[PATCH]

swen swen at linux.ibm.com
Wed Jul 31 10:20:57 UTC 2019 

Patchset containing 2 small fixes for possible memleaks in error
scenarios.

Patchset passed gitlab-ci test runs and a merge requet is created.

https://gitlab.com/samba-team/samba/merge_requests/679

Please review and push if happy.

Thanks for your support in advance.

Cheers Swen
-------------- next part --------------
From 108ab557fc807cd2289a56601b05471822336501 Mon Sep 17 00:00:00 2001
From: Swen Schillig <swen at linux.ibm.com>
Date: Wed, 31 Jul 2019 10:15:17 +0200
Subject: [PATCH 1/2] ldb: Prevent mem-leak in error case

Free previously allocted memory if new alloc fails

Signed-off-by: Swen Schillig <swen at linux.ibm.com>
---
 lib/ldb/common/ldb_dn.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/lib/ldb/common/ldb_dn.c b/lib/ldb/common/ldb_dn.c
index eccb4a0ce4b..62f543cf452 100644
--- a/lib/ldb/common/ldb_dn.c
+++ b/lib/ldb/common/ldb_dn.c
@@ -340,6 +340,7 @@ static bool ldb_dn_explode(struct ldb_dn *dn)
 	/* Components data space is allocated here once */
 	data = talloc_array(dn->components, char, strlen(parse_dn) + 1);
 	if (!data) {
+		LDB_FREE(dn->components);
 		return false;
 	}
 
-- 
2.20.1


From ce64df7f9d4d808dd33af9075f9dde63f5668141 Mon Sep 17 00:00:00 2001
From: Swen Schillig <swen at linux.ibm.com>
Date: Wed, 31 Jul 2019 10:27:37 +0200
Subject: [PATCH 2/2] ldb: Fix mem-leak if talloc_realloc fails

In case of a failing talloc_realloc(), the only reference
to the originally allocated memory is overwritten.
Instead use a temp var until success is verified.

Signed-off-by: Swen Schillig <swen at linux.ibm.com>
---
 lib/ldb/common/ldb_dn.c | 15 ++++++++++-----
 1 file changed, 10 insertions(+), 5 deletions(-)

diff --git a/lib/ldb/common/ldb_dn.c b/lib/ldb/common/ldb_dn.c
index 62f543cf452..ccc5ea329df 100644
--- a/lib/ldb/common/ldb_dn.c
+++ b/lib/ldb/common/ldb_dn.c
@@ -377,6 +377,7 @@ static bool ldb_dn_explode(struct ldb_dn *dn)
 			}
 
 			if (in_ex_value && *p == '>') {
+				struct ldb_dn_ext_component *ext_comp = NULL;
 				const struct ldb_dn_extended_syntax *ext_syntax;
 				struct ldb_val ex_val = {
 					.data = (uint8_t *)ex_value,
@@ -389,15 +390,19 @@ static bool ldb_dn_explode(struct ldb_dn *dn)
 
 				/* Process name and ex_value */
 
-				dn->ext_components = talloc_realloc(dn,
-								    dn->ext_components,
-								    struct ldb_dn_ext_component,
-								    dn->ext_comp_num + 1);
-				if ( ! dn->ext_components) {
+				ext_comp =
+					talloc_realloc(dn,
+						       dn->ext_components,
+						       struct ldb_dn_ext_component,
+						       dn->ext_comp_num + 1);
+
+				if (ext_comp == NULL) {
 					/* ouch ! */
 					goto failed;
 				}
 
+				dn->ext_components = ext_comp;
+
 				ext_syntax = ldb_dn_extended_syntax_by_name(dn->ldb, ex_name);
 				if (!ext_syntax) {
 					/* We don't know about this type of extended DN */
-- 
2.20.1

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: This is a digitally signed message part
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20190731/045d9c86/signature.sig>

More information about the samba-technical mailing list