From bdf30953dc0a0d3ae69674d0c12279f8ec7a7d98 Mon Sep 17 00:00:00 2001 From: Mark Reynolds Date: Mon, 29 Jan 2018 11:53:33 -0500 Subject: [PATCH] Ticket 49370 - Crash when using a global and local pw policies Description: This a regression from the previous patch. We were accidently using a referecne to the glboal pw policy password stroage scheme, which was getting freed after pblcok was done ofr an operation. The next operation then used(and double freed) this memory on the next operation. https://pagure.io/389-ds-base/issue/49370 Reviewed by: ? --- ldap/servers/slapd/pw.c | 32 +++++++++++++++++--------------- 1 file changed, 17 insertions(+), 15 deletions(-) diff --git a/ldap/servers/slapd/pw.c b/ldap/servers/slapd/pw.c index 3140ba1f0..e2cd165bc 100644 --- a/ldap/servers/slapd/pw.c +++ b/ldap/servers/slapd/pw.c @@ -212,7 +212,7 @@ pw_name2scheme(char *name) typedef int (*CMPFP)(char *, char *); typedef char *(*ENCFP)(char *); - if (strcmp(DEFAULT_PASSWORD_SCHEME_NAME, name) == 0) { + if (name == NULL || strcmp(DEFAULT_PASSWORD_SCHEME_NAME, name) == 0) { /* * If the name is DEFAULT, we need to get a scheme based on env and others. */ @@ -1630,18 +1630,18 @@ pw_get_admin_users(passwdPolicy *pwp) passwdPolicy * new_passwdPolicy(Slapi_PBlock *pb, const char *dn) { + slapdFrontendConfig_t *slapdFrontendConfig = NULL; Slapi_ValueSet *values = NULL; + Slapi_Value **sval = NULL; Slapi_Entry *e = NULL, *pw_entry = NULL; - int type_name_disposition = 0; + passwdPolicy *pwdpolicy = NULL; + Slapi_Attr *attr = NULL; + char *pwscheme_name = NULL; + char *attr_name = NULL; char *actual_type_name = NULL; + int type_name_disposition = 0; int attr_free_flags = 0; int rc = 0; - passwdPolicy *pwdpolicy = NULL; - struct pw_scheme *pwdscheme = NULL; - Slapi_Attr *attr; - char *attr_name; - Slapi_Value **sval; - slapdFrontendConfig_t *slapdFrontendConfig; int optype = -1; /* If we already allocated a pw policy, return it */ @@ -1735,9 +1735,7 @@ new_passwdPolicy(Slapi_PBlock *pb, const char *dn) pw_entry = get_entry(pb, bvp->bv_val); } } - slapi_vattr_values_free(&values, &actual_type_name, attr_free_flags); - slapi_entry_free(e); if (pw_entry == NULL) { @@ -1750,7 +1748,11 @@ new_passwdPolicy(Slapi_PBlock *pb, const char *dn) /* Set the default values (from libglobs.c) */ pwpolicy_init_defaults(pwdpolicy); - pwdpolicy->pw_storagescheme = slapdFrontendConfig->pw_storagescheme; + + /* Set the current storage scheme */ + pwscheme_name = config_get_pw_storagescheme(); + pwdpolicy->pw_storagescheme = pw_name2scheme(pwscheme_name); + slapi_ch_free_string(&pwscheme_name); /* Set the defined values now */ for (slapi_entry_first_attr(pw_entry, &attr); attr; @@ -1883,6 +1885,7 @@ new_passwdPolicy(Slapi_PBlock *pb, const char *dn) } } else if (!strcasecmp(attr_name, "passwordstoragescheme")) { if ((sval = attr_get_present_values(attr))) { + free_pw_scheme(pwdpolicy->pw_storagescheme); pwdpolicy->pw_storagescheme = pw_name2scheme((char *)slapi_value_get_string(*sval)); } @@ -1942,10 +1945,9 @@ done: * structure from slapdFrontendconfig */ *pwdpolicy = slapdFrontendConfig->pw_policy; - pwdscheme = (struct pw_scheme *)slapi_ch_calloc(1, sizeof(struct pw_scheme)); - *pwdscheme = *slapdFrontendConfig->pw_storagescheme; - pwdscheme->pws_name = strdup(slapdFrontendConfig->pw_storagescheme->pws_name); - pwdpolicy->pw_storagescheme = pwdscheme; + pwscheme_name = config_get_pw_storagescheme(); + pwdpolicy->pw_storagescheme = pw_name2scheme(pwscheme_name); + slapi_ch_free_string(&pwscheme_name); pwdpolicy->pw_admin = slapi_sdn_dup(slapdFrontendConfig->pw_policy.pw_admin); pw_get_admin_users(pwdpolicy); if (pb) { -- 2.13.6