diff options
author | aschrijver <aschrijver@cvs.openbsd.org> | 2009-01-16 13:11:16 +0000 |
---|---|---|
committer | aschrijver <aschrijver@cvs.openbsd.org> | 2009-01-16 13:11:16 +0000 |
commit | 8d2d889f22e5c866a3ba507f5e8f41351f2805e4 (patch) | |
tree | 023bb6b2695338a1d92f21b3a774b6531cf14dcc | |
parent | 674b7d913884a50390f167f9881511397531349c (diff) |
Fix double free with invalid ldap filter (reported by dlg@).
Fix more memory leaks.
-rw-r--r-- | usr.sbin/ypldap/aldap.c | 81 |
1 files changed, 58 insertions, 23 deletions
diff --git a/usr.sbin/ypldap/aldap.c b/usr.sbin/ypldap/aldap.c index c8579f55466..dd0a1acb51d 100644 --- a/usr.sbin/ypldap/aldap.c +++ b/usr.sbin/ypldap/aldap.c @@ -1,5 +1,5 @@ -/* $Id: aldap.c,v 1.10 2009/01/04 00:11:05 aschrijver Exp $ */ -/* $OpenBSD: aldap.c,v 1.10 2009/01/04 00:11:05 aschrijver Exp $ */ +/* $Id: aldap.c,v 1.11 2009/01/16 13:11:15 aschrijver Exp $ */ +/* $OpenBSD: aldap.c,v 1.11 2009/01/16 13:11:15 aschrijver Exp $ */ /* * Copyright (c) 2008 Alexander Schrijver <aschrijver@openbsd.org> @@ -63,71 +63,105 @@ aldap_init(int fd) int aldap_bind(struct aldap *ldap, char *binddn, char *bindcred) { - struct ber_element *root; + struct ber_element *root = NULL, *elm; int error; - root = ber_add_sequence(NULL); - ber_printf_elements(root, "d{tdsst", ++ldap->msgid, BER_CLASS_APP, + if((root = ber_add_sequence(NULL)) == NULL) + goto fail; + + elm = ber_printf_elements(root, "d{tdsst", ++ldap->msgid, BER_CLASS_APP, (unsigned long)LDAP_REQ_BIND, VERSION, binddn, bindcred, BER_CLASS_CONTEXT, (unsigned long)LDAP_AUTH_SIMPLE); + if(elm == NULL) + goto fail; LDAP_DEBUG("aldap_bind", root); error = ber_write_elements(&ldap->ber, root); ber_free_elements(root); + root = NULL; if (error == -1) - return (-1); + goto fail; return (ldap->msgid); +fail: + if(root != NULL) + ber_free_elements(root); + return (-1); } int aldap_unbind(struct aldap *ldap) { - struct ber_element *root; + struct ber_element *root = NULL, *elm; int error; - root = ber_add_sequence(NULL); - ber_printf_elements(root, "d{t", ++ldap->msgid, BER_CLASS_APP, + if((root = ber_add_sequence(NULL)) == NULL) + goto fail; + elm = ber_printf_elements(root, "d{t", ++ldap->msgid, BER_CLASS_APP, LDAP_REQ_UNBIND_30); + if(elm == NULL) + goto fail; LDAP_DEBUG("aldap_unbind", root); error = ber_write_elements(&ldap->ber, root); ber_free_elements(root); + root = NULL; if (error == -1) - return (-1); + goto fail; return (ldap->msgid); +fail: + if(root != NULL) + ber_free_elements(root); + + return (-1); } int aldap_search(struct aldap *ldap, char *basedn, enum scope scope, char *filter, char **attrs, int typesonly, int sizelimit, int timelimit) { - struct ber_element *root, *ber; + struct ber_element *root = NULL, *ber; int i, error; - root = ber_add_sequence(NULL); + if((root = ber_add_sequence(NULL)) == NULL) + goto fail; + ber = ber_printf_elements(root, "d{tsEEddb", ++ldap->msgid, BER_CLASS_APP, (unsigned long)LDAP_REQ_SEARCH, basedn, (long long)scope, (long long)LDAP_DEREF_NEVER, sizelimit, timelimit, typesonly); + if(ber == NULL) + goto fail; - ber = ldap_parse_search_filter(ber, filter); - ber = ber_add_sequence(ber); + if((ber = ldap_parse_search_filter(ber, filter)) == NULL) + goto parsefail; + if((ber = ber_add_sequence(ber)) == NULL) + goto fail; if(attrs != NULL) - for(i = 0; i >= 0 && attrs[i] != NULL; i++) - ber = ber_add_string(ber, attrs[i]); + for(i = 0; i >= 0 && attrs[i] != NULL; i++) { + if((ber = ber_add_string(ber, attrs[i])) == NULL) + goto fail; + } LDAP_DEBUG("aldap_search", root); error = ber_write_elements(&ldap->ber, root); ber_free_elements(root); + root = NULL; if (error == -1) - return (-1); + goto fail; return (ldap->msgid); + +parsefail: /* XXX -- error reporting */ +fail: + if(root != NULL) + ber_free_elements(root); + + return (-1); } struct aldap_message * @@ -580,7 +614,7 @@ ldap_parse_search_filter(struct ber_element *ber, char *filter) static struct ber_element * ldap_do_parse_search_filter(struct ber_element *prev, char **cpp) { - struct ber_element *elm, *root; + struct ber_element *elm, *root = NULL; char *attr_desc, *attr_val, *parsed_val, *cp; size_t len; unsigned long type; @@ -730,11 +764,10 @@ ldap_do_parse_search_filter(struct ber_element *prev, char **cpp) break; } - if((parsed_val = parseval(attr_val, len)) == - NULL) + if((parsed_val = parseval(attr_val, len)) == NULL) goto callfail; - if ((elm = ber_add_nstring(elm, parsed_val, strlen(parsed_val))) - == NULL) + if ((elm = ber_add_nstring(elm, parsed_val, + strlen(parsed_val))) == NULL) goto callfail; free(parsed_val); break; @@ -748,7 +781,9 @@ ldap_do_parse_search_filter(struct ber_element *prev, char **cpp) syntaxfail: /* XXX -- error reporting */ callfail: bad: - ber_free_elements(root); + if(root != NULL) + ber_free_elements(root); + ber_link_elements(prev, NULL); return (NULL); } |