dovecot-2.2: auth: ldap with auth_bind=yes leaked memory

[dovecot at dovecot.org]

details:   http://hg.dovecot.org/dovecot-2.2/rev/3f7cc2dd6410
changeset: 17056:3f7cc2dd6410
user:      Timo Sirainen <tss at iki.fi>
date:      Wed Dec 11 18:39:08 2013 +0200
description:
auth: ldap with auth_bind=yes leaked memory
Existing LDAP search request can't just be converted into bind request
before the search request is freed. So just create a new request.

diffstat:

 src/auth/passdb-ldap.c |  16 +++++++++-------
 1 files changed, 9 insertions(+), 7 deletions(-)

diffs (35 lines):

diff -r e49f481af55b -r 3f7cc2dd6410 src/auth/passdb-ldap.c
--- a/src/auth/passdb-ldap.c	Mon Dec 09 18:41:30 2013 +0200
+++ b/src/auth/passdb-ldap.c	Wed Dec 11 18:39:08 2013 +0200
@@ -236,7 +236,7 @@
 	struct passdb_ldap_request *passdb_ldap_request =
 		(struct passdb_ldap_request *)ldap_request;
 	struct auth_request *auth_request = ldap_request->auth_request;
-	struct ldap_request_bind *brequest;
+	struct passdb_ldap_request *brequest;
 	char *dn;
 
 	if (res != NULL && ldap_msgtype(res) == LDAP_RES_SEARCH_ENTRY) {
@@ -257,14 +257,16 @@
 		/* failure */
 		ldap_bind_lookup_dn_fail(auth_request, passdb_ldap_request, res);
 	} else {
-		/* convert search request to bind request */
-		brequest = &passdb_ldap_request->request.bind;
-		memset(brequest, 0, sizeof(*brequest));
-		brequest->request.type = LDAP_REQUEST_TYPE_BIND;
-		brequest->request.auth_request = auth_request;
+		/* create a new bind request */
+		brequest = p_new(auth_request->pool,
+				 struct passdb_ldap_request, 1);
 		brequest->dn = passdb_ldap_request->dn;
+		brequest->callback = passdb_ldap_request->callback;
+		brequest->request.bind.dn = brequest->dn;
+		brequest->request.bind.request.type = LDAP_REQUEST_TYPE_BIND;
+		brequest->request.bind.request.auth_request = auth_request;
 
-		ldap_auth_bind(conn, brequest);
+		ldap_auth_bind(conn, &brequest->request.bind);
 	}
 }