(ITS#4901) malloc/free mismatches in ldapadd

30 Mar 2007

Full_Name: Chris Ridd
Version: 2.3.34
OS: Windows
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (62.3.217.250)
On Windows, it is important that mallocs done in one DLL are balanced by frees
done from the same DLL. Failure to do this consistently leads to heap
corruption.
This was observed to occur in several places in ldapadd - several buffers
allocated by ber_memfree() were freed using free().
Our customer has successfully used a version of ldapadd on Windows containing
this patch (and the one in ITS 4900.)
Patch follows:

--- openldap-2.3.34/clients/tools/common.c.orig Fri Mar 30 15:17:32 2007
+++ openldap-2.3.34/clients/tools/common.c      Fri Mar 30 15:21:42 2007
@@ -163,7 +163,7 @@
 N_("  -n         show what would be done but don't actually do it\n"),
 N_("  -O props   SASL security properties\n"),
 N_("  -p port    port on LDAP server\n"),
-N_("  -P version procotol version (default: 3)\n"),
+N_("  -P version protocol version (default: 3)\n"),
 N_("  -Q         use SASL Quiet mode\n"),
 N_("  -R realm   SASL realm\n"),
 N_("  -U authcid SASL authentication identity\n"),
@@ -1244,7 +1244,7 @@
                        crit ? "critical " : "" );
        }
-       free( ctrls );
+       ldap_controls_free( ctrls );
        if ( crit ) {
                exit( EXIT_FAILURE );
        }
--- openldap-2.3.34/clients/tools/ldapmodify.c.orig     Fri Mar 30 15:19:34
2007
+++ openldap-2.3.34/clients/tools/ldapmodify.c  Fri Mar 30 15:21:07 2007
@@ -389,8 +389,8 @@
                        fprintf( rejfp, "\n%s\n", rejbuf );
                }
-               if (rejfp) free( rejbuf );
-               free( rbuf );
+               if (rejfp) ber_memfree( rejbuf );
+               ber_memfree( rbuf );
        }
#ifdef LDAP_GROUP_TRANSACTION
@@ -519,7 +519,7 @@
                                printf(_("%s: skipping change record for entry:
%s\n"),
                                        prog, dn);
                                printf(_("\t(LDAP host/port does not match
replica: lines)\n"));
-                               free( dn );
+                               ber_memfree( dn );
                                ber_memfree( type );
                                ber_memfree( val.bv_val );
                                return( 0 );
@@ -727,13 +727,13 @@
        }
if ( dn != NULL ) {
-               free( dn );
+               ber_memfree( dn );
        }
        if ( newrdn != NULL ) {
-               free( newrdn );
+               ber_memfree( newrdn );
        }
        if ( newsup != NULL ) {
-               free( newsup );
+               ber_memfree( newsup );
        }
        if ( pmods != NULL ) {
                ldap_mods_free( pmods, 1 );

    

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

(ITS#4901) malloc/free mismatches in ldapadd