zrhoffman / rpms / 389-ds-base

Forked from rpms/389-ds-base 3 years ago
Clone

Blame SOURCES/0033-Ticket-47517-memory-leak-in-range-searches-and-other.patch

ba46c7
From 5f89494625af13a9e23a620d973eb11120495ab3 Mon Sep 17 00:00:00 2001
ba46c7
From: Mark Reynolds <mreynolds@redhat.com>
ba46c7
Date: Mon, 7 Oct 2013 09:57:47 -0400
ba46c7
Subject: [PATCH 33/39] Ticket 47517 - memory leak in range searches and other various leaks
ba46c7
ba46c7
Bug Description:  Range searches leak memory
ba46c7
ba46c7
Fix Description:  Free the db key, if the key changed between calls to c_get.
ba46c7
ba46c7
                  Also fixed a leak when doing a delete operation(retrieving the
ba46c7
                  parent id), and fixed a leak in replication incremental protocol
ba46c7
                  when getting the hostname control.
ba46c7
ba46c7
https://fedorahosted.org/389/ticket/47517
ba46c7
ba46c7
Reviewed by:  nhosoi & richm(Thanks!)
ba46c7
(cherry picked from commit b737882146e709aa75771168ffd9db63af23e005)
ba46c7
(cherry picked from commit 98dd62e4a9ed6696a3becfda3ccb456de587601f)
ba46c7
---
ba46c7
 ldap/servers/slapd/back-ldbm/idl_new.c     |   16 +++++++++++++++-
ba46c7
 ldap/servers/slapd/back-ldbm/index.c       |    2 --
ba46c7
 ldap/servers/slapd/back-ldbm/ldbm_delete.c |    1 +
ba46c7
 ldap/servers/slapd/ldaputil.c              |    3 ++-
ba46c7
 4 files changed, 18 insertions(+), 4 deletions(-)
ba46c7
ba46c7
diff --git a/ldap/servers/slapd/back-ldbm/idl_new.c b/ldap/servers/slapd/back-ldbm/idl_new.c
ba46c7
index 50ad5cb..f0410f9 100644
ba46c7
--- a/ldap/servers/slapd/back-ldbm/idl_new.c
ba46c7
+++ b/ldap/servers/slapd/back-ldbm/idl_new.c
ba46c7
@@ -576,6 +576,11 @@ idl_new_range_fetch(
ba46c7
         }
ba46c7
 #endif
ba46c7
         ret = cursor->c_get(cursor, &cur_key, &data, DB_NEXT_DUP|DB_MULTIPLE);
ba46c7
+        if (saved_key != cur_key.data) {
ba46c7
+            /* key was allocated in c_get */
ba46c7
+            slapi_ch_free(&saved_key);
ba46c7
+            saved_key = cur_key.data;
ba46c7
+        }
ba46c7
         if (ret) {
ba46c7
             if (upperkey && upperkey->data && DBT_EQ(&cur_key, upperkey)) {
ba46c7
                 /* this is the last key */
ba46c7
@@ -583,6 +588,11 @@ idl_new_range_fetch(
ba46c7
             }
ba46c7
             /* First set the cursor (DB_NEXT_NODUP does not take DB_MULTIPLE) */
ba46c7
             ret = cursor->c_get(cursor, &cur_key, &data, DB_NEXT_NODUP);
ba46c7
+            if (saved_key != cur_key.data) {
ba46c7
+                /* key was allocated in c_get */
ba46c7
+                slapi_ch_free(&saved_key);
ba46c7
+                saved_key = cur_key.data;
ba46c7
+            }
ba46c7
             if (ret) {
ba46c7
                 break;
ba46c7
             }
ba46c7
@@ -633,13 +643,17 @@ idl_new_range_fetch(
ba46c7
             }
ba46c7
         }
ba46c7
         ret = cursor->c_get(cursor,&cur_key,&data,DB_NEXT_DUP);
ba46c7
+        if (saved_key != cur_key.data) {
ba46c7
+            /* key was allocated in c_get */
ba46c7
+            slapi_ch_free(&saved_key);
ba46c7
+            saved_key = cur_key.data;
ba46c7
+        }
ba46c7
         count++;
ba46c7
         if (ret) {
ba46c7
             if (upperkey && upperkey->data && DBT_EQ(&cur_key, upperkey)) {
ba46c7
                 /* this is the last key */
ba46c7
                 break;
ba46c7
             }
ba46c7
-            DBT_FREE_PAYLOAD(cur_key);
ba46c7
             ret = cursor->c_get(cursor, &cur_key, &data, DB_NEXT_NODUP);
ba46c7
             if (saved_key != cur_key.data) {
ba46c7
                 /* key was allocated in c_get */
ba46c7
diff --git a/ldap/servers/slapd/back-ldbm/index.c b/ldap/servers/slapd/back-ldbm/index.c
ba46c7
index f4de2fa..1504fa8 100644
ba46c7
--- a/ldap/servers/slapd/back-ldbm/index.c
ba46c7
+++ b/ldap/servers/slapd/back-ldbm/index.c
ba46c7
@@ -1401,8 +1401,6 @@ index_range_read_ext(
ba46c7
                         type, prefix, *err );
ba46c7
                 }
ba46c7
             } else if (DBTcmp (&upperkey, &cur_key, ai->ai_key_cmp_fn) > 0) {
ba46c7
-                tmpbuf = slapi_ch_realloc (tmpbuf, cur_key.dsize);
ba46c7
-                memcpy (tmpbuf, cur_key.dptr, cur_key.dsize);
ba46c7
                 DBT_FREE_PAYLOAD(upperkey);
ba46c7
                 upperkey.dptr = NULL; /* x >= a :no need to check upper bound */
ba46c7
                 upperkey.dsize = 0;
ba46c7
diff --git a/ldap/servers/slapd/back-ldbm/ldbm_delete.c b/ldap/servers/slapd/back-ldbm/ldbm_delete.c
ba46c7
index c174c18..6725123 100644
ba46c7
--- a/ldap/servers/slapd/back-ldbm/ldbm_delete.c
ba46c7
+++ b/ldap/servers/slapd/back-ldbm/ldbm_delete.c
ba46c7
@@ -457,6 +457,7 @@ ldbm_back_delete( Slapi_PBlock *pb )
ba46c7
 					 * and numsubordinate count could get confused.
ba46c7
 					 */
ba46c7
 					ID pid = (ID)strtol(pid_str, (char **)NULL, 10);
ba46c7
+					slapi_ch_free_string(&pid_str);
ba46c7
 					parent = id2entry(be, pid ,NULL, &retval);
ba46c7
 					if (parent && cache_lock_entry(&inst->inst_cache, parent)) {
ba46c7
 						/* Failed to obtain parent entry's entry lock */
ba46c7
diff --git a/ldap/servers/slapd/ldaputil.c b/ldap/servers/slapd/ldaputil.c
ba46c7
index e56c392..edc8267 100644
ba46c7
--- a/ldap/servers/slapd/ldaputil.c
ba46c7
+++ b/ldap/servers/slapd/ldaputil.c
ba46c7
@@ -1096,6 +1096,7 @@ slapi_ldap_bind(
ba46c7
 	        if (ptr) {
ba46c7
 	            copy = slapi_ch_strdup(myhostname);
ba46c7
 	            *(copy + (ptr - myhostname)) = '\0';
ba46c7
+	            slapi_ch_free_string(&myhostname);
ba46c7
 	            myhostname = copy;
ba46c7
 	        }
ba46c7
 	    }
ba46c7
@@ -1119,7 +1120,7 @@ slapi_ldap_bind(
ba46c7
 			    myerrno ? myerrno : gaierr,
ba46c7
 			    myerrno ? slapd_system_strerror(myerrno) : gai_strerror(gaierr),
ba46c7
 			    myhostname ? myhostname : "unknown host");
ba46c7
-	    slapi_ch_free_string(©);
ba46c7
+	    slapi_ch_free_string(&myhostname);
ba46c7
 	    goto done;
ba46c7
 	}
ba46c7
 
ba46c7
-- 
ba46c7
1.7.1
ba46c7