Re-fix ITS#6793 (back-ldap bad free of matchedDN).

Previous fix opened for a ITS#6758-style double free if the
caller was broken.  Using REP_MATCHED_MUSTBEFREED is more robust.
This commit is contained in:
Hallvard Furuseth 2011-01-31 05:30:05 +00:00
parent f6871370f4
commit 4064e3c15d

View File

@ -147,7 +147,6 @@ ldap_back_search(
int do_retry = 1, dont_retry = 0; int do_retry = 1, dont_retry = 0;
LDAPControl **ctrls = NULL; LDAPControl **ctrls = NULL;
char **references = NULL; char **references = NULL;
void *matchctx = NULL;
rs_assert_ready( rs ); rs_assert_ready( rs );
rs->sr_flags &= ~REP_ENTRY_MASK; /* paranoia, we can set rs = non-entry */ rs->sr_flags &= ~REP_ENTRY_MASK; /* paranoia, we can set rs = non-entry */
@ -569,12 +568,15 @@ retry:
if ( !BER_BVISNULL( &match ) && !BER_BVISEMPTY( &match ) ) { if ( !BER_BVISNULL( &match ) && !BER_BVISEMPTY( &match ) ) {
struct berval pmatch; struct berval pmatch;
if ( dnPretty( NULL, &match, &pmatch, op->o_tmpmemctx ) == LDAP_SUCCESS ) { if ( dnPretty( NULL, &match, &pmatch, op->o_tmpmemctx ) != LDAP_SUCCESS ) {
ber_memfree( match.bv_val ); pmatch.bv_val = match.bv_val;
matchctx = op->o_tmpmemctx; match.bv_val = NULL;
match.bv_val = pmatch.bv_val;
} }
rs->sr_matched = match.bv_val; rs->sr_matched = pmatch.bv_val;
rs->sr_flags |= REP_MATCHED_MUSTBEFREED;
}
if ( !BER_BVISNULL( &match ) ) {
ber_memfree( match.bv_val );
} }
if ( rs->sr_v2ref ) { if ( rs->sr_v2ref ) {
@ -605,11 +607,6 @@ finish:;
rs->sr_ctrls = NULL; rs->sr_ctrls = NULL;
} }
if ( match.bv_val ) {
ber_memfree_x( match.bv_val, matchctx );
}
rs->sr_matched = NULL;
if ( rs->sr_text ) { if ( rs->sr_text ) {
if ( freetext ) { if ( freetext ) {
ber_memfree( (char *)rs->sr_text ); ber_memfree( (char *)rs->sr_text );