[Date Prev][Date Next] [Chronological] [Thread] [Top]

(ITS#4901) malloc/free mismatches in ldapadd

To: openldap-its@OpenLDAP.org
Subject: (ITS#4901) malloc/free mismatches in ldapadd
From: chris.ridd@isode.com
Date: Fri, 30 Mar 2007 14:25:28 GMT

Full_Name: Chris Ridd
Version: 2.3.34
OS: Windows
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (62.3.217.250)


On Windows, it is important that mallocs done in one DLL are balanced by frees
done from the same DLL. Failure to do this consistently leads to heap
corruption.

This was observed to occur in several places in ldapadd - several buffers
allocated by ber_memfree() were freed using free().

Our customer has successfully used a version of ldapadd on Windows containing
this patch (and the one in ITS 4900.)

Patch follows:

--- openldap-2.3.34/clients/tools/common.c.orig Fri Mar 30 15:17:32 2007
+++ openldap-2.3.34/clients/tools/common.c      Fri Mar 30 15:21:42 2007
@@ -163,7 +163,7 @@
 N_("  -n         show what would be done but don't actually do it\n"),
 N_("  -O props   SASL security properties\n"),
 N_("  -p port    port on LDAP server\n"),
-N_("  -P version procotol version (default: 3)\n"),
+N_("  -P version protocol version (default: 3)\n"),
 N_("  -Q         use SASL Quiet mode\n"),
 N_("  -R realm   SASL realm\n"),
 N_("  -U authcid SASL authentication identity\n"),
@@ -1244,7 +1244,7 @@
                        crit ? "critical " : "" );
        }

-       free( ctrls );
+       ldap_controls_free( ctrls );
        if ( crit ) {
                exit( EXIT_FAILURE );
        }
--- openldap-2.3.34/clients/tools/ldapmodify.c.orig     Fri Mar 30 15:19:34
2007
+++ openldap-2.3.34/clients/tools/ldapmodify.c  Fri Mar 30 15:21:07 2007
@@ -389,8 +389,8 @@
                        fprintf( rejfp, "\n%s\n", rejbuf );
                }

-               if (rejfp) free( rejbuf );
-               free( rbuf );
+               if (rejfp) ber_memfree( rejbuf );
+               ber_memfree( rbuf );
        }

 #ifdef LDAP_GROUP_TRANSACTION
@@ -519,7 +519,7 @@
                                printf(_("%s: skipping change record for entry:
%s\n"),
                                        prog, dn);
                                printf(_("\t(LDAP host/port does not match
replica: lines)\n"));
-                               free( dn );
+                               ber_memfree( dn );
                                ber_memfree( type );
                                ber_memfree( val.bv_val );
                                return( 0 );
@@ -727,13 +727,13 @@
        }

        if ( dn != NULL ) {
-               free( dn );
+               ber_memfree( dn );
        }
        if ( newrdn != NULL ) {
-               free( newrdn );
+               ber_memfree( newrdn );
        }
        if ( newsup != NULL ) {
-               free( newsup );
+               ber_memfree( newsup );
        }
        if ( pmods != NULL ) {
                ldap_mods_free( pmods, 1 );

Prev by Date: (ITS#4900) command-line utils crash
Next by Date: Re: (ITS#4900) command-line utils crash
Index(es):
- Chronological
- Thread