Full_Name: Konstantin Andreev
Version: 2.4.48
OS: Solaris 11.3 x64
URL:
Submission from: (NULL) (79.135.238.172)
servers/slapd/back-mdb/id2entry.c`mdb_entry_decode() leaks allocated [Entry] on
error.
Here is a fix for the master branch:
--- a/servers/slapd/back-mdb/id2entry.c
+++ b/servers/slapd/back-mdb/id2entry.c
@@ -1130,8 +1130,12 @@ done:
*e = x;
rc = 0;
-leave:
+clr_mvc:
if (mvc)
mdb_cursor_close(mvc);
return rc;
+leave:
+ /* can't mdb_entry_return() because [Entry *x] init is incomplete */
+ op->o_tmpfree( x, op->o_tmpmemctx );
+ goto clr_mvc;
}
and for 2.4 branch, if you care:
--- a/servers/slapd/back-mdb/id2entry.c
+++ b/servers/slapd/back-mdb/id2entry.c
@@ -695,12 +695,13 @@
if (i > mdb->mi_numads) {
rc = mdb_ad_read(mdb, txn);
if (rc)
- return rc;
+ goto leave;
if (i > mdb->mi_numads) {
Debug( LDAP_DEBUG_ANY,
"mdb_entry_decode: attribute index %d
not recognized\n",
i, 0, 0 );
- return LDAP_OTHER;
+ rc = LDAP_OTHER;
+ goto leave;
}
}
a->a_desc = mdb->mi_ads[i];
@@ -745,7 +746,7 @@
Debug( LDAP_DEBUG_ANY,
"mdb_entry_decode: attributeType %s
value #%d provided more than once\n",
a->a_desc->ad_cname.bv_val, j, 0 );
- return rc;
+ goto leave;
}
}
a->a_next = a+1;
@@ -758,4 +759,8 @@
0, 0, 0 );
*e = x;
return 0;
+leave:
+ /* can't mdb_entry_return() because [Entry *x] init is incomplete */
+ op->o_tmpfree( x, op->o_tmpmemctx );
+ return rc;
}
