From 3866da50f5a52fc4d2bb1d14078f5a83a540e07d Mon Sep 17 00:00:00 2001
From: Hallvard Furuseth <hallvard@openldap.org>
Date: Mon, 17 Jan 2011 10:55:41 +0000
Subject: [PATCH] ITS#6793 Fix back-ldap bad free on matchedDN change

---
 servers/slapd/back-ldap/search.c | 22 +++++++---------------
 1 file changed, 7 insertions(+), 15 deletions(-)

diff --git a/servers/slapd/back-ldap/search.c b/servers/slapd/back-ldap/search.c
index 16a4a15319..ff8f019cbf 100644
--- a/servers/slapd/back-ldap/search.c
+++ b/servers/slapd/back-ldap/search.c
@@ -169,9 +169,7 @@ ldap_back_search(
 	int		do_retry = 1, dont_retry = 0;
 	LDAPControl	**ctrls = NULL;
 	char		**references = NULL;
-
-	/* FIXME: shouldn't this be null? */
-	const char	*save_matched = rs->sr_matched;
+	void		*matchctx = NULL;
 
 	rs_assert_ready( rs );
 	rs->sr_flags &= ~REP_ENTRY_MASK; /* paranoia, we can set rs = non-entry */
@@ -579,12 +577,11 @@ retry:
 		struct berval	pmatch;
 
 		if ( dnPretty( NULL, &match, &pmatch, op->o_tmpmemctx ) == LDAP_SUCCESS ) {
-			rs->sr_matched = pmatch.bv_val;
 			ber_memfree( match.bv_val );
-
-		} else {
-			rs->sr_matched = match.bv_val;
+			matchctx = op->o_tmpmemctx;
+			match.bv_val = pmatch.bv_val;
 		}
+		rs->sr_matched = match.bv_val;
 	}
 
 	if ( rs->sr_v2ref ) {
@@ -615,15 +612,10 @@ finish:;
 		rs->sr_ctrls = NULL;
 	}
 
-	if ( rs->sr_matched != NULL && rs->sr_matched != save_matched ) {
-		if ( rs->sr_matched != match.bv_val ) {
-			ber_memfree_x( (char *)rs->sr_matched, op->o_tmpmemctx );
-
-		} else {
-			ber_memfree( match.bv_val );
-		}
-		rs->sr_matched = save_matched;
+	if ( match.bv_val ) {
+		ber_memfree_x( match.bv_val, matchctx );
 	}
+	rs->sr_matched = NULL;
 
 	if ( rs->sr_text ) {
 		if ( freetext ) {
-- 
2.39.5