Potential memory leaks in ipa-pwd-extop

This patch fixes several potential memory leaks in ipa-pwd-extop
SLAPI plugin.

Common function ipapwd_gen_hashes() now cleans after itself when
it fails. Other changes are local and self-explanatory.

https://fedorahosted.org/freeipa/ticket/715

1 files changed, 12 insertions, 1 deletions

diff --git a/daemons/ipa-slapi-plugins/ipa-pwd-extop/ipapwd_encoding.c b/daemons/ipa-slapi-plugins/ipa-pwd-extop/ipapwd_encoding.c
index c19c5a56..12932034 100644
--- a/daemons/ipa-slapi-plugins/ipa-pwd-extop/ipapwd_encoding.c
+++ b/daemons/ipa-slapi-plugins/ipa-pwd-extop/ipapwd_encoding.c
@@ -280,7 +280,7 @@ static Slapi_Value **encrypt_encode_key(struct ipapwd_krbcfg *krbcfg,
     if (!krbPrincipalName) {
         *errMesg = "no krbPrincipalName present in this entry\n";
         LOG_FATAL("%s", *errMesg);
-        return NULL;
+        goto enc_error;
     }
 
     krberr = krb5_parse_name(krbctx, krbPrincipalName, &princ);
@@ -680,6 +680,7 @@ static int encode_ntlm_keys(char *newPasswd,
         ucs2Passwd = calloc(ol, 1);
         if (!ucs2Passwd) {
             ret = -1;
+            iconv_close(cd);
             goto done;
         }
 
@@ -735,6 +736,11 @@ int ipapwd_gen_hashes(struct ipapwd_krbcfg *krbcfg,
 {
     int rc;
 
+    *svals = NULL;
+    *nthash = NULL;
+    *lmhash = NULL;
+    *errMesg = NULL;
+
     if (is_krb) {
 
         *svals = encrypt_encode_key(krbcfg, data, errMesg);
@@ -778,6 +784,11 @@ int ipapwd_gen_hashes(struct ipapwd_krbcfg *krbcfg,
 
 done:
 
+    /* when error, free possibly allocated output parameters */
+    if (rc) {
+        ipapwd_free_slapi_value_array(svals);
+    }
+
     return rc;
 }