From 9438ce9207445e4ad4a9c7bdf0c9e569cabac571 Mon Sep 17 00:00:00 2001
From: Rob Crittenden <rcritten@redhat.com>
Date: Aug 01 2023 06:07:06 +0000
Subject: Fix memory leak in the OTP last token plugin


Three memory leaks are addressed:

1. String values retrieved from the pblock need to be manually
freed.

2. The list of objectclasses retreived from the pblock need to be
freed.

3. Internal search results need to be freed.

Fixes: https://pagure.io/freeipa/issue/9403

Signed-off-by: Rob Crittenden <rcritten@redhat.com>
Reviewed-By: Rafael Guterres Jeffman <rjeffman@redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>

---

diff --git a/daemons/ipa-slapi-plugins/ipa-otp-lasttoken/ipa_otp_lasttoken.c b/daemons/ipa-slapi-plugins/ipa-otp-lasttoken/ipa_otp_lasttoken.c
index b7a2ba7..11106b2 100644
--- a/daemons/ipa-slapi-plugins/ipa-otp-lasttoken/ipa_otp_lasttoken.c
+++ b/daemons/ipa-slapi-plugins/ipa-otp-lasttoken/ipa_otp_lasttoken.c
@@ -54,7 +54,7 @@ void *ipa_otp_lasttoken_plugin_id;
 
 static bool entry_is_token(Slapi_Entry *entry)
 {
-    char **ocls;
+    char **ocls = NULL;
 
     ocls = slapi_entry_attr_get_charray(entry, SLAPI_ATTR_OBJECTCLASS);
     for (size_t i = 0; ocls != NULL && ocls[i] != NULL; i++) {
@@ -64,6 +64,7 @@ static bool entry_is_token(Slapi_Entry *entry)
         }
     }
 
+    slapi_ch_array_free(ocls);
     return false;
 }
 
@@ -138,7 +139,8 @@ static bool is_pwd_enabled(const char *user_dn)
 static bool is_allowed(Slapi_PBlock *pb, Slapi_Entry *entry)
 {
     Slapi_DN *target_sdn = NULL;
-    const char *bind_dn;
+    char *bind_dn;
+    bool rv = false;
 
     /* Ignore internal operations. */
     if (slapi_op_internal(pb))
@@ -147,23 +149,35 @@ static bool is_allowed(Slapi_PBlock *pb, Slapi_Entry *entry)
     /* Load parameters. */
     (void) slapi_pblock_get(pb, SLAPI_TARGET_SDN, &target_sdn);
     (void) slapi_pblock_get(pb, SLAPI_CONN_DN, &bind_dn);
-    if (target_sdn == NULL || bind_dn == NULL) {
-        LOG_FATAL("Missing parameters!\n");
-        return false;
+    if (bind_dn == NULL) {
+        LOG_FATAL("bind_dn parameter missing!\n");
+        goto done;
+    }
+    if (target_sdn == NULL) {
+        LOG_FATAL("target_sdn parameter missing!\n");
+        goto done;
     }
 
     if (entry != NULL
             ? !entry_is_token(entry)
-            : !sdn_in_otp_container(target_sdn))
-        return true;
+            : !sdn_in_otp_container(target_sdn)) {
+        rv = true;
+        goto done;
+    }
 
-    if (!sdn_is_only_enabled_token(target_sdn, bind_dn))
-        return true;
+    if (!sdn_is_only_enabled_token(target_sdn, bind_dn)) {
+        rv = true;
+        goto done;
+    }
 
-    if (is_pwd_enabled(bind_dn))
-        return true;
+    if (is_pwd_enabled(bind_dn)) {
+        rv = true;
+        goto done;
+    }
 
-    return false;
+done:
+    slapi_ch_free_string(&bind_dn);
+    return rv;
 }
 
 static inline int send_error(Slapi_PBlock *pb, int rc, const char *errstr)
diff --git a/daemons/ipa-slapi-plugins/libotp/otp_token.c b/daemons/ipa-slapi-plugins/libotp/otp_token.c
index a3cbfb0..4be4ede 100644
--- a/daemons/ipa-slapi-plugins/libotp/otp_token.c
+++ b/daemons/ipa-slapi-plugins/libotp/otp_token.c
@@ -398,6 +398,7 @@ static struct otp_token **find(const struct otp_config *cfg, const char *user_dn
     }
 
 error:
+    slapi_free_search_results_internal(pb);
     slapi_pblock_destroy(pb);
     return tokens;
 }