[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Supposed memory leak in back-ldbm/bind.c
Hello everybody.
I think I've found a little memory leak in back-ldbm/bind.c
> ldbm_back_bind(
> Backend *be,
> Connection *conn,
> Operation *op,
> char *dn,
> int method,
> struct berval *cred,
> char** edn
> )
When a bind is attempted, the output argument *edn is set to NULL first:
> *edn = NULL;
>
An entry is searched that matches the required dn.
> /* get entry with reader lock */
> if ( (e = dn2entry_r( be, dn, &matched )) == NULL ) {
If the entry is not found, the routine returns. On the contrary,
if the entry is found, *edn is set by duplicating the entry's dn.
>
> *edn = ch_strdup( e->e_dn );
>
Then the bind method is checked. In some cases, namely when the
binding dn results in being root, *edn is set again by duplicating
the backend root dn, without *edn being freed first, thus resulting
in a memory leak:
> /* check for deleted */
>
> switch ( method ) {
> case LDAP_AUTH_SIMPLE:
> if ( cred->bv_len == 0 ) {
> send_ldap_result( conn, op, LDAP_SUCCESS, NULL, NULL );
>
> /* stop front end from sending result */
> rc = 1;
> goto return_results;
> /* 1 */ } else if ( be_isroot_pw( be, dn, cred ) ) {
> /* front end will send result */
-------> *edn = ch_strdup( be_root_dn( be ) );
> rc = 0;
> goto return_results;
> }
>
> if ( (a = attr_find( e->e_attrs, "userpassword" )) == NULL ) {
> /* 2 */ if ( be_isroot_pw( be, dn, cred ) ) {
> /* front end will send result */
-------> *edn = ch_strdup( be_root_dn( be ) );
> rc = 0;
> goto return_results;
> }
... other occurrences follow.
Moreover, the second check of cred by be_isroot_pw appears to be
redundant,
since the first one would catch all the occurrences of binding as root.
Please check out wether my analysis is right or not.
Thank you. You're doing a very good job.
Pierangelo Masarati