From 1efe2e80f42812299ae6c60576f7fb37777c1a98 Mon Sep 17 00:00:00 2001 From: Pierangelo Masarati Date: Thu, 21 Jul 2005 18:17:58 +0000 Subject: [PATCH] attempt to fix invalid free --- servers/slapd/sasl.c | 31 +++++++++++++++++++++++-------- 1 file changed, 23 insertions(+), 8 deletions(-) diff --git a/servers/slapd/sasl.c b/servers/slapd/sasl.c index 6051a506eb..91b5652933 100644 --- a/servers/slapd/sasl.c +++ b/servers/slapd/sasl.c @@ -609,7 +609,7 @@ slap_sasl_authorize( { Connection *conn = (Connection *)context; struct propval auxvals[3]; - struct berval authcDN, authzDN=BER_BVNULL; + struct berval authcDN, authzDN = BER_BVNULL; int rc; /* Simple Binds don't support proxy authorization, ignore it */ @@ -678,7 +678,7 @@ slap_sasl_authorize( const char **user, const char **errstr) { - struct berval authcDN, authzDN; + struct berval authcDN, authzDN = BER_BVNULL; int rc; Connection *conn = context; char *realm; @@ -732,7 +732,7 @@ slap_sasl_authorize( return SASL_NOAUTHZ; } - rc = slap_sasl_authorized(conn->c_sasl_bindop, &authcDN, &authzDN ); + rc = slap_sasl_authorized( conn->c_sasl_bindop, &authcDN, &authzDN ); if( rc ) { Debug( LDAP_DEBUG_TRACE, "SASL Authorize [conn=%ld]: " "proxy authorization disallowed (%d)\n", @@ -742,7 +742,17 @@ slap_sasl_authorize( ch_free( authzDN.bv_val ); return SASL_NOAUTHZ; } - conn->c_sasl_authz_dn = authzDN; + + /* FIXME: we need yet another dup because slap_sasl_getdn() + * is using the bind operation slab */ + if ( conn->c_sasl_bindop ) { + ber_dupbv( &conn->c_sasl_authz_dn, &authzDN ); + slap_sl_free( authzDN.bv_val, + conn->c_sasl_bindop->o_tmpmemctx ); + + } else { + conn->c_sasl_authz_dn = authzDN; + } ok: Debug( LDAP_DEBUG_TRACE, "SASL Authorize [conn=%ld]: " @@ -750,7 +760,7 @@ ok: (long) (conn ? conn->c_connid : -1), authzDN.bv_val ? authzDN.bv_val : "", 0 ); - if (conn->c_sasl_bindop) { + if ( conn->c_sasl_bindop ) { Statslog( LDAP_DEBUG_STATS, "conn=%lu op=%lu BIND authcid=\"%s\" authzid=\"%s\"\n", conn->c_connid, conn->c_sasl_bindop->o_opid, @@ -1534,6 +1544,7 @@ int slap_sasl_getdn( Connection *conn, Operation *op, struct berval *id, if ( !op ) { op = conn->c_sasl_bindop; } + assert( op ); BER_BVZERO( dn ); @@ -1647,13 +1658,16 @@ int slap_sasl_getdn( Connection *conn, Operation *op, struct berval *id, irdn++; DN[ irdn ] = NULL; - rc = ldap_dn2bv_x( DN, dn, LDAP_DN_FORMAT_LDAPV3, op->o_tmpmemctx ); + rc = ldap_dn2bv_x( DN, dn, LDAP_DN_FORMAT_LDAPV3, + op->o_tmpmemctx ); if ( rc != LDAP_SUCCESS ) { BER_BVZERO( dn ); return rc; } - Debug( LDAP_DEBUG_TRACE, "slap_sasl_getdn: u:id converted to %s\n", dn->bv_val,0,0 ); + Debug( LDAP_DEBUG_TRACE, + "slap_sasl_getdn: u:id converted to %s\n", + dn->bv_val, 0, 0 ); } else { @@ -1683,7 +1697,8 @@ int slap_sasl_getdn( Connection *conn, Operation *op, struct berval *id, if( !BER_BVISNULL( &dn2 ) ) { slap_sl_free( dn->bv_val, op->o_tmpmemctx ); *dn = dn2; - Debug( LDAP_DEBUG_TRACE, "getdn: dn:id converted to %s\n", + Debug( LDAP_DEBUG_TRACE, + "slap_sasl_getdn: dn:id converted to %s\n", dn->bv_val, 0, 0 ); } -- 2.39.5