From: Pierangelo Masarati Date: Tue, 4 Oct 2005 21:34:30 +0000 (+0000) Subject: plug potential ld_error leak (ITS#4064) X-Git-Tag: OPENLDAP_REL_ENG_2_2_29~1 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=f7ffef19eacb3c6433e187191a02ab2aa7c086c6;p=thirdparty%2Fopenldap.git plug potential ld_error leak (ITS#4064) --- diff --git a/CHANGES b/CHANGES index c2c244ecb9..d8dbb45f60 100644 --- a/CHANGES +++ b/CHANGES @@ -8,7 +8,7 @@ OpenLDAP 2.2.29 Engineering Fixed back-hdb slapcat EntryInfo cache growth (ITS#4010) Fixed back-sql missing space in delete statement (ITS#4061) Fixed liblber sb_dgram_read length (ITS#4046) - Fixed libldap memory leaks (ITS#4048, 4052, 4053) + Fixed libldap memory leaks (ITS#4048, 4052, 4053, 4064) OpenLDAP 2.2.28 Release Fixed slapd ACL logging diff --git a/libraries/libldap/cyrus.c b/libraries/libldap/cyrus.c index bbc4dfd076..503df4308d 100644 --- a/libraries/libldap/cyrus.c +++ b/libraries/libldap/cyrus.c @@ -698,6 +698,9 @@ ldap_int_sasl_bind( if ( (saslrc != SASL_OK) && (saslrc != SASL_CONTINUE) ) { rc = ld->ld_errno = sasl_err2ldap( saslrc ); #if SASL_VERSION_MAJOR >= 2 + if (ld->ld_error ) { + LDAP_FREE( ld->ld_error ); + } ld->ld_error = LDAP_STRDUP( sasl_errdetail( ctx ) ); #endif goto done; @@ -790,6 +793,9 @@ ldap_int_sasl_bind( if ( (saslrc != SASL_OK) && (saslrc != SASL_CONTINUE) ) { ld->ld_errno = sasl_err2ldap( saslrc ); #if SASL_VERSION_MAJOR >= 2 + if (ld->ld_error ) { + LDAP_FREE( ld->ld_error ); + } ld->ld_error = LDAP_STRDUP( sasl_errdetail( ctx ) ); #endif rc = ld->ld_errno; @@ -801,6 +807,9 @@ ldap_int_sasl_bind( if ( saslrc != SASL_OK ) { #if SASL_VERSION_MAJOR >= 2 + if (ld->ld_error ) { + LDAP_FREE( ld->ld_error ); + } ld->ld_error = LDAP_STRDUP( sasl_errdetail( ctx ) ); #endif rc = ld->ld_errno = sasl_err2ldap( saslrc ); diff --git a/libraries/libldap/tls.c b/libraries/libldap/tls.c index 7ce53b68e7..6c49b2a790 100644 --- a/libraries/libldap/tls.c +++ b/libraries/libldap/tls.c @@ -781,6 +781,10 @@ ldap_int_tls_connect( LDAP *ld, LDAPConn *conn ) if ((err = ERR_peek_error())) { char buf[256]; + + if (ld->ld_error ) { + LDAP_FREE( ld->ld_error ); + } ld->ld_error = LDAP_STRDUP(ERR_error_string(err, buf)); #ifdef HAVE_EBCDIC if ( ld->ld_error ) __etoa(ld->ld_error); @@ -1068,7 +1072,10 @@ ldap_pvt_tls_check_hostname( LDAP *ld, void *s, const char *name_in ) "TLS: unable to get common name from peer certificate.\n", 0, 0, 0 ); #endif - ret = LDAP_CONNECT_ERROR; + ret = LDAP_CONNECT_ERROR; + if (ld->ld_error ) { + LDAP_FREE( ld->ld_error ); + } ld->ld_error = LDAP_STRDUP( _("TLS: unable to get CN from peer certificate")); @@ -1094,17 +1101,20 @@ ldap_pvt_tls_check_hostname( LDAP *ld, void *s, const char *name_in ) if( ret == LDAP_LOCAL_ERROR ) { #ifdef NEW_LOGGING - LDAP_LOG ( TRANSPORT, ERR, "ldap_pvt_tls_check_hostname: " - "TLS hostname (%s) does not match " - "common name in certificate (%s).\n", name, buf, 0 ); + LDAP_LOG ( TRANSPORT, ERR, "ldap_pvt_tls_check_hostname: " + "TLS hostname (%s) does not match " + "common name in certificate (%s).\n", name, buf, 0 ); #else - Debug( LDAP_DEBUG_ANY, "TLS: hostname (%s) does not match " - "common name in certificate (%s).\n", - name, buf, 0 ); + Debug( LDAP_DEBUG_ANY, "TLS: hostname (%s) does not match " + "common name in certificate (%s).\n", + name, buf, 0 ); #endif - ret = LDAP_CONNECT_ERROR; - ld->ld_error = LDAP_STRDUP( - _("TLS: hostname does not match CN in peer certificate")); + ret = LDAP_CONNECT_ERROR; + if (ld->ld_error ) { + LDAP_FREE( ld->ld_error ); + } + ld->ld_error = LDAP_STRDUP( + _("TLS: hostname does not match CN in peer certificate")); } } X509_free(x);