Skip to content

Commit

Permalink
Issue 6485 - Fix double free in USN cleanup task
Browse files Browse the repository at this point in the history
Description:

ASAN report shows double free of bind dn in the USN cleanup task data. The bind
dn was passed as a reference so it should never have to be freed by the cleanup
task.

Relates: #6485

Reviewed by: tbordaz(Thanks!)
  • Loading branch information
mreynolds389 committed Jan 9, 2025
1 parent 6935548 commit 986cb5c
Showing 1 changed file with 2 additions and 4 deletions.
6 changes: 2 additions & 4 deletions ldap/servers/plugins/usn/usn_cleanup.c
Original file line number Diff line number Diff line change
Expand Up @@ -240,7 +240,7 @@ usn_cleanup_add(Slapi_PBlock *pb,
char *suffix = NULL;
char *backend_str = NULL;
char *maxusn = NULL;
char *bind_dn;
char *bind_dn = NULL;
struct usn_cleanup_data *cleanup_data = NULL;
int rv = SLAPI_DSE_CALLBACK_OK;
Slapi_Task *task = NULL;
Expand Down Expand Up @@ -323,8 +323,7 @@ usn_cleanup_add(Slapi_PBlock *pb,
suffix = NULL; /* don't free in this function */
cleanup_data->maxusn_to_delete = maxusn;
maxusn = NULL; /* don't free in this function */
cleanup_data->bind_dn = bind_dn;
bind_dn = NULL; /* don't free in this function */
cleanup_data->bind_dn = slapi_ch_strdup(bind_dn);
slapi_task_set_data(task, cleanup_data);

/* start the USN tombstone cleanup task as a separate thread */
Expand Down Expand Up @@ -363,7 +362,6 @@ usn_cleanup_task_destructor(Slapi_Task *task)
slapi_ch_free_string(&mydata->suffix);
slapi_ch_free_string(&mydata->maxusn_to_delete);
slapi_ch_free_string(&mydata->bind_dn);
/* Need to cast to avoid a compiler warning */
slapi_ch_free((void **)&mydata);
}
}
Expand Down

0 comments on commit 986cb5c

Please sign in to comment.