From 799437e0bd3259c90d26e195894b6e22eb0b325c Mon Sep 17 00:00:00 2001 From: Michael Paquier Date: Sat, 10 Sep 2022 16:56:07 +0900 Subject: [PATCH] Free correctly LDAPMessage returned by ldap_search_s() in auth.c The LDAP wiki states that the search message should be freed regardless of the return value of ldap_search_s(), but we failed to do so in one backend code path when searching LDAP with a filter. This is not critical in an authentication code path failing in the backend as this causes such the process to exit promptly, but let's be clean and free the search message appropriately, as documented by upstream. All the other code paths failing a LDAP operation do that already, and somebody looking at this code in the future may miss what LDAP expects with the search message. Author: Zhihong Yu Discussion: https://postgr.es/m/CALNJ-vTf5Y+8RtzZ4GjOGE9qWVHZ8awfhnFYc_qGm8fMLUNRAg@mail.gmail.com --- src/backend/libpq/auth.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/src/backend/libpq/auth.c b/src/backend/libpq/auth.c index b3e51698dc..a776bc3ed7 100644 --- a/src/backend/libpq/auth.c +++ b/src/backend/libpq/auth.c @@ -2568,6 +2568,7 @@ CheckLDAPAuth(Port *port) else filter = psprintf("(uid=%s)", port->user_name); + search_message = NULL; r = ldap_search_s(ldap, port->hba->ldapbasedn, port->hba->ldapscope, @@ -2582,6 +2583,8 @@ CheckLDAPAuth(Port *port) (errmsg("could not search LDAP for filter \"%s\" on server \"%s\": %s", filter, server_name, ldap_err2string(r)), errdetail_for_ldap(ldap))); + if (search_message != NULL) + ldap_msgfree(search_message); ldap_unbind(ldap); pfree(passwd); pfree(filter);