rdelaage
/
postgresql
mirror of https://git.postgresql.org/git/postgresql.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Free correctly LDAPMessage returned by ldap_search_s() in auth.c 

The LDAP wiki states that the search message should be freed regardless
of the return value of ldap_search_s(), but we failed to do so in one
backend code path when searching LDAP with a filter.  This is not
critical in an authentication code path failing in the backend as this
causes such the process to exit promptly, but let's be clean and free
the search message appropriately, as documented by upstream.

All the other code paths failing a LDAP operation do that already, and
somebody looking at this code in the future may miss what LDAP expects
with the search message.

Author: Zhihong Yu
Discussion: https://postgr.es/m/CALNJ-vTf5Y+8RtzZ4GjOGE9qWVHZ8awfhnFYc_qGm8fMLUNRAg@mail.gmail.com
This commit is contained in:
Michael Paquier 2022-09-10 16:56:07 +09:00
parent be7c15b194
commit 799437e0bd
1 changed files with 3 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
src/backend/libpq/auth.c
View File

@ -2568,6 +2568,7 @@ CheckLDAPAuth(Port *port)
else
filter = psprintf("(uid=%s)", port->user_name);
search_message = NULL;
r = ldap_search_s(ldap,
port->hba->ldapbasedn,
port->hba->ldapscope,
@ -2582,6 +2583,8 @@ CheckLDAPAuth(Port *port)
(errmsg("could not search LDAP for filter \"%s\" on server \"%s\": %s",
filter, server_name, ldap_err2string(r)),
errdetail_for_ldap(ldap)));
if (search_message != NULL)
ldap_msgfree(search_message);
ldap_unbind(ldap);
pfree(passwd);
pfree(filter);