git.samba.org / samba.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 5eb4d70)
ldb: Fix mem-leak if talloc_realloc fails
authorSwen Schillig <swen@linux.ibm.com>
Wed, 31 Jul 2019 08:27:37 +0000 (10:27 +0200)
committerAndrew Bartlett <abartlet@samba.org>
Sat, 10 Aug 2019 19:24:29 +0000 (19:24 +0000)
In case of a failing talloc_realloc(), the only reference
to the originally allocated memory is overwritten.
Instead use a temp var until success is verified.

Signed-off-by: Swen Schillig <swen@linux.ibm.com>
Reviewed-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Matthias Dieter Wallnöfer <mdw@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
lib/ldb/common/ldb_dn.c patch | blob | history

diff --git a/lib/ldb/common/ldb_dn.c b/lib/ldb/common/ldb_dn.c
index 23a817edf65693bc1874a1c2011e8cb7c4575ad7..9b2fa966e111711249a0815e5e3a914861bc29db 100644 (file)
--- a/lib/ldb/common/ldb_dn.c
+++ b/lib/ldb/common/ldb_dn.c
@@ -376,6 +376,7 @@ static bool ldb_dn_explode(struct ldb_dn *dn)
                        }
 
                        if (in_ex_value && *p == '>') {
+                               struct ldb_dn_ext_component *ext_comp = NULL;
                                const struct ldb_dn_extended_syntax *ext_syntax;
                                struct ldb_val ex_val = {
                                        .data = (uint8_t *)ex_value,
@@ -388,15 +389,19 @@ static bool ldb_dn_explode(struct ldb_dn *dn)
 
                                /* Process name and ex_value */
 
-                               dn->ext_components = talloc_realloc(dn,
-                                                                   dn->ext_components,
-                                                                   struct ldb_dn_ext_component,
-                                                                   dn->ext_comp_num + 1);
-                               if ( ! dn->ext_components) {
+                               ext_comp = talloc_realloc(
+                                       dn,
+                                       dn->ext_components,
+                                       struct ldb_dn_ext_component,
+                                       dn->ext_comp_num + 1);
+
+                               if (ext_comp == NULL) {
                                        /* ouch ! */
                                        goto failed;
                                }
 
+                               dn->ext_components = ext_comp;
+
                                ext_syntax = ldb_dn_extended_syntax_by_name(dn->ldb, ex_name);
                                if (!ext_syntax) {
                                        /* We don't know about this type of extended DN */
Samba Shared Repository