[Date Prev][Date Next] [Chronological] [Thread] [Top]

Memory problems in back-meta (ITS#2986)

To: openldap-its@OpenLDAP.org
Subject: Memory problems in back-meta (ITS#2986)
From: rouazana@linagora.com
Date: Mon, 1 Mar 2004 15:22:57 GMT

Full_Name: Raphael Ouazana
Version: 2.2.5
OS: Linux
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (194.98.7.155)



With Valgrind I've found some memory problems in back-meta :

1. Memory leak with rebind-as-user

In bind.c:243 there is a memory allocation (ber_dupbv) witch is never
desallocated.

2. Memory leak in search.c

In search.c:367 res is allocated but not ever desallocated (I've still not
exactly determined when it is and when it isn't).

3. Memory leak in conn.c

In conn.c:237 rewrite_session_init allocates memory witch is not desallocated.

4. Memory leaks in meta_back_op_result

meta_back_op_result is called by some operations. For exemple when it is called
by meta_back_modify (modify.c:151) some pointers (msg and match) are not
desallocated (they were allocated with ldap_get_option in bind.c:428 and
bind.c:430).

5. Possible segfault in conn.c

In conn.c:251 ldap_back_dn_massage can give the same adress to lsc->bound_dn and
op->o_conn->c_dn.
But in slapd/connection.c connection_destroy will call
backend_connection_destroy and then connection2anonymous.
backend_connection_destroy will free lsc->bound_dn and connection2anonymous will
free op->o_conn->c_dn, so this will cause a segfault.
I think the following patch will prevent it without introducing any memory
leak:

$ diff -u servers/slapd/back-meta/conn.c.orig servers/slapd/back-meta/conn.c
--- servers/slapd/back-meta/conn.c.orig 2004-03-01 16:21:25.000000000 +0100
+++ servers/slapd/back-meta/conn.c      2004-03-01 16:25:20.000000000 +0100
@@ -240,6 +240,7 @@
         * If the connection dn is not null, an attempt to rewrite it is made
         */
        if ( op->o_conn->c_dn.bv_len != 0 ) {
+               struct berval tmp;
                dc.rwmap = &lt->rwmap;
                dc.conn = op->o_conn;
                dc.rs = rs;
@@ -254,6 +255,17 @@
                        return rs->sr_err;
                }
  
+               if ( lsc->bound_dn.bv_val && lsc->bound_dn.bv_val !=
op->o_conn->c_dn.bv_val ) {
+                       ber_memfree( lsc->bound_dn.bv_val );
+                       lsc->bound_dn.bv_val = NULL;
+                       lsc->bound_dn.bv_len = 0;
+               }
+
+               ber_dupbv( &tmp, &lsc->bound_dn );
+               ber_dupbv( &lsc->bound_dn, &tmp );
+               if ( tmp.bv_val )
+                       ber_memfree( tmp.bv_val );
+
                assert( lsc->bound_dn.bv_val );
  
        } else {
$

Raphael Ouazana.

Prev by Date: wrong slapppasswd in servers/slapd/Makefile.in (ITS#2985)
Next by Date: ldapsync entry not created (ITS#2987)
Index(es):
- Chronological
- Thread