There is a couple of potential memory leaks in the ipa-pwd-extop plugin:
Number one: {{{ 715 Calling allocation function "ipapwd_gen_hashes" on "svals". [show details] 716 rc = ipapwd_gen_hashes(krbcfg, &pwdop->pwdata, unhashedpw, 717 is_krb, is_smb, &svals, &nt, &lm, &errMesg); At conditional (1): "rc" taking the true branch. 718 if (rc) { Variable "svals" going out of scope leaks the storage it points to. 719 goto done; 720 }
Number two:
317 Calling allocation function "ipapwd_gen_hashes" on "svals". [show details] 318 rc = ipapwd_gen_hashes(krbcfg, &pwdop->pwdata, 319 userpw, is_krb, is_smb, 320 &svals, &nt, &lm, &errMesg); At conditional (1): "rc != 0" taking the true branch. 321 if (rc != LDAP_SUCCESS) { Variable "svals" going out of scope leaks the storage it points to. 322 goto done; 323 }
Number three:
78 for (i = 0; encsalts[i]; i++) /* count */ ; Assigning: "es" = storage returned from "calloc(i + 1, sizeof (struct ipapwd_encsalt) /*8*/)". Calling allocation function "calloc". 79 es = calloc(i + 1, sizeof(struct ipapwd_encsalt)); Later on: 93 enc = strdup(encsalts[i]); At conditional (4): "!enc" taking the true branch. 94 if (!enc) { 95 LOG_OOM(); Variable "es" going out of scope leaks the storage it points to. 96 return LDAP_OPERATIONS_ERROR; 97 }
Number four:
269 Assigning: "svals" = storage returned from "calloc(2UL, sizeof (Slapi_Value *) /*8*/)". Calling allocation function "calloc". 270 svals = (Slapi_Value **)calloc(2, sizeof(Slapi_Value *)); At conditional (1): "!svals" taking the false branch. 271 if (!svals) { 272 LOG_OOM(); 273 return NULL; 274 } 275 276 kvno = ipapwd_get_cur_kvno(data->target); 277 278 krbPrincipalName = slapi_entry_attr_get_charptr(data->target, 279 "krbPrincipalName"); At conditional (2): "!krbPrincipalName" taking the true branch. 280 if (!krbPrincipalName) { 281 *errMesg = "no krbPrincipalName present in this entry\n"; 282 LOG_FATAL("%s", *errMesg); Variable "svals" going out of scope leaks the storage it points to. 283 return NULL; 284 }
Number five:
669 /* TODO: must store the dos charset somewhere in the directory */ Assigning: "cd" = storage returned from "iconv_open("UCS-2LE", "UTF-8")". Calling allocation function "iconv_open". 670 cd = iconv_open(KTF_UCS2, KTF_UTF8); At conditional (1): "cd == (void *)0xffffffffffffffff" taking the false branch. 671 if (cd == (iconv_t)(-1)) { 672 ret = -1; 673 goto done; 674 } 675 676 il = strlen(newPasswd); 677 678 /* an ucs2 string can be at most double than an utf8 one */ 679 sl = ol = (il+1)*2; 680 ucs2Passwd = calloc(ol, 1); At conditional (2): "!ucs2Passwd" taking the true branch. 681 if (!ucs2Passwd) { 682 ret = -1; Variable "cd" going out of scope leaks the storage it points to. 683 goto done; 684 }
One more, similar to number five:
596 /* TODO: must store the dos charset somewhere in the directory */ Assigning: "cd" = storage returned from "iconv_open("CP850", "UTF-8")". Calling allocation function "iconv_open". 597 cd = iconv_open(KTF_DOS_CHARSET, KTF_UTF8); At conditional (1): "cd == (void *)0xffffffffffffffff" taking the false branch. 598 if (cd == (iconv_t)(-1)) { 599 ret = -1; 600 goto done; 601 } 602 603 /* the lanman password is upper case */ 604 upperPasswd = (char *)slapi_utf8StrToUpper((unsigned char *)newPasswd); At conditional (2): "!upperPasswd" taking the true branch. 605 if (!upperPasswd) { 606 ret = -1; Variable "cd" going out of scope leaks the storage it points to. 607 goto done; 608 } 609 il = strlen(upperPasswd); 610 611 /* an ascii string can only be smaller than or equal to an utf8 one */ 612 ol = il; 613 if (ol < 14) ol = 14; 614 asciiPasswd = calloc(ol+1, 1); 615 if (!asciiPasswd) { 616 slapi_ch_free_string(&upperPasswd); 617 ret = -1; Variable "cd" going out of scope leaks the storage it points to. 618 goto done; 619 }
master: 8173b8e
Metadata Update from @jhrozek: - Issue assigned to mkosek - Issue set to the milestone: FreeIPA 2.0 - 2011/01 (cleanup)
Login to comment on this ticket.