115 lines
3.4 KiB
Diff
115 lines
3.4 KiB
Diff
From 9438ce9207445e4ad4a9c7bdf0c9e569cabac571 Mon Sep 17 00:00:00 2001
|
|
From: Rob Crittenden <rcritten@redhat.com>
|
|
Date: Aug 01 2023 06:07:06 +0000
|
|
Subject: Fix memory leak in the OTP last token plugin
|
|
|
|
|
|
Three memory leaks are addressed:
|
|
|
|
1. String values retrieved from the pblock need to be manually
|
|
freed.
|
|
|
|
2. The list of objectclasses retreived from the pblock need to be
|
|
freed.
|
|
|
|
3. Internal search results need to be freed.
|
|
|
|
Fixes: https://pagure.io/freeipa/issue/9403
|
|
|
|
Signed-off-by: Rob Crittenden <rcritten@redhat.com>
|
|
Reviewed-By: Rafael Guterres Jeffman <rjeffman@redhat.com>
|
|
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
|
|
|
|
---
|
|
|
|
diff --git a/daemons/ipa-slapi-plugins/ipa-otp-lasttoken/ipa_otp_lasttoken.c b/daemons/ipa-slapi-plugins/ipa-otp-lasttoken/ipa_otp_lasttoken.c
|
|
index b7a2ba7..11106b2 100644
|
|
--- a/daemons/ipa-slapi-plugins/ipa-otp-lasttoken/ipa_otp_lasttoken.c
|
|
+++ b/daemons/ipa-slapi-plugins/ipa-otp-lasttoken/ipa_otp_lasttoken.c
|
|
@@ -54,7 +54,7 @@ void *ipa_otp_lasttoken_plugin_id;
|
|
|
|
static bool entry_is_token(Slapi_Entry *entry)
|
|
{
|
|
- char **ocls;
|
|
+ char **ocls = NULL;
|
|
|
|
ocls = slapi_entry_attr_get_charray(entry, SLAPI_ATTR_OBJECTCLASS);
|
|
for (size_t i = 0; ocls != NULL && ocls[i] != NULL; i++) {
|
|
@@ -64,6 +64,7 @@ static bool entry_is_token(Slapi_Entry *entry)
|
|
}
|
|
}
|
|
|
|
+ slapi_ch_array_free(ocls);
|
|
return false;
|
|
}
|
|
|
|
@@ -138,7 +139,8 @@ static bool is_pwd_enabled(const char *user_dn)
|
|
static bool is_allowed(Slapi_PBlock *pb, Slapi_Entry *entry)
|
|
{
|
|
Slapi_DN *target_sdn = NULL;
|
|
- const char *bind_dn;
|
|
+ char *bind_dn;
|
|
+ bool rv = false;
|
|
|
|
/* Ignore internal operations. */
|
|
if (slapi_op_internal(pb))
|
|
@@ -147,23 +149,35 @@ static bool is_allowed(Slapi_PBlock *pb, Slapi_Entry *entry)
|
|
/* Load parameters. */
|
|
(void) slapi_pblock_get(pb, SLAPI_TARGET_SDN, &target_sdn);
|
|
(void) slapi_pblock_get(pb, SLAPI_CONN_DN, &bind_dn);
|
|
- if (target_sdn == NULL || bind_dn == NULL) {
|
|
- LOG_FATAL("Missing parameters!\n");
|
|
- return false;
|
|
+ if (bind_dn == NULL) {
|
|
+ LOG_FATAL("bind_dn parameter missing!\n");
|
|
+ goto done;
|
|
+ }
|
|
+ if (target_sdn == NULL) {
|
|
+ LOG_FATAL("target_sdn parameter missing!\n");
|
|
+ goto done;
|
|
}
|
|
|
|
if (entry != NULL
|
|
? !entry_is_token(entry)
|
|
- : !sdn_in_otp_container(target_sdn))
|
|
- return true;
|
|
+ : !sdn_in_otp_container(target_sdn)) {
|
|
+ rv = true;
|
|
+ goto done;
|
|
+ }
|
|
|
|
- if (!sdn_is_only_enabled_token(target_sdn, bind_dn))
|
|
- return true;
|
|
+ if (!sdn_is_only_enabled_token(target_sdn, bind_dn)) {
|
|
+ rv = true;
|
|
+ goto done;
|
|
+ }
|
|
|
|
- if (is_pwd_enabled(bind_dn))
|
|
- return true;
|
|
+ if (is_pwd_enabled(bind_dn)) {
|
|
+ rv = true;
|
|
+ goto done;
|
|
+ }
|
|
|
|
- return false;
|
|
+done:
|
|
+ slapi_ch_free_string(&bind_dn);
|
|
+ return rv;
|
|
}
|
|
|
|
static inline int send_error(Slapi_PBlock *pb, int rc, const char *errstr)
|
|
diff --git a/daemons/ipa-slapi-plugins/libotp/otp_token.c b/daemons/ipa-slapi-plugins/libotp/otp_token.c
|
|
index a3cbfb0..4be4ede 100644
|
|
--- a/daemons/ipa-slapi-plugins/libotp/otp_token.c
|
|
+++ b/daemons/ipa-slapi-plugins/libotp/otp_token.c
|
|
@@ -398,6 +398,7 @@ static struct otp_token **find(const struct otp_config *cfg, const char *user_dn
|
|
}
|
|
|
|
error:
|
|
+ slapi_free_search_results_internal(pb);
|
|
slapi_pblock_destroy(pb);
|
|
return tokens;
|
|
}
|
|
|