From 4064e3c15d590c5567687adc09479556a0aefc0a Mon Sep 17 00:00:00 2001 From: Hallvard Furuseth Date: Mon, 31 Jan 2011 05:30:05 +0000 Subject: [PATCH] Re-fix ITS#6793 (back-ldap bad free of matchedDN). Previous fix opened for a ITS#6758-style double free if the caller was broken. Using REP_MATCHED_MUSTBEFREED is more robust. --- servers/slapd/back-ldap/search.c | 19 ++++++++----------- 1 file changed, 8 insertions(+), 11 deletions(-) diff --git a/servers/slapd/back-ldap/search.c b/servers/slapd/back-ldap/search.c index 1042c1b37b..f5c9d30e7b 100644 --- a/servers/slapd/back-ldap/search.c +++ b/servers/slapd/back-ldap/search.c @@ -147,7 +147,6 @@ ldap_back_search( int do_retry = 1, dont_retry = 0; LDAPControl **ctrls = NULL; char **references = NULL; - void *matchctx = NULL; rs_assert_ready( rs ); rs->sr_flags &= ~REP_ENTRY_MASK; /* paranoia, we can set rs = non-entry */ @@ -569,12 +568,15 @@ retry: if ( !BER_BVISNULL( &match ) && !BER_BVISEMPTY( &match ) ) { struct berval pmatch; - if ( dnPretty( NULL, &match, &pmatch, op->o_tmpmemctx ) == LDAP_SUCCESS ) { - ber_memfree( match.bv_val ); - matchctx = op->o_tmpmemctx; - match.bv_val = pmatch.bv_val; + if ( dnPretty( NULL, &match, &pmatch, op->o_tmpmemctx ) != LDAP_SUCCESS ) { + pmatch.bv_val = match.bv_val; + match.bv_val = NULL; } - rs->sr_matched = match.bv_val; + rs->sr_matched = pmatch.bv_val; + rs->sr_flags |= REP_MATCHED_MUSTBEFREED; + } + if ( !BER_BVISNULL( &match ) ) { + ber_memfree( match.bv_val ); } if ( rs->sr_v2ref ) { @@ -605,11 +607,6 @@ finish:; rs->sr_ctrls = NULL; } - if ( match.bv_val ) { - ber_memfree_x( match.bv_val, matchctx ); - } - rs->sr_matched = NULL; - if ( rs->sr_text ) { if ( freetext ) { ber_memfree( (char *)rs->sr_text ); -- 2.39.5