Fix a SASL channel-binding leak

2025-03-13 14:27:59 +08:00 · 2019-03-21 09:49:20 +00:00 · 2019-03-21 09:49:20 +00:00 · 1328777a85
commit 1328777a85
parent 58d66a3946
3 changed files with 10 additions and 0 deletions
--- a/servers/lloadd/connection.c
+++ b/servers/lloadd/connection.c
@ -357,6 +357,11 @@ connection_destroy( LloadConnection *c )
        c->c_sasl_defaults = NULL;
    }
    if ( c->c_sasl_authctx ) {
+#ifdef SASL_CHANNEL_BINDING /* 2.1.25+ */
+        if ( c->c_sasl_cbinding ) {
+            ch_free( c->c_sasl_cbinding );
+        }
+#endif
        sasl_dispose( &c->c_sasl_authctx );
    }
 #endif /* HAVE_CYRUS_SASL */
--- a/servers/lloadd/lload.h
+++ b/servers/lloadd/lload.h
@ -340,6 +340,10 @@ struct LloadConnection {
 #ifdef HAVE_CYRUS_SASL
    sasl_conn_t *c_sasl_authctx;
    void *c_sasl_defaults;
+#ifdef SASL_CHANNEL_BINDING /* 2.1.25+ */
+    sasl_channel_binding_t *c_sasl_cbinding; /* Else cyrus-sasl would happily
+                                              * leak it on sasl_dispose */
+#endif /* SASL_CHANNEL_BINDING */
 #endif /* HAVE_CYRUS_SASL */

 #ifdef LDAP_API_FEATURE_VERIFY_CREDENTIALS
--- a/servers/lloadd/upstream.c
+++ b/servers/lloadd/upstream.c
@ -321,6 +321,7 @@ sasl_bind_step( LloadConnection *c, BerValue *scred, BerValue *ccred )
                    cb->data = cb_data = cb + 1;
                    memcpy( cb_data, cbv.bv_val, cbv.bv_len );
                    sasl_setprop( ctx, SASL_CHANNEL_BINDING, cb );
+                    c->c_sasl_cbinding = cb;
                }
            }
 #endif