diff options
author | Thierry Bordaz <tbordaz@redhat.com> | 2016-08-09 16:46:25 +0200 |
---|---|---|
committer | Martin Basti <mbasti@redhat.com> | 2016-08-31 12:08:03 +0200 |
commit | b942b00ac7bca7e2864c7dc513d25983556916ff (patch) | |
tree | 981f7c04784fd4dbbf75199537260598137a5620 /daemons/ipa-slapi-plugins | |
parent | 25ed36fda14b30d6a50746a536939e3b428993cb (diff) | |
download | freeipa-b942b00ac7bca7e2864c7dc513d25983556916ff.tar.gz freeipa-b942b00ac7bca7e2864c7dc513d25983556916ff.tar.xz freeipa-b942b00ac7bca7e2864c7dc513d25983556916ff.zip |
ipa-pwd-extop memory leak during passord update
During an extend op password update, there is a test if the
user is changing the password is himself. It uses local Slapi_SDN
variable that are not freed
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
Diffstat (limited to 'daemons/ipa-slapi-plugins')
-rw-r--r-- | daemons/ipa-slapi-plugins/ipa-pwd-extop/ipa_pwd_extop.c | 24 |
1 files changed, 17 insertions, 7 deletions
diff --git a/daemons/ipa-slapi-plugins/ipa-pwd-extop/ipa_pwd_extop.c b/daemons/ipa-slapi-plugins/ipa-pwd-extop/ipa_pwd_extop.c index 6a87a2786..bdb7ee859 100644 --- a/daemons/ipa-slapi-plugins/ipa-pwd-extop/ipa_pwd_extop.c +++ b/daemons/ipa-slapi-plugins/ipa-pwd-extop/ipa_pwd_extop.c @@ -398,16 +398,26 @@ parse_req_done: /* if the user changing the password is self, we must request the * old password and verify it matches the current one before * proceeding with the password change */ - bind_sdn = slapi_sdn_new_dn_byref(bindDN); - target_sdn = slapi_sdn_new_dn_byref(dn); - if (!bind_sdn || !target_sdn) { - LOG_OOM(); - rc = LDAP_OPERATIONS_ERROR; - goto free_and_return; - } + bind_sdn = slapi_sdn_new_dn_byval(bindDN); + target_sdn = slapi_sdn_new_dn_byval(dn); + + rc = (!bind_sdn || !target_sdn) ? LDAP_OPERATIONS_ERROR : 0; + /* this one will normalize and compare, so difference in case will be * correctly handled */ ret = slapi_sdn_compare(bind_sdn, target_sdn); + + slapi_sdn_free(&bind_sdn); + slapi_sdn_free(&target_sdn); + + /* rc should always be 0 (else slapi_sdn_new_dn_byval should have sigsev) + * but if we end in rc==LDAP_OPERATIONS_ERROR be sure to stop here + * because ret is not significant */ + if (rc != 0) { + LOG_OOM(); + goto free_and_return; + } + if (ret == 0) { Slapi_Value *cpw[2] = { NULL, NULL }; Slapi_Value *pw; |