httpd-cvs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bnicho...@apache.org
Subject cvs commit: httpd-2.0/modules/experimental util_ldap.c
Date Wed, 14 Apr 2004 14:41:28 GMT
bnicholes    2004/04/14 07:41:28

  Modified:    modules/experimental util_ldap.c
  Log:
  Don't repeatedly allocate the binddn and bindpw from the st->pool (pconf pool) in order
to avoid uncontrolled memory allocations.
  
  Revision  Changes    Path
  1.24      +59 -34    httpd-2.0/modules/experimental/util_ldap.c
  
  Index: util_ldap.c
  ===================================================================
  RCS file: /home/cvs/httpd-2.0/modules/experimental/util_ldap.c,v
  retrieving revision 1.23
  retrieving revision 1.24
  diff -u -r1.23 -r1.24
  --- util_ldap.c	2 Apr 2004 23:17:29 -0000	1.23
  +++ util_ldap.c	14 Apr 2004 14:41:28 -0000	1.24
  @@ -88,6 +88,20 @@
                             "\"http://www.w3.org/TR/REC-html40/frameset.dtd\">\n"
   #endif
   
  +
  +static void util_ldap_strdup (char *str, const char *newstr)
  +{
  +    if (str) {
  +        free(str);
  +        str = NULL;
  +    }
  +
  +    if (newstr) {
  +        str = calloc(1, strlen(newstr)+1);
  +        strcpy (str, newstr);
  +    }
  +}
  +
   /*
    * Status Handler
    * --------------
  @@ -179,25 +193,36 @@
   {
       util_ldap_connection_t *ldc = param;
   
  -    /* unbinding from the LDAP server */
  -    if (ldc->ldap) {
  -        ldap_unbind_s(ldc->ldap);
  -        ldc->bound = 0;
  -        ldc->ldap = NULL;
  -    }
  +    if (ldc) {
  +
  +        /* unbinding from the LDAP server */
  +        if (ldc->ldap) {
  +            ldap_unbind_s(ldc->ldap);
  +            ldc->bound = 0;
  +            ldc->ldap = NULL;
  +        }
  +
  +        if (ldc->bindpw) {
  +            free((void*)ldc->bindpw);
  +        }
  +    
  +        if (ldc->binddn) {
  +            free((void*)ldc->binddn);
  +        }
   
  -    /* release the lock we were using.  The lock should have
  -       already been released in the close connection call.  
  -       But just in case it wasn't, we first try to get the lock
  -       before unlocking it to avoid unlocking an unheld lock. 
  -       Unlocking an unheld lock causes problems on NetWare.  The
  -       other option would be to assume that close connection did
  -       its job. */
  +        /* release the lock we were using.  The lock should have
  +           already been released in the close connection call.  
  +           But just in case it wasn't, we first try to get the lock
  +           before unlocking it to avoid unlocking an unheld lock. 
  +           Unlocking an unheld lock causes problems on NetWare.  The
  +           other option would be to assume that close connection did
  +           its job. */
   #if APR_HAS_THREADS
  -    apr_thread_mutex_trylock(ldc->lock);
  -    apr_thread_mutex_unlock(ldc->lock);
  +        apr_thread_mutex_trylock(ldc->lock);
  +        apr_thread_mutex_unlock(ldc->lock);
   #endif
   
  +    }
       return APR_SUCCESS;
   }
   
  @@ -290,11 +315,6 @@
           /* always default to LDAP V3 */
           ldap_set_option(ldc->ldap, LDAP_OPT_PROTOCOL_VERSION, &version);
   
  -
  -        /* add the cleanup to the pool */
  -        apr_pool_cleanup_register(ldc->pool, ldc,
  -                                  util_ldap_connection_destroy,
  -                                  apr_pool_cleanup_null);
       }
   
   
  @@ -395,8 +415,8 @@
   
                   /* the bind credentials have changed */
                   l->bound = 0;
  -                l->binddn = apr_pstrdup(st->pool, binddn);
  -                l->bindpw = apr_pstrdup(st->pool, bindpw);
  +                util_ldap_strdup((char*)l->binddn, binddn);
  +                util_ldap_strdup((char*)l->bindpw, bindpw);
                   break;
               }
   #if APR_HAS_THREADS
  @@ -434,10 +454,15 @@
           l->host = apr_pstrdup(st->pool, host);
           l->port = port;
           l->deref = deref;
  -        l->binddn = apr_pstrdup(st->pool, binddn);
  -        l->bindpw = apr_pstrdup(st->pool, bindpw);
  +        util_ldap_strdup((char*)l->binddn, binddn);
  +        util_ldap_strdup((char*)l->bindpw, bindpw);
           l->secure = secure;
   
  +        /* add the cleanup to the pool */
  +        apr_pool_cleanup_register(l->pool, l,
  +                                  util_ldap_connection_destroy,
  +                                  apr_pool_cleanup_null);
  +
           if (p) {
               p->next = l;
           }
  @@ -817,7 +842,7 @@
   
       /* Grab the dn, copy it into the pool, and free it again */
       dn = ldap_get_dn(ldc->ldap, entry);
  -    *binddn = apr_pstrdup(st->pool, dn);
  +    *binddn = apr_pstrdup(r->pool, dn);
       ldap_memfree(dn);
   
       /* 
  @@ -861,8 +886,8 @@
            * it is bound to the original user id specified ldc->binddn when in fact it
is 
            * bound to a completely different user id.
            */
  -        ldc->binddn = apr_pstrdup(st->pool, *binddn);
  -        ldc->bindpw = apr_pstrdup(st->pool, bindpw);
  +        util_ldap_strdup((char*)ldc->binddn, *binddn);
  +        util_ldap_strdup((char*)ldc->bindpw, bindpw);
       }
   
       /*
  @@ -893,17 +918,17 @@
       /* 		
        * Add the new username to the search cache.
        */
  -    LDAP_CACHE_WRLOCK();
  -    the_search_node.username = filter;
  -    the_search_node.dn = *binddn;
  -    the_search_node.bindpw = bindpw;
  -    the_search_node.lastbind = apr_time_now();
  -    the_search_node.vals = vals;
       if (curl) {
  +        LDAP_CACHE_WRLOCK();
  +        the_search_node.username = filter;
  +        the_search_node.dn = *binddn;
  +        the_search_node.bindpw = bindpw;
  +        the_search_node.lastbind = apr_time_now();
  +        the_search_node.vals = vals;
           util_ald_cache_insert(curl->search_cache, &the_search_node);
  +        LDAP_CACHE_UNLOCK();
       }
       ldap_msgfree(res);
  -    LDAP_CACHE_UNLOCK();
   
       ldc->reason = "Authentication successful";
       return LDAP_SUCCESS;
  
  
  

Mime
View raw message