https://bugs.openldap.org/show_bug.cgi?id=10345
Issue ID: 10345 Summary: Potential memory leak in function rbac_create_session Product: OpenLDAP Version: unspecified Hardware: All OS: All Status: UNCONFIRMED Keywords: needs_review Severity: normal Priority: --- Component: contrib Assignee: bugs@openldap.org Reporter: alexguo1023@gmail.com Target Milestone: ---
In `rbac_create_session`, we have the following code:
```c if ( rc < 0 ) { rs->sr_err = LDAP_OTHER; rs->sr_text = "internal error"; } else { (void)ber_flatten( ber, &rs->sr_rspdata ); rs->sr_rspoid = ch_strdup( slap_EXOP_CREATE_SESSION.bv_val ); // first rs->sr_err = LDAP_SUCCESS; } ber_free_buf(ber);
done:; // always put the OID in the response: rs->sr_rspoid = ch_strdup( slap_EXOP_CREATE_SESSION.bv_val ); //second ```
The second `ch_strdup` at the `done` label overwrites `rs->sr_rspoid` without freeing the previous string, resulting in a memory leak.
https://bugs.openldap.org/show_bug.cgi?id=10345
Quanah Gibson-Mount quanah@openldap.org changed:
What |Removed |Added ---------------------------------------------------------------------------- Keywords|needs_review | Target Milestone|--- |2.6.11
https://bugs.openldap.org/show_bug.cgi?id=10345
Ondřej Kuzník ondra@mistotebe.net changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|UNCONFIRMED |IN_PROGRESS Assignee|bugs@openldap.org |ondra@mistotebe.net Ever confirmed|0 |1
--- Comment #1 from Ondřej Kuzník ondra@mistotebe.net --- Hi Alex, thanks for the report, a patch is included in a merge request on Gitlab here: https://git.openldap.org/openldap/openldap/-/merge_requests/776
Could you check it works for you? (If you want to post on the merge request, you might need your account confirmed, please post your account name
-
openldap-its@openldap.org