diff options
author | Rich Megginson <rmeggins@redhat.com> | 2008-08-28 17:20:12 +0000 |
---|---|---|
committer | Rich Megginson <rmeggins@redhat.com> | 2008-08-28 17:20:12 +0000 |
commit | 3d4d8fa431726747c091594b15ff1447ad4f795e (patch) | |
tree | c4cdbc72e9c89a8d0a7950299fc116450ececa70 | |
parent | 27b97aaea99e94c2104a1bc87cfe2f26a3606a47 (diff) | |
download | ds-3d4d8fa431726747c091594b15ff1447ad4f795e.tar.gz ds-3d4d8fa431726747c091594b15ff1447ad4f795e.tar.xz ds-3d4d8fa431726747c091594b15ff1447ad4f795e.zip |
Resolves: bug 458510
Bug Description: Memory leak setting password with passwd extop
Reviewed by: nkinder (Thanks!)
Fix Description: 1) if the given dn is "", that 1 byte will be leaked when the dn is reassigned
to the bind dn - so free it first in that case before reassigning
2) calling slapi_pblock_get with SLAPI_CONN_DN does a strdup, which is
different than most uses of slapi_pblock_get. That memory must be freed. So we free it at the end.
3) If we set the ORIGINAL_TARGET to a dn other than the given dn, we must free
it - grab it and compare it to dn - if not the same, free dn first, then free the original target dn
Platforms tested: RHEL5, Fedora 8
Flag Day: no
Doc impact: no
QA impact: should be covered by regular nightly and manual testing
New Tests integrated into TET: none
-rw-r--r-- | ldap/servers/slapd/passwd_extop.c | 10 |
1 files changed, 8 insertions, 2 deletions
diff --git a/ldap/servers/slapd/passwd_extop.c b/ldap/servers/slapd/passwd_extop.c index d5950984..93fdd3b1 100644 --- a/ldap/servers/slapd/passwd_extop.c +++ b/ldap/servers/slapd/passwd_extop.c @@ -431,6 +431,7 @@ passwd_modify_extop( Slapi_PBlock *pb ) char *bindDN = NULL; char *authmethod = NULL; char *dn = NULL; + char *otdn = NULL; char *oldPasswd = NULL; char *newPasswd = NULL; char *errMesg = NULL; @@ -661,6 +662,7 @@ parse_req_done: /* Did they give us a DN ? */ if (dn == NULL || *dn == '\0') { /* Get the DN from the bind identity on this connection */ + slapi_ch_free_string(&dn); dn = slapi_ch_strdup(bindDN); LDAPDebug( LDAP_DEBUG_ANY, "Missing userIdentity in request, using the bind DN instead.\n", @@ -744,13 +746,17 @@ parse_req_done: /* Free anything that we allocated above */ free_and_return: + slapi_ch_free_string(&bindDN); /* slapi_pblock_get SLAPI_CONN_DN does strdup */ slapi_ch_free_string(&oldPasswd); slapi_ch_free_string(&newPasswd); /* Either this is the same pointer that we allocated and set above, * or whoever used it should have freed it and allocated a new * value that we need to free here */ - slapi_pblock_get( pb, SLAPI_ORIGINAL_TARGET, &dn ); - slapi_ch_free_string(&dn); + slapi_pblock_get( pb, SLAPI_ORIGINAL_TARGET, &otdn ); + if (otdn != dn) { + slapi_ch_free_string(&dn); + } + slapi_ch_free_string(&otdn); slapi_pblock_set( pb, SLAPI_ORIGINAL_TARGET, NULL ); slapi_ch_free_string(&authmethod); |