This patch fixes several potential memory leaks in ipa-pwd-extop
SLAPI plugin.

Common function ipapwd_gen_hashes() now cleans after itself when
it fails. Other changes are local and self-explanatory.

https://fedorahosted.org/freeipa/ticket/715

>From 36cd93947d619b7514ae80a82f7d154ecc8ad8ca Mon Sep 17 00:00:00 2001
From: Martin Kosek <mko...@redhat.com>
Date: Thu, 13 Jan 2011 11:12:36 +0100
Subject: [PATCH] Potential memory leaks in ipa-pwd-extop

This patch fixes several potential memory leaks in ipa-pwd-extop
SLAPI plugin.

Common function ipapwd_gen_hashes() now cleans after itself when
it fails. Other changes are local and self-explanatory.

https://fedorahosted.org/freeipa/ticket/715
---
 .../ipa-pwd-extop/ipapwd_common.c                  |   11 +++++++++--
 .../ipa-pwd-extop/ipapwd_encoding.c                |   13 ++++++++++++-
 2 files changed, 21 insertions(+), 3 deletions(-)

diff --git a/daemons/ipa-slapi-plugins/ipa-pwd-extop/ipapwd_common.c b/daemons/ipa-slapi-plugins/ipa-pwd-extop/ipapwd_common.c
index 2bc36c09e40c174e1a90ed3e6b2162cb8353cddb..3b5b3c8dcb30e82fa2717f8d61fa82cb662fb954 100644
--- a/daemons/ipa-slapi-plugins/ipa-pwd-extop/ipapwd_common.c
+++ b/daemons/ipa-slapi-plugins/ipa-pwd-extop/ipapwd_common.c
@@ -74,12 +74,14 @@ static int new_ipapwd_encsalt(krb5_context krbctx,
 {
     struct ipapwd_encsalt *es;
     int nes, i;
+    int rc;
 
     for (i = 0; encsalts[i]; i++) /* count */ ;
     es = calloc(i + 1, sizeof(struct ipapwd_encsalt));
     if (!es) {
         LOG_OOM();
-        return LDAP_OPERATIONS_ERROR;
+        rc = LDAP_OPERATIONS_ERROR;
+        goto fail;
     }
 
     for (i = 0, nes = 0; encsalts[i]; i++) {
@@ -93,7 +95,8 @@ static int new_ipapwd_encsalt(krb5_context krbctx,
         enc = strdup(encsalts[i]);
         if (!enc) {
             LOG_OOM();
-            return LDAP_OPERATIONS_ERROR;
+            rc = LDAP_OPERATIONS_ERROR;
+            goto fail;
         }
         salt = strchr(enc, ':');
         if (!salt) {
@@ -133,6 +136,10 @@ static int new_ipapwd_encsalt(krb5_context krbctx,
     *num_es_types = nes;
 
     return LDAP_SUCCESS;
+
+fail:
+    free(es);
+    return rc;
 }
 
 static struct ipapwd_krbcfg *ipapwd_getConfig(void)
diff --git a/daemons/ipa-slapi-plugins/ipa-pwd-extop/ipapwd_encoding.c b/daemons/ipa-slapi-plugins/ipa-pwd-extop/ipapwd_encoding.c
index c19c5a566311d5c61d270ee33424a9ffdd473655..129320340284b36abfeda2694396f25467227e52 100644
--- a/daemons/ipa-slapi-plugins/ipa-pwd-extop/ipapwd_encoding.c
+++ b/daemons/ipa-slapi-plugins/ipa-pwd-extop/ipapwd_encoding.c
@@ -280,7 +280,7 @@ static Slapi_Value **encrypt_encode_key(struct ipapwd_krbcfg *krbcfg,
     if (!krbPrincipalName) {
         *errMesg = "no krbPrincipalName present in this entry\n";
         LOG_FATAL("%s", *errMesg);
-        return NULL;
+        goto enc_error;
     }
 
     krberr = krb5_parse_name(krbctx, krbPrincipalName, &princ);
@@ -680,6 +680,7 @@ static int encode_ntlm_keys(char *newPasswd,
         ucs2Passwd = calloc(ol, 1);
         if (!ucs2Passwd) {
             ret = -1;
+            iconv_close(cd);
             goto done;
         }
 
@@ -735,6 +736,11 @@ int ipapwd_gen_hashes(struct ipapwd_krbcfg *krbcfg,
 {
     int rc;
 
+    *svals = NULL;
+    *nthash = NULL;
+    *lmhash = NULL;
+    *errMesg = NULL;
+
     if (is_krb) {
 
         *svals = encrypt_encode_key(krbcfg, data, errMesg);
@@ -778,6 +784,11 @@ int ipapwd_gen_hashes(struct ipapwd_krbcfg *krbcfg,
 
 done:
 
+    /* when error, free possibly allocated output parameters */
+    if (rc) {
+        ipapwd_free_slapi_value_array(svals);
+    }
+
     return rc;
 }
 
-- 
1.7.3.4

_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel

Reply via email to