dovecot: auth_bind=yes and empty auth_bind_userdn leaked memory.

dovecot at dovecot.org dovecot at dovecot.org
Mon Jul 30 09:17:59 EEST 2007


details:   http://hg.dovecot.org/dovecot/rev/e841f00d368c
changeset: 6151:e841f00d368c
user:      Timo Sirainen <tss at iki.fi>
date:      Mon Jul 30 09:17:51 2007 +0300
description:
auth_bind=yes and empty auth_bind_userdn leaked memory.

diffstat:

1 file changed, 5 insertions(+), 2 deletions(-)
src/auth/passdb-ldap.c |    7 +++++--

diffs (24 lines):

diff -r 6d6f0e4bd20d -r e841f00d368c src/auth/passdb-ldap.c
--- a/src/auth/passdb-ldap.c	Fri Jun 29 16:40:10 2007 -0400
+++ b/src/auth/passdb-ldap.c	Mon Jul 30 09:17:51 2007 +0300
@@ -262,6 +262,7 @@ handle_request_authbind_search(struct ld
 		(struct passdb_ldap_request *)ldap_request;
 	struct auth_request *auth_request = ldap_request->context;
 	LDAPMessage *entry;
+	char *dn;
 
 	entry = handle_request_get_entry(conn, auth_request,
 					 passdb_ldap_request, res);
@@ -271,8 +272,10 @@ handle_request_authbind_search(struct ld
 	ldap_query_save_result(conn, entry, auth_request);
 
 	/* switch the handler to the authenticated bind handler */
-	ldap_request->base =
-		p_strdup(auth_request->pool, ldap_get_dn(conn->ld, entry));
+	dn = ldap_get_dn(conn->ld, entry);
+	ldap_request->base = p_strdup(auth_request->pool, dn);
+	ldap_memfree(dn);
+
 	ldap_request->filter = NULL;
 	ldap_request->callback = handle_request_authbind;
 


More information about the dovecot-cvs mailing list