[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Memory leak in ldap_build_search_req (ITS#331)
Full_Name: Yuri Rabover
Version: 1.2.7
OS: FreeBSD, Solaris
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (206.86.147.19)
ldap_build_search_req (RCSID:1.4.2.3.2.2) at line 139 contains the
following piece of code:
err = ber_printf( ber, "{it{seeiib", ++ld->ld_msgid,
LDAP_REQ_SEARCH, base, scope, ld->ld_deref,
ld->ld_sizelimit, ld->ld_timelimit, attrsonly );
#ifdef LDAP_CONNECTIONLESS
}
#endif /* LDAP_CONNECTIONLESS */
if ( err == -1 ) {
ld->ld_errno = LDAP_ENCODING_ERROR;
ber_free( ber, 1 );
return( NULLBER );
}
filter = ldap_strdup( filter );
err = put_filter( ber, filter );
free( filter );
if ( err == -1 ) {
ld->ld_errno = LDAP_FILTER_ERROR;
ber_free( ber, 1 );
return( NULLBER );
}
if ( ber_printf( ber, "{v}}}", attrs ) == -1 ) {
ld->ld_errno = LDAP_ENCODING_ERROR;
ber_free( ber, 1 );
return( NULLBER );
}
return( ber );
The first ber_printf starts the new sequence by calling ber_start_seq
and allocates a chunk of memory for it in ber_start_seqorset. This memory is
normally freed in the closing ber_printf(ber, "{v}}}"...). But if put_filter
fails with an error (for example, because of the invalid filter spec), the
closing ber_printf is never called and this memory is never freed. It results
in a memory leak of 48 bytes per ldap_search with an invalid filter.
The possible fix might be to check the validity of the filter BEFORE
starting the sequence.