fix leak in case of retry

[openldap] / servers / slapd / back-ldap / compare.c

diff --git a/servers/slapd/back-ldap/compare.c b/servers/slapd/back-ldap/compare.c
index f58a4e373151c492539b2e5985316b9c2a832160..1d667993a2a036c2d625ef606a84e40b685b2a47 100644 (file)
--- a/servers/slapd/back-ldap/compare.c
+++ b/servers/slapd/back-ldap/compare.c
@@ -38,18 +38,18 @@ ldap_back_compare(
 {
        ldapinfo_t              *li = (ldapinfo_t *)op->o_bd->be_private;
 
-       ldapconn_t              *lc;
+       ldapconn_t              *lc = NULL;
        ber_int_t               msgid;
        ldap_back_send_t        retrying = LDAP_BACK_RETRYING;
        LDAPControl             **ctrls = NULL;
        int                     rc = LDAP_SUCCESS;
 
-       lc = ldap_back_getconn( op, rs, LDAP_BACK_SENDERR );
-       if ( !lc || !ldap_back_dobind( lc, op, rs, LDAP_BACK_SENDERR ) ) {
+       if ( !ldap_back_dobind( &lc, op, rs, LDAP_BACK_SENDERR ) ) {
                lc = NULL;
                goto cleanup;
        }
 
+retry:
        ctrls = op->o_ctrls;
        rc = ldap_back_proxy_authz_ctrl( &lc->lc_bound_ndn,
                li->li_version, &li->li_idassert, op, rs, &ctrls );
@@ -58,7 +58,6 @@ ldap_back_compare(
                goto cleanup;
        }
 
-retry:
        rs->sr_err = ldap_compare_ext( lc->lc_ld, op->o_req_dn.bv_val,
                        op->orc_ava->aa_desc->ad_cname.bv_val,
                        &op->orc_ava->aa_value, 
@@ -69,6 +68,8 @@ retry:
        if ( rc == LDAP_UNAVAILABLE && retrying ) {
                retrying &= ~LDAP_BACK_RETRYING;
                if ( ldap_back_retry( &lc, op, rs, LDAP_BACK_SENDERR ) ) {
+                       /* if the identity changed, there might be need to re-authz */
+                       (void)ldap_back_proxy_authz_ctrl_free( op, &ctrls );
                        goto retry;
                }
        }