diff options
Diffstat (limited to 'ldap/servers/slapd/back-ldbm/ldbm_attrcrypt.c')
-rw-r--r-- | ldap/servers/slapd/back-ldbm/ldbm_attrcrypt.c | 28 |
1 files changed, 27 insertions, 1 deletions
diff --git a/ldap/servers/slapd/back-ldbm/ldbm_attrcrypt.c b/ldap/servers/slapd/back-ldbm/ldbm_attrcrypt.c index d281506e..985b6903 100644 --- a/ldap/servers/slapd/back-ldbm/ldbm_attrcrypt.c +++ b/ldap/servers/slapd/back-ldbm/ldbm_attrcrypt.c @@ -461,7 +461,10 @@ attrcrypt_init(ldbm_instance *li) SECKEYPublicKey *public_key = NULL; LDAPDebug(LDAP_DEBUG_TRACE,"-> attrcrypt_init\n", 0, 0, 0); if (slapd_security_library_is_initialized()) { - li->inst_attrcrypt_state_private = NULL; + /* In case the backend instance is restarted, + * inst_attrcrypt_state_private in li could have memory containing + * private keys. The private data should be cleaned up first. */ + attrcrypt_cleanup_private(li); /* Get the server's private key, which is used to unwrap the stored symmetric keys */ ret = attrcrypt_fetch_private_key(&private_key); if (!ret) { @@ -515,6 +518,29 @@ int attrcrypt_check_enable_cipher(attrcrypt_cipher_entry *ace) return ret; } +/* + * This function cleans up the inst_attrcrypt_state_private in each backend + * instance. + */ +int +attrcrypt_cleanup_private(ldbm_instance *li) +{ + int i = 0; + attrcrypt_cipher_state **current = NULL; + + LDAPDebug(LDAP_DEBUG_TRACE, "-> attrcrypt_cleanup_private\n", 0, 0, 0); + if (li && li->inst_attrcrypt_state_private) { + for (current = &(li->inst_attrcrypt_state_private->acs_array[0]); + *current; current++) { + attrcrypt_cleanup(*current); + slapi_ch_free((void **)current); + } + slapi_ch_free((void **)&li->inst_attrcrypt_state_private); + } + LDAPDebug(LDAP_DEBUG_TRACE, "<- attrcrypt_cleanup_private\n", 0, 0, 0); + return 0; +} + int attrcrypt_cleanup(attrcrypt_cipher_state *acs) { |