From 385aebc806d220540252126e40a9f436a40d0865 Mon Sep 17 00:00:00 2001
From: Pierangelo Masarati <ando@openldap.org>
Date: Tue, 4 Oct 2005 21:30:30 +0000
Subject: [PATCH] plug potential ld_error leak (ITS#4064)

---
 libraries/libldap/cyrus.c |  9 +++++++++
 libraries/libldap/tls.c   | 24 +++++++++++++++++-------
 2 files changed, 26 insertions(+), 7 deletions(-)

diff --git a/libraries/libldap/cyrus.c b/libraries/libldap/cyrus.c
index 5d2d74103c..99893b285d 100644
--- a/libraries/libldap/cyrus.c
+++ b/libraries/libldap/cyrus.c
@@ -689,6 +689,9 @@ ldap_int_sasl_bind(
 	if ( (saslrc != SASL_OK) && (saslrc != SASL_CONTINUE) ) {
 		rc = ld->ld_errno = sasl_err2ldap( saslrc );
 #if SASL_VERSION_MAJOR >= 2
+		if ( ld->ld_error ) {
+			LDAP_FREE( ld->ld_error );
+		}
 		ld->ld_error = LDAP_STRDUP( sasl_errdetail( ctx ) );
 #endif
 		goto done;
@@ -764,6 +767,9 @@ ldap_int_sasl_bind(
 		if ( (saslrc != SASL_OK) && (saslrc != SASL_CONTINUE) ) {
 			ld->ld_errno = sasl_err2ldap( saslrc );
 #if SASL_VERSION_MAJOR >= 2
+			if ( ld->ld_error ) {
+				LDAP_FREE( ld->ld_error );
+			}
 			ld->ld_error = LDAP_STRDUP( sasl_errdetail( ctx ) );
 #endif
 			rc = ld->ld_errno;
@@ -775,6 +781,9 @@ ldap_int_sasl_bind(
 
 	if ( saslrc != SASL_OK ) {
 #if SASL_VERSION_MAJOR >= 2
+		if ( ld->ld_error ) {
+			LDAP_FREE( ld->ld_error );
+		}
 		ld->ld_error = LDAP_STRDUP( sasl_errdetail( ctx ) );
 #endif
 		rc = ld->ld_errno = sasl_err2ldap( saslrc );
diff --git a/libraries/libldap/tls.c b/libraries/libldap/tls.c
index 5e43f8aeb6..71a5e33d20 100644
--- a/libraries/libldap/tls.c
+++ b/libraries/libldap/tls.c
@@ -753,6 +753,10 @@ ldap_int_tls_connect( LDAP *ld, LDAPConn *conn )
 
 		if ((err = ERR_peek_error())) {
 			char buf[256];
+
+			if ( ld->ld_error ) {
+				LDAP_FREE( ld->ld_error );
+			}
 			ld->ld_error = LDAP_STRDUP(ERR_error_string(err, buf));
 #ifdef HAVE_EBCDIC
 			if ( ld->ld_error ) __etoa(ld->ld_error);
@@ -1036,7 +1040,10 @@ ldap_pvt_tls_check_hostname( LDAP *ld, void *s, const char *name_in )
 			Debug( LDAP_DEBUG_ANY,
 				"TLS: unable to get common name from peer certificate.\n",
 				0, 0, 0 );
-       		ret = LDAP_CONNECT_ERROR;
+			ret = LDAP_CONNECT_ERROR;
+			if ( ld->ld_error ) {
+				LDAP_FREE( ld->ld_error );
+			}
 			ld->ld_error = LDAP_STRDUP(
 				_("TLS: unable to get CN from peer certificate"));
 
@@ -1061,12 +1068,15 @@ ldap_pvt_tls_check_hostname( LDAP *ld, void *s, const char *name_in )
 		}
 
 		if( ret == LDAP_LOCAL_ERROR ) {
-       		 Debug( LDAP_DEBUG_ANY, "TLS: hostname (%s) does not match "
-       			 "common name in certificate (%s).\n", 
-       			 name, buf, 0 );
-       		 ret = LDAP_CONNECT_ERROR;
-       		 ld->ld_error = LDAP_STRDUP(
-       		  	 _("TLS: hostname does not match CN in peer certificate"));
+			Debug( LDAP_DEBUG_ANY, "TLS: hostname (%s) does not match "
+				"common name in certificate (%s).\n", 
+				name, buf, 0 );
+			ret = LDAP_CONNECT_ERROR;
+			if ( ld->ld_error ) {
+				LDAP_FREE( ld->ld_error );
+			}
+			ld->ld_error = LDAP_STRDUP(
+				_("TLS: hostname does not match CN in peer certificate"));
 		}
 	}
 	X509_free(x);
-- 
2.39.5