diff options
| author | Martin Kosek <mkosek@redhat.com> | 2011-01-13 11:12:36 +0100 |
|---|---|---|
| committer | Simo Sorce <ssorce@redhat.com> | 2011-01-14 14:20:57 -0500 |
| commit | 8173b8e375ea99d06773ea4de18fa2f32ddc1039 (patch) | |
| tree | 1a2a0568ed3a3be1c2a31a8dc549b3ca31e1a50d /daemons/ipa-slapi-plugins | |
| parent | 7b5601eeb52f0eab55c5b5577f90b2ecc7f26dd9 (diff) | |
| download | freeipa-8173b8e375ea99d06773ea4de18fa2f32ddc1039.tar.gz freeipa-8173b8e375ea99d06773ea4de18fa2f32ddc1039.tar.xz freeipa-8173b8e375ea99d06773ea4de18fa2f32ddc1039.zip | |
Potential memory leaks in ipa-pwd-extop
This patch fixes several potential memory leaks in ipa-pwd-extop
SLAPI plugin.
Common function ipapwd_gen_hashes() now cleans after itself when
it fails. Other changes are local and self-explanatory.
https://fedorahosted.org/freeipa/ticket/715
Diffstat (limited to 'daemons/ipa-slapi-plugins')
| -rw-r--r-- | daemons/ipa-slapi-plugins/ipa-pwd-extop/ipapwd_common.c | 11 | ||||
| -rw-r--r-- | daemons/ipa-slapi-plugins/ipa-pwd-extop/ipapwd_encoding.c | 13 |
2 files changed, 21 insertions, 3 deletions
diff --git a/daemons/ipa-slapi-plugins/ipa-pwd-extop/ipapwd_common.c b/daemons/ipa-slapi-plugins/ipa-pwd-extop/ipapwd_common.c index 2bc36c09e..3b5b3c8dc 100644 --- a/daemons/ipa-slapi-plugins/ipa-pwd-extop/ipapwd_common.c +++ b/daemons/ipa-slapi-plugins/ipa-pwd-extop/ipapwd_common.c @@ -74,12 +74,14 @@ static int new_ipapwd_encsalt(krb5_context krbctx, { struct ipapwd_encsalt *es; int nes, i; + int rc; for (i = 0; encsalts[i]; i++) /* count */ ; es = calloc(i + 1, sizeof(struct ipapwd_encsalt)); if (!es) { LOG_OOM(); - return LDAP_OPERATIONS_ERROR; + rc = LDAP_OPERATIONS_ERROR; + goto fail; } for (i = 0, nes = 0; encsalts[i]; i++) { @@ -93,7 +95,8 @@ static int new_ipapwd_encsalt(krb5_context krbctx, enc = strdup(encsalts[i]); if (!enc) { LOG_OOM(); - return LDAP_OPERATIONS_ERROR; + rc = LDAP_OPERATIONS_ERROR; + goto fail; } salt = strchr(enc, ':'); if (!salt) { @@ -133,6 +136,10 @@ static int new_ipapwd_encsalt(krb5_context krbctx, *num_es_types = nes; return LDAP_SUCCESS; + +fail: + free(es); + return rc; } static struct ipapwd_krbcfg *ipapwd_getConfig(void) diff --git a/daemons/ipa-slapi-plugins/ipa-pwd-extop/ipapwd_encoding.c b/daemons/ipa-slapi-plugins/ipa-pwd-extop/ipapwd_encoding.c index c19c5a566..129320340 100644 --- a/daemons/ipa-slapi-plugins/ipa-pwd-extop/ipapwd_encoding.c +++ b/daemons/ipa-slapi-plugins/ipa-pwd-extop/ipapwd_encoding.c @@ -280,7 +280,7 @@ static Slapi_Value **encrypt_encode_key(struct ipapwd_krbcfg *krbcfg, if (!krbPrincipalName) { *errMesg = "no krbPrincipalName present in this entry\n"; LOG_FATAL("%s", *errMesg); - return NULL; + goto enc_error; } krberr = krb5_parse_name(krbctx, krbPrincipalName, &princ); @@ -680,6 +680,7 @@ static int encode_ntlm_keys(char *newPasswd, ucs2Passwd = calloc(ol, 1); if (!ucs2Passwd) { ret = -1; + iconv_close(cd); goto done; } @@ -735,6 +736,11 @@ int ipapwd_gen_hashes(struct ipapwd_krbcfg *krbcfg, { int rc; + *svals = NULL; + *nthash = NULL; + *lmhash = NULL; + *errMesg = NULL; + if (is_krb) { *svals = encrypt_encode_key(krbcfg, data, errMesg); @@ -778,6 +784,11 @@ int ipapwd_gen_hashes(struct ipapwd_krbcfg *krbcfg, done: + /* when error, free possibly allocated output parameters */ + if (rc) { + ipapwd_free_slapi_value_array(svals); + } + return rc; } |