freebsd-skq/usr.sbin/ypldap
Don Lewis 9d80a8b09e Fix Coverity CIDs 1340544 Resource leak and 1340543 Use after free
At line 479 of ldapclient.c in client_build_req(), the error return
leaks ldap_attrs (CID 1340544).  It looks like this can happen if
the first utoa() call in aldap_get_stringset() fails.  It looks
like other leaks can happen if other utoa() calls fail since scanning
this array when it is freed stops when the first NULL is encountered.
Fix these problems by not storing NULL in the array when utoa()
fails, and by freeing ret and returning NULL if nothing is stored
in the array.  That way the caller will never see the
ldap_attrs[0] == NULL case, so delete that check.

The ber_printf_element() calls ber_free_elements() on its ber
argument and returns NULL on failure.  When each of its callers
detects failure, they do a goto fail, which then calls ber_free_elements()
with the same pointer (CID 1340543).  Fix is to delete the
ber_free_elements() from ber_printf_element()

Reported by:	Coverity
CID:		1340543, 1340544
Reviewed by:	araujo
Differential Revision:	https://reviews.freebsd.org/D6550
2016-05-25 01:37:25 +00:00
..
aldap.c Fix Coverity CIDs 1340544 Resource leak and 1340543 Use after free 2016-05-25 01:37:25 +00:00
aldap.h
ber.c Fix Coverity CIDs 1340544 Resource leak and 1340543 Use after free 2016-05-25 01:37:25 +00:00
ber.h
entries.c Add include of sys/param.h for MAXHOSTNAMELEN 2015-11-16 17:06:33 +00:00
ldapclient.c Fix Coverity CIDs 1340544 Resource leak and 1340543 Use after free 2016-05-25 01:37:25 +00:00
log.c Add include of time.h for tzset() prototype. 2015-11-16 17:08:51 +00:00
Makefile
parse.y Add include of sys/param.h for MAXHOSTNAMELEN 2015-11-16 17:06:33 +00:00
yp.c Use nitems instead of 'sizeof(mapnames) / sizeof(mapnames[0]'. 2016-04-18 03:44:42 +00:00
ypldap_dns.c Convert ypldap_addr list to a tailq(queue(3)). 2016-04-13 03:36:34 +00:00
ypldap.8
ypldap.c When a group contains a non-existent user, make the warning 2016-05-16 02:35:23 +00:00
ypldap.conf.5 ypldap(8) is a feature ready to be used to translate nis(8) database to ldap(3). 2016-01-13 01:49:35 +00:00
ypldap.h Convert ypldap_addr list to a tailq(queue(3)). 2016-04-13 03:36:34 +00:00