diff --git a/servers/slapd/back-meta/config.c b/servers/slapd/back-meta/config.c index fc0ec2cde5..5cb4d1c1dd 100644 --- a/servers/slapd/back-meta/config.c +++ b/servers/slapd/back-meta/config.c @@ -1481,7 +1481,7 @@ meta_back_cf_gen( ConfigArgs *c ) char *ptr; int len = snprintf( buf, sizeof( buf ), SLAP_X_ORDERED_FMT, i ); bv.bv_len = ((*bvp)[ i ]).bv_len + len; - bv.bv_val = ber_memrealloc( bv.bv_val, bv.bv_len + 1 ); + bv.bv_val = ch_realloc( bv.bv_val, bv.bv_len + 1 ); ptr = bv.bv_val; ptr = lutil_strcopy( ptr, buf ); ptr = lutil_strncopy( ptr, ((*bvp)[ i ]).bv_val, ((*bvp)[ i ]).bv_len ); @@ -2635,7 +2635,7 @@ idassert-authzFrom "dn:" assert( !BER_BVISNULL( &mt->mt_idassert_authcDN ) ); bv.bv_len = STRLENOF( "dn:" ) + c->be->be_rootndn.bv_len; - bv.bv_val = ber_memalloc( bv.bv_len + 1 ); + bv.bv_val = ch_malloc( bv.bv_len + 1 ); AC_MEMCPY( bv.bv_val, "dn:", STRLENOF( "dn:" ) ); AC_MEMCPY( &bv.bv_val[ STRLENOF( "dn:" ) ], c->be->be_rootndn.bv_val, c->be->be_rootndn.bv_len + 1 ); diff --git a/servers/slapd/back-meta/map.c b/servers/slapd/back-meta/map.c index 144dc693de..ee7aa2f086 100644 --- a/servers/slapd/back-meta/map.c +++ b/servers/slapd/back-meta/map.c @@ -381,6 +381,10 @@ ldap_back_int_filter_map_rewrite( fstr->bv_len = atmp.bv_len + vtmp.bv_len + ( sizeof("(=)") - 1 ); fstr->bv_val = ber_memalloc_x( fstr->bv_len + 1, memctx ); + if ( !fstr->bv_val ) { + ber_memfree_x( vtmp.bv_val, memctx ); + return LDAP_NO_MEMORY; + } snprintf( fstr->bv_val, fstr->bv_len + 1, "(%s=%s)", atmp.bv_val, vtmp.bv_len ? vtmp.bv_val : "" ); @@ -398,6 +402,10 @@ ldap_back_int_filter_map_rewrite( fstr->bv_len = atmp.bv_len + vtmp.bv_len + ( sizeof("(>=)") - 1 ); fstr->bv_val = ber_memalloc_x( fstr->bv_len + 1, memctx ); + if ( !fstr->bv_val ) { + ber_memfree_x( vtmp.bv_val, memctx ); + return LDAP_NO_MEMORY; + } snprintf( fstr->bv_val, fstr->bv_len + 1, "(%s>=%s)", atmp.bv_val, vtmp.bv_len ? vtmp.bv_val : "" ); @@ -415,6 +423,10 @@ ldap_back_int_filter_map_rewrite( fstr->bv_len = atmp.bv_len + vtmp.bv_len + ( sizeof("(<=)") - 1 ); fstr->bv_val = ber_memalloc_x( fstr->bv_len + 1, memctx ); + if ( !fstr->bv_val ) { + ber_memfree_x( vtmp.bv_val, memctx ); + return LDAP_NO_MEMORY; + } snprintf( fstr->bv_val, fstr->bv_len + 1, "(%s<=%s)", atmp.bv_val, vtmp.bv_len ? vtmp.bv_val : "" ); @@ -432,6 +444,10 @@ ldap_back_int_filter_map_rewrite( fstr->bv_len = atmp.bv_len + vtmp.bv_len + ( sizeof("(~=)") - 1 ); fstr->bv_val = ber_memalloc_x( fstr->bv_len + 1, memctx ); + if ( !fstr->bv_val ) { + ber_memfree_x( vtmp.bv_val, memctx ); + return LDAP_NO_MEMORY; + } snprintf( fstr->bv_val, fstr->bv_len + 1, "(%s~=%s)", atmp.bv_val, vtmp.bv_len ? vtmp.bv_val : "" ); @@ -450,17 +466,27 @@ ldap_back_int_filter_map_rewrite( fstr->bv_len = atmp.bv_len + ( STRLENOF( "(=*)" ) ); fstr->bv_val = ber_memalloc_x( fstr->bv_len + 128, memctx ); /* FIXME: why 128 ? */ + if ( !fstr->bv_val ) { + return LDAP_NO_MEMORY; + } snprintf( fstr->bv_val, fstr->bv_len + 1, "(%s=*)", atmp.bv_val ); if ( !BER_BVISNULL( &f->f_sub_initial ) ) { + char *tmp; + len = fstr->bv_len; filter_escape_value_x( &f->f_sub_initial, &vtmp, memctx ); fstr->bv_len += vtmp.bv_len; - fstr->bv_val = ber_memrealloc_x( fstr->bv_val, fstr->bv_len + 1, memctx ); + tmp = ber_memrealloc_x( fstr->bv_val, fstr->bv_len + 1, memctx ); + if ( !tmp ) { + ber_memfree_x( vtmp.bv_val, memctx ); + return LDAP_NO_MEMORY; + } + fstr->bv_val = tmp; snprintf( &fstr->bv_val[len - 2], vtmp.bv_len + 3, /* "(attr=" */ "%s*)", @@ -471,11 +497,18 @@ ldap_back_int_filter_map_rewrite( if ( f->f_sub_any != NULL ) { for ( i = 0; !BER_BVISNULL( &f->f_sub_any[i] ); i++ ) { + char *tmp; + len = fstr->bv_len; filter_escape_value_x( &f->f_sub_any[i], &vtmp, memctx ); fstr->bv_len += vtmp.bv_len + 1; - fstr->bv_val = ber_memrealloc_x( fstr->bv_val, fstr->bv_len + 1, memctx ); + tmp = ber_memrealloc_x( fstr->bv_val, fstr->bv_len + 1, memctx ); + if ( !tmp ) { + ber_memfree_x( vtmp.bv_val, memctx ); + return LDAP_NO_MEMORY; + } + fstr->bv_val = tmp; snprintf( &fstr->bv_val[len - 1], vtmp.bv_len + 3, /* "(attr=[init]*[any*]" */ "%s*)", @@ -485,12 +518,19 @@ ldap_back_int_filter_map_rewrite( } if ( !BER_BVISNULL( &f->f_sub_final ) ) { + char *tmp; + len = fstr->bv_len; filter_escape_value_x( &f->f_sub_final, &vtmp, memctx ); fstr->bv_len += vtmp.bv_len; - fstr->bv_val = ber_memrealloc_x( fstr->bv_val, fstr->bv_len + 1, memctx ); + tmp = ber_memrealloc_x( fstr->bv_val, fstr->bv_len + 1, memctx ); + if ( !tmp ) { + ber_memfree_x( vtmp.bv_val, memctx ); + return LDAP_NO_MEMORY; + } + fstr->bv_val = tmp; snprintf( &fstr->bv_val[len - 1], vtmp.bv_len + 3, /* "(attr=[init*][any*]" */ "%s)", @@ -510,6 +550,9 @@ ldap_back_int_filter_map_rewrite( fstr->bv_len = atmp.bv_len + ( STRLENOF( "(=*)" ) ); fstr->bv_val = ber_memalloc_x( fstr->bv_len + 1, memctx ); + if ( !fstr->bv_val ) { + return LDAP_NO_MEMORY; + } snprintf( fstr->bv_val, fstr->bv_len + 1, "(%s=*)", atmp.bv_val ); @@ -537,6 +580,10 @@ ldap_back_int_filter_map_rewrite( fstr->bv_len += vtmp.bv_len; fstr->bv_val = ber_memrealloc_x( fstr->bv_val, fstr->bv_len + 1, memctx ); + if ( !fstr->bv_val ) { + ber_memfree_x( vtmp.bv_val, memctx ); + return LDAP_NO_MEMORY; + } snprintf( &fstr->bv_val[len-1], vtmp.bv_len + 2, /*"("*/ "%s)", vtmp.bv_len ? vtmp.bv_val : "" ); @@ -565,6 +612,10 @@ ldap_back_int_filter_map_rewrite( ( !BER_BVISEMPTY( &f->f_mr_rule_text ) ? f->f_mr_rule_text.bv_len + 1 : 0 ) + vtmp.bv_len + ( STRLENOF( "(:=)" ) ); fstr->bv_val = ber_memalloc_x( fstr->bv_len + 1, memctx ); + if ( !fstr->bv_val ) { + ber_memfree_x( vtmp.bv_val, memctx ); + return LDAP_NO_MEMORY; + } snprintf( fstr->bv_val, fstr->bv_len + 1, "(%s%s%s%s:=%s)", atmp.bv_val, diff --git a/servers/slapd/back-meta/search.c b/servers/slapd/back-meta/search.c index 438b324350..af4ae14397 100644 --- a/servers/slapd/back-meta/search.c +++ b/servers/slapd/back-meta/search.c @@ -1301,7 +1301,7 @@ really_bad:; for ( cnt = 0; references[ cnt ]; cnt++ ) ; - rs->sr_ref = ber_memalloc_x( sizeof( struct berval ) * ( cnt + 1 ), + rs->sr_ref = op->o_tmpalloc( sizeof( struct berval ) * ( cnt + 1 ), op->o_tmpmemctx ); for ( cnt = 0; references[ cnt ]; cnt++ ) { @@ -1456,7 +1456,7 @@ really_bad:; for ( cnt = 0; references[ cnt ]; cnt++ ) ; - sr_ref = ber_memalloc_x( sizeof( struct berval ) * ( cnt + 1 ), + sr_ref = op->o_tmpalloc( sizeof( struct berval ) * ( cnt + 1 ), op->o_tmpmemctx ); for ( cnt = 0; references[ cnt ]; cnt++ ) {