diff options
| author | Michael Paquier | 2022-09-10 07:56:07 +0000 |
|---|---|---|
| committer | Michael Paquier | 2022-09-10 07:56:07 +0000 |
| commit | 799437e0bd3259c90d26e195894b6e22eb0b325c (patch) | |
| tree | 283304ce91d7272e36fac14a5832f4b212334221 /src | |
| parent | be7c15b194ab91d28904a0e656f3f6600883ab68 (diff) | |
Free correctly LDAPMessage returned by ldap_search_s() in auth.c
The LDAP wiki states that the search message should be freed regardless
of the return value of ldap_search_s(), but we failed to do so in one
backend code path when searching LDAP with a filter. This is not
critical in an authentication code path failing in the backend as this
causes such the process to exit promptly, but let's be clean and free
the search message appropriately, as documented by upstream.
All the other code paths failing a LDAP operation do that already, and
somebody looking at this code in the future may miss what LDAP expects
with the search message.
Author: Zhihong Yu
Discussion: https://postgr.es/m/CALNJ-vTf5Y+8RtzZ4GjOGE9qWVHZ8awfhnFYc_qGm8fMLUNRAg@mail.gmail.com
Diffstat (limited to 'src')
| -rw-r--r-- | src/backend/libpq/auth.c | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/src/backend/libpq/auth.c b/src/backend/libpq/auth.c index b3e51698dcc..a776bc3ed7c 100644 --- a/src/backend/libpq/auth.c +++ b/src/backend/libpq/auth.c @@ -2568,6 +2568,7 @@ CheckLDAPAuth(Port *port) else filter = psprintf("(uid=%s)", port->user_name); + search_message = NULL; r = ldap_search_s(ldap, port->hba->ldapbasedn, port->hba->ldapscope, @@ -2582,6 +2583,8 @@ CheckLDAPAuth(Port *port) (errmsg("could not search LDAP for filter \"%s\" on server \"%s\": %s", filter, server_name, ldap_err2string(r)), errdetail_for_ldap(ldap))); + if (search_message != NULL) + ldap_msgfree(search_message); ldap_unbind(ldap); pfree(passwd); pfree(filter); |