OpenLDAP
Up to top level
Build   Contrib   Development   Documentation   Historical   Incoming   Software Bugs   Software Enhancements   Web  

Logged in as guest

Viewing Software Bugs/8782
Full headers

From: cheimes@redhat.com
Subject: Memory leak in ldap_cancel
Compose comment
Download message
State:
0 replies:
1 followups: 1

Major security issue: yes  no

Notes:

Notification:


Date: Mon, 04 Dec 2017 12:38:03 +0000
From: cheimes@redhat.com
To: openldap-its@OpenLDAP.org
Subject: Memory leak in ldap_cancel
Full_Name: Christian Heimes
Version: 2.4.45
OS: Fedora
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (2001:16b8:6097:b200:c324:8c3d:7869:1a1b)


While I was looking for memory leaks in python-ldap, Valgrind detected a memory
leak in ldap_cancel:

==30178== 22 (16 direct, 6 indirect) bytes in 1 blocks are definitely lost in
loss record 27 of 5,810
==30178==    at 0x4C2FB6B: malloc (vg_replace_malloc.c:299)
==30178==    by 0x14CBD9E4: ber_memalloc_x (memory.c:228)
==30178==    by 0x14CBC940: ber_flatten (io.c:437)
==30178==    by 0x14A81733: ldap_cancel (cancel.c:50)
==30178==    by 0x1485A3BA: l_ldap_cancel (LDAPObject.c:779)
==30178==    by 0x4FC24EF: PyCFunction_Call (in
/usr/lib64/libpython3.6m.so.1.0)
==30178==    by 0x4FF891C: _PyEval_EvalFrameDefault (in
/usr/lib64/libpython3.6m.so.1.0)
==30178==    by 0x4F590B2: ??? (in /usr/lib64/libpython3.6m.so.1.0)
==30178==    by 0x4F8BE10: ??? (in /usr/lib64/libpython3.6m.so.1.0)
==30178==    by 0x4FC933D: ??? (in /usr/lib64/libpython3.6m.so.1.0)
==30178==    by 0x4FF2EC9: _PyEval_EvalFrameDefault (in
/usr/lib64/libpython3.6m.so.1.0)
==30178==    by 0x4F590B2: ??? (in /usr/lib64/libpython3.6m.so.1.0)

I think the function is missing a call to ber_bvfree(cancelidvalp).

python-ldap issue: https://github.com/python-ldap/python-ldap/issues/82
Code: https://github.com/openldap/openldap/blob/master/libraries/libldap/cancel.c#L43-L55

Followup 1

Download message
Subject: Re: (ITS#8782) Memory leak in ldap_cancel
To: cheimes@redhat.com, openldap-its@OpenLDAP.org
From: Howard Chu <hyc@symas.com>
Date: Mon, 4 Dec 2017 16:01:08 +0000
cheimes@redhat.com wrote:
> Full_Name: Christian Heimes
> Version: 2.4.45
> OS: Fedora
> URL: ftp://ftp.openldap.org/incoming/
> Submission from: (NULL) (2001:16b8:6097:b200:c324:8c3d:7869:1a1b)
> 
> 
> While I was looking for memory leaks in python-ldap, Valgrind detected a
memory
> leak in ldap_cancel:

Thanks for the report. Fixed now in master.
> 
> ==30178== 22 (16 direct, 6 indirect) bytes in 1 blocks are definitely lost
in
> loss record 27 of 5,810
> ==30178==    at 0x4C2FB6B: malloc (vg_replace_malloc.c:299)
> ==30178==    by 0x14CBD9E4: ber_memalloc_x (memory.c:228)
> ==30178==    by 0x14CBC940: ber_flatten (io.c:437)
> ==30178==    by 0x14A81733: ldap_cancel (cancel.c:50)
> ==30178==    by 0x1485A3BA: l_ldap_cancel (LDAPObject.c:779)
> ==30178==    by 0x4FC24EF: PyCFunction_Call (in
> /usr/lib64/libpython3.6m.so.1.0)
> ==30178==    by 0x4FF891C: _PyEval_EvalFrameDefault (in
> /usr/lib64/libpython3.6m.so.1.0)
> ==30178==    by 0x4F590B2: ??? (in /usr/lib64/libpython3.6m.so.1.0)
> ==30178==    by 0x4F8BE10: ??? (in /usr/lib64/libpython3.6m.so.1.0)
> ==30178==    by 0x4FC933D: ??? (in /usr/lib64/libpython3.6m.so.1.0)
> ==30178==    by 0x4FF2EC9: _PyEval_EvalFrameDefault (in
> /usr/lib64/libpython3.6m.so.1.0)
> ==30178==    by 0x4F590B2: ??? (in /usr/lib64/libpython3.6m.so.1.0)
> 
> I think the function is missing a call to ber_bvfree(cancelidvalp).
> 
> python-ldap issue: https://github.com/python-ldap/python-ldap/issues/82
> Code: https://github.com/openldap/openldap/blob/master/libraries/libldap/cancel.c#L43-L55
> 
> 


-- 
   -- Howard Chu
   CTO, Symas Corp.           http://www.symas.com
   Director, Highland Sun     http://highlandsun.com/hyc/
   Chief Architect, OpenLDAP  http://www.openldap.org/project/


Up to top level
Build   Contrib   Development   Documentation   Historical   Incoming   Software Bugs   Software Enhancements   Web  

Logged in as guest


The OpenLDAP Issue Tracking System uses a hacked version of JitterBug

______________
© Copyright 2013, OpenLDAP Foundation, info@OpenLDAP.org