Commit 13e89e5 Fix double-free in _cl5NewDBFile() error path

1 file Authored by atkac 7 months ago , Committed by mreynolds 7 months ago ,
Fix double-free in _cl5NewDBFile() error path

Although slapi_ch_free should prevent double-free errors, it doesn't work
in old code because after assignment

(*dbFile)->name = name;

two independent pointers points to the same allocated area and both pointers
are free()-ed (one directly in error path in _cl5NewDBFile and the second
in _cl5DBCloseFile, called in error path as well).

Signed-off-by: Mark Reynolds <mreynolds@redhat.com>

    
 1 @@ -6269,9 +6269,10 @@
 2   »       }
 3   
 4       (*dbFile)->db = db;
 5 -     (*dbFile)->name = name;  
 6 -     (*dbFile)->replName = slapi_ch_strdup (replName);  
 7 -     (*dbFile)->replGen = slapi_ch_strdup (replGen);  
 8 +     (*dbFile)->name = name;
 9 +     name = NULL; /* transfer ownership to dbFile struct */
10 +     (*dbFile)->replName = slapi_ch_strdup (replName);
11 +     (*dbFile)->replGen = slapi_ch_strdup (replGen);
12   
13   »       /*
14   »        * Considerations for setting up cl semaphore: