Fix a SASL channel-binding leak

diff --git a/servers/lloadd/connection.c b/servers/lloadd/connection.c
index b1bbff86f36d3c28f664538aadbb879d95972c12..0192019f0536c831a4484457a71b9d5c5b8091b4 100644 (file)
--- a/servers/lloadd/connection.c
+++ b/servers/lloadd/connection.c
@@ -357,6 +357,11 @@ connection_destroy( LloadConnection *c )
         c->c_sasl_defaults = NULL;
     }
     if ( c->c_sasl_authctx ) {
+#ifdef SASL_CHANNEL_BINDING /* 2.1.25+ */
+        if ( c->c_sasl_cbinding ) {
+            ch_free( c->c_sasl_cbinding );
+        }
+#endif
         sasl_dispose( &c->c_sasl_authctx );
     }
 #endif /* HAVE_CYRUS_SASL */

diff --git a/servers/lloadd/lload.h b/servers/lloadd/lload.h
index 8c58e3dfb0d4d1cca4e15e3d702c15cfb74ca9ac..d27b6504511b271be2d995a7fd467b641bcef509 100644 (file)
--- a/servers/lloadd/lload.h
+++ b/servers/lloadd/lload.h
@@ -340,6 +340,10 @@ struct LloadConnection {
 #ifdef HAVE_CYRUS_SASL
     sasl_conn_t *c_sasl_authctx;
     void *c_sasl_defaults;
+#ifdef SASL_CHANNEL_BINDING /* 2.1.25+ */
+    sasl_channel_binding_t *c_sasl_cbinding; /* Else cyrus-sasl would happily
+                                              * leak it on sasl_dispose */
+#endif /* SASL_CHANNEL_BINDING */
 #endif /* HAVE_CYRUS_SASL */
 
 #ifdef LDAP_API_FEATURE_VERIFY_CREDENTIALS

diff --git a/servers/lloadd/upstream.c b/servers/lloadd/upstream.c
index 458af0c1e4331343bf45ae69cb612b373b13c15f..a9d7f154fefee248451e9f26b4f18a848190903c 100644 (file)
--- a/servers/lloadd/upstream.c
+++ b/servers/lloadd/upstream.c
@@ -321,6 +321,7 @@ sasl_bind_step( LloadConnection *c, BerValue *scred, BerValue *ccred )
                     cb->data = cb_data = cb + 1;
                     memcpy( cb_data, cbv.bv_val, cbv.bv_len );
                     sasl_setprop( ctx, SASL_CHANNEL_BINDING, cb );
+                    c->c_sasl_cbinding = cb;
                 }
             }
 #endif