diff options
| author | Stephen Gallagher <sgallagh@redhat.com> | 2012-03-23 07:40:41 -0400 |
|---|---|---|
| committer | Stephen Gallagher <sgallagh@redhat.com> | 2012-03-26 20:17:21 -0400 |
| commit | d7e3a3704d22e69f01214873a7207b4fc760d3f3 (patch) | |
| tree | 92d6fc43e2a9e458f2b63cf38711101567268423 /src/providers/ldap | |
| parent | 61ab73554e03a2eea4ef51bc5ef02676632eaf6a (diff) | |
| download | sssd-d7e3a3704d22e69f01214873a7207b4fc760d3f3.tar.gz sssd-d7e3a3704d22e69f01214873a7207b4fc760d3f3.tar.bz2 sssd-d7e3a3704d22e69f01214873a7207b4fc760d3f3.zip | |
LDAP: Fix memory leaks in synchronous_tls_setup
We were never freeing "result" if it was allocated by
ldap_result(). We were also not freeing "errmsg" if it was
allocated but ldap_parse_result() returned an error.
Also disambiguate error messages from ldap_parse_result() and
error messages from sss_ldap_get_diagnostic_msg() since they use
differing memory-management functions.
Diffstat (limited to 'src/providers/ldap')
| -rw-r--r-- | src/providers/ldap/sdap_async_connection.c | 18 |
1 files changed, 10 insertions, 8 deletions
diff --git a/src/providers/ldap/sdap_async_connection.c b/src/providers/ldap/sdap_async_connection.c index 4932465a..02963f32 100644 --- a/src/providers/ldap/sdap_async_connection.c +++ b/src/providers/ldap/sdap_async_connection.c @@ -1620,7 +1620,8 @@ static int synchronous_tls_setup(LDAP *ldap) int ldaperr; int msgid; char *errmsg = NULL; - LDAPMessage *result; + char *diag_msg; + LDAPMessage *result = NULL; TALLOC_CTX *tmp_ctx; DEBUG(4, ("Executing START TLS\n")); @@ -1630,11 +1631,11 @@ static int synchronous_tls_setup(LDAP *ldap) lret = ldap_start_tls(ldap, NULL, NULL, &msgid); if (lret != LDAP_SUCCESS) { - optret = sss_ldap_get_diagnostic_msg(tmp_ctx, ldap, &errmsg); + optret = sss_ldap_get_diagnostic_msg(tmp_ctx, ldap, &diag_msg); if (optret == LDAP_SUCCESS) { DEBUG(3, ("ldap_start_tls failed: [%s] [%s]\n", - sss_ldap_err2string(lret), errmsg)); - sss_log(SSS_LOG_ERR, "Could not start TLS. %s", errmsg); + sss_ldap_err2string(lret), diag_msg)); + sss_log(SSS_LOG_ERR, "Could not start TLS. %s", diag_msg); } else { DEBUG(3, ("ldap_start_tls failed: [%s]\n", sss_ldap_err2string(lret))); sss_log(SSS_LOG_ERR, "Could not start TLS. " @@ -1661,7 +1662,6 @@ static int synchronous_tls_setup(LDAP *ldap) DEBUG(3, ("START TLS result: %s(%d), %s\n", sss_ldap_err2string(ldaperr), ldaperr, errmsg)); - ldap_memfree(errmsg); if (ldap_tls_inplace(ldap)) { DEBUG(9, ("SSL/TLS handler already in place.\n")); @@ -1672,11 +1672,11 @@ static int synchronous_tls_setup(LDAP *ldap) lret = ldap_install_tls(ldap); if (lret != LDAP_SUCCESS) { - optret = sss_ldap_get_diagnostic_msg(tmp_ctx, ldap, &errmsg); + optret = sss_ldap_get_diagnostic_msg(tmp_ctx, ldap, &diag_msg); if (optret == LDAP_SUCCESS) { DEBUG(3, ("ldap_install_tls failed: [%s] [%s]\n", - sss_ldap_err2string(lret), errmsg)); - sss_log(SSS_LOG_ERR, "Could not start TLS encryption. %s", errmsg); + sss_ldap_err2string(lret), diag_msg)); + sss_log(SSS_LOG_ERR, "Could not start TLS encryption. %s", diag_msg); } else { DEBUG(3, ("ldap_install_tls failed: [%s]\n", sss_ldap_err2string(lret))); @@ -1689,6 +1689,8 @@ static int synchronous_tls_setup(LDAP *ldap) lret = LDAP_SUCCESS; done: + if (result) ldap_msgfree(result); + if (errmsg) ldap_memfree(errmsg); talloc_zfree(tmp_ctx); return lret; } |