From dddb14210b402f317e566b6387c76a8e659bf7fa Mon Sep 17 00:00:00 2001 From: progier389 Date: Tue, 14 Feb 2023 13:34:10 +0100 Subject: [PATCH 1/2] issue 5647 - covscan: memory leak in audit log when adding entries (#5650) covscan reported an issue about "vals" variable in auditlog.c:231 and indeed a charray_free is missing. Issue: 5647 Reviewed by: @mreynolds389, @droideck --- ldap/servers/slapd/auditlog.c | 71 +++++++++++++++++++---------------- 1 file changed, 38 insertions(+), 33 deletions(-) diff --git a/ldap/servers/slapd/auditlog.c b/ldap/servers/slapd/auditlog.c index 68cbc674d..3128e0497 100644 --- a/ldap/servers/slapd/auditlog.c +++ b/ldap/servers/slapd/auditlog.c @@ -177,6 +177,40 @@ write_auditfail_log_entry(Slapi_PBlock *pb) slapi_ch_free_string(&audit_config); } +/* + * Write the attribute values to the audit log as "comments" + * + * Slapi_Attr *entry - the attribute begin logged. + * char *attrname - the attribute name. + * lenstr *l - the audit log buffer + * + * Resulting output in the log: + * + * #ATTR: VALUE + * #ATTR: VALUE + */ +static void +log_entry_attr(Slapi_Attr *entry_attr, char *attrname, lenstr *l) +{ + Slapi_Value **vals = attr_get_present_values(entry_attr); + for(size_t i = 0; vals && vals[i]; i++) { + char log_val[256] = ""; + const struct berval *bv = slapi_value_get_berval(vals[i]); + if (bv->bv_len >= 256) { + strncpy(log_val, bv->bv_val, 252); + strcpy(log_val+252, "..."); + } else { + strncpy(log_val, bv->bv_val, bv->bv_len); + log_val[bv->bv_len] = 0; + } + addlenstr(l, "#"); + addlenstr(l, attrname); + addlenstr(l, ": "); + addlenstr(l, log_val); + addlenstr(l, "\n"); + } +} + /* * Write "requested" attributes from the entry to the audit log as "comments" * @@ -212,21 +246,9 @@ add_entry_attrs(Slapi_Entry *entry, lenstr *l) for (req_attr = ldap_utf8strtok_r(display_attrs, ", ", &last); req_attr; req_attr = ldap_utf8strtok_r(NULL, ", ", &last)) { - char **vals = slapi_entry_attr_get_charray(entry, req_attr); - for(size_t i = 0; vals && vals[i]; i++) { - char log_val[256] = {0}; - - if (strlen(vals[i]) > 256) { - strncpy(log_val, vals[i], 252); - strcat(log_val, "..."); - } else { - strcpy(log_val, vals[i]); - } - addlenstr(l, "#"); - addlenstr(l, req_attr); - addlenstr(l, ": "); - addlenstr(l, log_val); - addlenstr(l, "\n"); + slapi_entry_attr_find(entry, req_attr, &entry_attr); + if (entry_attr) { + log_entry_attr(entry_attr, req_attr, l); } } } else { @@ -234,7 +256,6 @@ add_entry_attrs(Slapi_Entry *entry, lenstr *l) for (; entry_attr; entry_attr = entry_attr->a_next) { Slapi_Value **vals = attr_get_present_values(entry_attr); char *attr = NULL; - const char *val = NULL; slapi_attr_get_type(entry_attr, &attr); if (strcmp(attr, PSEUDO_ATTR_UNHASHEDUSERPASSWORD) == 0) { @@ -251,23 +272,7 @@ add_entry_attrs(Slapi_Entry *entry, lenstr *l) addlenstr(l, ": ****************************\n"); continue; } - - for(size_t i = 0; vals && vals[i]; i++) { - char log_val[256] = {0}; - - val = slapi_value_get_string(vals[i]); - if (strlen(val) > 256) { - strncpy(log_val, val, 252); - strcat(log_val, "..."); - } else { - strcpy(log_val, val); - } - addlenstr(l, "#"); - addlenstr(l, attr); - addlenstr(l, ": "); - addlenstr(l, log_val); - addlenstr(l, "\n"); - } + log_entry_attr(entry_attr, attr, l); } } slapi_ch_free_string(&display_attrs); -- 2.43.0