From 4b240e96c016af8cdd6393e3200e2550650b4fc0 Mon Sep 17 00:00:00 2001 From: Mark Reynolds Date: Aug 01 2019 14:21:02 +0000 Subject: Issue 50506 - Fix invalid frees from pointer reference calls. Description: There were a few free calls that were not removed which caused a double free. There was also extra care needed in pw.c around shadow password attribute values. relates: https://pagure.io/389-ds-base/issue/50506 Reviewed by: lkrispen(Thanks!) --- diff --git a/ldap/servers/plugins/replication/repl5_tot_protocol.c b/ldap/servers/plugins/replication/repl5_tot_protocol.c index 9eadb2c..977545c 100644 --- a/ldap/servers/plugins/replication/repl5_tot_protocol.c +++ b/ldap/servers/plugins/replication/repl5_tot_protocol.c @@ -315,7 +315,6 @@ check_suffix_entryID(Slapi_Backend *be, Slapi_Entry *suffix) return; } entryid = (u_int32_t) atoi(entryid_str); - slapi_ch_free_string(&entryid_str); if (!bck_info.key_found || bck_info.id != entryid) { /* The suffix entryid is not present in parentid index diff --git a/ldap/servers/slapd/plugin.c b/ldap/servers/slapd/plugin.c index 771b59c..a77bb5a 100644 --- a/ldap/servers/slapd/plugin.c +++ b/ldap/servers/slapd/plugin.c @@ -2812,7 +2812,6 @@ plugin_setup(Slapi_Entry *plugin_entry, struct slapi_componentid *group, slapi_p slapi_log_err(SLAPI_LOG_ERR, "plugin_setup", "Unknown plugin type \"%s\" in entry \"%s\"\n", value, slapi_entry_get_dn_const(plugin_entry)); PR_snprintf(returntext, SLAPI_DSE_RETURNTEXT_SIZE, "Unknown plugin type \"%s\" in entry", value); - slapi_ch_free_string(&value); status = -1; goto PLUGIN_CLEANUP; } diff --git a/ldap/servers/slapd/pw.c b/ldap/servers/slapd/pw.c index 1e63f9e..2e11caa 100644 --- a/ldap/servers/slapd/pw.c +++ b/ldap/servers/slapd/pw.c @@ -3112,8 +3112,11 @@ add_shadow_ext_password_attrs(Slapi_PBlock *pb, Slapi_Entry **e) long long sval; int mod_num = 0; char *shmin = NULL; + int shmin_free_it = 0; char *shmax = NULL; + int shmax_free_it = 0; char *shwarn = NULL; + int shwarn_free_it = 0; int rc = 0; if (!e || !*e) { @@ -3153,11 +3156,13 @@ add_shadow_ext_password_attrs(Slapi_PBlock *pb, Slapi_Entry **e) sval = strtoll(shmin, NULL, 0); if (sval != shadowval) { shmin = slapi_ch_smprintf("%lld", shadowval); + shmin_free_it = 1; mod_num++; } } else { mod_num++; shmin = slapi_ch_smprintf("%lld", shadowval); + shmin_free_it = 1; } } @@ -3175,11 +3180,13 @@ add_shadow_ext_password_attrs(Slapi_PBlock *pb, Slapi_Entry **e) sval = strtoll(shmax, NULL, 0); if (sval != shadowval) { shmax = slapi_ch_smprintf("%lld", shadowval); + shmax_free_it = 1; mod_num++; } } else { mod_num++; shmax = slapi_ch_smprintf("%lld", shadowval); + shmax_free_it = 1; } } @@ -3197,11 +3204,13 @@ add_shadow_ext_password_attrs(Slapi_PBlock *pb, Slapi_Entry **e) sval = strtoll(shwarn, NULL, 0); if (sval != shadowval) { shwarn = slapi_ch_smprintf("%lld", shadowval); + shwarn_free_it = 1; mod_num++; } } else { mod_num++; shwarn = slapi_ch_smprintf("%lld", shadowval); + shwarn_free_it = 1; } } @@ -3209,15 +3218,18 @@ add_shadow_ext_password_attrs(Slapi_PBlock *pb, Slapi_Entry **e) slapi_mods_init(smods, mod_num); if (shmin) { slapi_mods_add(smods, LDAP_MOD_REPLACE, "shadowMin", strlen(shmin), shmin); - slapi_ch_free_string(&shmin); + if (shmin_free_it) + slapi_ch_free_string(&shmin); } if (shmax) { slapi_mods_add(smods, LDAP_MOD_REPLACE, "shadowMax", strlen(shmax), shmax); - slapi_ch_free_string(&shmax); + if (shmax_free_it) + slapi_ch_free_string(&shmax); } if (shwarn) { slapi_mods_add(smods, LDAP_MOD_REPLACE, "shadowWarning", strlen(shwarn), shwarn); - slapi_ch_free_string(&shwarn); + if (shwarn_free_it) + slapi_ch_free_string(&shwarn); } /* Apply the mods to create the resulting entry. */ mods = slapi_mods_get_ldapmods_byref(smods);