The permissions on this repository are being updated. This may take a while.
During this time, you or some of the project's contributors may not be able
to push to this repository.
13e53f4Bug 690649 - (cov#10731) Use of free'd pointer in indexing code
Bug 690649 - (cov#10731) Use of free'd pointer in indexing code
There is a very unlikely chance that we can use a free'd pointer
in the indexing code when attribute encryption is used and there is
a problem encrypting the index key. The bug requires debug logging
to be enabled as well as an attribute name longer than 255 chars to
be used.
We have a 256 byte buffer that we attempt to use to store the
attribute name. The call to slapi_attr_basetype() will try to fill
this buffer in, but it will malloc space if the buffer is too small.
The pointer to this allocated memory is basetmp, which will be NULL
if we just used the buffer. In the event that we do allocate memory,
basetype will point to the allocated memory, otherwise it will point
to the buffer.
At line 912, we free basetmp if it was allocated, yet we use
basetype for debug logging at line 922 (which points to the same
memory if we indeed allocated memory). We should just free basetmp
at the end of the function instead of at line 912. This will allow
us to use basetype safely at line 922.