From f98a115b59164f36da164042430aad11dcd8cecd Mon Sep 17 00:00:00 2001
From: Quanah Gibson-Mount <quanah@openldap.org>
Date: Sun, 13 Jun 2010 19:38:37 +0000
Subject: [PATCH] ITS#6572

---
 CHANGES                         |  1 +
 servers/slapd/overlays/refint.c | 59 +++++++++++++++------------------
 2 files changed, 27 insertions(+), 33 deletions(-)

diff --git a/CHANGES b/CHANGES
index 8ec9cfb98d..2a91c790da 100644
--- a/CHANGES
+++ b/CHANGES
@@ -11,6 +11,7 @@ OpenLDAP 2.4.23 Engineering
 	Fixed slapd-bdb to use memcpy instead for strcpy (ITS#6474)
 	Fixed slapd-ldap to return control responses (ITS#6530)
 	Fixed slapo-ppolicy to use Debug (ITS#6566)
+	Fixed slapo-refint to zero out freed DN vals (ITS#6572)
 	Fixed slapo-rwm to use Debug (ITS#6566)
 	Fixed slapo-sssvlv to use Debug (ITS#6566)
 	Fixed slapo-syncprov lost deletes in refresh phase (ITS#6555)
diff --git a/servers/slapd/overlays/refint.c b/servers/slapd/overlays/refint.c
index 9085c44344..55fcb6b5bd 100644
--- a/servers/slapd/overlays/refint.c
+++ b/servers/slapd/overlays/refint.c
@@ -76,7 +76,6 @@ typedef struct refint_q {
 } refint_q;
 
 typedef struct refint_data_s {
-	const char *message;			/* breadcrumbs */
 	struct refint_attrs_s *attrs;	/* list of known attrs */
 	BerValue dn;				/* basedn in parent, */
 	BerValue nothing;			/* the nothing value, if needed */
@@ -210,21 +209,17 @@ refint_cf_gen(ConfigArgs *c)
 			rc = 0;
 			break;
 		case REFINT_NOTHING:
-			if ( dd->nothing.bv_val )
-				ber_memfree ( dd->nothing.bv_val );
-			if ( dd->nnothing.bv_val )
-				ber_memfree ( dd->nnothing.bv_val );
-			dd->nothing.bv_len = 0;
-			dd->nnothing.bv_len = 0;
+			ch_free( dd->nothing.bv_val );
+			ch_free( dd->nnothing.bv_val );
+			BER_BVZERO( &dd->nothing );
+			BER_BVZERO( &dd->nnothing );
 			rc = 0;
 			break;
 		case REFINT_MODIFIERSNAME:
-			if ( dd->refint_dn.bv_val )
-				ber_memfree ( dd->refint_dn.bv_val );
-			if ( dd->refint_ndn.bv_val )
-				ber_memfree ( dd->refint_ndn.bv_val );
-			dd->refint_dn.bv_len = 0;
-			dd->refint_ndn.bv_len = 0;
+			ch_free( dd->refint_dn.bv_val );
+			ch_free( dd->refint_ndn.bv_val );
+			BER_BVZERO( &dd->refint_dn );
+			BER_BVZERO( &dd->refint_ndn );
 			rc = 0;
 			break;
 		default:
@@ -256,22 +251,26 @@ refint_cf_gen(ConfigArgs *c)
 			}
 			break;
 		case REFINT_NOTHING:
-			if ( dd->nothing.bv_val )
-				ber_memfree ( dd->nothing.bv_val );
-			if ( dd->nnothing.bv_val )
-				ber_memfree ( dd->nnothing.bv_val );
-			dd->nothing = c->value_dn;
-			dd->nnothing = c->value_ndn;
-			rc = 0;
+			if ( !BER_BVISNULL( &c->value_ndn )) {
+				ch_free ( dd->nothing.bv_val );
+				ch_free ( dd->nnothing.bv_val );
+				dd->nothing = c->value_dn;
+				dd->nnothing = c->value_ndn;
+				rc = 0;
+			} else {
+				rc = ARG_BAD_CONF;
+			}
 			break;
 		case REFINT_MODIFIERSNAME:
-			if ( dd->refint_dn.bv_val )
-				ber_memfree ( dd->refint_dn.bv_val );
-			if ( dd->refint_ndn.bv_val )
-				ber_memfree ( dd->refint_ndn.bv_val );
-			dd->refint_dn = c->value_dn;
-			dd->refint_ndn = c->value_ndn;
-			rc = 0;
+			if ( !BER_BVISNULL( &c->value_ndn )) {
+				ch_free( &dd->refint_dn.bv_val );
+				ch_free( &dd->refint_ndn.bv_val );
+				dd->refint_dn = c->value_dn;
+				dd->refint_ndn = c->value_ndn;
+				rc = 0;
+			} else {
+				rc = ARG_BAD_CONF;
+			}
 			break;
 		default:
 			abort ();
@@ -299,7 +298,6 @@ refint_db_init(
 	slap_overinst *on = (slap_overinst *)be->bd_info;
 	refint_data *id = ch_calloc(1,sizeof(refint_data));
 
-	id->message = "_init";
 	on->on_bi.bi_private = id;
 	ldap_pvt_thread_mutex_init( &id->qmutex );
 	return(0);
@@ -335,7 +333,6 @@ refint_open(
 {
 	slap_overinst *on	= (slap_overinst *)be->bd_info;
 	refint_data *id	= on->on_bi.bi_private;
-	id->message		= "_open";
 
 	if ( BER_BVISNULL( &id->dn )) {
 		if ( BER_BVISNULL( &be->be_nsuffix[0] ))
@@ -354,7 +351,6 @@ refint_open(
 ** foreach configured attribute:
 **	free it;
 ** free our basedn;
-** (do not) free id->message;
 ** reset on_bi.bi_private;
 ** free our config data;
 **
@@ -369,7 +365,6 @@ refint_close(
 	slap_overinst *on	= (slap_overinst *) be->bd_info;
 	refint_data *id	= on->on_bi.bi_private;
 	refint_attrs *ii, *ij;
-	id->message		= "_close";
 
 	for(ii = id->attrs; ii; ii = ij) {
 		ij = ii->next;
@@ -870,8 +865,6 @@ refint_response(
 	BackendDB *db = NULL;
 	refint_attrs *ip;
 
-	id->message = "_refint_response";
-
 	/* If the main op failed or is not a Delete or ModRdn, ignore it */
 	if (( op->o_tag != LDAP_REQ_DELETE && op->o_tag != LDAP_REQ_MODRDN ) ||
 		rs->sr_err != LDAP_SUCCESS )
-- 
GitLab