Commit f7ffef19 authored by Pierangelo Masarati's avatar Pierangelo Masarati
Browse files

plug potential ld_error leak (ITS#4064)

parent 90152251
......@@ -8,7 +8,7 @@ OpenLDAP 2.2.29 Engineering
Fixed back-hdb slapcat EntryInfo cache growth (ITS#4010)
Fixed back-sql missing space in delete statement (ITS#4061)
Fixed liblber sb_dgram_read length (ITS#4046)
Fixed libldap memory leaks (ITS#4048, 4052, 4053)
Fixed libldap memory leaks (ITS#4048, 4052, 4053, 4064)
OpenLDAP 2.2.28 Release
Fixed slapd ACL logging
......
......@@ -698,6 +698,9 @@ ldap_int_sasl_bind(
if ( (saslrc != SASL_OK) && (saslrc != SASL_CONTINUE) ) {
rc = ld->ld_errno = sasl_err2ldap( saslrc );
#if SASL_VERSION_MAJOR >= 2
if (ld->ld_error ) {
LDAP_FREE( ld->ld_error );
}
ld->ld_error = LDAP_STRDUP( sasl_errdetail( ctx ) );
#endif
goto done;
......@@ -790,6 +793,9 @@ ldap_int_sasl_bind(
if ( (saslrc != SASL_OK) && (saslrc != SASL_CONTINUE) ) {
ld->ld_errno = sasl_err2ldap( saslrc );
#if SASL_VERSION_MAJOR >= 2
if (ld->ld_error ) {
LDAP_FREE( ld->ld_error );
}
ld->ld_error = LDAP_STRDUP( sasl_errdetail( ctx ) );
#endif
rc = ld->ld_errno;
......@@ -801,6 +807,9 @@ ldap_int_sasl_bind(
if ( saslrc != SASL_OK ) {
#if SASL_VERSION_MAJOR >= 2
if (ld->ld_error ) {
LDAP_FREE( ld->ld_error );
}
ld->ld_error = LDAP_STRDUP( sasl_errdetail( ctx ) );
#endif
rc = ld->ld_errno = sasl_err2ldap( saslrc );
......
......@@ -781,6 +781,10 @@ ldap_int_tls_connect( LDAP *ld, LDAPConn *conn )
if ((err = ERR_peek_error())) {
char buf[256];
if (ld->ld_error ) {
LDAP_FREE( ld->ld_error );
}
ld->ld_error = LDAP_STRDUP(ERR_error_string(err, buf));
#ifdef HAVE_EBCDIC
if ( ld->ld_error ) __etoa(ld->ld_error);
......@@ -1068,7 +1072,10 @@ ldap_pvt_tls_check_hostname( LDAP *ld, void *s, const char *name_in )
"TLS: unable to get common name from peer certificate.\n",
0, 0, 0 );
#endif
ret = LDAP_CONNECT_ERROR;
ret = LDAP_CONNECT_ERROR;
if (ld->ld_error ) {
LDAP_FREE( ld->ld_error );
}
ld->ld_error = LDAP_STRDUP(
_("TLS: unable to get CN from peer certificate"));
......@@ -1094,17 +1101,20 @@ ldap_pvt_tls_check_hostname( LDAP *ld, void *s, const char *name_in )
if( ret == LDAP_LOCAL_ERROR ) {
#ifdef NEW_LOGGING
LDAP_LOG ( TRANSPORT, ERR, "ldap_pvt_tls_check_hostname: "
"TLS hostname (%s) does not match "
"common name in certificate (%s).\n", name, buf, 0 );
LDAP_LOG ( TRANSPORT, ERR, "ldap_pvt_tls_check_hostname: "
"TLS hostname (%s) does not match "
"common name in certificate (%s).\n", name, buf, 0 );
#else
Debug( LDAP_DEBUG_ANY, "TLS: hostname (%s) does not match "
"common name in certificate (%s).\n",
name, buf, 0 );
Debug( LDAP_DEBUG_ANY, "TLS: hostname (%s) does not match "
"common name in certificate (%s).\n",
name, buf, 0 );
#endif
ret = LDAP_CONNECT_ERROR;
ld->ld_error = LDAP_STRDUP(
_("TLS: hostname does not match CN in peer certificate"));
ret = LDAP_CONNECT_ERROR;
if (ld->ld_error ) {
LDAP_FREE( ld->ld_error );
}
ld->ld_error = LDAP_STRDUP(
_("TLS: hostname does not match CN in peer certificate"));
}
}
X509_free(x);
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment