6f51e1
From 97f09918ef370c3be5aa64dcfeb3bb21e762f90d Mon Sep 17 00:00:00 2001
6f51e1
From: Mark Reynolds <mreynolds@redhat.com>
6f51e1
Date: Tue, 14 Mar 2017 20:23:07 -0400
6f51e1
Subject: [PATCH 4/5] Issue 49169 - Fix covscan errors
6f51e1
6f51e1
src/libsds/bpt/map.c  - resource leak
6f51e1
ldap/servers/slapd/vattr.c - resource leak
6f51e1
ldap/servers/slapd/task.c:  resource leaks
6f51e1
ldap/servers/slapd/str2filter.c - resource leak
6f51e1
ldap/servers/slapd/pw.c - resource leak
6f51e1
ldap/servers/slapd/back-ldbm/import-threads.c - resource leak
6f51e1
ldap/servers/plugins/uiduniq/uid.c:536 - resource leak
6f51e1
ldap/servers/plugins/pwdstorage/pbkdf2_pwd.c:164 - resource leak
6f51e1
ldap/servers/plugins/linkedattrs/linked_attrs.c:1672 - resource leak
6f51e1
ldap/servers/plugins/addn/addn.c:419
6f51e1
ldap/servers/slapd/ssl.c - dead code
6f51e1
ldap/servers/slapd/index_subsystem.c - null dereference
6f51e1
6f51e1
https://pagure.io/389-ds-base/issue/49169
6f51e1
6f51e1
Reviewed by: nkinder & wibrown(Thanks!!)
6f51e1
6f51e1
(cherry picked from commit c75126be1edece121826e336141f9b0b9c0bddfd)
6f51e1
---
6f51e1
 ldap/servers/plugins/addn/addn.c                |  4 +++-
6f51e1
 ldap/servers/plugins/linkedattrs/linked_attrs.c |  2 ++
6f51e1
 ldap/servers/plugins/pwdstorage/pbkdf2_pwd.c    |  1 +
6f51e1
 ldap/servers/plugins/uiduniq/uid.c              |  6 +++++-
6f51e1
 ldap/servers/slapd/back-ldbm/import-threads.c   |  1 +
6f51e1
 ldap/servers/slapd/index_subsystem.c            | 27 +++++++++++++------------
6f51e1
 ldap/servers/slapd/pw.c                         |  1 +
6f51e1
 ldap/servers/slapd/pw_verify.c                  |  1 -
6f51e1
 ldap/servers/slapd/ssl.c                        |  8 +++-----
6f51e1
 ldap/servers/slapd/str2filter.c                 |  1 +
6f51e1
 ldap/servers/slapd/task.c                       |  3 +--
6f51e1
 ldap/servers/slapd/vattr.c                      |  6 +++---
6f51e1
 src/libsds/sds/bpt/map.c                        |  1 +
6f51e1
 13 files changed, 36 insertions(+), 26 deletions(-)
6f51e1
6f51e1
diff --git a/ldap/servers/plugins/addn/addn.c b/ldap/servers/plugins/addn/addn.c
6f51e1
index 3abc112..6ba7833 100644
6f51e1
--- a/ldap/servers/plugins/addn/addn.c
6f51e1
+++ b/ldap/servers/plugins/addn/addn.c
6f51e1
@@ -415,7 +415,9 @@ addn_start(Slapi_PBlock *pb)
6f51e1
     domain = slapi_entry_attr_get_charptr(plugin_entry, "addn_default_domain");
6f51e1
 
6f51e1
     if (domain == NULL) {
6f51e1
-        slapi_log_err(SLAPI_LOG_ERR, plugin_name, "addn_start: CRITICAL: No default domain in configuration, you must set addn_default_domain!\n");
6f51e1
+        slapi_log_err(SLAPI_LOG_ERR, plugin_name,
6f51e1
+                "addn_start: CRITICAL: No default domain in configuration, you must set addn_default_domain!\n");
6f51e1
+        slapi_ch_free((void**)&config);
6f51e1
         return SLAPI_PLUGIN_FAILURE;
6f51e1
     }
6f51e1
 
6f51e1
diff --git a/ldap/servers/plugins/linkedattrs/linked_attrs.c b/ldap/servers/plugins/linkedattrs/linked_attrs.c
6f51e1
index b5adb21..d046542 100644
6f51e1
--- a/ldap/servers/plugins/linkedattrs/linked_attrs.c
6f51e1
+++ b/ldap/servers/plugins/linkedattrs/linked_attrs.c
6f51e1
@@ -1669,6 +1669,8 @@ linked_attrs_mod_post_op(Slapi_PBlock *pb)
6f51e1
             /* Bail out if the plug-in close function was just called. */
6f51e1
             if (!slapi_plugin_running(pb)) {
6f51e1
                 linked_attrs_unlock();
6f51e1
+                slapi_mod_free(&next_mod);
6f51e1
+                slapi_mods_free(&smods);
6f51e1
                 return SLAPI_PLUGIN_SUCCESS;
6f51e1
             }
6f51e1
 
6f51e1
diff --git a/ldap/servers/plugins/pwdstorage/pbkdf2_pwd.c b/ldap/servers/plugins/pwdstorage/pbkdf2_pwd.c
6f51e1
index 1b3e555..b228700 100644
6f51e1
--- a/ldap/servers/plugins/pwdstorage/pbkdf2_pwd.c
6f51e1
+++ b/ldap/servers/plugins/pwdstorage/pbkdf2_pwd.c
6f51e1
@@ -161,6 +161,7 @@ pbkdf2_sha256_pw_enc(const char *pwd)
6f51e1
      */
6f51e1
     if ( pbkdf2_sha256_hash(hash + PBKDF2_ITERATIONS_LENGTH + PBKDF2_SALT_LENGTH, PBKDF2_HASH_LENGTH, &passItem, &saltItem, PBKDF2_ITERATIONS) != SECSuccess ) {
6f51e1
         slapi_log_err(SLAPI_LOG_ERR, (char *)schemeName, "Could not generate pbkdf2_sha256_hash!\n");
6f51e1
+        slapi_ch_free_string(&enc;;
6f51e1
         return NULL;
6f51e1
     }
6f51e1
 
6f51e1
diff --git a/ldap/servers/plugins/uiduniq/uid.c b/ldap/servers/plugins/uiduniq/uid.c
6f51e1
index ae9320e..46554b2 100644
6f51e1
--- a/ldap/servers/plugins/uiduniq/uid.c
6f51e1
+++ b/ldap/servers/plugins/uiduniq/uid.c
6f51e1
@@ -533,7 +533,11 @@ create_filter(const char **attributes, const struct berval *value, const char *r
6f51e1
 
6f51e1
           /* Place value in filter */
6f51e1
           if (ldap_quote_filter_value(value->bv_val, value->bv_len,
6f51e1
-            fp, max-fp, &valueLen)) { slapi_ch_free((void**)&filter); return 0; }
6f51e1
+                                      fp, max-fp, &valueLen)) {
6f51e1
+              slapi_ch_free((void**)&filter);
6f51e1
+              slapi_ch_free((void**)&attrLen);
6f51e1
+              return 0;
6f51e1
+          }
6f51e1
           fp += valueLen;
6f51e1
 
6f51e1
           strcpy(fp, ")");
6f51e1
diff --git a/ldap/servers/slapd/back-ldbm/import-threads.c b/ldap/servers/slapd/back-ldbm/import-threads.c
6f51e1
index 5b81427..087103b 100644
6f51e1
--- a/ldap/servers/slapd/back-ldbm/import-threads.c
6f51e1
+++ b/ldap/servers/slapd/back-ldbm/import-threads.c
6f51e1
@@ -1647,6 +1647,7 @@ upgradedn_producer(void *param)
6f51e1
                 }
6f51e1
                 e = slapi_str2entry_ext(normdn, NULL, data.dptr, 
6f51e1
                                         SLAPI_STR2ENTRY_USE_OBSOLETE_DNFORMAT);
6f51e1
+                slapi_ch_free_string(&rdn;;
6f51e1
             }
6f51e1
         } else {
6f51e1
             e = 
6f51e1
diff --git a/ldap/servers/slapd/index_subsystem.c b/ldap/servers/slapd/index_subsystem.c
6f51e1
index 57d4f58..8f9fe6d 100644
6f51e1
--- a/ldap/servers/slapd/index_subsystem.c
6f51e1
+++ b/ldap/servers/slapd/index_subsystem.c
6f51e1
@@ -185,27 +185,28 @@ static int index_subsys_index_matches_filter(indexEntry *index, Slapi_Filter *f)
6f51e1
  */
6f51e1
 int index_subsys_assign_filter_decoders(Slapi_PBlock *pb)
6f51e1
 {
6f51e1
-	int				rc;
6f51e1
+	int				rc = 0;
6f51e1
 	Slapi_Filter	*f;
6f51e1
 	char			*subsystem = "index_subsys_assign_filter_decoders";
6f51e1
 	char			logbuf[ 1024 ];
6f51e1
 
6f51e1
 	/* extract the filter */
6f51e1
 	slapi_pblock_get(pb, SLAPI_SEARCH_FILTER, &f);   
6f51e1
+	if (f) {
6f51e1
+		if ( loglevel_is_set( LDAP_DEBUG_FILTER )) {
6f51e1
+			logbuf[0] = '\0';
6f51e1
+			slapi_log_err(SLAPI_LOG_DEBUG, subsystem, "before: %s\n",
6f51e1
+					slapi_filter_to_string(f, logbuf, sizeof(logbuf)));
6f51e1
+		}
6f51e1
 
6f51e1
-	if ( loglevel_is_set( LDAP_DEBUG_FILTER ) && NULL != f ) {
6f51e1
-		logbuf[0] = '\0';
6f51e1
-		slapi_log_err(SLAPI_LOG_DEBUG, subsystem, "before: %s\n",
6f51e1
-				slapi_filter_to_string(f, logbuf, sizeof(logbuf)));
6f51e1
-	}
6f51e1
-
6f51e1
-	/* find decoders */
6f51e1
-	rc = index_subsys_assign_decoders(f);
6f51e1
+		/* find decoders */
6f51e1
+		rc = index_subsys_assign_decoders(f);
6f51e1
 
6f51e1
-	if ( loglevel_is_set( LDAP_DEBUG_FILTER ) && NULL != f ) {
6f51e1
-		logbuf[0] = '\0';
6f51e1
-		slapi_log_err(SLAPI_LOG_DEBUG, subsystem, " after: %s\n",
6f51e1
-				slapi_filter_to_string(f, logbuf, sizeof(logbuf)));
6f51e1
+		if ( loglevel_is_set( LDAP_DEBUG_FILTER )) {
6f51e1
+			logbuf[0] = '\0';
6f51e1
+			slapi_log_err(SLAPI_LOG_DEBUG, subsystem, " after: %s\n",
6f51e1
+					slapi_filter_to_string(f, logbuf, sizeof(logbuf)));
6f51e1
+		}
6f51e1
 	}
6f51e1
 
6f51e1
 	return rc;
6f51e1
diff --git a/ldap/servers/slapd/pw.c b/ldap/servers/slapd/pw.c
6f51e1
index 215c9eb..378d148 100644
6f51e1
--- a/ldap/servers/slapd/pw.c
6f51e1
+++ b/ldap/servers/slapd/pw.c
6f51e1
@@ -1512,6 +1512,7 @@ check_trivial_words (Slapi_PBlock *pb, Slapi_Entry *e, Slapi_Value **vals, char
6f51e1
 			ep = sp + strlen(sp);
6f51e1
 			ep = ldap_utf8prevn(sp, ep, toklen);
6f51e1
 			if (!ep || (sp >= ep)) {
6f51e1
+				slapi_ch_free_string(&sp);
6f51e1
 				continue;
6f51e1
 			}
6f51e1
 			/* See if the password contains the value */
6f51e1
diff --git a/ldap/servers/slapd/pw_verify.c b/ldap/servers/slapd/pw_verify.c
6f51e1
index 529bb83..a9fd9ec 100644
6f51e1
--- a/ldap/servers/slapd/pw_verify.c
6f51e1
+++ b/ldap/servers/slapd/pw_verify.c
6f51e1
@@ -103,7 +103,6 @@ pw_verify_be_dn(Slapi_PBlock *pb, Slapi_Entry **referral)
6f51e1
 int
6f51e1
 pw_validate_be_dn(Slapi_PBlock *pb, Slapi_Entry **referral)
6f51e1
 {
6f51e1
-    int rc = 0;
6f51e1
     Slapi_Backend *be = NULL;
6f51e1
     Slapi_DN *pb_sdn;
6f51e1
     struct berval *cred;
6f51e1
diff --git a/ldap/servers/slapd/ssl.c b/ldap/servers/slapd/ssl.c
6f51e1
index f35b3f1..050e7b5 100644
6f51e1
--- a/ldap/servers/slapd/ssl.c
6f51e1
+++ b/ldap/servers/slapd/ssl.c
6f51e1
@@ -1418,12 +1418,10 @@ slapd_ssl_init()
6f51e1
       errorCode = PR_GetError();
6f51e1
       slapd_SSL_error("Failed to retrieve SSL "
6f51e1
                      "configuration information ("
6f51e1
-                     SLAPI_COMPONENT_NAME_NSPR " error %d - %s): "
6f51e1
+                     SLAPI_COMPONENT_NAME_NSPR " error %d - not found): "
6f51e1
                      "nssslSessionTimeout: %s ",
6f51e1
-                     errorCode, slapd_pr_strerror(errorCode),
6f51e1
-             (val ? "found" : "not found"));
6f51e1
-      slapi_ch_free((void **) &val;;
6f51e1
-      slapi_ch_free((void **) &ciphers);
6f51e1
+                     errorCode, slapd_pr_strerror(errorCode));
6f51e1
+      slapi_ch_free((void **)&ciphers);
6f51e1
       freeConfigEntry( &entry );
6f51e1
       return -1;
6f51e1
     }
6f51e1
diff --git a/ldap/servers/slapd/str2filter.c b/ldap/servers/slapd/str2filter.c
6f51e1
index ebd5c5d..744c93f 100644
6f51e1
--- a/ldap/servers/slapd/str2filter.c
6f51e1
+++ b/ldap/servers/slapd/str2filter.c
6f51e1
@@ -344,6 +344,7 @@ str2simple( char *str , int unescape_filter)
6f51e1
 			*endp = '\0';
6f51e1
 			rc = _parse_ext_filter(str, extp, &f->f_mr_type, &f->f_mr_oid, &f->f_mr_dnAttrs);
6f51e1
 			if (rc) {
6f51e1
+				slapi_filter_free(f, 1);
6f51e1
 				return NULL; /* error */
6f51e1
 			} else {
6f51e1
 				f->f_choice = LDAP_FILTER_EXTENDED;
6f51e1
diff --git a/ldap/servers/slapd/task.c b/ldap/servers/slapd/task.c
6f51e1
index ad52e9d..eabd517 100644
6f51e1
--- a/ldap/servers/slapd/task.c
6f51e1
+++ b/ldap/servers/slapd/task.c
6f51e1
@@ -2389,7 +2389,6 @@ task_fixup_tombstones_add(Slapi_PBlock *pb, Slapi_Entry *e, Slapi_Entry *eAfter,
6f51e1
         slapi_task_finish(task, *returncode);
6f51e1
         slapi_ch_array_free(base);
6f51e1
         slapi_ch_free((void **)&task_data);
6f51e1
-        return SLAPI_DSE_CALLBACK_ERROR;
6f51e1
     }
6f51e1
 
6f51e1
 done:
6f51e1
@@ -2507,9 +2506,9 @@ task_des2aes(Slapi_PBlock *pb, Slapi_Entry *e, Slapi_Entry *eAfter,
6f51e1
 error:
6f51e1
     if (rc == SLAPI_DSE_CALLBACK_ERROR){
6f51e1
         slapi_ch_array_free(bases);
6f51e1
-        slapi_ch_array_free(suffix);
6f51e1
         slapi_ch_free((void **)&task_data);
6f51e1
     }
6f51e1
+    slapi_ch_array_free(suffix);
6f51e1
     return rc;
6f51e1
 }
6f51e1
 
6f51e1
diff --git a/ldap/servers/slapd/vattr.c b/ldap/servers/slapd/vattr.c
6f51e1
index 34665de..599b54e 100644
6f51e1
--- a/ldap/servers/slapd/vattr.c
6f51e1
+++ b/ldap/servers/slapd/vattr.c
6f51e1
@@ -753,10 +753,10 @@ slapi_vattr_values_get_sp(vattr_context *c,
6f51e1
   }
6f51e1
   if (use_local_ctx) {
6f51e1
     /* slapi_pblock_destroy cleans up pb_vattr_context, as well */
6f51e1
-    slapi_pblock_destroy(local_pb);
6f51e1
-  } else {
6f51e1
-    vattr_context_ungrok(&c);
6f51e1
+	slapi_pblock_destroy(local_pb);
6f51e1
+	ctx->pb = NULL;
6f51e1
   }
6f51e1
+  vattr_context_ungrok(&ctx;;
6f51e1
   return rc;
6f51e1
 }
6f51e1
 
6f51e1
diff --git a/src/libsds/sds/bpt/map.c b/src/libsds/sds/bpt/map.c
6f51e1
index 4205aa5..2c3468b 100644
6f51e1
--- a/src/libsds/sds/bpt/map.c
6f51e1
+++ b/src/libsds/sds/bpt/map.c
6f51e1
@@ -18,6 +18,7 @@ sds_bptree_map_nodes(sds_bptree_instance *binst, sds_bptree_node *root, sds_resu
6f51e1
     sds_bptree_node_list *tail = cur;
6f51e1
 
6f51e1
     if (binst == NULL) {
6f51e1
+        sds_free(cur);
6f51e1
         return SDS_NULL_POINTER;
6f51e1
     }
6f51e1
 
6f51e1
-- 
6f51e1
2.9.3
6f51e1