From 9bf50242c3da92dbd48dcd147aa665bdac045859 Mon Sep 17 00:00:00 2001
From: Kurt Zeilenga <kurt@openldap.org>
Date: Fri, 27 Aug 1999 05:45:53 +0000
Subject: [PATCH] Plug ber leakage: result was leaking ber's in some error
 cases.  ber_flush now called with no freeing so that caller of
 send_ldap_ber() can free its own ber. c->c_currentber was also being leaked
 if connection was destory current when a PDU input was outstanding. Fixed
 ber_flush to free ber upon write only to file.

---
 libraries/liblber/io.c     | 2 ++
 servers/slapd/connection.c | 7 +++++++
 servers/slapd/result.c     | 8 +++++++-
 3 files changed, 16 insertions(+), 1 deletion(-)

diff --git a/libraries/liblber/io.c b/libraries/liblber/io.c
index 98c5d5d552..3e5c646a6f 100644
--- a/libraries/liblber/io.c
+++ b/libraries/liblber/io.c
@@ -240,6 +240,8 @@ ber_flush( Sockbuf *sb, BerElement *ber, int freeit )
 	if ( sb->sb_options & (LBER_TO_FILE | LBER_TO_FILE_ONLY) ) {
 		rc = write( sb->sb_fd, ber->ber_rwptr, towrite );
 		if ( sb->sb_options & LBER_TO_FILE_ONLY ) {
+			if ( freeit )
+				ber_free( ber, 1 );
 			return( (int)rc );
 		}
 	}
diff --git a/servers/slapd/connection.c b/servers/slapd/connection.c
index 4a23bb56bd..d83be471d8 100644
--- a/servers/slapd/connection.c
+++ b/servers/slapd/connection.c
@@ -370,6 +370,7 @@ long connection_init(
 #endif
 
         c->c_sb = ber_sockbuf_alloc( );
+		c->c_currentber = NULL;
 
         /* should check status of thread calls */
         ldap_pvt_thread_mutex_init( &c->c_mutex );
@@ -395,6 +396,7 @@ long connection_init(
 #ifdef HAVE_CYRUS_SASL
 	assert( c->c_sasl_context == NULL );
 #endif
+	assert( c->c_currentber == NULL );
 
 	c->c_listener_url = ch_strdup( url  );
 	c->c_peer_domain = ch_strdup( dnsname  );
@@ -502,6 +504,11 @@ connection_destroy( Connection *c )
 	}
 #endif
 
+	if ( c->c_currentber != NULL ) {
+		ber_free( c->c_currentber, 1 );
+		c->c_currentber = NULL;
+	}
+
 	if ( ber_pvt_sb_in_use(c->c_sb) ) {
 		int sd = ber_pvt_sb_get_desc(c->c_sb);
 
diff --git a/servers/slapd/result.c b/servers/slapd/result.c
index 9ec57f7626..7b1dc7cb8a 100644
--- a/servers/slapd/result.c
+++ b/servers/slapd/result.c
@@ -169,10 +169,11 @@ static long send_ldap_ber(
 		if ( connection_state_closing( conn ) ) {
 			ldap_pvt_thread_mutex_unlock( &conn->c_mutex );
 			ldap_pvt_thread_mutex_unlock( &conn->c_write_mutex );
+
 			return 0;
 		}
 
-		if ( ber_flush( conn->c_sb, ber, 1 ) == 0 ) {
+		if ( ber_flush( conn->c_sb, ber, 0 ) == 0 ) {
 			break;
 		}
 
@@ -193,6 +194,7 @@ static long send_ldap_ber(
 
 			ldap_pvt_thread_mutex_unlock( &conn->c_mutex );
 			ldap_pvt_thread_mutex_unlock( &conn->c_write_mutex );
+
 			return( -1 );
 		}
 
@@ -273,11 +275,13 @@ send_ldap_response(
 
 	if ( rc == -1 ) {
 		Debug( LDAP_DEBUG_ANY, "ber_printf failed\n", 0, 0, 0 );
+		ber_free( ber, 1 );
 		return;
 	}
 
 	/* send BER */
 	bytes = send_ldap_ber( conn, ber );
+	ber_free( ber, 1 );
 
 	if ( bytes < 0 ) {
 		Debug( LDAP_DEBUG_ANY,
@@ -702,6 +706,7 @@ send_search_entry(
 	}
 
 	bytes = send_ldap_ber( conn, ber );
+	ber_free( ber, 1 );
 
 	if ( bytes < 0 ) {
 		Debug( LDAP_DEBUG_ANY,
@@ -801,6 +806,7 @@ send_search_reference(
 	}
 
 	bytes = send_ldap_ber( conn, ber );
+	ber_free( ber, 1 );
 
 	ldap_pvt_thread_mutex_lock( &num_sent_mutex );
 	num_bytes_sent += bytes;
-- 
2.39.5