Potential memory leaks in ipa-pwd-extop

This patch fixes several potential memory leaks in ipa-pwd-extop SLAPI plugin. Common function ipapwd_gen_hashes() now cleans after itself when it fails. Other changes are local and self-explanatory. https://fedorahosted.org/freeipa/ticket/715
2025-02-25 18:55:28 -06:00 · 2011-01-13 11:12:36 +01:00
parent 7b5601eeb5
commit 8173b8e375
2 changed files with 21 additions and 3 deletions
--- a/daemons/ipa-slapi-plugins/ipa-pwd-extop/ipapwd_common.c
+++ b/daemons/ipa-slapi-plugins/ipa-pwd-extop/ipapwd_common.c
@@ -74,12 +74,14 @@ static int new_ipapwd_encsalt(krb5_context krbctx,
 {
    struct ipapwd_encsalt *es;
    int nes, i;
+    int rc;

    for (i = 0; encsalts[i]; i++) /* count */ ;
    es = calloc(i + 1, sizeof(struct ipapwd_encsalt));
    if (!es) {
        LOG_OOM();
-        return LDAP_OPERATIONS_ERROR;
+        rc = LDAP_OPERATIONS_ERROR;
+        goto fail;
    }

    for (i = 0, nes = 0; encsalts[i]; i++) {
@@ -93,7 +95,8 @@ static int new_ipapwd_encsalt(krb5_context krbctx,
        enc = strdup(encsalts[i]);
        if (!enc) {
            LOG_OOM();
-            return LDAP_OPERATIONS_ERROR;
+            rc = LDAP_OPERATIONS_ERROR;
+            goto fail;
        }
        salt = strchr(enc, ':');
        if (!salt) {
@@ -133,6 +136,10 @@ static int new_ipapwd_encsalt(krb5_context krbctx,
    *num_es_types = nes;

    return LDAP_SUCCESS;
+
+fail:
+    free(es);
+    return rc;
 }

 static struct ipapwd_krbcfg *ipapwd_getConfig(void)
--- a/daemons/ipa-slapi-plugins/ipa-pwd-extop/ipapwd_encoding.c
+++ b/daemons/ipa-slapi-plugins/ipa-pwd-extop/ipapwd_encoding.c
@@ -280,7 +280,7 @@ static Slapi_Value **encrypt_encode_key(struct ipapwd_krbcfg *krbcfg,
    if (!krbPrincipalName) {
        *errMesg = "no krbPrincipalName present in this entry\n";
        LOG_FATAL("%s", *errMesg);
-        return NULL;
+        goto enc_error;
    }

    krberr = krb5_parse_name(krbctx, krbPrincipalName, &princ);
@@ -680,6 +680,7 @@ static int encode_ntlm_keys(char *newPasswd,
        ucs2Passwd = calloc(ol, 1);
        if (!ucs2Passwd) {
            ret = -1;
+            iconv_close(cd);
            goto done;
        }

@@ -735,6 +736,11 @@ int ipapwd_gen_hashes(struct ipapwd_krbcfg *krbcfg,
 {
    int rc;

+    *svals = NULL;
+    *nthash = NULL;
+    *lmhash = NULL;
+    *errMesg = NULL;
+
    if (is_krb) {

        *svals = encrypt_encode_key(krbcfg, data, errMesg);
@@ -778,6 +784,11 @@ int ipapwd_gen_hashes(struct ipapwd_krbcfg *krbcfg,

 done:

+    /* when error, free possibly allocated output parameters */
+    if (rc) {
+        ipapwd_free_slapi_value_array(svals);
+    }
+
    return rc;
 }