Tuple_to_LDAPMod() leaks the item returned by PySequence_GetItem() when an
element of the value list is not a byte string. This is reachable with ordinary
invalid input (a non-bytes value in a modlist), not just allocation failure.
File: Modules/LDAPObject.c
Function: Tuple_to_LDAPMod
Relevant code:
item = PySequence_GetItem(list, i);
if (item == NULL)
goto error;
if (!PyBytes_Check(item)) {
LDAPerror_TypeError
("Tuple_to_LDAPMod(): expected a byte string in the list",
item);
goto error;
}
lm->mod_bvalues[i]->bv_len = PyBytes_Size(item);
lm->mod_bvalues[i]->bv_val = PyBytes_AsString(item);
Py_DECREF(item);
PySequence_GetItem() returns a new reference. On the success path item is
released after the bytes data is extracted. On the wrong-type path the function
sets a TypeError and goto error, and the shared error: label only frees
lm — it never releases item, so one reference leaks per rejected element.
Suggested fix: decref item before jumping to the error label:
if (!PyBytes_Check(item)) {
LDAPerror_TypeError(
"Tuple_to_LDAPMod(): expected a byte string in the list",
item);
Py_DECREF(item);
goto error;
}
Tuple_to_LDAPMod()leaks the item returned byPySequence_GetItem()when anelement of the value list is not a byte string. This is reachable with ordinary
invalid input (a non-
bytesvalue in a modlist), not just allocation failure.File:
Modules/LDAPObject.cFunction:
Tuple_to_LDAPModRelevant code:
PySequence_GetItem()returns a new reference. On the success pathitemisreleased after the bytes data is extracted. On the wrong-type path the function
sets a
TypeErrorandgoto error, and the sharederror:label only freeslm— it never releasesitem, so one reference leaks per rejected element.Suggested fix: decref
itembefore jumping to the error label: