[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: ldap_sasl_interactive_bind_s leaks? (ITS#2423)



  This message is in MIME format.  The first part should be readable text,
  while the remaining parts are likely unreadable without MIME-aware tools.
  Send mail to mime@docserver.cac.washington.edu for more info.

---559023410-1903590565-1050331194=:16363
Content-Type: TEXT/PLAIN; CHARSET=US-ASCII
Content-ID: <Pine.GSO.4.53.0304141044111.16363@pula.ypass.net>


On Sat, 5 Apr 2003, Howard Chu wrote:

> > -----Original Message-----
> > From: Igor Brezac [mailto:igor@ipass.net]
>
> > On Sat, 5 Apr 2003, Howard Chu wrote:
> > > > Anyway,
> > > > ldap_sasl_interactive_bind_s() frees
> > > > SASL_INTERACT prompt result, but I do not think it frees
> > > > other prompt buffers.
> > > > I looked throught sources for ldapsearch and slurpd, but I
> > > > did not find ways to
> > > > free the buffers allocated in _ldap_interact.
>
> > > It appears that _ldap_interact doesn't need to malloc the result at all.
> We
> > > can fix this easily enough. However there appear to be more leaks in
> Cyrus
> >
> > True.  I tried without malloc and it works fine.  However, the leak is
> > still there.  There is something else wrong.
>
> The code in ldap_int_sasl_bind() to free the prompts was hopeless because it
> only examined the first prompts structure, but usually SASL gives an array of
> prompts. It is too clumsy to try to manage this in libldap, especially given
> the possibility of different libraries using different malloc()s, so I have
> ripped out that code.
>
> I have updated liblutil to manage results more thoroughly, and added a
> lutil_sasl_freedefs() function to cleanup after the SASL bind completes.
> Please use this new design as a model for your own code.

It turns out cyrus DIGEST-MD5 is not leaking.  Openldap API does not call
sasl_done() to clear cyrus-sasl buffers.  Your ldapsearch.c patch includes
sasl_done(), but I think this is a wrong solution: ldapsearch needs to be
explicitely linked with -lsasl2 and if cyrus sasl is not configured with
openldap, the compile will fail.

I think sasl_done() needs to be called during ldap_unbind() and
ldap_int_sasl_init() needs to be called every time ldap_init(ialize)()
runs rather than just once.  Please see attached patch.  My patch also
fixes threadsafe issue in ldap_int_sasl_init().

-- 
Igor
---559023410-1903590565-1050331194=:16363
Content-Type: TEXT/PLAIN; CHARSET=US-ASCII; NAME="openldap.patch"
Content-Transfer-Encoding: BASE64
Content-ID: <Pine.GSO.4.53.0304141039540.16363@pula.ypass.net>
Content-Description: 
Content-Disposition: ATTACHMENT; FILENAME="openldap.patch"

LS0tIGxpYnJhcmllcy9saWJsZGFwL29yaWcvY3lydXMuYwlNb24gQXByIDE0
IDEwOjIxOjE4IDIwMDMNCisrKyBsaWJyYXJpZXMvbGlibGRhcC9jeXJ1cy5j
CU1vbiBBcHIgMTQgMTA6MjU6NTUgMjAwMw0KQEAgLTEsNCArMSw0IEBADQot
LyogJE9wZW5MREFQOiBwa2cvbGRhcC9saWJyYXJpZXMvbGlibGRhcC9jeXJ1
cy5jLHYgMS40NS4yLjE3IDIwMDMvMDMvMDMgMTc6MTA6MDQga3VydCBFeHAg
JCAqLw0KKy8qICRPcGVuTERBUDogL2xpYnJhcmllcy9saWJsZGFwL2N5cnVz
LmMsdiAxLjgxIDIwMDMvMDQvMDUgMjI6NDc6NTUgaHljIEV4cCAkICovDQog
LyoNCiAgKiBDb3B5cmlnaHQgMTk5OS0yMDAzIFRoZSBPcGVuTERBUCBGb3Vu
ZGF0aW9uLCBBbGwgUmlnaHRzIFJlc2VydmVkLg0KICAqIENPUFlJTkcgUkVT
VFJJQ1RJT05TIEFQUExZLCBzZWUgQ09QWVJJR0hUIGZpbGUNCkBAIC0zOSwx
MCArMzksOCBAQA0KICogVmFyaW91cyBDeXJ1cyBTQVNMIHJlbGF0ZWQgc3R1
ZmYuDQogKi8NCiANCi1pbnQgbGRhcF9pbnRfc2FzbF9pbml0KCB2b2lkICkN
CitpbnQgbGRhcF9pbnRfc2FzbF9pbml0KCBzdHJ1Y3QgbGRhcG9wdGlvbnMg
KmdvcHRzICkNCiB7DQotCS8qIFhYWCBub3QgdGhyZWFkc2FmZSAqLw0KLQlz
dGF0aWMgaW50IHNhc2xfaW5pdGlhbGl6ZWQgPSAwOw0KIA0KIAlzdGF0aWMg
c2FzbF9jYWxsYmFja190IGNsaWVudF9jYWxsYmFja3NbXSA9IHsNCiAjaWZk
ZWYgU0FTTF9DQl9HRVRSRUFMTQ0KQEAgLTc4LDcgKzc2LDcgQEANCiAJfQ0K
IAl9DQogI2VuZGlmDQotCWlmICggc2FzbF9pbml0aWFsaXplZCApIHsNCisJ
aWYgKCBnb3B0cy0+c2FzbF9pbml0aWFsaXplZCA9PSBMREFQX1NBU0xfSU5J
VElBTElaRUQgKSB7DQogCQlyZXR1cm4gMDsNCiAJfQ0KIA0KQEAgLTEwMiw3
ICsxMDAsNyBAQA0KICNlbmRpZg0KIA0KIAlpZiAoIHNhc2xfY2xpZW50X2lu
aXQoIGNsaWVudF9jYWxsYmFja3MgKSA9PSBTQVNMX09LICkgew0KLQkJc2Fz
bF9pbml0aWFsaXplZCA9IDE7DQorCQlnb3B0cy0+c2FzbF9pbml0aWFsaXpl
ZCA9IExEQVBfU0FTTF9JTklUSUFMSVpFRDsNCiAJCXJldHVybiAwOw0KIAl9
DQogDQpAQCAtNTI5LDcgKzUyNyw2IEBADQogCXNhc2xfc3NmX3QJCSpzc2Yg
PSBOVUxMOw0KIAlzYXNsX2Nvbm5fdAkqY3R4Ow0KIAlzYXNsX2ludGVyYWN0
X3QgKnByb21wdHMgPSBOVUxMOw0KLQljb25zdCB2b2lkICpwcm9tcHRyZXN1
bHQgPSBOVUxMOw0KIAl1bnNpZ25lZCBjcmVkbGVuOw0KIAlzdHJ1Y3QgYmVy
dmFsIGNjcmVkOw0KIAliZXJfc29ja2V0X3QJCXNkOw0KQEAgLTU5MCw5ICs1
ODcsNiBAQA0KIAkJCSZjcmVkbGVuLA0KIAkJCSZtZWNoICk7DQogDQotCQkv
KiBDeXJ1cyBTQVNMIGxpYnJhcnkgZG9lc24ndCBpbml0aWFsaXplIHRoZSBw
cm9tcHQgcmVzdWx0IHBvaW50ZXIgKi8NCi0JCWlmKCBwcm9tcHRyZXN1bHQg
PT0gTlVMTCAmJiBwcm9tcHRzICE9IE5VTEwgKSBwcm9tcHRzLT5yZXN1bHQg
PSBOVUxMOw0KLQ0KIAkJaWYoIHBtZWNoID09IE5VTEwgJiYgbWVjaCAhPSBO
VUxMICkgew0KIAkJCXBtZWNoID0gbWVjaDsNCiANCkBAIC02MDgsMTEgKzYw
Miw2IEBADQogCQkJaWYoICFpbnRlcmFjdCApIGJyZWFrOw0KIAkJCXJlcyA9
IChpbnRlcmFjdCkoIGxkLCBmbGFncywgZGVmYXVsdHMsIHByb21wdHMgKTsN
CiANCi0JCQkvKiBrZWVwIGEgcG9pbnRlciB0byB0aGUgcHJvbXB0IHJlc3Vs
dCBzbyB3ZSBjYW4gZnJlZSBpdA0KLQkJCSAqIGFmdGVyIEN5cnVzIFNBU0wg
aGFzIGNvbnN1bWVkIHRoZSBwcm9tcHRzLg0KLQkJCSAqLw0KLQkJCXByb21w
dHJlc3VsdCA9IHByb21wdHMtPnJlc3VsdDsNCi0NCiAJCQlpZiggcmVzICE9
IExEQVBfU1VDQ0VTUyApIGJyZWFrOw0KIAkJfQ0KIAl9IHdoaWxlICggc2Fz
bHJjID09IFNBU0xfSU5URVJBQ1QgKTsNCkBAIC02ODgsOSArNjc3LDYgQEAN
CiAJCQkJKFNBU0xfQ09OU1QgY2hhciAqKikmY2NyZWQuYnZfdmFsLA0KIAkJ
CQkmY3JlZGxlbiApOw0KIA0KLQkJCS8qIFNBU0wgbGlicmFyeSBkb2Vzbid0
IGluaXRpYWxpemUgdGhlIHByb21wdCByZXN1bHQgcG9pbnRlciAqLw0KLQkJ
CWlmKCBwcm9tcHRyZXN1bHQgPT0gTlVMTCAmJiBwcm9tcHRzICE9IE5VTEwg
KSBwcm9tcHRzLT5yZXN1bHQgPSBOVUxMOw0KLQ0KICNpZmRlZiBORVdfTE9H
R0lORw0KIAkJCQlMREFQX0xPRyAoIFRSQU5TUE9SVCwgREVUQUlMMSwgDQog
CQkJCQkibGRhcF9pbnRfc2FzbF9iaW5kOiBzYXNsX2NsaWVudF9zdGVwOiAl
ZFxuIiwgc2FzbHJjLDAsMCApOw0KQEAgLTcwMywxMiArNjg5LDYgQEANCiAJ
CQkJaW50IHJlczsNCiAJCQkJaWYoICFpbnRlcmFjdCApIGJyZWFrOw0KIAkJ
CQlyZXMgPSAoaW50ZXJhY3QpKCBsZCwgZmxhZ3MsIGRlZmF1bHRzLCBwcm9t
cHRzICk7DQotDQotCQkJCS8qIGtlZXAgYSBwb2ludGVyIHRvIHRoZSBwcm9t
cHQgcmVzdWx0IHNvIHdlIGNhbiBmcmVlIGl0DQotCQkJCSAqIGFmdGVyIEN5
cnVzIFNBU0wgaGFzIGNvbnN1bWVkIHRoZSBwcm9tcHRzLg0KLQkJCQkgKi8N
Ci0JCQkJcHJvbXB0cmVzdWx0ID0gcHJvbXB0cy0+cmVzdWx0Ow0KLQ0KIAkJ
CQlpZiggcmVzICE9IExEQVBfU1VDQ0VTUyApIGJyZWFrOw0KIAkJCX0NCiAJ
CX0gd2hpbGUgKCBzYXNscmMgPT0gU0FTTF9JTlRFUkFDVCApOw0KQEAgLTc2
OCw4ICs3NDgsNiBAQA0KIAl9DQogDQogZG9uZToNCi0JLyogZnJlZSB0aGUg
bGFzdCBwcm9tcHQgcmVzdWx0ICovDQotCUxEQVBfRlJFRSgodm9pZCopcHJv
bXB0cmVzdWx0KTsNCiAJcmV0dXJuIHJjOw0KIH0NCiANCi0tLSBsaWJyYXJp
ZXMvbGlibGRhcC9vcmlnL2luaXQuYwlNb24gQXByIDE0IDEwOjIxOjE4IDIw
MDMNCisrKyBsaWJyYXJpZXMvbGlibGRhcC9pbml0LmMJTW9uIEFwciAxNCAx
MDoyMTo0MyAyMDAzDQpAQCAtNjAxLDUgKzYwMSw0IEBADQogDQogCW9wZW5s
ZGFwX2xkYXBfaW5pdF93X2Vudihnb3B0cywgTlVMTCk7DQogDQotCWxkYXBf
aW50X3Nhc2xfaW5pdCgpOw0KIH0NCi0tLSBsaWJyYXJpZXMvbGlibGRhcC9v
cmlnL2xkYXAtaW50LmgJTW9uIEFwciAxNCAxMDoyMToxOCAyMDAzDQorKysg
bGlicmFyaWVzL2xpYmxkYXAvbGRhcC1pbnQuaAlNb24gQXByIDE0IDEwOjIx
OjQzIDIwMDMNCkBAIC0xNTUsNiArMTU1LDkgQEANCiAJY2hhcioJbGRvX2Rl
ZmJpbmRkbjsJLyogYmluZCBkbiAqLw0KIA0KICNpZmRlZiBIQVZFX0NZUlVT
X1NBU0wNCisJc2hvcnQgc2FzbF9pbml0aWFsaXplZDsNCisjZGVmaW5lIExE
QVBfU0FTTF9VTklOSVRJQUxJWkVECTB4MA0KKyNkZWZpbmUgTERBUF9TQVNM
X0lOSVRJQUxJWkVECTB4MQ0KIAljaGFyKglsZG9fZGVmX3Nhc2xfbWVjaDsJ
CS8qIFNBU0wgTWVjaGFuaXNtKHMpICovDQogCWNoYXIqCWxkb19kZWZfc2Fz
bF9yZWFsbTsJCS8qIFNBU0wgcmVhbG0gKi8NCiAJY2hhcioJbGRvX2RlZl9z
YXNsX2F1dGhjaWQ7CS8qIFNBU0wgYXV0aGVudGljYXRpb24gaWRlbnRpdHkg
Ki8NCkBAIC01MzQsNyArNTM3LDcgQEANCiAgKiBpbiBjeXJ1cy5jDQogICov
DQogDQotTERBUF9GIChpbnQpIGxkYXBfaW50X3Nhc2xfaW5pdCBMREFQX1Ao
KCB2b2lkICkpOw0KK0xEQVBfRiAoaW50KSBsZGFwX2ludF9zYXNsX2luaXQg
TERBUF9QKCggc3RydWN0IGxkYXBvcHRpb25zICogKSk7DQogDQogTERBUF9G
IChpbnQpIGxkYXBfaW50X3Nhc2xfb3BlbiBMREFQX1AoKA0KIAlMREFQICps
ZCwgTERBUENvbm4gKmNvbm4sDQotLS0gbGlicmFyaWVzL2xpYmxkYXAvb3Jp
Zy9vcGVuLmMJTW9uIEFwciAxNCAxMDoyMToxOCAyMDAzDQorKysgbGlicmFy
aWVzL2xpYmxkYXAvb3Blbi5jCU1vbiBBcHIgMTQgMTA6MjE6NDMgMjAwMw0K
QEAgLTEwMSw2ICsxMDEsOCBAQA0KIAkJcmV0dXJuIExEQVBfTk9fTUVNT1JZ
Ow0KIAl9DQogDQorCWxkYXBfaW50X3Nhc2xfaW5pdChnb3B0cyk7DQorDQog
CS8qIEluaXRpYWxpemUgdGhlIGdsb2JhbCBvcHRpb25zLCBpZiBub3QgYWxy
ZWFkeSBkb25lLiAqLw0KIAlpZiggZ29wdHMtPmxkb192YWxpZCAhPSBMREFQ
X0lOSVRJQUxJWkVEICkgew0KIAkJbGRhcF9pbnRfaW5pdGlhbGl6ZShnb3B0
cywgTlVMTCk7DQotLS0gbGlicmFyaWVzL2xpYmxkYXAvb3JpZy91bmJpbmQu
YwlNb24gQXByIDE0IDEwOjIxOjE4IDIwMDMNCisrKyBsaWJyYXJpZXMvbGli
bGRhcC91bmJpbmQuYwlNb24gQXByIDE0IDEwOjIxOjQzIDIwMDMNCkBAIC00
Myw3ICs0MywyMCBAQA0KIAlyYyA9IGxkYXBfaW50X2NsaWVudF9jb250cm9s
cyggbGQsIGNjdHJscyApOw0KIAlpZiggcmMgIT0gTERBUF9TVUNDRVNTICkg
cmV0dXJuIHJjOw0KIA0KLQlyZXR1cm4gbGRhcF9sZF9mcmVlKCBsZCwgMSwg
c2N0cmxzLCBjY3RybHMgKTsNCisJcmMgPSBsZGFwX2xkX2ZyZWUoIGxkLCAx
LCBzY3RybHMsIGNjdHJscyApOw0KKw0KKyNpZmRlZiBIQVZFX0NZUlVTX1NB
U0wNCisJew0KKwkJc3RydWN0IGxkYXBvcHRpb25zCSpnb3B0czsNCisJCWlm
ICggKGdvcHRzID0gTERBUF9JTlRfR0xPQkFMX09QVCgpKSA9PSBOVUxMKSB7
DQorCQkJcmV0dXJuIExEQVBfTk9fTUVNT1JZOw0KKwkJfQ0KKwkJc2FzbF9k
b25lKCk7DQorCQlnb3B0cy0+c2FzbF9pbml0aWFsaXplZCA9IExEQVBfU0FT
TF9VTklOSVRJQUxJWkVEOw0KKwl9DQorI2VuZGlmDQorDQorCXJldHVybiBy
YzsNCiB9DQogDQogaW50DQpAQCAtMTU0LDYgKzE2Nyw3IEBADQogCQlMREFQ
X0ZSRUUoIGxkLT5sZF9vcHRpb25zLmxkb19kZWZfc2FzbF9hdXRoemlkICk7
DQogCQlsZC0+bGRfb3B0aW9ucy5sZG9fZGVmX3Nhc2xfYXV0aHppZCA9IE5V
TEw7DQogCX0NCisNCiAjZW5kaWYNCiANCiAJYmVyX3NvY2tidWZfZnJlZSgg
bGQtPmxkX3NiICk7ICAgDQo=

---559023410-1903590565-1050331194=:16363--