From 921dcc35ed8f37b5c8d9c899db603af1adff8758 Mon Sep 17 00:00:00 2001
From: Rich Megginson <rmeggins@redhat.com>
Date: Aug 27 2008 21:56:07 +0000
Subject: Resolves: bug 460381

Bug Description: various valgrind reported startup memory leaks
Reviewed by: nhosoi (Thanks!)
Files: see diff
Branch: HEAD
Fix Description: These memory leaks are not serious, but they do create a lot of noise in
valgrind.
Platforms tested: RHEL5, Fedora 8
Flag Day: no
Doc impact: no

---

diff --git a/ldap/servers/slapd/auth.c b/ldap/servers/slapd/auth.c
index 023c5f8..6e6ffe1 100644
--- a/ldap/servers/slapd/auth.c
+++ b/ldap/servers/slapd/auth.c
@@ -290,8 +290,10 @@ client_auth_init ()
 	    LDAPDebug (LDAP_DEBUG_ANY,
 		"client_auth_init: failed to duplicate \"%s/certmap\"\n",
 		confdir, 0, 0);
+	    slapi_ch_free_string(&confdir);
 	    return;
 	}
+	slapi_ch_free_string(&confdir);
     }
     err = ldaputil_init (client_auth_config_file, "", NULL, "slapd", NULL);
     if (err != LDAPU_SUCCESS) {
diff --git a/ldap/servers/slapd/back-ldbm/ldbm_attrcrypt.c b/ldap/servers/slapd/back-ldbm/ldbm_attrcrypt.c
index ef031ee..bf8d843 100644
--- a/ldap/servers/slapd/back-ldbm/ldbm_attrcrypt.c
+++ b/ldap/servers/slapd/back-ldbm/ldbm_attrcrypt.c
@@ -468,6 +468,7 @@ attrcrypt_init(ldbm_instance *li)
 					ret = attrcrypt_cipher_init(li, ace, private_key, public_key, acs);
 					if (ret) {
 						LDAPDebug(LDAP_DEBUG_ANY,"Failed to initialize cipher %s in attrcrypt_init\n", ace->cipher_display_name, 0, 0);
+						slapi_ch_free((void **)&acs);
 					} else {
 						/* Since we succeeded, add the acs to the backend instance list */
 						attrcrypt_acs_list_add(li,acs);
@@ -476,7 +477,11 @@ attrcrypt_init(ldbm_instance *li)
 					
 				}
 			}
-		} 
+			slapd_pk11_DestroyPublicKey(public_key);
+			public_key = NULL;
+		}
+		slapd_pk11_DestroyPrivateKey(private_key);
+		private_key = NULL;
 	} else {
 		if (li->attrcrypt_configured) {
 			LDAPDebug(LDAP_DEBUG_ANY,"Warning: encryption is configured in backend %s, but because SSL is not enabled, database encryption is not available and the configuration will be overridden.\n", li->inst_name, 0, 0);
diff --git a/ldap/servers/slapd/dynalib.c b/ldap/servers/slapd/dynalib.c
index 41dfaf9..4acae45 100644
--- a/ldap/servers/slapd/dynalib.c
+++ b/ldap/servers/slapd/dynalib.c
@@ -154,7 +154,7 @@ symload_report_error( const char *libpath, char *symbol, char *plugin, int libop
 
 	errlen = PR_GetErrorTextLength();
 	if ( errlen > 0 ) {
-		errtext = slapi_ch_malloc( errlen );
+		errtext = slapi_ch_malloc( errlen+1 );
 		if ( PR_GetErrorText( errtext ) > 0 ) {
 			LDAPDebug( LDAP_DEBUG_ANY, SLAPI_COMPONENT_NAME_NSPR " error %d: %s\n",
 				PR_GetError(), errtext, 0 );
diff --git a/ldap/servers/slapd/proto-slap.h b/ldap/servers/slapd/proto-slap.h
index 1ef4503..eb0d038 100644
--- a/ldap/servers/slapd/proto-slap.h
+++ b/ldap/servers/slapd/proto-slap.h
@@ -946,6 +946,8 @@ unsigned slapd_SECKEY_PublicKeyStrength(SECKEYPublicKey *pubk);
 SECStatus slapd_pk11_Finalize(PK11Context *context);
 SECStatus slapd_pk11_DigestFinal(PK11Context *context, unsigned char *data,unsigned int *outLen, unsigned int length);
 void slapd_SECITEM_FreeItem (SECItem *zap, PRBool freeit);
+void slapd_pk11_DestroyPrivateKey(SECKEYPrivateKey *key);
+void slapd_pk11_DestroyPublicKey(SECKEYPublicKey *key);
 
 /*
  * start_tls_extop.c
diff --git a/ldap/servers/slapd/security_wrappers.c b/ldap/servers/slapd/security_wrappers.c
index 628ad4d..6cca6ce 100644
--- a/ldap/servers/slapd/security_wrappers.c
+++ b/ldap/servers/slapd/security_wrappers.c
@@ -374,3 +374,12 @@ slapd_SECITEM_FreeItem (SECItem *zap, PRBool freeit)
 	SECITEM_FreeItem(zap,freeit);
 }
 
+void slapd_pk11_DestroyPrivateKey(SECKEYPrivateKey *key)
+{
+	SECKEY_DestroyPrivateKey(key);
+}
+
+void slapd_pk11_DestroyPublicKey(SECKEYPublicKey *key)
+{
+	SECKEY_DestroyPublicKey(key);
+}
diff --git a/ldap/servers/slapd/ssl.c b/ldap/servers/slapd/ssl.c
index 416dda7..b33b0ce 100644
--- a/ldap/servers/slapd/ssl.c
+++ b/ldap/servers/slapd/ssl.c
@@ -593,6 +593,7 @@ slapd_ssl_init() {
       			slapd_SSL_warn("Security Initialization: Unable to get token ("
 				       SLAPI_COMPONENT_NAME_NSPR " error %d - %s)", 
 				       errorCode, slapd_pr_strerror(errorCode));
+      			freeChildren(family_list);
       			return -1;
 		}
 
@@ -603,6 +604,7 @@ slapd_ssl_init() {
       			slapd_SSL_warn("Security Initialization: Unable to find slot ("
 				       SLAPI_COMPONENT_NAME_NSPR " error %d - %s)",
 				       errorCode, slapd_pr_strerror(errorCode));
+      			freeChildren(family_list);
       			return -1;
     		}
     		/* authenticate */
@@ -612,6 +614,7 @@ slapd_ssl_init() {
       			slapd_SSL_warn("Security Initialization: Unable to authenticate ("
 				       SLAPI_COMPONENT_NAME_NSPR " error %d - %s)",
 				       errorCode, slapd_pr_strerror(errorCode));
+      			freeChildren(family_list);
       			return -1;
     		}
     	}
@@ -863,6 +866,10 @@ int slapd_ssl_init2(PRFileDesc **fd, int startTLS)
                 CERT_DestroyCertificate(cert);
                 cert = NULL;
             }
+            if (key) {
+                slapd_pk11_DestroyPrivateKey(key);
+                key = NULL;
+            }
 	    slapi_ch_free((void **) &personality);
             if (SECSuccess != rv) {
                 freeConfigEntry( &e );