[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
(ITS#9090) memory leak: ldap_unbind_* functions don't free 'ld_sb' field of LDAP structure
- To: openldap-its@OpenLDAP.org
- Subject: (ITS#9090) memory leak: ldap_unbind_* functions don't free 'ld_sb' field of LDAP structure
- From: santucco@mail.ru
- Date: Mon, 30 Sep 2019 11:04:08 +0000
- Auto-submitted: auto-generated (OpenLDAP-ITS)
Full_Name: Alexander Sychev
Version: 2.4.48
OS: linux
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (91.103.66.207)
Steps to reproduce:
1. Write a test:
#include <ldap.h>
int main()
{
LDAP* h = NULL;
LDAPURLDesc u;
memset(&u, 0, sizeof(LDAPURLDesc));
char* s = 0;
u.lud_scheme = "ldap";
u.lud_host = "locahost";
u.lud_port = 8080;
u.lud_scope = LDAP_SCOPE_DEFAULT ;
s = ldap_url_desc2str(&u);
ldap_initialize(&h, s);
ldap_memfree(s);
ldap_unbind_ext_s(h, NULL, NULL);
return 0;
}
2. Compile it with AddressSanitizer support:
gcc test.c -g -fsanitize=address
3. Run the test, analyze AddressSanitizer output:
=================================================================
==29038==ERROR: LeakSanitizer: detected memory leaks
Direct leak of 40 byte(s) in 1 object(s) allocated from:
#0 0x7f9d35ac23a8 in __interceptor_calloc
../../../../libsanitizer/asan/asan_malloc_linux.cc:70
#1 0x55d793627512 in ber_memcalloc_x (/tmp/test+0x67512)
#2 0x55d79362757b in ber_memcalloc (/tmp/test+0x6757b)
#3 0x55d793628a2d in ber_sockbuf_alloc (/tmp/test+0x68a2d)
#4 0x55d7935ee453 in ldap_create (/tmp/test+0x2e453)
#5 0x55d7935ee628 in ldap_initialize (/tmp/test+0x2e628)
#6 0x55d7935ede8e in main /tmp/test.c:14
#7 0x7f9d3442c3d4 in __libc_start_main (/lib64/libc.so.6+0x223d4)
SUMMARY: AddressSanitizer: 40 byte(s) leaked in 1 allocation(s).
=================================================================
4. Possible patch:
--- openldap/libraries/libldap/unbind.c.orig 2019-07-23 17:46:22.000000000
+0300
+++ openldap/libraries/libldap/unbind.c 2019-09-27 15:39:40.000000000 +0300
@@ -134,6 +134,8 @@
/* Should already be closed by ldap_free_connection which knows not to free
* this one */
ber_int_sb_destroy( ld->ld_sb );
+ /* free memory to avoid of leak */
+ ber_memfree( ld->ld_sb );
LDAP_MUTEX_LOCK( &ld->ld_ldopts_mutex );