From: Ondřej Kuzník <ondra@mistotebe.net>
Date: Wed, 31 Aug 2022 11:37:13 +0000 (+0100)
Subject: ITS#9438 slapo-remoteauth: plug config leaks
X-Git-Tag: OPENLDAP_REL_ENG_2_5_14~92
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=f3325ae800ad46cd56d95cb79eed7d8e96359b58;p=thirdparty%2Fopenldap.git

ITS#9438 slapo-remoteauth: plug config leaks
---

diff --git a/servers/slapd/overlays/remoteauth.c b/servers/slapd/overlays/remoteauth.c
index 87397a16d6..1d60af0209 100644
--- a/servers/slapd/overlays/remoteauth.c
+++ b/servers/slapd/overlays/remoteauth.c
@@ -204,12 +204,12 @@ remoteauth_cf_gen( ConfigArgs *c )
 						str = ch_malloc( strlen( map->domain ) +
 								strlen( map->realm ) + 2 );
 						sprintf( str, "%s %s", map->domain, map->realm );
-						ber_str2bv( str, strlen( str ), 1, &bv );
-						ch_free( str );
+						ber_str2bv( str, 0, 0, &bv );
 						rc = value_add_one( &c->rvalue_vals, &bv );
-						if ( rc ) return rc;
-						rc = value_add_one( &c->rvalue_nvals, &bv );
-						if ( rc ) return rc;
+						if ( !rc )
+							rc = value_add_one( &c->rvalue_nvals, &bv );
+						ch_free( str );
+						if ( rc ) break;
 					}
 					break;
 				case REMOTE_AUTH_DN_ATTRIBUTE:
@@ -223,13 +223,13 @@ remoteauth_cf_gen( ConfigArgs *c )
 					break;
 				case REMOTE_AUTH_DEFAULT_DOMAIN:
 					if ( ad->default_domain ) {
-						ber_str2bv( ad->default_domain, 0, 1, &bv );
+						ber_str2bv( ad->default_domain, 0, 0, &bv );
 						value_add_one( &c->rvalue_vals, &bv );
 					}
 					break;
 				case REMOTE_AUTH_DEFAULT_REALM:
 					if ( ad->default_realm ) {
-						ber_str2bv( ad->default_realm, 0, 1, &bv );
+						ber_str2bv( ad->default_realm, 0, 0, &bv );
 						value_add_one( &c->rvalue_vals, &bv );
 					}
 					break;
@@ -246,6 +246,7 @@ remoteauth_cf_gen( ConfigArgs *c )
 					}
 
 					value_add_one( &c->rvalue_vals, &bv );
+					ch_free( bv.bv_val );
 					break;
 				case REMOTE_AUTH_TLS_PIN: {
 					ad_pin *pin = ad->pins;
@@ -950,14 +951,19 @@ remoteauth_db_destroy( BackendDB *be, ConfigReply *cr )
 	ad_info *ai = ap->mappings;
 
 	while ( ai ) {
+		ad_info *next = ai->next;
+
 		if ( ai->domain ) ch_free( ai->domain );
 		if ( ai->realm ) ch_free( ai->realm );
-		ai = ai->next;
+
+		ch_free( ai );
+		ai = next;
 	}
 
 	if ( ap->dn ) ch_free( ap->dn );
 	if ( ap->default_domain ) ch_free( ap->default_domain );
 	if ( ap->default_realm ) ch_free( ap->default_realm );
+	if ( ap->domain_attr ) ch_free( ap->domain_attr );
 
 	bindconf_free( &ap->ad_tls );