From 47e0e3fdb59d8be9cc44e814ba03684d352916a6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ond=C5=99ej=20Kuzn=C3=ADk?= Date: Thu, 30 Jan 2020 09:03:59 +0000 Subject: [PATCH] ITS#9160 OOM handling https://bugs.openldap.org/show_bug.cgi?id=9160 diff --git a/contrib/slapd-modules/allowed/allowed.c b/contrib/slapd-modules/allowed/allowed.c --- a/contrib/slapd-modules/allowed/allowed.c +++ b/contrib/slapd-modules/allowed/allowed.c @@ -277,10 +277,10 @@ aa_operational( Operation *op, SlapReply *rs ) /* just count */ ; if ( got & GOT_A ) { - bv_allowed = ber_memalloc( sizeof( struct berval ) * ( i + 1 ) ); + bv_allowed = ch_calloc( i + 1, sizeof( struct berval ) ); } if ( got & GOT_AE ) { - bv_effective = ber_memalloc( sizeof( struct berval ) * ( i + 1 ) ); + bv_effective = ch_calloc( i + 1, sizeof( struct berval ) ); } for ( i = 0, ja = 0, je = 0; atp[ i ] != NULL; i++ ) { @@ -310,7 +310,6 @@ aa_operational( Operation *op, SlapReply *rs ) ch_free( atp ); if ( ( got & GOT_A ) && ja > 0 ) { - BER_BVZERO( &bv_allowed[ ja ] ); *ap = attr_alloc( ad_allowedAttributes ); (*ap)->a_vals = bv_allowed; (*ap)->a_nvals = bv_allowed; @@ -319,7 +318,6 @@ aa_operational( Operation *op, SlapReply *rs ) } if ( ( got & GOT_AE ) && je > 0 ) { - BER_BVZERO( &bv_effective[ je ] ); *ap = attr_alloc( ad_allowedAttributesEffective ); (*ap)->a_vals = bv_effective; (*ap)->a_nvals = bv_effective; @@ -348,10 +346,10 @@ do_oc:; } if ( got & GOT_C ) { - bv_allowed = ber_memalloc( sizeof( struct berval ) * ( i + 1 ) ); + bv_allowed = ch_calloc( i + 1, sizeof( struct berval ) ); } if ( got & GOT_CE ) { - bv_effective = ber_memalloc( sizeof( struct berval ) * ( i + 1 ) ); + bv_effective = ch_calloc( i + 1, sizeof( struct berval ) ); } for ( oc_start( &oc ); oc != NULL; oc_next( &oc ) ) { @@ -398,7 +396,6 @@ done_ce:; } if ( ( got & GOT_C ) && ja > 0 ) { - BER_BVZERO( &bv_allowed[ ja ] ); *ap = attr_alloc( ad_allowedChildClasses ); (*ap)->a_vals = bv_allowed; (*ap)->a_nvals = bv_allowed; @@ -407,7 +404,6 @@ done_ce:; } if ( ( got & GOT_CE ) && je > 0 ) { - BER_BVZERO( &bv_effective[ je ] ); *ap = attr_alloc( ad_allowedChildClassesEffective ); (*ap)->a_vals = bv_effective; (*ap)->a_nvals = bv_effective; diff --git a/contrib/slapd-modules/samba4/rdnval.c b/contrib/slapd-modules/samba4/rdnval.c --- a/contrib/slapd-modules/samba4/rdnval.c +++ b/contrib/slapd-modules/samba4/rdnval.c @@ -223,8 +223,8 @@ rdnval_rdn2vals( /* NOTE: we assume rdn and nrdn contain the same AVAs! */ - *valsp = SLAP_CALLOC( sizeof( struct berval ), nAVA + 1 ); - *nvalsp = SLAP_CALLOC( sizeof( struct berval ), nAVA + 1 ); + *valsp = ch_calloc( sizeof( struct berval ), nAVA + 1 ); + *nvalsp = ch_calloc( sizeof( struct berval ), nAVA + 1 ); /* Add new attribute values to the entry */ for ( i = 0; rdn[ i ]; i++ ) { @@ -354,7 +354,7 @@ rdnval_op_rename( Operation *op, SlapReply *rs ) send_ldap_result( op, rs ); } - ml = SLAP_CALLOC( sizeof( Modifications ), 1 ); + ml = ch_calloc( sizeof( Modifications ), 1 ); ml->sml_values = vals; ml->sml_nvalues = nvals; diff --git a/contrib/slapd-modules/samba4/vernum.c b/contrib/slapd-modules/samba4/vernum.c --- a/contrib/slapd-modules/samba4/vernum.c +++ b/contrib/slapd-modules/samba4/vernum.c @@ -121,8 +121,8 @@ vernum_op_modify( Operation *op, SlapReply *rs ) /* ITS#6561 */ #ifdef SLAP_MOD_ADD_IF_NOT_PRESENT /* the initial value is only added if the vernum attr is not present */ - ml = SLAP_CALLOC( sizeof( Modifications ), 1 ); - ml->sml_values = SLAP_CALLOC( sizeof( struct berval ) , 2 ); + ml = ch_calloc( sizeof( Modifications ), 1 ); + ml->sml_values = ch_calloc( sizeof( struct berval ) , 2 ); value_add_one( &ml->sml_values, &val_init ); ml->sml_nvalues = NULL; ml->sml_numvals = 1; @@ -136,8 +136,8 @@ vernum_op_modify( Operation *op, SlapReply *rs ) #endif /* SLAP_MOD_ADD_IF_NOT_PRESENT */ /* this increments by 1 the vernum attr */ - ml = SLAP_CALLOC( sizeof( Modifications ), 1 ); - ml->sml_values = SLAP_CALLOC( sizeof( struct berval ) , 2 ); + ml = ch_calloc( sizeof( Modifications ), 1 ); + ml->sml_values = ch_calloc( sizeof( struct berval ) , 2 ); value_add_one( &ml->sml_values, &val ); ml->sml_nvalues = NULL; ml->sml_numvals = 1; diff --git a/tests/progs/slapd-bind.c b/tests/progs/slapd-bind.c index c9e3210b06..a832e809c1 100644 --- a/tests/progs/slapd-bind.c +++ b/tests/progs/slapd-bind.c @@ -412,11 +412,19 @@ do_base( struct tester_conn_args *config, char *dn, char *base, char *filter, ch case LDAP_RES_SEARCH_ENTRY: rc = ldap_get_dn_ber( ld, msg, &ber, &bv ); dns = realloc( dns, (ndns + 1)*sizeof(char *) ); + if ( !dns ) { + tester_error( "realloc failed" ); + exit( EXIT_FAILURE ); + } dns[ndns] = ber_strdup( bv.bv_val ); if ( pwattr != NULL ) { struct berval **values = ldap_get_values_len( ld, msg, pwattr ); creds = realloc( creds, (ndns + 1)*sizeof(struct berval) ); + if ( !creds ) { + tester_error( "realloc failed" ); + exit( EXIT_FAILURE ); + } if ( values == NULL ) { novals:; creds[ndns].bv_len = 0; diff --git a/tests/progs/slapd-modrdn.c b/tests/progs/slapd-modrdn.c index 5bd823d72a..d82d82c69e 100644 --- a/tests/progs/slapd-modrdn.c +++ b/tests/progs/slapd-modrdn.c @@ -125,6 +125,10 @@ do_modrdn( struct tester_conn_args *config, DNs[0] = entry; DNs[1] = strdup( entry ); + if ( DNs[1] == NULL ) { + tester_error( "strdup failed" ); + exit( EXIT_FAILURE ); + } /* reverse the RDN, make new DN */ p1 = strchr( entry, '=' ) + 1; @@ -132,6 +136,10 @@ do_modrdn( struct tester_conn_args *config, *p2 = '\0'; rdns[1] = strdup( entry ); + if ( rdns[1] == NULL ) { + tester_error( "strdup failed" ); + exit( EXIT_FAILURE ); + } *p2-- = ','; for (i = p1 - entry;p2 >= p1;) @@ -139,6 +147,10 @@ do_modrdn( struct tester_conn_args *config, DNs[1][i] = '\0'; rdns[0] = strdup( DNs[1] ); + if ( rdns[0] == NULL ) { + tester_error( "strdup failed" ); + exit( EXIT_FAILURE ); + } DNs[1][i] = ','; i = 0; diff --git a/tests/progs/slapd-mtread.c b/tests/progs/slapd-mtread.c index 1b421af00b..c8024cb6e1 100644 --- a/tests/progs/slapd-mtread.c +++ b/tests/progs/slapd-mtread.c @@ -531,6 +531,10 @@ do_random( LDAP *ld, } values = malloc( ( nvalues + 1 ) * sizeof( char * ) ); + if (values == NULL) { + thread_error( idx, "(failed to malloc)"); + exit( EXIT_FAILURE ); + } for ( i = 0, e = ldap_first_entry( ld, res ); e != NULL; i++, e = ldap_next_entry( ld, e ) ) { values[ i ] = ldap_get_dn( ld, e ); diff --git a/tests/progs/slapd-read.c b/tests/progs/slapd-read.c index 4023a22d27..f95228317b 100644 --- a/tests/progs/slapd-read.c +++ b/tests/progs/slapd-read.c @@ -202,6 +202,10 @@ do_random( struct tester_conn_args *config, char *sbase, char *filter, } values = malloc( ( nvalues + 1 ) * sizeof( char * ) ); + if ( !values ) { + tester_error( "malloc failed" ); + exit( EXIT_FAILURE ); + } for ( i = 0, e = ldap_first_entry( ld, res ); e != NULL; i++, e = ldap_next_entry( ld, e ) ) { values[ i ] = ldap_get_dn( ld, e ); @@ -251,6 +255,10 @@ do_read( struct tester_conn_args *config, char *entry, LDAP **ldp, /* make room for msgid */ if ( swamp > 1 ) { msgids = (int *)calloc( sizeof(int), maxloop ); + if ( !msgids ) { + tester_error( "calloc failed" ); + exit( EXIT_FAILURE ); + } } retry:; diff --git a/tests/progs/slapd-search.c b/tests/progs/slapd-search.c index 8f791d6b3c..321fd80e38 100644 --- a/tests/progs/slapd-search.c +++ b/tests/progs/slapd-search.c @@ -226,6 +226,10 @@ do_random( struct tester_conn_args *config, int j; values = realloc( values, ( nvalues + n + 1 )*sizeof( char * ) ); + if ( !values ) { + tester_error( "realloc failed" ); + exit( EXIT_FAILURE ); + } for ( j = 0; j < n; j++ ) { values[ nvalues + j ] = strdup( v[ j ]->bv_val ); } @@ -298,6 +302,10 @@ do_search( struct tester_conn_args *config, /* make room for msgid */ if ( swamp > 1 ) { msgids = (int *)calloc( sizeof(int), innerloop ); + if ( !msgids ) { + tester_error( "calloc failed" ); + exit( EXIT_FAILURE ); + } } retry:; diff --git a/servers/slapd/aci.c b/servers/slapd/aci.c index 86ace3f536..232c32fc89 100644 --- a/servers/slapd/aci.c +++ b/servers/slapd/aci.c @@ -1258,7 +1258,7 @@ OpenLDAPaciNormalizeRight( len = nattrs.bv_len + ( !BER_BVISEMPTY( &nattrs ) ? STRLENOF( "," ) : 0 ) + ad->ad_cname.bv_len; - nattrs.bv_val = ber_memrealloc_x( nattrs.bv_val, len + 1, ctx ); + nattrs.bv_val = slap_sl_realloc( nattrs.bv_val, len + 1, ctx ); ptr = &nattrs.bv_val[ nattrs.bv_len ]; if ( !BER_BVISEMPTY( &nattrs ) ) { *ptr++ = ','; @@ -1270,7 +1270,7 @@ OpenLDAPaciNormalizeRight( } - naction->bv_val = ber_memrealloc_x( naction->bv_val, + naction->bv_val = slap_sl_realloc( naction->bv_val, naction->bv_len + STRLENOF( ";" ) + perms.bv_len + STRLENOF( ";" ) + nattrs.bv_len + 1, @@ -1345,7 +1345,7 @@ OpenLDAPaciNormalizeRights( *nactions = nbv; } else { - nactions->bv_val = ber_memrealloc_x( nactions->bv_val, + nactions->bv_val = slap_sl_realloc( nactions->bv_val, nactions->bv_len + STRLENOF( "$" ) + nbv.bv_len + 1, ctx ); @@ -1703,7 +1703,7 @@ OpenLDAPaciPrettyNormal( } bv.bv_len += STRLENOF( "/" ) + oc->soc_cname.bv_len; - bv.bv_val = ber_memalloc_x( bv.bv_len + 1, ctx ); + bv.bv_val = slap_sl_malloc( bv.bv_len + 1, ctx ); ptr = bv.bv_val; ptr = lutil_strncopy( ptr, ntype.bv_val, ntype.bv_len ); @@ -1762,7 +1762,7 @@ OpenLDAPaciPrettyNormal( + ntype.bv_len + STRLENOF( "#" ) + nsubject.bv_len; - out->bv_val = ber_memalloc_x( out->bv_len + 1, ctx ); + out->bv_val = slap_sl_malloc( out->bv_len + 1, ctx ); ptr = lutil_strncopy( out->bv_val, oid.bv_val, oid.bv_len ); ptr[ 0 ] = '#'; ptr++; diff --git a/servers/slapd/bconfig.c b/servers/slapd/bconfig.c index 79a3fd1cfc..ceee648683 100644 --- a/servers/slapd/bconfig.c +++ b/servers/slapd/bconfig.c @@ -3032,7 +3032,7 @@ tcp_buffer_unparse( int size, int rw, Listener *l, struct berval *val ) } } - val->bv_val = SLAP_MALLOC( val->bv_len + 1 ); + val->bv_val = ch_malloc( val->bv_len + 1 ); ptr = val->bv_val; @@ -3110,7 +3110,7 @@ tcp_buffer_add_one( int argc, char **argv ) if ( rw & SLAP_TCP_WMEM ) slapd_tcp_wmem = size; } - tcp_buffer = SLAP_REALLOC( tcp_buffer, sizeof( struct berval ) * ( tcp_buffer_num + 2 ) ); + tcp_buffer = ch_realloc( tcp_buffer, sizeof( struct berval ) * ( tcp_buffer_num + 2 ) ); /* append */ tcp_buffer[ tcp_buffer_num ] = val; diff --git a/servers/slapd/modify.c b/servers/slapd/modify.c index fb1cc3f1c3..cfdd7b0aa9 100644 --- a/servers/slapd/modify.c +++ b/servers/slapd/modify.c @@ -619,7 +619,7 @@ int slap_mods_check( if( nvals && ad->ad_type->sat_equality && ad->ad_type->sat_equality->smr_normalize ) { - ml->sml_nvalues = ber_memalloc_x( + ml->sml_nvalues = slap_sl_malloc( (nvals+1)*sizeof(struct berval), ctx ); for ( nvals = 0; !BER_BVISNULL( &ml->sml_values[nvals] ); nvals++ ) { diff --git a/servers/slapd/schema_init.c b/servers/slapd/schema_init.c index 92407391e9..c067ef825c 100644 --- a/servers/slapd/schema_init.c +++ b/servers/slapd/schema_init.c @@ -3415,7 +3415,7 @@ serialNumberAndIssuerCheck( ber_len_t src, dst; ni.bv_len = is->bv_len - numdquotes; - ni.bv_val = ber_memalloc_x( ni.bv_len + 1, ctx ); + ni.bv_val = slap_sl_malloc( ni.bv_len + 1, ctx ); for ( src = 0, dst = 0; src < is->bv_len; src++, dst++ ) { if ( is->bv_val[src] == '"' ) { src++; @@ -4004,7 +4004,7 @@ issuerAndThisUpdateCheck( ber_len_t src, dst; ni.bv_len = is->bv_len - numdquotes; - ni.bv_val = ber_memalloc_x( ni.bv_len + 1, ctx ); + ni.bv_val = slap_sl_malloc( ni.bv_len + 1, ctx ); for ( src = 0, dst = 0; src < is->bv_len; src++, dst++ ) { if ( is->bv_val[src] == '"' ) { src++; @@ -4606,7 +4606,7 @@ serialNumberAndIssuerSerialCheck( ber_len_t src, dst; ni.bv_len = is->bv_len - numdquotes; - ni.bv_val = ber_memalloc_x( ni.bv_len + 1, ctx ); + ni.bv_val = slap_sl_malloc( ni.bv_len + 1, ctx ); for ( src = 0, dst = 0; src < is->bv_len; src++, dst++ ) { if ( is->bv_val[src] == '"' ) { src++; diff --git a/servers/slapd/value.c b/servers/slapd/value.c index 73c2052f16..c901236d5e 100644 --- a/servers/slapd/value.c +++ b/servers/slapd/value.c @@ -514,7 +514,7 @@ ordered_value_pretty( bv = *out; out->bv_len = idx.bv_len + bv.bv_len; - out->bv_val = ber_memalloc_x( out->bv_len + 1, ctx ); + out->bv_val = slap_sl_malloc( out->bv_len + 1, ctx ); AC_MEMCPY( out->bv_val, idx.bv_val, idx.bv_len ); AC_MEMCPY( &out->bv_val[ idx.bv_len ], bv.bv_val, bv.bv_len + 1 ); @@ -591,7 +591,7 @@ ordered_value_normalize( bv = *normalized; normalized->bv_len = idx.bv_len + bv.bv_len; - normalized->bv_val = ber_memalloc_x( normalized->bv_len + 1, ctx ); + normalized->bv_val = slap_sl_malloc( normalized->bv_len + 1, ctx ); AC_MEMCPY( normalized->bv_val, idx.bv_val, idx.bv_len ); AC_MEMCPY( &normalized->bv_val[ idx.bv_len ], bv.bv_val, bv.bv_len + 1 ); diff --git a/libraries/libldap/deref.c b/libraries/libldap/deref.c index 6da6f2711c..9b66f19d95 100644 --- a/libraries/libldap/deref.c +++ b/libraries/libldap/deref.c @@ -191,6 +191,12 @@ ldap_parse_derefresponse_control( char *last2; dr = LDAP_CALLOC( 1, sizeof(LDAPDerefRes) ); + if ( dr == NULL ) { + ldap_derefresponse_free( drhead ); + *drp2 = NULL; + ld->ld_errno = LDAP_NO_MEMORY; + return ld->ld_errno; + } dvp = &dr->attrVals; tag = ber_scanf( ber, "{ao", &dr->derefAttr, &dr->derefVal ); @@ -207,6 +213,13 @@ ldap_parse_derefresponse_control( LDAPDerefVal *dv; dv = LDAP_CALLOC( 1, sizeof(LDAPDerefVal) ); + if ( dv == NULL ) { + ldap_derefresponse_free( drhead ); + LDAP_FREE( dr ); + *drp2 = NULL; + ld->ld_errno = LDAP_NO_MEMORY; + return ld->ld_errno; + } tag = ber_scanf( ber, "{a[W]}", &dv->type, &dv->vals ); if ( tag == LBER_ERROR ) { diff --git a/libraries/libldap/getdn.c b/libraries/libldap/getdn.c index 45910aba52..1228d9c76e 100644 --- a/libraries/libldap/getdn.c +++ b/libraries/libldap/getdn.c @@ -258,6 +258,9 @@ ldap_explode_rdn( LDAP_CONST char *rdn, int notypes ) l = vl + ava->la_attr.bv_len + 1; str = LDAP_MALLOC( l + 1 ); + if ( str == NULL ) { + goto error_return; + } AC_MEMCPY( str, ava->la_attr.bv_val, ava->la_attr.bv_len ); str[ al++ ] = '='; @@ -265,6 +268,9 @@ ldap_explode_rdn( LDAP_CONST char *rdn, int notypes ) } else { l = vl; str = LDAP_MALLOC( l + 1 ); + if ( str == NULL ) { + goto error_return; + } } if ( ava->la_flags & LDAP_AVA_BINARY ) { @@ -1526,6 +1532,10 @@ str2strval( const char *str, ber_len_t stoplen, struct berval *val, const char * if ( escapes == 0 ) { if ( *retFlags & LDAP_AVA_NONPRINTABLE ) { val->bv_val = LDAP_MALLOCX( len + 1, ctx ); + if ( val->bv_val == NULL ) { + return( 1 ); + } + AC_MEMCPY( val->bv_val, startPos, len ); val->bv_val[ len ] = '\0'; } else { @@ -1536,6 +1546,10 @@ str2strval( const char *str, ber_len_t stoplen, struct berval *val, const char * ber_len_t s, d; val->bv_val = LDAP_MALLOCX( len + 1, ctx ); + if ( val->bv_val == NULL ) { + return( 1 ); + } + for ( s = 0, d = 0; d < len; ) { if ( LDAP_DN_ESCAPE( startPos[ s ] ) ) { s++; @@ -1633,6 +1647,10 @@ DCE2strval( const char *str, struct berval *val, const char **next, unsigned fla ber_len_t s, d; val->bv_val = LDAP_MALLOCX( len + 1, ctx ); + if ( val->bv_val == NULL ) { + return( 1 ); + } + for ( s = 0, d = 0; d < len; ) { /* * This point is reached only if escapes @@ -1714,6 +1732,10 @@ IA52strval( const char *str, struct berval *val, const char **next, unsigned fla ber_len_t s, d; val->bv_val = LDAP_MALLOCX( len + 1, ctx ); + if ( val->bv_val == NULL ) { + return( 1 ); + } + for ( s = 0, d = 0; d < len; ) { if ( LDAP_DN_ESCAPE( startPos[ s ] ) ) { s++; @@ -1804,6 +1826,10 @@ quotedIA52strval( const char *str, struct berval *val, const char **next, unsign ber_len_t s, d; val->bv_val = LDAP_MALLOCX( len + 1, ctx ); + if ( val->bv_val == NULL ) { + return( 1 ); + } + val->bv_len = len; for ( s = d = 0; d < len; ) { @@ -2897,6 +2923,9 @@ ldap_rdn2bv_x( LDAPRDN rdn, struct berval *bv, unsigned flags, void *ctx ) } bv->bv_val = LDAP_MALLOCX( l + 1, ctx ); + if ( bv->bv_val == NULL ) { + return LDAP_NO_MEMORY; + } switch ( LDAP_DN_FORMAT( flags ) ) { case LDAP_DN_FORMAT_LDAPV3: diff --git a/libraries/libldap/ldif.c b/libraries/libldap/ldif.c index 5414e59334..1c29619cf3 100644 --- a/libraries/libldap/ldif.c +++ b/libraries/libldap/ldif.c @@ -357,6 +357,9 @@ ldif_must_b64_encode_register( LDAP_CONST char *name, LDAP_CONST char *oid ) if ( must_b64_encode == default_must_b64_encode ) { must_b64_encode = ber_memalloc( sizeof( must_b64_encode_s ) * ( i + 2 ) ); + if ( must_b64_encode == NULL ) { + return 1; + } for ( i = 0; !BER_BVISNULL( &default_must_b64_encode[i].name ); i++ ) { ber_dupbv( &must_b64_encode[i].name, &default_must_b64_encode[i].name ); @@ -728,6 +731,9 @@ ldif_open( if ( fp ) { lfp = ber_memalloc( sizeof( LDIFFP )); + if ( lfp == NULL ) { + return NULL; + } lfp->fp = fp; lfp->prev = NULL; } diff --git a/libraries/libldap/options.c b/libraries/libldap/options.c index d8dbfea880..bc421dc6ba 100644 --- a/libraries/libldap/options.c +++ b/libraries/libldap/options.c @@ -151,10 +151,21 @@ ldap_get_option( int i; info->ldapai_extensions = LDAP_MALLOC(sizeof(char *) * sizeof(features)/sizeof(LDAPAPIFeatureInfo)); + if ( info->ldapai_extensions == NULL ) { + rc = LDAP_NO_MEMORY; + break; + } for(i=0; features[i].ldapaif_name != NULL; i++) { info->ldapai_extensions[i] = LDAP_STRDUP(features[i].ldapaif_name); + if ( info->ldapai_extensions[i] == NULL ) { + rc = LDAP_NO_MEMORY; + break; + } + } + if ( features[i].ldapaif_name != NULL ) { + break; /* LDAP_NO_MEMORY */ } info->ldapai_extensions[i] = NULL; @@ -895,6 +906,11 @@ ldap_set_option( /* setting pushes the callback */ ldaplist *ll; ll = LDAP_MALLOC( sizeof( *ll )); + if ( ll == NULL ) { + rc = LDAP_NO_MEMORY; + break; + } + ll->ll_data = (void *)invalue; ll->ll_next = lo->ldo_conn_cbs; lo->ldo_conn_cbs = ll; diff --git a/libraries/libldap/result.c b/libraries/libldap/result.c index b4e478aacb..04ee48ea18 100644 --- a/libraries/libldap/result.c +++ b/libraries/libldap/result.c @@ -1027,6 +1027,11 @@ try_read1msg( * to parse. */ ber = ldap_alloc_ber_with_options( ld ); + if ( ber == NULL ) { + ld->ld_errno = LDAP_NO_MEMORY; + return -1; + } + if ( ber_sockbuf_ctrl( lc->lconn_sb, LBER_SB_OPT_DATA_READY, NULL ) ) ok = 1; } /* set up response chain */ diff --git a/libraries/libldap/schema.c b/libraries/libldap/schema.c index 5cb30e7bfb..ef99a17c97 100644 --- a/libraries/libldap/schema.c +++ b/libraries/libldap/schema.c @@ -2126,6 +2126,11 @@ ldap_str2attributetype( LDAP_CONST char * s, /* Non-numerical OID ... */ int len = ss-savepos; at->at_oid = LDAP_MALLOC(len+1); + if ( !at->at_oid ) { + ldap_attributetype_free(at); + return NULL; + } + strncpy(at->at_oid, savepos, len); at->at_oid[len] = 0; } @@ -2499,6 +2504,11 @@ ldap_str2objectclass( LDAP_CONST char * s, /* Non-numerical OID, ignore */ int len = ss-savepos; oc->oc_oid = LDAP_MALLOC(len+1); + if ( !oc->oc_oid ) { + ldap_objectclass_free(oc); + return NULL; + } + strncpy(oc->oc_oid, savepos, len); oc->oc_oid[len] = 0; } @@ -2780,6 +2790,11 @@ ldap_str2contentrule( LDAP_CONST char * s, /* Non-numerical OID, ignore */ int len = ss-savepos; cr->cr_oid = LDAP_MALLOC(len+1); + if ( !cr->cr_oid ) { + ldap_contentrule_free(cr); + return NULL; + } + strncpy(cr->cr_oid, savepos, len); cr->cr_oid[len] = 0; } diff --git a/servers/slapd/back-meta/config.c b/servers/slapd/back-meta/config.c index fc0ec2cde5..5cb4d1c1dd 100644 --- a/servers/slapd/back-meta/config.c +++ b/servers/slapd/back-meta/config.c @@ -1481,7 +1481,7 @@ meta_back_cf_gen( ConfigArgs *c ) char *ptr; int len = snprintf( buf, sizeof( buf ), SLAP_X_ORDERED_FMT, i ); bv.bv_len = ((*bvp)[ i ]).bv_len + len; - bv.bv_val = ber_memrealloc( bv.bv_val, bv.bv_len + 1 ); + bv.bv_val = ch_realloc( bv.bv_val, bv.bv_len + 1 ); ptr = bv.bv_val; ptr = lutil_strcopy( ptr, buf ); ptr = lutil_strncopy( ptr, ((*bvp)[ i ]).bv_val, ((*bvp)[ i ]).bv_len ); @@ -2635,7 +2635,7 @@ idassert-authzFrom "dn:" assert( !BER_BVISNULL( &mt->mt_idassert_authcDN ) ); bv.bv_len = STRLENOF( "dn:" ) + c->be->be_rootndn.bv_len; - bv.bv_val = ber_memalloc( bv.bv_len + 1 ); + bv.bv_val = ch_malloc( bv.bv_len + 1 ); AC_MEMCPY( bv.bv_val, "dn:", STRLENOF( "dn:" ) ); AC_MEMCPY( &bv.bv_val[ STRLENOF( "dn:" ) ], c->be->be_rootndn.bv_val, c->be->be_rootndn.bv_len + 1 ); diff --git a/servers/slapd/back-meta/map.c b/servers/slapd/back-meta/map.c index 144dc693de..ee7aa2f086 100644 --- a/servers/slapd/back-meta/map.c +++ b/servers/slapd/back-meta/map.c @@ -381,6 +381,10 @@ ldap_back_int_filter_map_rewrite( fstr->bv_len = atmp.bv_len + vtmp.bv_len + ( sizeof("(=)") - 1 ); fstr->bv_val = ber_memalloc_x( fstr->bv_len + 1, memctx ); + if ( !fstr->bv_val ) { + ber_memfree_x( vtmp.bv_val, memctx ); + return LDAP_NO_MEMORY; + } snprintf( fstr->bv_val, fstr->bv_len + 1, "(%s=%s)", atmp.bv_val, vtmp.bv_len ? vtmp.bv_val : "" ); @@ -398,6 +402,10 @@ ldap_back_int_filter_map_rewrite( fstr->bv_len = atmp.bv_len + vtmp.bv_len + ( sizeof("(>=)") - 1 ); fstr->bv_val = ber_memalloc_x( fstr->bv_len + 1, memctx ); + if ( !fstr->bv_val ) { + ber_memfree_x( vtmp.bv_val, memctx ); + return LDAP_NO_MEMORY; + } snprintf( fstr->bv_val, fstr->bv_len + 1, "(%s>=%s)", atmp.bv_val, vtmp.bv_len ? vtmp.bv_val : "" ); @@ -415,6 +423,10 @@ ldap_back_int_filter_map_rewrite( fstr->bv_len = atmp.bv_len + vtmp.bv_len + ( sizeof("(<=)") - 1 ); fstr->bv_val = ber_memalloc_x( fstr->bv_len + 1, memctx ); + if ( !fstr->bv_val ) { + ber_memfree_x( vtmp.bv_val, memctx ); + return LDAP_NO_MEMORY; + } snprintf( fstr->bv_val, fstr->bv_len + 1, "(%s<=%s)", atmp.bv_val, vtmp.bv_len ? vtmp.bv_val : "" ); @@ -432,6 +444,10 @@ ldap_back_int_filter_map_rewrite( fstr->bv_len = atmp.bv_len + vtmp.bv_len + ( sizeof("(~=)") - 1 ); fstr->bv_val = ber_memalloc_x( fstr->bv_len + 1, memctx ); + if ( !fstr->bv_val ) { + ber_memfree_x( vtmp.bv_val, memctx ); + return LDAP_NO_MEMORY; + } snprintf( fstr->bv_val, fstr->bv_len + 1, "(%s~=%s)", atmp.bv_val, vtmp.bv_len ? vtmp.bv_val : "" ); @@ -450,17 +466,27 @@ ldap_back_int_filter_map_rewrite( fstr->bv_len = atmp.bv_len + ( STRLENOF( "(=*)" ) ); fstr->bv_val = ber_memalloc_x( fstr->bv_len + 128, memctx ); /* FIXME: why 128 ? */ + if ( !fstr->bv_val ) { + return LDAP_NO_MEMORY; + } snprintf( fstr->bv_val, fstr->bv_len + 1, "(%s=*)", atmp.bv_val ); if ( !BER_BVISNULL( &f->f_sub_initial ) ) { + char *tmp; + len = fstr->bv_len; filter_escape_value_x( &f->f_sub_initial, &vtmp, memctx ); fstr->bv_len += vtmp.bv_len; - fstr->bv_val = ber_memrealloc_x( fstr->bv_val, fstr->bv_len + 1, memctx ); + tmp = ber_memrealloc_x( fstr->bv_val, fstr->bv_len + 1, memctx ); + if ( !tmp ) { + ber_memfree_x( vtmp.bv_val, memctx ); + return LDAP_NO_MEMORY; + } + fstr->bv_val = tmp; snprintf( &fstr->bv_val[len - 2], vtmp.bv_len + 3, /* "(attr=" */ "%s*)", @@ -471,11 +497,18 @@ ldap_back_int_filter_map_rewrite( if ( f->f_sub_any != NULL ) { for ( i = 0; !BER_BVISNULL( &f->f_sub_any[i] ); i++ ) { + char *tmp; + len = fstr->bv_len; filter_escape_value_x( &f->f_sub_any[i], &vtmp, memctx ); fstr->bv_len += vtmp.bv_len + 1; - fstr->bv_val = ber_memrealloc_x( fstr->bv_val, fstr->bv_len + 1, memctx ); + tmp = ber_memrealloc_x( fstr->bv_val, fstr->bv_len + 1, memctx ); + if ( !tmp ) { + ber_memfree_x( vtmp.bv_val, memctx ); + return LDAP_NO_MEMORY; + } + fstr->bv_val = tmp; snprintf( &fstr->bv_val[len - 1], vtmp.bv_len + 3, /* "(attr=[init]*[any*]" */ "%s*)", @@ -485,12 +518,19 @@ ldap_back_int_filter_map_rewrite( } if ( !BER_BVISNULL( &f->f_sub_final ) ) { + char *tmp; + len = fstr->bv_len; filter_escape_value_x( &f->f_sub_final, &vtmp, memctx ); fstr->bv_len += vtmp.bv_len; - fstr->bv_val = ber_memrealloc_x( fstr->bv_val, fstr->bv_len + 1, memctx ); + tmp = ber_memrealloc_x( fstr->bv_val, fstr->bv_len + 1, memctx ); + if ( !tmp ) { + ber_memfree_x( vtmp.bv_val, memctx ); + return LDAP_NO_MEMORY; + } + fstr->bv_val = tmp; snprintf( &fstr->bv_val[len - 1], vtmp.bv_len + 3, /* "(attr=[init*][any*]" */ "%s)", @@ -510,6 +550,9 @@ ldap_back_int_filter_map_rewrite( fstr->bv_len = atmp.bv_len + ( STRLENOF( "(=*)" ) ); fstr->bv_val = ber_memalloc_x( fstr->bv_len + 1, memctx ); + if ( !fstr->bv_val ) { + return LDAP_NO_MEMORY; + } snprintf( fstr->bv_val, fstr->bv_len + 1, "(%s=*)", atmp.bv_val ); @@ -537,6 +580,10 @@ ldap_back_int_filter_map_rewrite( fstr->bv_len += vtmp.bv_len; fstr->bv_val = ber_memrealloc_x( fstr->bv_val, fstr->bv_len + 1, memctx ); + if ( !fstr->bv_val ) { + ber_memfree_x( vtmp.bv_val, memctx ); + return LDAP_NO_MEMORY; + } snprintf( &fstr->bv_val[len-1], vtmp.bv_len + 2, /*"("*/ "%s)", vtmp.bv_len ? vtmp.bv_val : "" ); @@ -565,6 +612,10 @@ ldap_back_int_filter_map_rewrite( ( !BER_BVISEMPTY( &f->f_mr_rule_text ) ? f->f_mr_rule_text.bv_len + 1 : 0 ) + vtmp.bv_len + ( STRLENOF( "(:=)" ) ); fstr->bv_val = ber_memalloc_x( fstr->bv_len + 1, memctx ); + if ( !fstr->bv_val ) { + ber_memfree_x( vtmp.bv_val, memctx ); + return LDAP_NO_MEMORY; + } snprintf( fstr->bv_val, fstr->bv_len + 1, "(%s%s%s%s:=%s)", atmp.bv_val, diff --git a/servers/slapd/back-meta/search.c b/servers/slapd/back-meta/search.c index 438b324350..af4ae14397 100644 --- a/servers/slapd/back-meta/search.c +++ b/servers/slapd/back-meta/search.c @@ -1301,7 +1301,7 @@ really_bad:; for ( cnt = 0; references[ cnt ]; cnt++ ) ; - rs->sr_ref = ber_memalloc_x( sizeof( struct berval ) * ( cnt + 1 ), + rs->sr_ref = op->o_tmpalloc( sizeof( struct berval ) * ( cnt + 1 ), op->o_tmpmemctx ); for ( cnt = 0; references[ cnt ]; cnt++ ) { @@ -1456,7 +1456,7 @@ really_bad:; for ( cnt = 0; references[ cnt ]; cnt++ ) ; - sr_ref = ber_memalloc_x( sizeof( struct berval ) * ( cnt + 1 ), + sr_ref = op->o_tmpalloc( sizeof( struct berval ) * ( cnt + 1 ), op->o_tmpmemctx ); for ( cnt = 0; references[ cnt ]; cnt++ ) {