120 lines
4.1 KiB
Diff
120 lines
4.1 KiB
Diff
From dddb14210b402f317e566b6387c76a8e659bf7fa Mon Sep 17 00:00:00 2001
|
|
From: progier389 <progier@redhat.com>
|
|
Date: Tue, 14 Feb 2023 13:34:10 +0100
|
|
Subject: [PATCH 1/2] issue 5647 - covscan: memory leak in audit log when
|
|
adding entries (#5650)
|
|
|
|
covscan reported an issue about "vals" variable in auditlog.c:231 and indeed a charray_free is missing.
|
|
Issue: 5647
|
|
Reviewed by: @mreynolds389, @droideck
|
|
---
|
|
ldap/servers/slapd/auditlog.c | 71 +++++++++++++++++++----------------
|
|
1 file changed, 38 insertions(+), 33 deletions(-)
|
|
|
|
diff --git a/ldap/servers/slapd/auditlog.c b/ldap/servers/slapd/auditlog.c
|
|
index 68cbc674d..3128e0497 100644
|
|
--- a/ldap/servers/slapd/auditlog.c
|
|
+++ b/ldap/servers/slapd/auditlog.c
|
|
@@ -177,6 +177,40 @@ write_auditfail_log_entry(Slapi_PBlock *pb)
|
|
slapi_ch_free_string(&audit_config);
|
|
}
|
|
|
|
+/*
|
|
+ * Write the attribute values to the audit log as "comments"
|
|
+ *
|
|
+ * Slapi_Attr *entry - the attribute begin logged.
|
|
+ * char *attrname - the attribute name.
|
|
+ * lenstr *l - the audit log buffer
|
|
+ *
|
|
+ * Resulting output in the log:
|
|
+ *
|
|
+ * #ATTR: VALUE
|
|
+ * #ATTR: VALUE
|
|
+ */
|
|
+static void
|
|
+log_entry_attr(Slapi_Attr *entry_attr, char *attrname, lenstr *l)
|
|
+{
|
|
+ Slapi_Value **vals = attr_get_present_values(entry_attr);
|
|
+ for(size_t i = 0; vals && vals[i]; i++) {
|
|
+ char log_val[256] = "";
|
|
+ const struct berval *bv = slapi_value_get_berval(vals[i]);
|
|
+ if (bv->bv_len >= 256) {
|
|
+ strncpy(log_val, bv->bv_val, 252);
|
|
+ strcpy(log_val+252, "...");
|
|
+ } else {
|
|
+ strncpy(log_val, bv->bv_val, bv->bv_len);
|
|
+ log_val[bv->bv_len] = 0;
|
|
+ }
|
|
+ addlenstr(l, "#");
|
|
+ addlenstr(l, attrname);
|
|
+ addlenstr(l, ": ");
|
|
+ addlenstr(l, log_val);
|
|
+ addlenstr(l, "\n");
|
|
+ }
|
|
+}
|
|
+
|
|
/*
|
|
* Write "requested" attributes from the entry to the audit log as "comments"
|
|
*
|
|
@@ -212,21 +246,9 @@ add_entry_attrs(Slapi_Entry *entry, lenstr *l)
|
|
for (req_attr = ldap_utf8strtok_r(display_attrs, ", ", &last); req_attr;
|
|
req_attr = ldap_utf8strtok_r(NULL, ", ", &last))
|
|
{
|
|
- char **vals = slapi_entry_attr_get_charray(entry, req_attr);
|
|
- for(size_t i = 0; vals && vals[i]; i++) {
|
|
- char log_val[256] = {0};
|
|
-
|
|
- if (strlen(vals[i]) > 256) {
|
|
- strncpy(log_val, vals[i], 252);
|
|
- strcat(log_val, "...");
|
|
- } else {
|
|
- strcpy(log_val, vals[i]);
|
|
- }
|
|
- addlenstr(l, "#");
|
|
- addlenstr(l, req_attr);
|
|
- addlenstr(l, ": ");
|
|
- addlenstr(l, log_val);
|
|
- addlenstr(l, "\n");
|
|
+ slapi_entry_attr_find(entry, req_attr, &entry_attr);
|
|
+ if (entry_attr) {
|
|
+ log_entry_attr(entry_attr, req_attr, l);
|
|
}
|
|
}
|
|
} else {
|
|
@@ -234,7 +256,6 @@ add_entry_attrs(Slapi_Entry *entry, lenstr *l)
|
|
for (; entry_attr; entry_attr = entry_attr->a_next) {
|
|
Slapi_Value **vals = attr_get_present_values(entry_attr);
|
|
char *attr = NULL;
|
|
- const char *val = NULL;
|
|
|
|
slapi_attr_get_type(entry_attr, &attr);
|
|
if (strcmp(attr, PSEUDO_ATTR_UNHASHEDUSERPASSWORD) == 0) {
|
|
@@ -251,23 +272,7 @@ add_entry_attrs(Slapi_Entry *entry, lenstr *l)
|
|
addlenstr(l, ": ****************************\n");
|
|
continue;
|
|
}
|
|
-
|
|
- for(size_t i = 0; vals && vals[i]; i++) {
|
|
- char log_val[256] = {0};
|
|
-
|
|
- val = slapi_value_get_string(vals[i]);
|
|
- if (strlen(val) > 256) {
|
|
- strncpy(log_val, val, 252);
|
|
- strcat(log_val, "...");
|
|
- } else {
|
|
- strcpy(log_val, val);
|
|
- }
|
|
- addlenstr(l, "#");
|
|
- addlenstr(l, attr);
|
|
- addlenstr(l, ": ");
|
|
- addlenstr(l, log_val);
|
|
- addlenstr(l, "\n");
|
|
- }
|
|
+ log_entry_attr(entry_attr, attr, l);
|
|
}
|
|
}
|
|
slapi_ch_free_string(&display_attrs);
|
|
--
|
|
2.43.0
|
|
|