* modules/ldap/util_ldap.c (uldap_connection_find): Fix inheritance in

  per-dir context.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1934932 13f79535-47bb-0310-9956-ffa450edef68

diff --git a/modules/ldap/util_ldap.c b/modules/ldap/util_ldap.c
index 1cfa10eee4841a91b4844cdb058be27e4ba401f2..00f9f91361a881746a583b32336af2cc10d63c11 100644 (file)
--- a/modules/ldap/util_ldap.c
+++ b/modules/ldap/util_ldap.c
@@ -927,8 +927,23 @@ static util_ldap_connection_t *
          */
         l->secure = secureflag;
 
-        /* save away a copy of the client cert list that is presently valid */
-        l->client_certs = apr_array_copy_hdr(l->pool, dc->client_certs);
+        /* Deep-copy the client cert list into the connection pool so that
+         * the cached connection does not retain pointers into the
+         * (potentially short-lived) per-directory config pool.
+         */
+        l->client_certs = apr_array_copy(l->pool, dc->client_certs);
+        if (!apr_is_empty_array(l->client_certs)) {
+            int i;
+            apr_ldap_opt_tls_cert_t *certs;
+
+            certs = (apr_ldap_opt_tls_cert_t *)l->client_certs->elts;
+            for (i = 0; i < l->client_certs->nelts; i++) {
+                if (certs[i].path)
+                    certs[i].path = apr_pstrdup(l->pool, certs[i].path);
+                if (certs[i].password)
+                    certs[i].password = apr_pstrdup(l->pool, certs[i].password);
+            }
+        }
 
         /* whether or not to keep this connection in the pool when it's returned */
         l->keep = (st->connection_pool_ttl == 0) ? 0 : 1;