Skip to content

Reference counting issue in LDAPmessage_to_python()  #23

@tiran

Description

@tiran

The lines valuestr ? valuestr : Py_None, and Py_DECREF(valuestr); in the block

valuestr = LDAPberval_to_object(retdata);
ber_bvfree( retdata );
pyoid = PyUnicode_FromString(retoid);
ldap_memfree( retoid );
if (pyoid == NULL) {
Py_DECREF(result);
ldap_msgfree( m );
return NULL;
}
valtuple = Py_BuildValue("(OOO)", pyoid,
valuestr ? valuestr : Py_None,
pyctrls);
Py_DECREF(pyoid);
Py_DECREF(valuestr);
Py_XDECREF(pyctrls);
PyList_Append(result, valtuple);
Py_DECREF(valtuple);
of LDAPmessage_to_python() have triggered a NULL pointer deref warning in clang's static code analyzer. LDAPberval_to_object() can return NULL in case PyBytes_FromStringAndSize() fails. Later the value is dereferenced in Py_DECREF(valuestr);.

The function must verify valuestr. Also Py_BuildValue() can be simplified by using N instead of O. https://docs.python.org/3/c-api/arg.html?highlight=py_buildvalue#c.Py_BuildValue

Metadata

Metadata

Assignees

No one assigned

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions