gentilkiwi / mimikatz

A little tool to play with Windows security
http://blog.gentilkiwi.com/mimikatz
19.49k stars 3.74k forks source link

Potential memory leak -01. #404

Open rachyyyy opened 2 years ago

rachyyyy commented 2 years ago

Potential memory leak in kuhl_m_sid.c line 113, 156 and 188. The return value of ldap_get_dn is not freed before being passed to the function will cause a memory leak. Doc says "The ldap_get_dn() routine takes an entry as returned by ldap_first_entry(3) or ldap_next_entry(3) and returns a copy of the entry's DN. Space for the DN will be obtained dynamically and should be freed by the caller using ldap_memfree(3). Notes:These routines dynamically allocate memory that the caller must free."

1662195656083

joshterrill commented 2 years ago

I believe this one is not an issue since ldap_unbind is called at the end which according to the docs:

The ldap_unbind() call is used to unbind from the directory, terminate the current association, and free the resources contained in the ld structure. Once it is called, the connection to the LDAP server is closed, and the ld structure is invalid.

https://linux.die.net/man/3/ldap_unbind

Let me know if I'm misunderstanding this.