Update to latest devel codes

clients/tools/ldapdelete.c

@@ -317,9 +317,10 @@ main( int argc, char **argv )
 		}
 	}
 
-	if (want_bindpw)
+	if (want_bindpw) {
 		passwd.bv_val = getpassphrase("Enter LDAP Password: ");
 		passwd.bv_len = strlen( passwd.bv_val );
+	}
 
 	if ( authmethod == LDAP_AUTH_SASL ) {
 #ifdef HAVE_CYRUS_SASL

clients/tools/ldapmodify.c

@@ -381,9 +381,10 @@ main( int argc, char **argv )
 		}
 	}
 
-	if (want_bindpw)
+	if (want_bindpw) {
 		passwd.bv_val = getpassphrase("Enter LDAP Password: ");
 		passwd.bv_len = strlen( passwd.bv_val );
+	}
 
 	if ( authmethod == LDAP_AUTH_SASL ) {
 #ifdef HAVE_CYRUS_SASL

clients/tools/ldapmodrdn.c

@@ -364,9 +364,10 @@ main(int argc, char **argv)
 		}
 	}
 
-	if (want_bindpw)
+	if (want_bindpw) {
 		passwd.bv_val = getpassphrase("Enter LDAP Password: ");
 		passwd.bv_len = strlen( passwd.bv_val );
+	}
 
 	if ( authmethod == LDAP_AUTH_SASL ) {
 #ifdef HAVE_CYRUS_SASL

doc/drafts/draft-rharrison-ldap-extpartresp-xx.txt

+
 Individual Submission to LDAPExt Working Group              R. Harrison
 Internet Draft                                             Novell, Inc.
-Document: draft-rharrison-ldap-extpartresp-00.txt         October, 1999
+Document: draft-rharrison-ldap-extpartresp-01.txt            June, 2000
 Category: Proposed Standard
 
 
@@ -48,27 +49,25 @@ Status of this Memo
    protocol without requiring a new revision of the protocol.
 
    The LDAP v3 Extended Operation allows for a single extended response
-   to each extended request, but this paradigm may not be efficient
-   enough for some directory operations.  For instance, the LDAP search
+   to each extended request, but this paradigm may not be sufficient
+   for some directory operations.  For instance, the LDAP search
    operation is a directory operation that is much more efficient when
    multiple partial responses are used to service a single request. The
-
-Harrison    Individual Submission û Expires April 14, 2000           1
 
-                  LDAP v3 Extended Partial Response     October, 1999
+                  LDAP v3 Extended Partial Response         June, 2000
 
 
    extended partial response generalizes the current extended operation
    definition to give LDAP server implementers the ability to make use
    of a single-request-multiple-response paradigm for extended LDAP
-   operations that would benefit from it.
+   operations that require it or that would benefit from it.
 
 4. Element of Protocol
 
    The ExtendedPartialResponse is defined as
 
    ExtendedPartialResponse ::= [APPLICATION 25] SEQUENCE {
-           responseName     [0] LDAPOID,
+           responseName     [0] LDAPOID OPTIONAL,
            response         [1] OCTET STRING OPTIONAL }
 
    An LDAP server responds to an LDAP v3 ExtendedRequest with zero or
@@ -111,17 +110,27 @@ Harrison    Individual Submission
 
    Roger Harrison
    Novell, Inc.
-
-Harrison    Individual Submission û Expires April 14, 2000           2
 
-                  LDAP v3 Extended Partial Response     October, 1999
+                  LDAP v3 Extended Partial Response         June, 2000
 
 
-   122 E. 1700 S.
+   1800 S. Novell Place
    Provo, UT 84606
    +1 801 861 2642
    roger_harrison@novell.com
 
+
+Appendix A - Document Revision History
+
+A.1 draft-rharrison-ldap-extPartResp-00.doc
+
+   Initial revision of draft.
+
+A.2 draft-rharrison-ldap-extPartResp-01.doc
+
+   Changed responseName to be optional to align with [LDAPv3]
+   definition of ExtendedResponse.
+
 Full Copyright Statement
 
    "Copyright (C) The Internet Society (date). All Rights Reserved.
@@ -148,29 +157,3 @@ Full Copyright Statement
    BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION
    HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF
    MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-Harrison    Individual Submission û Expires April 14, 2000           3
-

doc/man/man1/ldapdelete.1

@@ -168,9 +168,9 @@ Specify the SASL mechanism to be used for authentication. If it's not
 specified, the program will choose the best mechanism the server knows.
 .TP
 .B \-Z[Z]
-Request the use of TLS (Transport Layer Security). If you use
+Issue StartTLS (Transport Layer Security) extended operation. If you use
 .B \-ZZ\c
-, the command will fail if TLS negotiation does not succeed for some reason.
+, the command will require the operation to be successful.
 .SH EXAMPLE
 The following command:
 .LP

doc/man/man1/ldapmodify.1

@@ -233,9 +233,9 @@ Specify the SASL mechanism to be used for authentication. If it's not
 specified, the program will choose the best mechanism the server knows.
 .TP
 .B \-Z[Z]
-Request the use of TLS (Transport Layer Security). If you use
+Issue StartTLS (Transport Layer Security) extended operation. If you use
 .B \-ZZ\c
-, the command will fail if TLS negotiation does not succeed for some reason.
+, the command will require the operation to be successful.
 .SH INPUT FORMAT
 The contents of \fIfile\fP (or standard input if no \-f flag is given on
 the command line) should conform to the format defined in

doc/man/man1/ldapmodrdn.1

@@ -164,9 +164,9 @@ Specify the SASL mechanism to be used for authentication. If it's not
 specified, the program will choose the best mechanism the server knows.
 .TP
 .B \-Z[Z]
-Request the use of TLS (Transport Layer Security). If you use
+Issue StartTLS (Transport Layer Security) extended operation. If you use
 .B \-ZZ\c
-, the command will fail if TLS negotiation does not succeed for some reason.
+, the command will require the operation to be successful.
 .SH INPUT FORMAT
 If the command-line arguments \fIdn\fP and \fIrdn\fP are given, \fIrdn\fP
 will replace the RDN of the entry specified by the DN, \fIdn\fP.

doc/man/man1/ldappasswd.1

@@ -139,9 +139,9 @@ Specify the SASL mechanism to be used for authentication. If it's not
 specified, the program will choose the best mechanism the server knows.
 .TP
 .B \-Z[Z]
-Request the use of TLS (Transport Layer Security). If you use
+Issue StartTLS (Transport Layer Security) extended operation. If you use
 .B \-ZZ\c
-, the command will fail if TLS negotiation does not succeed for some reason.
+, the command will require the operation to be successful.
 .SH SEE ALSO
 .BR ldap_bind (3)
 .SH ACKNOWLEDGEMENTS

doc/man/man1/ldapsearch.1

@@ -276,9 +276,9 @@ Specify the SASL mechanism to be used for authentication. If it's not
 specified, the program will choose the best mechanism the server knows.
 .TP
 .B \-Z[Z]
-Request the use of TLS (Transport Layer Security). If you use
+Issue StartTLS (Transport Layer Security) extended operation. If you use
 .B \-ZZ\c
-, the command will fail if TLS negotiation does not succeed for some reason.
+, the command will require the operation to be successful.
 .SH OUTPUT FORMAT
 If one or more entries are found, each entry is written to standard output
 in the form:

doc/man/man3/ldap.3

@@ -3,7 +3,7 @@
 .\" Copyright 1998-2000 The OpenLDAP Foundation All Rights Reserved.
 .\" Copying restrictions apply.  See COPYRIGHT/LICENSE.
 .SH NAME
-ldap - Lightweight Directory Access Protocol package
+ldap - OpenLDAP Lightweight Directory Access Protocol API
 .SH SYNOPSIS
 .nf
 .ft B
@@ -22,7 +22,7 @@ overview of the LDAP library routines.
 .LP
 Both synchronous and asynchronous APIs are provided.  Also included are
 various routines to parse the results returned from these routines.
-These routines are found in the libldap.a library.
+These routines are found in the \-lldap library.
 .LP
 The basic interaction is as follows.  A connection is made to an LDAP
 server by calling
@@ -108,10 +108,7 @@ the ldap search routines.  The
 .BR ldap_friendly (3)
 routines are
 used to map from short two letter country codes (or other strings)
-to longer "friendlier" names.  The
-.BR ldap_charset (3)
-routines can be used to translate to and from the T.61 character
-set used for many character strings in the LDAP protocol.
+to longer "friendlier" names.
 .SH CONNECTIONLESS ACCESS
 The
 .BR cldap_search_s (3)

doc/man/man8/slappasswd.8

+.TH SLAPPASSWD 8C "15 June 2000" "OpenLDAP LDVERSION"
+.\" $OpenLDAP$
+.\" Copyright 1998-2000 The OpenLDAP Foundation All Rights Reserved.
+.\" Copying restrictions apply.  See COPYRIGHT/LICENSE.
+.SH NAME
+slappassword \- OpenLDAP password utility
+.SH SYNOPSIS
+.B SBINDIR/slappasswd
+.B [\-v]
+.B [\-s secret]
+.B [\-h hash]
+.B 
+.LP
+.SH DESCRIPTION
+.LP
+.B Slappasswd
+is used to compute a hashed password suitable for use
+as a userPassword value
+.BR slapd.conf (5)
+.BR rootpw .
+.SH OPTIONS
+.TP
+.B \-v
+enable verbose mode.
+.TP
+.BI \-s " secret"
+The secret to hash.  If not provided, the user will be prompted
+for the secret to hash.
+.TP
+.BI \-h " hash"
+The hash algorithm to use.  Algorithms supported include
+.IR {CRYPT} ,
+.IR {MD5} ,
+.IR {SMD5} ,
+.IR {SSHA} ", and"
+.IR {SHA} .
+The default is 
+.IR {SSHA} .
+.SH LIMITATIONS
+The practice storing hashed passwords in userPassword
+violates Standard Track schema and may hinder
+interoperability.
+.SH "SECURITY CONSIDERATIONS"
+Use of hashed passwords does not protect passwords during
+protocol transfer.  TLS or other eavesdropping protections
+should be inplace before using LDAP simple bind.  The
+hashed password values should be protected as if they
+were clear text passwords.
+.SH "SEE ALSO"
+.BR ldapmodify (3),
+.BR slapd (8)
+.SH ACKNOWLEDGEMENTS
+.B	OpenLDAP
+is developed and maintained by The OpenLDAP Project (http://www.openldap.org/).
+.B	OpenLDAP
+is derived from University of Michigan LDAP 3.3 Release.  

doc/rfc/INDEX

+This is an index of RFC contained in this directory:
+
+STD	Standard
+DS	Draft Standard
+PS	Proposed Standard
+
+I	Information
+E	Experimental
+
+rfc1274.txt COSINE and Internet X.500 Schema (PS)
+rfc1275.txt X.500 Replication Requirements (I)
+rfc1279.txt X.500 and Domains (E)
+rfc1308.txt Executive Intro to Directory Services - X.500 (FYI13)
+rfc1309.txt Technical Overview of Directory Services - X.500  (FYI14)
+rfc1430.txt Plan for Deploying an Internet X.500 Directory Service (I)
+rfc1617.txt Naming and Structuring Guidelines for X.500 Directory Pilots (I)
+rfc1777.txt Lightweight Directory Access Protocol (DS)
+rfc1778.txt LDAP String Representation of Attribute Types (DS)
+rfc1779.txt LDAP String Representation of DNs (DS)
+rfc1781.txt Using the OSI Directory to Achieve User Friendly Naming (PS)
+rfc1798.txt Connection-less LDAP (PS)
+rfc1823.txt LDAP C API (I)
+rfc1959.txt LDAP URL Format (PS)
+rfc1960.txt LDAP String Representation of Search Filters (DS)
+rfc2079.txt X.500 Attribute Type and an Object Class to Hold URIs (PS)
+rfc2119.txt Key words (BCP14)
+rfc2164.txt X.500/LDAP MIXER address mapping (PS)
+rfc2218.txt Common Schema for the Internet White Pages Service (PS)
+rfc2222.txt Simple Authentication and Security Layer (PS)
+rfc2247.txt Using Domains in LDAP DNs (PS)
+rfc2251.txt	LDAPv3 Protocol (PS)
+rfc2252.txt LDAPv3 Attribute Types (PS)
+rfc2253.txt LDAPv3 Disinguished Name (PS)
+rfc2254.txt LDAPv3 Search Filters (PS)
+rfc2255.txt LDAPv3 URI (PS)
+rfc2256.txt X.500(96) Schema for LDAPv3 (PS)
+rfc2279.txt UTF-8 (DS)
+rfc2293.txt Tables and Subtrees in the X.500 Directory (PS)
+rfc2294.txt O/R Address hierarchy in the X.500 DIT (PS)
+rfc2307.txt LDAP Network Information Services Schema (I)
+rfc2377.txt LDAP Naming Plan (I)
+rfc2559.txt Internet X.509 PKI Operational Protocols - LDAPv2 (PS)
+rfc2587.txt Internet X.509 PKI LDAPv2 Schema (PS)
+rfc2589.txt LDAPv3: Dynamic Directory Services Extensions (PS)
+rfc2596.txt Use of Language Codes in LDAP (PS)
+rfc2649.txt LDAPv3 Operational Signatures (E)
+rfc2657.txt LDAPv2 Client vs. the Index Mesh (E)
+rfc2696.txt LDAP Simple Paged Result Control (PS)
+rfc2713.txt LDAP Java schema (I)
+rfc2714.txt LDAP COBRA schema (I)
+rfc2798.txt LDAP inetOrgPerson schema (I)
+rfc2829.txt LDAPv3/Authentication Methods (PS)
+rfc2830.txt LDAPv3/StartTLS (PS)
+rfc2831.txt SASL/DIGEST-MD5 (PS)
+rfc2849.txt	LDIFv1 (PS)

include/ldap_defaults.h

@@ -205,12 +205,12 @@ Please try again later.\r\n"
 #define SLAPD_LDBM_MIN_MAXIDS		(8192-4)
 
 /* the following DNs must be normalized! */
-	/* dn of the special "schema" entry */
-#define SLAPD_SCHEMA_DN			"cn=Schema"
+	/* dn of the default subschema subentry */
+#define SLAPD_SCHEMA_DN			"cn=Subschema"
 #if 0
-	/* dn of the special "monitor" entry */
+	/* dn of the default "monitor" subentry */
 #define SLAPD_MONITOR_DN		"cn=Monitor"
-	/* dn of the special "config" entry */
+	/* dn of the default "config" subentry */
 #define SLAPD_CONFIG_DN			"cn=Config"
 #endif
 

libraries/liblber/io.c

@@ -231,9 +231,9 @@ ber_flush( Sockbuf *sb, BerElement *ber, int freeit )
 
 	if ( sb->sb_debug ) {
 		ber_log_printf( LDAP_DEBUG_ANY, sb->sb_debug,
-			"ber_flush: %ld bytes to sd %ld%s\n", towrite,
-		    (long) sb->sb_fd, ber->ber_rwptr != ber->ber_buf ?
-		    " (re-flush)" : "" );
+			"ber_flush: %ld bytes to sd %ld%s\n",
+			towrite, (long) sb->sb_fd,
+			ber->ber_rwptr != ber->ber_buf ?  " (re-flush)" : "" );
 		ber_log_bprint( LDAP_DEBUG_PACKETS, sb->sb_debug,
 			ber->ber_rwptr, towrite );
 	}
@@ -523,8 +523,10 @@ ber_get_next(
 		}
 		do {
 			/* reading the tag... */
-			if (ber_int_sb_read( sb, ber->ber_rwptr, 1)<=0)
+			if (ber_int_sb_read( sb, ber->ber_rwptr, 1)<=0) {
 				return LBER_DEFAULT;
+			}
+
 			if (! (ber->ber_rwptr[0] & LBER_MORE_TAG_MASK) ) {
 				ber->ber_tag>>=sizeof(ber->ber_tag) -
 				  ((char *) &ber->ber_tag - ber->ber_rwptr);
@@ -532,6 +534,7 @@ ber_get_next(
 				goto get_lenbyte;
 			}
 		} while( PTR_IN_VAR(ber->ber_rwptr, ber->ber_tag ));
+
 		errno = ERANGE; /* this is a serious error. */
 		return LBER_DEFAULT;
 	}

libraries/libldap/add.c

@@ -124,7 +124,7 @@ ldap_add_ext(
 	for ( i = 0; attrs[i] != NULL; i++ ) {
 		if ( ( attrs[i]->mod_op & LDAP_MOD_BVALUES) != 0 ) {
 			rc = ber_printf( ber, "{s[V]}", attrs[i]->mod_type,
-			    attrs[i]->mod_values );
+			    attrs[i]->mod_bvalues );
 		} else {
 			rc = ber_printf( ber, "{s[v]}", attrs[i]->mod_type,
 			    attrs[i]->mod_values );

libraries/libldap/os-ip.c

@@ -95,9 +95,9 @@ ldap_pvt_ndelay_off(LDAP *ld, int fd)
 }
 
 static ber_socket_t
-ldap_pvt_socket(LDAP *ld)
+ldap_pvt_socket(LDAP *ld, int family)
 {
-	ber_socket_t s = socket(AF_INET, SOCK_STREAM, 0);
+	ber_socket_t s = socket(family, SOCK_STREAM, 0);
 	osip_debug(ld, "ldap_new_socket: %d\n",s,0,0);
 	return ( s );
 }
@@ -183,7 +183,7 @@ ldap_pvt_is_socket_ready(LDAP *ld, int s)
 #undef TRACE
 
 static int
-ldap_pvt_connect(LDAP *ld, ber_socket_t s, struct sockaddr_in *sin, int async)
+ldap_pvt_connect(LDAP *ld, ber_socket_t s, struct sockaddr *sin, socklen_t addrlen, int async)
 {
 	struct timeval	tv, *opt_tv=NULL;
 	fd_set		wfds, *z=NULL;
@@ -202,7 +202,7 @@ ldap_pvt_connect(LDAP *ld, ber_socket_t s, struct sockaddr_in *sin, int async)
 	if ( ldap_pvt_ndelay_on(ld, s) == -1 )
 		return ( -1 );
 
-	if ( connect(s, (struct sockaddr *) sin, sizeof(struct sockaddr_in)) == 0 )
+	if ( connect(s, sin, addrlen) == 0 )
 	{
 		if ( ldap_pvt_ndelay_off(ld, s) == -1 )
 			return ( -1 );
@@ -289,13 +289,61 @@ ldap_connect_to_host(LDAP *ld, Sockbuf *sb, const char *host,
 	osip_debug(ld, "ldap_connect_to_host\n",0,0,0);
 	
 	if (host != NULL) {
+#ifdef HAVE_GETADDRINFO
+	        char serv[7];
+		struct addrinfo hints, *res, *sai;
+
+		memset( &hints, '\0', sizeof(hints) );
+		hints.ai_family = AF_UNSPEC;
+		hints.ai_socktype = SOCK_STREAM;
+
+		snprintf(serv, sizeof serv, "%d", ntohs(port));
+		if ( getaddrinfo(host, serv, &hints, &res) ) {
+			osip_debug(ld, "ldap_connect_to_host:getaddrinfo failed\n",0,0,0);
+			return -1;
+		}
+		sai = res;
+		rc = -1;
+		do {
+			s = ldap_pvt_socket( ld, sai->ai_family );
+			if ( s == -1 ) {
+				continue;
+			}
+
+			switch (sai->ai_family) {
+#ifdef LDAP_PF_INET6
+			case AF_INET6: {
+				char addr[INET6_ADDRSTRLEN];
+				inet_ntop( AF_INET6,
+					&((struct sockaddr_in6 *)sai->ai_addr)->sin6_addr,
+					addr, sizeof addr);
+				osip_debug(ld, "ldap_connect_to_host: Trying %s %s\n", 
+					addr, serv, 0);
+			} break;
+#endif
+			case AF_INET: {
+				char addr[INET_ADDRSTRLEN];
+				inet_ntop( AF_INET,
+					&((struct sockaddr_in *)sai->ai_addr)->sin_addr,
+					addr, sizeof addr);
+				osip_debug(ld, "ldap_connect_to_host: Trying %s:%s\n", 
+					addr, serv, 0);
+			} break;
+			}
+			rc = ldap_pvt_connect(ld, s, sai->ai_addr, sai->ai_addrlen, async);
+			if ( (rc == 0) || (rc == -2) ) {
+				ber_sockbuf_ctrl( sb, LBER_SB_OPT_SET_FD, &s );
+				break;
+			}
+			ldap_pvt_close_socket(ld, s);
+		} while ((sai = sai->ai_next) != NULL);
+		freeaddrinfo(res);
+		return rc;
+#else
 		if (! inet_aton( host, &in) ) {
 			rc = ldap_pvt_gethostbyname_a(host, &he_buf, &ha_buf,
 					&hp, &local_h_errno);
 
-			if ( rc < 0 )
-				; /*XXX NO MEMORY? */
-
 			if ( (rc < 0) || (hp == NULL) ) {
 #ifdef HAVE_WINSOCK
 				ldap_pvt_set_errno( WSAGetLastError() );
@@ -309,14 +357,17 @@ ldap_connect_to_host(LDAP *ld, Sockbuf *sb, const char *host,
 			use_hp = 1;
 		}
 		address = in.s_addr;
+#endif
 	}
 
 	rc = s = -1;
 	for ( i = 0; !use_hp || (hp->h_addr_list[i] != 0); ++i, rc = -1 ) {
 
-		if ( (s = ldap_pvt_socket( ld )) == -1 )
+		s = ldap_pvt_socket( ld, AF_INET );
+		if ( s == -1 ) {
 			/* use_hp ? continue : break; */
 			break;
+		}
 	   
 		if ( ldap_pvt_prepare_socket(ld, s) == -1 ) {
 			ldap_pvt_close_socket(ld, s);
@@ -334,7 +385,7 @@ ldap_connect_to_host(LDAP *ld, Sockbuf *sb, const char *host,
 		osip_debug(ld, "ldap_connect_to_host: Trying %s:%d\n", 
 				inet_ntoa(sin.sin_addr),ntohs(sin.sin_port),0);
 
-		rc = ldap_pvt_connect(ld, s, &sin, async);
+		rc = ldap_pvt_connect(ld, s, (struct sockaddr *)&sin, sizeof(struct sockaddr_in), async);
    
 		if ( (rc == 0) || (rc == -2) ) {
 			ber_sockbuf_ctrl( sb, LBER_SB_OPT_SET_FD, &s );
@@ -356,7 +407,8 @@ ldap_host_connected_to( Sockbuf *sb )
 {
 	struct hostent		*hp;
 	socklen_t         	len;
-	struct sockaddr_in	sin;
+	struct sockaddr	        sa;
+	char                    *addr;
 
    	/* buffers for gethostbyaddr_r */
    	struct hostent		he_buf;
@@ -365,11 +417,11 @@ ldap_host_connected_to( Sockbuf *sb )
 	ber_socket_t		sd;
 #define DO_RETURN(x) if (ha_buf) LDAP_FREE(ha_buf); return (x);
    
-	(void)memset( (char *)&sin, '\0', sizeof( struct sockaddr_in ));
-	len = sizeof( sin );
+	(void)memset( (char *)&sa, '\0', sizeof( struct sockaddr ));
+	len = sizeof( sa );
 
 	ber_sockbuf_ctrl( sb, LBER_SB_OPT_GET_FD, &sd );
-	if ( getpeername( sd, (struct sockaddr *)&sin, &len ) == -1 ) {
+	if ( getpeername( sd, (struct sockaddr *)&sa, &len ) == -1 ) {
 		return( NULL );
 	}
 
@@ -378,9 +430,24 @@ ldap_host_connected_to( Sockbuf *sb )
 	 * this is necessary for kerberos to work right, since the official
 	 * hostname is used as the kerberos instance.
 	 */
-	if ((ldap_pvt_gethostbyaddr_a( (char *) &sin.sin_addr,
-		sizeof( sin.sin_addr ), 
-		AF_INET, &he_buf, &ha_buf,
+
+	switch (sa.sa_family) {
+#ifdef LDAP_PF_INET6
+	case AF_INET6:
+		addr = (char *) &((struct sockaddr_in6 *)&sa)->sin6_addr;
+		len = sizeof( struct in6_addr );
+		break;
+#endif
+	case AF_INET:
+		addr = (char *) &((struct sockaddr_in *)&sa)->sin_addr;
+		len = sizeof( struct in_addr );
+		break;
+	default:
+		return( NULL );
+		break;
+	}
+	if ((ldap_pvt_gethostbyaddr_a( addr, len,
+		sa.sa_family, &he_buf, &ha_buf,
 		&hp,&local_h_errno ) ==0 ) && (hp != NULL) )
 	{
 		if ( hp->h_name != NULL ) {

libraries/libldap/result.c

@@ -464,6 +464,15 @@ try_read1msg(
 						}
 					}
 				}
+
+				if( lr->lr_res_matched != NULL ) {
+					LDAP_FREE( lr->lr_res_matched );
+					lr->lr_res_matched = NULL;
+				}
+				if( lr->lr_res_error != NULL ) {
+					LDAP_FREE( lr->lr_res_error );
+					lr->lr_res_error = NULL;
+				}
 			}
 		}
 	}