[Issue 10344] New: Potential memory leak in function firstComponentNormalize and objectClassPretty.
https://bugs.openldap.org/show_bug.cgi?id=10344
Issue ID: 10344 Summary: Potential memory leak in function firstComponentNormalize and objectClassPretty. Product: OpenLDAP Version: unspecified Hardware: All OS: All Status: UNCONFIRMED Keywords: needs_review Severity: normal Priority: --- Component: slapd Assignee: bugs@openldap.org Reporter: alexguo1023@gmail.com Target Milestone: ---
Created attachment 1071 --> https://bugs.openldap.org/attachment.cgi?id=1071&action=edit Patch: Ensure the first argument passed to `ber_dupbv_x` is not `NULL`.
In `firstComponentNormalize`, the code calls `ber_dupbv_x` but ignores its return value.
```c ber_dupbv_x(normalized, val, ctx); ```
When `normalized` is `NULL`, `ber_dupbv_x` allocates a new `struct berval` and returns it; failing to capture that pointer means we lose ownership and leak the allocation. The same issue arises in `objectClassPretty`. We should follow the pattern in function `hexNormalize`, which asserts that its `normalized` argument is non-NULL before use:
```c assert(normalized != NULL); ```
https://bugs.openldap.org/show_bug.cgi?id=10344
Quanah Gibson-Mount quanah@openldap.org changed:
What |Removed |Added ---------------------------------------------------------------------------- Target Milestone|--- |2.6.11 Keywords|needs_review |
https://bugs.openldap.org/show_bug.cgi?id=10344
Ondřej Kuzník ondra@mistotebe.net changed:
What |Removed |Added ---------------------------------------------------------------------------- Ever confirmed|0 |1 Assignee|bugs@openldap.org |ondra@mistotebe.net Status|UNCONFIRMED |IN_PROGRESS
--- Comment #1 from Ondřej Kuzník ondra@mistotebe.net --- Hi Alex, thanks for the report, I've included your patch in a merge request on Gitlab here: https://git.openldap.org/openldap/openldap/-/merge_requests/776
-
openldap-its@openldap.org