diff options
| author | Rich Megginson <rmeggins@redhat.com> | 2009-07-08 09:57:04 -0600 |
|---|---|---|
| committer | Rich Megginson <rmeggins@redhat.com> | 2009-07-14 12:35:11 -0600 |
| commit | a4240192f344a1a172cfdf8609661b90435b5db3 (patch) | |
| tree | c6ea1519c184971c66f171252e1ebd5493a8b610 /ldap | |
| parent | 386ba57d421ee2d59a267d52d63bd88cbf20c435 (diff) | |
| download | ds-a4240192f344a1a172cfdf8609661b90435b5db3.tar.gz ds-a4240192f344a1a172cfdf8609661b90435b5db3.tar.xz ds-a4240192f344a1a172cfdf8609661b90435b5db3.zip | |
Reduce noise reported by valgrind
valgrind is a very useful tool - however, the directory server produces a lot
of false positives that have to be suppressed in order to get to the useful
information. These patches attempt to reduce some of that noise.
1) aclparse - should calculate the length of the string _after_ trimming the
spaces
2) something about random number generation causes some of the bits to be uninitialized, and valgrind doesn't like it - this patch doesn't eliminate the error, just reduces it
3) use initialized memory when generating hashes - also remove "magic numbers"
4) bin.c - slapi_value_get_string must not be used with unterminated (binary) values
5) we get these odd valgrind reports from deep within bdb about invalid reads and uninitialized memory - I thought perhaps because we were initializing DBT structures with = {0} which the bdb docs says is not sufficient - they recommend memset or bzero
6) There are some small memory leaks during attrcrypt initialization and in error cases
7) error message in ldif2ldbm.c was attempting to print the Slapi_DN structure rather than getting the char *dn
8) After we call NSS_Initialize, we must call the NSS shutdown functions to clean up the caches and other data structures, otherwise NSS will leak memory. This is harmless since it happens at exit, but valgrind reports hundreds of memory leaks. The solution is to make sure we go through a single exit point after NSS_Initialize. This means many places that just called exit() must instead return with a real return value. This mostly affected main.c, detach.c, and a couple of other places called during startup.
9) minor memory leaks in mapping tree initialization
10) sasl_map.c - should not call this in referral mode
11) minor memory leaks during ssl init
Reviewed by: nkinder, nhosoi (Thanks!)
Diffstat (limited to 'ldap')
| -rw-r--r-- | ldap/servers/plugins/acl/aclparse.c | 3 | ||||
| -rw-r--r-- | ldap/servers/plugins/acl/aclutil.c | 11 | ||||
| -rw-r--r-- | ldap/servers/plugins/pwdstorage/sha_pwd.c | 35 | ||||
| -rw-r--r-- | ldap/servers/plugins/pwdstorage/ssha_pwd.c | 28 | ||||
| -rw-r--r-- | ldap/servers/plugins/syntaxes/bin.c | 6 | ||||
| -rw-r--r-- | ldap/servers/slapd/back-ldbm/id2entry.c | 6 | ||||
| -rw-r--r-- | ldap/servers/slapd/back-ldbm/idl_new.c | 13 | ||||
| -rw-r--r-- | ldap/servers/slapd/back-ldbm/ldbm_attrcrypt.c | 13 | ||||
| -rw-r--r-- | ldap/servers/slapd/back-ldbm/ldif2ldbm.c | 3 | ||||
| -rw-r--r-- | ldap/servers/slapd/detach.c | 11 | ||||
| -rw-r--r-- | ldap/servers/slapd/main.c | 190 | ||||
| -rw-r--r-- | ldap/servers/slapd/mapping_tree.c | 36 | ||||
| -rw-r--r-- | ldap/servers/slapd/proto-slap.h | 4 | ||||
| -rw-r--r-- | ldap/servers/slapd/sasl_map.c | 5 | ||||
| -rw-r--r-- | ldap/servers/slapd/ssl.c | 7 |
15 files changed, 217 insertions, 154 deletions
diff --git a/ldap/servers/plugins/acl/aclparse.c b/ldap/servers/plugins/acl/aclparse.c index 8855623e..57fd5ae7 100644 --- a/ldap/servers/plugins/acl/aclparse.c +++ b/ldap/servers/plugins/acl/aclparse.c @@ -609,11 +609,10 @@ normalize_nextACERule: ** for deny rule. We will never need more 2 times ** the len. */ + __acl_strip_leading_space(&tmp_str); len = strlen (tmp_str); s_acestr = acestr = slapi_ch_calloc ( 1, 2 * len); - __acl_strip_leading_space(&tmp_str); - /* * Now it's something like: * allow (all) groupdn = "ldap:///cn=Domain Administrators, o=$dn.o, o=ISP"; diff --git a/ldap/servers/plugins/acl/aclutil.c b/ldap/servers/plugins/acl/aclutil.c index 599fdbd0..a93a53a3 100644 --- a/ldap/servers/plugins/acl/aclutil.c +++ b/ldap/servers/plugins/acl/aclutil.c @@ -442,10 +442,13 @@ acl_gen_err_msg(int access, char *edn, char *attr, char **errbuf) short aclutil_gen_signature ( short c_signature ) { - short o_signature; - o_signature = c_signature ^ (slapi_rand() % 32768); - if (!o_signature) - o_signature = c_signature ^ (slapi_rand() % 32768); + short o_signature = 0; + short randval = (short)slapi_rand(); + o_signature = c_signature ^ (randval % 32768); + if (!o_signature) { + randval = (short)slapi_rand(); + o_signature = c_signature ^ (randval % 32768); + } return o_signature; } diff --git a/ldap/servers/plugins/pwdstorage/sha_pwd.c b/ldap/servers/plugins/pwdstorage/sha_pwd.c index e54feab7..8e9d60cf 100644 --- a/ldap/servers/plugins/pwdstorage/sha_pwd.c +++ b/ldap/servers/plugins/pwdstorage/sha_pwd.c @@ -54,6 +54,7 @@ #include <sechash.h> #define SHA_SALT_LENGTH 8 /* number of bytes of data in salt */ +#define OLD_SALT_LENGTH 8 #define NOT_FIRST_TIME (time_t)1 /* not the first logon */ static char *hasherrmsg = "pw_cmp: %s userPassword \"%s\" is the wrong length or is not properly encoded BASE64\n"; @@ -82,7 +83,7 @@ sha_pw_cmp (const char *userpwd, const char *dbpwd, unsigned int shaLen ) unsigned int secOID; char *schemeName; char *hashresult = NULL; - + /* Determine which algorithm we're using */ switch (shaLen) { case SHA1_LENGTH: @@ -111,8 +112,10 @@ sha_pw_cmp (const char *userpwd, const char *dbpwd, unsigned int shaLen ) */ hash_len = (strlen(dbpwd) * 3) / 4; /* includes the trailing = if any */ if ( hash_len > sizeof(quick_dbhash) ) { /* get more space: */ - dbhash = (char*) slapi_ch_malloc( hash_len ); + dbhash = (char*) slapi_ch_calloc( hash_len, sizeof(char) ); if ( dbhash == NULL ) goto loser; + } else { + memset( quick_dbhash, 0, sizeof(quick_dbhash) ); } hashresult = PL_Base64Decode( dbpwd, 0, dbhash ); if (NULL == hashresult) { @@ -123,23 +126,25 @@ sha_pw_cmp (const char *userpwd, const char *dbpwd, unsigned int shaLen ) salt.bv_len = SHA_SALT_LENGTH; } else if ( hash_len >= DS40B1_SALTED_SHA_LENGTH ) { salt.bv_val = (void*)dbhash; - salt.bv_len = 8; + salt.bv_len = OLD_SALT_LENGTH; } else { /* unsupported, invalid BASE64 (hash_len < 0), or similar */ slapi_log_error( SLAPI_LOG_PLUGIN, plugin_name, hasherrmsg, schemeName, dbpwd ); goto loser; } - + /* hash the user's key */ + memset( userhash, 0, sizeof(userhash) ); if ( sha_salted_hash( userhash, userpwd, &salt, secOID ) != SECSuccess ) { slapi_log_error( SLAPI_LOG_PLUGIN, plugin_name, "sha_pw_cmp: sha_salted_hash() failed\n"); goto loser; } - + /* the proof is in the comparison... */ result = ( hash_len >= shaLen ) ? - ( memcmp( userhash, dbhash, shaLen )) : /* include salt */ - ( memcmp( userhash, dbhash + 8, hash_len - 8 )); /* exclude salt */ - + ( memcmp( userhash, dbhash, shaLen ) ) : /* include salt */ + ( memcmp( userhash, dbhash + OLD_SALT_LENGTH, + hash_len - OLD_SALT_LENGTH ) ); /* exclude salt */ + loser: if ( dbhash && dbhash != quick_dbhash ) slapi_ch_free_string( &dbhash ); return result; @@ -153,7 +158,8 @@ sha_pw_enc( const char *pwd, unsigned int shaLen ) char *schemeName; unsigned int schemeNameLen; unsigned int secOID; - + size_t enclen; + /* Determine which algorithm we're using */ switch (shaLen) { case SHA1_LENGTH: @@ -182,19 +188,20 @@ sha_pw_enc( const char *pwd, unsigned int shaLen ) } /* hash the user's key */ + memset( hash, 0, sizeof(hash) ); if ( sha_salted_hash( hash, pwd, NULL, secOID ) != SECSuccess ) { return( NULL ); } - - if (( enc = slapi_ch_malloc( 3 + schemeNameLen + - LDIF_BASE64_LEN( shaLen ))) == NULL ) { + + enclen = 3 + schemeNameLen + LDIF_BASE64_LEN( shaLen ); + if (( enc = slapi_ch_calloc( enclen, sizeof(char) )) == NULL ) { return( NULL ); } - + sprintf( enc, "%c%s%c", PWD_HASH_PREFIX_START, schemeName, PWD_HASH_PREFIX_END ); (void)PL_Base64Encode( hash, shaLen, enc + 2 + schemeNameLen ); - + return( enc ); } diff --git a/ldap/servers/plugins/pwdstorage/ssha_pwd.c b/ldap/servers/plugins/pwdstorage/ssha_pwd.c index 14b8d443..6f09d5e9 100644 --- a/ldap/servers/plugins/pwdstorage/ssha_pwd.c +++ b/ldap/servers/plugins/pwdstorage/ssha_pwd.c @@ -131,10 +131,11 @@ salted_sha_pw_enc( const char *pwd, unsigned int shaLen ) char *salt = hash + shaLen; struct berval saltval; char *enc; + size_t encsize; char *schemeName; unsigned int schemeNameLen; unsigned int secOID; - + /* Determine which algorithm we're using */ switch (shaLen) { case SHA1_LENGTH: @@ -161,31 +162,30 @@ salted_sha_pw_enc( const char *pwd, unsigned int shaLen ) /* An unknown shaLen was passed in. We shouldn't get here. */ return( NULL ); } - + + memset(hash, 0, sizeof(hash)); saltval.bv_val = (void*)salt; saltval.bv_len = SHA_SALT_LENGTH; - + /* generate a new random salt */ - /* Note: the uninitialized salt array provides a little extra entropy - * to the random array generation, but it is not really needed since - * PK11_GenerateRandom takes care of seeding. In any case, it doesn't - * hurt. */ - ssha_rand_array( salt, SHA_SALT_LENGTH ); - + ssha_rand_array( salt, SHA_SALT_LENGTH ); + /* hash the user's key */ if ( sha_salted_hash( hash, pwd, &saltval, secOID ) != SECSuccess ) { return( NULL ); } - - if (( enc = slapi_ch_malloc( 3 + schemeNameLen + - LDIF_BASE64_LEN(shaLen + SHA_SALT_LENGTH))) == NULL ) { + + encsize = 3 + schemeNameLen + + LDIF_BASE64_LEN(shaLen + SHA_SALT_LENGTH); + if ( ( enc = slapi_ch_calloc( encsize, sizeof(char) ) ) == NULL ) { return( NULL ); } - + sprintf( enc, "%c%s%c", PWD_HASH_PREFIX_START, schemeName, PWD_HASH_PREFIX_END ); (void)PL_Base64Encode( hash, (shaLen + SHA_SALT_LENGTH), enc + 2 + schemeNameLen ); - + PR_ASSERT(0 == enc[encsize-1]); /* must be null terminated */ + return( enc ); } diff --git a/ldap/servers/plugins/syntaxes/bin.c b/ldap/servers/plugins/syntaxes/bin.c index b7be0d1a..2d0b6f8a 100644 --- a/ldap/servers/plugins/syntaxes/bin.c +++ b/ldap/servers/plugins/syntaxes/bin.c @@ -165,8 +165,10 @@ bin_filter_ava( Slapi_PBlock *pb, struct berval *bvfilter, int i; for ( i = 0; bvals[i] != NULL; i++ ) { - if ( slapi_value_get_length(bvals[i]) == bvfilter->bv_len && - 0 == memcmp( slapi_value_get_string(bvals[i]), bvfilter->bv_val, bvfilter->bv_len )) + const struct berval *bv = slapi_value_get_berval(bvals[i]); + + if ( ( bv->bv_len == bvfilter->bv_len ) && + ( 0 == memcmp( bv->bv_val, bvfilter->bv_val, bvfilter->bv_len ) ) ) { if(retVal!=NULL) { diff --git a/ldap/servers/slapd/back-ldbm/id2entry.c b/ldap/servers/slapd/back-ldbm/id2entry.c index e951e5e9..4af281c3 100644 --- a/ldap/servers/slapd/back-ldbm/id2entry.c +++ b/ldap/servers/slapd/back-ldbm/id2entry.c @@ -53,8 +53,8 @@ id2entry_add_ext( backend *be, struct backentry *e, back_txn *txn, int encrypt ldbm_instance *inst = (ldbm_instance *) be->be_instance_info; DB *db = NULL; DB_TXN *db_txn = NULL; - DBT data = {0}; - DBT key = {0}; + DBT data; + DBT key; int len, rc; char temp_id[sizeof(ID)]; struct backentry *encrypted_entry = NULL; @@ -70,6 +70,7 @@ id2entry_add_ext( backend *be, struct backentry *e, back_txn *txn, int encrypt id_internal_to_stored(e->ep_id,temp_id); + memset(&key, 0, sizeof(key)); key.dptr = temp_id; key.dsize = sizeof(temp_id); @@ -85,6 +86,7 @@ id2entry_add_ext( backend *be, struct backentry *e, back_txn *txn, int encrypt { Slapi_Entry *entry_to_use = encrypted_entry ? encrypted_entry->ep_entry : e->ep_entry; + memset(&data, 0, sizeof(data)); data.dptr = slapi_entry2str_with_options( entry_to_use, &len, SLAPI_DUMP_STATEINFO | SLAPI_DUMP_UNIQUEID); data.dsize = len + 1; /* If we had an encrypted entry, we no longer need it */ diff --git a/ldap/servers/slapd/back-ldbm/idl_new.c b/ldap/servers/slapd/back-ldbm/idl_new.c index bf855f13..6edefd3d 100644 --- a/ldap/servers/slapd/back-ldbm/idl_new.c +++ b/ldap/servers/slapd/back-ldbm/idl_new.c @@ -196,15 +196,15 @@ IDList * idl_new_fetch( int ret = 0; DBC *cursor = NULL; IDList *idl = NULL; - DBT key = {0}; - DBT data = {0}; + DBT key; + DBT data; ID id = 0; size_t count = 0; #ifdef DB_USE_BULK_FETCH /* beware that a large buffer on the stack might cause a stack overflow on some platforms */ char buffer[BULK_FETCH_BUFFER_SIZE]; void *ptr; - DBT dataret = {0}; + DBT dataret; #endif if (NEW_IDL_NOOP == *flag_err) @@ -220,11 +220,13 @@ IDList * idl_new_fetch( cursor = NULL; goto error; } + memset(&data, 0, sizeof(data)); #ifdef DB_USE_BULK_FETCH data.ulen = sizeof(buffer); data.size = sizeof(buffer); data.data = buffer; data.flags = DB_DBT_USERMEM; + memset(&dataret, 0, sizeof(dataret)); #else data.ulen = sizeof(id); data.size = sizeof(id); @@ -237,6 +239,7 @@ IDList * idl_new_fetch( * so we can just use the input key as a buffer. * This avoids memory management of the key. */ + memset(&key, 0, sizeof(key)); key.ulen = inkey->size; key.size = inkey->size; key.data = inkey->data; @@ -367,7 +370,7 @@ int idl_new_insert_key( ) { int ret = 0; - DBT data = {0}; + DBT data; #if defined(DB_ALLIDS_ON_WRITE) DBC *cursor = NULL; @@ -380,6 +383,7 @@ int idl_new_insert_key( cursor = NULL; goto error; } + memset(data, 0, sizeof(data)); /* bdb says data = {0} is not sufficient */ data.ulen = sizeof(id); data.size = sizeof(id); data.flags = DB_DBT_USERMEM; @@ -437,6 +441,7 @@ error: } } #else + memset(&data, 0, sizeof(data)); /* bdb says data = {0} is not sufficient */ data.ulen = sizeof(id); data.size = sizeof(id); data.flags = DB_DBT_USERMEM; diff --git a/ldap/servers/slapd/back-ldbm/ldbm_attrcrypt.c b/ldap/servers/slapd/back-ldbm/ldbm_attrcrypt.c index bf8d8439..a37c0bad 100644 --- a/ldap/servers/slapd/back-ldbm/ldbm_attrcrypt.c +++ b/ldap/servers/slapd/back-ldbm/ldbm_attrcrypt.c @@ -565,7 +565,7 @@ static void log_bytes(char* format_string, unsigned char *bytes, size_t length) static int attrcrypt_crypto_op(attrcrypt_private *priv, backend *be, struct attrinfo *ai, char *in_data, size_t in_size, char **out_data, size_t *out_size, int encrypt) { - int ret = 0; + int ret = -1; SECStatus secret = 0; PK11Context* sec_context = NULL; SECItem iv_item = {0}; @@ -631,6 +631,7 @@ attrcrypt_crypto_op(attrcrypt_private *priv, backend *be, struct attrinfo *ai, c #endif *out_size = output_buffer_size1 + output_buffer_size2; *out_data = (char *)output_buffer; + ret = 0; /* success */ } error: if (sec_context) { @@ -639,6 +640,9 @@ error: if (security_parameter) { slapd_SECITEM_FreeItem(security_parameter, PR_TRUE); } + if (ret) { + slapi_ch_free_string((char **)&output_buffer); + } LDAPDebug(LDAP_DEBUG_TRACE,"<- attrcrypt_crypto_op\n", 0, 0, 0); return ret; } @@ -841,8 +845,6 @@ attrcrypt_encrypt_entry(backend *be, const struct backentry *in, struct backentr struct backentry *new_entry = NULL; char *type = NULL; Slapi_Attr *attr = NULL; - Slapi_Value **svals = NULL; - Slapi_Value **new_vals = NULL; LDAPDebug(LDAP_DEBUG_TRACE,"-> attrcrypt_encrypt_entry\n", 0, 0, 0); *out = NULL; @@ -857,8 +859,9 @@ attrcrypt_encrypt_entry(backend *be, const struct backentry *in, struct backentr ainfo_get(be, type, &ai); if (ai && ai->ai_attrcrypt) { - svals = attr_get_present_values(attr); + Slapi_Value **svals = attr_get_present_values(attr); if (svals) { + Slapi_Value **new_vals = NULL; /* If we find one, did we make the new entry yet ? */ if (NULL == new_entry) { /* If not then make it now as a copy of the old entry */ @@ -871,7 +874,9 @@ attrcrypt_encrypt_entry(backend *be, const struct backentry *in, struct backentr break; } /* DBDB does this call free the old value memory ? */ + /* yes, DBDB, but it does not free new_vals - new_vals is copied */ slapi_entry_attr_replace_sv(new_entry->ep_entry, type, new_vals); + valuearray_free(&new_vals); } } } diff --git a/ldap/servers/slapd/back-ldbm/ldif2ldbm.c b/ldap/servers/slapd/back-ldbm/ldif2ldbm.c index 279cef54..423164cf 100644 --- a/ldap/servers/slapd/back-ldbm/ldif2ldbm.c +++ b/ldap/servers/slapd/back-ldbm/ldif2ldbm.c @@ -1205,7 +1205,8 @@ ldbm_back_ldbm2ldif( Slapi_PBlock *pb ) /* Decrypt in place */ rc = attrcrypt_decrypt_entry(be, ep); if (rc) { - LDAPDebug(LDAP_DEBUG_ANY,"Failed to decrypt entry%s\n", ep->ep_entry->e_sdn , 0, 0); + LDAPDebug(LDAP_DEBUG_ANY,"Failed to decrypt entry [%s] : %d\n", + slapi_sdn_get_dn(&ep->ep_entry->e_sdn), rc, 0); } } diff --git a/ldap/servers/slapd/detach.c b/ldap/servers/slapd/detach.c index dc8f9881..51a369c0 100644 --- a/ldap/servers/slapd/detach.c +++ b/ldap/servers/slapd/detach.c @@ -75,7 +75,7 @@ #include <unistd.h> #endif /* USE_SYSCONF */ -void +int detach( int slapd_exemode, int importexport_encrypt, int s_port, daemon_ports_t *ports_info ) { @@ -112,7 +112,7 @@ detach( int slapd_exemode, int importexport_encrypt, /* call this right after the fork, but before closing stdin */ if (slapd_do_all_nss_ssl_init(slapd_exemode, importexport_encrypt, s_port, ports_info)) { - exit(1); + return 1; } workingdir = config_get_workingdir(); @@ -132,7 +132,7 @@ detach( int slapd_exemode, int importexport_encrypt, } else { /* calling config_set_workingdir to check for validity of directory, don't apply */ if (config_set_workingdir(CONFIG_WORKINGDIR_ATTRIBUTE, workingdir, errorbuf, 0) == LDAP_OPERATIONS_ERROR) { - exit(1); + return 1; } (void) chdir( workingdir ); slapi_ch_free_string(&workingdir); @@ -140,7 +140,7 @@ detach( int slapd_exemode, int importexport_encrypt, if ( (sd = open( "/dev/null", O_RDWR )) == -1 ) { perror( "/dev/null" ); - exit( 1 ); + return 1; } (void) dup2( sd, 0 ); (void) dup2( sd, 1 ); @@ -160,12 +160,13 @@ detach( int slapd_exemode, int importexport_encrypt, } else { /* not detaching - call nss/ssl init */ if (slapd_do_all_nss_ssl_init(slapd_exemode, importexport_encrypt, s_port, ports_info)) { - exit(1); + return 1; } } (void) SIGNAL( SIGPIPE, SIG_IGN ); #endif /* _WIN32 */ + return 0; } diff --git a/ldap/servers/slapd/main.c b/ldap/servers/slapd/main.c index c611b9a2..7e595111 100644 --- a/ldap/servers/slapd/main.c +++ b/ldap/servers/slapd/main.c @@ -94,6 +94,7 @@ union semun { #include "protect_db.h" #include "getopt_ext.h" #include "fe.h" +#include <nss.h> #ifndef LDAP_DONT_USE_SMARTHEAP #include "smrtheap.h" @@ -634,7 +635,6 @@ main( int argc, char **argv) int return_value = 0; slapdFrontendConfig_t *slapdFrontendConfig = getFrontendConfig(); daemon_ports_t ports_info = {0}; - Slapi_Backend *be = NULL; #ifndef __LP64__ #if defined(__hpux) && !defined(__ia64) /* for static constructors */ @@ -923,7 +923,8 @@ main( int argc, char **argv) (slapd_exemode != SLAPD_EXEMODE_SLAPD)) { if (slapd_do_all_nss_ssl_init(slapd_exemode, importexport_encrypt, s_port, &ports_info)) { - return 1; + return_value = 1; + goto cleanup; } } @@ -933,22 +934,34 @@ main( int argc, char **argv) */ switch ( slapd_exemode ) { case SLAPD_EXEMODE_LDIF2DB: - return slapd_exemode_ldif2db(); + return_value = slapd_exemode_ldif2db(); + goto cleanup; + break; case SLAPD_EXEMODE_DB2LDIF: - return slapd_exemode_db2ldif(argc,argv); + return_value = slapd_exemode_db2ldif(argc,argv); + goto cleanup; + break; case SLAPD_EXEMODE_DB2INDEX: - return slapd_exemode_db2index(); + return_value = slapd_exemode_db2index(); + goto cleanup; + break; case SLAPD_EXEMODE_ARCHIVE2DB: - return slapd_exemode_archive2db(); + return_value = slapd_exemode_archive2db(); + goto cleanup; + break; case SLAPD_EXEMODE_DB2ARCHIVE: - return slapd_exemode_db2archive(); + return_value = slapd_exemode_db2archive(); + goto cleanup; + break; case SLAPD_EXEMODE_DBTEST: - return slapd_exemode_dbtest(); + return_value = slapd_exemode_dbtest(); + goto cleanup; + break; case SLAPD_EXEMODE_REFERRAL: /* check that all the necessary info was given, then go on */ @@ -961,21 +974,25 @@ main( int argc, char **argv) break; case SLAPD_EXEMODE_SUFFIX2INSTANCE: - return slapd_exemode_suffix2instance(); + return_value = slapd_exemode_suffix2instance(); + goto cleanup; + break; case SLAPD_EXEMODE_UPGRADEDB: - return slapd_exemode_upgradedb(); + return_value = slapd_exemode_upgradedb(); + goto cleanup; + break; case SLAPD_EXEMODE_DBVERIFY: return_value = slapd_exemode_dbverify(); - if (return_value == 0) - return return_value; - else - return 1; + goto cleanup; + break; case SLAPD_EXEMODE_PRINTVERSION: slapd_print_version(1); - exit(1); + return_value = 1; + goto cleanup; + break; default: { char *rundir = config_get_rundir(); @@ -989,7 +1006,8 @@ main( int argc, char **argv) slapdFrontendConfig->localuser, rundir, 0); LDAPDebug(LDAP_DEBUG_ANY, "Shutting down.\n", 0, 0, 0); slapi_ch_free_string(&rundir); - exit(1); + return_value = 1; + goto cleanup; } slapi_ch_free_string(&rundir); break; @@ -1003,8 +1021,11 @@ main( int argc, char **argv) * Have to detach after ssl_init - the user may be prompted for the PIN * on the terminal, so it must be open. */ - detach(slapd_exemode, importexport_encrypt, - s_port, &ports_info); + if (detach(slapd_exemode, importexport_encrypt, + s_port, &ports_info)) { + return_value = 1; + goto cleanup; + } /* * Now write our PID to the startup PID file. @@ -1028,7 +1049,8 @@ main( int argc, char **argv) LDAPDebug( LDAP_DEBUG_ANY, "Shutting down due to possible conflicts with other slapd processes\n", 0, 0, 0 ); - exit(1); + return_value = 1; + goto cleanup; } @@ -1071,7 +1093,8 @@ main( int argc, char **argv) { LDAPDebug( LDAP_DEBUG_ANY, "Failed to init mapping tree\n", 0, 0, 0 ); - exit(1); + return_value = 1; + goto cleanup; } @@ -1085,7 +1108,8 @@ main( int argc, char **argv) LDAPDebug( LDAP_DEBUG_ANY, "Fatal Error---Failed to initialize uniqueid generator; error = %d. " "Exiting now.\n", rc, 0, 0 ); - exit( 1 ); + return_value = 1; + goto cleanup; } /* --ugaston: register the start-tls plugin */ @@ -1112,7 +1136,8 @@ main( int argc, char **argv) plugin_startall(argc, argv, 1 /* Start Backends */, 1 /* Start Globals */); if (housekeeping_start((time_t)0, NULL) == NULL) { - exit (1); + return_value = 1; + goto cleanup; } eq_start(); /* must be done after plugins started */ @@ -1120,7 +1145,8 @@ main( int argc, char **argv) #ifdef HPUX10 /* HPUX linker voodoo */ if (collation_init == NULL) { - exit (1); + return_value = 1; + goto cleanup; } #endif /* HPUX */ @@ -1157,16 +1183,11 @@ main( int argc, char **argv) "Fatal Error---No ports specified. " "Exiting now.\n", 0, 0, 0 ); - exit(1); + return_value = 1; + goto cleanup; } } - { - Slapi_PBlock pb; - memset( &pb, '\0', sizeof(pb) ); - pb.pb_backend = be; - } - if (slapd_exemode != SLAPD_EXEMODE_REFERRAL) { /* else do this after seteuid() */ lite_entries_init(); @@ -1193,7 +1214,8 @@ main( int argc, char **argv) */ if ( search_register_reslimits() != SLAPI_RESLIMIT_STATUS_SUCCESS || daemon_register_reslimits() != SLAPI_RESLIMIT_STATUS_SUCCESS ) { - exit( 1 ); + return_value = 1; + goto cleanup; } { @@ -1206,15 +1228,19 @@ main( int argc, char **argv) compute_terminate(); vattr_cleanup(); sasl_map_done(); +cleanup: + SSL_ShutdownServerSessionIDCache(); + SSL_ClearSessionCache(); + NSS_Shutdown(); PR_Cleanup(); #ifdef _WIN32 /* Clean up the mutex used to interlock processes, before we exit */ remove_slapd_process(); #endif #if ( defined( hpux ) || defined( irix ) || defined( aix ) || defined( OSF1 )) - exit( 0 ); + exit( return_value ); #else - return 0; + return return_value; #endif } @@ -2055,7 +2081,7 @@ slapd_exemode_ldif2db() "ERROR: Required argument -i <ldiffile> missing\n", 0, 0, 0 ); usage( myname, extraname ); - exit( 1 ); + return 1; } /* this should be the first time to be called! if the init order @@ -2077,7 +2103,7 @@ slapd_exemode_ldif2db() "ERROR: backend instances name [-n <name>] or " "included suffix [-s <suffix>] need to be specified.\n", 0, 0, 0); - exit(1); + return 1; } if (instances) { @@ -2088,7 +2114,7 @@ slapd_exemode_ldif2db() LDAPDebug(LDAP_DEBUG_ANY, "ERROR 1: There is no backend instance to import to.\n", 0, 0, 0); - exit(1); + return 1; } else if (counter > 1) { int i; LDAPDebug(LDAP_DEBUG_ANY, @@ -2097,7 +2123,7 @@ slapd_exemode_ldif2db() for (i = 0; i < counter; i++) LDAPDebug(LDAP_DEBUG_ANY, " : %s\n", instances[i], 0, 0); - exit(1); + return 1; } else { LDAPDebug(LDAP_DEBUG_ANY, "Backend Instance: %s\n", *instances, 0, 0); @@ -2107,7 +2133,7 @@ slapd_exemode_ldif2db() LDAPDebug(LDAP_DEBUG_ANY, "ERROR 2: There is no backend instance to import to.\n", 0, 0, 0); - exit(1); + return 1; } } @@ -2116,7 +2142,7 @@ slapd_exemode_ldif2db() LDAPDebug(LDAP_DEBUG_ANY, "ERROR: Could not find backend '%s'.\n", cmd_line_instance_name, 0, 0); - exit(1); + return 1; } /* Make sure we aren't going to run slapd in @@ -2129,13 +2155,13 @@ slapd_exemode_ldif2db() LDAPDebug( LDAP_DEBUG_ANY, "Shutting down due to possible conflicts with other slapd processes\n", 0, 0, 0 ); - exit(1); + return 1; } /* check for slapi v2 support */ if (! SLAPI_PLUGIN_IS_V2(plugin)) { LDAPDebug(LDAP_DEBUG_ANY, "ERROR: %s is too old to do imports.\n", plugin->plg_name, 0, 0); - exit(1); + return 1; } memset( &pb, '\0', sizeof(pb) ); @@ -2197,7 +2223,7 @@ slapd_exemode_db2ldif(int argc, char** argv) "ERROR: backend instances name [-n <name>] or " "included suffix [-s <suffix>] need to be specified.\n", 0, 0, 0); - exit(1); + return 1; } if (instances) { @@ -2208,7 +2234,7 @@ slapd_exemode_db2ldif(int argc, char** argv) LDAPDebug(LDAP_DEBUG_ANY, "ERROR 1: There is no backend instance to export from.\n", 0, 0, 0); - exit(1); + return 1; } else { LDAPDebug(LDAP_DEBUG_ANY, "Backend Instance(s): \n", 0, 0, 0); for (ip = instances, counter = 0; ip && *ip; ip++, counter++) { @@ -2220,7 +2246,7 @@ slapd_exemode_db2ldif(int argc, char** argv) LDAPDebug(LDAP_DEBUG_ANY, "ERROR 2: There is no backend instance to export from.\n", 0, 0, 0); - exit(1); + return 1; } } @@ -2237,13 +2263,13 @@ slapd_exemode_db2ldif(int argc, char** argv) LDAPDebug(LDAP_DEBUG_ANY, "ERROR: Could not find backend '%s'.\n", *instp, 0, 0); - exit(1); + return 1; } if (plugin->plg_db2ldif == NULL) { LDAPDebug(LDAP_DEBUG_ANY, "ERROR: no db2ldif function defined for " "backend %s - cannot export\n", *instp, 0, 0); - exit(1); + return 1; } /* Make sure we aren't going to run slapd in @@ -2256,18 +2282,18 @@ slapd_exemode_db2ldif(int argc, char** argv) "Shutting down due to possible conflicts " "with other slapd processes\n", 0, 0, 0 ); - exit(1); + return 1; } if ( config_is_slapd_lite () && !slapi_config_get_readonly () && is_slapd_running() ) { LDAPDebug( LDAP_DEBUG_ANY, "%s\n", LITE_BACKUP_ERR, 0, 0); - exit ( 1 ); + return 1; } if (! (SLAPI_PLUGIN_IS_V2(plugin))) { LDAPDebug(LDAP_DEBUG_ANY, "ERROR: %s is too old to do exports.\n", plugin->plg_name, 0, 0); - exit(1); + return 1; } memset( &pb, '\0', sizeof(pb) ); @@ -2405,7 +2431,7 @@ static int slapd_exemode_db2index() "ERROR: backend instances name [-n <name>] or " "included suffix [-s <suffix>] need to be specified.\n", 0, 0, 0); - exit(1); + return 1; } if (instances) { @@ -2416,7 +2442,7 @@ static int slapd_exemode_db2index() LDAPDebug(LDAP_DEBUG_ANY, "ERROR 1: There is no backend instance to import to.\n", 0, 0, 0); - exit(1); + return 1; } else if (counter > 1) { int i; LDAPDebug(LDAP_DEBUG_ANY, @@ -2425,7 +2451,7 @@ static int slapd_exemode_db2index() for (i = 0; i < counter; i++) LDAPDebug(LDAP_DEBUG_ANY, " : %s\n", instances[i], 0, 0); - exit(1); + return 1; } else { LDAPDebug(LDAP_DEBUG_ANY, "Backend Instance: %s\n", *instances, 0, 0); @@ -2435,7 +2461,7 @@ static int slapd_exemode_db2index() LDAPDebug(LDAP_DEBUG_ANY, "ERROR 2: There is no backend instance to import to.\n", 0, 0, 0); - exit(1); + return 1; } } @@ -2444,7 +2470,7 @@ static int slapd_exemode_db2index() LDAPDebug(LDAP_DEBUG_ANY, "ERROR: Could not find backend '%s'.\n", cmd_line_instance_name, 0, 0); - exit(1); + return 1; } /* make sure nothing else is running */ @@ -2453,12 +2479,12 @@ static int slapd_exemode_db2index() LDAPDebug(LDAP_DEBUG_ANY, "Shutting down due to possible conflicts with other " "slapd processes.\n", 0, 0, 0); - exit(1); + return 1; } if ( db2index_attrs == NULL ) { usage( myname, extraname ); - exit( 1 ); + return 1; } memset( &pb, '\0', sizeof(pb) ); pb.pb_backend = NULL; @@ -2488,18 +2514,18 @@ slapd_exemode_db2archive() LDAPDebug(LDAP_DEBUG_ANY, "ERROR: Could not find the ldbm backend plugin.\n", 0, 0, 0); - exit(1); + return 1; } if (NULL == archive_name) { LDAPDebug( LDAP_DEBUG_ANY, "ERROR: no archive directory supplied\n", 0, 0, 0 ); - exit( 1 ); + return 1; } if ( config_is_slapd_lite () && !slapi_config_get_readonly () && is_slapd_running ()) { LDAPDebug( LDAP_DEBUG_ANY, "%s\n", LITE_BACKUP_ERR, 0, 0); - exit ( 1 ); + return 1; } /* Make sure we aren't going to run slapd in @@ -2511,11 +2537,11 @@ slapd_exemode_db2archive() LDAPDebug( LDAP_DEBUG_ANY, "Shutting down due to possible conflicts with other slapd processes\n", 0, 0, 0 ); - exit(1); + return 1; } if (compute_init()) { LDAPDebug(LDAP_DEBUG_ANY, "Initialization Failed 0 %d\n",return_value,0,0); - exit (1); + return 1; } memset( &pb, '\0', sizeof(pb) ); @@ -2543,13 +2569,13 @@ slapd_exemode_archive2db() LDAPDebug(LDAP_DEBUG_ANY, "ERROR: Could not find the ldbm backend plugin.\n", 0, 0, 0); - exit(1); + return 1; } if (NULL == archive_name) { LDAPDebug( LDAP_DEBUG_ANY, "ERROR: no archive directory supplied\n", 0, 0, 0 ); - exit( 1 ); + return 1; } /* Make sure we aren't going to run slapd in @@ -2561,11 +2587,11 @@ slapd_exemode_archive2db() LDAPDebug( LDAP_DEBUG_ANY, "Shutting down due to possible conflicts with other slapd processes\n", 0, 0, 0 ); - exit(1); + return 1; } if (compute_init()) { LDAPDebug(LDAP_DEBUG_ANY, "Initialization Failed 0 %d\n",return_value,0,0); - exit (1); + return 1; } memset( &pb, '\0', sizeof(pb) ); @@ -2598,7 +2624,7 @@ slapd_exemode_upgradedb() "ERROR: Required argument -a <backup_dir> missing\n", 0, 0, 0 ); usage( myname, extraname ); - exit( 1 ); + return 1; } /* this should be the first time to be called! if the init order @@ -2610,7 +2636,7 @@ slapd_exemode_upgradedb() LDAPDebug(LDAP_DEBUG_ANY, "ERROR: Could not find the ldbm backend plugin.\n", 0, 0, 0); - exit(1); + return 1; } /* Make sure we aren't going to run slapd in @@ -2621,13 +2647,13 @@ slapd_exemode_upgradedb() LDAPDebug( LDAP_DEBUG_ANY, "Shutting down due to possible conflicts with other slapd processes\n", 0, 0, 0 ); - exit(1); + return 1; } /* check for slapi v2 support */ if (! SLAPI_PLUGIN_IS_V2(backend_plugin)) { LDAPDebug(LDAP_DEBUG_ANY, "ERROR: %s is too old to do convert idl.\n", backend_plugin->plg_name, 0, 0); - exit(1); + return 1; } memset( &pb, '\0', sizeof(pb) ); @@ -2674,14 +2700,14 @@ slapd_exemode_dbverify() LDAPDebug(LDAP_DEBUG_ANY, "ERROR: Could not find the ldbm backend plugin.\n", 0, 0, 0); - exit(1); + return 1; } /* check for slapi v2 support */ if (! SLAPI_PLUGIN_IS_V2(backend_plugin)) { LDAPDebug(LDAP_DEBUG_ANY, "ERROR: %s is too old to do dbverify.\n", backend_plugin->plg_name, 0, 0); - exit(1); + return 1; } memset( &pb, '\0', sizeof(pb) ); @@ -2715,7 +2741,7 @@ slapd_exemode_dbtest() LDAPDebug(LDAP_DEBUG_ANY, "dbtest: Required argument -n <instance name> missing\n", 0, 0, 0); usage( myname, extraname ); - exit(1); + return 1; } mapping_tree_init(); @@ -2725,7 +2751,7 @@ slapd_exemode_dbtest() LDAPDebug(LDAP_DEBUG_ANY, "ERROR: Could not find backend '%s'.\n", cmd_line_instance_name, 0, 0); - exit(1); + return 1; } /* Make sure we aren't going to run slapd in @@ -2738,7 +2764,7 @@ slapd_exemode_dbtest() LDAPDebug( LDAP_DEBUG_ANY, "Shutting down due to possible conflicts with other slapd processes\n", 0, 0, 0 ); - exit(1); + return 1; } pb.pb_backend = NULL; @@ -2943,9 +2969,13 @@ slapd_do_all_nss_ssl_init(int slapd_exemode, int importexport_encrypt, * other things even if we are not going to accept SSL connections. * We also need NSS for attribute encryption/decryption on import and export. */ - int init_ssl = ( (slapd_exemode == SLAPD_EXEMODE_SLAPD) || importexport_encrypt) - && config_get_security() - && (0 != s_port) && (s_port <= LDAP_PORT_MAX); + int init_ssl = config_get_security(); + + if (slapd_exemode == SLAPD_EXEMODE_SLAPD) { + init_ssl = init_ssl && (0 != s_port) && (s_port <= LDAP_PORT_MAX); + } else { + init_ssl = init_ssl && importexport_encrypt; + } /* As of DS 6.1, always do a full initialization so that other * modules can assume NSS is available */ @@ -2953,7 +2983,7 @@ slapd_do_all_nss_ssl_init(int slapd_exemode, int importexport_encrypt, (slapd_exemode != SLAPD_EXEMODE_REFERRAL) /* have config? */ )) { LDAPDebug(LDAP_DEBUG_ANY, "ERROR: NSS Initialization Failed.\n", 0, 0, 0); - exit (1); + return 1; } if (slapd_exemode == SLAPD_EXEMODE_SLAPD) { @@ -2963,7 +2993,7 @@ slapd_do_all_nss_ssl_init(int slapd_exemode, int importexport_encrypt, if ( init_ssl && ( 0 != slapd_ssl_init())) { LDAPDebug(LDAP_DEBUG_ANY, "ERROR: SSL Initialization Failed.\n", 0, 0, 0 ); - exit( 1 ); + return 1; } if ((slapd_exemode == SLAPD_EXEMODE_SLAPD) || @@ -2974,7 +3004,7 @@ slapd_do_all_nss_ssl_init(int slapd_exemode, int importexport_encrypt, if ( 0 != slapd_ssl_init2(sock, 0) ) { LDAPDebug(LDAP_DEBUG_ANY, "ERROR: SSL Initialization phase 2 Failed.\n", 0, 0, 0 ); - exit( 1 ); + return 1; } } } diff --git a/ldap/servers/slapd/mapping_tree.c b/ldap/servers/slapd/mapping_tree.c index c682597a..479909a3 100644 --- a/ldap/servers/slapd/mapping_tree.c +++ b/ldap/servers/slapd/mapping_tree.c @@ -556,11 +556,10 @@ get_backends_from_attr(Slapi_Attr *attr, backend ***be_list, char ***be_names, /* * Description: - * Release the memory allocated by the routine above. - * Call this when the backend not put into structure and need to cleanup these tmp allocations + * Free the data allocated for mapping tree node arrays */ static void -free_get_backends_from_attr(backend ***be_list, char ***be_names, +free_mapping_tree_node_arrays(backend ***be_list, char ***be_names, int ** be_states, int *be_list_count) { int i; @@ -671,7 +670,7 @@ mapping_tree_entry_add(Slapi_Entry *entry, mapping_tree_node **newnodep ) if (get_backends_from_attr(attr, &be_list, &be_names, &be_states, &be_list_count, &be_list_size, NULL)) { - free_get_backends_from_attr(&be_list, &be_names, &be_states, &be_list_count); + free_mapping_tree_node_arrays(&be_list, &be_names, &be_states, &be_list_count); slapi_sdn_free(&subtree); return lderr; } @@ -776,7 +775,7 @@ mapping_tree_entry_add(Slapi_Entry *entry, mapping_tree_node **newnodep ) "ERROR: node %s must define a backend\n", slapi_entry_get_dn(entry), 0, 0); slapi_sdn_free(&subtree); - free_get_backends_from_attr(&be_list, &be_names, &be_states, &be_list_count); + free_mapping_tree_node_arrays(&be_list, &be_names, &be_states, &be_list_count); return lderr; } if (((state == MTN_REFERRAL) || (state == MTN_REFERRAL_ON_UPDATE)) @@ -786,7 +785,7 @@ mapping_tree_entry_add(Slapi_Entry *entry, mapping_tree_node **newnodep ) "ERROR: node %s must define referrals to be in referral state\n", slapi_entry_get_dn(entry), 0, 0); slapi_sdn_free(&subtree); - free_get_backends_from_attr(&be_list, &be_names, &be_states, &be_list_count); + free_mapping_tree_node_arrays(&be_list, &be_names, &be_states, &be_list_count); return lderr; } @@ -803,7 +802,7 @@ mapping_tree_entry_add(Slapi_Entry *entry, mapping_tree_node **newnodep ) slapi_sdn_free(&subtree); slapi_ch_free((void **) &plugin_funct); slapi_ch_free((void **) &plugin_lib); - free_get_backends_from_attr(&be_list, &be_names, &be_states, &be_list_count); + free_mapping_tree_node_arrays(&be_list, &be_names, &be_states, &be_list_count); return lderr; } } @@ -822,7 +821,7 @@ mapping_tree_entry_add(Slapi_Entry *entry, mapping_tree_node **newnodep ) slapi_sdn_free(&subtree); slapi_ch_free((void **) &plugin_funct); slapi_ch_free((void **) &plugin_lib); - free_get_backends_from_attr(&be_list, &be_names, &be_states, &be_list_count); + free_mapping_tree_node_arrays(&be_list, &be_names, &be_states, &be_list_count); return lderr; } @@ -1119,7 +1118,7 @@ int mapping_tree_entry_modify_callback(Slapi_PBlock *pb, Slapi_Entry* entryBefor else if (get_backends_from_attr(attr, &backends, &be_names, &be_states, &be_list_count, &be_list_size, node)) { - free_get_backends_from_attr(&backends, &be_names, &be_states, &be_list_count); + free_mapping_tree_node_arrays(&backends, &be_names, &be_states, &be_list_count); slapi_sdn_free(&subtree); *returncode = LDAP_UNWILLING_TO_PERFORM; return SLAPI_DSE_CALLBACK_ERROR; @@ -1132,11 +1131,13 @@ int mapping_tree_entry_modify_callback(Slapi_PBlock *pb, Slapi_Entry* entryBefor PR_snprintf(returntext, SLAPI_DSE_RETURNTEXT_SIZE, "mapping tree entry need at least one nsslapd-backend\n"); *returncode = LDAP_UNWILLING_TO_PERFORM; mtn_unlock(); - free_get_backends_from_attr(&backends, &be_names, &be_states, &be_list_count); + free_mapping_tree_node_arrays(&backends, &be_names, &be_states, &be_list_count); slapi_sdn_free(&subtree); return SLAPI_DSE_CALLBACK_ERROR; } + /* free any old data */ + free_mapping_tree_node_arrays(&node->mtn_be, &node->mtn_backend_names, &node->mtn_be_states, &node->mtn_be_count); node->mtn_be_states = be_states; node->mtn_be = backends; node->mtn_backend_names = be_names; @@ -1642,7 +1643,7 @@ mapping_tree_init() } static void -mtn_free_node (mapping_tree_node **node) +mtn_free_node (mapping_tree_node **node) { mapping_tree_node *child = (*node)->mtn_children; @@ -1668,16 +1669,13 @@ mtn_free_node (mapping_tree_node **node) if ((*node)->mtn_be_count > 0) { - if ((*node)->mtn_be) - slapi_ch_free((void **) &((*node)->mtn_be)); - - if ((*node)->mtn_backend_names) - slapi_ch_free((void **) &((*node)->mtn_backend_names)); - - if ((*node)->mtn_be_states) - slapi_ch_free((void **) &((*node)->mtn_be_states)); + free_mapping_tree_node_arrays(&((*node)->mtn_be), &((*node)->mtn_backend_names), + &((*node)->mtn_be_states), &((*node)->mtn_be_count)); } + slapi_ch_free_string(&((*node)->mtn_dstr_plg_lib)); + slapi_ch_free_string(&((*node)->mtn_dstr_plg_name)); + slapi_ch_free ((void**) node); } diff --git a/ldap/servers/slapd/proto-slap.h b/ldap/servers/slapd/proto-slap.h index afcdb0b2..f530d99b 100644 --- a/ldap/servers/slapd/proto-slap.h +++ b/ldap/servers/slapd/proto-slap.h @@ -517,8 +517,8 @@ void do_delete( Slapi_PBlock *pb ); /* * detach.c */ -void detach( int slapd_exemode, int importexport_encrypt, - int s_port, daemon_ports_t *ports_info ); +int detach( int slapd_exemode, int importexport_encrypt, + int s_port, daemon_ports_t *ports_info ); #ifndef _WIN32 void close_all_files( void ); #endif diff --git a/ldap/servers/slapd/sasl_map.c b/ldap/servers/slapd/sasl_map.c index 383f0455..08a64977 100644 --- a/ldap/servers/slapd/sasl_map.c +++ b/ldap/servers/slapd/sasl_map.c @@ -438,6 +438,11 @@ int sasl_map_done() sasl_map_private *priv = sasl_map_get_global_priv(); sasl_map_data *dp = NULL; + /* there is no sasl map in referral mode */ + if (!priv || !priv->lock || !priv->map_data_list) { + return 0; + } + /* Free the map list */ PR_Lock(priv->lock); dp = priv->map_data_list; diff --git a/ldap/servers/slapd/ssl.c b/ldap/servers/slapd/ssl.c index 5b107990..0866dc7c 100644 --- a/ldap/servers/slapd/ssl.c +++ b/ldap/servers/slapd/ssl.c @@ -278,7 +278,7 @@ slapd_SSL_error(char *fmt, ...) va_list args; va_start(args, fmt); slapd_SSL_report(LOG_FAILURE, fmt, args); - exit(1); + va_end(args); } void @@ -620,6 +620,7 @@ slapd_ssl_init() { (val ? "found" : "not found")); slapi_ch_free((void **) &val); slapi_ch_free((void **) &ciphers); + freeConfigEntry( &entry ); return -1; } @@ -627,6 +628,7 @@ slapd_ssl_init() { slapi_ch_free((void **) &val); if (svrcore_setup()) { + freeConfigEntry( &entry ); return -1; } @@ -669,6 +671,7 @@ slapd_ssl_init() { SLAPI_COMPONENT_NAME_NSPR " error %d - %s)", errorCode, slapd_pr_strerror(errorCode)); freeChildren(family_list); + freeConfigEntry( &entry ); return -1; } @@ -680,6 +683,7 @@ slapd_ssl_init() { SLAPI_COMPONENT_NAME_NSPR " error %d - %s)", errorCode, slapd_pr_strerror(errorCode)); freeChildren(family_list); + freeConfigEntry( &entry ); return -1; } /* authenticate */ @@ -690,6 +694,7 @@ slapd_ssl_init() { SLAPI_COMPONENT_NAME_NSPR " error %d - %s)", errorCode, slapd_pr_strerror(errorCode)); freeChildren(family_list); + freeConfigEntry( &entry ); return -1; } } |