From 1c06f8c2770ec90a2fdb02653d9a4ade5cc25dff Mon Sep 17 00:00:00 2001 From: Mark Reynolds Date: Mar 26 2020 14:29:47 +0000 Subject: Issue 49437 - Fix memory leak with indirect COS Bug Description: There are two leaks when dealing with indirect COS. The first leak is caused by the COS cache entry's objectclass list not being freed when the entry is removed from the hash table. The other leak is caused when we follow an indirect pointer COS and do not free a tmp value set that goes unused. Fix description: Free the COS entry objectclass list when removing an entry from the hash table. When querying a COS attribute and the returned attribute (out_attr) is NULL, then free the unused tmp_val ValueSet as it's not consumed by anything. Fixes: https://pagure.io/389-ds-base/issue/49437 Reviewed by: firstyear & tbordaz(Thanks!) --- diff --git a/ldap/servers/plugins/cos/cos_cache.c b/ldap/servers/plugins/cos/cos_cache.c index 64c0441..eb9bd77 100644 --- a/ldap/servers/plugins/cos/cos_cache.c +++ b/ldap/servers/plugins/cos/cos_cache.c @@ -2372,6 +2372,9 @@ cos_cache_query_attr(cos_cache *ptheCache, vattr_context *context, Slapi_Entry * *out_attr = tmp_vals; tmp_vals = NULL; } + } else if (out_attr == NULL && tmp_vals) { + slapi_valueset_free(tmp_vals); + tmp_vals = NULL; } } diff --git a/ldap/servers/slapd/back-ldbm/db-bdb/bdb_layer.c b/ldap/servers/slapd/back-ldbm/db-bdb/bdb_layer.c index 40161d9..712deef 100644 --- a/ldap/servers/slapd/back-ldbm/db-bdb/bdb_layer.c +++ b/ldap/servers/slapd/back-ldbm/db-bdb/bdb_layer.c @@ -1777,7 +1777,7 @@ bdb_get_aux_id2entry_ext(backend *be, DB **ppDB, DB_ENV **ppEnv, char **path, in struct ldbminfo *li = NULL; bdb_config *oconf = NULL; bdb_config *conf = NULL; - dblayer_private *priv; + dblayer_private *priv = NULL; char *subname = NULL; int envflags = 0; int dbflags = 0; diff --git a/ldap/servers/slapd/vattr.c b/ldap/servers/slapd/vattr.c index 852a887..d8b2c83 100644 --- a/ldap/servers/slapd/vattr.c +++ b/ldap/servers/slapd/vattr.c @@ -2004,6 +2004,24 @@ vattr_map_create(void) return 0; } +/* + vattr_delete_attrvals + --------------------- + deletes a value list +*/ +void +vattr_delete_attrvals(objAttrValue **attrval) +{ + objAttrValue *val = *attrval; + + while (val) { + objAttrValue *next = val->pNext; + slapi_value_free(&val->val); + slapi_ch_free((void **)&val); + val = next; + } +} + void vattr_map_entry_free(vattr_map_entry *vae) { @@ -2016,6 +2034,9 @@ vattr_map_entry_free(vattr_map_entry *vae) } list_entry = next_entry; } + if (vae->objectclasses) { + vattr_delete_attrvals(&(vae->objectclasses)); + } slapi_ch_free_string(&(vae->type_name)); slapi_ch_free((void **)&vae); } @@ -2103,24 +2124,6 @@ vattr_map_insert(vattr_map_entry *vae) } /* - vattr_delete_attrvals - --------------------- - deletes a value list -*/ -void -vattr_delete_attrvals(objAttrValue **attrval) -{ - objAttrValue *val = *attrval; - - while (val) { - objAttrValue *next = val->pNext; - slapi_value_free(&val->val); - slapi_ch_free((void **)&val); - val = next; - } -} - -/* vattr_add_attrval ----------------- adds a value to an attribute value list