ext_kerberos_ldap_group_acl: avoid freeing getenv() pointer (#2190)

author Joshua Rogers <MegaManSec@users.noreply.github.com>

Mon, 8 Sep 2025 19:20:03 +0000 (19:20 +0000)

committer Squid Anubis <squid-anubis@squid-cache.org>

Mon, 8 Sep 2025 19:20:11 +0000 (19:20 +0000)
author Joshua Rogers <MegaManSec@users.noreply.github.com>
Mon, 8 Sep 2025 19:20:03 +0000 (19:20 +0000)
committer Squid Anubis <squid-anubis@squid-cache.org>
Mon, 8 Sep 2025 19:20:11 +0000 (19:20 +0000)
diff --git a/src/acl/external/kerberos_ldap_group/support_ldap.cc b/src/acl/external/kerberos_ldap_group/support_ldap.cc

index 94787497b5056e1126f5785b034e14d112a9d9b6..97fb6863d663d3688e6f7655ff4deac737e7c7dc 100644 (file)
--- a/src/acl/external/kerberos_ldap_group/support_ldap.cc
+++ b/src/acl/external/kerberos_ldap_group/support_ldap.cc
@@ -617,10 +617,9 @@ ldap_set_ssl_defaults(struct main_args *margs)
       * rc = ldapssl_client_init( ssl_certdbpath, nullptr);
       * rc = ldapssl_advclientauth_init( ssl_certdbpath, nullptr, 0 , nullptr, nullptr, 0, nullptr, 2);
       */
-    ssl_certdbpath = getenv("SSL_CERTDBPATH");
-    if (!ssl_certdbpath) {
-        ssl_certdbpath = xstrdup("/etc/certs");
-    }
+    const auto envp = getenv("SSL_CERTDBPATH");
+    ssl_certdbpath = xstrdup(envp ? envp : "/etc/certs");
+
      debug((char *)
            "%s| %s: DEBUG: Set certificate database path for ldap server to %s. (Changeable through setting environment variable SSL_CERTDBPATH)\n",
            LogTime(), PROGRAM, ssl_certdbpath);
author	Joshua Rogers <MegaManSec@users.noreply.github.com>
	Mon, 8 Sep 2025 19:20:03 +0000 (19:20 +0000)
committer	Squid Anubis <squid-anubis@squid-cache.org>
	Mon, 8 Sep 2025 19:20:11 +0000 (19:20 +0000)