Full_Name: Matthew Backes Version: 2.3 only OS: any URL: Submission from: (NULL) (76.88.99.93)
In 2.3, if you have a lot of fast writes such that syncprov_sendresp's op tmp memory is exhausted and it has resorted to malloc()s AND controls are asserted, the rs.sr_ctrls free at the end of the function leaks.
To duplicate: Set up a master and a replica. Do mods like crazy with some control asserted, e.g. manageDSAIT.
2.4/head handle this differently so it isn't a problem there.
Patch versus OPENLDAP_REL_ENG_2_3:
RCS file: /repo/OpenLDAP/pkg/ldap/servers/slapd/overlays/syncprov.c,v retrieving revision 1.56.2.51 diff -u -u -r1.56.2.51 syncprov.c --- syncprov.c 9 Jul 2008 20:53:13 -0000 1.56.2.51 +++ syncprov.c 14 Nov 2009 04:14:26 -0000 @@ -803,6 +803,7 @@ } /* In case someone else freed it already? */ if ( rs.sr_ctrls ) { + op->o_tmpfree( rs.sr_ctrls[0]->ldctl_value.bv_val, op->o_tmpmemctx ); op->o_tmpfree( rs.sr_ctrls[0], op->o_tmpmemctx ); rs.sr_ctrls = NULL; }
-- Matthew Backes Symas Corporation mbackes@symas.com
-
mbackes@symas.com