fix potential leak introduced by fix to ITS#6574

author Pierangelo Masarati <ando@openldap.org>

Sun, 29 Aug 2010 00:35:49 +0000 (00:35 +0000)

committer Pierangelo Masarati <ando@openldap.org>

Sun, 29 Aug 2010 00:35:49 +0000 (00:35 +0000)
author Pierangelo Masarati <ando@openldap.org>
Sun, 29 Aug 2010 00:35:49 +0000 (00:35 +0000)
committer Pierangelo Masarati <ando@openldap.org>
Sun, 29 Aug 2010 00:35:49 +0000 (00:35 +0000)
diff --git a/servers/slapd/back-meta/bind.c b/servers/slapd/back-meta/bind.c

index 8b7b7d4b62c3b44f456bdaa2308b7a9c9b97b56f..221a4f963b545c08035de02a8581ffdfdf814b3e 100644 (file)
--- a/servers/slapd/back-meta/bind.c
+++ b/servers/slapd/back-meta/bind.c
@@ -627,14 +627,17 @@ meta_back_single_dobind(
                 rs->sr_err = meta_back_bind_op_result( op, rs, mc, candidate, msgid, sendok );
  
                 /* if bind succeeded, but anonymous, clear msc_bound_ndn */
-               if ( rs->sr_err == LDAP_SUCCESS ) {
-                       if ( binddn[0] == '\0' &&
-                               !BER_BVISNULL( &msc->msc_bound_ndn ) && 
-                               !BER_BVISEMPTY( &msc->msc_bound_ndn ) )
-                       {
+               if ( rs->sr_err != LDAP_SUCCESS || binddn[0] == '\0' ) {
+                       if ( !BER_BVISNULL( &msc->msc_bound_ndn ) ) {
                                 ber_memfree( msc->msc_bound_ndn.bv_val );
                                 BER_BVZERO( &msc->msc_bound_ndn );
                         }
+
+                       if ( !BER_BVISNULL( &msc->msc_cred ) ) {
+                               memset( msc->msc_cred.bv_val, 0, msc->msc_cred.bv_len );
+                               ber_memfree( msc->msc_cred.bv_val );
+                               BER_BVZERO( &msc->msc_cred );
+                       }
                 }
         }
  
diff --git a/servers/slapd/back-meta/conn.c b/servers/slapd/back-meta/conn.c

index c8fe33ae1c2927b31113d3b49b46f5ff61191336..43511baf852166ac9b960acb7abdac6fb5b956a4 100644 (file)
--- a/servers/slapd/back-meta/conn.c
+++ b/servers/slapd/back-meta/conn.c
@@ -720,15 +720,17 @@ meta_back_retry(
                 rc = meta_back_init_one_conn( op, rs, mc, candidate,
                         LDAP_BACK_CONN_ISPRIV( mc ), sendok, 0 );
  
-               /* restore credentials, if any;
+               /* restore credentials, if any and if needed;
                  * meta_back_init_one_conn() restores msc_bound_ndn, if any;
                  * if no msc_bound_ndn is restored, destroy credentials */
-               if ( !BER_BVISNULL( &msc->msc_bound_ndn ) ) {
+               if ( !BER_BVISNULL( &msc->msc_bound_ndn )
+                       && BER_BVISNULL( &msc->msc_cred ) )
+               {
                         msc->msc_cred = save_cred;
  
                 } else if ( !BER_BVISNULL( &save_cred ) ) {
                         memset( save_cred.bv_val, 0, save_cred.bv_len );
-                       ber_memfree( save_cred.bv_val );
+                       ber_memfree_x( save_cred.bv_val, NULL );
                 }
  
                 /* restore the "binding" flag, in case */
author	Pierangelo Masarati <ando@openldap.org>
	Sun, 29 Aug 2010 00:35:49 +0000 (00:35 +0000)
committer	Pierangelo Masarati <ando@openldap.org>
	Sun, 29 Aug 2010 00:35:49 +0000 (00:35 +0000)
servers/slapd/back-meta/bind.c		patch \| blob \| history
servers/slapd/back-meta/conn.c		patch \| blob \| history