Hi, the attached patch fixes: https://fedorahosted.org/sssd/ticket/2959
It was confirmed by the original reporter. The bug was there since 2009, by the way, I'm really suprised we only caught it now..
>From 0e734587a8fc4bb0160a2a7cbb5fae2054d5283c Mon Sep 17 00:00:00 2001 From: Jakub Hrozek <jhro...@redhat.com> Date: Fri, 19 Feb 2016 15:50:12 +0100 Subject: [PATCH] memberof: Don't allocate on a NULL context https://fedorahosted.org/sssd/ticket/2959 In case no previous delete operation occured, the del_ctx->muops pointer we allocate the diff structure was would be NULL, effectivelly leaking the diff array during the memberof processing. Allocating on del_ctx is safer as that pointer is always allocated and prevents the leak. --- src/ldb_modules/memberof.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/ldb_modules/memberof.c b/src/ldb_modules/memberof.c index 83d93196c34854d75fcd8ac91ad056f64b26b659..2fd3bfed3dfb2cc9941df5a383190c70b2f260a5 100644 --- a/src/ldb_modules/memberof.c +++ b/src/ldb_modules/memberof.c @@ -2145,7 +2145,7 @@ static int mbof_del_mod_entry(struct mbof_del_operation *delop) if (!el || !el->num_values) { return LDB_ERR_OPERATIONS_ERROR; } - diff = talloc_array(del_ctx->muops, struct ldb_dn *, + diff = talloc_array(del_ctx, struct ldb_dn *, el->num_values + 1); if (!diff) { return LDB_ERR_OPERATIONS_ERROR; -- 2.4.3
_______________________________________________ sssd-devel mailing list sssd-devel@lists.fedorahosted.org https://lists.fedorahosted.org/admin/lists/sssd-devel@lists.fedorahosted.org