Free correctly LDAPMessage returned by ldap_search_s() in auth.c

The LDAP wiki states that the search message should be freed regardless
of the return value of ldap_search_s(), but we failed to do so in one
backend code path when searching LDAP with a filter.  This is not
critical in an authentication code path failing in the backend as this
causes such the process to exit promptly, but let's be clean and free
the search message appropriately, as documented by upstream.

All the other code paths failing a LDAP operation do that already, and
somebody looking at this code in the future may miss what LDAP expects
with the search message.

Author: Zhihong Yu
Discussion: https://postgr.es/m/CALNJ-vTf5Y+8RtzZ4GjOGE9qWVHZ8awfhnFYc_qGm8fMLUNRAg@mail.gmail.com

diff --git a/src/backend/libpq/auth.c b/src/backend/libpq/auth.c
index b3e51698dccc7c28b49bd5311f69212bb39bcd5e..a776bc3ed7cd921f63b1c7370c276f4efc3d91f1 100644 (file)
--- a/src/backend/libpq/auth.c
+++ b/src/backend/libpq/auth.c
@@ -2568,6 +2568,7 @@ CheckLDAPAuth(Port *port)
                else
                        filter = psprintf("(uid=%s)", port->user_name);
 
+               search_message = NULL;
                r = ldap_search_s(ldap,
                                                  port->hba->ldapbasedn,
                                                  port->hba->ldapscope,
@@ -2582,6 +2583,8 @@ CheckLDAPAuth(Port *port)
                                        (errmsg("could not search LDAP for filter \"%s\" on server \"%s\": %s",
                                                        filter, server_name, ldap_err2string(r)),
                                         errdetail_for_ldap(ldap)));
+                       if (search_message != NULL)
+                               ldap_msgfree(search_message);
                        ldap_unbind(ldap);
                        pfree(passwd);
                        pfree(filter);