diff options
author | Steven Danneman <sdanneman@sd-ubuntu.(none)> | 2008-04-25 18:34:46 -0700 |
---|---|---|
committer | Jeremy Allison <jra@samba.org> | 2008-04-26 08:11:20 -0700 |
commit | 778a5414b1148ea767020b5330b076fed666694f (patch) | |
tree | d889aeb242d3326782b01f4954d337bc801e6eed | |
parent | 17ade782b9037500c282555e5a2612a863af58d8 (diff) | |
download | samba-778a5414b1148ea767020b5330b076fed666694f.tar.gz samba-778a5414b1148ea767020b5330b076fed666694f.tar.bz2 samba-778a5414b1148ea767020b5330b076fed666694f.zip |
Fix bug 5419: memory leak in ads_do_search_all_args() when enumerating 1000s of entries
The ads_do_search_all_args() function attempts to string together several
LDAPMessage structures, returned across several paged ldap requests, into a
single LDAPMessage structure. It does this by pulling entries off the second
LDAPMessage structure and appending them to the first via the OpenLDAP specific
ldap_add_result_entry() call.
The problem with this approach is it skips non-entry messages such as the
result, and controls. These messages are leaked.
The short term solution as suggested by Volker is to replace the ads_*_entry()
calls with ads_*_message() calls so we don't leak any messages.
This fixes the leak but doesn't remove the dependence on the OpenLDAP specific
implementation of ldap_add_result_entry().
(This used to be commit f1a5405409c396df394611e2a234522572d2860a)
-rw-r--r-- | source3/include/ads_protos.h | 2 | ||||
-rw-r--r-- | source3/libads/ldap.c | 26 |
2 files changed, 26 insertions, 2 deletions
diff --git a/source3/include/ads_protos.h b/source3/include/ads_protos.h index 738df3ed40..a372010b79 100644 --- a/source3/include/ads_protos.h +++ b/source3/include/ads_protos.h @@ -89,6 +89,8 @@ ADS_STATUS ads_search_retry_sid(ADS_STRUCT *ads, LDAPMessage **res, LDAPMessage *ads_first_entry(ADS_STRUCT *ads, LDAPMessage *res); LDAPMessage *ads_next_entry(ADS_STRUCT *ads, LDAPMessage *res); +LDAPMessage *ads_first_message(ADS_STRUCT *ads, LDAPMessage *res); +LDAPMessage *ads_next_message(ADS_STRUCT *ads, LDAPMessage *res); void ads_process_results(ADS_STRUCT *ads, LDAPMessage *res, bool (*fn)(ADS_STRUCT *,char *, void **, void *), void *data_area); diff --git a/source3/libads/ldap.c b/source3/libads/ldap.c index b0f27b598b..9321302151 100644 --- a/source3/libads/ldap.c +++ b/source3/libads/ldap.c @@ -870,8 +870,8 @@ static ADS_STATUS ads_do_paged_search(ADS_STRUCT *ads, const char *bind_path, /* this relies on the way that ldap_add_result_entry() works internally. I hope that this works on all ldap libs, but I have only tested with openldap */ - for (msg = ads_first_entry(ads, res2); msg; msg = next) { - next = ads_next_entry(ads, msg); + for (msg = ads_first_message(ads, res2); msg; msg = next) { + next = ads_next_message(ads, msg); ldap_add_result_entry((LDAPMessage **)res, msg); } /* note that we do not free res2, as the memory is now @@ -2091,6 +2091,28 @@ int ads_count_replies(ADS_STRUCT *ads, void *res) } /** + * pull the first message from a ADS result + * @param ads connection to ads server + * @param res Results of search + * @return first message from result + **/ + LDAPMessage *ads_first_message(ADS_STRUCT *ads, LDAPMessage *res) +{ + return ldap_first_message(ads->ldap.ld, res); +} + +/** + * pull the next message from a ADS result + * @param ads connection to ads server + * @param res Results of search + * @return next message from result + **/ + LDAPMessage *ads_next_message(ADS_STRUCT *ads, LDAPMessage *res) +{ + return ldap_next_message(ads->ldap.ld, res); +} + +/** * pull a single string from a ADS result * @param ads connection to ads server * @param mem_ctx TALLOC_CTX to use for allocating result string |