dovecot: auth_bind=yes and empty auth_bind_userdn leaked memory.
dovecot at dovecot.org
dovecot at dovecot.org
Mon Jul 30 09:17:59 EEST 2007
details: http://hg.dovecot.org/dovecot/rev/e841f00d368c
changeset: 6151:e841f00d368c
user: Timo Sirainen <tss at iki.fi>
date: Mon Jul 30 09:17:51 2007 +0300
description:
auth_bind=yes and empty auth_bind_userdn leaked memory.
diffstat:
1 file changed, 5 insertions(+), 2 deletions(-)
src/auth/passdb-ldap.c | 7 +++++--
diffs (24 lines):
diff -r 6d6f0e4bd20d -r e841f00d368c src/auth/passdb-ldap.c
--- a/src/auth/passdb-ldap.c Fri Jun 29 16:40:10 2007 -0400
+++ b/src/auth/passdb-ldap.c Mon Jul 30 09:17:51 2007 +0300
@@ -262,6 +262,7 @@ handle_request_authbind_search(struct ld
(struct passdb_ldap_request *)ldap_request;
struct auth_request *auth_request = ldap_request->context;
LDAPMessage *entry;
+ char *dn;
entry = handle_request_get_entry(conn, auth_request,
passdb_ldap_request, res);
@@ -271,8 +272,10 @@ handle_request_authbind_search(struct ld
ldap_query_save_result(conn, entry, auth_request);
/* switch the handler to the authenticated bind handler */
- ldap_request->base =
- p_strdup(auth_request->pool, ldap_get_dn(conn->ld, entry));
+ dn = ldap_get_dn(conn->ld, entry);
+ ldap_request->base = p_strdup(auth_request->pool, dn);
+ ldap_memfree(dn);
+
ldap_request->filter = NULL;
ldap_request->callback = handle_request_authbind;
More information about the dovecot-cvs
mailing list