From 44e78a87e1a2fa7be1b598f4f3ac32ecb8323d8a Mon Sep 17 00:00:00 2001 From: Rich Megginson Date: Thu, 28 Aug 2008 17:20:50 +0000 Subject: Resolves: bug 458666 Bug Description: Memory leaks in check_trivial_words, check_pw_storagescheme_value Reviewed by: nkinder, nhosoi (Thanks!) Fix Description: The first leak happens when password policy is active and trivial words checking is being used, and the password is being modified. When getting the list of attribute from the existing entry in the modify case, the function slapi_attr_get_valueset is used - this function makes a duplicate of the valueset and overwrites the valueset argument. The fix is to move the allocation of vs until after the call to slapi_attr_get_valueset, and only allocate it if it is non NULL. The second leak happens when the password storage scheme is changed. The function check_pw_storagescheme_value uses pw_name2scheme to check the given scheme - this function allocates a struct pw_scheme * which must be freed with free_pw_scheme. Platforms tested: RHEL5, Fedora 8 Flag Day: no Doc impact: no QA impact: already covered by acceptance tests New Tests integrated into TET: none --- ldap/servers/slapd/pw.c | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) diff --git a/ldap/servers/slapd/pw.c b/ldap/servers/slapd/pw.c index 753663a5..0a30c189 100644 --- a/ldap/servers/slapd/pw.c +++ b/ldap/servers/slapd/pw.c @@ -1286,8 +1286,6 @@ check_trivial_words (Slapi_PBlock *pb, Slapi_Entry *e, Slapi_Value **vals, char struct berval *bvp = NULL; int i, pwresponse_req = 0; - vs = slapi_valueset_new(); - slapi_pblock_get ( pb, SLAPI_PWPOLICY, &pwresponse_req ); /* Get a list of present values for attrtype in the existing entry, if there is one */ @@ -1296,11 +1294,17 @@ check_trivial_words (Slapi_PBlock *pb, Slapi_Entry *e, Slapi_Value **vals, char if ( (attr = attrlist_find(e->e_attrs, attrtype)) && (!valueset_isempty(&attr->a_present_values)) ) { - /* Add present values to valueset */ + /* allocate and add present values to valueset */ slapi_attr_get_valueset( attr, &vs ); } } + /* allocate new one if not allocated above by + slapi_attr_get_valueset */ + if (!vs) { + vs = slapi_valueset_new(); + } + /* Get a list of new values for attrtype from the operation */ if ( (smod = slapi_mod_new()) && smods ) { @@ -1862,6 +1866,7 @@ check_pw_storagescheme_value( const char *attr_name, char *value, long minval, l retVal = LDAP_CONSTRAINT_VIOLATION; } + free_pw_scheme(new_scheme); slapi_ch_free_string(&scheme_list); return retVal; -- cgit