Skip to content

Memory leak in sasl_interactive_bind interaction callback #81

New issue
New issue
Open
Open
Memory leak in sasl_interactive_bind interaction callback#81
Labels
bugcorrectness
@tiran

Description

@tiran
tiran
opened on Dec 4, 2017

The interaction callback in sasl_interactive_bind leaks memory.

==29355== 118 bytes in 9 blocks are definitely lost in loss record 3,999 of 5,810
==29355==    at 0x4C2FB6B: malloc (vg_replace_malloc.c:299)
==29355==    by 0x5DADBD9: strdup (strdup.c:42)
==29355==    by 0x1485A06A: interaction (LDAPObject.c:575)
==29355==    by 0x1485A06A: py_ldap_sasl_interaction (LDAPObject.c:609)
==29355==    by 0x14A7D90D: ldap_int_sasl_bind (cyrus.c:525)
==29355==    by 0x14A80C7A: ldap_sasl_interactive_bind (sasl.c:487)
==29355==    by 0x14A80E1A: ldap_sasl_interactive_bind_s (sasl.c:521)
==29355==    by 0x1485B828: l_ldap_sasl_interactive_bind_s (LDAPObject.c:728)
==29355==    by 0x4FC24EF: PyCFunction_Call (in /usr/lib64/libpython3.6m.so.1.0)
==29355==    by 0x4FF891C: _PyEval_EvalFrameDefault (in /usr/lib64/libpython3.6m.so.1.0)

The memory leak is even documented in the source code

python-ldap/Modules/LDAPObject.c

Lines 569 to 577 in c84b4fa

/* according to the sasl docs, we should malloc() the returned
string only for calls where interact->id == SASL_CB_PASS, so we
probably leak a few bytes per ldap bind. However, if I restrict
the strdup() to this case, I get segfaults. Should probably be
fixed sometimes.
*/
interact->result = strdup( c_result );
if (interact->result == NULL)
return LDAP_OPERATIONS_ERROR;

Metadata

Metadata

Assignees

No one assigned

    Labels

    bugcorrectness

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions
      pFad - Phonifier reborn

      Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

      Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


      Alternative Proxies:

      Alternative Proxy

      pFad Proxy

      pFad v3 Proxy

      pFad v4 Proxy