summaryrefslogtreecommitdiffstats
path: root/ldap/servers/slapd/back-ldbm/ldbm_attrcrypt.c
diff options
context:
space:
mode:
Diffstat (limited to 'ldap/servers/slapd/back-ldbm/ldbm_attrcrypt.c')
-rw-r--r--ldap/servers/slapd/back-ldbm/ldbm_attrcrypt.c28
1 files changed, 27 insertions, 1 deletions
diff --git a/ldap/servers/slapd/back-ldbm/ldbm_attrcrypt.c b/ldap/servers/slapd/back-ldbm/ldbm_attrcrypt.c
index d281506e..985b6903 100644
--- a/ldap/servers/slapd/back-ldbm/ldbm_attrcrypt.c
+++ b/ldap/servers/slapd/back-ldbm/ldbm_attrcrypt.c
@@ -461,7 +461,10 @@ attrcrypt_init(ldbm_instance *li)
SECKEYPublicKey *public_key = NULL;
LDAPDebug(LDAP_DEBUG_TRACE,"-> attrcrypt_init\n", 0, 0, 0);
if (slapd_security_library_is_initialized()) {
- li->inst_attrcrypt_state_private = NULL;
+ /* In case the backend instance is restarted,
+ * inst_attrcrypt_state_private in li could have memory containing
+ * private keys. The private data should be cleaned up first. */
+ attrcrypt_cleanup_private(li);
/* Get the server's private key, which is used to unwrap the stored symmetric keys */
ret = attrcrypt_fetch_private_key(&private_key);
if (!ret) {
@@ -515,6 +518,29 @@ int attrcrypt_check_enable_cipher(attrcrypt_cipher_entry *ace)
return ret;
}
+/*
+ * This function cleans up the inst_attrcrypt_state_private in each backend
+ * instance.
+ */
+int
+attrcrypt_cleanup_private(ldbm_instance *li)
+{
+ int i = 0;
+ attrcrypt_cipher_state **current = NULL;
+
+ LDAPDebug(LDAP_DEBUG_TRACE, "-> attrcrypt_cleanup_private\n", 0, 0, 0);
+ if (li && li->inst_attrcrypt_state_private) {
+ for (current = &(li->inst_attrcrypt_state_private->acs_array[0]);
+ *current; current++) {
+ attrcrypt_cleanup(*current);
+ slapi_ch_free((void **)current);
+ }
+ slapi_ch_free((void **)&li->inst_attrcrypt_state_private);
+ }
+ LDAPDebug(LDAP_DEBUG_TRACE, "<- attrcrypt_cleanup_private\n", 0, 0, 0);
+ return 0;
+}
+
int
attrcrypt_cleanup(attrcrypt_cipher_state *acs)
{
generated by cgit (git 2.34.1) at 2024-09-23 02:52:09 +0000