From 5cbc9c54df1165ded8c2b6991c589906fdb96833 Mon Sep 17 00:00:00 2001
From: Stephen Gallagher <sgallagh@redhat.com>
Date: Fri, 23 Mar 2012 07:40:41 -0400
Subject: LDAP: Fix memory leaks in synchronous_tls_setup

We were never freeing "result" if it was allocated by
ldap_result(). We were also not freeing "errmsg" if it was
allocated but ldap_parse_result() returned an error.

Also disambiguate error messages from ldap_parse_result() and
error messages from sss_ldap_get_diagnostic_msg() since they use
differing memory-management functions.
---
 src/providers/ldap/sdap_async_connection.c | 18 ++++++++++--------
 1 file changed, 10 insertions(+), 8 deletions(-)

diff --git a/src/providers/ldap/sdap_async_connection.c b/src/providers/ldap/sdap_async_connection.c
index 4932465a..02963f32 100644
--- a/src/providers/ldap/sdap_async_connection.c
+++ b/src/providers/ldap/sdap_async_connection.c
@@ -1620,7 +1620,8 @@ static int synchronous_tls_setup(LDAP *ldap)
     int ldaperr;
     int msgid;
     char *errmsg = NULL;
-    LDAPMessage *result;
+    char *diag_msg;
+    LDAPMessage *result = NULL;
     TALLOC_CTX *tmp_ctx;
 
     DEBUG(4, ("Executing START TLS\n"));
@@ -1630,11 +1631,11 @@ static int synchronous_tls_setup(LDAP *ldap)
 
     lret = ldap_start_tls(ldap, NULL, NULL, &msgid);
     if (lret != LDAP_SUCCESS) {
-        optret = sss_ldap_get_diagnostic_msg(tmp_ctx, ldap, &errmsg);
+        optret = sss_ldap_get_diagnostic_msg(tmp_ctx, ldap, &diag_msg);
         if (optret == LDAP_SUCCESS) {
             DEBUG(3, ("ldap_start_tls failed: [%s] [%s]\n",
-                      sss_ldap_err2string(lret), errmsg));
-            sss_log(SSS_LOG_ERR, "Could not start TLS. %s", errmsg);
+                      sss_ldap_err2string(lret), diag_msg));
+            sss_log(SSS_LOG_ERR, "Could not start TLS. %s", diag_msg);
         } else {
             DEBUG(3, ("ldap_start_tls failed: [%s]\n", sss_ldap_err2string(lret)));
             sss_log(SSS_LOG_ERR, "Could not start TLS. "
@@ -1661,7 +1662,6 @@ static int synchronous_tls_setup(LDAP *ldap)
 
     DEBUG(3, ("START TLS result: %s(%d), %s\n",
               sss_ldap_err2string(ldaperr), ldaperr, errmsg));
-    ldap_memfree(errmsg);
 
     if (ldap_tls_inplace(ldap)) {
         DEBUG(9, ("SSL/TLS handler already in place.\n"));
@@ -1672,11 +1672,11 @@ static int synchronous_tls_setup(LDAP *ldap)
     lret = ldap_install_tls(ldap);
     if (lret != LDAP_SUCCESS) {
 
-        optret = sss_ldap_get_diagnostic_msg(tmp_ctx, ldap, &errmsg);
+        optret = sss_ldap_get_diagnostic_msg(tmp_ctx, ldap, &diag_msg);
         if (optret == LDAP_SUCCESS) {
             DEBUG(3, ("ldap_install_tls failed: [%s] [%s]\n",
-                      sss_ldap_err2string(lret), errmsg));
-            sss_log(SSS_LOG_ERR, "Could not start TLS encryption. %s", errmsg);
+                      sss_ldap_err2string(lret), diag_msg));
+            sss_log(SSS_LOG_ERR, "Could not start TLS encryption. %s", diag_msg);
         } else {
             DEBUG(3, ("ldap_install_tls failed: [%s]\n",
                       sss_ldap_err2string(lret)));
@@ -1689,6 +1689,8 @@ static int synchronous_tls_setup(LDAP *ldap)
 
     lret = LDAP_SUCCESS;
 done:
+    if (result) ldap_msgfree(result);
+    if (errmsg) ldap_memfree(errmsg);
     talloc_zfree(tmp_ctx);
     return lret;
 }
-- 
cgit