[Date Prev][Date Next] [Chronological] [Thread] [Top]

memory leak in 1.2.(12|11) (ITS#1161)



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I am currently running some purify tests with a program which uses the 
OpenLDAP 1.2.11 LDAP library on Solaris 7. Now I am faced with a memory leak 
IMHO which is in 1.2.12, too.

Location:

libraries/libldap/result.c->read1msg(): line 282

	/* get the next message */
	if ( (tag = ber_get_next( sb, &len, &ber ))
	    != LDAP_TAG_MESSAGE ) {
		ld->ld_errno = (tag == LBER_DEFAULT ? LDAP_SERVER_DOWN :
		    LDAP_LOCAL_ERROR);
		return( -1 );
	}

Inside ber_get_next (libraries/liblber/io.c, line 555), there is memory 
allocated which is not freed in error case like the one above:

		if ( (ber->ber_buf = (char *) malloc( (size_t)*len )) == NULL ) {
			return( LBER_DEFAULT );
		}

So every error case has to free the buffer allocated inside the ber element 
before returning.

In lines 298 and 307 there is the following:

		free( ber.ber_buf );	/* gack! */

This should be done in the other cases, too.

Do you agree?

I have not looked whether this kind of code is inside 2.0.x, too, or whether 
ber_get_next() is called from other places then read1msg(), too. Maybe you 
could have a look at it?

- -- 
Heiko Nardmann (Dipl.-Ing.), h.nardmann@secunet.de, Software Development
secunet Security Networks AG - Sicherheit in Netzwerken (www.secunet.de),
Weidenauer Str. 223-225, D-57076 Siegen
Tel. : +49 271 48950-13, Fax  : +49 271 48950-50
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.4 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE7CmkPpm53PRScYygRAjWHAKCuvAp7mtWlSiYOeGRSaPxmal272QCeODJW
eR4cF+M045cPymUvVOkfp1k=
=1EiT
-----END PGP SIGNATURE-----