|
|
6f51e1 |
From 97f09918ef370c3be5aa64dcfeb3bb21e762f90d Mon Sep 17 00:00:00 2001
|
|
|
6f51e1 |
From: Mark Reynolds <mreynolds@redhat.com>
|
|
|
6f51e1 |
Date: Tue, 14 Mar 2017 20:23:07 -0400
|
|
|
6f51e1 |
Subject: [PATCH 4/5] Issue 49169 - Fix covscan errors
|
|
|
6f51e1 |
|
|
|
6f51e1 |
src/libsds/bpt/map.c - resource leak
|
|
|
6f51e1 |
ldap/servers/slapd/vattr.c - resource leak
|
|
|
6f51e1 |
ldap/servers/slapd/task.c: resource leaks
|
|
|
6f51e1 |
ldap/servers/slapd/str2filter.c - resource leak
|
|
|
6f51e1 |
ldap/servers/slapd/pw.c - resource leak
|
|
|
6f51e1 |
ldap/servers/slapd/back-ldbm/import-threads.c - resource leak
|
|
|
6f51e1 |
ldap/servers/plugins/uiduniq/uid.c:536 - resource leak
|
|
|
6f51e1 |
ldap/servers/plugins/pwdstorage/pbkdf2_pwd.c:164 - resource leak
|
|
|
6f51e1 |
ldap/servers/plugins/linkedattrs/linked_attrs.c:1672 - resource leak
|
|
|
6f51e1 |
ldap/servers/plugins/addn/addn.c:419
|
|
|
6f51e1 |
ldap/servers/slapd/ssl.c - dead code
|
|
|
6f51e1 |
ldap/servers/slapd/index_subsystem.c - null dereference
|
|
|
6f51e1 |
|
|
|
6f51e1 |
https://pagure.io/389-ds-base/issue/49169
|
|
|
6f51e1 |
|
|
|
6f51e1 |
Reviewed by: nkinder & wibrown(Thanks!!)
|
|
|
6f51e1 |
|
|
|
6f51e1 |
(cherry picked from commit c75126be1edece121826e336141f9b0b9c0bddfd)
|
|
|
6f51e1 |
---
|
|
|
6f51e1 |
ldap/servers/plugins/addn/addn.c | 4 +++-
|
|
|
6f51e1 |
ldap/servers/plugins/linkedattrs/linked_attrs.c | 2 ++
|
|
|
6f51e1 |
ldap/servers/plugins/pwdstorage/pbkdf2_pwd.c | 1 +
|
|
|
6f51e1 |
ldap/servers/plugins/uiduniq/uid.c | 6 +++++-
|
|
|
6f51e1 |
ldap/servers/slapd/back-ldbm/import-threads.c | 1 +
|
|
|
6f51e1 |
ldap/servers/slapd/index_subsystem.c | 27 +++++++++++++------------
|
|
|
6f51e1 |
ldap/servers/slapd/pw.c | 1 +
|
|
|
6f51e1 |
ldap/servers/slapd/pw_verify.c | 1 -
|
|
|
6f51e1 |
ldap/servers/slapd/ssl.c | 8 +++-----
|
|
|
6f51e1 |
ldap/servers/slapd/str2filter.c | 1 +
|
|
|
6f51e1 |
ldap/servers/slapd/task.c | 3 +--
|
|
|
6f51e1 |
ldap/servers/slapd/vattr.c | 6 +++---
|
|
|
6f51e1 |
src/libsds/sds/bpt/map.c | 1 +
|
|
|
6f51e1 |
13 files changed, 36 insertions(+), 26 deletions(-)
|
|
|
6f51e1 |
|
|
|
6f51e1 |
diff --git a/ldap/servers/plugins/addn/addn.c b/ldap/servers/plugins/addn/addn.c
|
|
|
6f51e1 |
index 3abc112..6ba7833 100644
|
|
|
6f51e1 |
--- a/ldap/servers/plugins/addn/addn.c
|
|
|
6f51e1 |
+++ b/ldap/servers/plugins/addn/addn.c
|
|
|
6f51e1 |
@@ -415,7 +415,9 @@ addn_start(Slapi_PBlock *pb)
|
|
|
6f51e1 |
domain = slapi_entry_attr_get_charptr(plugin_entry, "addn_default_domain");
|
|
|
6f51e1 |
|
|
|
6f51e1 |
if (domain == NULL) {
|
|
|
6f51e1 |
- slapi_log_err(SLAPI_LOG_ERR, plugin_name, "addn_start: CRITICAL: No default domain in configuration, you must set addn_default_domain!\n");
|
|
|
6f51e1 |
+ slapi_log_err(SLAPI_LOG_ERR, plugin_name,
|
|
|
6f51e1 |
+ "addn_start: CRITICAL: No default domain in configuration, you must set addn_default_domain!\n");
|
|
|
6f51e1 |
+ slapi_ch_free((void**)&config);
|
|
|
6f51e1 |
return SLAPI_PLUGIN_FAILURE;
|
|
|
6f51e1 |
}
|
|
|
6f51e1 |
|
|
|
6f51e1 |
diff --git a/ldap/servers/plugins/linkedattrs/linked_attrs.c b/ldap/servers/plugins/linkedattrs/linked_attrs.c
|
|
|
6f51e1 |
index b5adb21..d046542 100644
|
|
|
6f51e1 |
--- a/ldap/servers/plugins/linkedattrs/linked_attrs.c
|
|
|
6f51e1 |
+++ b/ldap/servers/plugins/linkedattrs/linked_attrs.c
|
|
|
6f51e1 |
@@ -1669,6 +1669,8 @@ linked_attrs_mod_post_op(Slapi_PBlock *pb)
|
|
|
6f51e1 |
/* Bail out if the plug-in close function was just called. */
|
|
|
6f51e1 |
if (!slapi_plugin_running(pb)) {
|
|
|
6f51e1 |
linked_attrs_unlock();
|
|
|
6f51e1 |
+ slapi_mod_free(&next_mod);
|
|
|
6f51e1 |
+ slapi_mods_free(&smods);
|
|
|
6f51e1 |
return SLAPI_PLUGIN_SUCCESS;
|
|
|
6f51e1 |
}
|
|
|
6f51e1 |
|
|
|
6f51e1 |
diff --git a/ldap/servers/plugins/pwdstorage/pbkdf2_pwd.c b/ldap/servers/plugins/pwdstorage/pbkdf2_pwd.c
|
|
|
6f51e1 |
index 1b3e555..b228700 100644
|
|
|
6f51e1 |
--- a/ldap/servers/plugins/pwdstorage/pbkdf2_pwd.c
|
|
|
6f51e1 |
+++ b/ldap/servers/plugins/pwdstorage/pbkdf2_pwd.c
|
|
|
6f51e1 |
@@ -161,6 +161,7 @@ pbkdf2_sha256_pw_enc(const char *pwd)
|
|
|
6f51e1 |
*/
|
|
|
6f51e1 |
if ( pbkdf2_sha256_hash(hash + PBKDF2_ITERATIONS_LENGTH + PBKDF2_SALT_LENGTH, PBKDF2_HASH_LENGTH, &passItem, &saltItem, PBKDF2_ITERATIONS) != SECSuccess ) {
|
|
|
6f51e1 |
slapi_log_err(SLAPI_LOG_ERR, (char *)schemeName, "Could not generate pbkdf2_sha256_hash!\n");
|
|
|
6f51e1 |
+ slapi_ch_free_string(&enc;;
|
|
|
6f51e1 |
return NULL;
|
|
|
6f51e1 |
}
|
|
|
6f51e1 |
|
|
|
6f51e1 |
diff --git a/ldap/servers/plugins/uiduniq/uid.c b/ldap/servers/plugins/uiduniq/uid.c
|
|
|
6f51e1 |
index ae9320e..46554b2 100644
|
|
|
6f51e1 |
--- a/ldap/servers/plugins/uiduniq/uid.c
|
|
|
6f51e1 |
+++ b/ldap/servers/plugins/uiduniq/uid.c
|
|
|
6f51e1 |
@@ -533,7 +533,11 @@ create_filter(const char **attributes, const struct berval *value, const char *r
|
|
|
6f51e1 |
|
|
|
6f51e1 |
/* Place value in filter */
|
|
|
6f51e1 |
if (ldap_quote_filter_value(value->bv_val, value->bv_len,
|
|
|
6f51e1 |
- fp, max-fp, &valueLen)) { slapi_ch_free((void**)&filter); return 0; }
|
|
|
6f51e1 |
+ fp, max-fp, &valueLen)) {
|
|
|
6f51e1 |
+ slapi_ch_free((void**)&filter);
|
|
|
6f51e1 |
+ slapi_ch_free((void**)&attrLen);
|
|
|
6f51e1 |
+ return 0;
|
|
|
6f51e1 |
+ }
|
|
|
6f51e1 |
fp += valueLen;
|
|
|
6f51e1 |
|
|
|
6f51e1 |
strcpy(fp, ")");
|
|
|
6f51e1 |
diff --git a/ldap/servers/slapd/back-ldbm/import-threads.c b/ldap/servers/slapd/back-ldbm/import-threads.c
|
|
|
6f51e1 |
index 5b81427..087103b 100644
|
|
|
6f51e1 |
--- a/ldap/servers/slapd/back-ldbm/import-threads.c
|
|
|
6f51e1 |
+++ b/ldap/servers/slapd/back-ldbm/import-threads.c
|
|
|
6f51e1 |
@@ -1647,6 +1647,7 @@ upgradedn_producer(void *param)
|
|
|
6f51e1 |
}
|
|
|
6f51e1 |
e = slapi_str2entry_ext(normdn, NULL, data.dptr,
|
|
|
6f51e1 |
SLAPI_STR2ENTRY_USE_OBSOLETE_DNFORMAT);
|
|
|
6f51e1 |
+ slapi_ch_free_string(&rdn;;
|
|
|
6f51e1 |
}
|
|
|
6f51e1 |
} else {
|
|
|
6f51e1 |
e =
|
|
|
6f51e1 |
diff --git a/ldap/servers/slapd/index_subsystem.c b/ldap/servers/slapd/index_subsystem.c
|
|
|
6f51e1 |
index 57d4f58..8f9fe6d 100644
|
|
|
6f51e1 |
--- a/ldap/servers/slapd/index_subsystem.c
|
|
|
6f51e1 |
+++ b/ldap/servers/slapd/index_subsystem.c
|
|
|
6f51e1 |
@@ -185,27 +185,28 @@ static int index_subsys_index_matches_filter(indexEntry *index, Slapi_Filter *f)
|
|
|
6f51e1 |
*/
|
|
|
6f51e1 |
int index_subsys_assign_filter_decoders(Slapi_PBlock *pb)
|
|
|
6f51e1 |
{
|
|
|
6f51e1 |
- int rc;
|
|
|
6f51e1 |
+ int rc = 0;
|
|
|
6f51e1 |
Slapi_Filter *f;
|
|
|
6f51e1 |
char *subsystem = "index_subsys_assign_filter_decoders";
|
|
|
6f51e1 |
char logbuf[ 1024 ];
|
|
|
6f51e1 |
|
|
|
6f51e1 |
/* extract the filter */
|
|
|
6f51e1 |
slapi_pblock_get(pb, SLAPI_SEARCH_FILTER, &f);
|
|
|
6f51e1 |
+ if (f) {
|
|
|
6f51e1 |
+ if ( loglevel_is_set( LDAP_DEBUG_FILTER )) {
|
|
|
6f51e1 |
+ logbuf[0] = '\0';
|
|
|
6f51e1 |
+ slapi_log_err(SLAPI_LOG_DEBUG, subsystem, "before: %s\n",
|
|
|
6f51e1 |
+ slapi_filter_to_string(f, logbuf, sizeof(logbuf)));
|
|
|
6f51e1 |
+ }
|
|
|
6f51e1 |
|
|
|
6f51e1 |
- if ( loglevel_is_set( LDAP_DEBUG_FILTER ) && NULL != f ) {
|
|
|
6f51e1 |
- logbuf[0] = '\0';
|
|
|
6f51e1 |
- slapi_log_err(SLAPI_LOG_DEBUG, subsystem, "before: %s\n",
|
|
|
6f51e1 |
- slapi_filter_to_string(f, logbuf, sizeof(logbuf)));
|
|
|
6f51e1 |
- }
|
|
|
6f51e1 |
-
|
|
|
6f51e1 |
- /* find decoders */
|
|
|
6f51e1 |
- rc = index_subsys_assign_decoders(f);
|
|
|
6f51e1 |
+ /* find decoders */
|
|
|
6f51e1 |
+ rc = index_subsys_assign_decoders(f);
|
|
|
6f51e1 |
|
|
|
6f51e1 |
- if ( loglevel_is_set( LDAP_DEBUG_FILTER ) && NULL != f ) {
|
|
|
6f51e1 |
- logbuf[0] = '\0';
|
|
|
6f51e1 |
- slapi_log_err(SLAPI_LOG_DEBUG, subsystem, " after: %s\n",
|
|
|
6f51e1 |
- slapi_filter_to_string(f, logbuf, sizeof(logbuf)));
|
|
|
6f51e1 |
+ if ( loglevel_is_set( LDAP_DEBUG_FILTER )) {
|
|
|
6f51e1 |
+ logbuf[0] = '\0';
|
|
|
6f51e1 |
+ slapi_log_err(SLAPI_LOG_DEBUG, subsystem, " after: %s\n",
|
|
|
6f51e1 |
+ slapi_filter_to_string(f, logbuf, sizeof(logbuf)));
|
|
|
6f51e1 |
+ }
|
|
|
6f51e1 |
}
|
|
|
6f51e1 |
|
|
|
6f51e1 |
return rc;
|
|
|
6f51e1 |
diff --git a/ldap/servers/slapd/pw.c b/ldap/servers/slapd/pw.c
|
|
|
6f51e1 |
index 215c9eb..378d148 100644
|
|
|
6f51e1 |
--- a/ldap/servers/slapd/pw.c
|
|
|
6f51e1 |
+++ b/ldap/servers/slapd/pw.c
|
|
|
6f51e1 |
@@ -1512,6 +1512,7 @@ check_trivial_words (Slapi_PBlock *pb, Slapi_Entry *e, Slapi_Value **vals, char
|
|
|
6f51e1 |
ep = sp + strlen(sp);
|
|
|
6f51e1 |
ep = ldap_utf8prevn(sp, ep, toklen);
|
|
|
6f51e1 |
if (!ep || (sp >= ep)) {
|
|
|
6f51e1 |
+ slapi_ch_free_string(&sp);
|
|
|
6f51e1 |
continue;
|
|
|
6f51e1 |
}
|
|
|
6f51e1 |
/* See if the password contains the value */
|
|
|
6f51e1 |
diff --git a/ldap/servers/slapd/pw_verify.c b/ldap/servers/slapd/pw_verify.c
|
|
|
6f51e1 |
index 529bb83..a9fd9ec 100644
|
|
|
6f51e1 |
--- a/ldap/servers/slapd/pw_verify.c
|
|
|
6f51e1 |
+++ b/ldap/servers/slapd/pw_verify.c
|
|
|
6f51e1 |
@@ -103,7 +103,6 @@ pw_verify_be_dn(Slapi_PBlock *pb, Slapi_Entry **referral)
|
|
|
6f51e1 |
int
|
|
|
6f51e1 |
pw_validate_be_dn(Slapi_PBlock *pb, Slapi_Entry **referral)
|
|
|
6f51e1 |
{
|
|
|
6f51e1 |
- int rc = 0;
|
|
|
6f51e1 |
Slapi_Backend *be = NULL;
|
|
|
6f51e1 |
Slapi_DN *pb_sdn;
|
|
|
6f51e1 |
struct berval *cred;
|
|
|
6f51e1 |
diff --git a/ldap/servers/slapd/ssl.c b/ldap/servers/slapd/ssl.c
|
|
|
6f51e1 |
index f35b3f1..050e7b5 100644
|
|
|
6f51e1 |
--- a/ldap/servers/slapd/ssl.c
|
|
|
6f51e1 |
+++ b/ldap/servers/slapd/ssl.c
|
|
|
6f51e1 |
@@ -1418,12 +1418,10 @@ slapd_ssl_init()
|
|
|
6f51e1 |
errorCode = PR_GetError();
|
|
|
6f51e1 |
slapd_SSL_error("Failed to retrieve SSL "
|
|
|
6f51e1 |
"configuration information ("
|
|
|
6f51e1 |
- SLAPI_COMPONENT_NAME_NSPR " error %d - %s): "
|
|
|
6f51e1 |
+ SLAPI_COMPONENT_NAME_NSPR " error %d - not found): "
|
|
|
6f51e1 |
"nssslSessionTimeout: %s ",
|
|
|
6f51e1 |
- errorCode, slapd_pr_strerror(errorCode),
|
|
|
6f51e1 |
- (val ? "found" : "not found"));
|
|
|
6f51e1 |
- slapi_ch_free((void **) &val;;
|
|
|
6f51e1 |
- slapi_ch_free((void **) &ciphers);
|
|
|
6f51e1 |
+ errorCode, slapd_pr_strerror(errorCode));
|
|
|
6f51e1 |
+ slapi_ch_free((void **)&ciphers);
|
|
|
6f51e1 |
freeConfigEntry( &entry );
|
|
|
6f51e1 |
return -1;
|
|
|
6f51e1 |
}
|
|
|
6f51e1 |
diff --git a/ldap/servers/slapd/str2filter.c b/ldap/servers/slapd/str2filter.c
|
|
|
6f51e1 |
index ebd5c5d..744c93f 100644
|
|
|
6f51e1 |
--- a/ldap/servers/slapd/str2filter.c
|
|
|
6f51e1 |
+++ b/ldap/servers/slapd/str2filter.c
|
|
|
6f51e1 |
@@ -344,6 +344,7 @@ str2simple( char *str , int unescape_filter)
|
|
|
6f51e1 |
*endp = '\0';
|
|
|
6f51e1 |
rc = _parse_ext_filter(str, extp, &f->f_mr_type, &f->f_mr_oid, &f->f_mr_dnAttrs);
|
|
|
6f51e1 |
if (rc) {
|
|
|
6f51e1 |
+ slapi_filter_free(f, 1);
|
|
|
6f51e1 |
return NULL; /* error */
|
|
|
6f51e1 |
} else {
|
|
|
6f51e1 |
f->f_choice = LDAP_FILTER_EXTENDED;
|
|
|
6f51e1 |
diff --git a/ldap/servers/slapd/task.c b/ldap/servers/slapd/task.c
|
|
|
6f51e1 |
index ad52e9d..eabd517 100644
|
|
|
6f51e1 |
--- a/ldap/servers/slapd/task.c
|
|
|
6f51e1 |
+++ b/ldap/servers/slapd/task.c
|
|
|
6f51e1 |
@@ -2389,7 +2389,6 @@ task_fixup_tombstones_add(Slapi_PBlock *pb, Slapi_Entry *e, Slapi_Entry *eAfter,
|
|
|
6f51e1 |
slapi_task_finish(task, *returncode);
|
|
|
6f51e1 |
slapi_ch_array_free(base);
|
|
|
6f51e1 |
slapi_ch_free((void **)&task_data);
|
|
|
6f51e1 |
- return SLAPI_DSE_CALLBACK_ERROR;
|
|
|
6f51e1 |
}
|
|
|
6f51e1 |
|
|
|
6f51e1 |
done:
|
|
|
6f51e1 |
@@ -2507,9 +2506,9 @@ task_des2aes(Slapi_PBlock *pb, Slapi_Entry *e, Slapi_Entry *eAfter,
|
|
|
6f51e1 |
error:
|
|
|
6f51e1 |
if (rc == SLAPI_DSE_CALLBACK_ERROR){
|
|
|
6f51e1 |
slapi_ch_array_free(bases);
|
|
|
6f51e1 |
- slapi_ch_array_free(suffix);
|
|
|
6f51e1 |
slapi_ch_free((void **)&task_data);
|
|
|
6f51e1 |
}
|
|
|
6f51e1 |
+ slapi_ch_array_free(suffix);
|
|
|
6f51e1 |
return rc;
|
|
|
6f51e1 |
}
|
|
|
6f51e1 |
|
|
|
6f51e1 |
diff --git a/ldap/servers/slapd/vattr.c b/ldap/servers/slapd/vattr.c
|
|
|
6f51e1 |
index 34665de..599b54e 100644
|
|
|
6f51e1 |
--- a/ldap/servers/slapd/vattr.c
|
|
|
6f51e1 |
+++ b/ldap/servers/slapd/vattr.c
|
|
|
6f51e1 |
@@ -753,10 +753,10 @@ slapi_vattr_values_get_sp(vattr_context *c,
|
|
|
6f51e1 |
}
|
|
|
6f51e1 |
if (use_local_ctx) {
|
|
|
6f51e1 |
/* slapi_pblock_destroy cleans up pb_vattr_context, as well */
|
|
|
6f51e1 |
- slapi_pblock_destroy(local_pb);
|
|
|
6f51e1 |
- } else {
|
|
|
6f51e1 |
- vattr_context_ungrok(&c);
|
|
|
6f51e1 |
+ slapi_pblock_destroy(local_pb);
|
|
|
6f51e1 |
+ ctx->pb = NULL;
|
|
|
6f51e1 |
}
|
|
|
6f51e1 |
+ vattr_context_ungrok(&ctx;;
|
|
|
6f51e1 |
return rc;
|
|
|
6f51e1 |
}
|
|
|
6f51e1 |
|
|
|
6f51e1 |
diff --git a/src/libsds/sds/bpt/map.c b/src/libsds/sds/bpt/map.c
|
|
|
6f51e1 |
index 4205aa5..2c3468b 100644
|
|
|
6f51e1 |
--- a/src/libsds/sds/bpt/map.c
|
|
|
6f51e1 |
+++ b/src/libsds/sds/bpt/map.c
|
|
|
6f51e1 |
@@ -18,6 +18,7 @@ sds_bptree_map_nodes(sds_bptree_instance *binst, sds_bptree_node *root, sds_resu
|
|
|
6f51e1 |
sds_bptree_node_list *tail = cur;
|
|
|
6f51e1 |
|
|
|
6f51e1 |
if (binst == NULL) {
|
|
|
6f51e1 |
+ sds_free(cur);
|
|
|
6f51e1 |
return SDS_NULL_POINTER;
|
|
|
6f51e1 |
}
|
|
|
6f51e1 |
|
|
|
6f51e1 |
--
|
|
|
6f51e1 |
2.9.3
|
|
|
6f51e1 |
|