https://bugs.openldap.org/show_bug.cgi?id=9297
--- Comment #1 from Howard Chu hyc@openldap.org --- (In reply to Konstantin Andreev from comment #0)
Callers of mdb_dn2entry() expect that
mdb_dn2entry( ..., Entry **e [out], match = 1 )provides newborn Entry if and only if [mdb_dn2entry return value in {0, MDB_NOTFOUND}].
They are right with this, because any other error code makes asking for "matching entry" irrelevant.
However, mdb_dn2entry does not anyhow restrict error code when generates a "matching" Entry:
| int | mdb_dn2entry( | ... | struct berval *dn, | Entry **e, | ... | int matched ) | { | ... | int rc = mdb_dn2id( ..., dn, &id, ... ); | if ( rc ) { | if ( matched ) { | int rc2 = mdb_cursor_open( ..., "id2entry", &mc ); | if ( rc2 == MDB_SUCCESS ) { | mdb_id2entry( op, mc, id, e ); | mdb_cursor_close( mc ); | } | } | } else ... | ... | return rc; | }
So, when [mdb_dn2id return value is NOT in {0, MDB_NOTFOUND}], the Entry will be allocated by mdb_id2entry and then leaked by a caller.
What other return codes do you see mdb_dn2id returning?
Not exactly so. Will be leaked only by mdb_search() and by mdb_add(). It looks like that other callers of mdb_dn2entry() are, by chance, not affected by this issue.