From 73760f92c1b3e40db5f511e4bc45569816bdf386 Mon Sep 17 00:00:00 2001 From: Mark Reynolds Date: Thu, 13 Mar 2014 14:07:49 -0400 Subject: [PATCH 184/225] Ticket 47740 - Fix coverity issues - Part 5 12494 - resource leak - /ldap/servers/slapd/saslbind.c 12487 - resource leak - /ldap/servers/plugins/replication/urp.c 12486 - resource leak - /ldap/servers/plugins/acl/acleffectiverights.c 12480 - resource leak - lib/ldaputil/certmap.c 12478 - resource leak - lib/ldaputil/certmap.c 12477 - resource leak - lib/ldaputil/certmap.c https://fedorahosted.org/389/ticket/47740 Reviewed by: rmeggins(Thanks!) (cherry picked from commit eb10369878df49fdd8a5ff572a6ebeee1716dac5) (cherry picked from commit 1c552d56116cb6124d91773fa539a94033dbec1a) --- ldap/servers/plugins/acl/acleffectiverights.c | 1 + ldap/servers/plugins/replication/urp.c | 1 + ldap/servers/slapd/saslbind.c | 2 +- lib/ldaputil/certmap.c | 152 +++++++++++++------------- 4 files changed, 77 insertions(+), 79 deletions(-) diff --git a/ldap/servers/plugins/acl/acleffectiverights.c b/ldap/servers/plugins/acl/acleffectiverights.c index 380dd74..53e4755 100644 --- a/ldap/servers/plugins/acl/acleffectiverights.c +++ b/ldap/servers/plugins/acl/acleffectiverights.c @@ -130,6 +130,7 @@ _ger_g_permission_granted ( } else { + slapi_ch_free_string(&proxydn); /* this could still have been set - free it */ requestor_sdn = &(pb->pb_op->o_sdn); } if ( slapi_sdn_get_dn (requestor_sdn) == NULL ) diff --git a/ldap/servers/plugins/replication/urp.c b/ldap/servers/plugins/replication/urp.c index e236541..9787ff7 100644 --- a/ldap/servers/plugins/replication/urp.c +++ b/ldap/servers/plugins/replication/urp.c @@ -1248,6 +1248,7 @@ get_dn_plus_uniqueid(char *sessionid, const Slapi_DN *oldsdn, const char *unique char *parentdn = slapi_dn_parent(slapi_sdn_get_dn(oldsdn)); slapi_rdn_add(rdn, SLAPI_ATTR_UNIQUEID, uniqueid); newdn = slapi_ch_smprintf("%s,%s", slapi_rdn_get_rdn(rdn), parentdn); + slapi_ch_free_string(&parentdn); } slapi_rdn_free(&rdn); return newdn; diff --git a/ldap/servers/slapd/saslbind.c b/ldap/servers/slapd/saslbind.c index a5db020..eb814a2 100644 --- a/ldap/servers/slapd/saslbind.c +++ b/ldap/servers/slapd/saslbind.c @@ -498,7 +498,7 @@ static int ids_sasl_getpluginpath(sasl_conn_t *conn, const char **path) * 64-bit Linux machines, and /usr/lib/sasl2 on all other platforms. */ char *pluginpath = config_get_saslpath(); - if ((!pluginpath) || (*pluginpath == '\0')) { + if (!pluginpath) { if (!(pluginpath = getenv("SASL_PATH"))) { #if defined(LINUX) && defined(__LP64__) pluginpath = "/usr/lib64/sasl2"; diff --git a/lib/ldaputil/certmap.c b/lib/ldaputil/certmap.c index e27633c..aa5bafa 100644 --- a/lib/ldaputil/certmap.c +++ b/lib/ldaputil/certmap.c @@ -500,13 +500,13 @@ static int process_certinfo (LDAPUCertMapInfo_t *certinfo) char *searchAttr = 0; if (!ldapu_strcasecmp(certinfo->issuerName, "default")) { - default_certmap_info = certinfo; + default_certmap_info = certinfo; } else if (!certinfo->issuerDN) { - return LDAPU_ERR_NO_ISSUERDN_IN_CONFIG_FILE; + return LDAPU_ERR_NO_ISSUERDN_IN_CONFIG_FILE; } else { - rv = ldapu_list_add_info(certmap_listinfo, certinfo); + rv = ldapu_list_add_info(certmap_listinfo, certinfo); } if (rv != LDAPU_SUCCESS) return rv; @@ -515,21 +515,21 @@ static int process_certinfo (LDAPUCertMapInfo_t *certinfo) rv = ldapu_certmap_info_attrval (certinfo, LDAPU_ATTR_DNCOMPS, &dncomps); if (rv == LDAPU_SUCCESS && dncomps) { - certinfo->dncompsState = COMPS_HAS_ATTRS; - tolower_string(dncomps); + certinfo->dncompsState = COMPS_HAS_ATTRS; + tolower_string(dncomps); } else if (rv == LDAPU_FAILED) { - certinfo->dncompsState = COMPS_COMMENTED_OUT; - rv = LDAPU_SUCCESS; + certinfo->dncompsState = COMPS_COMMENTED_OUT; + rv = LDAPU_SUCCESS; } else if (rv == LDAPU_SUCCESS && !dncomps) { - certinfo->dncompsState = COMPS_EMPTY; - dncomps = ""; /* present but empty */ + certinfo->dncompsState = COMPS_EMPTY; + dncomps = ""; /* present but empty */ } rv = parse_into_bitmask (dncomps, &certinfo->dncomps, -1); - if (dncomps && *dncomps) free(dncomps); + free(dncomps); dncomps = NULL; if (rv != LDAPU_SUCCESS) return rv; @@ -538,21 +538,21 @@ static int process_certinfo (LDAPUCertMapInfo_t *certinfo) &filtercomps); if (rv == LDAPU_SUCCESS && filtercomps) { - certinfo->filtercompsState = COMPS_HAS_ATTRS; - tolower_string(filtercomps); + certinfo->filtercompsState = COMPS_HAS_ATTRS; + tolower_string(filtercomps); } else if (rv == LDAPU_FAILED) { - certinfo->filtercompsState = COMPS_COMMENTED_OUT; - rv = LDAPU_SUCCESS; + certinfo->filtercompsState = COMPS_COMMENTED_OUT; + rv = LDAPU_SUCCESS; } else if (rv == LDAPU_SUCCESS && !filtercomps) { - certinfo->filtercompsState = COMPS_EMPTY; - filtercomps = ""; /* present but empty */ + certinfo->filtercompsState = COMPS_EMPTY; + filtercomps = ""; /* present but empty */ } rv = parse_into_bitmask (filtercomps, &certinfo->filtercomps, 0); - if (filtercomps && *filtercomps) free(filtercomps); + if (filtercomps) free(filtercomps); if (rv != LDAPU_SUCCESS) return rv; @@ -560,15 +560,15 @@ static int process_certinfo (LDAPUCertMapInfo_t *certinfo) rv = ldapu_certmap_info_attrval(certinfo, LDAPU_ATTR_CERTMAP_LDAP_ATTR, &searchAttr); - if (rv == LDAPU_FAILED || !searchAttr || !*searchAttr) - rv = LDAPU_SUCCESS; - else { - certinfo->searchAttr = searchAttr ? strdup(searchAttr) : 0; + if (rv == LDAPU_FAILED || !searchAttr){ + rv = LDAPU_SUCCESS; + } else { + certinfo->searchAttr = searchAttr; - if (searchAttr && !certinfo->searchAttr) - rv = LDAPU_ERR_OUT_OF_MEMORY; - else - rv = LDAPU_SUCCESS; + if (searchAttr && !certinfo->searchAttr) + rv = LDAPU_ERR_OUT_OF_MEMORY; + else + rv = LDAPU_SUCCESS; } if (rv != LDAPU_SUCCESS) return rv; @@ -578,73 +578,69 @@ static int process_certinfo (LDAPUCertMapInfo_t *certinfo) rv = ldapu_certmap_info_attrval(certinfo, LDAPU_ATTR_VERIFYCERT, &verify); if (rv == LDAPU_SUCCESS) { - if (!ldapu_strcasecmp(verify, "on")) - certinfo->verifyCert = 1; - else if (!ldapu_strcasecmp(verify, "off")) - certinfo->verifyCert = 0; - else if (!verify || !*verify) /* for mail/news backward compatibilty */ - certinfo->verifyCert = 1; /* otherwise, this should be an error */ - else - rv = LDAPU_ERR_MISSING_VERIFYCERT_VAL; + if (!ldapu_strcasecmp(verify, "on")) + certinfo->verifyCert = 1; + else if (!ldapu_strcasecmp(verify, "off")) + certinfo->verifyCert = 0; + else if (!verify || !*verify) /* for mail/news backward compatibilty */ + certinfo->verifyCert = 1; /* otherwise, this should be an error */ + else + rv = LDAPU_ERR_MISSING_VERIFYCERT_VAL; } else if (rv == LDAPU_FAILED) rv = LDAPU_SUCCESS; - if (verify && *verify) free(verify); + if (verify) free(verify); if (rv != LDAPU_SUCCESS) return rv; { - PRLibrary *lib = 0; + PRLibrary *lib = 0; - /* look for the library property and load it */ - rv = ldapu_certmap_info_attrval(certinfo, LDAPU_ATTR_LIBRARY, &libname); + /* look for the library property and load it */ + rv = ldapu_certmap_info_attrval(certinfo, LDAPU_ATTR_LIBRARY, &libname); - if (rv == LDAPU_SUCCESS) { - if (libname && *libname) { - lib = PR_LoadLibrary(libname); - if (!lib) rv = LDAPU_ERR_UNABLE_TO_LOAD_PLUGIN; - } - else { - rv = LDAPU_ERR_MISSING_LIBNAME; - } - } - else if (rv == LDAPU_FAILED) rv = LDAPU_SUCCESS; + if (rv == LDAPU_SUCCESS) { + if (libname && *libname) { + lib = PR_LoadLibrary(libname); + if (!lib) rv = LDAPU_ERR_UNABLE_TO_LOAD_PLUGIN; + } else { + rv = LDAPU_ERR_MISSING_LIBNAME; + } + } else if (rv == LDAPU_FAILED) rv = LDAPU_SUCCESS; - if (libname) free(libname); - if (rv != LDAPU_SUCCESS) return rv; + if (libname) free(libname); + if (rv != LDAPU_SUCCESS) return rv; - /* look for the InitFn property, find it in the libray and call it */ - rv = ldapu_certmap_info_attrval(certinfo, LDAPU_ATTR_INITFN, &fname); + /* look for the InitFn property, find it in the libray and call it */ + rv = ldapu_certmap_info_attrval(certinfo, LDAPU_ATTR_INITFN, &fname); - if (rv == LDAPU_SUCCESS) { - if (fname && *fname) { - /* If lib is NULL, PR_FindSymbol will search all libs loaded - * through PR_LoadLibrary. - */ - CertMapInitFn_t fn = (CertMapInitFn_t)PR_FindSymbol(lib, fname); + if (rv == LDAPU_SUCCESS) { + if (fname && *fname) { + /* If lib is NULL, PR_FindSymbol will search all libs loaded + * through PR_LoadLibrary. + */ + CertMapInitFn_t fn = (CertMapInitFn_t)PR_FindSymbol(lib, fname); - if (!fn) { - rv = LDAPU_ERR_MISSING_INIT_FN_IN_LIB; - } - else { - rv = (*fn)(certinfo, certinfo->issuerName, - certinfo->issuerDN, this_dllname); - } - } - else { - rv = LDAPU_ERR_MISSING_INIT_FN_NAME; - } - } - else if (lib) { - /* If library is specified, init function must be specified */ - /* If init fn is specified, library may not be specified */ - rv = LDAPU_ERR_MISSING_INIT_FN_IN_CONFIG; - } - else if (rv == LDAPU_FAILED) rv = LDAPU_SUCCESS; - - if (fname) free(fname); + if (!fn) { + rv = LDAPU_ERR_MISSING_INIT_FN_IN_LIB; + } else { + rv = (*fn)(certinfo, certinfo->issuerName, + certinfo->issuerDN, this_dllname); + } + } else { + rv = LDAPU_ERR_MISSING_INIT_FN_NAME; + } + } else if (lib) { + /* If library is specified, init function must be specified */ + /* If init fn is specified, library may not be specified */ + rv = LDAPU_ERR_MISSING_INIT_FN_IN_CONFIG; + } else if (rv == LDAPU_FAILED){ + rv = LDAPU_SUCCESS; + } + + if (fname) free(fname); - if (rv != LDAPU_SUCCESS) return rv; + if (rv != LDAPU_SUCCESS) return rv; } return rv; -- 1.8.1.4