From 3e170da37a4f8a15b1342430cc2a912bb8b99872 Mon Sep 17 00:00:00 2001
From: Nathan Kinder <nkinder@redhat.com>
Date: Dec 16 2010 16:20:45 +0000
Subject: Bug 663597 - Memory leaks in normalization code


The DN normalization code uses a Slapi_Attr on the stack to avoid
allocation of the struct.  The contents of the Slapi_Attr are
never freed.  This patch ensure that the struct is cleared out
properly.

There was also a leak in the syntax normalization code where a
pointer to recently allocated string could get overwritten without
freeing the string first.  This patch frees the string first.

---

diff --git a/ldap/servers/slapd/attrsyntax.c b/ldap/servers/slapd/attrsyntax.c
index ba30871..6d3fe8c 100644
--- a/ldap/servers/slapd/attrsyntax.c
+++ b/ldap/servers/slapd/attrsyntax.c
@@ -469,14 +469,14 @@ char *
 slapi_attr_syntax_normalize( const char *s )
 {
 	struct asyntaxinfo *asi = NULL;
-	char *r;
-	
+	char *r = NULL;
 
-    if((asi=attr_syntax_get_by_name(s)) != NULL ) {
+	if((asi=attr_syntax_get_by_name(s)) != NULL ) {
 		r = slapi_ch_strdup(asi->asi_name);
 		attr_syntax_return( asi );
 	}
 	if ( NULL == asi ) {
+		slapi_ch_free_string( &r );
 		r = attr_syntax_normalize_no_lookup( s );
 	}
 	return r;
diff --git a/ldap/servers/slapd/dn.c b/ldap/servers/slapd/dn.c
index 227a41e..8e0d0fa 100644
--- a/ldap/servers/slapd/dn.c
+++ b/ldap/servers/slapd/dn.c
@@ -572,6 +572,7 @@ slapi_dn_normalize_ext(char *src, size_t src_len, char **dest, size_t *dest_len)
 
                 slapi_attr_init(&test_attr, typestart);
                 is_dn_syntax = slapi_attr_is_dn_syntax_attr(&test_attr);
+                attr_done(&test_attr);
 
                 /* Reset the character we modified. */
                 *d = savechar;
@@ -592,6 +593,7 @@ slapi_dn_normalize_ext(char *src, size_t src_len, char **dest, size_t *dest_len)
 
                 slapi_attr_init(&test_attr, typestart);
                 is_dn_syntax = slapi_attr_is_dn_syntax_attr(&test_attr);
+                attr_done(&test_attr);
 
                 /* Reset the character we modified. */
                 *d = savechar;
@@ -612,6 +614,7 @@ slapi_dn_normalize_ext(char *src, size_t src_len, char **dest, size_t *dest_len)
 
                 slapi_attr_init(&test_attr, typestart);
                 is_dn_syntax = slapi_attr_is_dn_syntax_attr(&test_attr);
+                attr_done(&test_attr);
 
                 /* Reset the character we modified. */
                 *d = savechar;