[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (ITS#4901) malloc/free mismatches in ldapadd



--On Saturday, March 31, 2007 12:54 AM +0000 quanah@stanford.edu wrote:

> --On Friday, March 30, 2007 2:25 PM +0000 chris.ridd@isode.com wrote:
>
>> Full_Name: Chris Ridd
>> Version: 2.3.34
>> OS: Windows
>> URL: ftp://ftp.openldap.org/incoming/
>> Submission from: (NULL) (62.3.217.250)
>>
>>
>> On Windows, it is important that mallocs done in one DLL are balanced by
>> frees done from the same DLL. Failure to do this consistently leads to
>> heap corruption.
>>
>> This was observed to occur in several places in ldapadd - several buffers
>> allocated by ber_memfree() were freed using free().
>>
>> Our customer has successfully used a version of ldapadd on Windows
>> containing this patch (and the one in ITS 4900.)
>
> Thanks, testing.

--- openldap-2.3.34/clients/tools/common.c.orig Fri Mar 30 15:17:32 2007
+++ openldap-2.3.34/clients/tools/common.c      Fri Mar 30 15:21:42 2007
@@ -1244,7 +1244,7 @@
                        crit ? "critical " : "" );
        }

-       free( ctrls );
+       ldap_controls_free( ctrls );
        if ( crit ) {
                exit( EXIT_FAILURE );
        }


Just to note, this part of the patch is bad.  ctrls is a pointer to an 
array of controls, not an array of controls itself.  Therefore, the use of 
"free" here is appropriate.  Using ldap_controls_free results in segfaults.

--Quanah

--
Quanah Gibson-Mount
Senior Systems Software Developer
ITS/Shared Application Services
Stanford University
GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html