf( ber, "a", &type ) == LBER_ERROR) { + slapi_ch_free_string (&type); rc = LDAP_PROTOCOL_ERROR; } else { mrf->mrf_type = slapi_attr_syntax_normalize(type); diff --git a/ldap/servers/slapd/modify.c b/ldap/servers/slapd/modify.c index 42a1e154..ef4a37ee 100644 --- a/ldap/servers/slapd/modify.c +++ b/ldap/servers/slapd/modify.c @@ -114,7 +114,7 @@ do_modify( Slapi_PBlock *pb ) { Slapi_Operation *operation; BerElement *ber; - char *last, *type; + char *last, *type = NULL; unsigned long tag, len; LDAPMod *mod; LDAPMod **mods; @@ -124,7 +124,7 @@ do_modify( Slapi_PBlock *pb ) int ignored_some_mods = 0; int has_password_mod = 0; /* number of password mods */ char *old_pw = NULL; /* remember the old password */ - char *dn; + char *dn = NULL; LDAPDebug( LDAP_DEBUG_TRACE, "do_modify\n", 0, 0, 0 ); @@ -161,6 +161,7 @@ do_modify( Slapi_PBlock *pb ) op_shared_log_error_access (pb, "MOD", "???", "decoding error"); send_ldap_result( pb, LDAP_PROTOCOL_ERROR, NULL, NULL, 0, NULL ); + slapi_ch_free_string(&dn); return; } } @@ -186,7 +187,9 @@ do_modify( Slapi_PBlock *pb ) op_shared_log_error_access (pb, "MOD", dn, "decoding error"); send_ldap_result( pb, LDAP_PROTOCOL_ERROR, NULL, "decoding error", 0, NULL ); + ber_bvecfree(mod->mod_bvalues); slapi_ch_free((void **)&mod); + slapi_ch_free_string(&type); goto free_and_return; } mod->mod_op = long_mod_op; diff --git a/ldap/servers/slapd/modrdn.c b/ldap/servers/slapd/modrdn.c index 1f53a641..64ccccf4 100644 --- a/ldap/servers/slapd/modrdn.c +++ b/ldap/servers/slapd/modrdn.c @@ -66,10 +66,10 @@ do_modrdn( Slapi_PBlock *pb ) { Slapi_Operation *operation; BerElement *ber; - char *dn, *newsuperior = NULL; + char *dn = NULL, *newsuperior = NULL; char *newrdn = NULL; - int err, deloldrdn; - unsigned long len; + int err = 0, deloldrdn = 0; + unsigned long len = 0; LDAPDebug( LDAP_DEBUG_TRACE, "do_modrdn\n", 0, 0, 0 ); @@ -99,7 +99,7 @@ do_modrdn( Slapi_PBlock *pb ) send_ldap_result( pb, LDAP_PROTOCOL_ERROR, NULL, "unable to decode DN, newRDN, or deleteOldRDN parameters", 0, NULL ); - return; + goto free_and_return; } if ( ber_peek_tag( ber, &len ) == LDAP_TAG_NEWSUPERIOR ) { diff --git a/ldap/servers/slapd/passwd_extop.c b/ldap/servers/slapd/passwd_extop.c index 4455c158..06e01fc8 100644 --- a/ldap/servers/slapd/passwd_extop.c +++ b/ldap/servers/slapd/passwd_extop.c @@ -201,6 +201,7 @@ passwd_modify_extop( Slapi_PBlock *pb ) { char *oid = NULL; char *bindDN = NULL; + char *authmethod = NULL; char *dn = NULL; char *oldPasswd = NULL; char *newPasswd = NULL; @@ -297,6 +298,7 @@ passwd_modify_extop( Slapi_PBlock *pb ) { if ( ber_scanf( ber, "a", &dn) == LBER_ERROR ) { + slapi_ch_free_string(&dn); LDAPDebug( LDAP_DEBUG_ANY, "ber_scanf failed :{\n", 0, 0, 0 ); errMesg = "ber_scanf failed at userID parse.\n"; @@ -313,6 +315,7 @@ passwd_modify_extop( Slapi_PBlock *pb ) { if ( ber_scanf( ber, "a", &oldPasswd ) == LBER_ERROR ) { + slapi_ch_free_string(&oldPasswd); LDAPDebug( LDAP_DEBUG_ANY, "ber_scanf failed :{\n", 0, 0, 0 ); errMesg = "ber_scanf failed at oldPasswd parse.\n"; @@ -331,6 +334,7 @@ passwd_modify_extop( Slapi_PBlock *pb ) { if ( ber_scanf( ber, "a", &newPasswd ) == LBER_ERROR ) { + slapi_ch_free_string(&newPasswd); LDAPDebug( LDAP_DEBUG_ANY, "ber_scanf failed :{\n", 0, 0, 0 ); errMesg = "ber_scanf failed at newPasswd parse.\n"; @@ -379,7 +383,7 @@ passwd_modify_extop( Slapi_PBlock *pb ) /* Did they give us a DN ? */ if (dn == NULL || *dn == '\0') { /* Get the DN from the bind identity on this connection */ - dn = bindDN; + dn = slapi_ch_strdup(bindDN); LDAPDebug( LDAP_DEBUG_ANY, "Missing userIdentity in request, using the bind DN instead.\n", 0, 0, 0 ); @@ -455,7 +459,17 @@ passwd_modify_extop( Slapi_PBlock *pb ) /* Free anything that we allocated above */ free_and_return: - + + slapi_ch_free_string(&oldPasswd); + slapi_ch_free_string(&newPasswd); + /* Either this is the same pointer that we allocated and set above, + or whoever used it should have freed it and allocated a new + value that we need to free here */ + slapi_pblock_get( pb, SLAPI_ORIGINAL_TARGET, &dn ); + slapi_ch_free_string(&dn); + slapi_pblock_set( pb, SLAPI_ORIGINAL_TARGET, NULL ); + slapi_ch_free_string(&authmethod); + if ( targetEntry != NULL ){ slapi_entry_free (targetEntry); } @@ -467,7 +481,7 @@ passwd_modify_extop( Slapi_PBlock *pb ) slapi_log_error( SLAPI_LOG_PLUGIN, "passwd_modify_extop", - errMesg ); + errMesg ? errMesg : "success" ); send_ldap_result( pb, rc, NULL, errMesg, 0, NULL ); diff --git a/ldap/servers/slapd/slapi-plugin.h b/ldap/servers/slapd/slapi-plugin.h index e4b80725..79041106 100644 --- a/ldap/servers/slapd/slapi-plugin.h +++ b/ldap/servers/slapd/slapi-plugin.h @@ -362,6 +362,7 @@ char *slapi_dn_normalize_to_end( char *dn, char *end ); char *slapi_dn_ignore_case( char *dn ); char *slapi_dn_normalize_case( char *dn ); char *slapi_dn_beparent( Slapi_PBlock *pb, const char *dn ); +const char *slapi_dn_find_parent( const char *dn ); char *slapi_dn_parent( const char *dn ); int slapi_dn_issuffix( const char *dn, const char *suffix ); int slapi_dn_isparent( const char *parentdn, const char *childdn ); |