There is this call in saslbind.c line 767: /* can't do any harm */ if (cred->bv_len == 0) cred->bv_val = NULL; apparently in some cases, cred bv_len is 0 but cred->bv_val is not-null. This causes a leak of cred->bv_val.
Created attachment 313856 [details] diffs The fix is to make sure cred->bv_val is freed if bv_len is 0. This should catch all cases where this erroneous assumption is made.
I'm not exactly sure how to trigger this issue. Maybe pass a 0 length password e.g. just the \0 character? That would seem to be the only way to make bv_len 0 but have bv_val allocated, but if bv_len is 0 then bv_val should always be NULL. The bug could be triggered by anonymous. The way to mitigate this issue is to disable sasl bind.
Created attachment 314144 [details] cvs commit log - DS8.0 Reviewed by: nkinder, nhosoi (Thanks!) Branch: Directory_Server_8_0 Fix Description: There is this call in saslbind.c line 767: /* can't do any harm */ if (cred->bv_len == 0) cred->bv_val = NULL; apparently in some cases, cred bv_len is 0 but cred->bv_val is not-null. This causes a leak of cred->bv_val. The fix is to make sure cred->bv_val is freed if bv_len is 0. This should catch all cases where this erroneous assumption is made. Platforms tested: RHEL5, Fedora 8 Flag Day: no Doc impact: no QA impact: should be covered by regular nightly and manual testing New Tests integrated into TET: none
How can QE verify this? What to look for in the valgrind output?
(In reply to comment #5) > How can QE verify this? What to look for in the valgrind output? Look for a memory leak in do_bind().
verified 8.0 RHEL4-32, RHEL4-64, RHEL5-32, RHEL5-64
An advisory has been issued which should help the problem described in this bug report. This report is therefore being closed with a resolution of ERRATA. For more information on therefore solution and/or where to find the updated files, please follow the link below. You may reopen this bug report if the solution does not work for you. http://rhn.redhat.com/errata/RHSA-2008-0602.html
Created attachment 315144 [details] cvs commit log - HEAD