auth: Fix LDAP user iteration to not access already freed memory

db_ldap_request_free() was called on already freed request. Changed to use
auth_request's pool to fix this, since the request is correctly referenced.

diff --git a/src/auth/userdb-ldap.c b/src/auth/userdb-ldap.c
index fb0f4f9a769f1312eac973d7166d8a48b1ffacc8..31b44782a8140cf9e8a84238965aa0d85e6da98c 100644 (file)
--- a/src/auth/userdb-ldap.c
+++ b/src/auth/userdb-ldap.c
@@ -208,7 +208,7 @@ userdb_ldap_iterate_init(struct auth_request *auth_request,
        const char *error;
        string_t *str;
 
-       ctx = i_new(struct ldap_userdb_iterate_context, 1);
+       ctx = p_new(auth_request->pool, struct ldap_userdb_iterate_context, 1);
        ctx->ctx.auth_request = auth_request;
        ctx->ctx.callback = callback;
        ctx->ctx.context = context;
@@ -268,7 +268,6 @@ static int userdb_ldap_iterate_deinit(struct userdb_iterate_context *_ctx)
 
        db_ldap_enable_input(ctx->conn, TRUE);
        auth_request_unref(&ctx->request.request.request.auth_request);
-       i_free(ctx);
        return ret;
 }