[PATCH]
swen
swen at linux.ibm.com
Wed Jul 31 10:20:57 UTC 2019
Patchset containing 2 small fixes for possible memleaks in error
scenarios.
Patchset passed gitlab-ci test runs and a merge requet is created.
https://gitlab.com/samba-team/samba/merge_requests/679
Please review and push if happy.
Thanks for your support in advance.
Cheers Swen
-------------- next part --------------
From 108ab557fc807cd2289a56601b05471822336501 Mon Sep 17 00:00:00 2001
From: Swen Schillig <swen at linux.ibm.com>
Date: Wed, 31 Jul 2019 10:15:17 +0200
Subject: [PATCH 1/2] ldb: Prevent mem-leak in error case
Free previously allocted memory if new alloc fails
Signed-off-by: Swen Schillig <swen at linux.ibm.com>
---
lib/ldb/common/ldb_dn.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/lib/ldb/common/ldb_dn.c b/lib/ldb/common/ldb_dn.c
index eccb4a0ce4b..62f543cf452 100644
--- a/lib/ldb/common/ldb_dn.c
+++ b/lib/ldb/common/ldb_dn.c
@@ -340,6 +340,7 @@ static bool ldb_dn_explode(struct ldb_dn *dn)
/* Components data space is allocated here once */
data = talloc_array(dn->components, char, strlen(parse_dn) + 1);
if (!data) {
+ LDB_FREE(dn->components);
return false;
}
--
2.20.1
From ce64df7f9d4d808dd33af9075f9dde63f5668141 Mon Sep 17 00:00:00 2001
From: Swen Schillig <swen at linux.ibm.com>
Date: Wed, 31 Jul 2019 10:27:37 +0200
Subject: [PATCH 2/2] ldb: Fix mem-leak if talloc_realloc fails
In case of a failing talloc_realloc(), the only reference
to the originally allocated memory is overwritten.
Instead use a temp var until success is verified.
Signed-off-by: Swen Schillig <swen at linux.ibm.com>
---
lib/ldb/common/ldb_dn.c | 15 ++++++++++-----
1 file changed, 10 insertions(+), 5 deletions(-)
diff --git a/lib/ldb/common/ldb_dn.c b/lib/ldb/common/ldb_dn.c
index 62f543cf452..ccc5ea329df 100644
--- a/lib/ldb/common/ldb_dn.c
+++ b/lib/ldb/common/ldb_dn.c
@@ -377,6 +377,7 @@ static bool ldb_dn_explode(struct ldb_dn *dn)
}
if (in_ex_value && *p == '>') {
+ struct ldb_dn_ext_component *ext_comp = NULL;
const struct ldb_dn_extended_syntax *ext_syntax;
struct ldb_val ex_val = {
.data = (uint8_t *)ex_value,
@@ -389,15 +390,19 @@ static bool ldb_dn_explode(struct ldb_dn *dn)
/* Process name and ex_value */
- dn->ext_components = talloc_realloc(dn,
- dn->ext_components,
- struct ldb_dn_ext_component,
- dn->ext_comp_num + 1);
- if ( ! dn->ext_components) {
+ ext_comp =
+ talloc_realloc(dn,
+ dn->ext_components,
+ struct ldb_dn_ext_component,
+ dn->ext_comp_num + 1);
+
+ if (ext_comp == NULL) {
/* ouch ! */
goto failed;
}
+ dn->ext_components = ext_comp;
+
ext_syntax = ldb_dn_extended_syntax_by_name(dn->ldb, ex_name);
if (!ext_syntax) {
/* We don't know about this type of extended DN */
--
2.20.1
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: This is a digitally signed message part
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20190731/045d9c86/signature.sig>
More information about the samba-technical
mailing list