]> CyberLeo.Net >> Repos - FreeBSD/FreeBSD.git/commit
projects / FreeBSD / FreeBSD.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: e825b90) | patch
Fix Coverity CIDs 1340544 Resource leak and 1340543 Use after free
authortruckman <truckman@FreeBSD.org>
Wed, 25 May 2016 01:37:25 +0000 (01:37 +0000)
committertruckman <truckman@FreeBSD.org>
Wed, 25 May 2016 01:37:25 +0000 (01:37 +0000)
commit610c8f37edec3884d4c6ff72b64b78bac7a3166a
treecc9641ca5b1d9b509db3bdf8a6ce36a87b2a09actree | snapshot
parente825b90448b365da566c7370cec6f3e13bd88697commit | diff
Fix Coverity CIDs 1340544 Resource leak and 1340543 Use after free

At line 479 of ldapclient.c in client_build_req(), the error return
leaks ldap_attrs (CID 1340544).  It looks like this can happen if
the first utoa() call in aldap_get_stringset() fails.  It looks
like other leaks can happen if other utoa() calls fail since scanning
this array when it is freed stops when the first NULL is encountered.
Fix these problems by not storing NULL in the array when utoa()
fails, and by freeing ret and returning NULL if nothing is stored
in the array.  That way the caller will never see the
ldap_attrs[0] == NULL case, so delete that check.

The ber_printf_element() calls ber_free_elements() on its ber
argument and returns NULL on failure.  When each of its callers
detects failure, they do a goto fail, which then calls ber_free_elements()
with the same pointer (CID 1340543).  Fix is to delete the
ber_free_elements() from ber_printf_element()

Reported by: Coverity
CID: 13405431340544
Reviewed by: araujo
Differential Revision: https://reviews.freebsd.org/D6550
usr.sbin/ypldap/aldap.c diff | blob | history
usr.sbin/ypldap/ber.c diff | blob | history
usr.sbin/ypldap/ldapclient.c diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.