ITS#8866 Fix use-after free

diff --git a/servers/slapd/overlays/unique.c b/servers/slapd/overlays/unique.c
index 8cc652daa85f0e99f5059362441fc574b606e892..ccd4fa84bbe8114a4e88fcfd6fdf319f88a51ecd 100644 (file)
--- a/servers/slapd/overlays/unique.c
+++ b/servers/slapd/overlays/unique.c
@@ -1000,27 +1000,29 @@ unique_search(
        nop->o_bd = on->on_info->oi_origdb;
        rc = nop->o_bd->be_search(nop, &nrs);
        filter_free_x(nop, nop->ors_filter, 1);
-       op->o_tmpfree( key->bv_val, op->o_tmpmemctx );
 
        if(rc != LDAP_SUCCESS && rc != LDAP_NO_SUCH_OBJECT) {
                op->o_bd->bd_info = (BackendInfo *) on->on_info;
                send_ldap_error(op, rs, rc, "unique_search failed");
-               return(rs->sr_err);
-       }
-
-       Debug(LDAP_DEBUG_TRACE, "=> unique_search found %d records\n", uq.count, 0, 0);
+               rc = rs->sr_err;
+       } else if(uq.count) {
+               Debug(LDAP_DEBUG_TRACE, "=> unique_search found %d records\n", uq.count, 0, 0);
 
-       if(uq.count) {
                errmsgsize = sizeof("non-unique attributes found with ") + key->bv_len;
                errmsg = op->o_tmpalloc(errmsgsize, op->o_tmpmemctx);
                snprintf( errmsg, errmsgsize, "non-unique attributes found with %s", key->bv_val );
                op->o_bd->bd_info = (BackendInfo *) on->on_info;
                send_ldap_error(op, rs, LDAP_CONSTRAINT_VIOLATION, errmsg);
                op->o_tmpfree(errmsg, op->o_tmpmemctx);
-               return(rs->sr_err);
+               rc = rs->sr_err;
+       } else {
+               Debug(LDAP_DEBUG_TRACE, "=> unique_search found no records\n", 0, 0, 0);
+               rc = SLAP_CB_CONTINUE;
        }
 
-       return(SLAP_CB_CONTINUE);
+       op->o_tmpfree( key->bv_val, op->o_tmpmemctx );
+
+       return(rc);
 }
 
 static int