From 41b1a8ff9d38c1c2e76461ac7da3721260419fdf Mon Sep 17 00:00:00 2001 From: Rich Megginson Date: Wed, 27 Aug 2008 21:05:49 +0000 Subject: Resolves: bug 458666 Bug Description: Memory leaks in check_trivial_words, check_pw_storagescheme_value Reviewed by: nkinder, nhosoi (Thanks!) Branch: HEAD Fix Description: The first leak happens when password policy is active and trivial words checking is being used, and the password is being modified. When getting the list of attribute from the existing entry in the modify case, the function slapi_attr_get_valueset is used - this function makes a duplicate of the valueset and overwrites the valueset argument. The fix is to move the allocation of vs until after the call to slapi_attr_get_valueset, and only allocate it if it is non NULL. The second leak happens when the password storage scheme is changed. The function check_pw_storagescheme_value uses pw_name2scheme to check the given scheme - this function allocates a struct pw_scheme * which must be freed with free_pw_scheme. Platforms tested: RHEL5, Fedora 8 Flag Day: no Doc impact: no QA impact: already covered by acceptance tests New Tests integrated into TET: none --- ldap/servers/slapd/pw.c | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) (limited to 'ldap') diff --git a/ldap/servers/slapd/pw.c b/ldap/servers/slapd/pw.c index 753663a5..0a30c189 100644 --- a/ldap/servers/slapd/pw.c +++ b/ldap/servers/slapd/pw.c @@ -1286,8 +1286,6 @@ check_trivial_words (Slapi_PBlock *pb, Slapi_Entry *e, Slapi_Value **vals, char struct berval *bvp = NULL; int i, pwresponse_req = 0; - vs = slapi_valueset_new(); - slapi_pblock_get ( pb, SLAPI_PWPOLICY, &pwresponse_req ); /* Get a list of present values for attrtype in the existing entry, if there is one */ @@ -1296,11 +1294,17 @@ check_trivial_words (Slapi_PBlock *pb, Slapi_Entry *e, Slapi_Value **vals, char if ( (attr = attrlist_find(e->e_attrs, attrtype)) && (!valueset_isempty(&attr->a_present_values)) ) { - /* Add present values to valueset */ + /* allocate and add present values to valueset */ slapi_attr_get_valueset( attr, &vs ); } } + /* allocate new one if not allocated above by + slapi_attr_get_valueset */ + if (!vs) { + vs = slapi_valueset_new(); + } + /* Get a list of new values for attrtype from the operation */ if ( (smod = slapi_mod_new()) && smods ) { @@ -1862,6 +1866,7 @@ check_pw_storagescheme_value( const char *attr_name, char *value, long minval, l retVal = LDAP_CONSTRAINT_VIOLATION; } + free_pw_scheme(new_scheme); slapi_ch_free_string(&scheme_list); return retVal; -- cgit