ITS#9160 OOM handling in back-meta

diff --git a/servers/slapd/back-meta/config.c b/servers/slapd/back-meta/config.c
index fc0ec2cde5d20a363fd0f11e2d1507f76d242e84..5cb4d1c1dd3a8d104e4eb84eb7abad4852178ec2 100644 (file)
--- a/servers/slapd/back-meta/config.c
+++ b/servers/slapd/back-meta/config.c
@@ -1481,7 +1481,7 @@ meta_back_cf_gen( ConfigArgs *c )
                                char *ptr;
                                int len = snprintf( buf, sizeof( buf ), SLAP_X_ORDERED_FMT, i );
                                bv.bv_len = ((*bvp)[ i ]).bv_len + len;
-                               bv.bv_val = ber_memrealloc( bv.bv_val, bv.bv_len + 1 );
+                               bv.bv_val = ch_realloc( bv.bv_val, bv.bv_len + 1 );
                                ptr = bv.bv_val;
                                ptr = lutil_strcopy( ptr, buf );
                                ptr = lutil_strncopy( ptr, ((*bvp)[ i ]).bv_val, ((*bvp)[ i ]).bv_len );
@@ -2635,7 +2635,7 @@ idassert-authzFrom        "dn:<rootdn>"
                                assert( !BER_BVISNULL( &mt->mt_idassert_authcDN ) );
 
                                bv.bv_len = STRLENOF( "dn:" ) + c->be->be_rootndn.bv_len;
-                               bv.bv_val = ber_memalloc( bv.bv_len + 1 );
+                               bv.bv_val = ch_malloc( bv.bv_len + 1 );
                                AC_MEMCPY( bv.bv_val, "dn:", STRLENOF( "dn:" ) );
                                AC_MEMCPY( &bv.bv_val[ STRLENOF( "dn:" ) ], c->be->be_rootndn.bv_val, c->be->be_rootndn.bv_len + 1 );
 

diff --git a/servers/slapd/back-meta/map.c b/servers/slapd/back-meta/map.c
index 144dc693dee53be27ed1f59aae2883f2305168db..ee7aa2f086b0d694536fab979a76a350588cc8a0 100644 (file)
--- a/servers/slapd/back-meta/map.c
+++ b/servers/slapd/back-meta/map.c
@@ -381,6 +381,10 @@ ldap_back_int_filter_map_rewrite(
                fstr->bv_len = atmp.bv_len + vtmp.bv_len
                        + ( sizeof("(=)") - 1 );
                fstr->bv_val = ber_memalloc_x( fstr->bv_len + 1, memctx );
+               if ( !fstr->bv_val ) {
+                       ber_memfree_x( vtmp.bv_val, memctx );
+                       return LDAP_NO_MEMORY;
+               }
 
                snprintf( fstr->bv_val, fstr->bv_len + 1, "(%s=%s)",
                        atmp.bv_val, vtmp.bv_len ? vtmp.bv_val : "" );
@@ -398,6 +402,10 @@ ldap_back_int_filter_map_rewrite(
                fstr->bv_len = atmp.bv_len + vtmp.bv_len
                        + ( sizeof("(>=)") - 1 );
                fstr->bv_val = ber_memalloc_x( fstr->bv_len + 1, memctx );
+               if ( !fstr->bv_val ) {
+                       ber_memfree_x( vtmp.bv_val, memctx );
+                       return LDAP_NO_MEMORY;
+               }
 
                snprintf( fstr->bv_val, fstr->bv_len + 1, "(%s>=%s)",
                        atmp.bv_val, vtmp.bv_len ? vtmp.bv_val : "" );
@@ -415,6 +423,10 @@ ldap_back_int_filter_map_rewrite(
                fstr->bv_len = atmp.bv_len + vtmp.bv_len
                        + ( sizeof("(<=)") - 1 );
                fstr->bv_val = ber_memalloc_x( fstr->bv_len + 1, memctx );
+               if ( !fstr->bv_val ) {
+                       ber_memfree_x( vtmp.bv_val, memctx );
+                       return LDAP_NO_MEMORY;
+               }
 
                snprintf( fstr->bv_val, fstr->bv_len + 1, "(%s<=%s)",
                        atmp.bv_val, vtmp.bv_len ? vtmp.bv_val : "" );
@@ -432,6 +444,10 @@ ldap_back_int_filter_map_rewrite(
                fstr->bv_len = atmp.bv_len + vtmp.bv_len
                        + ( sizeof("(~=)") - 1 );
                fstr->bv_val = ber_memalloc_x( fstr->bv_len + 1, memctx );
+               if ( !fstr->bv_val ) {
+                       ber_memfree_x( vtmp.bv_val, memctx );
+                       return LDAP_NO_MEMORY;
+               }
 
                snprintf( fstr->bv_val, fstr->bv_len + 1, "(%s~=%s)",
                        atmp.bv_val, vtmp.bv_len ? vtmp.bv_val : "" );
@@ -450,17 +466,27 @@ ldap_back_int_filter_map_rewrite(
 
                fstr->bv_len = atmp.bv_len + ( STRLENOF( "(=*)" ) );
                fstr->bv_val = ber_memalloc_x( fstr->bv_len + 128, memctx ); /* FIXME: why 128 ? */
+               if ( !fstr->bv_val ) {
+                       return LDAP_NO_MEMORY;
+               }
 
                snprintf( fstr->bv_val, fstr->bv_len + 1, "(%s=*)",
                        atmp.bv_val );
 
                if ( !BER_BVISNULL( &f->f_sub_initial ) ) {
+                       char *tmp;
+
                        len = fstr->bv_len;
 
                        filter_escape_value_x( &f->f_sub_initial, &vtmp, memctx );
 
                        fstr->bv_len += vtmp.bv_len;
-                       fstr->bv_val = ber_memrealloc_x( fstr->bv_val, fstr->bv_len + 1, memctx );
+                       tmp = ber_memrealloc_x( fstr->bv_val, fstr->bv_len + 1, memctx );
+                       if ( !tmp ) {
+                               ber_memfree_x( vtmp.bv_val, memctx );
+                               return LDAP_NO_MEMORY;
+                       }
+                       fstr->bv_val = tmp;
 
                        snprintf( &fstr->bv_val[len - 2], vtmp.bv_len + 3,
                                /* "(attr=" */ "%s*)",
@@ -471,11 +497,18 @@ ldap_back_int_filter_map_rewrite(
 
                if ( f->f_sub_any != NULL ) {
                        for ( i = 0; !BER_BVISNULL( &f->f_sub_any[i] ); i++ ) {
+                               char *tmp;
+
                                len = fstr->bv_len;
                                filter_escape_value_x( &f->f_sub_any[i], &vtmp, memctx );
 
                                fstr->bv_len += vtmp.bv_len + 1;
-                               fstr->bv_val = ber_memrealloc_x( fstr->bv_val, fstr->bv_len + 1, memctx );
+                               tmp = ber_memrealloc_x( fstr->bv_val, fstr->bv_len + 1, memctx );
+                               if ( !tmp ) {
+                                       ber_memfree_x( vtmp.bv_val, memctx );
+                                       return LDAP_NO_MEMORY;
+                               }
+                               fstr->bv_val = tmp;
 
                                snprintf( &fstr->bv_val[len - 1], vtmp.bv_len + 3,
                                        /* "(attr=[init]*[any*]" */ "%s*)",
@@ -485,12 +518,19 @@ ldap_back_int_filter_map_rewrite(
                }
 
                if ( !BER_BVISNULL( &f->f_sub_final ) ) {
+                       char *tmp;
+
                        len = fstr->bv_len;
 
                        filter_escape_value_x( &f->f_sub_final, &vtmp, memctx );
 
                        fstr->bv_len += vtmp.bv_len;
-                       fstr->bv_val = ber_memrealloc_x( fstr->bv_val, fstr->bv_len + 1, memctx );
+                       tmp = ber_memrealloc_x( fstr->bv_val, fstr->bv_len + 1, memctx );
+                       if ( !tmp ) {
+                               ber_memfree_x( vtmp.bv_val, memctx );
+                               return LDAP_NO_MEMORY;
+                       }
+                       fstr->bv_val = tmp;
 
                        snprintf( &fstr->bv_val[len - 1], vtmp.bv_len + 3,
                                /* "(attr=[init*][any*]" */ "%s)",
@@ -510,6 +550,9 @@ ldap_back_int_filter_map_rewrite(
 
                fstr->bv_len = atmp.bv_len + ( STRLENOF( "(=*)" ) );
                fstr->bv_val = ber_memalloc_x( fstr->bv_len + 1, memctx );
+               if ( !fstr->bv_val ) {
+                       return LDAP_NO_MEMORY;
+               }
 
                snprintf( fstr->bv_val, fstr->bv_len + 1, "(%s=*)",
                        atmp.bv_val );
@@ -537,6 +580,10 @@ ldap_back_int_filter_map_rewrite(
                        
                        fstr->bv_len += vtmp.bv_len;
                        fstr->bv_val = ber_memrealloc_x( fstr->bv_val, fstr->bv_len + 1, memctx );
+                       if ( !fstr->bv_val ) {
+                               ber_memfree_x( vtmp.bv_val, memctx );
+                               return LDAP_NO_MEMORY;
+                       }
 
                        snprintf( &fstr->bv_val[len-1], vtmp.bv_len + 2, 
                                /*"("*/ "%s)", vtmp.bv_len ? vtmp.bv_val : "" );
@@ -565,6 +612,10 @@ ldap_back_int_filter_map_rewrite(
                        ( !BER_BVISEMPTY( &f->f_mr_rule_text ) ? f->f_mr_rule_text.bv_len + 1 : 0 ) +
                        vtmp.bv_len + ( STRLENOF( "(:=)" ) );
                fstr->bv_val = ber_memalloc_x( fstr->bv_len + 1, memctx );
+               if ( !fstr->bv_val ) {
+                       ber_memfree_x( vtmp.bv_val, memctx );
+                       return LDAP_NO_MEMORY;
+               }
 
                snprintf( fstr->bv_val, fstr->bv_len + 1, "(%s%s%s%s:=%s)",
                        atmp.bv_val,

diff --git a/servers/slapd/back-meta/search.c b/servers/slapd/back-meta/search.c
index 438b3243502f441252f07396e9e63d042f8f6c3e..af4ae14397912a1d2d41cab88829daa5b006d7a5 100644 (file)
--- a/servers/slapd/back-meta/search.c
+++ b/servers/slapd/back-meta/search.c
@@ -1301,7 +1301,7 @@ really_bad:;
                                        for ( cnt = 0; references[ cnt ]; cnt++ )
                                                ;
        
-                                       rs->sr_ref = ber_memalloc_x( sizeof( struct berval ) * ( cnt + 1 ),
+                                       rs->sr_ref = op->o_tmpalloc( sizeof( struct berval ) * ( cnt + 1 ),
                                                op->o_tmpmemctx );
        
                                        for ( cnt = 0; references[ cnt ]; cnt++ ) {
@@ -1456,7 +1456,7 @@ really_bad:;
                                                        for ( cnt = 0; references[ cnt ]; cnt++ )
                                                                ;
        
-                                                       sr_ref = ber_memalloc_x( sizeof( struct berval ) * ( cnt + 1 ),
+                                                       sr_ref = op->o_tmpalloc( sizeof( struct berval ) * ( cnt + 1 ),
                                                                op->o_tmpmemctx );
        
                                                        for ( cnt = 0; references[ cnt ]; cnt++ ) {