andykimpe / rpms / 389-ds-base

Forked from rpms/389-ds-base 5 months ago
Clone

Blame SOURCES/0008-Ticket-50709-Several-memory-leaks-reported-by-Valgri.patch

8394b4
From 2040a0a1e517b444fef35a30c86bc6380b03bb21 Mon Sep 17 00:00:00 2001
8394b4
From: Thierry Bordaz <tbordaz@redhat.com>
8394b4
Date: Fri, 8 Nov 2019 18:16:06 +0100
8394b4
Subject: [PATCH] Ticket 50709: Several memory leaks reported by Valgrind for
8394b4
 389-ds 1.3.9.1-10
8394b4
8394b4
Description of the problem:
8394b4
8394b4
	When evaluating an ACI with 'ip' subject, it adds a PRNetAddr to the subject
8394b4
	property list. When the list is free (acl__done_aclpb) the property is not freed.
8394b4
8394b4
Description of the fix:
8394b4
8394b4
	Add the property to the pblock (SLAPI_CONN_CLIENTNETADDR_ACLIP) so that it
8394b4
	the property is freed with acl pblock.
8394b4
8394b4
https://pagure.io/389-ds-base/issue/50709
8394b4
8394b4
Reviewed by: Mark Reynolds, William Brown, Ludwig Krispenz
8394b4
---
8394b4
 ldap/servers/plugins/acl/acllas.c | 51 ++++++++++++++++++++-----------
8394b4
 ldap/servers/slapd/connection.c   |  2 ++
8394b4
 ldap/servers/slapd/pblock.c       | 16 ++++++++++
8394b4
 ldap/servers/slapd/slap.h         |  1 +
8394b4
 ldap/servers/slapd/slapi-plugin.h |  1 +
8394b4
 5 files changed, 53 insertions(+), 18 deletions(-)
8394b4
8394b4
diff --git a/ldap/servers/plugins/acl/acllas.c b/ldap/servers/plugins/acl/acllas.c
8394b4
index 3950fd405..dd41d41bd 100644
8394b4
--- a/ldap/servers/plugins/acl/acllas.c
8394b4
+++ b/ldap/servers/plugins/acl/acllas.c
8394b4
@@ -251,6 +251,7 @@ DS_LASIpGetter(NSErr_t *errp, PList_t subject, PList_t resource, PList_t auth_in
8394b4
 {
8394b4
     struct acl_pblock *aclpb = NULL;
8394b4
     PRNetAddr *client_praddr = NULL;
8394b4
+    PRNetAddr *pb_client_praddr = NULL;
8394b4
     char ip_str[256];
8394b4
     int rv = LAS_EVAL_TRUE;
8394b4
 
8394b4
@@ -262,25 +263,39 @@ DS_LASIpGetter(NSErr_t *errp, PList_t subject, PList_t resource, PList_t auth_in
8394b4
         return LAS_EVAL_FAIL;
8394b4
     }
8394b4
 
8394b4
-    client_praddr = (PRNetAddr *)slapi_ch_malloc(sizeof(PRNetAddr));
8394b4
-    if (client_praddr == NULL) {
8394b4
-        slapi_log_err(SLAPI_LOG_ERR, plugin_name, "DS_LASIpGetter - Failed to allocate client_praddr\n");
8394b4
-        return (LAS_EVAL_FAIL);
8394b4
-    }
8394b4
+    slapi_pblock_get(aclpb->aclpb_pblock, SLAPI_CONN_CLIENTNETADDR_ACLIP, &pb_client_praddr);
8394b4
+    if (pb_client_praddr == NULL) {
8394b4
 
8394b4
-    if (slapi_pblock_get(aclpb->aclpb_pblock, SLAPI_CONN_CLIENTNETADDR, client_praddr) != 0) {
8394b4
-        slapi_log_err(SLAPI_LOG_ERR, plugin_name, "DS_LASIpGetter - Could not get client IP.\n");
8394b4
-        slapi_ch_free((void **)&client_praddr);
8394b4
-        return (LAS_EVAL_FAIL);
8394b4
-    }
8394b4
+        client_praddr = (PRNetAddr *) slapi_ch_malloc(sizeof (PRNetAddr));
8394b4
+        if (client_praddr == NULL) {
8394b4
+            slapi_log_err(SLAPI_LOG_ERR, plugin_name, "DS_LASIpGetter - Failed to allocate client_praddr\n");
8394b4
+            return (LAS_EVAL_FAIL);
8394b4
+        }
8394b4
 
8394b4
-    rv = PListInitProp(subject, 0, ACL_ATTR_IP, (void *)client_praddr, NULL);
8394b4
-    if (rv < 0) {
8394b4
-        slapi_log_err(SLAPI_LOG_ACL, plugin_name, "DS_LASIpGetter - "
8394b4
-                                                  "Couldn't set the client addr property(%d)\n",
8394b4
-                      rv);
8394b4
-        slapi_ch_free((void **)&client_praddr);
8394b4
-        return LAS_EVAL_FAIL;
8394b4
+        if (slapi_pblock_get(aclpb->aclpb_pblock, SLAPI_CONN_CLIENTNETADDR, client_praddr) != 0) {
8394b4
+            slapi_log_err(SLAPI_LOG_ERR, plugin_name, "DS_LASIpGetter - Could not get client IP.\n");
8394b4
+            slapi_ch_free((void **) &client_praddr);
8394b4
+            return (LAS_EVAL_FAIL);
8394b4
+        }
8394b4
+
8394b4
+        rv = PListInitProp(subject, 0, ACL_ATTR_IP, (void *) client_praddr, NULL);
8394b4
+        if (rv < 0) {
8394b4
+            slapi_log_err(SLAPI_LOG_ACL, plugin_name, "DS_LASIpGetter - "
8394b4
+                    "Couldn't set the client addr property(%d)\n",
8394b4
+                    rv);
8394b4
+            slapi_ch_free((void **) &client_praddr);
8394b4
+            return LAS_EVAL_FAIL;
8394b4
+        }
8394b4
+
8394b4
+    } else {
8394b4
+        client_praddr = pb_client_praddr;
8394b4
+        rv = PListInitProp(subject, 0, ACL_ATTR_IP, (void *) client_praddr, NULL);
8394b4
+        if (rv < 0) {
8394b4
+            slapi_log_err(SLAPI_LOG_ACL, plugin_name, "DS_LASIpGetter - "
8394b4
+                    "Couldn't set the client addr property(%d)\n",
8394b4
+                    rv);
8394b4
+            return LAS_EVAL_FAIL;
8394b4
+        }
8394b4
     }
8394b4
     if (PR_NetAddrToString(client_praddr, ip_str, sizeof(ip_str)) == PR_SUCCESS) {
8394b4
         slapi_log_err(SLAPI_LOG_ACL, plugin_name, "DS_LASIpGetter - "
8394b4
@@ -290,7 +305,7 @@ DS_LASIpGetter(NSErr_t *errp, PList_t subject, PList_t resource, PList_t auth_in
8394b4
         slapi_log_err(SLAPI_LOG_ACL, plugin_name, "DS_LASIpGetter - "
8394b4
                                                   "Returning client ip address 'unknown'\n");
8394b4
     }
8394b4
-
8394b4
+    slapi_pblock_set(aclpb->aclpb_pblock, SLAPI_CONN_CLIENTNETADDR_ACLIP, client_praddr);
8394b4
     return LAS_EVAL_TRUE;
8394b4
 }
8394b4
 
8394b4
diff --git a/ldap/servers/slapd/connection.c b/ldap/servers/slapd/connection.c
8394b4
index e124303be..da954ada6 100644
8394b4
--- a/ldap/servers/slapd/connection.c
8394b4
+++ b/ldap/servers/slapd/connection.c
8394b4
@@ -206,6 +206,7 @@ connection_cleanup(Connection *conn)
8394b4
     conn->c_isreplication_session = 0;
8394b4
     slapi_ch_free((void **)&conn->cin_addr);
8394b4
     slapi_ch_free((void **)&conn->cin_destaddr);
8394b4
+    slapi_ch_free((void **)&conn->cin_addr_aclip);
8394b4
     slapi_ch_free_string(&conn->c_ipaddr);
8394b4
     if (conn->c_domain != NULL) {
8394b4
         ber_bvecfree(conn->c_domain);
8394b4
@@ -408,6 +409,7 @@ connection_reset(Connection *conn, int ns, PRNetAddr *from, int fromLen __attrib
8394b4
             str_destip = str_unknown;
8394b4
         }
8394b4
     }
8394b4
+    slapi_ch_free((void **)&conn->cin_addr_aclip);
8394b4
 
8394b4
     if (!in_referral_mode) {
8394b4
         /* create a sasl connection */
8394b4
diff --git a/ldap/servers/slapd/pblock.c b/ldap/servers/slapd/pblock.c
8394b4
index cc44ace30..348cc6f1a 100644
8394b4
--- a/ldap/servers/slapd/pblock.c
8394b4
+++ b/ldap/servers/slapd/pblock.c
8394b4
@@ -482,6 +482,14 @@ slapi_pblock_get(Slapi_PBlock *pblock, int arg, void *value)
8394b4
         }
8394b4
         pthread_mutex_unlock(&(pblock->pb_conn->c_mutex));
8394b4
         break;
8394b4
+	case SLAPI_CONN_CLIENTNETADDR_ACLIP:
8394b4
+        if (pblock->pb_conn == NULL) {
8394b4
+            break;
8394b4
+        }
8394b4
+        pthread_mutex_lock(&(pblock->pb_conn->c_mutex));
8394b4
+        (*(PRNetAddr **) value) = pblock->pb_conn->cin_addr_aclip;
8394b4
+        pthread_mutex_unlock(&(pblock->pb_conn->c_mutex));
8394b4
+        break;
8394b4
     case SLAPI_CONN_SERVERNETADDR:
8394b4
         if (pblock->pb_conn == NULL) {
8394b4
             memset(value, 0, sizeof(PRNetAddr));
8394b4
@@ -2571,6 +2579,14 @@ slapi_pblock_set(Slapi_PBlock *pblock, int arg, void *value)
8394b4
         pblock->pb_conn->c_authtype = slapi_ch_strdup((char *)value);
8394b4
         pthread_mutex_unlock(&(pblock->pb_conn->c_mutex));
8394b4
         break;
8394b4
+	case SLAPI_CONN_CLIENTNETADDR_ACLIP:
8394b4
+        if (pblock->pb_conn == NULL) {
8394b4
+            break;
8394b4
+        }
8394b4
+        pthread_mutex_lock(&(pblock->pb_conn->c_mutex));
8394b4
+        slapi_ch_free((void **)&pblock->pb_conn->cin_addr_aclip);
8394b4
+        pblock->pb_conn->cin_addr_aclip = (PRNetAddr *)value;
8394b4
+        pthread_mutex_unlock(&(pblock->pb_conn->c_mutex));
8394b4
     case SLAPI_CONN_IS_REPLICATION_SESSION:
8394b4
         if (pblock->pb_conn == NULL) {
8394b4
             slapi_log_err(SLAPI_LOG_ERR,
8394b4
diff --git a/ldap/servers/slapd/slap.h b/ldap/servers/slapd/slap.h
8394b4
index 0aa2dcc1a..8a2748519 100644
8394b4
--- a/ldap/servers/slapd/slap.h
8394b4
+++ b/ldap/servers/slapd/slap.h
8394b4
@@ -1634,6 +1634,7 @@ typedef struct conn
8394b4
     char *c_external_dn;             /* client DN of this SSL session  */
8394b4
     char *c_external_authtype;       /* used for c_external_dn   */
8394b4
     PRNetAddr *cin_addr;             /* address of client on this conn */
8394b4
+    PRNetAddr *cin_addr_aclip;       /* address of client allocated by acl with 'ip' subject */
8394b4
     PRNetAddr *cin_destaddr;         /* address client connected to    */
8394b4
     struct berval **c_domain;        /* DNS names of client            */
8394b4
     Operation *c_ops;                /* list of pending operations      */
8394b4
diff --git a/ldap/servers/slapd/slapi-plugin.h b/ldap/servers/slapd/slapi-plugin.h
8394b4
index 01dcb0554..29a6238d9 100644
8394b4
--- a/ldap/servers/slapd/slapi-plugin.h
8394b4
+++ b/ldap/servers/slapd/slapi-plugin.h
8394b4
@@ -6930,6 +6930,7 @@ slapi_timer_result slapi_timespec_expire_check(struct timespec *expire);
8394b4
 #define SLAPI_CONN_DN                     143
8394b4
 #define SLAPI_CONN_CLIENTNETADDR          850
8394b4
 #define SLAPI_CONN_SERVERNETADDR          851
8394b4
+#define SLAPI_CONN_CLIENTNETADDR_ACLIP    853
8394b4
 #define SLAPI_CONN_IS_REPLICATION_SESSION 149
8394b4
 #define SLAPI_CONN_IS_SSL_SESSION         747
8394b4
 #define SLAPI_CONN_CERT                   743
8394b4
-- 
8394b4
2.21.1
8394b4