diff options
author | Martin Kosek <mkosek@redhat.com> | 2013-02-12 11:59:22 +0100 |
---|---|---|
committer | Martin Kosek <mkosek@redhat.com> | 2013-02-14 10:09:48 +0100 |
commit | 93ea8a6ac311d7365b093b3449b281bbfa0911ab (patch) | |
tree | d35eb678374bbb6a58afc5b64878ad3ad11f6048 /daemons/ipa-kdb | |
parent | b8079f9ed4ba9632c77fa973aa2247a4d30434fa (diff) | |
download | freeipa-93ea8a6ac311d7365b093b3449b281bbfa0911ab.tar.gz freeipa-93ea8a6ac311d7365b093b3449b281bbfa0911ab.tar.xz freeipa-93ea8a6ac311d7365b093b3449b281bbfa0911ab.zip |
ipa-kdb: remove memory leaks
All known memory leaks caused by unfreed allocated memory or unfreed
LDAP results (which should be also done after unsuccessful searches)
are fixed.
https://fedorahosted.org/freeipa/ticket/3413
Diffstat (limited to 'daemons/ipa-kdb')
-rw-r--r-- | daemons/ipa-kdb/ipa_kdb.c | 4 | ||||
-rw-r--r-- | daemons/ipa-kdb/ipa_kdb.h | 2 | ||||
-rw-r--r-- | daemons/ipa-kdb/ipa_kdb_common.c | 13 | ||||
-rw-r--r-- | daemons/ipa-kdb/ipa_kdb_mspac.c | 8 |
4 files changed, 25 insertions, 2 deletions
diff --git a/daemons/ipa-kdb/ipa_kdb.c b/daemons/ipa-kdb/ipa_kdb.c index 3527cefa1..55a932abd 100644 --- a/daemons/ipa-kdb/ipa_kdb.c +++ b/daemons/ipa-kdb/ipa_kdb.c @@ -40,10 +40,14 @@ static void ipadb_context_free(krb5_context kcontext, { if (*ctx != NULL) { free((*ctx)->uri); + free((*ctx)->base); + free((*ctx)->realm_base); /* ldap free lcontext */ if ((*ctx)->lcontext) { ldap_unbind_ext_s((*ctx)->lcontext, NULL, NULL); } + free((*ctx)->supp_encs); + ipadb_mspac_struct_free(&(*ctx)->mspac); krb5_free_default_realm(kcontext, (*ctx)->realm); free(*ctx); *ctx = NULL; diff --git a/daemons/ipa-kdb/ipa_kdb.h b/daemons/ipa-kdb/ipa_kdb.h index beff8b208..f472f0245 100644 --- a/daemons/ipa-kdb/ipa_kdb.h +++ b/daemons/ipa-kdb/ipa_kdb.h @@ -237,6 +237,8 @@ krb5_error_code ipadb_sign_authdata(krb5_context context, krb5_error_code ipadb_reinit_mspac(struct ipadb_context *ipactx); +void ipadb_mspac_struct_free(struct ipadb_mspac **mspac); + /* DELEGATION CHECKS */ krb5_error_code ipadb_check_allowed_to_delegate(krb5_context kcontext, diff --git a/daemons/ipa-kdb/ipa_kdb_common.c b/daemons/ipa-kdb/ipa_kdb_common.c index e04bae667..121b8096d 100644 --- a/daemons/ipa-kdb/ipa_kdb_common.c +++ b/daemons/ipa-kdb/ipa_kdb_common.c @@ -172,7 +172,7 @@ krb5_error_code ipadb_simple_search(struct ipadb_context *ipactx, /* first test if we need to retry to connect */ if (ret != 0 && ipadb_need_retry(ipactx, ret)) { - + ldap_msgfree(*res); ret = ldap_search_ext_s(ipactx->lcontext, basedn, scope, filter, attrs, 0, NULL, NULL, &std_timeout, LDAP_NO_LIMIT, @@ -283,6 +283,7 @@ krb5_error_code ipadb_deref_search(struct ipadb_context *ipactx, int times; int ret; int c, i; + bool retry; for (c = 0; deref_attr_names[c]; c++) { /* count */ ; @@ -315,7 +316,8 @@ krb5_error_code ipadb_deref_search(struct ipadb_context *ipactx, /* retry once if connection errors (tot. max. 2 tries) */ times = 2; ret = LDAP_SUCCESS; - while (!ipadb_need_retry(ipactx, ret) && times > 0) { + retry = true; + while (retry) { times--; ret = ldap_search_ext_s(ipactx->lcontext, base_dn, scope, filter, @@ -323,11 +325,18 @@ krb5_error_code ipadb_deref_search(struct ipadb_context *ipactx, ctrl, NULL, &std_timeout, LDAP_NO_LIMIT, res); + retry = !ipadb_need_retry(ipactx, ret) && times > 0; + + if (retry) { + /* Free result before next try */ + ldap_msgfree(*res); + } } kerr = ipadb_simple_ldap_to_kerr(ret); done: + ldap_control_free(ctrl[0]); ldap_memfree(derefval.bv_val); free(ds); return kerr; diff --git a/daemons/ipa-kdb/ipa_kdb_mspac.c b/daemons/ipa-kdb/ipa_kdb_mspac.c index 0780e81cb..950000349 100644 --- a/daemons/ipa-kdb/ipa_kdb_mspac.c +++ b/daemons/ipa-kdb/ipa_kdb_mspac.c @@ -944,6 +944,7 @@ static int map_groups(TALLOC_CTX *memctx, krb5_context kcontext, goto done; } + ldap_msgfree(results); kerr = ipadb_deref_search(ipactx, basedn, LDAP_SCOPE_ONE, filter, entry_attrs, deref_search_attrs, memberof_pac_attrs, &results); @@ -1638,12 +1639,14 @@ krb5_error_code ipadb_sign_authdata(krb5_context context, ad.ad_type = KRB5_AUTHDATA_WIN2K_PAC; ad.contents = (krb5_octet *)pac_data.data; ad.length = pac_data.length; + authdata[0] = &ad; kerr = krb5_encode_authdata_container(context, KRB5_AUTHDATA_IF_RELEVANT, authdata, signed_auth_data); + krb5_free_data_contents(context, &pac_data); if (kerr != 0) { goto done; } @@ -1697,7 +1700,9 @@ void ipadb_mspac_struct_free(struct ipadb_mspac **mspac) free((*mspac)->trusts[i].sid_blacklist_incoming); free((*mspac)->trusts[i].sid_blacklist_outgoing); } + free((*mspac)->trusts); } + free(*mspac); *mspac = NULL; } @@ -2040,14 +2045,17 @@ krb5_error_code ipadb_reinit_mspac(struct ipadb_context *ipactx) if (ret == 0) { ret = string_to_sid(resstr, &gsid); if (ret) { + free(resstr); kerr = ret; goto done; } ret = sid_split_rid(&gsid, &ipactx->mspac->fallback_rid); if (ret) { + free(resstr); kerr = ret; goto done; } + free(resstr); } } } |