Bug 1270 - memory leak in ldap.c
Summary: memory leak in ldap.c
Status: RESOLVED FIXED
Alias: None
Product: Samba 3.0
Classification: Unclassified
Component: winbind (show other bugs)
Version: 3.0.11
Hardware: All Linux
: P3 normal
Target Milestone: none
Assignee: Gerald (Jerry) Carter (dead mail address)
QA Contact:
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2004-04-17 04:44 UTC by fumihiko kakuma
Modified: 2007-04-14 17:29 UTC (History)
0 users

See Also:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description fumihiko kakuma 2004-04-17 04:44:04 UTC
I found a memory leak in the Samba 3.0.2a while I was checking
some programs.
We can see the memory leak in source/libads/ldap.c.

ads_do_search_all() gets 1 paged results from LDAP from 1 call to
ads_do_paged_search(). If ads_do_search_all() gets more than
2 paged results, it joins those paged results.
Pages are added by ldap_add_result_entry() after fetching by
ads_next_entry(), but ads_next_entry() returns only a
LDAP_RES_SEARCH_ENTRY, so entries of different type are not freed.

I made the following patch.

However I think essentially that it is wrong to join some paged
results from LDAP to one paged results

===================================================================
diff -uNr samba-3.0.2a.orig/source/libads/ldap.c samba-
3.0.2a/source/libads/ldap.c
--- samba-3.0.2a.orig/source/libads/ldap.c	Wed Jan  7 06:08:40 2004
+++ samba-3.0.2a/source/libads/ldap.c	Mon Apr  5 19:38:17 2004
@@ -524,10 +524,10 @@
 		   that this works on all ldap libs, but I have only tested 
with openldap */
 		for (msg = ads_first_entry(ads, res2); msg; msg = next) {
 			next = ads_next_entry(ads, msg);
+			ldap_delete_result_entry((LDAPMessage **)&res2, 
msg);
 			ldap_add_result_entry((LDAPMessage **)res, msg);
 		}
-		/* note that we do not free res2, as the memory is now
-                   part of the main returned list */
+		ads_msgfree(ads, res2);
 	}
 
 	return status;
===================================================================
Comment 1 Gerald (Jerry) Carter (dead mail address) 2005-02-07 10:03:05 UTC
code still exists in lates SAMBA_3_0 tree (r5262)
Comment 2 Gerald (Jerry) Carter (dead mail address) 2007-04-14 17:29:23 UTC
I don't think this is still relevant.