From: Ondřej Kuzník <ondra@mistotebe.net>
Date: Tue, 30 Aug 2022 12:22:45 +0000 (+0100)
Subject: ITS#9817 Fix leaks and nul-terminate string passed to ldap_bv2dn
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=4697f4b3e0dcb5134324e8e462b471178904e48d;p=thirdparty%2Fopenldap.git

ITS#9817 Fix leaks and nul-terminate string passed to ldap_bv2dn
---

diff --git a/libraries/librewrite/escapemap.c b/libraries/librewrite/escapemap.c
index 70ac9e0622..a28c888496 100644
--- a/libraries/librewrite/escapemap.c
+++ b/libraries/librewrite/escapemap.c
@@ -103,7 +103,7 @@ map_unescape_dn( struct berval *input, struct berval *output )
 	int rc = REWRITE_SUCCESS;
 
 	fake_dn.bv_len = STRLENOF("uid=") + input->bv_len;
-	fake_dn.bv_val = p = malloc( fake_dn.bv_len );
+	fake_dn.bv_val = p = malloc( fake_dn.bv_len + 1 );
 	if ( p == NULL ) {
 		return REWRITE_ERR;
 	}
@@ -111,14 +111,17 @@ map_unescape_dn( struct berval *input, struct berval *output )
 	memcpy( p, "uid=", STRLENOF("uid=") );
 	p += STRLENOF("uid=");
 	memcpy( p, input->bv_val, input->bv_len );
+	fake_dn.bv_val[fake_dn.bv_len] = '\0';
 
 	if ( ldap_bv2dn( &fake_dn, &dn, LDAP_DN_FORMAT_LDAPV3 ) != LDAP_SUCCESS ) {
+		free( fake_dn.bv_val );
 		return REWRITE_ERR;
 	}
 	if ( ber_dupbv( output, &dn[0][0]->la_value ) == NULL ) {
 		rc = REWRITE_ERR;
 	}
 	ldap_dnfree( dn );
+	free( fake_dn.bv_val );
 	return rc;
 }
 
@@ -178,7 +181,7 @@ map_escape_apply(
 		struct berval *output )
 {
 	escape_fn **fns = private;
-	struct berval tmpin, tmpout;
+	struct berval tmpin, tmpout = BER_BVNULL;
 	int i;
 
 	assert( private != NULL );
@@ -191,9 +194,11 @@ map_escape_apply(
 		int rc = fns[i]( &tmpin, &tmpout );
 		free( tmpin.bv_val );
 		if ( rc != REWRITE_SUCCESS ) {
+			free( tmpout.bv_val );
 			return rc;
 		}
 		tmpin = tmpout;
+		BER_BVZERO( &tmpout );
 	}
 	*output = tmpin;