From: Douglas Bagnall Date: Wed, 21 Aug 2024 23:03:13 +0000 (+1200) Subject: ldb:dn_casefold_internal: TALLOC_FREE only what we talloced X-Git-Tag: tdb-1.4.13~266 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=df3f7be32627acabc2a937a5b579740eaa63bd2a;p=thirdparty%2Fsamba.git ldb:dn_casefold_internal: TALLOC_FREE only what we talloced If the failure is not on the last component, we would have TALLOC_FREE()ed some components that we hadn't set. I think in all pathways we initialise the unset components to zero, but we should be careful just in case. Signed-off-by: Douglas Bagnall Reviewed-by: Andreas Schneider --- diff --git a/lib/ldb/common/ldb_dn.c b/lib/ldb/common/ldb_dn.c index 19350cc610c..8e89571229f 100644 --- a/lib/ldb/common/ldb_dn.c +++ b/lib/ldb/common/ldb_dn.c @@ -926,7 +926,7 @@ char *ldb_dn_alloc_linearized(TALLOC_CTX *mem_ctx, struct ldb_dn *dn) static bool ldb_dn_casefold_internal(struct ldb_dn *dn) { - unsigned int i; + unsigned int i, j; int ret; if ( ! dn || dn->invalid) return false; @@ -954,18 +954,24 @@ static bool ldb_dn_casefold_internal(struct ldb_dn *dn) &(dn->components[i].value), &(dn->components[i].cf_value)); if (ret != 0) { - goto failed; + goto failed_1; } } dn->valid_case = true; return true; - -failed: - for (i = 0; i < dn->comp_num; i++) { - LDB_FREE(dn->components[i].cf_name); - LDB_FREE(dn->components[i].cf_value.data); + failed_1: + /* + * Although we try to always initialise .cf_name and .cf.value.data to + * NULL, we want to avoid TALLOC_FREEing the values we have not just + * set here. + */ + TALLOC_FREE(dn->components[i].cf_name); + failed: + for (j = 0; j < i; i++) { + TALLOC_FREE(dn->components[j].cf_name); + TALLOC_FREE(dn->components[j].cf_value.data); } return false; }