[Issue 10344] New: Potential memory leak in function firstComponentNormalize and objectClassPretty. - openldap-bugs

27 May 2025


      https://bugs.openldap.org/show_bug.cgi?id=10344
Issue ID: 10344
           Summary: Potential memory leak in function
                    firstComponentNormalize and objectClassPretty.
           Product: OpenLDAP
           Version: unspecified
          Hardware: All
                OS: All
            Status: UNCONFIRMED
          Keywords: needs_review
          Severity: normal
          Priority: ---
         Component: slapd
          Assignee: bugs@openldap.org
          Reporter: alexguo1023@gmail.com
  Target Milestone: ---
Created attachment 1071
  --> https://bugs.openldap.org/attachment.cgi?id=1071&action=edit
Patch: Ensure the first argument passed to `ber_dupbv_x` is not `NULL`.
In `firstComponentNormalize`, the code calls `ber_dupbv_x` but ignores its
return value.
```c
ber_dupbv_x(normalized, val, ctx);
```
When `normalized` is `NULL`, `ber_dupbv_x` allocates a new `struct berval` and
returns it; failing to capture that pointer means we lose ownership and leak
the allocation. The same issue arises in `objectClassPretty`. We should follow
the pattern in function `hexNormalize`, which asserts that its `normalized`
argument is non-NULL before use:
```c
assert(normalized != NULL);
```
-- 
You are receiving this mail because:
You are on the CC list for the issue.