[Issue 10344] New: Potential memory leak in function firstComponentNormalize and objectClassPretty.

openldap-its Tue, 27 May 2025 19:04:02 -0700

https://bugs.openldap.org/show_bug.cgi?id=10344


          Issue ID: 10344
           Summary: Potential memory leak in function
                    firstComponentNormalize and objectClassPretty.
           Product: OpenLDAP
           Version: unspecified
          Hardware: All
                OS: All
            Status: UNCONFIRMED
          Keywords: needs_review
          Severity: normal
          Priority: ---
         Component: slapd
          Assignee: [email protected]
          Reporter: [email protected]
  Target Milestone: ---

Created attachment 1071
  --> https://bugs.openldap.org/attachment.cgi?id=1071&action=edit
Patch: Ensure the first argument passed to `ber_dupbv_x` is not `NULL`.

In `firstComponentNormalize`, the code calls `ber_dupbv_x` but ignores its
return value.

```c
ber_dupbv_x(normalized, val, ctx);
```

When `normalized` is `NULL`, `ber_dupbv_x` allocates a new `struct berval` and
returns it; failing to capture that pointer means we lose ownership and leak
the allocation. The same issue arises in `objectClassPretty`. We should follow
the pattern in function `hexNormalize`, which asserts that its `normalized`
argument is non-NULL before use:

```c
assert(normalized != NULL);
```

-- 
You are receiving this mail because:
You are on the CC list for the issue.

[Issue 10344] New: Potential memory leak in function firstComponentNormalize and objectClassPretty.

Reply via email to