From b7acb4812ac3dbf02c1cfb9d52ade8ef7b85869a Mon Sep 17 00:00:00 2001 From: Nathan Kinder Date: Wed, 22 Mar 2006 18:53:37 +0000 Subject: 186171 - Fixed memory leaks in passhook.dll --- ldap/synctools/passwordsync/passhook/passhook.cpp | 39 +++++++++++++++++------ 1 file changed, 29 insertions(+), 10 deletions(-) (limited to 'ldap/synctools/passwordsync/passhook/passhook.cpp') diff --git a/ldap/synctools/passwordsync/passhook/passhook.cpp b/ldap/synctools/passwordsync/passhook/passhook.cpp index f059c538..eba277a2 100644 --- a/ldap/synctools/passwordsync/passhook/passhook.cpp +++ b/ldap/synctools/passwordsync/passhook/passhook.cpp @@ -50,8 +50,6 @@ NTSTATUS NTAPI PasswordChangeNotify(PUNICODE_STRING UserName, ULONG RelativeId, PUNICODE_STRING Password) { - char singleByteUsername[PASSHAND_BUF_SIZE]; - char singleBytePassword[PASSHAND_BUF_SIZE]; HANDLE passhookEventHandle = OpenEvent(EVENT_MODIFY_STATE, FALSE, PASSHAND_EVENT_NAME); PASS_INFO newPassInfo; PASS_INFO_LIST passInfoList; @@ -78,18 +76,34 @@ NTSTATUS NTAPI PasswordChangeNotify(PUNICODE_STRING UserName, ULONG RelativeId, } RegCloseKey(regKey); - _snprintf(singleByteUsername, PASSHAND_BUF_SIZE, "%S", UserName->Buffer); - singleByteUsername[UserName->Length / 2] = '\0'; - _snprintf(singleBytePassword, PASSHAND_BUF_SIZE, "%S", Password->Buffer); - singleBytePassword[Password->Length / 2] = '\0'; + // This memory will be free'd by calling clearSet below + newPassInfo.username = (char*)malloc((UserName->Length / 2) + 1); + newPassInfo.password = (char*)malloc((Password->Length / 2) + 1); + + if (newPassInfo.username && newPassInfo.password) { + _snprintf(newPassInfo.username, (UserName->Length / 2), "%S", UserName->Buffer); + _snprintf(newPassInfo.password, (Password->Length / 2), "%S", Password->Buffer); + newPassInfo.username[UserName->Length / 2] = '\0'; + newPassInfo.password[Password->Length / 2] = '\0'; + } else { + if(outLog.is_open()) { + timeStamp(&outLog); + outLog << "failed to allocate memory for username and password" << endl; + } + free(newPassInfo.username); + free(newPassInfo.password); + goto exit; + } if(outLog.is_open()) { timeStamp(&outLog); - outLog << "user " << singleByteUsername << " password changed" << endl; - //outLog << "user " << singleByteUsername << " password changed to " << singleBytePassword << endl; + outLog << "user " << newPassInfo.username << " password changed" << endl; + //outLog << "user " << newPassInfo.username << " password changed to " << newPassInfo.password << endl; } + // loadSet allocates memory for the usernames and password. We need to be + // sure to free it by calling clearSet. if(loadSet(&passInfoList, "passhook.dat") == 0) { if(outLog.is_open()) @@ -107,10 +121,10 @@ NTSTATUS NTAPI PasswordChangeNotify(PUNICODE_STRING UserName, ULONG RelativeId, } } - newPassInfo.username = singleByteUsername; - newPassInfo.password = singleBytePassword; + // Add the new change to the list passInfoList.push_back(newPassInfo); + // Save the list to disk if(saveSet(&passInfoList, "passhook.dat") == 0) { if(outLog.is_open()) @@ -128,6 +142,10 @@ NTSTATUS NTAPI PasswordChangeNotify(PUNICODE_STRING UserName, ULONG RelativeId, } } + // We need to call clearSet so memory gets free'd + clearSet(&passInfoList); + +exit: if(passhookEventHandle == NULL) { if(outLog.is_open()) @@ -140,6 +158,7 @@ NTSTATUS NTAPI PasswordChangeNotify(PUNICODE_STRING UserName, ULONG RelativeId, else { SetEvent(passhookEventHandle); + CloseHandle(passhookEventHandle); } outLog.close(); -- cgit