Fix a SASL channel-binding leak

servers/lloadd/connection.c

@@ -357,6 +357,11 @@ connection_destroy( LloadConnection *c )
         c->c_sasl_defaults = NULL;
     }
     if ( c->c_sasl_authctx ) {
+#ifdef SASL_CHANNEL_BINDING /* 2.1.25+ */
+        if ( c->c_sasl_cbinding ) {
+            ch_free( c->c_sasl_cbinding );
+        }
+#endif
         sasl_dispose( &c->c_sasl_authctx );
     }
 #endif /* HAVE_CYRUS_SASL */

servers/lloadd/lload.h

@@ -340,6 +340,10 @@ struct LloadConnection {
 #ifdef HAVE_CYRUS_SASL
     sasl_conn_t *c_sasl_authctx;
     void *c_sasl_defaults;
+#ifdef SASL_CHANNEL_BINDING /* 2.1.25+ */
+    sasl_channel_binding_t *c_sasl_cbinding; /* Else cyrus-sasl would happily
+                                              * leak it on sasl_dispose */
+#endif /* SASL_CHANNEL_BINDING */
 #endif /* HAVE_CYRUS_SASL */
 
 #ifdef LDAP_API_FEATURE_VERIFY_CREDENTIALS

servers/lloadd/upstream.c

@@ -321,6 +321,7 @@ sasl_bind_step( LloadConnection *c, BerValue *scred, BerValue *ccred )
                     cb->data = cb_data = cb + 1;
                     memcpy( cb_data, cbv.bv_val, cbv.bv_len );
                     sasl_setprop( ctx, SASL_CHANNEL_BINDING, cb );
+                    c->c_sasl_cbinding = cb;
                 }
             }
 #endif