From: Feng Guo <gardonkoo@163.com>
Date: Thu, 28 Nov 2024 13:32:37 +0000 (+0800)
Subject: Fix LDAP module leak on authentication error
X-Git-Tag: krb5-1.22-beta1~47
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=85c93922232300b0316546a2fc6dd93c7e2906cd;p=thirdparty%2Fkrb5.git

Fix LDAP module leak on authentication error

In initialize_server(), unbind the server handle if authenticate()
fails.

[ghudson@mit.edu: rewrote commit message]

ticket: 9153 (new)
---

diff --git a/src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap_conn.c b/src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap_conn.c
index 5e77d5e498..d19e2b7611 100644
--- a/src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap_conn.c
+++ b/src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap_conn.c
@@ -189,6 +189,7 @@ initialize_server(krb5_ldap_context *ldap_context, krb5_ldap_server_info *info)
     if (ret) {
         info->server_status = OFF;
         time(&info->downtime);
+        ldap_unbind_ext_s(server->ldap_handle, NULL, NULL);
         free(server);
         return ret;
     }