Fix infinite loop releasing the same memory in ldap_loadentry().
authorRichard Mudgett <rmudgett@digium.com>
Fri, 19 Aug 2011 17:24:56 +0000 (17:24 +0000)
committerRichard Mudgett <rmudgett@digium.com>
Fri, 19 Aug 2011 17:24:56 +0000 (17:24 +0000)
* Fixed memory leak of vars in ldap_loadentry().

* Fixed potential NULL ptr dereference of vars in ldap_loadentry().

git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@332615 65c4cc65-6c06-0410-ace0-fbb531ad65f3

res/res_config_ldap.c

index 55e1526..554f4f5 100644 (file)
@@ -609,17 +609,17 @@ static struct ast_variable *ldap_loadentry(struct ldap_table_config *table_confi
                /* Chopping \a vars down to one variable */
                if (vars != NULL) {
                        struct ast_variable **p = vars;
-                       p++;
-                       var = *p;
-                       while (var) {
-                               ast_variables_destroy(var);
-                               p++;
+
+                       /* Only take the first one. */
+                       var = *vars;
+
+                       /* Destroy the rest. */
+                       while (*++p) {
+                               ast_variables_destroy(*p);
                        }
-                       vars = ast_realloc(vars, sizeof(struct ast_variable *));
+                       ast_free(vars);
                }
 
-               var = *vars;
-
                return var;
        }
 }
@@ -864,6 +864,11 @@ static struct ast_variable **realtime_ldap_base_ap(unsigned int *entries_count_p
                                                                ast_variables_destroy(base_var);
                                                                base_var = next;
                                                        } else {
+                                                               /*!
+                                                                * \todo XXX The interactions with base_var and append_var may
+                                                                * cause a memory leak of base_var nodes.  Also the append_var
+                                                                * list and base_var list may get cross linked.
+                                                                */
                                                                if (append_var) {
                                                                        base_var->next = append_var;
                                                                } else {
@@ -926,6 +931,8 @@ static struct ast_variable *realtime_ldap(const char *basedn,
        if (vars) {
                struct ast_variable *last_var = NULL;
                struct ast_variable **p = vars;
+
+               /* Chain the vars array of lists into one list to return. */
                while (*p) {
                        if (last_var) {
                                while (last_var->next) {