Bug 440474

Summary: memberOf: Various member operations leak memory
Product: [Retired] 389 Reporter: Nathan Kinder <nkinder>
Component: Server - memberOf Plug-inAssignee: Nathan Kinder <nkinder>
Status: CLOSED CURRENTRELEASE QA Contact: Chandrasekar Kannan <ckannan>
Severity: medium Docs Contact:
Priority: medium    
Version: 1.1.0CC: andrey.ivanov, benl, jgalipea, rmeggins
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Fixed In Version: 8.1 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2009-04-29 23:03:33 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Bug Depends On:    
Bug Blocks: 249650, 429034, 493682    
Description Flags
Valgrind leak reports
CVS Diffs
valgrind output from bug verification none

Description Nathan Kinder 2008-04-03 17:55:55 UTC
A number of memory leaks in the memberOf plug-in occur during various operations
on member attributes.  These leaks were discovered using valgrind to run
ns-slapd.  The options to valgrind used on my system were:

  valgrind --leak-check=full ./ns-slapd -D /opt/dirsrv/etc/dirsrv/slapd-windsor
-i /opt/dirsrv/var/run/dirsrv/slapd-windsor.pid -w
/opt/dirsrv/var/run/dirsrv/slapd-windsor.startpid -d 0

I will add an attachment to this bug with details on what leaks are reported by
valgrind when certain operations are performed.

Comment 1 Nathan Kinder 2008-04-03 17:55:55 UTC
Created attachment 300292 [details]
Valgrind leak reports

Comment 2 Nathan Kinder 2008-04-03 18:13:22 UTC
Created attachment 300297 [details]
CVS Diffs

These diffs address the memory leaks reported in the previous attachment.

We were allocating a Slapi_Mods in the modify callback and never calling
slapi_mods_free() at the end of the callback.  Simply added a call to
slapi_mods_free() would cause a double free. This is because we are initialing
the Slapi_Mods by passing in the LDAPMod array from SLAPI_MODIFY_MODS in the
pblock.  This will make slapi_mods_free() do a free of the LDAPMod elements,
but do_modify() is responsible for freeing the LDAPMod array in the pblock. 
The solution is to initialize the Slapi_Mods by reference so slapi_mods_free()
doesn't try to free the LDAPMod array.

There were 4 places where we were allocating a Slapi_Entry by calling
slapi_search_internal_get_entry(), but never freeing the entry when we were
finished with it.

We were allocating two Slapi_Value arrays with slapi_ch_malloc(), but were
never calling slapi_ch_free() when we were finished.

Comment 3 Nathan Kinder 2008-04-03 23:04:30 UTC
Checked into ldapserver (HEAD).

Checking in memberof.c;
/cvs/dirsec/ldapserver/ldap/servers/plugins/memberof/memberof.c,v  <--  memberof.c
new revision: 1.6; previous revision: 1.5

Comment 4 Jenny Severance 2009-04-02 17:42:54 UTC
fix verifed RHEL 5 DS 8.1
Ran all test in valgrind leaks report attachment

Attaching valgrind output from varification.

Comment 5 Jenny Severance 2009-04-02 17:43:43 UTC
Created attachment 337859 [details]
valgrind output from bug verification

Comment 6 Chandrasekar Kannan 2009-04-29 23:03:33 UTC
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on therefore solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.