[Issue 10013] New: Some code (ppolicy, etc.) ignores REP_CTRLS_MUSTBEFREED when touching rs->sr_ctrls
https://bugs.openldap.org/show_bug.cgi?id=10013
Issue ID: 10013 Summary: Some code (ppolicy, etc.) ignores REP_CTRLS_MUSTBEFREED when touching rs->sr_ctrls Product: OpenLDAP Version: unspecified Hardware: All OS: All Status: UNCONFIRMED Keywords: needs_review Severity: normal Priority: --- Component: slapd Assignee: bugs@openldap.org Reporter: ondra@mistotebe.net Target Milestone: ---
Certain parts of the source indicate that rs->sr_ctrls shouldn't be realloc'd/free'd unless REP_CTRLS_MUSTBEFREED is set, but then other parts of slapd (slap_ctrl_whatFailed_add, glue_op_search?, ...) and overlays (ppolicy, syncprov, ...) will blindly overwrite and/or realloc it.
slap_add_control() (an analog of slap_add_controls()) might be useful for this, possibly alongside some way to free the other data kept around to streamline the code other users need for correct operation.
https://bugs.openldap.org/show_bug.cgi?id=10013
Quanah Gibson-Mount quanah@openldap.org changed:
What |Removed |Added ---------------------------------------------------------------------------- Target Milestone|--- |2.5.15 Assignee|bugs@openldap.org |ondra@mistotebe.net Keywords|needs_review |
https://bugs.openldap.org/show_bug.cgi?id=10013
Quanah Gibson-Mount quanah@openldap.org changed:
What |Removed |Added ---------------------------------------------------------------------------- Target Milestone|2.5.15 |2.5.16
https://bugs.openldap.org/show_bug.cgi?id=10013
--- Comment #1 from Ondřej Kuzník ondra@mistotebe.net --- back-ldap will pull controls from libldap and so it needs to pass them to ldap_controls_free, but anything in the overlay stack calling slap_add_ctrls will mark rs with REP_CTRLS_MUSTBEFREED and start freeing the controls itself. That's going to leak the strings/values associated with the controls.
Either we need to divorce the internal slapd control structure from LDAPControl so we can take a note how to drop it or make it everyone's responsibility to free their own control (and anything else associated with it) if they attached it to the response.
https://bugs.openldap.org/show_bug.cgi?id=10013
Ondřej Kuzník ondra@mistotebe.net changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|UNCONFIRMED |IN_PROGRESS Ever confirmed|0 |1
--- Comment #2 from Ondřej Kuzník ondra@mistotebe.net --- The MR linked takes the latter approach: https://git.openldap.org/openldap/openldap/-/merge_requests/630
https://bugs.openldap.org/show_bug.cgi?id=10013
Quanah Gibson-Mount quanah@openldap.org changed:
What |Removed |Added ---------------------------------------------------------------------------- Target Milestone|2.5.16 |2.5.17
https://bugs.openldap.org/show_bug.cgi?id=10013
Quanah Gibson-Mount quanah@openldap.org changed:
What |Removed |Added ---------------------------------------------------------------------------- Resolution|--- |TEST Status|IN_PROGRESS |RESOLVED
--- Comment #3 from Quanah Gibson-Mount quanah@openldap.org --- head:
• c1f00a8a by Ondřej Kuzník at 2023-11-21T17:21:52+00:00 ITS#10013 Introduce slap_add_ctrl, changing slap_add_ctrls signature
• 860b61f4 by Ondřej Kuzník at 2023-11-21T17:21:52+00:00 ITS#10013 Make freeing controls the job of whoever added it
https://bugs.openldap.org/show_bug.cgi?id=10013
--- Comment #4 from Quanah Gibson-Mount quanah@openldap.org --- also:
head:
commit bdbba0748efed642f639359bf63c1ac968184233 Author: Ondřej Kuzník ondra@mistotebe.net Date: Tue Feb 21 13:49:31 2023 +0000
ITS#10013 Fix slapo-ppolicy control handling
https://bugs.openldap.org/show_bug.cgi?id=10013
Quanah Gibson-Mount quanah@openldap.org changed:
What |Removed |Added ---------------------------------------------------------------------------- Resolution|TEST |FIXED Target Milestone|2.5.17 |2.7.0
--- Comment #5 from Quanah Gibson-Mount quanah@openldap.org --- 2.5/2.6 affected but requires internal API changes. Fix deferred to 2.7.
-
openldap-its@openldap.org