From c351616ccd5dc71a6acd3af48a28bc2342d47f83 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ond=C5=99ej=20Kuzn=C3=ADk?= Date: Fri, 26 Oct 2018 15:16:41 +0100 Subject: [PATCH] ITS#8866 Fix use-after free --- servers/slapd/overlays/unique.c | 18 ++++++++++-------- 1 file changed, 10 insertions(+), 8 deletions(-) diff --git a/servers/slapd/overlays/unique.c b/servers/slapd/overlays/unique.c index 8cc652daa8..ccd4fa84bb 100644 --- a/servers/slapd/overlays/unique.c +++ b/servers/slapd/overlays/unique.c @@ -1000,27 +1000,29 @@ unique_search( nop->o_bd = on->on_info->oi_origdb; rc = nop->o_bd->be_search(nop, &nrs); filter_free_x(nop, nop->ors_filter, 1); - op->o_tmpfree( key->bv_val, op->o_tmpmemctx ); if(rc != LDAP_SUCCESS && rc != LDAP_NO_SUCH_OBJECT) { op->o_bd->bd_info = (BackendInfo *) on->on_info; send_ldap_error(op, rs, rc, "unique_search failed"); - return(rs->sr_err); - } + rc = rs->sr_err; + } else if(uq.count) { + Debug(LDAP_DEBUG_TRACE, "=> unique_search found %d records\n", uq.count, 0, 0); - Debug(LDAP_DEBUG_TRACE, "=> unique_search found %d records\n", uq.count, 0, 0); - - if(uq.count) { errmsgsize = sizeof("non-unique attributes found with ") + key->bv_len; errmsg = op->o_tmpalloc(errmsgsize, op->o_tmpmemctx); snprintf( errmsg, errmsgsize, "non-unique attributes found with %s", key->bv_val ); op->o_bd->bd_info = (BackendInfo *) on->on_info; send_ldap_error(op, rs, LDAP_CONSTRAINT_VIOLATION, errmsg); op->o_tmpfree(errmsg, op->o_tmpmemctx); - return(rs->sr_err); + rc = rs->sr_err; + } else { + Debug(LDAP_DEBUG_TRACE, "=> unique_search found no records\n", 0, 0, 0); + rc = SLAP_CB_CONTINUE; } - return(SLAP_CB_CONTINUE); + op->o_tmpfree( key->bv_val, op->o_tmpmemctx ); + + return(rc); } static int