diff options
author | Rich Megginson <rmeggins@redhat.com> | 2006-02-23 20:45:22 +0000 |
---|---|---|
committer | Rich Megginson <rmeggins@redhat.com> | 2006-02-23 20:45:22 +0000 |
commit | d62cdb091aae94777755f2db4e00cab968289202 (patch) | |
tree | ed6afecbe7435cbd1a372188f7216051fa49eb1e /ldap/servers/slapd/modrdn.c | |
parent | 797845db5ad09f0656bc954e335669603ef47a17 (diff) | |
download | ds-d62cdb091aae94777755f2db4e00cab968289202.tar.gz ds-d62cdb091aae94777755f2db4e00cab968289202.tar.xz ds-d62cdb091aae94777755f2db4e00cab968289202.zip |
Bug(s) fixed: 179135
Bug Description: memory leaks using ber_scanf when handling bad BER packets
Reviewed by: All (Thanks!)
Files: https://bugzilla.redhat.com/bugzilla/attachment.cgi?id=123783
Branch: HEAD
Fix Description:
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=179135#c0
I basically did a search through our code for all calls to ber_scanf,
ber_get_stringa, and ber_get_stringal and made sure we properly free any
arguments that may have been allocated. There was a bug in the ldapsdk
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=179135 that causes
us to free uninitialized memory when trying to clean up the result of
ber_get_stringal (or ber_scanf with 'V'). I had to initialize some
variables to NULL so that we could properly clean them up, and added
some additional clean ups that were missing. Also, in repl_extop.c, we
were calling free on an array that we should have been calling
ch_array_free on. Yet another lesson in the evils of slapi_ch_free and
disabling compiler type checks in general.
Platforms tested: Fedora Core 4
Flag Day: no
Doc impact: no
Diffstat (limited to 'ldap/servers/slapd/modrdn.c')
-rw-r--r-- | ldap/servers/slapd/modrdn.c | 8 |
1 files changed, 4 insertions, 4 deletions
diff --git a/ldap/servers/slapd/modrdn.c b/ldap/servers/slapd/modrdn.c index 1f53a641..64ccccf4 100644 --- a/ldap/servers/slapd/modrdn.c +++ b/ldap/servers/slapd/modrdn.c @@ -66,10 +66,10 @@ do_modrdn( Slapi_PBlock *pb ) { Slapi_Operation *operation; BerElement *ber; - char *dn, *newsuperior = NULL; + char *dn = NULL, *newsuperior = NULL; char *newrdn = NULL; - int err, deloldrdn; - unsigned long len; + int err = 0, deloldrdn = 0; + unsigned long len = 0; LDAPDebug( LDAP_DEBUG_TRACE, "do_modrdn\n", 0, 0, 0 ); @@ -99,7 +99,7 @@ do_modrdn( Slapi_PBlock *pb ) send_ldap_result( pb, LDAP_PROTOCOL_ERROR, NULL, "unable to decode DN, newRDN, or deleteOldRDN parameters", 0, NULL ); - return; + goto free_and_return; } if ( ber_peek_tag( ber, &len ) == LDAP_TAG_NEWSUPERIOR ) { |