https://bugs.openldap.org/show_bug.cgi?id=9420
Issue ID: 9420
Summary: memory leak & ub in
servers/slapd/modrdn.c`slap_modrdn2mods()
Product: OpenLDAP
Version: unspecified
Hardware: All
OS: All
Status: UNCONFIRMED
Severity: normal
Priority: ---
Component: slapd
Assignee: [email protected]
Reporter: [email protected]
Target Milestone: ---
Created attachment 781
--> https://bugs.openldap.org/attachment.cgi?id=781&action=edit
fix
Hi. I have noticed
1) a memory leak in failure cleanup section of slap_modrdn2mods():
| for ( ; op->orr_modlist != NULL; op->orr_modlist = tmp ) {
| tmp = op->orr_modlist->sml_next;
| ch_free( op->orr_modlist );
| }
this code leaks (n)values of mods. And
2) undefined behavior while scheduling delete:
| (void) (*desc->ad_type->sat_equality->smr_normalize)(...,
&mod_tmp->sml_nvalues[0], ...)
this code doesn't respect normalization failures, and may leave garbage in
nvalues[0].
I guess this is because somebody assumed normalization can't fail here, because
the value has already been normalized during dnPrettyNormal. But ...
normalization can fail at least because some normalizators do not abort() on
memory allocation failures.
Here is a patch that fixes these defects. Please, consider.
--
You are receiving this mail because:
You are on the CC list for the issue.
