openldap-2.6.2-2.el9

List of Defects

Error: RESOURCE_LEAK (CWE-772): [#def13] [important]
openldap-2.6.2/openldap-2.6.2/clients/tools/common.c:1613: alloc_arg: "ldap_parse_result" allocates memory that is stored into "info".
openldap-2.6.2/openldap-2.6.2/clients/tools/common.c:1700: leaked_storage: Variable "info" going out of scope leaks the storage it points to.
# 1698|   		if ( err != LDAP_SUCCESS ) tool_exit( ld, err );
# 1699|   	}
# 1700|-> }
# 1701|   
# 1702|   void

Error: RESOURCE_LEAK (CWE-772): [#def14] [important]
openldap-2.6.2/openldap-2.6.2/clients/tools/common.c:1613: alloc_arg: "ldap_parse_result" allocates memory that is stored into "matched".
openldap-2.6.2/openldap-2.6.2/clients/tools/common.c:1700: leaked_storage: Variable "matched" going out of scope leaks the storage it points to.
# 1698|   		if ( err != LDAP_SUCCESS ) tool_exit( ld, err );
# 1699|   	}
# 1700|-> }
# 1701|   
# 1702|   void

Error: RESOURCE_LEAK (CWE-772): [#def24] [important]
openldap-2.6.2/openldap-2.6.2/clients/tools/ldapdelete.c:281: alloc_arg: "ldap_parse_result" allocates memory that is stored into "ctrls".
openldap-2.6.2/openldap-2.6.2/clients/tools/ldapdelete.c:257: leaked_storage: Variable "ctrls" going out of scope leaks the storage it points to.
#  255|   		fprintf( stderr, "%s: ldap_delete_ext: %s (%d)\n",
#  256|   			prog, ldap_err2string( rc ), rc );
#  257|-> 		return rc;
#  258|   	}
#  259|   

Error: RESOURCE_LEAK (CWE-772): [#def25] [important]
openldap-2.6.2/openldap-2.6.2/clients/tools/ldapdelete.c:281: alloc_arg: "ldap_parse_result" allocates memory that is stored into "matcheddn".
openldap-2.6.2/openldap-2.6.2/clients/tools/ldapdelete.c:257: leaked_storage: Variable "matcheddn" going out of scope leaks the storage it points to.
#  255|   		fprintf( stderr, "%s: ldap_delete_ext: %s (%d)\n",
#  256|   			prog, ldap_err2string( rc ), rc );
#  257|-> 		return rc;
#  258|   	}
#  259|   

Error: RESOURCE_LEAK (CWE-772): [#def26] [important]
openldap-2.6.2/openldap-2.6.2/clients/tools/ldapdelete.c:281: alloc_arg: "ldap_parse_result" allocates memory that is stored into "text".
openldap-2.6.2/openldap-2.6.2/clients/tools/ldapdelete.c:257: leaked_storage: Variable "text" going out of scope leaks the storage it points to.
#  255|   		fprintf( stderr, "%s: ldap_delete_ext: %s (%d)\n",
#  256|   			prog, ldap_err2string( rc ), rc );
#  257|-> 		return rc;
#  258|   	}
#  259|   

Error: RESOURCE_LEAK (CWE-772): [#def36] [important]
openldap-2.6.2/openldap-2.6.2/clients/tools/ldapsearch.c:1872: alloc_arg: "ber_flatten" allocates memory that is stored into "msgidvalp".
openldap-2.6.2/openldap-2.6.2/clients/tools/ldapsearch.c:1873: noescape: Resource "msgidvalp" is not freed or pointed-to in "ldap_extended_operation".
openldap-2.6.2/openldap-2.6.2/clients/tools/ldapsearch.c:1876: leaked_storage: Variable "msgidvalp" going out of scope leaks the storage it points to.
# 1874|   					msgidvalp, NULL, NULL, &cancel_msgid);
# 1875|   				nresponses_psearch = -1;
# 1876|-> 			}
# 1877|   		}
# 1878|   

Error: RESOURCE_LEAK (CWE-772): [#def105] [important]
openldap-2.6.2/openldap-2.6.2/libraries/libldap/deref.c:176: alloc_fn: Storage is returned from allocation function "ber_init".
openldap-2.6.2/openldap-2.6.2/libraries/libldap/deref.c:176: var_assign: Assigning: "ber" = storage returned from "ber_init(&ctrl->ldctl_value)".
openldap-2.6.2/openldap-2.6.2/libraries/libldap/deref.c:185: noescape: Resource "ber" is not freed or pointed-to in "ber_first_element".
openldap-2.6.2/openldap-2.6.2/libraries/libldap/deref.c:198: leaked_storage: Variable "ber" going out of scope leaks the storage it points to.
#  196|   			*drp2 = NULL;
#  197|   			ld->ld_errno = LDAP_NO_MEMORY;
#  198|-> 			return ld->ld_errno;
#  199|   		}
#  200|   		dvp = &dr->attrVals;

Error: RESOURCE_LEAK (CWE-772): [#def147] [important]
openldap-2.6.2/openldap-2.6.2/libraries/libldap/ldif.c:726: alloc_fn: Storage is returned from allocation function "fopen".
openldap-2.6.2/openldap-2.6.2/libraries/libldap/ldif.c:726: var_assign: Assigning: "fp" = storage returned from "fopen(file, mode)".
openldap-2.6.2/openldap-2.6.2/libraries/libldap/ldif.c:732: leaked_storage: Variable "fp" going out of scope leaks the storage it points to.
#  730|   		lfp = ber_memalloc( sizeof( LDIFFP ));
#  731|   		if ( lfp == NULL ) {
#  732|-> 		    return NULL;
#  733|   		}
#  734|   		lfp->fp = fp;

Error: RESOURCE_LEAK (CWE-772): [#def253] [important]
openldap-2.6.2/openldap-2.6.2/libraries/libldap/turn.c:56: alloc_arg: "ber_flatten" allocates memory that is stored into "turnvalp".
openldap-2.6.2/openldap-2.6.2/libraries/libldap/turn.c:58: noescape: Resource "turnvalp" is not freed or pointed-to in "ldap_extended_operation".
openldap-2.6.2/openldap-2.6.2/libraries/libldap/turn.c:61: leaked_storage: Variable "turnvalp" going out of scope leaks the storage it points to.
#   59|   			turnvalp, sctrls, cctrls, msgidp );
#   60|   	ber_free( turnvalber, 1 );
#   61|-> 	return rc;
#   62|   #else
#   63|   	return LDAP_CONTROL_NOT_FOUND;

Error: RESOURCE_LEAK (CWE-772): [#def254] [important]
openldap-2.6.2/openldap-2.6.2/libraries/libldap/turn.c:86: alloc_arg: "ber_flatten" allocates memory that is stored into "turnvalp".
openldap-2.6.2/openldap-2.6.2/libraries/libldap/turn.c:88: noescape: Resource "turnvalp" is not freed or pointed-to in "ldap_extended_operation_s".
openldap-2.6.2/openldap-2.6.2/libraries/libldap/turn.c:91: leaked_storage: Variable "turnvalp" going out of scope leaks the storage it points to.
#   89|   			turnvalp, sctrls, cctrls, NULL, NULL );
#   90|   	ber_free( turnvalber, 1 );
#   91|-> 	return rc;
#   92|   #else
#   93|   	return LDAP_CONTROL_NOT_FOUND;

Error: RESOURCE_LEAK (CWE-772): [#def255] [important]
openldap-2.6.2/openldap-2.6.2/libraries/libldap/txn.c:83: alloc_arg: "ber_flatten" allocates memory that is stored into "txnval".
openldap-2.6.2/openldap-2.6.2/libraries/libldap/txn.c:85: noescape: Resource "txnval" is not freed or pointed-to in "ldap_extended_operation".
openldap-2.6.2/openldap-2.6.2/libraries/libldap/txn.c:89: leaked_storage: Variable "txnval" going out of scope leaks the storage it points to.
#   87|   
#   88|   	ber_free( txnber, 1 );
#   89|-> 	return rc;
#   90|   }
#   91|   

Error: RESOURCE_LEAK (CWE-772): [#def256] [important]
openldap-2.6.2/openldap-2.6.2/libraries/libldap/txn.c:116: alloc_arg: "ber_flatten" allocates memory that is stored into "txnval".
openldap-2.6.2/openldap-2.6.2/libraries/libldap/txn.c:118: noescape: Resource "txnval" is not freed or pointed-to in "ldap_extended_operation_s".
openldap-2.6.2/openldap-2.6.2/libraries/libldap/txn.c:152: leaked_storage: Variable "txnval" going out of scope leaks the storage it points to.
#  150|   	}
#  151|   
#  152|-> 	return rc;
#  153|   }

Error: RESOURCE_LEAK (CWE-772): [#def286] [important]
openldap-2.6.2/openldap-2.6.2/libraries/liblunicode/ucstr.c:134: alloc_fn: Storage is returned from allocation function "ber_memalloc_x".
openldap-2.6.2/openldap-2.6.2/libraries/liblunicode/ucstr.c:134: var_assign: Assigning: "newbv" = storage returned from "ber_memalloc_x(16UL, ctx)".
openldap-2.6.2/openldap-2.6.2/libraries/liblunicode/ucstr.c:173: noescape: Resource "newbv" is not freed or pointed-to in "ber_str2bv_x".
openldap-2.6.2/openldap-2.6.2/libraries/liblunicode/ucstr.c:173: leaked_storage: Returning without freeing "newbv" leaks the storage that it points to.
#  171|   
#  172|   			if ( i == len ) {
#  173|-> 				return ber_str2bv_x( s, len, 1, newbv, ctx );
#  174|   			}
#  175|   				

Error: RESOURCE_LEAK (CWE-772): [#def307] [important]
openldap-2.6.2/openldap-2.6.2/libraries/liblutil/passwd.c:931: alloc_fn: Storage is returned from allocation function "ber_dupbv".
openldap-2.6.2/openldap-2.6.2/libraries/liblutil/passwd.c:931: leaked_storage: Ignoring storage allocated by "ber_dupbv(hash, (struct berval *)passwd)" leaks it.
#  929|   	const char **text )
#  930|   {
#  931|-> 	ber_dupbv( hash, (struct berval *)passwd );
#  932|   	return LUTIL_PASSWD_OK;
#  933|   }

Error: RESOURCE_LEAK (CWE-772): [#def323] [important]
openldap-2.6.2/openldap-2.6.2/libraries/librewrite/ldapmap.c:405: alloc_fn: Storage is returned from allocation function "ber_dupbv".
openldap-2.6.2/openldap-2.6.2/libraries/librewrite/ldapmap.c:405: leaked_storage: Ignoring storage allocated by "ber_dupbv(val, values[0])" leaks it.
#  403|   				}
#  404|   #endif
#  405|-> 				ber_dupbv( val, values[ 0 ] );
#  406|   			}
#  407|   			ldap_value_free_len( values );

Error: LOCK (CWE-667): [#def84]
openldap-2.6.2/openldap-2.6.2/libraries/libldap/abandon.c:177: lock: "ldap_pvt_thread_mutex_lock" locks "ld->ldc->ldc_req_mutex".
openldap-2.6.2/openldap-2.6.2/libraries/libldap/abandon.c:180: missing_unlock: Returning without unlocking "ld->ldc->ldc_req_mutex".
#  178|   	if ( err == 0 ) {
#  179|   		ld->ld_errno = LDAP_SUCCESS;
#  180|-> 		return LDAP_SUCCESS;
#  181|   	}
#  182|   

Error: LOCK (CWE-667): [#def87]
openldap-2.6.2/openldap-2.6.2/libraries/libldap/abandon.c:177: lock: "ldap_pvt_thread_mutex_lock" locks "ld->ldc->ldc_req_mutex".
openldap-2.6.2/openldap-2.6.2/libraries/libldap/abandon.c:319: missing_unlock: Returning without unlocking "ld->ldc->ldc_req_mutex".
#  317|   
#  318|   	LDAP_MUTEX_UNLOCK( &ld->ld_abandon_mutex );
#  319|-> 	return( ld->ld_errno );
#  320|   }
#  321|   

Error: LOCK (CWE-667): [#def167]
openldap-2.6.2/openldap-2.6.2/libraries/libldap/open.c:149: lock: "ldap_pvt_thread_mutex_lock" locks "gopts->ldo_mutex".
openldap-2.6.2/openldap-2.6.2/libraries/libldap/open.c:257: missing_unlock: Returning without unlocking "gopts->ldo_mutex".
#  255|   #endif
#  256|   	LDAP_FREE( (char *)ld );
#  257|-> 	return LDAP_NO_MEMORY;
#  258|   }
#  259|   

Error: MISSING_LOCK (CWE-667): [#def250]
openldap-2.6.2/openldap-2.6.2/libraries/libldap/tpool.c:1208: missing_lock: Accessing "pool->ltp_wqs[i]->ltp_active_count" without holding lock "ldap_int_thread_poolq_s.ltp_mutex". Elsewhere, "ldap_int_thread_poolq_s.ltp_active_count" is accessed with "ldap_int_thread_poolq_s.ltp_mutex" held 5 out of 7 times (1 of these accesses strongly imply that it is necessary).
openldap-2.6.2/openldap-2.6.2/libraries/libldap/tpool.c:1140: example_lock: Example 1: Locking "ldap_int_thread_poolq_s.ltp_mutex".
openldap-2.6.2/openldap-2.6.2/libraries/libldap/tpool.c:1142: example_access: Example 1 (cont.): "ldap_int_thread_poolq_s.ltp_active_count" is accessed with lock "ldap_int_thread_poolq_s.ltp_mutex" held.
openldap-2.6.2/openldap-2.6.2/libraries/libldap/tpool.c:1163: example_lock: Example 2: Locking "ldap_int_thread_poolq_s.ltp_mutex".
openldap-2.6.2/openldap-2.6.2/libraries/libldap/tpool.c:1165: example_access: Example 2 (cont.): "ldap_int_thread_poolq_s.ltp_active_count" is accessed with lock "ldap_int_thread_poolq_s.ltp_mutex" held.
openldap-2.6.2/openldap-2.6.2/libraries/libldap/tpool.c:1180: example_lock: Example 3: Locking "ldap_int_thread_poolq_s.ltp_mutex".
openldap-2.6.2/openldap-2.6.2/libraries/libldap/tpool.c:1182: example_access: Example 3 (cont.): "ldap_int_thread_poolq_s.ltp_active_count" is accessed with lock "ldap_int_thread_poolq_s.ltp_mutex" held.
openldap-2.6.2/openldap-2.6.2/libraries/libldap/tpool.c:987: example_lock: Example 4: Locking "ldap_int_thread_poolq_s.ltp_mutex".
openldap-2.6.2/openldap-2.6.2/libraries/libldap/tpool.c:989: example_access: Example 4 (cont.): "ldap_int_thread_poolq_s.ltp_active_count" is accessed with lock "ldap_int_thread_poolq_s.ltp_mutex" held.
openldap-2.6.2/openldap-2.6.2/libraries/libldap/tpool.c:987: example_lock: Example 5: Locking "ldap_int_thread_poolq_s.ltp_mutex".
openldap-2.6.2/openldap-2.6.2/libraries/libldap/tpool.c:995: example_access: Example 5 (cont.): "ldap_int_thread_poolq_s.ltp_active_count" is accessed with lock "ldap_int_thread_poolq_s.ltp_mutex" held.
# 1206|   
# 1207|   		/* restore us to active count */
# 1208|-> 		pool->ltp_wqs[i]->ltp_active_count++;
# 1209|   
# 1210|   		assert(pool->ltp_pause == WANT_PAUSE);

Error: LOCK (CWE-667): [#def266]
openldap-2.6.2/openldap-2.6.2/libraries/liblmdb/mdb.c:2752: lock: "pthread_mutex_lock" locks "env->me_txns->mt2.mt2_wmutex".
openldap-2.6.2/openldap-2.6.2/libraries/liblmdb/mdb.c:2802: missing_unlock: Returning without unlocking "env->me_txns->mt2.mt2_wmutex".
# 2800|   		rc = MDB_MAP_RESIZED;
# 2801|   	} else {
# 2802|-> 		return MDB_SUCCESS;
# 2803|   	}
# 2804|   	mdb_txn_end(txn, new_notls /*0 or MDB_END_SLOT*/ | MDB_END_FAIL_BEGIN);

Error: LOCK (CWE-667): [#def267]
openldap-2.6.2/openldap-2.6.2/libraries/liblmdb/mdb.c:2752: lock: "pthread_mutex_lock" locks "env->me_txns->mt2.mt2_wmutex".
openldap-2.6.2/openldap-2.6.2/libraries/liblmdb/mdb.c:2805: missing_unlock: Returning without unlocking "env->me_txns->mt2.mt2_wmutex".
# 2803|   	}
# 2804|   	mdb_txn_end(txn, new_notls /*0 or MDB_END_SLOT*/ | MDB_END_FAIL_BEGIN);
# 2805|-> 	return rc;
# 2806|   }
# 2807|   

Error: LOCK (CWE-665): [#def321]
openldap-2.6.2/openldap-2.6.2/libraries/librewrite/ldapmap.c:237: unlock: "ldap_pvt_thread_mutex_init" initializes and leaves "data->lm_mutex" unlocked.
openldap-2.6.2/openldap-2.6.2/libraries/librewrite/ldapmap.c:244: double_initialization: "ldap_pvt_thread_mutex_init" initializes "data->lm_mutex" while it is already initialized.
#  242|   
#  243|   #ifdef USE_REWRITE_LDAP_PVT_THREADS
#  244|-> 				ldap_pvt_thread_mutex_init( &data->lm_mutex );
#  245|   #endif /* USE_REWRITE_LDAP_PVT_THREADS */
#  246|