File 0243-Change-malloc-to-use-calloc-to-prevent-memory-reuse-.patch of Package openldap2.29423

From eee1fad18d3caebde0de36c58d3e77a10f98d287 Mon Sep 17 00:00:00 2001
From: William Brown <wbrown@suse.de>
Date: Wed, 11 May 2022 12:40:50 +1000
Subject: [PATCH] Change malloc to use calloc to prevent memory reuse
 corruption

---
 servers/slapd/sl_malloc.c | 18 ++++++++++++------
 1 file changed, 12 insertions(+), 6 deletions(-)

diff --git a/servers/slapd/sl_malloc.c b/servers/slapd/sl_malloc.c
index 942f7402bd..01f3634574 100644
--- a/servers/slapd/sl_malloc.c
+++ b/servers/slapd/sl_malloc.c
@@ -292,8 +292,8 @@ slap_sl_mem_setctx(
 	SET_MEMCTX(thrctx, memctx, slap_sl_mem_destroy);
 }
 
-void *
-slap_sl_malloc(
+static void *
+slap_sl_malloc_inner(
     ber_len_t	size,
     void *ctx
 )
@@ -394,6 +394,12 @@ slap_sl_malloc(
 	((0UL|(t)-1) >>31>>31 > 1 ? ((t)1 <<32) - 1 : \
 	 (0UL|(t)-1) >>31 ? 65535U : (0UL|(t)-1) >>15 ? 255U : 15U)
 
+void *
+slap_sl_malloc( ber_len_t size, void *ctx )
+{
+    return slap_sl_calloc(1, size, ctx);
+}
+
 void *
 slap_sl_calloc( ber_len_t n, ber_len_t size, void *ctx )
 {
@@ -402,7 +408,7 @@ slap_sl_calloc( ber_len_t n, ber_len_t size, void *ctx )
 
 	/* The sqrt test is a slight optimization: often avoids the division */
 	if ((n | size) <= LIM_SQRT(ber_len_t) || n == 0 || total/n == size) {
-		newptr = slap_sl_malloc( total, ctx );
+		newptr = slap_sl_malloc_inner( total, ctx );
 		memset( newptr, 0, n*size );
 	} else {
 		Debug(LDAP_DEBUG_ANY, "slap_sl_calloc(%lu,%lu) out of range\n",
@@ -421,7 +427,7 @@ slap_sl_realloc(void *ptr, ber_len_t size, void *ctx)
 	void *newptr;
 
 	if (ptr == NULL)
-		return slap_sl_malloc(size, ctx);
+		return slap_sl_malloc_inner(size, ctx);
 
 	/* Not our memory? */
 	if (No_sl_malloc || !sh || ptr < sh->sh_base || ptr >= sh->sh_end) {
@@ -468,7 +474,7 @@ slap_sl_realloc(void *ptr, ber_len_t size, void *ctx)
 		/* Nowhere to grow, need to alloc and copy */
 		} else {
 			/* Slight optimization of the final realloc variant */
-			newptr = slap_sl_malloc(size-sizeof(ber_len_t), ctx);
+			newptr = slap_sl_malloc_inner(size-sizeof(ber_len_t), ctx);
 			AC_MEMCPY(newptr, ptr, oldsize-sizeof(ber_len_t));
 			/* Not last block, can just mark old region as free */
 			nextp[-1] = oldsize;
@@ -483,7 +489,7 @@ slap_sl_realloc(void *ptr, ber_len_t size, void *ctx)
 		oldsize = size;
 	}
 
-	newptr = slap_sl_malloc(size, ctx);
+	newptr = slap_sl_malloc_inner(size, ctx);
 	AC_MEMCPY(newptr, ptr, oldsize);
 	slap_sl_free(ptr, ctx);
 	return newptr;
-- 
2.36.1