From: Pierangelo Masarati Date: Tue, 4 Oct 2005 21:30:30 +0000 (+0000) Subject: plug potential ld_error leak (ITS#4064) X-Git-Tag: OPENLDAP_REL_ENG_2_2_MP~325 X-Git-Url: https://git.sur5r.net/?a=commitdiff_plain;h=385aebc806d220540252126e40a9f436a40d0865;p=openldap plug potential ld_error leak (ITS#4064) --- diff --git a/libraries/libldap/cyrus.c b/libraries/libldap/cyrus.c index 5d2d74103c..99893b285d 100644 --- a/libraries/libldap/cyrus.c +++ b/libraries/libldap/cyrus.c @@ -689,6 +689,9 @@ ldap_int_sasl_bind( if ( (saslrc != SASL_OK) && (saslrc != SASL_CONTINUE) ) { rc = ld->ld_errno = sasl_err2ldap( saslrc ); #if SASL_VERSION_MAJOR >= 2 + if ( ld->ld_error ) { + LDAP_FREE( ld->ld_error ); + } ld->ld_error = LDAP_STRDUP( sasl_errdetail( ctx ) ); #endif goto done; @@ -764,6 +767,9 @@ ldap_int_sasl_bind( if ( (saslrc != SASL_OK) && (saslrc != SASL_CONTINUE) ) { ld->ld_errno = sasl_err2ldap( saslrc ); #if SASL_VERSION_MAJOR >= 2 + if ( ld->ld_error ) { + LDAP_FREE( ld->ld_error ); + } ld->ld_error = LDAP_STRDUP( sasl_errdetail( ctx ) ); #endif rc = ld->ld_errno; @@ -775,6 +781,9 @@ ldap_int_sasl_bind( if ( saslrc != SASL_OK ) { #if SASL_VERSION_MAJOR >= 2 + if ( ld->ld_error ) { + LDAP_FREE( ld->ld_error ); + } ld->ld_error = LDAP_STRDUP( sasl_errdetail( ctx ) ); #endif rc = ld->ld_errno = sasl_err2ldap( saslrc ); diff --git a/libraries/libldap/tls.c b/libraries/libldap/tls.c index 5e43f8aeb6..71a5e33d20 100644 --- a/libraries/libldap/tls.c +++ b/libraries/libldap/tls.c @@ -753,6 +753,10 @@ ldap_int_tls_connect( LDAP *ld, LDAPConn *conn ) if ((err = ERR_peek_error())) { char buf[256]; + + if ( ld->ld_error ) { + LDAP_FREE( ld->ld_error ); + } ld->ld_error = LDAP_STRDUP(ERR_error_string(err, buf)); #ifdef HAVE_EBCDIC if ( ld->ld_error ) __etoa(ld->ld_error); @@ -1036,7 +1040,10 @@ ldap_pvt_tls_check_hostname( LDAP *ld, void *s, const char *name_in ) Debug( LDAP_DEBUG_ANY, "TLS: unable to get common name from peer certificate.\n", 0, 0, 0 ); - ret = LDAP_CONNECT_ERROR; + ret = LDAP_CONNECT_ERROR; + if ( ld->ld_error ) { + LDAP_FREE( ld->ld_error ); + } ld->ld_error = LDAP_STRDUP( _("TLS: unable to get CN from peer certificate")); @@ -1061,12 +1068,15 @@ ldap_pvt_tls_check_hostname( LDAP *ld, void *s, const char *name_in ) } if( ret == LDAP_LOCAL_ERROR ) { - Debug( LDAP_DEBUG_ANY, "TLS: hostname (%s) does not match " - "common name in certificate (%s).\n", - name, buf, 0 ); - ret = LDAP_CONNECT_ERROR; - ld->ld_error = LDAP_STRDUP( - _("TLS: hostname does not match CN in peer certificate")); + Debug( LDAP_DEBUG_ANY, "TLS: hostname (%s) does not match " + "common name in certificate (%s).\n", + name, buf, 0 ); + ret = LDAP_CONNECT_ERROR; + if ( ld->ld_error ) { + LDAP_FREE( ld->ld_error ); + } + ld->ld_error = LDAP_STRDUP( + _("TLS: hostname does not match CN in peer certificate")); } } X509_free(x);