From 15d737badbe2b1eea924434f26bbbc9413c3d9c2 Mon Sep 17 00:00:00 2001
From: Pierangelo Masarati <ando@openldap.org>
Date: Sun, 29 Aug 2010 00:35:49 +0000
Subject: [PATCH] fix potential leak introduced by fix to ITS#6574

---
 servers/slapd/back-meta/bind.c | 13 ++++++++-----
 servers/slapd/back-meta/conn.c |  8 +++++---
 2 files changed, 13 insertions(+), 8 deletions(-)

diff --git a/servers/slapd/back-meta/bind.c b/servers/slapd/back-meta/bind.c
index 8b7b7d4b62..221a4f963b 100644
--- a/servers/slapd/back-meta/bind.c
+++ b/servers/slapd/back-meta/bind.c
@@ -627,14 +627,17 @@ meta_back_single_dobind(
 		rs->sr_err = meta_back_bind_op_result( op, rs, mc, candidate, msgid, sendok );
 
 		/* if bind succeeded, but anonymous, clear msc_bound_ndn */
-		if ( rs->sr_err == LDAP_SUCCESS ) {
-			if ( binddn[0] == '\0' &&
-				!BER_BVISNULL( &msc->msc_bound_ndn ) && 
-				!BER_BVISEMPTY( &msc->msc_bound_ndn ) )
-			{
+		if ( rs->sr_err != LDAP_SUCCESS || binddn[0] == '\0' ) {
+			if ( !BER_BVISNULL( &msc->msc_bound_ndn ) ) {
 				ber_memfree( msc->msc_bound_ndn.bv_val );
 				BER_BVZERO( &msc->msc_bound_ndn );
 			}
+
+			if ( !BER_BVISNULL( &msc->msc_cred ) ) {
+				memset( msc->msc_cred.bv_val, 0, msc->msc_cred.bv_len );
+				ber_memfree( msc->msc_cred.bv_val );
+				BER_BVZERO( &msc->msc_cred );
+			}
 		}
 	}
 
diff --git a/servers/slapd/back-meta/conn.c b/servers/slapd/back-meta/conn.c
index c8fe33ae1c..43511baf85 100644
--- a/servers/slapd/back-meta/conn.c
+++ b/servers/slapd/back-meta/conn.c
@@ -720,15 +720,17 @@ meta_back_retry(
 		rc = meta_back_init_one_conn( op, rs, mc, candidate,
 			LDAP_BACK_CONN_ISPRIV( mc ), sendok, 0 );
 
-		/* restore credentials, if any;
+		/* restore credentials, if any and if needed;
 		 * meta_back_init_one_conn() restores msc_bound_ndn, if any;
 		 * if no msc_bound_ndn is restored, destroy credentials */
-		if ( !BER_BVISNULL( &msc->msc_bound_ndn ) ) {
+		if ( !BER_BVISNULL( &msc->msc_bound_ndn )
+			&& BER_BVISNULL( &msc->msc_cred ) )
+		{
 			msc->msc_cred = save_cred;
 
 		} else if ( !BER_BVISNULL( &save_cred ) ) {
 			memset( save_cred.bv_val, 0, save_cred.bv_len );
-			ber_memfree( save_cred.bv_val );
+			ber_memfree_x( save_cred.bv_val, NULL );
 		}
 
 		/* restore the "binding" flag, in case */
-- 
2.39.5