[Issue 10345] New: Potential memory leak in function rbac_create_session - openldap-bugs

27 May 2025


      https://bugs.openldap.org/show_bug.cgi?id=10345
Issue ID: 10345
           Summary: Potential memory leak in function rbac_create_session
           Product: OpenLDAP
           Version: unspecified
          Hardware: All
                OS: All
            Status: UNCONFIRMED
          Keywords: needs_review
          Severity: normal
          Priority: ---
         Component: contrib
          Assignee: bugs@openldap.org
          Reporter: alexguo1023@gmail.com
  Target Milestone: ---
In `rbac_create_session`, we have the following code:
```c
if ( rc < 0 ) {
   rs->sr_err = LDAP_OTHER;
   rs->sr_text = "internal error";
} else {
   (void)ber_flatten( ber, &rs->sr_rspdata );
   rs->sr_rspoid = ch_strdup( slap_EXOP_CREATE_SESSION.bv_val );   // first
   rs->sr_err = LDAP_SUCCESS;
}
ber_free_buf(ber);
done:;
// always put the OID in the response:
rs->sr_rspoid = ch_strdup( slap_EXOP_CREATE_SESSION.bv_val );  //second
```
The second `ch_strdup` at the `done` label overwrites `rs->sr_rspoid` without
freeing the previous string, resulting in a memory leak.
-- 
You are receiving this mail because:
You are on the CC list for the issue.