[Issue 9420] New: memory leak & ub in servers/slapd/modrdn.c`slap_modrdn2mods()

7 Dec 2020


      https://bugs.openldap.org/show_bug.cgi?id=9420
Issue ID: 9420
           Summary: memory leak & ub in
                    servers/slapd/modrdn.c`slap_modrdn2mods()
           Product: OpenLDAP
           Version: unspecified
          Hardware: All
                OS: All
            Status: UNCONFIRMED
          Severity: normal
          Priority: ---
         Component: slapd
          Assignee: bugs@openldap.org
          Reporter: grapvar@gmail.com
  Target Milestone: ---
Created attachment 781
  --> https://bugs.openldap.org/attachment.cgi?id=781&action=edit
fix
Hi. I have noticed
1) a memory leak in failure cleanup section of slap_modrdn2mods():
| for ( ; op->orr_modlist != NULL; op->orr_modlist = tmp ) {
|     tmp = op->orr_modlist->sml_next;
|     ch_free( op->orr_modlist );
| }
this code leaks (n)values of mods. And
2) undefined behavior while scheduling delete:
| (void) (*desc->ad_type->sat_equality->smr_normalize)(...,
&mod_tmp->sml_nvalues[0], ...)
this code doesn't respect normalization failures, and may leave garbage in
nvalues[0].
I guess this is because somebody assumed normalization can't fail here, because
the value has already been normalized during dnPrettyNormal. But ...
normalization can fail at least because some normalizators do not abort() on
memory allocation failures.
Here is a patch that fixes these defects. Please, consider.
-- 
You are receiving this mail because:
You are on the CC list for the issue.

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

[Issue 9420] New: memory leak & ub in servers/slapd/modrdn.c`slap_modrdn2mods()