PR#50524: Issue 50506 - Fix invalid frees from pointer reference calls. - 389-ds-base

389-ds-base

#50524 Issue 50506 - Fix invalid frees from pointer reference calls.

Closed 3 years ago by spichugi. Opened 4 years ago by mreynolds.

mreynolds/389-ds-base attr_ref into master

Issue 50506 - Fix invalid frees from pointer reference calls.

Mark Reynolds • 4 years ago

4b240e9

ldap/servers/plugins/replication/repl5_tot_protocol.c

file modified

-1

		`@@ -315,7 +315,6 @@`
		`return;`
		`}`
		`entryid = (u_int32_t) atoi(entryid_str);`
		`- slapi_ch_free_string(&entryid_str);`

		`if (!bck_info.key_found \|\| bck_info.id != entryid) {`
		`/* The suffix entryid is not present in parentid index`

ldap/servers/slapd/plugin.c

file modified

-1

		`@@ -2812,7 +2812,6 @@`
		`slapi_log_err(SLAPI_LOG_ERR, "plugin_setup", "Unknown plugin type \"%s\" in entry \"%s\"\n",`
		`value, slapi_entry_get_dn_const(plugin_entry));`
		`PR_snprintf(returntext, SLAPI_DSE_RETURNTEXT_SIZE, "Unknown plugin type \"%s\" in entry", value);`
		`- slapi_ch_free_string(&value);`
		`status = -1;`
		`goto PLUGIN_CLEANUP;`
		`}`

ldap/servers/slapd/pw.c

file modified

+15 -3

		`@@ -3112,8 +3112,11 @@`
		`long long sval;`
		`int mod_num = 0;`
		`char *shmin = NULL;`
		`+ int shmin_free_it = 0;`
		`char *shmax = NULL;`
		`+ int shmax_free_it = 0;`
		`char *shwarn = NULL;`
		`+ int shwarn_free_it = 0;`
		`int rc = 0;`

		`if (!e \|\| !*e) {`
		`@@ -3153,11 +3156,13 @@`
		`sval = strtoll(shmin, NULL, 0);`
		`if (sval != shadowval) {`
		`shmin = slapi_ch_smprintf("%lld", shadowval);`
		`+ shmin_free_it = 1;`
		`mod_num++;`
		`}`
		`} else {`
		`mod_num++;`
		`shmin = slapi_ch_smprintf("%lld", shadowval);`
		`+ shmin_free_it = 1;`
		`}`
		`}`

		`@@ -3175,11 +3180,13 @@`
		`sval = strtoll(shmax, NULL, 0);`
		`if (sval != shadowval) {`
		`shmax = slapi_ch_smprintf("%lld", shadowval);`
		`+ shmax_free_it = 1;`
		`mod_num++;`
		`}`
		`} else {`
		`mod_num++;`
		`shmax = slapi_ch_smprintf("%lld", shadowval);`
		`+ shmax_free_it = 1;`
		`}`
		`}`

		`@@ -3197,11 +3204,13 @@`
		`sval = strtoll(shwarn, NULL, 0);`
		`if (sval != shadowval) {`
		`shwarn = slapi_ch_smprintf("%lld", shadowval);`
		`+ shwarn_free_it = 1;`
		`mod_num++;`
		`}`
		`} else {`
		`mod_num++;`
		`shwarn = slapi_ch_smprintf("%lld", shadowval);`
		`+ shwarn_free_it = 1;`
		`}`
		`}`

		`@@ -3209,15 +3218,18 @@`
		`slapi_mods_init(smods, mod_num);`
		`if (shmin) {`
		`slapi_mods_add(smods, LDAP_MOD_REPLACE, "shadowMin", strlen(shmin), shmin);`
		`- slapi_ch_free_string(&shmin);`
		`+ if (shmin_free_it)`
		`+ slapi_ch_free_string(&shmin);`
		`}`
		`if (shmax) {`
		`slapi_mods_add(smods, LDAP_MOD_REPLACE, "shadowMax", strlen(shmax), shmax);`
		`- slapi_ch_free_string(&shmax);`
		`+ if (shmax_free_it)`
		`+ slapi_ch_free_string(&shmax);`
		`}`
		`if (shwarn) {`
		`slapi_mods_add(smods, LDAP_MOD_REPLACE, "shadowWarning", strlen(shwarn), shwarn);`
		`- slapi_ch_free_string(&shwarn);`
		`+ if (shwarn_free_it)`
		`+ slapi_ch_free_string(&shwarn);`
		`}`
		`/* Apply the mods to create the resulting entry. */`
		`mods = slapi_mods_get_ldapmods_byref(smods);`

mreynolds commented 4 years ago

Description:

There were a few free calls that were not removed which caused a double free. There was also extra care needed in pw.c around shadow password attribute values.

relates: https://pagure.io/389-ds-base/issue/50506