From 85c93922232300b0316546a2fc6dd93c7e2906cd Mon Sep 17 00:00:00 2001
From: Feng Guo <gardonkoo@163.com>
Date: Thu, 28 Nov 2024 21:32:37 +0800
Subject: [PATCH] Fix LDAP module leak on authentication error

In initialize_server(), unbind the server handle if authenticate()
fails.

[ghudson@mit.edu: rewrote commit message]

ticket: 9153 (new)
---
 src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap_conn.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap_conn.c b/src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap_conn.c
index 5e77d5e498..d19e2b7611 100644
--- a/src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap_conn.c
+++ b/src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap_conn.c
@@ -189,6 +189,7 @@ initialize_server(krb5_ldap_context *ldap_context, krb5_ldap_server_info *info)
     if (ret) {
         info->server_status = OFF;
         time(&info->downtime);
+        ldap_unbind_ext_s(server->ldap_handle, NULL, NULL);
         free(server);
         return ret;
     }
-- 
2.47.2