[PATCH] ldb: check return values

Andrej Gessel andrej.gessel at janztec.com
Thu Jun 21 21:32:47 UTC 2018 

Hello Jeremy,

Hello Volker,

I updated my patches. Current Gitlab pipeline: 
https://gitlab.com/samba-team/devel/samba/pipelines/24335681


Thanks,

Andrej



Am 21.06.2018 um 18:59 schrieb Jeremy Allison:
> On Thu, Jun 21, 2018 at 04:21:03PM +0000, Andrej Gessel via samba-technical wrote:
>> Hello Volker,
>>
>>
>> yes, you are right. I found some more of another mem leaks like this one. So I can resent the patchset with additional changes or you can review this one and i open new thread for other changes.
>>
>> What would you prefer?
> Can you update this patch with the fixes for the mem
> leak in this specific function ? We can then review and
> push as-is, then you can send more patches along as
> you find them.
>
> Jeremy

-------------- next part --------------
From f84042cb2c2d4ca8ced772b1eb39b2f2ebb84bb2 Mon Sep 17 00:00:00 2001
From: Andrej Gessel <Andrej.Gessel at janztec.com>
Date: Fri, 15 Jun 2018 11:02:15 +0200
Subject: [PATCH 1/2] ldb: check return values

Signed-off-by: Andrej Gessel <Andrej.Gessel at janztec.com>
---
 lib/ldb/ldb_tdb/ldb_index.c  | 7 +++++++
 lib/ldb/ldb_tdb/ldb_search.c | 5 ++++-
 2 files changed, 11 insertions(+), 1 deletion(-)

diff --git a/lib/ldb/ldb_tdb/ldb_index.c b/lib/ldb/ldb_tdb/ldb_index.c
index d59b4b1..9ef786f 100644
--- a/lib/ldb/ldb_tdb/ldb_index.c
+++ b/lib/ldb/ldb_tdb/ldb_index.c
@@ -450,6 +450,10 @@ normal_index:
 
 		list->count = el->values[0].length / LTDB_GUID_SIZE;
 		list->dn = talloc_array(list, struct ldb_val, list->count);
+		if (list->dn == NULL) {
+			talloc_free(msg);
+			return LDB_ERR_OPERATIONS_ERROR;
+		}
 
 		/*
 		 * The actual data is on msg, due to
@@ -715,6 +719,9 @@ static int ltdb_dn_list_store(struct ldb_module *module, struct ldb_dn *dn,
 	}
 
 	key.dptr = discard_const_p(unsigned char, ldb_dn_get_linearized(dn));
+	if (key.dptr == NULL) {
+		return LDB_ERR_OPERATIONS_ERROR;
+	}
 	key.dsize = strlen((char *)key.dptr);
 
 	rec = tdb_fetch(ltdb->idxptr->itdb, key);
diff --git a/lib/ldb/ldb_tdb/ldb_search.c b/lib/ldb/ldb_tdb/ldb_search.c
index 18f8405..832be9a 100644
--- a/lib/ldb/ldb_tdb/ldb_search.c
+++ b/lib/ldb/ldb_tdb/ldb_search.c
@@ -102,8 +102,11 @@ static int msg_add_distinguished_name(struct ldb_message *msg)
 	el.values = &val;
 	el.flags = 0;
 	val.data = (uint8_t *)ldb_dn_alloc_linearized(msg, msg->dn);
+	if (val.data == NULL) {
+		return -1;
+	}
 	val.length = strlen((char *)val.data);
-	
+
 	ret = msg_add_element(msg, &el, 1);
 	return ret;
 }
-- 
2.7.4


From d2990bcc83cbc252e6b4b1d279f3f565afcfabe7 Mon Sep 17 00:00:00 2001
From: Andrej Gessel <Andrej.Gessel at janztec.com>
Date: Tue, 19 Jun 2018 10:07:51 +0200
Subject: [PATCH 2/2] check return value before using key_values

there are also mem leaks in this function

Signed-off-by: Andrej Gessel <Andrej.Gessel at janztec.com>
---
 lib/ldb/ldb_tdb/ldb_index.c | 13 ++++++++++---
 1 file changed, 10 insertions(+), 3 deletions(-)

diff --git a/lib/ldb/ldb_tdb/ldb_index.c b/lib/ldb/ldb_tdb/ldb_index.c
index 9ef786f..fb60612 100644
--- a/lib/ldb/ldb_tdb/ldb_index.c
+++ b/lib/ldb/ldb_tdb/ldb_index.c
@@ -1765,13 +1765,14 @@ static int ltdb_index_filter(struct ltdb_private *ltdb,
 					  struct guid_tdb_key,
 					  dn_list->count);
 
+		if (key_values == NULL) {
+			talloc_free(keys);
+			return ldb_module_oom(ac->module);
+		}
 		for (i = 0; i < dn_list->count; i++) {
 			keys[i].dptr = key_values[i].guid_key;
 			keys[i].dsize = sizeof(key_values[i].guid_key);
 		}
-		if (key_values == NULL) {
-			return ldb_module_oom(ac->module);
-		}
 	} else {
 		for (i = 0; i < dn_list->count; i++) {
 			keys[i].dptr = NULL;
@@ -1788,6 +1789,7 @@ static int ltdb_index_filter(struct ltdb_private *ltdb,
 				      &dn_list->dn[i],
 				      &keys[num_keys]);
 		if (ret != LDB_SUCCESS) {
+			talloc_free(keys);
 			return ret;
 		}
 
@@ -1825,6 +1827,7 @@ static int ltdb_index_filter(struct ltdb_private *ltdb,
 		bool matched;
 		msg = ldb_msg_new(ac);
 		if (!msg) {
+			talloc_free(keys);
 			return LDB_ERR_OPERATIONS_ERROR;
 		}
 
@@ -1845,6 +1848,7 @@ static int ltdb_index_filter(struct ltdb_private *ltdb,
 
 		if (ret != LDB_SUCCESS && ret != LDB_ERR_NO_SUCH_OBJECT) {
 			/* an internal error */
+			talloc_free(keys);
 			talloc_free(msg);
 			return LDB_ERR_OPERATIONS_ERROR;
 		}
@@ -1867,6 +1871,7 @@ static int ltdb_index_filter(struct ltdb_private *ltdb,
 		}
 
 		if (ret != LDB_SUCCESS) {
+			talloc_free(keys);
 			talloc_free(msg);
 			return ret;
 		}
@@ -1881,6 +1886,7 @@ static int ltdb_index_filter(struct ltdb_private *ltdb,
 		talloc_free(msg);
 
 		if (ret == -1) {
+			talloc_free(keys);
 			return LDB_ERR_OPERATIONS_ERROR;
 		}
 
@@ -1890,6 +1896,7 @@ static int ltdb_index_filter(struct ltdb_private *ltdb,
 			 * is the callbacks responsiblity, and should
 			 * not be talloc_free()'ed */
 			ac->request_terminated = true;
+			talloc_free(keys);
 			return ret;
 		}
 
-- 
2.7.4

More information about the samba-technical mailing list