Reference leak in `Tuple_to_LDAPMod` on wrong-type list element · Issue #617 · python-ldap/python-ldap · GitHub
Skip to content

Reference leak in Tuple_to_LDAPMod on wrong-type list element #617

Description

@K-ANOY

Tuple_to_LDAPMod() leaks the item returned by PySequence_GetItem() when an
element of the value list is not a byte string. This is reachable with ordinary
invalid input (a non-bytes value in a modlist), not just allocation failure.

File: Modules/LDAPObject.c

Function: Tuple_to_LDAPMod

Relevant code:

item = PySequence_GetItem(list, i);
if (item == NULL)
    goto error;
if (!PyBytes_Check(item)) {
    LDAPerror_TypeError
        ("Tuple_to_LDAPMod(): expected a byte string in the list",
         item);
    goto error;
}
lm->mod_bvalues[i]->bv_len = PyBytes_Size(item);
lm->mod_bvalues[i]->bv_val = PyBytes_AsString(item);
Py_DECREF(item);

PySequence_GetItem() returns a new reference. On the success path item is
released after the bytes data is extracted. On the wrong-type path the function
sets a TypeError and goto error, and the shared error: label only frees
lm — it never releases item, so one reference leaks per rejected element.

Suggested fix: decref item before jumping to the error label:

if (!PyBytes_Check(item)) {
    LDAPerror_TypeError(
        "Tuple_to_LDAPMod(): expected a byte string in the list",
        item);
    Py_DECREF(item);
    goto error;
}

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions