Bug 185780 - one byte memory leak in modify
one byte memory leak in modify
Status: CLOSED CURRENTRELEASE
Product: 389
Classification: Community
Component: Directory Server (Show other bugs)
1.0
All Linux
medium Severity medium
: ---
: ---
Assigned To: Rich Megginson
Viktor Ashirov
:
Depends On:
Blocks: 152373 fds103trackingbug 240316
  Show dependency treegraph
 
Reported: 2006-03-17 17:13 EST by Rich Megginson
Modified: 2015-12-07 11:56 EST (History)
0 users

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2015-12-07 11:56:53 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:


Attachments (Terms of Use)

  None (edit)
Description Rich Megginson 2006-03-17 17:13:42 EST
If you send a attribute type that is the null string e.g. "\0", the code in
do_modify will reject it e.g.
		if ( !mod->mod_type || !*mod->mod_type ) {
However, if mod->mod_type, this code will not free the 1 byte length string
allocated by the previous line slapi_attr_syntax_normalize(type).
Comment 1 Rich Megginson 2006-10-12 17:01:23 EDT
*** modify.c.~1.12.~	2006-09-01 14:01:10.000000000 -0600
--- modify.c	2006-10-12 15:04:55.000000000 -0600
***************
*** 202,207 ****
--- 202,208 ----
  			send_ldap_result( pb, LDAP_INVALID_SYNTAX, NULL, ebuf, 0, NULL );
  			slapi_ch_free((void **)&type);
  			ber_bvecfree(mod->mod_bvalues);
+ 			ldap_memfree(mod->mod_type);
  			slapi_ch_free((void **)&mod);
  			goto free_and_return;
Comment 2 Noriko Hosoi 2006-10-12 17:32:24 EDT
Looks good.  I'm just curious... Why you chose "ldap_memfree", not "slapi_ch_free"?
Comment 3 Rich Megginson 2006-10-12 17:49:02 EDT
Oops, you're right.  I should have used slapi_ch_free_string().  Here is the new
diff:
*** modify.c.~1.12.~	2006-09-01 14:01:10.000000000 -0600
--- modify.c	2006-10-12 15:52:07.000000000 -0600
***************
*** 202,207 ****
--- 202,208 ----
  			send_ldap_result( pb, LDAP_INVALID_SYNTAX, NULL, ebuf, 0, NULL );
  			slapi_ch_free((void **)&type);
  			ber_bvecfree(mod->mod_bvalues);
+ 			slapi_ch_free_string(&mod->mod_type);
  			slapi_ch_free((void **)&mod);
  			goto free_and_return;
  		}
Comment 4 Noriko Hosoi 2006-10-12 18:18:00 EDT
Oh, okay.  Then, "no question" about it. ;)
Comment 5 Rich Megginson 2006-10-12 18:32:40 EDT
Reviewed by: nhosoi (Thanks!)
Files: see diff
Branch: HEAD
Fix Description: Just call ldap_memfree() with the mod->mod_type.  This is safe
to call with NULL.
Platforms tested: RHEL4
Flag Day: no
Doc impact: no

Checking in modify.c;
/cvs/dirsec/ldapserver/ldap/servers/slapd/modify.c,v  <--  modify.c
new revision: 1.13; previous revision: 1.12
done
Comment 6 Nathan Kinder 2007-12-20 14:23:52 EST
Verified that we are indeed freeing the mod type in the current code.

Marking as VERIFIED.

Note You need to log in before you can comment on or make changes to this bug.