New subject: [Issue 9420] memory leak & ub in servers/slapd/modrdn.c`slap_modrdn2mods()

7 Dec 2020


      https://bugs.openldap.org/show_bug.cgi?id=9420
Issue ID: 9420
           Summary: memory leak & ub in
                    servers/slapd/modrdn.c`slap_modrdn2mods()
           Product: OpenLDAP
           Version: unspecified
          Hardware: All
                OS: All
            Status: UNCONFIRMED
          Severity: normal
          Priority: ---
         Component: slapd
          Assignee: bugs@openldap.org
          Reporter: grapvar@gmail.com
  Target Milestone: ---
Created attachment 781
  --> https://bugs.openldap.org/attachment.cgi?id=781&action=edit
fix
Hi. I have noticed
1) a memory leak in failure cleanup section of slap_modrdn2mods():
| for ( ; op->orr_modlist != NULL; op->orr_modlist = tmp ) {
|     tmp = op->orr_modlist->sml_next;
|     ch_free( op->orr_modlist );
| }
this code leaks (n)values of mods. And
2) undefined behavior while scheduling delete:
| (void) (*desc->ad_type->sat_equality->smr_normalize)(...,
&mod_tmp->sml_nvalues[0], ...)
this code doesn't respect normalization failures, and may leave garbage in
nvalues[0].
I guess this is because somebody assumed normalization can't fail here, because
the value has already been normalized during dnPrettyNormal. But ...
normalization can fail at least because some normalizators do not abort() on
memory allocation failures.
Here is a patch that fixes these defects. Please, consider.
-- 
You are receiving this mail because:
You are on the CC list for the issue.

[Issue 9420] New: memory leak & ub in servers/slapd/modrdn.c`slap_modrdn2mods()