IntenseWebs/freeipa
3
0
Fork 0
mirror of https://salsa.debian.org/freeipa-team/freeipa.git synced 2025-02-25 18:55:28 -06:00
Code Issues Packages Projects Releases Wiki Activity

ipa-kdb: remove memory leaks

Browse Source 
All known memory leaks caused by unfreed allocated memory or unfreed
LDAP results (which should be also done after unsuccessful searches)
are fixed.

https://fedorahosted.org/freeipa/ticket/3413
This commit is contained in:
Martin Kosek
2013-02-12 11:59:22 +01:00
parent b8079f9ed4
commit 93ea8a6ac3
4 changed files with 25 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
daemons/ipa-kdb/ipa_kdb.c
View File

@@ -40,10 +40,14 @@ static void ipadb_context_free(krb5_context kcontext,
{
if (*ctx != NULL) {
free((*ctx)->uri);
free((*ctx)->base);
free((*ctx)->realm_base);
/* ldap free lcontext */
if ((*ctx)->lcontext) {
ldap_unbind_ext_s((*ctx)->lcontext, NULL, NULL);
}
free((*ctx)->supp_encs);
ipadb_mspac_struct_free(&(*ctx)->mspac);
krb5_free_default_realm(kcontext, (*ctx)->realm);
free(*ctx);
*ctx = NULL;

2
daemons/ipa-kdb/ipa_kdb.h
View File

@@ -237,6 +237,8 @@ krb5_error_code ipadb_sign_authdata(krb5_context context,
krb5_error_code ipadb_reinit_mspac(struct ipadb_context *ipactx);
void ipadb_mspac_struct_free(struct ipadb_mspac **mspac);
/* DELEGATION CHECKS */
krb5_error_code ipadb_check_allowed_to_delegate(krb5_context kcontext,

13
daemons/ipa-kdb/ipa_kdb_common.c
View File

@@ -172,7 +172,7 @@ krb5_error_code ipadb_simple_search(struct ipadb_context *ipactx,
/* first test if we need to retry to connect */
if (ret != 0 &&
ipadb_need_retry(ipactx, ret)) {
ldap_msgfree(*res);
ret = ldap_search_ext_s(ipactx->lcontext, basedn, scope,
filter, attrs, 0, NULL, NULL,
&std_timeout, LDAP_NO_LIMIT,
@@ -283,6 +283,7 @@ krb5_error_code ipadb_deref_search(struct ipadb_context *ipactx,
int times;
int ret;
int c, i;
bool retry;
for (c = 0; deref_attr_names[c]; c++) {
/* count */ ;
@@ -315,7 +316,8 @@ krb5_error_code ipadb_deref_search(struct ipadb_context *ipactx,
/* retry once if connection errors (tot. max. 2 tries) */
times = 2;
ret = LDAP_SUCCESS;
while (!ipadb_need_retry(ipactx, ret) && times > 0) {
retry = true;
while (retry) {
times--;
ret = ldap_search_ext_s(ipactx->lcontext, base_dn,
scope, filter,
@@ -323,11 +325,18 @@ krb5_error_code ipadb_deref_search(struct ipadb_context *ipactx,
ctrl, NULL,
&std_timeout, LDAP_NO_LIMIT,
res);
retry = !ipadb_need_retry(ipactx, ret) && times > 0;
if (retry) {
/* Free result before next try */
ldap_msgfree(*res);
}
}
kerr = ipadb_simple_ldap_to_kerr(ret);
done:
ldap_control_free(ctrl[0]);
ldap_memfree(derefval.bv_val);
free(ds);
return kerr;

8
daemons/ipa-kdb/ipa_kdb_mspac.c
View File

@@ -944,6 +944,7 @@ static int map_groups(TALLOC_CTX *memctx, krb5_context kcontext,
goto done;
}
ldap_msgfree(results);
kerr = ipadb_deref_search(ipactx, basedn, LDAP_SCOPE_ONE, filter,
entry_attrs, deref_search_attrs,
memberof_pac_attrs, &results);
@@ -1638,12 +1639,14 @@ krb5_error_code ipadb_sign_authdata(krb5_context context,
ad.ad_type = KRB5_AUTHDATA_WIN2K_PAC;
ad.contents = (krb5_octet *)pac_data.data;
ad.length = pac_data.length;
authdata[0] = &ad;
kerr = krb5_encode_authdata_container(context,
KRB5_AUTHDATA_IF_RELEVANT,
authdata,
signed_auth_data);
krb5_free_data_contents(context, &pac_data);
if (kerr != 0) {
goto done;
}
@@ -1697,7 +1700,9 @@ void ipadb_mspac_struct_free(struct ipadb_mspac **mspac)
free((*mspac)->trusts[i].sid_blacklist_incoming);
free((*mspac)->trusts[i].sid_blacklist_outgoing);
}
free((*mspac)->trusts);
}
free(*mspac);
*mspac = NULL;
}
@@ -2040,14 +2045,17 @@ krb5_error_code ipadb_reinit_mspac(struct ipadb_context *ipactx)
if (ret == 0) {
ret = string_to_sid(resstr, &gsid);
if (ret) {
free(resstr);
kerr = ret;
goto done;
}
ret = sid_split_rid(&gsid, &ipactx->mspac->fallback_rid);
if (ret) {
free(resstr);
kerr = ret;
goto done;
}
free(resstr);
}
}
}