Bug 458668

Summary: Memory leaks in ids_sasl_user_search
Product: [Retired] 389 Reporter: Rich Megginson <rmeggins>
Component: Security - SASLAssignee: Rich Megginson <rmeggins>
Status: CLOSED ERRATA QA Contact: Chandrasekar Kannan <ckannan>
Severity: medium Docs Contact:
Priority: medium    
Version: 1.1.1CC: benl, jgalipea, jlieskov, nkinder, security-response-team
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2008-08-27 20:39:16 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 249650, 452721, 453229, 458977    
Attachments:
Description Flags
diffs
none
cvs commit log - DS8.0
none
cvs commit log - HEAD none

Description Rich Megginson 2008-08-11 14:11:57 UTC 
This leak occurs when we use the new regex based identity mapping to lookup the user bind dn based on the given user and user realm.  There is a pblock allocated but not freed.
Comment 1 Rich Megginson 2008-08-11 14:20:17 UTC 
Created attachment 313967 [details]
diffs
Comment 2 Rich Megginson 2008-08-11 16:44:58 UTC 
This leak can be triggered by an anonymous user doing a sasl bind.  This bug can be mitigated by disabling the sasl mapping, which means sasl binds won't work.
Comment 3 Rich Megginson 2008-08-12 22:29:09 UTC 
Created attachment 314148 [details]
cvs commit log - DS8.0

Reviewed by: nkinder (Thanks!)
Fix Description: This leak occurs when we use the new regex based identity mapping to lookup the
user bind dn based on the given user and user realm.  There is a pblock allocated but not freed.
Platforms tested: RHEL5, Fedora 8
Flag Day: no
Doc impact: no
QA impact: should be covered by regular nightly and manual testing
New Tests integrated into TET: none
Comment 5 Jenny Severance 2008-08-19 20:29:28 UTC 
How can QE verify this?  What to look for in the valgrind output?
Comment 6 Rich Megginson 2008-08-19 20:37:40 UTC 
(In reply to comment #5)
> How can QE verify this?  What to look for in the valgrind output?

Look for a memory leak in ids_sasl_user_search()
Comment 7 Jenny Severance 2008-08-21 17:47:50 UTC 
verified 8.0 RHEL4-32, RHEL4-64, RHEL5-32, RHEL5-64
Comment 10 errata-xmlrpc 2008-08-27 20:39:16 UTC 
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on therefore solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHSA-2008-0602.html
Comment 11 Rich Megginson 2008-08-27 21:09:27 UTC 
Created attachment 315148 [details]
cvs commit log - HEAD