fix potential leak introduced by fix to ITS#6574

2024-12-21 03:10:25 +08:00 · 2010-08-29 00:35:49 +00:00 · 2010-08-29 00:35:49 +00:00 · 15d737badb
commit 15d737badb
parent 2b3b07da46
2 changed files with 13 additions and 8 deletions
--- a/servers/slapd/back-meta/bind.c
+++ b/servers/slapd/back-meta/bind.c
@ -627,14 +627,17 @@ meta_back_single_dobind(
 		rs->sr_err = meta_back_bind_op_result( op, rs, mc, candidate, msgid, sendok );

 		/* if bind succeeded, but anonymous, clear msc_bound_ndn */
-		if ( rs->sr_err == LDAP_SUCCESS ) {
-			if ( binddn[0] == '\0' &&
-				!BER_BVISNULL( &msc->msc_bound_ndn ) && 
-				!BER_BVISEMPTY( &msc->msc_bound_ndn ) )
-			{
+		if ( rs->sr_err != LDAP_SUCCESS || binddn[0] == '\0' ) {
+			if ( !BER_BVISNULL( &msc->msc_bound_ndn ) ) {
 				ber_memfree( msc->msc_bound_ndn.bv_val );
 				BER_BVZERO( &msc->msc_bound_ndn );
 			}
+
+			if ( !BER_BVISNULL( &msc->msc_cred ) ) {
+				memset( msc->msc_cred.bv_val, 0, msc->msc_cred.bv_len );
+				ber_memfree( msc->msc_cred.bv_val );
+				BER_BVZERO( &msc->msc_cred );
+			}
 		}
 	}

--- a/servers/slapd/back-meta/conn.c
+++ b/servers/slapd/back-meta/conn.c
@ -720,15 +720,17 @@ meta_back_retry(
 		rc = meta_back_init_one_conn( op, rs, mc, candidate,
 			LDAP_BACK_CONN_ISPRIV( mc ), sendok, 0 );

-		/* restore credentials, if any;
+		/* restore credentials, if any and if needed;
 		 * meta_back_init_one_conn() restores msc_bound_ndn, if any;
 		 * if no msc_bound_ndn is restored, destroy credentials */
-		if ( !BER_BVISNULL( &msc->msc_bound_ndn ) ) {
+		if ( !BER_BVISNULL( &msc->msc_bound_ndn )
+			&& BER_BVISNULL( &msc->msc_cred ) )
+		{
 			msc->msc_cred = save_cred;

 		} else if ( !BER_BVISNULL( &save_cred ) ) {
 			memset( save_cred.bv_val, 0, save_cred.bv_len );
-			ber_memfree( save_cred.bv_val );
+			ber_memfree_x( save_cred.bv_val, NULL );
 		}

 		/* restore the "binding" flag, in case */