diff options
Diffstat (limited to 'ldap/servers/slapd/back-ldbm')
-rw-r--r-- | ldap/servers/slapd/back-ldbm/id2entry.c | 6 | ||||
-rw-r--r-- | ldap/servers/slapd/back-ldbm/idl_new.c | 13 | ||||
-rw-r--r-- | ldap/servers/slapd/back-ldbm/ldbm_attrcrypt.c | 13 | ||||
-rw-r--r-- | ldap/servers/slapd/back-ldbm/ldif2ldbm.c | 3 |
4 files changed, 24 insertions, 11 deletions
diff --git a/ldap/servers/slapd/back-ldbm/id2entry.c b/ldap/servers/slapd/back-ldbm/id2entry.c index e951e5e9..4af281c3 100644 --- a/ldap/servers/slapd/back-ldbm/id2entry.c +++ b/ldap/servers/slapd/back-ldbm/id2entry.c @@ -53,8 +53,8 @@ id2entry_add_ext( backend *be, struct backentry *e, back_txn *txn, int encrypt ldbm_instance *inst = (ldbm_instance *) be->be_instance_info; DB *db = NULL; DB_TXN *db_txn = NULL; - DBT data = {0}; - DBT key = {0}; + DBT data; + DBT key; int len, rc; char temp_id[sizeof(ID)]; struct backentry *encrypted_entry = NULL; @@ -70,6 +70,7 @@ id2entry_add_ext( backend *be, struct backentry *e, back_txn *txn, int encrypt id_internal_to_stored(e->ep_id,temp_id); + memset(&key, 0, sizeof(key)); key.dptr = temp_id; key.dsize = sizeof(temp_id); @@ -85,6 +86,7 @@ id2entry_add_ext( backend *be, struct backentry *e, back_txn *txn, int encrypt { Slapi_Entry *entry_to_use = encrypted_entry ? encrypted_entry->ep_entry : e->ep_entry; + memset(&data, 0, sizeof(data)); data.dptr = slapi_entry2str_with_options( entry_to_use, &len, SLAPI_DUMP_STATEINFO | SLAPI_DUMP_UNIQUEID); data.dsize = len + 1; /* If we had an encrypted entry, we no longer need it */ diff --git a/ldap/servers/slapd/back-ldbm/idl_new.c b/ldap/servers/slapd/back-ldbm/idl_new.c index bf855f13..6edefd3d 100644 --- a/ldap/servers/slapd/back-ldbm/idl_new.c +++ b/ldap/servers/slapd/back-ldbm/idl_new.c @@ -196,15 +196,15 @@ IDList * idl_new_fetch( int ret = 0; DBC *cursor = NULL; IDList *idl = NULL; - DBT key = {0}; - DBT data = {0}; + DBT key; + DBT data; ID id = 0; size_t count = 0; #ifdef DB_USE_BULK_FETCH /* beware that a large buffer on the stack might cause a stack overflow on some platforms */ char buffer[BULK_FETCH_BUFFER_SIZE]; void *ptr; - DBT dataret = {0}; + DBT dataret; #endif if (NEW_IDL_NOOP == *flag_err) @@ -220,11 +220,13 @@ IDList * idl_new_fetch( cursor = NULL; goto error; } + memset(&data, 0, sizeof(data)); #ifdef DB_USE_BULK_FETCH data.ulen = sizeof(buffer); data.size = sizeof(buffer); data.data = buffer; data.flags = DB_DBT_USERMEM; + memset(&dataret, 0, sizeof(dataret)); #else data.ulen = sizeof(id); data.size = sizeof(id); @@ -237,6 +239,7 @@ IDList * idl_new_fetch( * so we can just use the input key as a buffer. * This avoids memory management of the key. */ + memset(&key, 0, sizeof(key)); key.ulen = inkey->size; key.size = inkey->size; key.data = inkey->data; @@ -367,7 +370,7 @@ int idl_new_insert_key( ) { int ret = 0; - DBT data = {0}; + DBT data; #if defined(DB_ALLIDS_ON_WRITE) DBC *cursor = NULL; @@ -380,6 +383,7 @@ int idl_new_insert_key( cursor = NULL; goto error; } + memset(data, 0, sizeof(data)); /* bdb says data = {0} is not sufficient */ data.ulen = sizeof(id); data.size = sizeof(id); data.flags = DB_DBT_USERMEM; @@ -437,6 +441,7 @@ error: } } #else + memset(&data, 0, sizeof(data)); /* bdb says data = {0} is not sufficient */ data.ulen = sizeof(id); data.size = sizeof(id); data.flags = DB_DBT_USERMEM; diff --git a/ldap/servers/slapd/back-ldbm/ldbm_attrcrypt.c b/ldap/servers/slapd/back-ldbm/ldbm_attrcrypt.c index bf8d8439..a37c0bad 100644 --- a/ldap/servers/slapd/back-ldbm/ldbm_attrcrypt.c +++ b/ldap/servers/slapd/back-ldbm/ldbm_attrcrypt.c @@ -565,7 +565,7 @@ static void log_bytes(char* format_string, unsigned char *bytes, size_t length) static int attrcrypt_crypto_op(attrcrypt_private *priv, backend *be, struct attrinfo *ai, char *in_data, size_t in_size, char **out_data, size_t *out_size, int encrypt) { - int ret = 0; + int ret = -1; SECStatus secret = 0; PK11Context* sec_context = NULL; SECItem iv_item = {0}; @@ -631,6 +631,7 @@ attrcrypt_crypto_op(attrcrypt_private *priv, backend *be, struct attrinfo *ai, c #endif *out_size = output_buffer_size1 + output_buffer_size2; *out_data = (char *)output_buffer; + ret = 0; /* success */ } error: if (sec_context) { @@ -639,6 +640,9 @@ error: if (security_parameter) { slapd_SECITEM_FreeItem(security_parameter, PR_TRUE); } + if (ret) { + slapi_ch_free_string((char **)&output_buffer); + } LDAPDebug(LDAP_DEBUG_TRACE,"<- attrcrypt_crypto_op\n", 0, 0, 0); return ret; } @@ -841,8 +845,6 @@ attrcrypt_encrypt_entry(backend *be, const struct backentry *in, struct backentr struct backentry *new_entry = NULL; char *type = NULL; Slapi_Attr *attr = NULL; - Slapi_Value **svals = NULL; - Slapi_Value **new_vals = NULL; LDAPDebug(LDAP_DEBUG_TRACE,"-> attrcrypt_encrypt_entry\n", 0, 0, 0); *out = NULL; @@ -857,8 +859,9 @@ attrcrypt_encrypt_entry(backend *be, const struct backentry *in, struct backentr ainfo_get(be, type, &ai); if (ai && ai->ai_attrcrypt) { - svals = attr_get_present_values(attr); + Slapi_Value **svals = attr_get_present_values(attr); if (svals) { + Slapi_Value **new_vals = NULL; /* If we find one, did we make the new entry yet ? */ if (NULL == new_entry) { /* If not then make it now as a copy of the old entry */ @@ -871,7 +874,9 @@ attrcrypt_encrypt_entry(backend *be, const struct backentry *in, struct backentr break; } /* DBDB does this call free the old value memory ? */ + /* yes, DBDB, but it does not free new_vals - new_vals is copied */ slapi_entry_attr_replace_sv(new_entry->ep_entry, type, new_vals); + valuearray_free(&new_vals); } } } diff --git a/ldap/servers/slapd/back-ldbm/ldif2ldbm.c b/ldap/servers/slapd/back-ldbm/ldif2ldbm.c index 279cef54..423164cf 100644 --- a/ldap/servers/slapd/back-ldbm/ldif2ldbm.c +++ b/ldap/servers/slapd/back-ldbm/ldif2ldbm.c @@ -1205,7 +1205,8 @@ ldbm_back_ldbm2ldif( Slapi_PBlock *pb ) /* Decrypt in place */ rc = attrcrypt_decrypt_entry(be, ep); if (rc) { - LDAPDebug(LDAP_DEBUG_ANY,"Failed to decrypt entry%s\n", ep->ep_entry->e_sdn , 0, 0); + LDAPDebug(LDAP_DEBUG_ANY,"Failed to decrypt entry [%s] : %d\n", + slapi_sdn_get_dn(&ep->ep_entry->e_sdn), rc, 0); } } |