Page MenuHomeFreeBSD

Fix Coverity CIDs 1340544 Resource leak and 1340543 Use after free
ClosedPublic

Authored by truckman on May 25 2016, 1:20 AM.
Tags
None
Referenced Files
Unknown Object (File)
Tue, Oct 22, 9:32 PM
Unknown Object (File)
Tue, Oct 22, 9:32 PM
Unknown Object (File)
Tue, Oct 22, 9:32 PM
Unknown Object (File)
Tue, Oct 22, 9:13 PM
Unknown Object (File)
Mon, Oct 21, 10:58 PM
Unknown Object (File)
Oct 7 2024, 8:16 PM
Unknown Object (File)
Sep 22 2024, 8:09 PM
Unknown Object (File)
Sep 19 2024, 1:36 AM
Subscribers

Details

Summary
At line 479 of ldapclient.c in client_build_req(), the error return
leaks ldap_attrs (CID 1340544).  It looks like this can happen if
the first utoa() call in aldap_get_stringset() fails.  It looks like
other leaks can happen if other utoa() calls fail since scanning
this array when it is freed stops when the first NULL is
encountered.  This diff fixes these problems by not storing NULL in
the array when utoa() fails, and freeing ret and returning NULL if
nothing is stored in the array.  That way the caller will never see
the ldap_attrs[0] == NULL case.  Alternatively aldap_get_stringset()
could clean up and return NULL if any utoa() calls fail.
 
The ber_printf_element() calls ber_free_elements() on its ber
argument and returns NULL on failure.  When each of its callers
detects failure, they do a goto fail, which then calls
ber_free_elements() with the same pointer (CID 1340543).  It looks
like the cleanest fix is to delete the ber_free_elements() from
ber_printf_element().

Diff Detail

Repository
rS FreeBSD src repository - subversion
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Event Timeline

truckman retitled this revision from to Fix Coverity CIDs 1340544 Resource leak and 1340543 Use after free.
truckman updated this object.
truckman edited the test plan for this revision. (Show Details)
truckman added a reviewer: araujo.
araujo edited edge metadata.

Go ahead, you have my blessing.

This revision is now accepted and ready to land.May 25 2016, 1:23 AM
This revision was automatically updated to reflect the committed changes.