From: Timo Sirainen <timo.sirainen@dovecot.fi>
Date: Tue, 26 Jun 2018 20:50:03 +0000 (+0300)
Subject: auth: Fix LDAP user iteration to not access already freed memory
X-Git-Tag: 2.3.9~1664
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=90bd9600a0e38e55c02c6266c1270fdd4138c07d;p=thirdparty%2Fdovecot%2Fcore.git

auth: Fix LDAP user iteration to not access already freed memory

db_ldap_request_free() was called on already freed request. Changed to use
auth_request's pool to fix this, since the request is correctly referenced.
---

diff --git a/src/auth/userdb-ldap.c b/src/auth/userdb-ldap.c
index fb0f4f9a76..31b44782a8 100644
--- a/src/auth/userdb-ldap.c
+++ b/src/auth/userdb-ldap.c
@@ -208,7 +208,7 @@ userdb_ldap_iterate_init(struct auth_request *auth_request,
 	const char *error;
 	string_t *str;
 
-	ctx = i_new(struct ldap_userdb_iterate_context, 1);
+	ctx = p_new(auth_request->pool, struct ldap_userdb_iterate_context, 1);
 	ctx->ctx.auth_request = auth_request;
 	ctx->ctx.callback = callback;
 	ctx->ctx.context = context;
@@ -268,7 +268,6 @@ static int userdb_ldap_iterate_deinit(struct userdb_iterate_context *_ctx)
 
 	db_ldap_enable_input(ctx->conn, TRUE);
 	auth_request_unref(&ctx->request.request.request.auth_request);
-	i_free(ctx);
 	return ret;
 }