|
 |
dc8c34 |
From bbc86bba2bf5edd75551104ffe7186a5fe3d6a7c Mon Sep 17 00:00:00 2001
|
|
|
dc8c34 |
From: Mark Reynolds <mreynolds@redhat.com>
|
|
|
dc8c34 |
Date: Mon, 17 Nov 2014 09:46:33 -0500
|
|
|
dc8c34 |
Subject: [PATCH 274/305] Ticket 47958 - Memory leak in password admin if the
|
|
|
dc8c34 |
admin entry does not exist
|
|
|
dc8c34 |
|
|
|
dc8c34 |
Bug Description: If passwordAdminDN is set to an entry that does not exist memory
|
|
|
dc8c34 |
is leaked.
|
|
|
dc8c34 |
|
|
|
dc8c34 |
Fix Description: The leak occurs because we do not free the internal search results,
|
|
|
dc8c34 |
even when zero entries are returned.
|
|
|
dc8c34 |
|
|
|
dc8c34 |
https://fedorahosted.org/389/ticket/47958
|
|
|
dc8c34 |
|
|
|
dc8c34 |
Reviewed by: rmeggins(Thanks!)
|
|
|
dc8c34 |
|
|
|
dc8c34 |
(cherry picked from commit 6ee9a1bd3aa5014aff3b8b07a032c35a1c66d2e2)
|
|
|
dc8c34 |
|
|
|
dc8c34 |
Conflicts:
|
|
|
dc8c34 |
ldap/servers/slapd/pw.c
|
|
|
dc8c34 |
|
|
|
dc8c34 |
(cherry picked from commit d9274e23f8132c2624413915d3e2e040d48bf152)
|
|
|
dc8c34 |
---
|
|
|
dc8c34 |
ldap/servers/slapd/pw.c | 18 ++++++++++++------
|
|
|
dc8c34 |
1 file changed, 12 insertions(+), 6 deletions(-)
|
|
|
dc8c34 |
|
|
|
dc8c34 |
diff --git a/ldap/servers/slapd/pw.c b/ldap/servers/slapd/pw.c
|
|
|
dc8c34 |
index d32afd8..e0d0080 100644
|
|
|
dc8c34 |
--- a/ldap/servers/slapd/pw.c
|
|
|
dc8c34 |
+++ b/ldap/servers/slapd/pw.c
|
|
|
dc8c34 |
@@ -1573,20 +1573,25 @@ pw_get_admin_users(passwdPolicy *pwp)
|
|
|
dc8c34 |
if(binddn == NULL){
|
|
|
dc8c34 |
return;
|
|
|
dc8c34 |
}
|
|
|
dc8c34 |
- pb = slapi_pblock_new();
|
|
|
dc8c34 |
+
|
|
|
dc8c34 |
/*
|
|
|
dc8c34 |
* Check if the DN exists and has "group" objectclasses
|
|
|
dc8c34 |
*/
|
|
|
dc8c34 |
- slapi_search_internal_set_pb(pb, binddn, LDAP_SCOPE_BASE,"(|(objectclass=groupofuniquenames)(objectclass=groupofnames))",
|
|
|
dc8c34 |
- NULL, 0, NULL, NULL, (void *) plugin_get_default_component_id(), 0);
|
|
|
dc8c34 |
+ pb = slapi_pblock_new();
|
|
|
dc8c34 |
+ slapi_search_internal_set_pb(pb, binddn, LDAP_SCOPE_BASE,
|
|
|
dc8c34 |
+ "(|(objectclass=groupofuniquenames)(objectclass=groupofnames))",
|
|
|
dc8c34 |
+ NULL, 0, NULL, NULL, (void *) plugin_get_default_component_id(), 0);
|
|
|
dc8c34 |
slapi_search_internal_pb(pb);
|
|
|
dc8c34 |
slapi_pblock_get(pb, SLAPI_PLUGIN_INTOP_RESULT, &res;;
|
|
|
dc8c34 |
if (res != LDAP_SUCCESS) {
|
|
|
dc8c34 |
+ slapi_free_search_results_internal(pb);
|
|
|
dc8c34 |
slapi_pblock_destroy(pb);
|
|
|
dc8c34 |
- LDAPDebug(LDAP_DEBUG_ANY, "pw_get_admin_users: search failed for %s: error %d - Password Policy Administrators can not be set\n",
|
|
|
dc8c34 |
- slapi_sdn_get_dn(sdn), res, 0);
|
|
|
dc8c34 |
+ LDAPDebug(LDAP_DEBUG_ANY, "pw_get_admin_users: search failed for %s: error %d - "
|
|
|
dc8c34 |
+ "Password Policy Administrators can not be set\n",
|
|
|
dc8c34 |
+ slapi_sdn_get_dn(sdn), res, 0);
|
|
|
dc8c34 |
return;
|
|
|
dc8c34 |
}
|
|
|
dc8c34 |
+
|
|
|
dc8c34 |
/*
|
|
|
dc8c34 |
* Ok, we know we have a valid DN, and nentries will tell us if its a group or a user
|
|
|
dc8c34 |
*/
|
|
|
dc8c34 |
@@ -1600,7 +1605,8 @@ pw_get_admin_users(passwdPolicy *pwp)
|
|
|
dc8c34 |
slapi_pblock_get(pb, SLAPI_PLUGIN_INTOP_SEARCH_ENTRIES, &entries);
|
|
|
dc8c34 |
uniquemember_vals = slapi_entry_attr_get_charray_ext(entries[0], "uniquemember", &uniquemember_count);
|
|
|
dc8c34 |
member_vals = slapi_entry_attr_get_charray_ext(entries[0], "member", &member_count);
|
|
|
dc8c34 |
- pwp->pw_admin_user = (Slapi_DN **)slapi_ch_calloc((uniquemember_count + member_count + 1), sizeof(Slapi_DN *));
|
|
|
dc8c34 |
+ pwp->pw_admin_user = (Slapi_DN **)slapi_ch_calloc((uniquemember_count + member_count + 1),
|
|
|
dc8c34 |
+ sizeof(Slapi_DN *));
|
|
|
dc8c34 |
if(uniquemember_count > 0){
|
|
|
dc8c34 |
for(i = 0; i < uniquemember_count; i++){
|
|
|
dc8c34 |
pwp->pw_admin_user[count++] = slapi_sdn_new_dn_passin(uniquemember_vals[i]);
|
|
|
dc8c34 |
--
|
|
|
dc8c34 |
1.9.3
|
|
|
dc8c34 |
|