diff options
| author | Rich Megginson <rmeggins@redhat.com> | 2008-08-27 21:05:49 +0000 |
|---|---|---|
| committer | Rich Megginson <rmeggins@redhat.com> | 2008-08-27 21:05:49 +0000 |
| commit | 41b1a8ff9d38c1c2e76461ac7da3721260419fdf (patch) | |
| tree | 196d5a3f6de19e79a5f8305891b1885b5cc372d8 /ldap | |
| parent | b621e8594f18242a6f9b45a4203b4a84a9c9829a (diff) | |
| download | ds-41b1a8ff9d38c1c2e76461ac7da3721260419fdf.tar.gz ds-41b1a8ff9d38c1c2e76461ac7da3721260419fdf.tar.xz ds-41b1a8ff9d38c1c2e76461ac7da3721260419fdf.zip | |
Resolves: bug 458666
Bug Description: Memory leaks in check_trivial_words, check_pw_storagescheme_value
Reviewed by: nkinder, nhosoi (Thanks!)
Branch: HEAD
Fix Description: The first leak happens when password policy is active and trivial words
checking is being used, and the password is being modified. When getting the
list of attribute from the existing entry in the modify case, the function
slapi_attr_get_valueset is used - this function makes a duplicate of the
valueset and overwrites the valueset argument. The fix is to move the allocation of vs until after the call to slapi_attr_get_valueset, and only allocate it if it is non NULL.
The second leak happens when the password storage scheme is changed. The
function check_pw_storagescheme_value uses pw_name2scheme to check the given
scheme - this function allocates a struct pw_scheme * which must be freed with
free_pw_scheme.
Platforms tested: RHEL5, Fedora 8
Flag Day: no
Doc impact: no
QA impact: already covered by acceptance tests
New Tests integrated into TET: none
Diffstat (limited to 'ldap')
| -rw-r--r-- | ldap/servers/slapd/pw.c | 11 |
1 files changed, 8 insertions, 3 deletions
diff --git a/ldap/servers/slapd/pw.c b/ldap/servers/slapd/pw.c index 753663a5..0a30c189 100644 --- a/ldap/servers/slapd/pw.c +++ b/ldap/servers/slapd/pw.c @@ -1286,8 +1286,6 @@ check_trivial_words (Slapi_PBlock *pb, Slapi_Entry *e, Slapi_Value **vals, char struct berval *bvp = NULL; int i, pwresponse_req = 0; - vs = slapi_valueset_new(); - slapi_pblock_get ( pb, SLAPI_PWPOLICY, &pwresponse_req ); /* Get a list of present values for attrtype in the existing entry, if there is one */ @@ -1296,11 +1294,17 @@ check_trivial_words (Slapi_PBlock *pb, Slapi_Entry *e, Slapi_Value **vals, char if ( (attr = attrlist_find(e->e_attrs, attrtype)) && (!valueset_isempty(&attr->a_present_values)) ) { - /* Add present values to valueset */ + /* allocate and add present values to valueset */ slapi_attr_get_valueset( attr, &vs ); } } + /* allocate new one if not allocated above by + slapi_attr_get_valueset */ + if (!vs) { + vs = slapi_valueset_new(); + } + /* Get a list of new values for attrtype from the operation */ if ( (smod = slapi_mod_new()) && smods ) { @@ -1862,6 +1866,7 @@ check_pw_storagescheme_value( const char *attr_name, char *value, long minval, l retVal = LDAP_CONSTRAINT_VIOLATION; } + free_pw_scheme(new_scheme); slapi_ch_free_string(&scheme_list); return retVal; |