Full_Name: Konstantin Andreev Version: 2.4.48 OS: Solaris 11.3 x64 URL: Submission from: (NULL) (79.135.238.172)

servers/slapd/back-mdb/id2entry.c`mdb_entry_decode() leaks allocated [Entry] on error. Here is a fix for the master branch:

--- a/servers/slapd/back-mdb/id2entry.c +++ b/servers/slapd/back-mdb/id2entry.c @@ -1130,8 +1130,12 @@ done: *e = x; rc = 0;

-leave: +clr_mvc: if (mvc) mdb_cursor_close(mvc); return rc; +leave: + /* can't mdb_entry_return() because [Entry *x] init is incomplete */ + op->o_tmpfree( x, op->o_tmpmemctx ); + goto clr_mvc; }

and for 2.4 branch, if you care:

--- a/servers/slapd/back-mdb/id2entry.c +++ b/servers/slapd/back-mdb/id2entry.c @@ -695,12 +695,13 @@ if (i > mdb->mi_numads) { rc = mdb_ad_read(mdb, txn); if (rc) - return rc; + goto leave; if (i > mdb->mi_numads) { Debug( LDAP_DEBUG_ANY, "mdb_entry_decode: attribute index %d not recognized\n", i, 0, 0 ); - return LDAP_OTHER; + rc = LDAP_OTHER; + goto leave; } } a->a_desc = mdb->mi_ads[i]; @@ -745,7 +746,7 @@ Debug( LDAP_DEBUG_ANY, "mdb_entry_decode: attributeType %s value #%d provided more than once\n", a->a_desc->ad_cname.bv_val, j, 0 ); - return rc; + goto leave; } } a->a_next = a+1; @@ -758,4 +759,8 @@ 0, 0, 0 ); *e = x; return 0; +leave: + /* can't mdb_entry_return() because [Entry *x] init is incomplete */ + op->o_tmpfree( x, op->o_tmpmemctx ); + return rc; }